+ All Categories
Home > Documents > Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08...

Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08...

Date post: 23-Feb-2021
Category:
Upload: others
View: 2 times
Download: 0 times
Share this document with a friend
127
Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe... 1 of 127 11/10/08 12:44 . ./DS-484 ./DS-484/Risikoanalyse ./DS-484/Handlingsplaner ./DS-484/IT-Politik ./DS-484/IT-Strategi ./DS-484/Kriseberedskab ./Install_Guides/Ubuntu_6.06/IPv6 ./Install_Guides/Ubuntu_6.06 ./Install_Guides ./Install_Guides/Solaris/NIS ./Install_Guides/Solaris ./Install_Guides/Solaris/Kbd-Break ./Install_Guides/Thunderbird ./Install_Guides/Matlab_Paa_Cluster ./Install_Guides/SyncUbuntu ./Tips-n-tricks/rsync ./Tips-n-tricks ./Tips-n-tricks/Copy_Directory ./Tips-n-tricks/Autofs ./Tips-n-tricks/Apt-get ./Programmer ./Programmer/Solaris ./Programmer/Solaris/Blastwave ./Programmer/Solaris/pack ./Programmer/Ubuntu/pakkesync ./Programmer/Ubuntu ./Diskplads/ZFS/Tests_paa_kolga ./Diskplads/ZFS/Tests_paa_kolga/Plads_til_06gr956c ./Diskplads/ZFS/maximus ./Diskplads/ZFS/maximus/tmp-plads ./Diskplads/ZFS ./Diskplads/ZFS/tibialis ./Diskplads/ZFS/ACL ./Diskplads/ZFS/Quota ./Diskplads/ZFS/Zpool_arbejde ./Diskplads/MetaDevices/Udvidelse ./Diskplads/iSCSI ./Diskplads/iSCSI/DeFoersteTests ./Diskplads/iSCSI/tibialis ./Diskplads/VMware/nfs-01 ./Drift/Backup/Amanda ./Drift/Backup/Amanda/HOWTO ./Drift/Backup/Amanda/Restore ./Drift/Backup/Amanda/Restore/Uddybende_fifs ./Drift/Backup/Amanda/Restore_efter_nedbrud ./Drift/Backup/ran ./Drift/Backup ./Drift/Backup/ZFS ./Drift/Backup/Baand ./Drift ./Drift/Rullevogn ./Drift/SunRay ./Drift/SunRay/utadm ./Solaris_Stuff/10 ./Solaris_Stuff/10/TCP_Wrappers ./Solaris_Stuff/10/TCP_Wrappers/Tabel ./Solaris_Stuff/10/Patches ./Solaris_Stuff/10/KolgaFrigoeres ./Solaris_Stuff ./Solaris_Stuff/GodeLinks ./Solaris_Stuff/CSW ./Solaris_Stuff/Zones/multimus05 ./Solaris_Stuff/Zones/multimus01 ./Solaris_Stuff/Zones/multimus01/global ./Solaris_Stuff/Zones/multimus01/qemu01 ./Solaris_Stuff/Zones/multimus01/ldap01 ./Solaris_Stuff/Zones/multimus01/unattended ./Solaris_Stuff/Zones/multimus01/wwwproxy ./Solaris_Stuff/Zones/multimus01/ciscoadm ./Solaris_Stuff/Zones/multimus01/ciscoadm/DoCisco ./Solaris_Stuff/Zones/multimus01/qemu02 ./Solaris_Stuff/Zones/multimus01/medisdepot ./Solaris_Stuff/Zones ./PrintOgKopikort/WebInterface ./PrintOgKopikort/NyPrintKoe ./HSTsysadm ./HSTsysadm/Tabellen_User ./HSTsysadm/Tasks ./HSTsysadm/Tasks/New_projectdir ./HSTsysadm/Tasks/New_user ./HSTsysadm/Aliases ./HSTsysadm/Aliases/Overgang ./HSTsysadm/Overgang ./HSTsysadm/Database_struktur ./HSTsysadm/VM_hstsysadm ./HSTsysadm/VM_hstsysadm/mysql5 ./HSTsysadm/Table_Access ./HSTsysadm/Table_Automount ./Unattended_Install ./Unattended_Install/Howto ./Unattended_Install/Dokumentation ./Unattended_Install/Notater ./Unattended_Install/Notater/Driver_liste ./Magnus2007 ./Magnus2007/aegir ./Magnus2007/smtp_til_tibialis ./Magnus2007/mbx_som_default ./Magnus2007/aegir_toemmes_for_services ./Magnus2007/aegir_toemmes_for_shares ./Magnus2007/SysadmDB/passwd ./Magnus2007/SysadmDB/group ./Magnus2007/LDAP ./Magnus2007/multimus01/Zone-wwwproxy/ftp-gw ./Magnus2007/multimus01/Zone-wwwproxy ./Magnus2007/multimus01 ./Magnus2007/multimus01/Zone-ciscoadm ./Magnus2007/multimus01/Zone-ciscoadm/MRTG ./Magnus2007/multimus01/Zone-ciscoadm/DoCisco ./Magnus2007/multimus01/Zone-ciscoadm/VMPS ./Magnus2007/multimus01/Zone-ciscoadm/NetGraf ./Magnus2007/multimus01/Zone-ciscoadm/NetDoc/MySQL ./Magnus2007/x4600_tryNbuy ./Magnus2007/E-bygningen/Cisco ./Magnus2007/E-bygningen ./Dataopsamling/MRTG ./Dataopsamling ./Maskinstue/UPS/Service ./Maskinstue/UPS ./Maskinstue ./Maskinstue/220V ./Maskinstue/E2-110/Rack_1/maximus01 ./Maskinstue/D1-104/Rack_2/biceps ./Maskinstue/D1-104/Rack_2/tibialis ./Maskinstue/D1-104/Rack_2/soleus ./Maskinstue/D1-104/Rack_2/gracilis ./Maskinstue/D1-104/Rack_2/maximus ./Maskinstue/D1-104/Rack_2/cerebrum01 ./Maskinstue/D1-104/Rack_2/multimus05 ./Maskinstue/D1-104/Rack_3/aegir ./Maskinstue/D1-104/Rack_3/multimus01 ./Maskinstue/D1-104/Rack_3/illiacus ./Maskinstue/D1-104/Rack_4/cluster2 ./Maskinstue/D1-104/Rack_4/DELL-rackpc ./Maskinstue/D1-104 ./Databaser ./Databaser/studmysql ./Network/VLANs ./Network/VLANs/hst-dims ./Network ./Services ./Services/IMAP ./Services/IMAP/HomeDirs2tibialis ./Services/SMTP ./Services/SMTP/Sendmail ./Services/SMTP/Flytning_til_tibialis
Transcript
Page 1: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

1 of 127 11/10/08 12:44

.

./DS-484

./DS-484/Risikoanalyse

./DS-484/Handlingsplaner

./DS-484/IT-Politik

./DS-484/IT-Strategi

./DS-484/Kriseberedskab

./Install_Guides/Ubuntu_6.06/IPv6

./Install_Guides/Ubuntu_6.06

./Install_Guides

./Install_Guides/Solaris/NIS

./Install_Guides/Solaris

./Install_Guides/Solaris/Kbd-Break

./Install_Guides/Thunderbird

./Install_Guides/Matlab_Paa_Cluster

./Install_Guides/SyncUbuntu

./Tips-n-tricks/rsync

./Tips-n-tricks

./Tips-n-tricks/Copy_Directory

./Tips-n-tricks/Autofs

./Tips-n-tricks/Apt-get

./Programmer

./Programmer/Solaris

./Programmer/Solaris/Blastwave

./Programmer/Solaris/pack

./Programmer/Ubuntu/pakkesync

./Programmer/Ubuntu

./Diskplads/ZFS/Tests_paa_kolga

./Diskplads/ZFS/Tests_paa_kolga/Plads_til_06gr956c

./Diskplads/ZFS/maximus

./Diskplads/ZFS/maximus/tmp-plads

./Diskplads/ZFS

./Diskplads/ZFS/tibialis

./Diskplads/ZFS/ACL

./Diskplads/ZFS/Quota

./Diskplads/ZFS/Zpool_arbejde

./Diskplads/MetaDevices/Udvidelse

./Diskplads/iSCSI

./Diskplads/iSCSI/DeFoersteTests

./Diskplads/iSCSI/tibialis

./Diskplads/VMware/nfs-01

./Drift/Backup/Amanda

./Drift/Backup/Amanda/HOWTO

./Drift/Backup/Amanda/Restore

./Drift/Backup/Amanda/Restore/Uddybende_fifs

./Drift/Backup/Amanda/Restore_efter_nedbrud

./Drift/Backup/ran

./Drift/Backup

./Drift/Backup/ZFS

./Drift/Backup/Baand

./Drift

./Drift/Rullevogn

./Drift/SunRay

./Drift/SunRay/utadm

./Solaris_Stuff/10

./Solaris_Stuff/10/TCP_Wrappers

./Solaris_Stuff/10/TCP_Wrappers/Tabel

./Solaris_Stuff/10/Patches

./Solaris_Stuff/10/KolgaFrigoeres

./Solaris_Stuff

./Solaris_Stuff/GodeLinks

./Solaris_Stuff/CSW

./Solaris_Stuff/Zones/multimus05

./Solaris_Stuff/Zones/multimus01

./Solaris_Stuff/Zones/multimus01/global

./Solaris_Stuff/Zones/multimus01/qemu01

./Solaris_Stuff/Zones/multimus01/ldap01

./Solaris_Stuff/Zones/multimus01/unattended

./Solaris_Stuff/Zones/multimus01/wwwproxy

./Solaris_Stuff/Zones/multimus01/ciscoadm

./Solaris_Stuff/Zones/multimus01/ciscoadm/DoCisco

./Solaris_Stuff/Zones/multimus01/qemu02

./Solaris_Stuff/Zones/multimus01/medisdepot

./Solaris_Stuff/Zones

./PrintOgKopikort/WebInterface

./PrintOgKopikort/NyPrintKoe

./HSTsysadm

./HSTsysadm/Tabellen_User

./HSTsysadm/Tasks

./HSTsysadm/Tasks/New_projectdir

./HSTsysadm/Tasks/New_user

./HSTsysadm/Aliases

./HSTsysadm/Aliases/Overgang

./HSTsysadm/Overgang

./HSTsysadm/Database_struktur

./HSTsysadm/VM_hstsysadm

./HSTsysadm/VM_hstsysadm/mysql5

./HSTsysadm/Table_Access

./HSTsysadm/Table_Automount

./Unattended_Install

./Unattended_Install/Howto

./Unattended_Install/Dokumentation

./Unattended_Install/Notater

./Unattended_Install/Notater/Driver_liste

./Magnus2007

./Magnus2007/aegir

./Magnus2007/smtp_til_tibialis

./Magnus2007/mbx_som_default

./Magnus2007/aegir_toemmes_for_services

./Magnus2007/aegir_toemmes_for_shares

./Magnus2007/SysadmDB/passwd

./Magnus2007/SysadmDB/group

./Magnus2007/LDAP

./Magnus2007/multimus01/Zone-wwwproxy/ftp-gw

./Magnus2007/multimus01/Zone-wwwproxy

./Magnus2007/multimus01

./Magnus2007/multimus01/Zone-ciscoadm

./Magnus2007/multimus01/Zone-ciscoadm/MRTG

./Magnus2007/multimus01/Zone-ciscoadm/DoCisco

./Magnus2007/multimus01/Zone-ciscoadm/VMPS

./Magnus2007/multimus01/Zone-ciscoadm/NetGraf

./Magnus2007/multimus01/Zone-ciscoadm/NetDoc/MySQL

./Magnus2007/x4600_tryNbuy

./Magnus2007/E-bygningen/Cisco

./Magnus2007/E-bygningen

./Dataopsamling/MRTG

./Dataopsamling

./Maskinstue/UPS/Service

./Maskinstue/UPS

./Maskinstue

./Maskinstue/220V

./Maskinstue/E2-110/Rack_1/maximus01

./Maskinstue/D1-104/Rack_2/biceps

./Maskinstue/D1-104/Rack_2/tibialis

./Maskinstue/D1-104/Rack_2/soleus

./Maskinstue/D1-104/Rack_2/gracilis

./Maskinstue/D1-104/Rack_2/maximus

./Maskinstue/D1-104/Rack_2/cerebrum01

./Maskinstue/D1-104/Rack_2/multimus05

./Maskinstue/D1-104/Rack_3/aegir

./Maskinstue/D1-104/Rack_3/multimus01

./Maskinstue/D1-104/Rack_3/illiacus

./Maskinstue/D1-104/Rack_4/cluster2

./Maskinstue/D1-104/Rack_4/DELL-rackpc

./Maskinstue/D1-104

./Databaser

./Databaser/studmysql

./Network/VLANs

./Network/VLANs/hst-dims

./Network

./Services

./Services/IMAP

./Services/IMAP/HomeDirs2tibialis

./Services/SMTP

./Services/SMTP/Sendmail

./Services/SMTP/Flytning_til_tibialis

Page 2: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

2 of 127 11/10/08 12:44

./Services/SMTP/RaysFilter

./Services/EmailSetup

./Services/SSL/InstallRapidCert

./Services/SSL

./Services/SSL/Stunnel_Calendar

./Services/SSL/Apache_aegir

./Services/NTP/tibialis

./Services/SSH/HostBasedAuth

./Services/DNS/BIND

./Services/DNS

./Services/LDAP/Config/slapd.conf

./Services/LDAP/Config/ldap.conf

./Services/LDAP/Config/Logging

./Services/LDAP

./Services/LDAP/Data

./Services/LDAP/Scripting/PHP

./Services/LDAP/Scripting/Perl

./Services/LDAP/phpLDAPadmin

./Services/LDAP/Sikkerhed/Snoop

./Services/LDAP/Sikkerhed

./Services/LDAP/SASL

./Services/LDAP/Berigelse

./Services/Samba/Passwd

./Services/Samba

./Services/Samba/Maximus

./Services/Samba/Maximus/Bygge_en_ny

./Services/Samba/Maximus/Validere_tar_ball

./Services/Samba/PDC

./Services/SunONE_Calender/Oprette_Lokaler

./Services/SunONE_Calender/LDAP_Console

./Services/SunONE_Calender

./Services/SunONE_Calender/Lokale_Problemer

./Services/VPN

./Services/VPN/radiusd

./Henrik

./Henrik/Notater

./Henrik/Comsol/Licenser

./Henrik/Comsol

./Henrik/Solaris_LDAP_auth

./Henrik/Solaris_LDAP_auth/.filer1

./Brugere/StudSTADS

./Brugere/Grupper/Gruppedirectories

./Brugere/Oprettelse

./Budget

./Budget/2008_Plan

./Budget/2008

./Budget/2008_ordre

./Typo3/Typo3_Paa_Solaris_10

./Typo3

./Typo3/Bugs

./VMware/001_Tests/nfs-01

./VMware/Storage/FibreChannel

./VMware/Storage/Hastigheder

./VMware/Tips

./VMware/Templates

./VMware/Templates/Solaris-core

./VMware/Templates/Solaris-core/install

./VMware/VirtualMachines/sunray01

./VMware/VirtualMachines/nat01

./VMware/VirtualMachines/perdition

./VMware/VirtualMachines/zimbra-store01

./VMware/VirtualMachines/zimbra-ldap01

./VMware/VirtualMachines/mainmta

./VMware/VirtualMachines/webmail

./VMware/VirtualMachines/cluster8

./VMware/ESX

./VMware/StorageTek/Screenshots

./Helpers/Solving_problems/Samba

./Helpers/Solving_problems/Samba/Windows

./Zimbra

./Zimbra/LVM

./Zimbra/LVM/Docs

./Zimbra/Passwords

./Zimbra/Passwords/HstSysAdmSync

./Zimbra/Install

./Zimbra/CLI

./Zimbra/TvungenHTTPS

./Zimbra/ZimbraMTA

./Zimbra/ZimbraStore

./Zimbra/YP-Zimbra

./Zimbra/ZimbraLDAPmaster

./Zimbra/ZimbraIMAPproxy

./Zimbra/CSWsendmailMTA

./Zimbra/ZimbraTemplate

./Zimbra/Imapsync

./Zimbra/Plan_for_flytning

./Zimbra/Status

./Zimbra/SpamAssassin

./Zimbra/Brugerflytning

./Zimbra/Overgang_fra_Thunderbird

./Zimbra/Bayes

./Search_WIP

./FlexLM

./index.php

SysAdmNet for HSTHer samler vi tekster om de forskellige ting omkring vores systemadministration sammen.

Det er ikke altid at tingene er grupperet saa smart, og ting kan godt flytte fra det ene sted til det andet, saaledes at vi mangler lidt en soegefunktion.

./DS-484/index.php

DS-484Vi skal overholde Dansk Standard 484, som kan ses ...link mangler...

I foerste omgang har dette betyder at vi skal lave en liste over vores aktiver, og derefter risikoanalysere hvert enkelt aktiv.

Dette har vaeret et kaempestort arbejde. For at goere det "brugbart", har vi saa valgt at udvide analysen med flere punkter som vi direkte vil kunne faa glaede af. ...haabervi ;-) Saasom at registrere hvem er ansvarlig for et aktiv, hosts de koerer paa, konfigurationsfiler, logfiler og evt Action Points, som er aktuelle for det enkelte aktiv.

IT- og TelestyrelsenHer er en beskrivelse af DS-484: http://www.itst.dk/it-sikkerhed/ds-484.

Hoering om IKT-Politik for AAUHer er lidt fra en mail fra Michael den 14/4-2008, sendt til sysadm-l [906]:

Hermed fremsendes Forslag til Ikt-politik for AAU til høring i IKT-TN.For at spare diverse mailserver lidt, så har jeg tilladt mig at læggedokumenterne på en web-server her på hum, det drejer sig om:

Følgebrev fra Niels-Henrik:

http://www.hum.aau.dk/~michael/aauiktpolitik/NHGBrev-dk.pdf

Udkastet til IKT-politikken:

http://www.hum.aau.dk/~michael/aauiktpolitik/IKTpolitik%20til%20h%9bring%2020080410.pdf

Page 3: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

3 of 127 11/10/08 12:44

Beskrivelsen af minimumskrav for alle hovedområder:

http://www.hum.aau.dk/~michael/aauiktpolitik/it-tjenester-aau-jan-2008.pdf

Påbud om at implementere DS-484:

http://www.hum.aau.dk/~michael/aauiktpolitik/rektors-brev-om-it-sikkerhed-ikt-ansvarlige-marts2006.pdf

Retningslinier for datasikkerhed:

http://www.hum.aau.dk/~michael/aauiktpolitik/Document.pdf

./DS-484/Risikoanalyse/index.php

RisikoanalyseeeeNetbaseret risikonalyseMagnus har lavet nogle php-scripts som danner rammen for vores risikoanalyse. Den kan findes paa https://hstsysadm.... Der kan man saa se de enkelte risikoanalyser ved atklikke paa aktiv-id ude til venstre.

Den samlede risikoanalyse er saa den udgave som man kan udskrive og aflevere.

Man kan ogsaa se alle de indtastede ActionPoints samlet.

./DS-484/Handlingsplaner/index.php

./DS-484/IT-Politik/index.php

IT-Politik for HSTDer skal eksistere en IT-Politik for instituttet, og denne skal loebende vedligeholdes.

Her findes en kopi af den gaeldende IT-Politik, og det er ogsaa her at selve TeX filen ligger.

Maaske skulle den vaere under hstsysadm zonen?

Revision i 2008Vi er blevet udvalgt til en skriftlig revision omkring nogle ting, og vores svar er under udarbejdelse her: IT-revision2008.pdf.

./DS-484/IT-Strategi/index.php

./DS-484/Kriseberedskab/index.php

./Install_Guides/Ubuntu_6.06/IPv6/index.php

Det er noedvendigt at slukke ipv6, da den kun giver problemer :-(

Se http://www.ubuntugeek.com/how-to-disable-ipv6-in-ubuntu.html

Vi har tidligere bare blacklistet ipv6, men det fylder vores log op med beskeder:

Aug 3 12:54:01 zimbra-store01.hst.aau.dk modprobe: WARNING: Not loading blacklisted module ipv6 Aug 3 12:54:02 zimbra-mta01.hst.aau.dk modprobe: WARNING: Not loading blacklisted module ipv6

./Install_Guides/Ubuntu_6.06/index.php

Ubuntu 6.06 Install Guide For HST Servers

Før du begynder

Tag backup af /etc/ssh/ (keys) hvis maskinen har været på nettet før. Er den ny skal den oprettes i /opt/csw/etc/ssh_known_hosts på gracilis og illiacus(eller andre hvis det er nødvendigt) og ssh_known_hosts skal kopiers fra f.eks. cluster3 til den nye maskine. Kig også om der skulle ligge noget i /space/some skal gemmes

NOTE: http_proxy=http://wwwproxy:3128 er ikke nødvendigt hvis du sætter proxyen under installationen

Installation

Vælg "Install in Textmode" og brug følgende settings for en "standard server" (f.eks. som cluster3)IP 130.225.49.XXXNetmask 255.255.255.0Network 130.225.49.0Broadcast 130.225.49.255Gateway 130.225.49.1DNS: 130.225.49.2 og 130.225.49.6

Den bruger du opretter under installationen skal bruges indtil nis/yp er sat op, så kan den slettes

Gør maskinen klar til konfiguration

Log in som brugeren der blev oprettet under installationen.

sudo passwd root

Log ud igen og ind som root. Fjern alle "#" ved adresser i /etc/apt/sources.list og tilføj ved "CDen"

Updater apt med:

http_proxy=http://wwwproxy:3128 apt-get update

Installere ssh med:

http_proxy=http://wwwproxy:3128 sudo apt-get install ssh

Updater alle pakker med:

http_proxy=http://wwwproxy:3128 apt-get upgrade

Gå ud af maskinstuen, ind på dit kontor, drik noget kaffe og brug SSH til at gøre konfigurationen færdig :-P

Page 4: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

4 of 127 11/10/08 12:44

Installer og konfigurer NIS/YP + autofs

Installer NIS og autofs med:

http_proxy=http://wwwproxy:3128 apt-get install nishttp_proxy=http://wwwproxy:3128 apt-get install autofs

Indsæt automount: nis i bunden af /etc/nsswitch

Reload autofs med

/etc/init.d/autofs reload

Lav følgende ændringer i de nævnte filer:/etc/passwdAdd +::::::

/etc/shadowAdd +::::::::

/etc/groupAdd +:::

Lave følgende rettelser i /etc/ssh/sshd_config

LoginGraceTime 600

IgnoreRhosts yesRhostsRSAAuthentication yesHostbasedAuthentication yes#IgnoreUserKnownHosts yesPermitEmptyPasswords no#ChallengeResponseAuthentication yesPasswordAuthentication no

Indsæt +@sunclient i bunden af /etc/hosts.equiv (Du skal selv oprette filen)

Kopier /etc/bashrc fra f.eks. cluster3 til samme dir på den nye maskine

Test at det hele virker ved at logge ind fra gracilis og illiacus uden at skrive password (uden nogen fejl) og check af f.eks. /home/thk findes

Afsluttende ændringer

http_proxy=http://wwwproxy:3128 apt-get install rstatd (Skal startes manuelt: /usr/sbin/rpc.rstatd)

Lave individuelle ændringer for maskinen. F.eks. ret /opt/csw/etc/xdg/xfce4/desktop/menu_aau.xml eller installere diverse programmer

Slet brugeren som blev oprettet under installationen

Opret link fra /pack til /pack-linux med:(HUSK: Du skal stå i /)

thk@cluster4:/# ln -s /pack-linux/ /pack

Diveres rettelser som kan lavers, men er ikke nødvendige for alle maskiner

X kan disables med:

update-rc.d -f gdm remove (Ja, den skal "forces")

./Install_Guides/index.php

./Install_Guides/Solaris/NIS/index.php

Saet NIS op paa en Solaris 10 maskinekommer....

./Install_Guides/Solaris/index.php

./Install_Guides/Solaris/Kbd-Break/index.php

Keyboard break fjernes

root@tibialis:/# diff /etc/default/kbd.rod-070226-09\:21 /etc/default/kbd 29c29< #KEYBOARD_ABORT=alternate---> KEYBOARD_ABORT=alternateroot@tibialis:/#

root@tibialis:/# kbd -i

./Install_Guides/Thunderbird/index.php

Her er lidt om hvordan den danske ordbog kopieredes fra thunderbird-1.5.0.5 til thunderbird-1.5.0.8

root@illiacus:/coll/local# ls -l /space/pack-sol86/thunderbird-1.5.0.*/thunderbird/components/myspell/space/pack-sol86/thunderbird-1.5.0.5/thunderbird/components/myspell:total 2536-rw-r--r-- 1 magnus magnus 21145 Aug 10 10:51 da.aff-rw-r--r-- 1 magnus magnus 1855803 Aug 10 10:51 da.dic-rw-r--r-- 1 magnus magnus 2731 Jul 16 2005 en-US.aff-rw-r--r-- 1 magnus magnus 695748 Jul 16 2005 en-US.dic

/space/pack-sol86/thunderbird-1.5.0.8/thunderbird/components/myspell:total 691-rw-r--r-- 1 root root 2731 Jul 16 2005 en-US.aff-rw-r--r-- 1 root root 695748 Jul 16 2005 en-US.dicroot@illiacus:/coll/local# cp /space/pack-sol86/thunderbird-1.5.0.5/thunderbird/components/myspell/da* /space/pack-sol86/thunderbird-1.5.0.8/thunderbird/components/myspellroot@illiacus:/coll/local#

./Install_Guides/Matlab_Paa_Cluster/index.php

Installer Matlab på Cluster Maskiner

Opret først mappen /space/pack-local/matlab-7.2.0/ og "gå ind i den"

Brug rsync til at kopier Matlab fra f.eks. cluster5

Page 5: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

5 of 127 11/10/08 12:44

thk@cluster4:/space/pack-local/matlab-7.2.0/# rsync -av -e ssh thk@cluster5:/space/pack-local/matlab-7.2.0/ .

./Install_Guides/SyncUbuntu/index.php

Det er lidt svært at læse så jeg skriver også lige noget ;-)

magnus@cluster10:~/UNIX/admin/Cluster# ssh thk@cluster5 dpkg --get-selections | grep -w install | dpkg --set-selections

Og saa:

time apt-get dselect-upgrade

root@cluster4:/home/magnus/UNIX/admin/Cluster# dpkg --set-selections < cluster5-get-selections root@cluster4:/home/magnus/UNIX/admin/Cluster# time apt-get dselect-upgradeReading package lists... Done Building dependency tree... Done The following packages will be REMOVED: cupsys-bsd gnome-power-manager gnome-session gnome-volume-managerpoppler-utils ubuntu-desktop update-notifier The following NEW packages will be installed: alien autoconf automake1.9 autotools-dev binutils bison build-essential cmakecomerr-dev cpp cpp-4.0 cvs debconf-utils debhelper dpkg-dev flex freeglut3-dbg freeglut3-dev g++ g++-4.0 gcc gcc-3.3-base gcc-4.0 gcc-4.0-doc gsl-bin gsl-doc-pdfgsl-ref-html gsl-ref-psdoc gtk2-engines-xfce gv html2text lesstif2 libaudio2 libbeecrypt6 libc6-dev libdmx-dev libdrm-dev libexo-0.3-0 libexpat1-dev libfontconfig1-devlibfontenc-dev libfreetype6-dev libfs-dev libgl1-mesa-dev libglu1-mesa-dev libgsl0 libgsl0-dev libice-dev libjpeg62-dev libneon25 libpcre3 libpng12-dev libqt4-corelibqt4-gui librpm4 libsm-dev libstdc++5 libstdc++6-4.0-dev libt1-5 libthunar-vfs-1 libtiff-opengl libtiff-tools libtiff4-dev libtiffxx0c2 libtool libtool-doc libx11-devlibxau-dev libxaw-headers libxaw7-dev libxcomposite-dev libxcomposite1 libxcursor-dev libxdamage-dev libxdmcp-dev libxevie-dev libxevie1 libxext-dev libxfce4mcs-client3libxfce4mcs-manager3 libxfce4util4 libxfcegui4-4 libxfixes-dev libxfont-dev libxft-dev libxi-dev libxinerama-dev libxkbfile-dev libxkbui-dev libxkbui1 libxmu-devlibxmu-headers libxmuu-dev libxpm-dev libxrandr-dev libxrender-dev libxres-dev libxss-dev libxt-dev libxtrap-dev libxtst-dev libxv-dev libxvmc-dev libxvmc1libxxf86dga-dev libxxf86misc-dev libxxf86vm-dev linux-image-2.6.15-27-amd64-generic linux-kernel-headers linux-restricted-modules-2.6.15-27-amd64-generic m4mesa-common-dev rpm stow tcsh tetex-base tetex-bin tetex-extra tex-common texmaker thunar x-dev x11proto-bigreqs-dev x11proto-composite-dev x11proto-core-devx11proto-damage-dev x11proto-dmx-dev x11proto-evie-dev x11proto-fixes-dev x11proto-fontcache-dev x11proto-fonts-dev x11proto-gl-dev x11proto-input-dev x11proto-kb-devx11proto-randr-dev x11proto-record-dev x11proto-render-dev x11proto-resource-dev x11proto-scrnsaver-dev x11proto-trap-dev x11proto-video-dev x11proto-xcmisc-devx11proto-xext-dev x11proto-xf86bigfont-dev x11proto-xf86dga-dev x11proto-xf86dri-dev x11proto-xf86misc-dev x11proto-xf86vidmode-dev x11proto-xinerama-dev xfce4xfce4-icon-theme xfce4-mcs-manager xfce4-mcs-plugins xfce4-panel xfce4-session xfce4-utils xfdesktop4 xfs xfwm4 xfwm4-themes xorg-dev xpdf xpdf-common xpdf-readerxpdf-utils xserver-xorg-dev xtrans-dev zlib1g-dev The following packages will be upgraded: linux-image-amd64-generic linux-restricted-modules-amd64-generic 2 upgraded,168 newly installed, 7 to remove and 0 not upgraded. Need to get 121MB of archives. After unpacking 426MB of additional disk space will be used. Do you want to continue[Y/n]? Se http://www.debian-administration.org/articles/174 root@cluster4:/home/magnus/UNIX/admin/Cluster# cat ~magnus/Desktop/ziyi_key_2006.asc | gpg --import gpg://.gnupg/trustdb.gpg: trustdb created gpg: key 2D230C5F: public key "Debian Archive Automatic Signing Key (2006) " imported gpg: Total number processed: 1 gpg: imported:1 gpg: no ultimately trusted keys found root@cluster4:/home/magnus/UNIX/admin/Cluster# hjaelper ike noget root@cluster4:/home/magnus/UNIX/admin/Cluster# exporthttp_proxy=wwwproxy:3128 root@cluster4:/home/magnus/UNIX/admin/Cluster# export http_proxy=http://130.225.49.3:3128 root@cluster4:/home/magnus/UNIX/admin/Cluster# Og helekoerselen tager real 2m26.537s user 0m56.049s sys 0m20.889s

./Tips-n-tricks/rsync/index.php

rsync

rsync -av -e ssh Directory host:/Ny/Path/

Eksempel: (Mappen /space/pack-local/matlab-7.2.0/ skal laves INDEN filerne kopiers)

thk@cluster4:/space/pack-local# rsync -av -e ssh thk@cluster5:/space/pack-local/matlab-7.2.0 .

Eller:

thk@cluster4:/space/pack-local/matlab-7.2.0# rsync -av -e ssh thk@cluster5:/space/pack-local/matlab-7.2.0/ .

Det er meget vigtigt at du skriver det præcist som her (især med /). Da du ellers kan komme til at ligge filerne i forkerte mapper hvilket giver er masse arbejde med atrydde op igen ;-).

./Tips-n-tricks/index.php

./Tips-n-tricks/Copy_Directory/index.php

Copy Directory

Kopier et helt directory uden er ændre permissions

cd /Full/Path/Source/ && tar -cf - . | (cd /Full/Path/Destination && tar -xpvf -)

./Tips-n-tricks/Autofs/index.php

Hvis f.eks. /home bliver mounted i Ubuntu 6.06 (muligvis også andre OS, men jeg har kun set det i Ubuntu), men ikke har noget indhold så kig i /etc/mtab. Den "husker" etprocess id for en "fejlet" autofs process. Slet linjen og genstart autofs (/etc/init.d/autofs reload)

./Tips-n-tricks/Apt-get/index.php

Her er lige et par apt kommandoer

apt-get update

Opdatere pakkerlisterne med information fra /etc/apt/sources.list

apt-get upgrade

Opgradere alle pakker til nyeste version (i følge sources.list)

apt-get install pakkenavn

Installere en pakke

apt-get remove pakkenavn

Fjerner en pakke

apt-cache search "pakkenavn eller del af pakkenavn"

Søger i de forskellige repositories

Page 6: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

6 of 127 11/10/08 12:44

apt-cache showsrc pakkenavn

Viser information om en pakke

dpkg --get-selections

Viser en liste med alle installerede pakker

./Programmer/index.php

./Programmer/Solaris/index.php

./Programmer/Solaris/Blastwave/index.php

Vi bruger www.blastwave.org, som installerer nede i /opt/csw

./Programmer/Solaris/pack/index.php

/pack indeholder en masse ting

./Programmer/Ubuntu/pakkesync/index.php

Her kan Torben maaske skrive lidt om hvordan vi soerger for at alle pakker paa cluster5 ogsa findes paa cluster2-4. Eller hvilken maskine vi nu vaelger til at vaere denprimaere.

Vi har set paa det en gang, og der er nogle mails med one-liners i, som kunen vise alt som var installeret, eller saadan noget...

Torben?

./Programmer/Ubuntu/index.php

./Diskplads/ZFS/Tests_paa_kolga/index.php

Tests af ZFS paa kolgaDer er to interne diske, og saa har vi sat halvdelen af en 12-kasse paa soleus.

Saadan er situationen nu mht diske:

root@soleus:/# formatSearching for disks...done

AVAILABLE DISK SELECTIONS: 0. c1t0d0 /pci@8,600000/SUNW,qlc@4/fp@0,0/ssd@w21000004cf8eb1e3,0 1. c1t1d0 /pci@8,600000/SUNW,qlc@4/fp@0,0/ssd@w21000004cf8eaf08,0 2. c2t0d0 /pci@8,700000/scsi@6,1/sd@0,0 3. c2t1d0 /pci@8,700000/scsi@6,1/sd@1,0 4. c2t2d0 /pci@8,700000/scsi@6,1/sd@2,0 5. c2t3d0 /pci@8,700000/scsi@6,1/sd@3,0 6. c2t4d0 /pci@8,700000/scsi@6,1/sd@4,0 7. c2t5d0 /pci@8,700000/scsi@6,1/sd@5,0Specify disk (enter its number):

Saadan lavede jeg en ny pool, ud af diskene i 12-boxen:

root@soleus:/# zpool create box mirror c2t0d0 c2t4d0 mirror c2t1d0 c2t5d0invalid vdev specificationuse '-f' to override the following errors:/dev/dsk/c2t4d0s5 contains a ufs filesystem.

root@soleus:/# zpool create -f box mirror c2t0d0 c2t4d0 mirror c2t1d0 c2t5d0root@soleus:/# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTbox 34G 59.5K 34.0G 0% ONLINE -space 39G 7.94G 31.1G 20% ONLINE -

Og her er et eller andet omkring share og nfs. Jeg lavede vist en broeler, ved at proeve at omdoebe noget som var en del af zfs, og det fik jeg saa desvaerre lov til :-\

root@soleus:/# zfs mount spaceroot@soleus:/# ls spaceFiles.tar fil4 filx4 filx5.4date filx filx5 filx5.kolga_nfsfil2 filx2 filx5.2 lsfil3 filx3 filx5.3 ls-lR_usrroot@soleus:/# zfs set sharenfs='rw=miba:kolga.miba.auc.dk,root=kolga.miba.auc.dk' spaceroot@soleus:/# zfs share space

Og jeg har lavet pools som ser saadan ud:

root@soleus:/# zpool status pool: box state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM box ONLINE 0 0 0 mirror ONLINE 0 0 0 c2t0d0 ONLINE 0 0 0 c2t4d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c2t1d0 ONLINE 0 0 0 c2t5d0 ONLINE 0 0 0

errors: No known data errors

pool: space state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM

Page 7: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

7 of 127 11/10/08 12:44

space ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t0d0s7 ONLINE 0 0 0 c1t1d0s7 ONLINE 0 0 0

errors: No known data errors

./Diskplads/ZFS/Tests_paa_kolga/Plads_til_06gr956c/index.php

Jeg laver lidt plads til maag03

root@soleus:/# zfs create /box/home/group06e/06gr956ccannot create '/box/home/group06e/06gr956c': leading slash in filesystem nameroot@soleus:/# zfs create box/home/group06e/06gr956ccannot create 'box/home/group06e/06gr956c': parent does not exist

Naaah, saa maa vi lave det hele :-)

root@soleus:/# zfs create box/homeroot@soleus:/# zfs create box/home/group06eroot@soleus:/# zfs create box/home/group06e/06gr956c

root@soleus:/# zfs list box/home/group06e/06gr956cNAME USED AVAIL REFER MOUNTPOINTbox/home/group06e/06gr956c 24.5K 33.5G 24.5K /box/home/group06e/06gr956c

I ovenstaaende har jeg lige flyttet USED til hoejre, da kommandoen ikke tager hoejde for hvor meget box/home/group06e/06gr956c fylder Saa skal den deles ud til de andremaskiner:

root@soleus:/# zfs set sharenfs='rw=miba:kolga.miba.auc.dk,root=kolga.miba.auc.dk' box/home/group06e/06gr956c

Saa er ideen at saette den ind i YP, saaledes at den dukker op som normalt:

# Tester lige fra soleus, uden at lave en helt ny fil til det...06gr956c_zfs -rw,nosuid,hard soleus:/box/home/group06e/06gr956c~"ypfiles/auto_stud@kolga" 208 lines, 11671 characters

Dette fejler.....da YP ikke er sat op paa soleus, og den derfor ikke har netgroup :-|

./Diskplads/ZFS/maximus/index.php

ZFS paa maximus

Saadan er situationen nu (Jan 12 2007) mht diske:

root@maximus:/dist/admin/log# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTz1 1.81T 410G 1.41T 22% ONLINE -z2 1.36T 43.4G 1.32T 3% ONLINE -zzones 1.36T 150K 1.36T 0% ONLINE -

Og opbygningen af dem er saadan:

root@maximus:/dist/admin/log# zpool status pool: z1 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z1 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t1d0 ONLINE 0 0 0 c1t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t1d0 ONLINE 0 0 0 c5t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t1d0 ONLINE 0 0 0 c7t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t0d0 ONLINE 0 0 0 c1t0d0 ONLINE 0 0 0

errors: No known data errors

pool: z2 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z2 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t3d0 ONLINE 0 0 0 c6t3d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t3d0 ONLINE 0 0 0 c7t3d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t3d0 ONLINE 0 0 0 c5t3d0 ONLINE 0 0 0

errors: No known data errors

pool: zzones state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM zzones ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t2d0 ONLINE 0 0 0 c5t2d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t2d0 ONLINE 0 0 0 c6t2d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t2d0 ONLINE 0 0 0 c7t2d0 ONLINE 0 0 0

errors: No known data errors

Page 8: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

8 of 127 11/10/08 12:44

root@maximus:/dist/admin/log#

Jeg holder z1 fortrinsvis til ansatte, og z2 til studerende. Den sidste, zzones, er noget som maaske ikke bliver til noget, men der har jeg haft tests af zones. Om det erfornuftigt....ved jeg ikke helt. Men det er smart og nemt :-)

Og nu, 25/9-2007:

root@maximus:/# zpool status pool: z1 state: ONLINE scrub: scrub completed with 0 errors on Thu May 17 13:19:04 2007config:

NAME STATE READ WRITE CKSUM z1 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t1d0 ONLINE 0 0 0 c1t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t1d0 ONLINE 0 0 0 c5t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t1d0 ONLINE 0 0 0 c7t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t0d0 ONLINE 0 0 0 c1t0d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t5d0 ONLINE 0 0 0 c7t5d0 ONLINE 0 0 0 spares c5t6d0 AVAIL

errors: No known data errors

pool: z2 state: ONLINE scrub: scrub completed with 0 errors on Thu Mar 22 22:40:08 2007config:

NAME STATE READ WRITE CKSUM z2 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t3d0 ONLINE 0 0 0 c6t3d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t3d0 ONLINE 0 0 0 c7t3d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t3d0 ONLINE 0 0 0 c5t3d0 ONLINE 0 0 0 spares c5t7d0 AVAIL

errors: No known data errors

pool: z3 state: ONLINE scrub: scrub completed with 0 errors on Mon Apr 16 16:21:29 2007config:

NAME STATE READ WRITE CKSUM z3 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t4d0 ONLINE 0 0 0 c6t4d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c5t5d0 ONLINE 0 0 0 c7t4d0 ONLINE 0 0 0 spares c0t7d0 AVAIL

errors: No known data errors

pool: zzones state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM zzones ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t2d0 ONLINE 0 0 0 c5t2d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t2d0 ONLINE 0 0 0 c6t2d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t2d0 ONLINE 0 0 0 c7t2d0 ONLINE 0 0 0

errors: No known data errors

Et lille script til at hjaelpe med at finde ud af hvor de naeste diske skal tages fra:

root@maximus:/# zpool status |\nawk 'BEGIN{ while ( getline <"/space/tmp/format-diskliste" > 0){ type[$2]=substr($3,2); }}/pool:/{ currentpool=$NF}/c[0-9]/{ pool[$1]=currentpool; use[$1]=$2}END{ for ( disk in type){ print disk"\t"pool[disk]"\t"use[disk]"\t"type[disk] }}'|sortc0t0d0 z1 ONLINE ATA-HITACHIc0t1d0 z1 ONLINE ATA-HITACHIc0t2d0 zzones ONLINE ATA-HITACHIc0t3d0 z2 ONLINE ATA-HITACHIc0t4d0 ATA-HITACHIc0t5d0 ATA-HITACHIc0t6d0 ATA-HITACHIc0t7d0 z3 AVAIL ATA-HITACHIc1t0d0 z1 ONLINE ATA-HITACHIc1t1d0 z1 ONLINE ATA-HITACHIc1t2d0 zzones ONLINE ATA-HITACHIc1t3d0 z2 ONLINE ATA-HITACHIc1t4d0 ATA-HITACHIc1t5d0 ATA-HITACHIc1t6d0 ATA-HITACHIc1t7d0 ATA-HITACHIc4t0d0 ATA-HITACHIc4t1d0 z1 ONLINE ATA-HITACHIc4t2d0 zzones ONLINE ATA-HITACHIc4t3d0 z2 ONLINE ATA-HITACHIc4t4d0 z3 ONLINE ATA-HITACHIc4t5d0 ATA-HITACHIc4t6d0 ATA-HITACHIc4t7d0 ATA-HITACHIc5t0d0 DEFAULTc5t1d0 z1 ONLINE ATA-HITACHIc5t2d0 zzones ONLINE ATA-HITACHIc5t3d0 z2 ONLINE ATA-HITACHIc5t4d0 DEFAULTc5t5d0 z3 ONLINE ATA-HITACHIc5t6d0 z1 AVAIL ATA-HITACHI

Page 9: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

9 of 127 11/10/08 12:44

c5t7d0 z2 AVAIL ATA-HITACHIc6t0d0 ATA-HITACHIc6t1d0 z1 ONLINE ATA-HITACHIc6t2d0 zzones ONLINE ATA-HITACHIc6t3d0 z2 ONLINE ATA-HITACHIc6t4d0 z3 ONLINE ATA-HITACHIc6t5d0 z1 ONLINE ATA-HITACHIc6t6d0 ATA-HITACHIc6t7d0 ATA-HITACHIc7t0d0 ATA-HITACHIc7t1d0 z1 ONLINE ATA-HITACHIc7t2d0 zzones ONLINE ATA-HITACHIc7t3d0 z2 ONLINE ATA-HITACHIc7t4d0 z3 ONLINE ATA-HITACHIc7t5d0 z1 ONLINE ATA-HITACHIc7t6d0 ATA-HITACHIc7t7d0 ATA-HITACHI

Saa det ser ud til at jeg udvider z1 med en disk fra c4 og c1: c1t7d0 og c4t5d0. Jeg tager hensyn til hvilke controllere har mindst samlet, hvor meget de har paa z1, og denfysiske afstand til tidligere diske paa z1. Dog ved jeg ikke om c1t7d0 og c4t5d0 er langt fra hinanden....kun at c4t5d0 ihvertfald ikke lige er ved siden af c4t1d0, ogc1t7d0 ikke ved siden af c1t0d0 eller c1t1d0. At c1t0d0 og c1t1d0 er ved siden af hinanden, det er en gammel fejl. I princippet ikke saa afgoerende, men hvis nogen taber enhammer eller en magnet ned i maskinen, saa......ja, ja, det er langt ude...

Fra man-siden for zpool kommandoen:

Example 5: Adding a Mirror to a ZFS Storage Pool

The following command adds two mirrored disks to the pool "tank", assuming the pool is already made up of two-way mir- rors. The additional space is immediately available to any datasets within the pool.

# zpool add tank mirror c1t0d0 c1t1d0

Saa det blev saadan:

root@maximus:/# zpool list z1NAME SIZE USED AVAIL CAP HEALTH ALTROOTz1 2.27T 2.10T 167G 92% ONLINE -root@maximus:/# time zpool add z1 mirror c1t7d0 c4t5d0

real 1m5.898suser 0m0.296ssys 0m0.603sroot@maximus:/# zpool list z1NAME SIZE USED AVAIL CAP HEALTH ALTROOTz1 2.72T 2.10T 631G 77% ONLINE -

./Diskplads/ZFS/maximus/tmp-plads/index.php

Tmp plads til kort tidDer er nogle gange folk som har brug for en hurtig plads et eller andet sted.

Dette kan nemt laves paa maximus:

root@maximus:/dist/admin/bin# zfs create z4/g/vhooraz-tmp root@maximus:/dist/admin/bin# zfs list z4/g/vhooraz-tmpNAME USED AVAIL REFER MOUNTPOINTz4/g/vhooraz-tmp 49.0K 1.36T 49.0K /export/home/vhooraz-tmp

Og vi kan se at export osv kommer automatisk fra z4/g

root@maximus:/dist/admin/bin# zfs get all z4/g/vhooraz-tmpNAME PROPERTY VALUE SOURCEz4/g/vhooraz-tmp type filesystem - z4/g/vhooraz-tmp creation Fri Aug 15 12:54 2008 - z4/g/vhooraz-tmp used 49.0K - z4/g/vhooraz-tmp available 1.36T - z4/g/vhooraz-tmp referenced 49.0K - z4/g/vhooraz-tmp compressratio 1.00x - z4/g/vhooraz-tmp mounted yes - z4/g/vhooraz-tmp quota none default z4/g/vhooraz-tmp reservation none default z4/g/vhooraz-tmp recordsize 128K default z4/g/vhooraz-tmp mountpoint /export/home/vhooraz-tmp inherited from z4/g z4/g/vhooraz-tmp sharenfs rw=miba,root=aegir.miba.auc.dk inherited from z4/g z4/g/vhooraz-tmp checksum on default z4/g/vhooraz-tmp compression off default z4/g/vhooraz-tmp atime on default z4/g/vhooraz-tmp devices on default z4/g/vhooraz-tmp exec on default z4/g/vhooraz-tmp setuid on default z4/g/vhooraz-tmp readonly off default z4/g/vhooraz-tmp zoned off default z4/g/vhooraz-tmp snapdir hidden default z4/g/vhooraz-tmp aclmode groupmask default z4/g/vhooraz-tmp aclinherit secure default

Bare for at sikre at en fejl hos ham ikke fylder det hele:

root@maximus:/dist/admin/bin# zfs set quota=50G z4/g/vhooraz-tmproot@maximus:/dist/admin/bin# zfs get quota z4/g/vhooraz-tmpNAME PROPERTY VALUE SOURCEz4/g/vhooraz-tmp quota 50G local

Og saa er rettighederne nok ogsaa lidt vigtige:

root@maximus:/dist/admin/bin# chown vhooraz:vhooraz /export/home/vhooraz-tmproot@maximus:/dist/admin/bin# chmod 770 /export/home/vhooraz-tmproot@maximus:/dist/admin/bin# ls -ld /export/home/vhooraz-tmpdrwxrwx--- 2 vhooraz vhooraz 2 Aug 15 12:54 /export/home/vhooraz-tmp

Og efter en make paa aegir i /var/yp, saa er den i vinkel :-)

magnus@sunray01:~# ls -ld /home/vhooraz-tmp/drwxrwx--- 2 vhooraz vhooraz 2 Aug 15 12:54 /home/vhooraz-tmp/

./Diskplads/ZFS/index.php

./Diskplads/ZFS/tibialis/index.php

ZFS paa tibialisDette daekker ikke over starten af ZFS brugen paa tibialis. Det starter ve at jeg laver en /var/mail plads paa den. Se under iSCSI for hvordan de blev lavet.

root@tibialis:/# zpool create z3 mirror c3t3d0s2 c3t4d0s2invalid vdev specificationuse '-f' to override the following errors:/dev/dsk/c3t3d0s2 overlaps with /dev/dsk/c3t3d0s0

root@tibialis:/# zpool create -f z3 mirror c3t3d0s2 c3t4d0s2

Page 10: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

10 of 127 11/10/08 12:44

root@tibialis:/# zpool status z3 pool: z3 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z3 ONLINE 0 0 0 mirror ONLINE 0 0 0 c3t3d0s2 ONLINE 0 0 0 c3t4d0s2 ONLINE 0 0 0

errors: No known data errors

root@tibialis:/# zfs create z3/var_mail

root@tibialis:/# zfs list |grep z3 z3 108K 97.9G 26.5K /z3z3/var_mail 24.5K 97.9G 24.5K /z3/var_mail

root@tibialis:/# zfs set quota=50G z3/var_mailroot@tibialis:/# zfs get all z3/var_mailNAME PROPERTY VALUE SOURCEz3/var_mail type filesystem - z3/var_mail creation Thu Dec 6 13:36 2007 - z3/var_mail used 24.5K - z3/var_mail available 50.0G - z3/var_mail referenced 24.5K - z3/var_mail compressratio 1.00x - z3/var_mail mounted yes - z3/var_mail quota 50G local z3/var_mail reservation none default z3/var_mail recordsize 128K default z3/var_mail mountpoint /z3/var_mail default z3/var_mail sharenfs off default z3/var_mail checksum on default z3/var_mail compression off default z3/var_mail atime on default z3/var_mail devices on default z3/var_mail exec on default z3/var_mail setuid on default z3/var_mail readonly off default z3/var_mail zoned off default z3/var_mail snapdir hidden default z3/var_mail aclmode groupmask default z3/var_mail aclinherit secure default

./Diskplads/ZFS/ACL/index.php

ACL paa ZFSDet er ikke saadan lige til at finde ud af de ACLere,men jeg vil proeve at beskrive det jeg finder ud af.

For det foerste, saa er der en beskrivelse paa man-siden for chmod(1). Den er nok udemaerket, men lidt overvaeldende...

Det hele baserer sig paa at ACLere bliver attributter, som har et nummer. En raekkefoelge, saa at sige. Er dog ikke sikker paa om raekkefoelgen har en betydning, men det harden nok... Det ser saadan ca saadan ud, tror jeg, at give en gruppe lov til noget:

chmod A+group:lsr:<perms>:allow

og saadan hvis gruppen ikke skal kunne noget bestemt:

chmod A+group:lsr:<perms>:deny

Man maa saa lige huske, at A+ tilfoejer noget, og overskriver derfor ikke de gamle ACLere som var der! Og at A= overskriver hele molevitten!

Saadan ser det ud med de forskellige ting man kan tillade og afvise:

Char File Directory

r Read data List directory

w Write data Add file

p Append dataIkke supporteret

Add subdirectory

R Read extended attributes ...det samme?

A Create extended attributes ...det samme?

x Execute file ...man-siden sige ikke noget her...

a Read basic, non-ACL, attributes ...det samme?

W Change times on file Change times on directory

d Delete a file

D Delete a file within directory

c Read ACL

C Write ACL

o Change owner

s SyncronizeIkke supporteret

Der er en sammenhaeng, som man nok kan analysere paa, imellem de gamle rwx rettigheder, og de nye ACLere. Det kan man se ved at liste ACL for en fil som ikke har nogen. Herer det godt nok et directory:

root@maximus:/home/lsr# ls -lVd runem/.drwxrwsr-x 2 runem runem 2 Jan 2 11:36 runem/. owner@:--------------:------:deny owner@:rwxp---A-W-Co-:------:allow group@:--------------:------:deny group@:rwxp----------:------:allow everyone@:-w-p---A-W-Co-:------:deny everyone@:r-x---a-R-c--s:------:allowroot@maximus:/home/lsr# ls -ld runem/.drwxrwsr-x 2 runem runem 2 Jan 2 11:36 runem/.root@maximus:/home/lsr#

Jeg synes nu at s-bitten for gruppen faar mystiske konsekvenser...

root@maximus:/home/lsr# chmod o-rwx runem

root@maximus:/home/lsr# chmod A=group:magnus:r-x---a-R-c---:allow runemroot@maximus:/home/lsr# ls -ld runem/.d-----S---+ 2 runem runem 2 Jan 2 11:36 runem/.

OOPSSS. JEg har lige skrevet at A= OVERSKRIVER.....fjols ;) Det underlige er lidt, at S er tilbage. Og det virker ogsaa lidt som om den gamle gode s-bit er ikke helt med paanoderne. Maaske fordi ZFS paa maximus er for gammel, saa den mangler noget funktionalitet??

root@maximus:/home/lsr# chmod A- runemroot@maximus:/home/lsr# chmod +w runemroot@maximus:/home/lsr# chmod o-rwx runem

Page 11: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

11 of 127 11/10/08 12:44

root@maximus:/home/lsr# ls -ld runem/.drwxrws--- 2 runem runem 2 Jan 2 11:36 runem/.root@maximus:/home/lsr# chmod A+group:magnus:r-x---a-R-c---:allow runemroot@maximus:/home/lsr# ls -ld runem/.drwxrws---+ 2 runem runem 2 Jan 2 11:36 runem/.root@maximus:/home/lsr# ls -lVd runem/.drwxrws---+ 2 runem runem 2 Jan 2 11:36 runem/. group:magnus:r-x---a-R-c---:------:allow owner@:--------------:------:deny owner@:rwxp---A-W-Co-:------:allow group@:--------------:------:deny group@:rwxp----------:------:allow everyone@:rwxp---A-W-Co-:------:deny everyone@:------a-R-c--s:------:allowroot@maximus:/home/lsr#

Og med den lange maade, saa ser det saadan ud, og man faar nummrene paa de forskellige ACLere paa. Det bruger man for at aendre en enkelt.

root@maximus:/home/lsr# ls -lvd runem/.drwxrws---+ 2 runem runem 2 Jan 2 11:36 runem/. 0:group:magnus:list_directory/read_data/read_xattr/execute /read_attributes/read_acl:allow 1:owner@::deny 2:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner:allow 3:group@::deny 4:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute:allow 5:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allowroot@maximus:/home/lsr#

For at aendre tingene saaledes at det er gruppen lsr som har adgang, og ikke magnus, saa skulle man kunne goere det saadan her:

root@maximus:/home/lsr# chmod A0=group:lsr:r-x---a-R-c---:allow runemroot@maximus:/home/lsr# ls -lvd runem/.drwxrws---+ 2 runem runem 2 Jan 2 11:36 runem/. 0:group:lsr:list_directory/read_data/read_xattr/execute/read_attributes /read_acl:allow 1:owner@::deny 2:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner:allow 3:group@::deny 4:group@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/execute:allow 5:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allowroot@maximus:/home/lsr# ls -lvVd runem/.drwxrws---+ 2 runem runem 2 Jan 2 11:36 runem/. group:lsr:r-x---a-R-c---:------:allow owner@:--------------:------:deny owner@:rwxp---A-W-Co-:------:allow group@:--------------:------:deny group@:rwxp----------:------:allow everyone@:rwxp---A-W-Co-:------:deny everyone@:------a-R-c--s:------:allowroot@maximus:/home/lsr#

Ja, det ser nu meget rigtigt ud :-)

Det som jeg ikke helt er med paa endnu, er hvilken betydning det har at have "deny". Jeg ville synes at det som ikke er "allow" paa, det er som default "deny". Men man kannok lave noget kreativt med dette, og nok ogsaa skyde sig selv i foden?

./Diskplads/ZFS/Quota/index.php

Quota på gruppe

De har ikke mere plads for gruppe 07gr330

henrik@maximus:~> /usr/sbin/zfs list z2/h/stud/07gr330NAME USED AVAIL REFER MOUNTPOINTz2/h/stud/07gr330 299M 1.20M 299M /export/home/07gr330henrik@maximus:~> /usr/sbin/zfs get quota z2/h/stud/07gr330NAME PROPERTY VALUE SOURCEz2/h/stud/07gr330 quota 300M local

Mon ikke det er sådan:

root@maximus:~> /usr/sbin/zfs set quota=400mb z2/h/stud/07gr330

Og tjek:

henrik@maximus:~> /usr/sbin/zfs get quota z2/h/stud/07gr330NAME PROPERTY VALUE SOURCEz2/h/stud/07gr330 quota 400M local

henrik@maximus:~> /usr/sbin/zfs list z2/h/stud/07gr330NAME USED AVAIL REFER MOUNTPOINTz2/h/stud/07gr330 299M 101M 299M /export/home/07gr330

Og lidt efter, så måske er de gået i gang igen?

henrik@maximus:~> /usr/sbin/zfs list z2/h/stud/07gr330NAME USED AVAIL REFER MOUNTPOINTz2/h/stud/07gr330 301M 98.8M 301M /export/home/07gr330

./Diskplads/ZFS/Zpool_arbejde/index.php

Zpool arbejde

root@maximus:/home/lsr# zpool list z1NAME SIZE USED AVAIL CAP HEALTH ALTROOTz1 2.72T 2.60T 120G 95% ONLINE -root@maximus:/home/lsr# zpool status z1 pool: z1 state: ONLINE scrub: scrub completed with 0 errors on Thu May 17 13:19:04 2007config:

NAME STATE READ WRITE CKSUM z1 ONLINE 0 0 0

Page 12: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

12 of 127 11/10/08 12:44

mirror ONLINE 0 0 0 c0t1d0 ONLINE 0 0 0 c1t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t1d0 ONLINE 0 0 0 c5t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t1d0 ONLINE 0 0 0 c7t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t0d0 ONLINE 0 0 0 c1t0d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t5d0 ONLINE 0 0 0 c7t5d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t7d0 ONLINE 0 0 0 c4t5d0 ONLINE 0 0 0 spares c5t6d0 AVAIL

errors: No known data errorsroot@maximus:/home/lsr#

root@maximus:/home/lsr# time zpool add z1 mirror c4t0d0 c6t0d0

real 1m5.826suser 0m0.269ssys 0m0.468sroot@maximus:/home/lsr# zpool list z1NAME SIZE USED AVAIL CAP HEALTH ALTROOTz1 3.17T 2.60T 584G 82% ONLINE -root@maximus:/home/lsr# zpool status z1 pool: z1 state: ONLINE scrub: scrub completed with 0 errors on Thu May 17 13:19:04 2007config:

NAME STATE READ WRITE CKSUM z1 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t1d0 ONLINE 0 0 0 c1t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t1d0 ONLINE 0 0 0 c5t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t1d0 ONLINE 0 0 0 c7t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t0d0 ONLINE 0 0 0 c1t0d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t5d0 ONLINE 0 0 0 c7t5d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t7d0 ONLINE 0 0 0 c4t5d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t0d0 ONLINE 0 0 0 c6t0d0 ONLINE 0 0 0 spares c5t6d0 AVAIL

errors: No known data errorsroot@maximus:/home/lsr#

./Diskplads/MetaDevices/Udvidelse/index.php

Udvidelse af metadevices paa kolga

root@kolga:/pack/local-admin/quota# metastat -p d130d130 -m d131 d133 1d131 1 1 d132d132 -p c2t1d1s7 -o 62914563 -b 41943040d133 1 1 d134d134 -p c4t0d1s7 -o 62914563 -b 41943040

root@kolga:/pack/local-admin/quota# metainit d900 -p c2t1d1s7 10gd900: Soft Partition is setup

root@kolga:/pack/local-admin/quota# metainit d901 -p c4t0d1s7 10gd901: Soft Partition is setup

root@kolga:/pack/local-admin/quota# metattach d131 d900d131: component is attached

root@kolga:/pack/local-admin/quota# metastat -p d130d130 -m d131 d133 1d131 2 1 d132 \ 1 d900d132 -p c2t1d1s7 -o 62914563 -b 41943040d900 -p c2t1d1s7 -o 398458888 -b 20971520d133 1 1 d134d134 -p c4t0d1s7 -o 62914563 -b 41943040

root@kolga:/pack/local-admin/quota# metattach d133 d901d133: component is attached

root@kolga:/pack/local-admin/quota# metastat -p d130d130 -m d131 d133 1d131 2 1 d132 \ 1 d900d132 -p c2t1d1s7 -o 62914563 -b 41943040d900 -p c2t1d1s7 -o 398458888 -b 20971520d133 2 1 d134 \ 1 d901d134 -p c4t0d1s7 -o 62914563 -b 41943040d901 -p c4t0d1s7 -o 398458888 -b 20971520

root@kolga:/pack/local-admin/quota# metastat d130d130: Mirror Submirror 0: d131 State: Okay Submirror 1: d133 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 62914560 blocks (30 GB).... :-)

Og saa kommer voksevaerken:

root@kolga:/pack/local-admin/quota# time growfs -M /d130 /dev/md/rdsk/d130/dev/md/rdsk/d130: 62914560 sectors in 10240 cylinders of 48 tracks,128 sectors 30720.0MB in 640 cyl groups (16 c/g, 48.00MB/g, 5824 i/g)super-block backups (for fsck -F ufs -o b=#) at: 32, 98464, 196896, 295328, 393760, 492192, 590624, 689056, 787488,885920,Initializing cylinder groups:............

Page 13: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

13 of 127 11/10/08 12:44

super-block backups for last 10 cylinder groups at: 61938464, 62036896, 62135328, 62233760, 62332192, 62430624, 62529056, 62627488, 62725920, 62824352

real 0m8.385suser 0m1.226ssys 0m1.882s

root@kolga:/pack/local-admin/quota# df -k /d130Filesystem kbytes used avail capacity Mounted on/dev/md/dsk/d130 30981094 20448748 10325808 67% /d130root@kolga:/pack/local-admin/quota#

./Diskplads/iSCSI/index.php

./Diskplads/iSCSI/DeFoersteTests/index.php

iSCSIVigtigt at huske:

initiator klienten

target serveren

Vi bruger iSCSI for at undgaa omkostningerne ved Fibre Channel. Fleksibiliteten er ogsaa langt stoerre, selvom der maaske mangler nogle features, som vi aldrig har brugt ivores Fibre Channel setup alligevel.

Opsat paa multimus01

Hvem er vi selv, som iniator? Dette bruges paa SATAboy, for at styre adgangen til de targets som den har.

root@multimus01:/# iscsiadm list initiator-nodeInitiator node name: iqn.1986-03.com.sun:01:ba98e4efffff.4647345fInitiator node alias: - Login Parameters (Default/Configured): Header Digest: NONE/- Data Digest: NONE/- Authentication Type: NONE RADIUS Server: NONE RADIUS access: unknown Configured Sessions: 1

Saa kan vi lige se hvad vi er koblet til (port 3260 er default):

root@multimus01:/# iscsiadm list discovery-addressDiscovery Address: 10.11.12.16:3260Discovery Address: 10.11.12.17:3260

root@multimus01:/# iscsiadm list discovery-address -vDiscovery Address: 10.11.12.16:3260 Target name: iqn.1999-02.com.nexsan:p0:sataboy:0264142f Target address: 10.11.12.16:3260, 1Discovery Address: 10.11.12.17:3260 Target name: iqn.1999-02.com.nexsan:p2:sataboy:0264142f Target address: 10.11.12.17:3260, 2

Og lidt mere om hvem vores target er:

root@multimus01:/# iscsiadm list targetTarget: iqn.1999-02.com.nexsan:p2:sataboy:0264142f Alias: Nexsan iSCSI TPGT: 2 ISID: 4000002a0000 Connections: 1Target: iqn.1999-02.com.nexsan:p0:sataboy:0264142f Alias: Nexsan iSCSI TPGT: 1 ISID: 4000002a0000 Connections: 1root@multimus01:/# iscsiadm list target-paramTarget: iqn.1999-02.com.nexsan:p2:sataboy:0264142f Alias: Nexsan iSCSITarget: iqn.1999-02.com.nexsan:p0:sataboy:0264142f Alias: Nexsan iSCSI

Setup paa tibialis

root@tibialis:/# iscsiadm add discovery-address 10.11.12.16:3260root@tibialis:/# iscsiadm modify discovery --sendtargets enableroot@tibialis:/# list targetTarget: iqn.1999-02.com.nexsan:p0:sataboy:0264142f Alias: Nexsan iSCSI TPGT: 1 ISID: 4000002a0000 Connections: 1

root@tibialis:/# iscsiadm list target -vTarget: iqn.1999-02.com.nexsan:p0:sataboy:0264142f Alias: Nexsan iSCSI TPGT: 1 ISID: 4000002a0000 Connections: 1 CID: 0 IP address (Local): 10.11.12.70:38142 IP address (Peer): 10.11.12.16:3260 Discovery Method: SendTargets Login Parameters (Negotiated): Data Sequence In Order: yes Data PDU In Order: yes Default Time To Retain: 0 Default Time To Wait: 2 Error Recovery Level: 0 First Burst Length: 1024 Immediate Data: yes Initial Ready To Transfer (R2T): yes Max Burst Length: 262144 Max Outstanding R2T: 1 Max Receive Data Segment Length: 8192 Max Connections: 1 Header Digest: NONE Data Digest: NONE

Jeg ser saa denne disk dukke op i format, men den maa jeg ikek roere, da den hoerer til multimus01:

8. c3t30d0 /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,3

./Diskplads/iSCSI/tibialis/index.php

iSCSI paa tibialisJeg laver et nyt volume, som jeg efterforlgende saetter paa LUN 2 paa Controller 1.

Den kommer til at se saadan ud:

2: 'VAR_MAIL_1'

Page 14: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

14 of 127 11/10/08 12:44

Array: 'SATABOY_2', Controller 1 Capacity: 107.3 GB (100.0 GiB)

I /var/adm/messages dukker dette op naar jeg laver et Volume, foer jeg mapper det:

Dec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,1 (sd0):Dec 6 09:46:52 tibialis.miba.auc.dk Error for Command: write(10) Error Level: RetryableDec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Requested Block: 146281948 Error Block: 0Dec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Vendor: NEXSAN Serial Number: 6C911CBB142FDec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Sense Key: Unit AttentionDec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] ASC: 0x3f (reported LUNs data has changed), ASCQ: 0xe, FRU: 0x0Dec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,1 (sd2):Dec 6 09:46:52 tibialis.miba.auc.dk Error for Command: write(10) Error Level: RetryableDec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Requested Block: 146281948 Error Block: 0Dec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Vendor: NEXSAN Serial Number: 6C91FA51142FDec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Sense Key: Unit AttentionDec 6 09:46:52 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] ASC: 0x3f (reported LUNs data has changed), ASCQ: 0xe, FRU: 0x0

format kommandoen giver ikke noget nyt, og ikke noget i /var/adm/messages filen.

Det skyldes aabenbart, at foerste gang den saa noget ske, saa havde tibialis ikke adgang til den, og derfor har den ikke fundet noget saerligt :-\

Men, saa bruger vi det her:

root@tibialis:/space/DTraceToolkit-0.96# devfsadm -Cv -i iscsidevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s0 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:adevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s1 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:bdevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s2 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:cdevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s3 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:ddevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s4 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:edevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s5 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:fdevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s6 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:gdevfsadm[18263]: verbose: symlink /dev/dsk/c3t3d0s7 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:hdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s0 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:a,rawdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s1 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:b,rawdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s2 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:c,rawdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s3 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:d,rawdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s4 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:e,rawdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s5 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:f,rawdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s6 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:g,rawdevfsadm[18263]: verbose: symlink /dev/rdsk/c3t3d0s7 -> ../../devices/iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2:h,raw

Og i /var/adm/messages faar vi bla.:

Dec 6 11:12:28 tibialis.miba.auc.dk scsi: [ID 799468 kern.info] sd3 at iscsi0: name 0000iqn.1999-02.com.nexsan%3Ap2%3Asataboy%3A0264142f0002,2, bus address 0000iqn.1999-02.com.nexsan%3Ap2%3Asataboy%3A0264142f0002,2Dec 6 11:12:28 tibialis.miba.auc.dk genunix: [ID 936769 kern.info] sd3 is /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2Dec 6 11:12:28 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2 (sd3):Dec 6 11:12:28 tibialis.miba.auc.dk Corrupt label; wrong magic numberDec 6 11:12:28 tibialis.miba.auc.dk genunix: [ID 408114 kern.info] /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2 (sd3) online

Dec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,1 (sd0):Dec 6 11:13:09 tibialis.miba.auc.dk Error for Command: write(10) Error Level: RetryableDec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Requested Block: 144399940 Error Block: 0Dec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Vendor: NEXSAN Serial Number: 6C911CBB142FDec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Sense Key: Unit AttentionDec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] ASC: 0x29 (power on, reset, or bus reset occurred), ASCQ: 0x0, FRU: 0x0Dec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,1 (sd2):Dec 6 11:13:09 tibialis.miba.auc.dk Error for Command: write(10) Error Level: RetryableDec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Requested Block: 144399940 Error Block: 0Dec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Vendor: NEXSAN Serial Number: 6C91FA51142FDec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] Sense Key: Unit AttentionDec 6 11:13:09 tibialis.miba.auc.dk scsi: [ID 107833 kern.notice] ASC: 0x29 (power on, reset, or bus reset occurred), ASCQ: 0x0, FRU: 0x0

Vi koerer format kommandoen, for at se hvad vi nu har:

8. c3t0d0 /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,1 9. c3t2d0 /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,1 10. c3t3d0 /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2

Specify disk (enter its number): 10selecting c3t3d0[disk formatted]Disk not labeled. Label it now? y

Da format blev koert kommer dette:

Dec 6 11:39:17 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2 (sd3):Dec 6 11:39:17 tibialis.miba.auc.dk Corrupt label; wrong magic numberDec 6 11:39:17 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2 (sd3):Dec 6 11:39:17 tibialis.miba.auc.dk Corrupt label; wrong magic number

Og saadan ser partitionstabellen ud paa den:

partition> pCurrent partition table (default):Total disk cylinders available: 12798 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks 0 root wm 0 - 15 128.00MB (16/0/0) 262144 1 swap wu 16 - 31 128.00MB (16/0/0) 262144 2 backup wu 0 - 12797 99.98GB (12798/0/0) 209682432 3 unassigned wm 0 0 (0/0/0) 0 4 unassigned wm 0 0 (0/0/0) 0 5 unassigned wm 0 0 (0/0/0) 0 6 usr wm 32 - 12797 99.73GB (12766/0/0) 209158144 7 unassigned wm 0 0 (0/0/0) 0

partition>

Og saa den anden del

3: 'VAR_MAIL_0' Array: 'SATABOY_1', Controller 0 Capacity: 107.3 GB (100.0 GiB)

Dec 6 12:56:41 tibialis.miba.auc.dk scsi: [ID 799468 kern.info] sd4 at iscsi0: name 0000iqn.1999-02.com.nexsan%3Ap0%3Asataboy%3A0264142f0001,0, bus address 0000iqn.1999-02.com.nexsan%3Ap0%3Asataboy%3A0264142f0001,0Dec 6 12:56:41 tibialis.miba.auc.dk genunix: [ID 936769 kern.info] sd4 is /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0Dec 6 12:56:41 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0 (sd4):Dec 6 12:56:41 tibialis.miba.auc.dk Corrupt label; wrong magic numberDec 6 12:56:41 tibialis.miba.auc.dk genunix: [ID 408114 kern.info] /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0 (sd4) online

root@tibialis:/space/DTraceToolkit-0.96# devfsadm -Cv -i iscsidevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s0 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:adevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s1 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:bdevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s2 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:cdevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s3 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:ddevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s4 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:edevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s5 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:fdevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s6 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:gdevfsadm[23186]: verbose: symlink /dev/dsk/c3t4d0s7 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:hdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s0 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:a,rawdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s1 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:b,rawdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s2 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:c,rawdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s3 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:d,rawdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s4 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:e,rawdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s5 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:f,rawdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s6 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:g,rawdevfsadm[23186]: verbose: symlink /dev/rdsk/c3t4d0s7 -> ../../devices/iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0:h,raw

Og i format kommandoen ser vi nu begge to:

10. c3t3d0 /iscsi/[email protected]%3Ap2%3Asataboy%3A0264142f0002,2 11. c3t4d0 /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,0

partition> pCurrent partition table (original):Total disk cylinders available: 12798 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks 0 root wm 0 - 15 128.00MB (16/0/0) 262144 1 swap wu 16 - 31 128.00MB (16/0/0) 262144 2 backup wu 0 - 12797 99.98GB (12798/0/0) 209682432 3 unassigned wm 0 0 (0/0/0) 0 4 unassigned wm 0 0 (0/0/0) 0 5 unassigned wm 0 0 (0/0/0) 0 6 usr wm 32 - 12797 99.73GB (12766/0/0) 209158144 7 unassigned wm 0 0 (0/0/0) 0

Page 15: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

15 of 127 11/10/08 12:44

Se saa evt videre omkring ZFS

./Diskplads/VMware/nfs-01/index.php

Setup af den starter med en installation af det hele, og her er history fra starten:

root@nfs-01:/# history 1 cd space 2 mkdir vmware 3 cd vmware/ 4 mkdir vmware-solaris-tools 5 cd vmware-solaris-tools/ 6 /usr/sfw/bin/gtar xf /Desktop/vmware-solaris-tools.tar.gz 7 /usr/sfw/bin/gtar xzf /Desktop/vmware-solaris-tools.tar.gz 8 ls -l 9 cd vmware-tools-distrib/ 10 ls -l 11 ./vmware-install.pl 12 ./vmware-config-tools.pl --experimental 13 vmware-config-tools.pl --experimental 14 cd /space/vmware/vmware-solaris-tools/ 15 cd ./vmware-tools-distrib/ 16 vmware-config-tools.pl 17 /usr/bin/vmware-toolbox 18 ls 19 ls -l 20 top 21 svcs -a|grep webc 22 svcadm disable webconsole 23 svcs 24 svcs wbem 25 man wbem 26 svcadm wbem disable 27 svcadm disable wbem 28 history root@nfs-01:/#

Jeg har ogsaa lavet en ny /.bashrc, og en "Drawer" med en "Launcher" som kalder "xterm -bg red2 -e bash"

./Drift/Backup/Amanda/index.php

Amanda ved HSTHvor, hvem?Den koerer paa ran, som brugeren amanda:

root@ran:/home/amanda/HST# id amandauid=7014(amanda) gid=7014(amanda)

Adgang til severen

Der er en meget begraenset adgang til selve maskinen. Kun dem som i det daglige er involveret i backup-procedurerne har mulighed for at komme ind:

root@ran:/home/amanda/HST# grep \+ /etc/passwd +rod::::::+magnus::::::+henrik::::::+netsaint::::::+thk::::::+::::::/bin/false

Vedkommende har mulighed for sudo paa maskinen.

Der er ogsaa adgang via ssh fra [email protected], og som root via rsh fra aegir, soleus, tibialis og maximus. Dette skyldes den maade backuppen automatisk opdateresmed de nye bruger-filsystemer ved oprettelsen. [Dette boer nok revideres en dag...]

Den natlige backupDen natlige backup startes klokken 00:05 hver nat, alle aarets dage. Dette sker via cron:

root@ran:/home/amanda/HST# crontab -l amanda# Amanda for ikke-aegir hosts starter Thu Mar 3 23:30:18 MET 20055 0 * * * /pack/amanda-2.4.4p4/sbin/amdump HST#40 9 * * * /pack/amanda-2.4.4p4/sbin/amcheck -s -m HST#55 11 * * * /pack/amanda-2.4.4p4/sbin/amcheck -s -m HST0 14 * * * /pack/amanda-2.4.4p4/sbin/amcheck -s -m HST15 15 * * * /pack/amanda-2.4.4p4/sbin/amcheck -m HST15 21 * * * /pack/amanda-2.4.4p4/sbin/amcheck -m HST

Naar den er faerdig, sendes der en e-mail til den mailadresse som staar i konfigurationsfilen. Dette er faktisk en mailingliste:

root@ran:/home/amanda/HST# grep mailto amanda.confmailto "amanda" # space separated list of operators at your site

Den er som regel faerdig en gang om formiddagen, men vi har ogsaa vaeret udsat for at den foerst er "faerdig" naar der skiftes baand :-(

Automatisk baandskiftVi har en baandskifter med plads til 60 baand, delt paa 4 skuffer. Selve baandstationen er en LTO2 baandstation.

Det er kun root som har adgang til selve scsi-device'et, hvorfor det er cron for root som soerger for alt mht flytning af baand. Via cron, selvfoelgelig:

##################################################################################################29 13 * * * mt stat | /usr/ucb/Mail -s "HST_LTO2 mt stat, til at sparke til baandstationen 1" magnus30 13 * * * ( cd /pack/mtx-1.2.18rel/sbin && ./mtx -f /dev/scsi/changer/c3t6d0 status 2>&1 && \ ./mtx -f /dev/scsi/changer/c3t6d0 next 2>&1 && \ ./mtx -f /dev/scsi/changer/c3t6d0 status 2>&1 && sleep 60 && \ /opt/csw/bin/sudo -u amanda /pack/amanda-2.4.4p4/sbin/amcheck -s HST ) | \ /usr/ucb/Mail -s "HST_LTO2 Tape change and status" [email protected] 13 * * * mt stat | /usr/ucb/Mail -s "HST_LTO2 mt stat, til at sparke til baandstationen 2" magnus37 13 * * * mt stat | /usr/ucb/Mail -s "HST_LTO2 mt stat, til at sparke til baandstationen 3" magnus# Dette flytter alle baand til skuffe 1, til de laveste ledige pladser (var 5 10)40 13 * * * /home/amanda/bin/flyt_alle_brugte_baand_til_skuffe1.sh 2>&1 | \ /usr/ucb/Mail -s "HST_LTO2 Tape moved to tray 1" [email protected]## Dette script flytter alle de ubrugte baand til starten af skuffe 2, og soerger for at # det loadede baand kommer fra slot 15, som er det foerste i skuffe 2.#/home/amanda/bin/flyt_alle_ubrugte_baand_til_skuffe2.sh45 13 * * * /home/amanda/bin/flyt_alle_ubrugte_baand_til_skuffe2.sh 2>&1 | \ /usr/ucb/Mail -s "HST_LTO2 Tapes moved to start of tray 2" [email protected]###################################################################################################

Nogle gange oplever vi at den afbrydes selve backuppen, men dette har som regel ikke de store konsekvenser, da der nok er mere tilbage paa holding_disk end lige det som blevafbrudt. Og dette kan bare komme med ved en flush, eller simpelthen bare naeste nat. Backuppen spoerger for at flushe alle gamle backups paa holding_disk ud til baand ogsaa.

Flush, hvis et baand loeb fuldtHvis der ikke er plads paa et baand til hele nattens backup, vil der ligge data tilbage paa holding_disk. Dette skal man i oejeblikket flushe manuelt. For ikke at spilde formange baand, er en god ide at se efter hvor meget der ligger paa holding_disk, og kun lave en manuel flush hvis der er mere end et bestemt antal GB tilbage. Graensen kunnegaa ved 30-50GB?

Saadan ser man hvor meget der ligger tilbage:

root@ran:/home/amanda/HST# du -hs /holding_disk/holding_disk_2/2008* 64K /holding_disk/holding_disk_2/20081011 99G /holding_disk/holding_disk_2/20081012

Og faktisk er de 64K fra 10/11 bare et tomt directory. Det er ikke altid at den rydder op efter sig, hvis der har vaeret et fuld baand, saaledes at der er en flush somfaktisk har toemt directoriet. Men idet der er 99GB liggende fra 12/10, vil en manuel flush vaere paa sin plads her. Dette foregaar saadan:

Page 16: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

16 of 127 11/10/08 12:44

root@ran:/home/amanda/HST# sudo -u amanda /pack/amanda-2.4.4p4/sbin/amflush -b HST

Og naar der kommer en mail fra Amanda, om at denne flush er fuldfoert, saa skal man skifte til det naeste baand i raekkefoelgen:

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 next

Hvis ikke man laver en manuel flush, vil Amanda selv flushe den kommende nat, men saa er selvfoelgelig mindre plads tilbage paa baandet, og saa vil baandet hoest sandsynligtloebe fuldt der.....saa der er ingen vej udenom :-)

Typer af backupI gamle dage var alle backups en ren ufsdump. Men efter at vi gik over til ZFS, har vi vaeret noed til at gaa over til tar. Og da gnutar ikke forstaar ZFS, avr vi noed tilat lave en wrapper, som faar Amanda til at tro at gtar er gnutar, hvor det faktisk er et perl-script som jeg (Magnus) har skrevet. Dette script (/opt/csw/bin/gtar) kiggerpaa de options det kaldes med, regner ud hvad der egentlig oenskes, og soerger for at kalde Sun tar paa en maade som goer alle glade.

Scriptet soerger for at emulere ting saasom level 0, level 1 osv. Og det logger alt hvad det laver i syslog, saaledes at det er muligt at se hvad der er sket, i tilfaelde afat noget skulle gaa galt en dag. For at goere det nemmere, og mere sikekrt, at tage backup, soeger scriptet ogsaa for at tage et snapshot af det oenskede filsystem, og tagebackup af snapshottet, og ikke det aktive filsystem. Denne snapshot lever saa helt til naeste nat, saa en sideeffekt er, at vi kan finde filer fra snapshot, i tilfaelde afat nogen kommer til at slette en fil, og opdager det med det samme :-)

Der er stadig nogle faa ufsdump diske tilbage, men de er paa vej ud. Dog er / paa de fleste maskiner stadig UFS.

Antal baandAlle baand som bruges til Amanda skal have en amlabel. Derved sikres at de ikke bliver overskrevet udenfor raekkefoelge. Der er ogsaa fysiske labels, klistermaerker, paaalle baand, saaledes at baandstationen kan se hvilket band den har i hvilket slot. I /home/amanda/HST findes flere scripts som dokumenterer hvordan vi saetter amlabel paabaandene. Vi har udvidet antallet i flere omgange, og dette arbejde var selvfoelgelig automatiseret.

Alle baand som har faaet amlabel findes filen tapelist:

root@ran:/home/amanda/HST# wc -l tapelist 300 tapelist

I amanda.conf staar saa hvor mange baand den skal bruge i en hel runde:

root@ran:/home/amanda/HST# grep tapecycle amanda.conftapecycle 300 tapes # the number of tapes in rotation

De to tal vil under normale omstaendigheder passe med hinanden!

Hvilke diske tages der backup af?Alle de diske som den tager backup af er i filen /home/amanda/HST/disklist. Der er muligt at have kommentar, saaledes at man kan huske hvornaar hvad er kommet ind, oghvornaar det er taget ud. Hvis man vil.

I proceduren for nyoprettelse af brugere, der tilfoejer jeg linier efter en automatisk genereret kommentar:

# Nyoprettelse af mca guest Wed Oct 3 12:59:09 MEST 2007maximus /export/home/mca user-csw-tar-zfs# Nyoprettelse af zhy smi Sun Oct 7 22:40:44 MEST 2007maximus /export/home/zhy user-csw-tar-zfs

Udvikling af diskpladsJeg har lavet et smart script, som ser paa udviklingen over de sidste aar. Det antager at tapecycle IKKE overstiger en maaned, saaledes at vi indenfor hver maaned altid haren level 0 af alting.

root@ran:/home/amanda/HST# time ./statistik_over_samlet_plads_gnuplot.sh

real 0m14.361suser 0m14.490ssys 0m6.980s

Og her kan man se resultatet:

Diskforbruget over de sidste aar.

Det viser sig at pladsforbruget fordobles hvert aar. Om vi skal tage hoejde for dette med at lave en laengere tapecycle, eller andre tiltag....det er ikke afklaret endnu.Desto laengere der er imellem level 0 backup, desto stoerre bliver en level 1 sandsynligvis. Dog vil en level 1 saa kunne blive bumpet til level 2 osv, men den situation vilvi helst undgaa, da det saa bliver endnu mere arbejde at lave en restore.

gnuplot link: http://t16web.lanl.gov/Kawano/gnuplot/intro/index-e.html

./Drift/Backup/Amanda/HOWTO/index.php

AMANDA HOWTOHer ligger en rimelig omfattende manual til Amanda.

Den er hentet fra http://www.amanda.org/docs/AMANDA-HOWTO-Collection.pdf

Se ellers tekstfiler paa ran under /pack-local/amanda-2.4.4p4/share/amanda

-rw-r--r-- 1 root magnus 1381 Feb 25 2005 COPYRIGHT-rw-r--r-- 1 root magnus 2910 Feb 25 2005 COPYRIGHT-APACHE-rw-r--r-- 1 root magnus 525 Feb 25 2005 COPYRIGHT-REGEX-rw-r--r-- 1 root magnus 16480 Feb 25 2005 DUMPER-API-rw-r--r-- 1 root magnus 11828 Feb 25 2005 EXCLUDE-rw-r--r-- 1 root magnus 24662 Feb 25 2005 FAQ-rw-r--r-- 1 root magnus 331 Feb 25 2005 HOWTO-AFS-rw-r--r-- 1 root magnus 11138 Feb 25 2005 HOWTO-CYGWIN.html-rw-r--r-- 1 root magnus 14190 Feb 25 2005 HOWTO-FILE-DRIVER-rw-r--r-- 1 root magnus 11929 Feb 25 2005 INDEXING-rw-r--r-- 1 root magnus 14638 Feb 25 2005 INSTALL-rw-r--r-- 1 root magnus 10864 Feb 25 2005 INTERNALS-rw-r--r-- 1 root magnus 2872 Feb 25 2005 KERBEROS-rw-r--r-- 1 root magnus 1997 Feb 25 2005 LABEL.PRINTING-rw-r--r-- 1 root magnus 5427 Feb 25 2005 MULTITAPE-rw-r--r-- 1 root magnus 8623 Feb 25 2005 PORT.USAGE-rw-r--r-- 1 root magnus 4057 Feb 25 2005 RAIT-rw-r--r-- 1 root magnus 7600 Feb 25 2005 RESTORE-rw-r--r-- 1 root magnus 6541 Feb 25 2005 SAMBA-rw-r--r-- 1 root magnus 1933 Feb 25 2005 SECURITY-rw-r--r-- 1 root magnus 11816 Feb 25 2005 SYSTEM.NOTES-rw-r--r-- 1 root magnus 29010 Feb 25 2005 TAPE.CHANGERS-rw-r--r-- 1 root magnus 1382 Feb 25 2005 TAPETYPES-rw-r--r-- 1 root magnus 1930 Feb 25 2005 UPGRADE-rw-r--r-- 1 root magnus 2082 Feb 25 2005 VTAPE-API-rw-r--r-- 1 root magnus 17337 Feb 25 2005 WHATS.NEW-rw-r--r-- 1 root magnus 10210 Feb 25 2005 WISHLIST-rw-r--r-- 1 root magnus 288 Feb 25 2005 YEAR2000-rw-r--r-- 1 root magnus 3777 Feb 25 2005 ZFTAPE-rw-r--r-- 1 root magnus 10486 Feb 25 2005 chg-scsi.notes

...jeg skulle nok se paa /pack-local/amanda-2.4.4p4/libexec/chg-zd-mtx scriptet og se at faa det inkluderet i amanda setuppet, saaledes at vi ike manuelt skal til at skiftebaand hele tiden.

./Drift/Backup/Amanda/Restore/index.php

RestoreFor at lave restore af et filsystem, skal man for det foerste faa backup-filen fra baand og ind paa en server. Derefter er det naermest selvforklarende :-)

I backup-filen bruges den foerste block til at beskrive hvordan indholdet kan genskabes. Dette vises her:

Page 17: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

17 of 127 11/10/08 12:44

root@ran:/home/amanda/HST# dd if=/holding_disk/holding_disk_2/20081015/maximus._export_home_ts.1 \ bs=32k count=1 | stringsAMANDA: FILE 20081015 maximus /export/home/ts lev 1 comp N program /opt/csw/bin/gtarTo restore, position tape at start of file and run:dd if= bs=32k skip=1 | /opt/csw/bin/gtar -f... -1+0 records in1+0 records out

Her skal man saa bare vide at den "/opt/csw/bin/gtar" som amanda tror at man skal bruge, faktisk er Sun tar, som jo er den eneste som forstaar ZFS ACL'ere. Der hvor vi tagerbackup af ZFS, bruger vi et hjemmelavet perl-script, som lader som om den er /opt/csw/bin/gtar, men faktisk kalder Sun tar med de options som den skal have for at goere detsamme som gnutar.

En restore skal selvfoelgelig foretages til den rigtige server, eller som minimum til den rigtige filsystem type (her ZFS), da ACL'ere ellers ikke vil bliver genskabtrigtigt.

Men for at vise hvordan det virker kan vi noejes med at bruge tar paa ran, som godt kan vise de filer som er i et arkiv. Det viste arkiv er direkte fra holding_disk, altsaaFOER det kommer ud til baand.

root@ran:/home/amanda/HST# dd if=/holding_disk/holding_disk_2/20081015//maximus._export_home_ts.1 \ bs=32k skip=1 | tar tvf - -rw-r--r-- 11025/11025 131072 Oct 15 02:22 2008 ./.vacation.pag-rw------- 11025/11025 1327104 Oct 14 16:02 2008 ./.spamassassin/bayes_seen-rw------- 11025/11025 4096 Oct 15 04:28 2008 ./.spamassassin/auto-whitelist.dir-rw------- 11025/11025 5210112 Oct 14 22:01 2008 ./.spamassassin/bayes_toks-rw------- 11025/11025 13175 Oct 15 04:28 2008 ./.spamassassin/bayes_journal-rw------- 11025/11025 30829568 Oct 15 04:28 2008 ./.spamassassin/auto-whitelist.pag...[cut]...

Ved en "rigtig" restore skal man selvfoelgelig foerst hente filen ind fra baand. Enten ved at kopiere den ind paa en disk, og arbejde med den der, eller at brugeif=</dev/rmt/0cn> paa ran direkte, og sende outputtet over paa fx. maximus, hvor det bliver skrevet til et ZFS filsystem.

Restore af enkelte filerFoer man gaar i gangSom regel laver vi restore pga en henvendelse fra en bruger, som er kommet til at slette noget, overskrive noget, eller paa anden maade er kommet til at savne en fil.

De informationer som vi er noed til at have foer vi kan gaa i gang er:

Hvilken fil skal findes fra backup. Helst med korrekt case, hvis muligt.1.Fra hvilket tidspunkt. Og hvornaar er sandsynligt at den er blevet redigeret sidst.2.

Ud fra viden om hvilken fil vi skal lede efter, kan vi saa finde ud af hvilket fil-system den laa. Og ud fra viden om dato, kan vi begraense vores soegen i index-filerne.

Find filen i amandas indexHer leder vi efter noget som hedder noget med "spamassassin/bayes_seen", i index filerne for hele oktober 2008:

root@ran:/home/amanda/HST# gzgrep spamassassin/bayes_seen index/maximus/_export_home_tgn/200810* index/maximus/_export_home_tgn/20081001_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seen_NEW_BADindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seen.pagindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seen.dirindex/maximus/_export_home_tgn/20081010_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081011_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081012_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081013_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081014_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081015_1.gz:/.spamassassin/bayes_seen

Og man kan se at hvis det faktisk er .spamassassin/bayes_seen_NEW_BAD man er ude efter, saa findes den KUN paa level 0 fra 2/10-2008, og ikke paa nogle level 1 backups. Menhvis det er .spamassassin/bayes_seen man mangler, saa er nok at finde den fra den sidste level 1 backup, som her viser sig at vaere fra den 15/10-2008.

Ved saadan at soege i index foerst, vil man kunne se i hvilken periode filen er blevet taget backup af, og derved direkte finde den rigtige dato, eller tage speorgsmaalet opmed brugeren, hvis nu filen slet ikke var der paa den oenskede dato. (HUSK, at der tages kun backup af en fil hvis det er level 0, eller at filen er blevet aendret! Derforer vigtigt at hoere fra brugeren hvornaar de regner med at den sidst blev aendret.)

Find det/de baand som skal brugesHvis vi nu ved at vi skal finde bayes_seen filen fra backuppen fra natten til den 15/10, saa leder vi lige efter hvornaar denne backup kom ud til baand. Det goer vi ved atlede efter en SUCCESS fra taper programmet, i dagene lige efter den dato

root@ran:/home/amanda/HST# gzgrep "SUCCESS taper.*/tgn 20081015" log/log.200810*log/log.20081016.0:SUCCESS taper maximus /export/home/tgn 20081015 1 [sec 9.188 kb 212390 kps 23114.9 \ {wr: writers 6639 rdwait 0.534 wrwait 6.544 filemark 1.834}]

Vaer opmaerksom paa, at der kan godt vaere logfiler som hedder log.20081015.1, log.20081015.2 osv. Dette vil vaere tilfaeldet hvis der er flushet til flere baand den dag.Det er saa altsaa foerst den 16/10 at den kommer ud til baand. Og saa er bare at se hvilket baand den fundne log-fil daekkede over:

root@ran:/home/amanda/HST# gzgrep "START taper" log/log.20081016.0START taper datestamp 20081016 label HST361 tape 0

Og saa ved vi at vi skal finde baand HST361 frem :-)

Flere baand?

Hvis det er en enkelt fil man skal finde, saa vil altid vaere nok med eet baand. Men hvis det er en hel mappe, saa vil man sandsynligvis skulle finde den nyeste level 0,foer det oenskede tidspunkt, samt evt level 1, 2 osv, indtil den dato man vil genskabe. Eller en dato foer den dato, i tilfaelde af at filen ikke aendrer sig hele tiden,hvorfor den heller ikke tages backup af hele tiden. ....det er egentlig meget logisk, hvis man taenker efter :-)

Hvor er den paa baandet?Det naeste eksempel viser hvordan vi, uden at bruge amadmin kommandoen, kan se hvilken raekkefoelge vedkommende backup fik paa baandet. Dette er bare en simpel raekkefoelgei log-filen, og der kan vaere en blanding af gamle dumps som bliver flushet ud paa baand, og nye backups. Saa maa maa lige huske at se paa den dato som staar.

er ser vi faktisk at paa baandet fra natten til den 16. er to backups af home/tgn, den ene er taget den 15., og den anden den 16. Men de havner saa foerst paa baand den 16.begge to. Og i det eksempel som vi arbejder med her, er det saa fil nummer 104 vi skal have fat i paa baandet.

root@ran:/home/amanda/HST# cat log/log.20081016.0 |grep "SUCCESS taper"| cat -n|grep -w tgn 104 SUCCESS taper maximus /export/home/tgn 20081015 1 [sec 9.188 kb 212390 kps 23114.9 \ {wr: writers 6639 rdwait 0.534 wrwait 6.544 filemark 1.834}] 1423 SUCCESS taper maximus /export/home/tgn 20081016 1 [sec 8.380 kb 212410 kps 25346.8 \ {wr: writers 6639 rdwait 0.224 wrwait 7.565 filemark 0.360}]

Hvis den nyeste backup stadig er paa holding_disk?Hvis man nu ikke finder det man leder efter i log-filerne som en "taper" linie, saa er muligt at det skyldes at paagaeldende dump simpelthen ikke er kommet ud til baandendnu. Dette vil som regel kun vaere tilfaeldet hvis et baand er loebet fuldt, og der ikke er blevet foretaget en amflush.

Saadan kan man lede efter dumps paa holding disken(e) (se amanda.conf for at finde aktive holding diske):

root@ran:/home/amanda/HST# ls -l /holding_disk/holding_disk_2/*/*tgn*-rw------- 1 amanda amanda 217519616 Oct 15 06:57 \ /holding_disk/holding_disk_2/20081015/maximus._export_home_tgn.1

(Den opmaerksomme laeser vil nok se, at denne backup jo netop er den vi snakker om, som nu findes paa baand HST361. Den ovenstaaende ls kommando er koert foer den kom saalangt ;-) )

Dette skulle gerne give en rimelig ide om hvordan det haenger sammen.....

Faa det oenskede baand ind i baandrobottenMan kan saadan set saette de oenskede baand hvor som helst, men det er nok bedst at bruge skuffe 4, eller de to "Mail-slots" som man kan tilgaa uden at traekke en hel skuffeud. Paa den nedenstaaende oversigt kaldes de to slots "IMPORT/EXPORT".

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 status|head Storage Changer /dev/scsi/changer/c3t6d0:1 Drives, 59 Slots ( 2 Import/Export )Data Transfer Element 0:Full (Storage Element 15 Loaded):VolumeTag = HST361L1 Storage Element 1:Full :VolumeTag=HST354L1 Storage Element 2:Full :VolumeTag=HST355L1 Storage Element 3:Full :VolumeTag=HST356L1 Storage Element 4:Full :VolumeTag=HST357L1 Storage Element 5:Full :VolumeTag=HST358L1 Storage Element 6:Full :VolumeTag=HST359L1 Storage Element 7:Full :VolumeTag=HST360L1 Storage Element 8:Empty

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 status| tail

Page 18: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

18 of 127 11/10/08 12:44

Storage Element 50:Empty Storage Element 51:Empty Storage Element 52:Empty Storage Element 53:Empty Storage Element 54:Empty Storage Element 55:Empty Storage Element 56:Empty Storage Element 57:Empty Storage Element 58 IMPORT/EXPORT:Empty Storage Element 59 IMPORT/EXPORT:Empty

For at loade baandet i baandstationen bruges denne type kommando:

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 load 58

Hvis der allerede er et baand i, saa skal det lige unload'es foerst:

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 unload 15

Hvor 15 er det slot baandet kommer fra. Dette kan man se vha. status kommandoen, som vist ovenfor.

Find frem til det rigtige sted paa baandetFor at goere livet nemmere, og restore betydelig hurtigere, saa kan man manuelt spole frem til den fil man oensker. Et eksempel vises nedenunder.

Hvor er vi?

root@ran:/home/amanda/HST# mt statHP Ultrium LTO 2 tape drive: sense key(0x0)= No Additional Sense residual= 0 retries= 0 file no= 1 block no= 0

Dette baand er placeret paa fil nummer 1. Den foerste er nummer 0, og det er normalt at vaere placeret paa fil nummer 1, da amanda selv laeser den foerste fil (lavet afamlabel), for at se hvad baandet hedder.

Man finder ud af hvilket nummer den oenskede backup har paa baandet ved at bruge den metode som vises ovenfor. Hvis vi ved at det er fil nummer 104 vi skal frem til, saa kanman koere:

root@ran:/home/amanda/HST# mt fsf 103

som spoler frem over 103 file-marks, og placerer hovedet ved starten af fil 104. Derefter kan man saa enten bruge amrestore til at hente backup filen fra baandet, eller enren dd, hvor man saa bare skal huske at hoppe over den foerste block.

Lav restoreNu har vi saa det rigtige baand i, vi har spolet baandet hen til starten af den rigtige fil (dump/tar) og saa er det bare med at foretage den egentlige restore. Laeg maerketil at der er et . foran den path man ser i index filen! Det er altsaa ./.spamassassin/bayes_seen_NEW_BAD og ikke bare /.spamassassin/bayes_seen_NEW_BAD, som man skal bede om!

root@ran:/home/amanda/HST# \ /pack/amanda-2.4.4p4/sbin/amrestore -p /dev/rmt/0cn maximus /export/home/tgn \ > /restore/maximus_tgn_20081002_0.tarroot@maximus:/home/tgn/restore# scp ran:/restore/maximus_tgn_20081002_0.tar .root@maximus:/home/tgn/restore# tar Expf /restore/maximus_tgn_20081002_0.tar ./.spamassassin/bayes_seen_NEW_BAD

eller, hvis ACL ikke er saa vigtigt:

root@ran:/restore# \ /pack/amanda-2.4.4p4/sbin/amrestore -p /dev/rmt/0cn maximus /export/home/tgn |\ tar xvf - ./.spamassassin/bayes_seen_NEW_BADroot@maximus:/home/tgn/restore# scp ran:/restore/.spamassassin/bayes_seen_NEW_BAD .

Husk at staa et sted hvor du kan skrive filer! Og laeg maerke til at den opretter automatisk alle directories paa vej ind til den fil du finder fra backup. Men rettighederneer KUN korrekte paa den genskabte fil!!!

Goer klar til naeste backupOg man skal lige huske at saette det rigtige baand i igen bagefter!

Dette vil man nok goere saadan her:

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 unload 58root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 load 15

Restore af hele filsystemerHvis det er UFS, saa ser det ca. saadan ud:

/pack/amanda-2.4.4p4/sbin/amrestore -p /dev/rmt/0cn maximus /dev/md/dsk/d0

Hvis det er ZFS, saa er det praecis som ovenfor, bare uden at opgive et filnavn. Saa faar man som default det hele.

root@maximus:/home/tgn# rsh ran /pack/amanda-2.4.4p4/sbin/amrestore \ -p /dev/rmt/0cn maximus /export/home/tgn | tar Expf -

./Drift/Backup/Amanda/Restore/Uddybende_fifs/index.php

RestoreFor at lave restore af et filsystem, skal man for det foerste faa backup-filen fra baand og ind paa en server. Derefter er det naermest selvforklarende :-)

I backup-filen bruges den foerste block til at beskrive hvordan indholdet kan genskabes. Dette vises her:

root@ran:/home/amanda/HST# dd if=/holding_disk/holding_disk_2/20081015/maximus._export_home_ts.1 \ bs=32k count=1 | stringsAMANDA: FILE 20081015 maximus /export/home/ts lev 1 comp N program /opt/csw/bin/gtarTo restore, position tape at start of file and run:dd if= bs=32k skip=1 | /opt/csw/bin/gtar -f... -1+0 records in1+0 records out

Her skal man saa bare vide at den "/opt/csw/bin/gtar" som amanda tror at man skal bruge, faktisk er Sun tar, som jo er den eneste som forstaar ZFS. Der hvor vi tager backupaf ZFS, bruger vi et hjemmelavet perl-script, som lader som om den er /opt/csw/bin/gtar, men faktisk kalder Sun tar med de options som den skal have for at goere det sammesom gnutar.

En restore skal selvfoelgelig foretages til den rigtige server, eller som minimum til den rigtige filsystem type (her ZFS), da ACL'ere ellers ikke vil bliver genskabtrigtigt.

Men for at vise hvordan det virker kan vi noejes med at bruge tar paa ran, som godt kan vise de filer som er i et arkiv. Det viste arkiv er direkte fra holding_disk, altsaaFOER det kommer ud til baand.

root@ran:/home/amanda/HST# dd if=/holding_disk/holding_disk_2/20081015//maximus._export_home_ts.1 \ bs=32k skip=1 | tar tvf - -rw-r--r-- 11025/11025 131072 Oct 15 02:22 2008 ./.vacation.pag-rw------- 11025/11025 1327104 Oct 14 16:02 2008 ./.spamassassin/bayes_seen-rw------- 11025/11025 4096 Oct 15 04:28 2008 ./.spamassassin/auto-whitelist.dir-rw------- 11025/11025 5210112 Oct 14 22:01 2008 ./.spamassassin/bayes_toks-rw------- 11025/11025 13175 Oct 15 04:28 2008 ./.spamassassin/bayes_journal-rw------- 11025/11025 30829568 Oct 15 04:28 2008 ./.spamassassin/auto-whitelist.pag...[cut]...

Ved en "rigtig" restore skal man selvfoelgelig foerst hente filen ind fra baand. Enten ved at kopiere den ind paa en disk, og arbejde med den der, eller at brugeif=</dev/rmt/0cn> paa ran direkte, og sende outputtet over paa fx. maximus, hvor det bliver skrevet til et ZFS filsystem.

Restore af enkelte filer

Page 19: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

19 of 127 11/10/08 12:44

Foer man gaar i gangSom regel laver vi restore pga en henvendelse fra en bruger, som er kommet til at slette noget, overskrive noget, eller paa anden maade er kommet til at savne en fil.

De informationer som vi er noed til at have foer vi kan gaa i gang er:

Hvilken fil skal findes fra backup. Helst med korrekt case, hvis muligt.1.Fra hvilket tidspunkt. Og hvornaar er sandsynligt at den er blevet redigeret sidst.2.

Ud fra viden om hvilken fil vi skal lede efter, kan vi saa finde ud af hvilket fil-system den laa. Og ud fra viden om dato, kan vi begraense vores soegen i index-filerne.

Find filen i amandas indexHer leder vi efter noget som hedder noget med "spamassassin/bayes_seen", i index filerne for hele oktober 2008:

root@ran:/home/amanda/HST# gzgrep spamassassin/bayes_seen index/maximus/_export_home_tgn/200810* index/maximus/_export_home_tgn/20081001_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seen_NEW_BADindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seen.pagindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081002_0.gz:/.spamassassin/bayes_seen.dirindex/maximus/_export_home_tgn/20081010_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081011_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081012_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081013_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081014_1.gz:/.spamassassin/bayes_seenindex/maximus/_export_home_tgn/20081015_1.gz:/.spamassassin/bayes_seen

Og man kan se at hvis det faktisk er .spamassassin/bayes_seen_NEW_BAD man er ude efter, saa findes den KUN paa level 0 fra 2/10-2008, og ikke paa nogle level 1 backups. Menhvis det er .spamassassin/bayes_seen man mangler, saa er nok at finde den fra den sidste level 1 backup, som her viser sig at vaere fra den 15/10-2008.

Ved saadan at soege i index foerst, vil man kunne se i hvilken periode filen er blevet taget backup af, og derved direkte finde den rigtige dato, eller tage speorgsmaalet opmed brugeren, hvis nu filen slet ikke var der paa den oenskede dato. (HUSK, at der tages kun backup af en fil hvis det er level 0, eller at filen er blevet aendret! Derforer vigtigt at hoere fra brugeren hvornaar de regner med at den sidst blev aendret.)

Find det/de baand som skal brugesHvis vi nu ved at vi skal finde bayes_seen filen fra backuppen fra natten til den 15/10, saa leder vi lige efter hvornaar denne backup kom ud til baand. Det goer vi ved atlede efter en SUCCESS fra taper programmet, i dagene lige efter den dato

root@ran:/home/amanda/HST# gzgrep "SUCCESS taper.*/tgn 20081015" log/log.200810*log/log.20081016.0:SUCCESS taper maximus /export/home/tgn 20081015 1 [sec 9.188 kb 212390 kps 23114.9 {wr: \ writers 6639 rdwait 0.534 wrwait 6.544 filemark 1.834}]

Det er saa altsaa foerst den 16/10 at den kommer ud til baand. Og saa er bare at se hvilket baand den fundne log-fil daekkede over:

root@ran:/home/amanda/HST# gzgrep "START taper" log/log.20081016.0START taper datestamp 20081016 label HST361 tape 0

Og saa ved vi at vi skal finde baand HST361 frem :-) Som et eksempel viser vi hvordan vi leder efter de rigtige baand for restore af data som blev slettet fra homedir forbrugeren "tgn". (Ikke fordi Thomas plejer at slette sine filer, men nogen skulle vi da proeve med...)

Det er ret hurtigt at faa at vide hvilke levels er aktive for vedkommende, og hvor man skal finde dem:

root@ran:/home/amanda/HST# time sudo -u amanda \ /pack/amanda-2.4.4p4/sbin/amadmin HST info maximus /export/home/tgn

Current info for maximus /export/home/tgn: Stats: dump rates (kps), Full: 8586.0, 9423.0, 9314.0 Incremental: 4007.0, 3931.0, 4003.0 compressed size, Full: -100.0%,-100.0%,-100.0% Incremental: -100.0%,-100.0%,-100.0% Dumps: lev datestmp tape file origK compK secs 0 20081002 HST344 41 43044791 43044790 5013 1 20081015 0 212390 212389 53

real 0m0.573suser 0m0.480ssys 0m0.060s

Vi kan se at der er kun level 0 og level 1 som er i brug, og at level 0 (full backup) findes paa baand HST344, fil nummer 41 paa baandet. Og level 1 findes....ikke paabaand.... Dette skyldes at dette er backuppen fra i dag, og der var ikke plads paa det foerste baand. Derfor er den stadig paa holding disken.

Man kan ogsaa se status for alle baand, mht det paagaeldende filsystem, men det tager betydelig laengere tid med de normale kommandoer:

root@ran:/home/amanda/HST# time sudo -u amanda \ /pack/amanda-2.4.4p4/sbin/amadmin HST find maximus /export/home/tgn...[cut]...2008-09-22 maximus /export/home/tgn 1 HST330 87 OK2008-09-23 maximus /export/home/tgn 1 HST331 100 OK2008-09-24 maximus /export/home/tgn 1 HST332 1440 OK2008-09-25 maximus /export/home/tgn 1 HST333 1493 OK2008-09-26 maximus /export/home/tgn 1 HST334 1057 OK2008-09-27 maximus /export/home/tgn 1 --- 0 FAILED (driver) [no more holding disk space]2008-09-28 maximus /export/home/tgn 1 HST339 8 OK2008-09-29 maximus /export/home/tgn 1 HST340 115 OK2008-09-30 maximus /export/home/tgn 1 HST341 368 OK2008-10-01 maximus /export/home/tgn 1 HST343 71 OK2008-10-02 maximus /export/home/tgn 0 HST344 41 OK2008-10-03 maximus /export/home/tgn 1 --- 0 FAILED (driver) [no more holding disk space]2008-10-04 maximus /export/home/tgn 1 HST348 97 OK2008-10-05 maximus /export/home/tgn 1 HST348 1427 OK2008-10-06 maximus /export/home/tgn 1 HST351 80 OK2008-10-07 maximus /export/home/tgn 1 HST352 306 OK2008-10-08 maximus /export/home/tgn 1 HST353 1381 OK2008-10-09 maximus /export/home/tgn 1 HST355 9 OK2008-10-10 maximus /export/home/tgn 1 HST355 1433 OK2008-10-11 maximus /export/home/tgn 1 HST356 154 OK2008-10-12 maximus /export/home/tgn 1 HST358 7 OK2008-10-13 maximus /export/home/tgn 1 HST358 1703 OK2008-10-14 maximus /export/home/tgn 1 HST360 120 OK2008-10-15 maximus /export/home/tgn 1 \ /holding_disk/holding_disk_2/./20081015/maximus._export_home_tgn.1 0 OK

real 6m58.257suser 6m40.680ssys 0m3.630s

Til gengaeld ser man saa direkte der hvor filen ligger paa holding disk.

Alt dette kan ses ved at checke log-filerne i /home/amanda/HST/log, og ved at undersoege holding disken. I det naeste afsnit ser vi hvordan vi leder lidt hurtigere end selveamadmin kan.

Informationer i log-filerneFoerst kan man se efter om der ER noget omkring vedkommende i en logfil fra en given dato. Her ser vi efter om der er noget fra "tgn" i backuppen fra natten TIL 20081015.(Det er vigtigt at huske, at backuppen starter lige efter midnat, og derfor er der et tids-stempel som betyder "natten til ...". Denne log-fil viser derfor hvilke filer dereksisterede den 14/10-2008, og ikke hvilke var der den 15.

Faktisk viser nedenstaaende at denne nat blev der flushet data fra dagen foer ogsaa. Dette ses af at taper koerer foerst en level 1 fra 20081014 ud paa baand, ogefterfoelgende kommer en dumper som dumper data fra disk til holding_disk. Vi kan ogsaa regne ud, at denne nat kom backuppen for tgn IKKE ud paa baand, da vi saa havde seten taper for data fra 20081015.

root@ran:/home/amanda/HST# grep -w tgn log/log.20081015.0 DISK planner maximus /export/home/tgnDISK planner maximus /export/home/tgnSUCCESS taper maximus /export/home/tgn 20081014 1 [sec 8.333 kb 212275 kps 25471.7 \ {wr: writers 6635 rdwait 0.872 wrwait 6.314 filemark 0.870}]SUCCESS dumper maximus /export/home/tgn 20081015 1 [sec 52.756 kb 212389 kps 4025.9 orig-kb 212390]

Det naeste eksempel viser hvordan vi, uden at bruge amadmin kommandoen, kan se hvilken raekkefoelge vedkommende backup fik paa baandet. Dette er bare en simpel raekkefoelgei log-filen, og der kan vaere en blanding af gamle dumps som bliver flushet ud paa baand, og nye backups. Saa maa maa lige huske at se paa den dato som staar. Nedenunder servi faktisk at paa baandet fra natten til 15/10-2008 har vi en level 1 backup af tgn fra natten til den 14/10-2008! Dette er altsaa de data som laa der den 13/10, med mindrehan lige slettede noget der om aftenen....

root@ran:/home/amanda/HST# cat log/log.20081015.0 |grep "SUCCESS taper"| cat -n|grep -w tgn 120 SUCCESS taper maximus /export/home/tgn 20081014 1 [sec 8.333 kb 212275 kps 25471.7 \ {wr: writers 6635 rdwait 0.872 wrwait 6.314 filemark 0.870}]

Naar vi saa har fundet den rigtige "dump" i log-filerne, saa skal vi lige vide hvilket baand det nu ligger paa.

root@ran:/home/amanda/HST# cat log/log.20081015.0 |grep "START taper"START taper datestamp 20081015 label HST360 tape 0

Vaer opmaerksom paa, at der kan godt vaere logfiler som hedder log.20081015.1, log.20081015.2 osv. Dette vil vaere tilfaeldet hvis der er flushet til flere baand den dag.

Hvis den nyeste backup stadig er paa holding_disk?

Page 20: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

20 of 127 11/10/08 12:44

Hvis man nu ikke finder det man leder efter i log-filerne som en "taper" linie, saa er muligt at det skyldes at paagaeldende dump simpelthen ikke er kommet ud til baandendnu. Dette vil som regel kun vaere tilfaeldet hvis et baand er loebet fuldt, og der ikke er blevet foretaget en amflush.

Saadan kan man lede efter dumps paa holding disken(e) (se amanda.conf for at finde aktive holding diske):

root@ran:/home/amanda/HST# ls -l /holding_disk/holding_disk_2/*/*tgn*-rw------- 1 amanda amanda 217519616 Oct 15 06:57 \ /holding_disk/holding_disk_2/20081015/maximus._export_home_tgn.1

Dette skulle gerne give en rimelig ide om hvordan det haenger sammen.....

Faa det ind i baandrobottenMan kan saadan set saette de oenskede baand hvor som helst, men det er nok bedst at bruge skuffe 4, eller de to "Mail-slots" som man kan tilgaa uden at traekke en hel skuffeud. Paa den nedenstaaende oversigt kaldes de to slots "IMPORT/EXPORT".

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 status|head Storage Changer /dev/scsi/changer/c3t6d0:1 Drives, 59 Slots ( 2 Import/Export )Data Transfer Element 0:Full (Storage Element 15 Loaded):VolumeTag = HST361L1 Storage Element 1:Full :VolumeTag=HST354L1 Storage Element 2:Full :VolumeTag=HST355L1 Storage Element 3:Full :VolumeTag=HST356L1 Storage Element 4:Full :VolumeTag=HST357L1 Storage Element 5:Full :VolumeTag=HST358L1 Storage Element 6:Full :VolumeTag=HST359L1 Storage Element 7:Full :VolumeTag=HST360L1 Storage Element 8:Empty

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 status| tail Storage Element 50:Empty Storage Element 51:Empty Storage Element 52:Empty Storage Element 53:Empty Storage Element 54:Empty Storage Element 55:Empty Storage Element 56:Empty Storage Element 57:Empty Storage Element 58 IMPORT/EXPORT:Empty Storage Element 59 IMPORT/EXPORT:Empty

For at loade baandet i baandstationen bruges denne type kommando:

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 load 58

Hvis der allerede er et baand i, saa skal det lige unload'es foerst:

root@ran:/home/amanda/HST# /pack/mtx-1.2.18rel/sbin/mtx -f /dev/scsi/changer/c3t6d0 unload 15

Hvor 15 er det slot baandet kommer fra. Dette kan man se vha. status kommandoen, som vist ovenfor.

Og man skal lige huske at saette det rigtige baand i igen bagefter!

Find det rigtige sted paa baandetFor at goere livet nemmere, og restore betydeliiig hurtigere, saa kan man manuelt spole frem til den fil man oensker. Et eksempel vises nedenunder.

Hvor er vi?

root@ran:/home/amanda/HST# mt statHP Ultrium LTO 2 tape drive: sense key(0x0)= No Additional Sense residual= 0 retries= 0 file no= 1 block no= 0

Dette baand er placeret paa fil nummer 1. Den foerste er nummer 0, og det er normalt at vaere placeret paa fil nummer 1, da amanda selv laeser den foerste fil (lavet afamlabel), for at se hvad baandet hedder.

Man finder ud af hvilket nummer den oenskede backup har paa baandet ved at bruge den metode som vises ovenfor. Hvis vi ved at det er fil nummer 120 vi skal frem til, saa kanman koere:

root@ran:/home/amanda/HST# mt fsf 119

som spoler frem over 119 file-marks, og placerer hovedet ved starten af fil 120. Derefter kan man saa enten bruge amrestore til at hente backup filen fra baandet, eller enren dd, hvor man saa bare skal huske at hoppe over den foerste block.

Lav restoreNu har vi saa det rigtige baand i, vi har spolet baandet hen til starten af den rigtige fil (dump/tar) og saa er det bare med at foretage den egentlige restore. Laeg maerketil at der er et . foran den path man ser i index filen! Det er altsaa ./.spamassassin/bayes_seen_NEW_BAD og ikke bare /.spamassassin/bayes_seen_NEW_BAD, som man skal bede om!

root@ran:/home/amanda/HST# \ /pack/amanda-2.4.4p4/sbin/amrestore -p /dev/rmt/0cn maximus /export/home/tgn \ > /restore/maximus_tgn_20081002_0.tarroot@maximus:/home/tgn/restore# scp ran:/restore/maximus_tgn_20081002_0.tar .root@maximus:/home/tgn/restore# tar Expf /restore/maximus_tgn_20081002_0.tar ./.spamassassin/bayes_seen_NEW_BAD

eller, hvis ACL ikke er saa vigtigt:

root@ran:/restore# \ /pack/amanda-2.4.4p4/sbin/amrestore -p /dev/rmt/0cn maximus /export/home/tgn |\ tar xvf - ./.spamassassin/bayes_seen_NEW_BADroot@maximus:/home/tgn/restore# scp ran:/restore/.spamassassin/bayes_seen_NEW_BAD .

Husk at staa et sted hvor du kan skrive filer!

Restore af hele filsystemerHvis det er UFS, saa ser det ca. saadan ud:

/pack/amanda-2.4.4p4/sbin/amrestore -p /dev/rmt/0cn maximus /dev/md/dsk/d0

Hvis det er ZFS, saa er det praecis som ovenfor, bare uden at opgive et filnavn. Saa faar man som default det hele.

root@maximus:/home/tgn# rsh ran /pack/amanda-2.4.4p4/sbin/amrestore \ -p /dev/rmt/0cn maximus /export/home/tgn | tar Expf -

./Drift/Backup/Amanda/Restore_efter_nedbrud/index.php

Restore efter et nedbrudDenne tekst skal nok skrives ud og gemmes et sikkert sted ;-) Hvis det store uheld skulle falde over os, saaledes at vi skulle starte helt forfra paa en ny filserver, saahar vi en vigtig opgave at gaa i gang med.

Skaf en ny filseverVi har en resserve-server over i E-maskinstuen. Den har et OS, og en stor zpool, som godt kan skrottes i tilfaelde af en krise.

Check status paa de fysiske diskeHvis diskene fra den gamle er ubeskadiget, er muligt at flytte dem fysisk over i resserve-serveren, og koere en zpool import der. Hvis den finder data paa dem, saa vil denmounte det hele, og soerge for at share'e alle filsystemer osv. Her ville det nok vaere nemmest bare at overtage ip-nummeret fra den gamle server og koere videre somingenting var haendt.

I denne sammenhaeng er vigtigt at vide at systemdiskene sidder i faste slots, nemlig c5t0 og c5t4:

Page 21: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

21 of 127 11/10/08 12:44

root@maximus:/# metastat -pd6 -m d22 d7 1d22 1 1 c5t4d0s5d7 1 1 c5t0d0s5d0 -m d12 d11 1d12 1 1 c5t4d0s0d11 1 1 c5t0d0s0d3 -m d4 d5 1d4 1 1 c5t0d0s1d5 1 1 c5t4d0s1

Efter de sidste aendringer ser verden saadan ud:

root@maximus:/# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTz1 3.62T 3.45T 174G 95% ONLINE -z2 1.36T 558G 834G 40% ONLINE -z3 928G 703G 225G 75% ONLINE -z4 2.72T 534G 2.20T 19% ONLINE -zzones 1.36T 662M 1.36T 0% ONLINE -

root@maximus:/# zpool status pool: z1 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z1 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t1d0 ONLINE 0 0 0 c1t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t1d0 ONLINE 0 0 0 c5t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t1d0 ONLINE 0 0 0 c7t1d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t0d0 ONLINE 0 0 0 c1t0d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c6t5d0 ONLINE 0 0 0 c7t5d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t7d0 ONLINE 0 0 0 c4t5d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t0d0 ONLINE 0 0 0 c6t0d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t6d0 ONLINE 0 0 0 c7t6d0 ONLINE 0 0 0 spares c5t6d0 AVAIL

errors: No known data errors

pool: z2 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z2 ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t3d0 ONLINE 0 0 0 c6t3d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t3d0 ONLINE 0 0 0 c7t3d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t3d0 ONLINE 0 0 0 c5t3d0 ONLINE 0 0 0 spares c7t7d0 AVAIL

errors: No known data errors

pool: z3 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z3 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t4d0 ONLINE 0 0 0 c6t4d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c5t5d0 ONLINE 0 0 0 c7t4d0 ONLINE 0 0 0 spares c0t7d0 AVAIL

errors: No known data errors

pool: z4 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z4 ONLINE 0 0 0 raidz2 ONLINE 0 0 0 c0t4d0 ONLINE 0 0 0 c1t4d0 ONLINE 0 0 0 c4t6d0 ONLINE 0 0 0 c5t7d0 ONLINE 0 0 0 c6t6d0 ONLINE 0 0 0 c7t0d0 ONLINE 0 0 0

errors: No known data errors

pool: zzones state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM zzones ONLINE 0 0 0 mirror ONLINE 0 0 0 c0t2d0 ONLINE 0 0 0 c5t2d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c1t2d0 ONLINE 0 0 0 c6t2d0 ONLINE 0 0 0 mirror ONLINE 0 0 0 c4t2d0 ONLINE 0 0 0 c7t2d0 ONLINE 0 0 0

errors: No known data errors

saa man kan se at det er muligt at proeve med en af de smaa pools foerst, og se om de kan importeres, og saa lade de smaa glaeder give mod til at se om z1 kan reddes...

Restore af hele filsystemerHvis det er UFS, saa ser det ca. saadan ud:

/pack/amanda-2.4.4p4/sbin/amrestore -p /dev/rmt/0cn maximus /dev/md/dsk/d0

Hvis det er ZFS, saa er det praecis som ovenfor, bare uden at opgive et filnavn. Saa faar man som default det hele.

Page 22: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

22 of 127 11/10/08 12:44

root@maximus:/home/tgn# rsh ran /pack/amanda-2.4.4p4/sbin/amrestore \ -p /dev/rmt/0cn maximus /export/home/tgn | tar Expf -

For ZFS gaelder jo at det drejer sig om mange filsystemer....saa et script ville vaere paa sin plads. Saadan et script eksisterer ikke i oejeblikket, men det er nok en ideat se at faa saadan et skrevet. Det kan jo som udgangspunkt bruge disklist filen, hvorefter der skal findes den nyeste level 0, den nyeste level 1 osv., for hvert filsystem.

Hvis alt gaar galtJeg arbejder paa et script kaldt ran:/home/amanda/HST/log/totalrestore_test.sh Dette skal videreudvikles til at generere et script som output, som kan kopieres i sikkerhedhver morgen, efter at backuppen er faerdig. Og igen om eftermiddagen, naar vi maaske har faaet toemt en skuffe i baandstationen. Dette script skal kunne lave to versioner.Den ene som gaar ud fra at vi har alle baand tilgaengelige, og et andet som soerger for IKKE at bruge baand som den ved at ikke er i sikkerhed i brandskabet. Det er baandsom er i baandstationen jo ikke....

Saadan ser det ud, som eksempel:

root@ran:/home/amanda/HST/log# ./totalrestore_test.sh | tailif [ -d /export/home/LSR_Images24 ]; cd /export/home/LSR_Images24; else zfs create z1/home/.../LSR_Images24; cd /export/home/LSR_Images24; fiamrestore maximus /export/home/LSR_Images24 | LANG=da_DK.UTF-8 tar Expf - 2>&1 >totalrestore_LSR_Images24.log# maximus /export/home/jsm 1 HST365 712 3.009 10mt fsf 1if [ -d /export/home/jsm ]; cd /export/home/jsm; else zfs create z1/home/.../jsm; cd /export/home/jsm; fiamrestore maximus /export/home/jsm | LANG=da_DK.UTF-8 tar Expf - 2>&1 >totalrestore_jsm.logTape HST365, med 19/228/ 1 filsystemer tog 56 minutter og fylder 90 GB======================

Der bruges 39 baand med 1390/397/ 3 filsystemer og det tager min. 48 timer til restore af 4456 GBroot@ran:/home/amanda/HST/log#

Dette er en prototype! Men det viser os dog den interressante information, at i best-case vil det tage 2 doegn at spole alt ind fra baand igen. Og saa er ikke taget hoejdefor den tid det tager at skifte baand, spole baandet, lave zfs filsystemer osv.

I den faerdige udgave, saa skal der ogsaa vaere kode til at lave de zfs ting som er en forudsaetning for at resten giver mening. Saaledes at vi kan starte paa en helt frisk.Evt med en frisk installeret Solaris 10, paa en noed-disk til Thumperen.

Men vi regner jo ogsaa med at det hele er paa den anden Thumper, evt som mirror, saa det skal gaa virkelig, virkelig gruelig galt, foer vi faar brug for at hente alting indfra baand igen!!!

./Drift/Backup/ran/index.php

Klokken lidt i 10 om formiddagen, er er den i fuld gang med noget:

Memory: 4096M real, 3039M free, 887M swap in use, 10G swap free

PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND 326 amanda 1 44 2 39M 38M cpu3 122:27 25.00% amtrmidx 1998 root 1 59 0 1712K 1304K cpu0 0:00 0.10% top

root@ran:/home/amanda/HST# ptree 326336 /usr/sbin/cron 22371 sh -c /pack/amanda-2.4.4p4/sbin/amdump HST 22384 /bin/sh /pack/amanda-2.4.4p4/sbin/amdump HST 326 /pack/amanda-2.4.4p4/libexec/amtrmidx HST

root@ran:/home/amanda/HST/index/tibialis# truss -f -p 326326: write(10, " m a x i m u s / e x p".., 29) = 29326: open("/pack/amanda-2.4.4p4/etc/amanda/HST/index/maximus/_export_home_josienn/", O_RDONLY|O_NDELAY|O_LARGEFILE) = 4326: fstat64(4, 0xFFBFFC38) = 0326: fcntl(4, F_SETFD, 0x00000001) = 0326: getdents64(4, 0x0249F2F0, 8192) = 4624326: getdents64(4, 0x0249F2F0, 8192) = 0326: close(4) = 0[nogle sekunders ventetid]326: write(10, " m a x i m u s / e x p".., 25) = 25326: open("/pack/amanda-2.4.4p4/etc/amanda/HST/index/maximus/_export_home_lfj/", O_RDONLY|O_NDELAY|O_LARGEFILE) = 4326: fstat64(4, 0xFFBFFC38) = 0326: fcntl(4, F_SETFD, 0x00000001) = 0326: getdents64(4, 0x0249F2F0, 8192) = 4624326: getdents64(4, 0x0249F2F0, 8192) = 0326: close(4) = 0

Dette er maaske interressant at se paa en dag. Men jeg tror at det er helt normalt. Jeg tror at den laver index filer. Se evt/tmp/amanda_on_ran/amtrmidx.20071021075126.debug eller lignende.

./Drift/Backup/index.php

Backup ved HSTHer samler vi information om backup ved HST. Baade det backupsystem vi bruger, den server vi bruger, og andre features som vi udnytter.

Vi bruger Amanda som backupsystem. Et aabent og fleksibelt system, som soerger for at der tages en blanding af fuld-backup og inkremental-backup af de oenskede filsystemerpaa en fastsat rotation af baand.

I oejeblikket koerer vi backup paa ran. Det er en gammel E450 server med 4 CPUere og 4GB RAM. Den ser ud til at klare opgaven meget godt, men den er maaske en anelse forstor og stroemkraevende. Ideen oprindelig var nok at udnytte al den plads som er til diske inde i maskinen som holding_disk plads. Men det er vist smaating den kan have,efter dagens standarder. Nu koerer vores holding_disk paa 500GB paa SATABoy via FibreChannel.

./Drift/Backup/ZFS/index.php

ZFS i forbindelse med backupHer ville jeg bare huske at notere, at vi bruger snapshots til zfs paa maximus naar vi tager backup.

Faktisk er hele backup-maaden paa maximus hjemmelavet. Da vi vil tage backup af zfs, og dens ACLere, saa nytter ikke noget at bruge gtar. Men det er det eneste som amandakan. Saa vi snyder den bare. Vi lader den bruge en gtar som er et perl-script som soerger for at lave options til gtar om til options til Sun tar. Den kan nemlig tage backupaf zfs :-)

Naar den tager backup, saa tager den foerst et snapshot, hvorefter den tager backup af denne snapshot. Saa ved vi at alt er i ro :-)

Teknikken bagPaa de maskiner som der tages backup af ZFS, har je gsnydt med foelgende:

root@tibialis:/z3/var_mail# ls -l /opt/csw/bin/gtar*-rwxr-xr-x 1 root root 12783 Dec 20 2006 /opt/csw/bin/gtar-rwxr-xr-x 1 root bin 553364 Jul 26 2006 /opt/csw/bin/gtar.csw

Den amanda som bruges, forventer nemlig at gtar findes der.

./Drift/Backup/Baand/index.php

Baand til HST Amanda backup: FAQHvis et baand gaar i stykkerFoerst maa man tage det defekte baand ud, og erstatte med et helt nyt et. Hvis man er meget forsigtig, saa kan man godt faa den gamle label af, og saette paa det nye baand.

Saa skal der Amanda label paa. Den kan ike komem paa foer man har fjernet det defekte baand fra tapelist filen:

root@ran:/space/home/edb/amanda/HST# diff tapelist.magnus-080713-11:14 tapelist300d299< 20071126 HST531 reuse

Page 23: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

23 of 127 11/10/08 12:44

Og saa er den klar til at faa en Amanda label paa:

root@ran:/space/home/edb/amanda/HST# time sudo -u amanda /pack/amanda-2.4.4p4/sbin/amlabel HST HST531rewinding, reading label, not an amanda taperewinding, writing label HST531, checking label, done.

real 0m17.799suser 0m0.100ssys 0m0.050s

Og vi kan se at det nye baand bare kommer ind i toppen af tapelist:

root@ran:/space/home/edb/amanda/HST# diff tapelist.magnus-080713-11:14 tapelist0a1> 0 HST531 reuse300d300< 20071126 HST531 reuse

Vi checker:

root@ran:/space/home/edb/amanda/HST# time sudo -u amanda /pack/amanda-2.4.4p4/sbin/amcheck -s HSTAmanda Tape Server Host Check-----------------------------Holding disk /holding_disk/holding_disk_2/.: 11792824 KB disk space available, using 10769848 KBNOTE: skipping tape-writable testTape HST531 label okServer check took 0.793 seconds

(brought to you by Amanda 2.4.4p4)

real 0m1.167suser 0m0.260ssys 0m0.490s

Og saa skulle den vaere klar til en flush af det som blev holdt tilbage pga. denne fejl:

root@ran:/space/home/edb/amanda/HST# sudo -u amanda /pack/amanda-2.4.4p4/sbin/amflush -b HSTScanning /holding_disk/holding_disk_2/.... RESTORE: skipping cruft directory, perhaps you should delete it. 20080704: found Amanda directory. 20070605.test: skipping cruft directory, perhaps you should delete it. 20080625: found Amanda directory. 20080713: found Amanda directory. 20080712: found Amanda directory.Running in background, you can log off now.You'll get mail when amflush is finished.

Kogning af baandspaghetti3 ubrugte baand1 brugt baand2 tsk salt300g kirsebaer400g solbaer

Koges op og smides ud :-(

./Drift/index.php

./Drift/Rullevogn/index.php

Det er vigtigt at koere forsigtigt med rullevognen.

Vi skal have en plantekasse til den.

./Drift/SunRay/index.php

./Drift/SunRay/utadm/index.php

For at faa studnettet paaDet var jo lidt traels da kolga gik ud af drift, da ingen paa studnettet aabenbart ku' ku'...

root@gracilis:~# /opt/SUNWut/sbin/utadm -lLAN connections: OffSubnetwork: 10.36.0.0 Interface= e1000g1 (10.36.15.1) Netmask= 255.255.0.0 Broadcast= 10.36.255.255 Router= 10.36.15.1 AuthSrvr= 10.36.15.1 AltAuth= 10.36.15.1 255.255.255.255 FirmwareSrvr= 10.36.15.1 NewTver= 3.1_32,REV=2005.08.24.08.55 IP assignment= 3/200 (10.36.15.16)

root@gracilis:~# /opt/SUNWut/sbin/utadm -A 10.8.13.0 Selected values for subnetwork "10.8.13.0" net mask: 255.255.255.0 no IP addresses offered auth server list: 130.225.49.73 firmware server: 130.225.49.73 Accept as is? ([Y]/N): y

### Configuring firmware version for Sun Ray All the units served by "gracilis.hst.aau.dk" on the 10.8.13.0 network interface, running firmware other than version "3.1_32,REV=2005.08.24.08.55" will be upgraded at their next power-on.

### Configuring Sun Ray Logging Functions### Turning on Sun Ray LAN connection

NOTE: utrestart must be run before LAN connections will be allowed

root@gracilis:~#

Fra man-siden til utrestart:

DESCRIPTION The utrestart command is used for resetting and restarting Sun Ray services. It replaces the utpolicy -i option which has been deprecated in 2.0.

utrestart can only be run by the super-user.

The utrestart command without options causes a "warm" res- tart: Sun Ray services are restarted and existing sessions are preserved.

Page 24: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

24 of 127 11/10/08 12:44

OPTIONS The following options are supported.

-c Restarts Sun Ray services. Sessions will be lost.

Og saa kaster vi os ud i det :-)

root@gracilis:~# time /opt/SUNWut/sbin/utrestartA warm restart has been initiated... messages will be logged to /var/opt/SUNWut/log/messages.

real 0m5.435suser 0m0.056ssys 0m0.354s

Alt gaar ligesom lidt i sort i op til 1 minut. Men saa er alle sessions tilbage, med screen-lock paa.

./Solaris_Stuff/10/index.php

./Solaris_Stuff/10/TCP_Wrappers/index.php

Enable TCP Wrappers

Se mere info her:

http://www.securitydocs.com/library/3282

For at enable tcp_wrappers for alt skriv :

root@typo3:~# inetadm -M tcp_wrappers=true

For at enable tcp_wrappers for en ting f.eks. telnet skriv:

root@typo3:~# inetadm -m telnet tcp_wrappers=TRUE

Reload inetd bagefter

root@typo3:~# svcadm refresh inetd

Opret hosts.allow og hosts.deny

Opret hosts.allow og hosts.deny under /etc (HUSK: De skal måske også oprettes under /opt/csw/etc hvis wrapperne skal bruges af noget installeret med blastwave)

/etc/hosts.allow

root@typo3:~# cat /etc/hosts.allowsshd: [email protected]: [email protected], root@aegir, [email protected]: [email protected], root@aegir#in.rexecd: [email protected], root@argir

Denne hosts.allow tillader kun rsh og rlogin. Klik her for mere information

/etc/hosts.deny

root@typo3:~# cat /etc/hosts.deny ALL: ALL@ALL

Tjek at det virker med:

root@tibialis:/# /usr/sbin/inetadm -l shell:defaultSCOPE NAME=VALUEname="shell"endpoint_type="stream"proto="tcp6only,tcp"isrpc=FALSEwait=FALSEexec="/usr/sbin/in.rshd"user="root"default bind_addr=""default bind_fail_max=-1default bind_fail_interval=-1default max_con_rate=-1default max_copies=-1default con_rate_offline=-1default failrate_cnt=40default failrate_interval=60default inherit_env=TRUEtcp_trace=TRUEtcp_wrappers=TRUEroot@tibialis:/#

./Solaris_Stuff/10/TCP_Wrappers/Tabel/index.php

/home/thk/tcp_wrapper

Navnet paa venstre side af / er navnet i hosts.xxxxx og det andet er navnet i inetd

Begge navne kan findes med f.eks:

thk@gracilis:~# inetadm -l shell:default

in.rshd/shell:default in.rlogind/rlogin

rsh X X

rlogin X

rsh X date X

./Solaris_Stuff/10/Patches/index.php

Page 25: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

25 of 127 11/10/08 12:44

root@multimus01:/space/install# ls -l reg.profile -rw-r--r-- 1 root root 165 Jul 11 11:52 reg.profile

root@multimus01:/space/install# time sconadm register -a -r reg.profileThe file permission of reg.profile must be either 400 or 600

real 0m0.054suser 0m0.008ssys 0m0.020sroot@multimus01:/space/install# chmod 400 reg.profile root@multimus01:/space/install# time sconadm register -a -r reg.profilesconadm is runningAuthenticating user ...failed registration!

real 0m18.202suser 0m6.015ssys 0m0.739s

Det er da traels.

PCASaa var paa tide at give op. Nu bruger jeg et system kald PCA.

root@tibialis:/space/install# time ./pca.pl -i 2>&1 | tee pca-i.out.070723-14:45Using /var/tmp/patchdiag.xref from Jul/20/07Host: tibialis.miba.auc.dk (SunOS 5.10/Generic_125100-10/sparc/sun4u)List: missing

Patch IR CR RSB Age Synopsis------ -- - -- --- --- -------------------------------------------------------120094 12 < 13 RS- 3 X11 6.6.2: xscreensaver patch Download 1/4: done Install 1/4: done

120199 09 < 10 --- 4 SunOS 5.10: sysidtool patch Download 2/4: done Install 2/4: done

124149 04 < 05 --- 5 SunOS 5.10: Sun XVR-300 Graphics Accelerator Patch Download 3/4: done Install 3/4: done - reboot recommended

125184 03 < 04 --- 5 SunOS 5.10: Sun Fibre Channel Device Drivers Download 4/4: done Install 4/4: done - reboot recommended

Download Summary: 4 total, 4 successful, 0 skipped, 0 failedInstall Summary : 4 total, 4 successful, 0 skipped, 0 failed

Reboot recommended.

real 1m38.943suser 0m21.760ssys 0m26.584sroot@tibialis:/space/install#

Der er kun een konfigurationsfil, og den har kun to linier. Det er brugernavn og password til SunSolve. Man faar gratis brugernavn til den, saa det er ikek noget problem.

root@tibialis:/space/install# ls -l pca.conf-rw-r----- 1 root root 34 Jul 15 16:36 pca.conf

./Solaris_Stuff/10/KolgaFrigoeres/index.php

Paa kolga skal vi fjerne alt med SATAboy

Fra kolga

1. c2t1d0 /pci@6,2000/fibre-channel@1,1/sd@1,0 2. c2t1d1 /pci@6,2000/fibre-channel@1,1/sd@1,1 3. c2t1d2 /pci@6,2000/fibre-channel@1,1/sd@1,2 4. c4t0d0 /pci@6,2000/fibre-channel@1/sd@0,0 5. c4t0d1 /pci@6,2000/fibre-channel@1/sd@0,1 6. c4t0d2 /pci@6,2000/fibre-channel@1/sd@0,2

Og det hele er saadan set i brug, som det var da kolga blev toemt. Planen er saa, at sikre sig at det er ok at slette data, og saa koere umount og metaclear indtil der ikkeer flere softpartitions i brug. Og saa kan det volume frigoeres fra SATAboy, og overgaa til at blive splittet op og delt via iSCSI i stedet.

root@kolga:/d20/pack/comsol-3.3# metadisk_softpartition_usage.sh d316 c2t1d0s7 1 83886081 40 GB 0 GB (0)d317 c2t1d0s7 83886082 167772162 40 GB 0 GB (0)d318 c2t1d0s7 167772163 293601283 60 GB 0 GB (0)d907 c2t1d0s7 293601284 335544324 20 GB 0 GB (0)d253 c2t1d0s7 335544325 503316485 80 GB 0 GB (0)d257 c2t1d0s7 503316486 671088646 80 GB 0 GB (0)d261 c2t1d0s7 671088647 838860807 80 GB 0 GB (0)Total: c2t1d0s7 400GB max, with a 0GB hole. Used: 400GB-----------------------------------------------------------------------d470 c2t1d1s7 1 20971521 10 GB 0 GB (0)d445 c2t1d1s7 20971522 62914562 20 GB 0 GB (0)d132 c2t1d1s7 62914563 104857603 20 GB 0 GB (0)d171 c2t1d1s7 104857604 188743684 40 GB 0 GB (0)d232 c2t1d1s7 188743685 293601285 50 GB 0 GB (0)d444 c2t1d1s7 293601286 377487366 40 GB 0 GB (0)d471 c2t1d1s7 377487367 398458887 10 GB 0 GB (0)d900 c2t1d1s7 398458888 419430408 10 GB 0 GB (0)d902 c2t1d1s7 419430409 440401929 10 GB 0 GB (0)d242 c2t1d1s7 440401930 503316490 30 GB 0 GB (0)d175 c2t1d1s7 503316491 566231051 30 GB 0 GB (0)d908 c2t1d1s7 566231052 608174092 20 GB 0 GB (0)d212 c2t1d1s7 1027604491 1090519051 30 GB 199 GB (419430398)d420 c2t1d1s7 1090519052 1174405132 40 GB 0 GB (0)d421 c2t1d1s7 1174405133 1258291213 40 GB 0 GB (0)d422 c2t1d1s7 1258291214 1300234254 20 GB 0 GB (0)d423 c2t1d1s7 1300234255 1384120335 40 GB 0 GB (0)d495 c2t1d1s7 1384120336 1447034896 30 GB 0 GB (0)Total: c2t1d1s7 690GB max, with a 200GB hole. Used: 490GB-----------------------------------------------------------------------d209 c2t1d2s7 1 62914561 30 GB 0 GB (0)d79 c2t1d2s7 62914562 146800642 40 GB 0 GB (0)d24 c2t1d2s7 146800643 167772163 10 GB 0 GB (0)d154 c2t1d2s7 167772164 209715204 20 GB 0 GB (0)d104 c2t1d2s7 209715205 251658245 20 GB 0 GB (0)d360 c2t1d2s7 251658246 335544326 40 GB 0 GB (0)d54 c2t1d2s7 335544327 440401927 50 GB 0 GB (0)d361 c2t1d2s7 440401928 608174088 80 GB 0 GB (0)d362 c2t1d2s7 608174089 692060169 40 GB 0 GB (0)d363 c2t1d2s7 692060170 734003210 20 GB 0 GB (0)d365 c2t1d2s7 734003211 754974731 10 GB 0 GB (0)d364 c2t1d2s7 754974732 964689932 100 GB 0 GB (0)d367 c2t1d2s7 964689933 1027604493 30 GB 0 GB (0)d905 c2t1d2s7 1027604494 1048576014 10 GB 0 GB (0)d368 c2t1d2s7 1048576015 1111490575 30 GB 0 GB (0)Total: c2t1d2s7 530GB max, with a 0GB hole. Used: 530GB-----------------------------------------------------------------------

Page 26: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

26 of 127 11/10/08 12:44

d301 c4t0d0s7 1 83886081 40 GB 0 GB (0)d303 c4t0d0s7 83886082 167772162 40 GB 0 GB (0)d305 c4t0d0s7 167772163 293601283 60 GB 0 GB (0)d906 c4t0d0s7 293601284 335544324 20 GB 0 GB (0)d251 c4t0d0s7 335544325 503316485 80 GB 0 GB (0)d255 c4t0d0s7 503316486 671088646 80 GB 0 GB (0)d259 c4t0d0s7 671088647 838860807 80 GB 0 GB (0)d263 c4t0d0s7 838860808 964689928 60 GB 0 GB (0)Total: c4t0d0s7 460GB max, with a 0GB hole. Used: 460GB-----------------------------------------------------------------------d490 c4t0d1s7 1 20971521 10 GB 0 GB (0)d425 c4t0d1s7 20971522 62914562 20 GB 0 GB (0)d134 c4t0d1s7 62914563 104857603 20 GB 0 GB (0)d173 c4t0d1s7 104857604 188743684 40 GB 0 GB (0)d234 c4t0d1s7 188743685 293601285 50 GB 0 GB (0)d424 c4t0d1s7 293601286 377487366 40 GB 0 GB (0)d491 c4t0d1s7 377487367 398458887 10 GB 0 GB (0)d901 c4t0d1s7 398458888 419430408 10 GB 0 GB (0)d903 c4t0d1s7 419430409 440401929 10 GB 0 GB (0)d244 c4t0d1s7 440401930 503316490 30 GB 0 GB (0)d177 c4t0d1s7 503316491 566231051 30 GB 0 GB (0)d909 c4t0d1s7 566231052 608174092 20 GB 0 GB (0)d214 c4t0d1s7 1027604491 1090519051 30 GB 199 GB (419430398)d440 c4t0d1s7 1090519052 1174405132 40 GB 0 GB (0)d441 c4t0d1s7 1174405133 1258291213 40 GB 0 GB (0)d442 c4t0d1s7 1258291214 1300234254 20 GB 0 GB (0)d443 c4t0d1s7 1300234255 1384120335 40 GB 0 GB (0)d497 c4t0d1s7 1384120336 1447034896 30 GB 0 GB (0)Total: c4t0d1s7 690GB max, with a 200GB hole. Used: 490GB-----------------------------------------------------------------------d207 c4t0d2s7 1 62914561 30 GB 0 GB (0)d77 c4t0d2s7 62914562 146800642 40 GB 0 GB (0)d22 c4t0d2s7 146800643 167772163 10 GB 0 GB (0)d152 c4t0d2s7 167772164 209715204 20 GB 0 GB (0)d102 c4t0d2s7 209715205 251658245 20 GB 0 GB (0)d340 c4t0d2s7 251658246 335544326 40 GB 0 GB (0)d52 c4t0d2s7 335544327 440401927 50 GB 0 GB (0)d341 c4t0d2s7 440401928 608174088 80 GB 0 GB (0)d342 c4t0d2s7 608174089 692060169 40 GB 0 GB (0)d343 c4t0d2s7 692060170 734003210 20 GB 0 GB (0)d345 c4t0d2s7 734003211 754974731 10 GB 0 GB (0)d344 c4t0d2s7 754974732 964689932 100 GB 0 GB (0)d347 c4t0d2s7 964689933 1027604493 30 GB 0 GB (0)d904 c4t0d2s7 1027604494 1048576014 10 GB 0 GB (0)d348 c4t0d2s7 1048576015 1111490575 30 GB 0 GB (0)Total: c4t0d2s7 530GB max, with a 0GB hole. Used: 530GB-----------------------------------------------------------------------

root@kolga:/space/metamirrors_html/tmp# umount /d310root@kolga:/space/metamirrors_html/tmp# vi /etc/vfstabroot@kolga:/space/metamirrors_html/tmp# metastat -p d310d310 -m d300 d306 1d300 1 1 d301d301 -p c4t0d0s7 -o 1 -b 83886080 d306 1 1 d316d316 -p c2t1d0s7 -o 1 -b 83886080 root@kolga:/space/metamirrors_html/tmp# metaclear -r d310d310: Mirror is clearedd300: Concat/Stripe is clearedd301: Soft Partition is clearedd306: Concat/Stripe is clearedd316: Soft Partition is cleared

Osv., indtil c2t1d0 og c4t0d0 er begge tomme.

Man kan finde ud af hvem man er paa FC saadan:

root@kolga:/# fcinfo hba-portHBA Port WWN: 210000e08b1a9897 OS Device Name: /devices/pci@6,2000/fibre-channel@1:devctl Manufacturer: QLogic Corporation Model: QLA2342 Type: NL-port State: online Supported Speeds: 1Gb 2Gb Current Speed: 2Gb Node WWN: 200000e08b1a9897HBA Port WWN: 210100e08b3a9897 OS Device Name: /devices/pci@6,2000/fibre-channel@1,1:devctl Manufacturer: QLogic Corporation Model: QLA2342 Type: NL-port State: online Supported Speeds: 1Gb 2Gb Current Speed: 2Gb Node WWN: 200100e08b3a9897

Og paa SATAboy ser det ud til at vaere:Host #5 (Fibre) WWPN: 21-01-00-E0-8B-3A-98-97Controller 0 Fibre - Host 0 Jeg naegter den adgang til: 1: 'LSR_1' Array: 'SATABOY_1', Controller 0 Capacity: 644.2 GB (600.0 GiB) Og derved er adgangen til den vaek, i detmindste :-)

AVAILABLE DISK SELECTIONS: 0. c0t0d0 /pci@1f,4000/scsi@3/sd@0,0 1. c2t1d0 /pci@6,2000/fibre-channel@1,1/sd@1,0 2. c2t1d1 /pci@6,2000/fibre-channel@1,1/sd@1,1...

root@tibialis:/space/install# iscsiadm add discovery-address 10.11.12.16:3260root@tibialis:/space/install# iscsiadm list discovery-address -vDiscovery Address: 10.11.12.16:3260 Target name: iqn.1999-02.com.nexsan:p0:sataboy:0264142f Target address: 10.11.12.16:3260, 1root@tibialis:/space/install# iscsiadm modify discovery --sendtargets enable

Og saa sker der ting og sager :-)

Jul 24 22:33:02 tibialis.miba.auc.dk iscsi: [ID 240218 kern.notice] NOTICE: iscsi session(31) iqn.1999-02.com.nexsan:p0:sataboy:0264142f onlineJul 24 22:33:02 tibialis.miba.auc.dk scsi: [ID 799468 kern.info] sd0 at iscsi0: name 0000iqn.1999-02.com.nexsan%3Ap0%3Asataboy%3A0264142f0001,1, bus address 0000iqn.1999-02.com.nexsan%3Ap0%3Asataboy%3A0264142f0001,1Jul 24 22:33:02 tibialis.miba.auc.dk genunix: [ID 936769 kern.info] sd0 is /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,1Jul 24 22:33:02 tibialis.miba.auc.dk scsi: [ID 107833 kern.warning] WARNING: /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,1 (sd0):Jul 24 22:33:02 tibialis.miba.auc.dk Corrupt label; wrong magic numberJul 24 22:33:02 tibialis.miba.auc.dk genunix: [ID 408114 kern.info] /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,1 (sd0) online

root@tibialis:/space/install# iscsiadm list target -vTarget: iqn.1999-02.com.nexsan:p0:sataboy:0264142f Alias: Nexsan iSCSI TPGT: 1 ISID: 4000002a0000 Connections: 1 CID: 0 IP address (Local): 10.11.12.70:51866 IP address (Peer): 10.11.12.16:3260 Discovery Method: SendTargets Login Parameters (Negotiated): Data Sequence In Order: yes Data PDU In Order: yes Default Time To Retain: 0 Default Time To Wait: 2 Error Recovery Level: 0 First Burst Length: 1024 Immediate Data: yes Initial Ready To Transfer (R2T): yes Max Burst Length: 262144 Max Outstanding R2T: 1

Page 27: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

27 of 127 11/10/08 12:44

Max Receive Data Segment Length: 8192 Max Connections: 1 Header Digest: NONE Data Digest: NONE

8. c3t0d0 /iscsi/[email protected]%3Ap0%3Asataboy%3A0264142f0001,1Specify disk (enter its number): 8selecting c3t0d0[disk formatted]Disk not labeled. Label it now? y...partition> pCurrent partition table (default):Total disk cylinders available: 6398 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks 0 root wm 0 - 15 128.00MB (16/0/0) 262144 1 swap wu 16 - 31 128.00MB (16/0/0) 262144 2 backup wu 0 - 6397 49.98GB (6398/0/0) 104824832 3 unassigned wm 0 0 (0/0/0) 0 4 unassigned wm 0 0 (0/0/0) 0 5 unassigned wm 0 0 (0/0/0) 0 6 usr wm 32 - 6397 49.73GB (6366/0/0) 104300544 7 unassigned wm 0 0 (0/0/0) 0

root@tibialis:/space/install# zpool create z2 c3t0d0s2invalid vdev specificationuse '-f' to override the following errors:/dev/dsk/c3t0d0s2 overlaps with /dev/dsk/c3t0d0s0

??

root@tibialis:/space/install# zpool create -f z2 c3t0d0s2root@tibialis:/space/install# zpool listNAME SIZE USED AVAIL CAP HEALTH ALTROOTz1 136G 11.2G 125G 8% ONLINE -z2 49.8G 80K 49.7G 0% ONLINE -root@tibialis:/space/install# zpool status z2 pool: z2 state: ONLINE scrub: none requestedconfig:

NAME STATE READ WRITE CKSUM z2 ONLINE 0 0 0 c3t0d0s2 ONLINE 0 0 0

errors: No known data errors

Saadan. Nu kan jeg saa lave det samme med den anden 600GB del, saaledes at jeg faar mulighed for at lave en mirror paa tibialis. Dette er til mails....havde helt glemtdet...saa den skal nok vaere lidt stoerre end 50GB ;-) Dette er en pool, og den bliver delt ned i mindre omraader som tages backup af individuelt.

./Solaris_Stuff/index.php

./Solaris_Stuff/GodeLinks/index.php

Gode linksMagnusHer saetter jeg lige de links som jeg har fundet Warning: main(magnus.php) [function.main]: failed to create stream: No such file or directory in /pack-sol2/www-docs/sysadmnetoffline/DetHele.php on line 4138

Warning: main() [function.main]: Failed opening 'magnus.php' for inclusion (include_path='.:/pack/php-4.3.1/lib/php') in /pack-sol2/www-docs/sysadmnetoffline/DetHele.php on line 4138

Torben

Warning: main(torben.php) [function.main]: failed to create stream: No such file or directory in /pack-sol2/www-docs/sysadmnetoffline/DetHele.php on line 4146

Warning: main() [function.main]: Failed opening 'torben.php' for inclusion (include_path='.:/pack/php-4.3.1/lib/php') in /pack-sol2/www-docs/sysadmnetoffline/DetHele.php on line 4146

./Solaris_Stuff/CSW/index.php

Saadan lavede jeg en CSW pakke til

78 mkdir DK-BIB 79 cd DK-BIB 80 unzip /home/magnus/public_html/EDB/dk-bib.zip 81 ls 82 ls -l 83 cd dk-bib/ 84 ls

Saa skal den lige installeres:

root@gracilis:/tmp/DK-BIB/dk-bib# INSTALLDIR=/opt/csw/share/texmf-dist make install

En lang linie, som laver en prototype, ved at finde alle aendrede filer:

root@gracilis:/tmp/DK-BIB/dk-bib# (echo "i pkginfo";echo "i depend";echo "i copyright";echo "i postinstall";find /opt/csw -newer /home/magnus/public_html/EDB/dk-bib.zip |pkgproto ) > prototype

Jeg fjerner saa lige ls-R filen fra listen, da den ikke skal komme medi pakken, men laves vha postinstall scriptet.

root@gracilis:/tmp/DK-BIB/dk-bib# history |tail -22 149 pkgtrans -s /var/spool/pkg /tmp/$filename CSWdkbib 150 pkgmk -r / -a `uname -p` 151 vi postinstall 152 pkgmk -r / -a `uname -p` 153 vi postinstall 154 ll /opt/csw/share/texmf-dist/ls-R 155 ll /opt/csw/share/texmf-dist/ls-R* 156 diff /opt/csw/share/texmf-dist/ls-R* 157 pkgmk -r / -a `uname -p` 158 rm -rf /var/spool/pkg/CSWdkbib/ 159 pkgmk -r / -a `uname -p` 160 pkgtrans -s /var/spool/pkg /tmp/$filename CSWdkbib 161 vi prototype 162 rm -rf /var/spool/pkg/CSWdkbib/

Page 28: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

28 of 127 11/10/08 12:44

163 pkgmk -r / -a `uname -p` 164 pkgtrans -s /var/spool/pkg /tmp/$filename CSWdkbib 165 vi postinstall 166 rm -rf /var/spool/pkg/CSWdkbib/ 167 pkgmk -r / -a `uname -p` 168 pkgtrans -s /var/spool/pkg /tmp/$filename CSWdkbib 169 find /opt/csw -name psfig.sty 170 history |tail -22root@gracilis:/tmp/DK-BIB/dk-bib#

./Solaris_Stuff/Zones/multimus05/index.php

multimus05Dette er en helt ny x4100 [6/7-2007]

root@multimus05:/# svcadm disable !$svcadm disable svc:/network/telnetroot@multimus05:/# svcs svc:/network/telnetSTATE STIME FMRIdisabled 15:42:28 svc:/network/telnet:defaultroot@multimus05:/#

root@multimus05:/# pkgrm SUNWtnetr

root@multimus05:/# diff /etc/nsswitch.conf.root-070706-15\:34 /etc/nsswitch.conf18c18< hosts: files---> hosts: files dns

root@multimus05:/# cat /etc/resolv.confdomain hst.aau.dknameserver 130.225.49.6nameserver 130.225.49.2search miba.auc.dk staff.miba.auc.dk hst.aau.dk auc.dk

Jeg har sat den til at koere hardware RAID paa de to diske. Det er en ren mirror. Steen siger at det er godt nok, og jeg stoler paa ham :-)

Man slaar det til i BIOSen. Ved at trykke Ctrl-C under boot processen.

I Solaris kan man se status paa hvad den har gang i, og hvordan det gaar. Her er den ved at synkronisere lige efter at jeg lavede mirroren:

root@multimus05:/# raidctl -lRAID Volume RAID RAID DiskVolume Type Status Disk Status------------------------------------------------------c4t2d0 IM RESYNCING c4t2d0 OK c4t3d0 OK

Og her er den saa faerdig:

root@multimus05:/# raidctl -lRAID Volume RAID RAID DiskVolume Type Status Disk Status------------------------------------------------------c4t2d0 IM OK c4t2d0 OK c4t3d0 OK

For at forberede maskine til zoner, med mulighed for at styre hvor meget CPU hver zone faar, saa skal vi slaa FSS til i kernen.

root@multimus05:/# dispadmin -d FSS

root@multimus05:/# dispadmin -dFSS (Fair Share)root@multimus05:/# init 6updating /platform/i86pc/boot_archive...this may take a minuteroot@multimus05:/# svc.startd: The system is coming down. Please wait.svc.startd: 84 system services are now being stopped.Jul 6 07:23:52 multimus05 syslogd: going down on signal 15svc.startd: The system is down.syncing file systems... donerebooting...

root@multimus05:/# ps -efc|head UID PID PPID CLS PRI STIME TTY TIME CMD root 0 0 SYS 96 07:25:59 ? 1:36 sched root 1 0 FSS 29 07:26:09 ? 0:00 /sbin/init root 2 0 SYS 98 07:26:09 ? 0:00 pageout root 3 0 SYS 60 07:26:09 ? 0:00 fsflush root 296 7 FSS 59 07:26:15 console 0:00 -sh root 7 1 FSS 29 07:26:09 ? 0:02 /lib/svc/bin/svc.startd root 9 1 FSS 29 07:26:09 ? 0:03 /lib/svc/bin/svc.configd daemon 261 1 FSS 59 07:26:14 ? 0:00 /usr/sbin/rpcbind root 152 1 FSS 29 07:26:13 ? 0:00 devfsadmd

Vi kan se at alle ikke-vitale processer koerer under FSS scedulerings reglerne. Laes om Zones_Resource_Controls for at se mere om dette.

Disken er autopartitioneret. Derfor ser det lidt maerkeligt ud. Men, pyt, det betyder ikke det store.

Enter partition id tag[unassigned]: Enter partition permission flags[wm]: Enter new starting cyl[0]: 2424Enter partition size[0b, 0c, 2424e, 0.00mb, 0.00gb]: 15407cpartition> pCurrent partition table (unnamed):Total disk cylinders available: 17831 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks 0 root wm 256 - 1658 10.75GB (1403/0/0) 22539195 1 swap wu 1 - 255 1.95GB (255/0/0) 4096575 2 backup wm 0 - 17830 136.59GB (17831/0/0) 286455015 3 unassigned wm 0 0 (0/0/0) 0 4 unassigned wm 0 0 (0/0/0) 0 5 var wm 1659 - 2423 5.86GB (765/0/0) 12289725 6 unassigned wm 0 0 (0/0/0) 0 7 unassigned wm 2424 - 17830 118.02GB (15407/0/0) 247513455 8 boot wu 0 - 0 7.84MB (1/0/0) 16065 9 unassigned wm 0 0 (0/0/0) 0

partition> labelReady to label disk, continue? ypartition>

Men. Men. Men. Det er maaske smart med det der hardware RAID, men det er ogsaa noget skrammel da vi kun har to diske. Saa kan vi ikke lave en Live Update, da vi ikke har enekstra disk at "lege" med.

Arrghhhhh. Men 5000kr ekstra, bare for at have plads til to ekstra diske, det var lige i overkanten :-(

Det vil ikke undre mig, hvis jeg skrotter det hele, bryder den RAID, installerer helt forfra, som vi plejer, og har MetaDevices paa systemet, og ZFS for resten.

Alt det pop der, det er ikke altid saa smart :-\ Suk.

Page 29: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

29 of 127 11/10/08 12:44

Installerede zoner

root@multimus05:/# zoneadm list -cv ID NAME STATUS PATH 0 global running / 1 typo3-01 running /internal/zones/ssn/zone

./Solaris_Stuff/Zones/multimus01/index.php

root@multimus01:/space# zoneadm list -vc ID NAME STATUS PATH 0 global running / 1 qemu01 running /sataboy/zones/qemu01/zone 2 ldap01 running /sataboy/zones/ldap01/zone 3 unattended running /sataboy/zones/unattended/zone 4 wwwproxy running /sataboy/zones/wwwproxy/zone 5 ciscoadm running /sataboy/zones/ciscoadm/zone 6 qemu02 running /sataboy/zones/qemu02/zone

./Solaris_Stuff/Zones/multimus01/global/index.php

root@multimus01:/space# zoneadm list -vc ID NAME STATUS PATH 0 global running / 1 qemu01 running /sataboy/zones/qemu01/zone 2 ldap01 running /sataboy/zones/ldap01/zone 3 unattended running /sataboy/zones/unattended/zone 4 wwwproxy running /sataboy/zones/wwwproxy/zone 5 ciscoadm running /sataboy/zones/ciscoadm/zone 6 qemu02 running /sataboy/zones/qemu02/zone

./Solaris_Stuff/Zones/multimus01/qemu01/index.php

root@multimus01:/space# zoneadm list -vc ID NAME STATUS PATH 0 global running / 1 qemu01 running /sataboy/zones/qemu01/zone 2 ldap01 running /sataboy/zones/ldap01/zone 3 unattended running /sataboy/zones/unattended/zone 4 wwwproxy running /sataboy/zones/wwwproxy/zone 5 ciscoadm running /sataboy/zones/ciscoadm/zone 6 qemu02 running /sataboy/zones/qemu02/zone

./Solaris_Stuff/Zones/multimus01/ldap01/index.php

root@multimus01:/space# zoneadm list -vc ID NAME STATUS PATH 0 global running / 1 qemu01 running /sataboy/zones/qemu01/zone 2 ldap01 running /sataboy/zones/ldap01/zone 3 unattended running /sataboy/zones/unattended/zone 4 wwwproxy running /sataboy/zones/wwwproxy/zone 5 ciscoadm running /sataboy/zones/ciscoadm/zone 6 qemu02 running /sataboy/zones/qemu02/zone

./Solaris_Stuff/Zones/multimus01/unattended/index.php

root@multimus01:/space# zoneadm list -vc ID NAME STATUS PATH 0 global running / 1 qemu01 running /sataboy/zones/qemu01/zone 2 ldap01 running /sataboy/zones/ldap01/zone 3 unattended running /sataboy/zones/unattended/zone 4 wwwproxy running /sataboy/zones/wwwproxy/zone 5 ciscoadm running /sataboy/zones/ciscoadm/zone 6 qemu02 running /sataboy/zones/qemu02/zone

./Solaris_Stuff/Zones/multimus01/wwwproxy/index.php

root@multimus01:/space# zoneadm list -vc ID NAME STATUS PATH 0 global running / 1 qemu01 running /sataboy/zones/qemu01/zone 2 ldap01 running /sataboy/zones/ldap01/zone 3 unattended running /sataboy/zones/unattended/zone 4 wwwproxy running /sataboy/zones/wwwproxy/zone 5 ciscoadm running /sataboy/zones/ciscoadm/zone 6 qemu02 running /sataboy/zones/qemu02/zone

./Solaris_Stuff/Zones/multimus01/ciscoadm/index.php

Zone ciscoadm

5 ciscoadm running /sataboy/zones/ciscoadm/zone

Denne zone indeholder alt som vedroerer cisco switchene. Ihvertfald alle som er kommet over paa det nye VLAN 419 som administrations net. Det er her det hele er samlet:

root@ciscoadm:/space/Cisco_admin# ls -ltotal 2329drwxr-xr-x 20 root cisco 41 Aug 2 12:12 DoCiscodrwxr-xr-x 16 root root 48 Oct 17 22:15 MRTGdrwxr-xr-x 2 root root 42 Aug 23 14:26 NetDoclrwxrwxrwx 1 root root 37 Jul 2 11:09 NetGraf -> /opt/csw/apache2/share/htdocs/NetGrafdrwxr-xr-x 7 root root 8 Sep 19 18:06 VMPS-rw-r--r-- 1 root root 1116160 Sep 19 18:48 VMPS.tarlrwxrwxrwx 1 root root 29 Jul 1 00:44 htdocs -> /opt/csw/apache2/share/htdocs

Page 30: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

30 of 127 11/10/08 12:44

DoCisco

MRTG

Dette cron-job opsamler data til graferne:

0,5,10,15,20,25,30,35,40,45,50,55 * * * * /space/Cisco_admin/MRTG/cronjob.sh

NetDoc

NetGraf

Her kan man se vores NetGraf oversigt.

Vi kan se traffikstatistik paa de switche som er kommet over paa det nye administrations VLAN. De andre skal komme meget snart....

VMPS

./Solaris_Stuff/Zones/multimus01/ciscoadm/DoCisco/index.php

DoCiscoHer samles alle de scripts som har med do_cisco tcl-scriptet at goere. Dette script kommer oprindeligt fra Store Peter, og bruger expect til at goere det som skal goeres paaswitchene. Derved er muligt at lave scripts til at udfoere alle aendringer, og de scripts fungerer ogsaa som en slags dokumentation, saa man husker hvad man lavede for langtid siden :-)

I denne zone har jeg valgt KUN at have adgang til de switche som er kommet over paa det nye administrative domaine, med tilhoerende nyt VLAN og ip-nummer. Alle switche skalherover, men jeg har vaeret lidt usikker paa konsekvenserne for forbindelsen til den enkelte switch, saa derfor har jeg udskudt dette i flere omgange :-\

TODO: At lave en fremgangsmaade for at flytte switchene fra VLAN 1 som administrativt VLAN, over til VLAN 419. Dertil hoerer ogsaa 192.168.85 nettet, hvor jeg har valgt attage krydsfeltnummeret og gange med 10, og bruge det som en serie til de switche som er der. Altsaa, i K6.04 vil vi have 192.168.85.40-49, i K6.12 vil det vaere192.168.85.120-129 osv. Det gaar dog galt ved K6.29-K6.32, men der tror jeg bare at jeg vaelger en serie som ikke kolliderer med noget, og saetter hele stamcellebygningender. Der er kun 6 switche i det hele.

Navngivningen bliver cisk612a, b, c osv. Hvis vi har switche udenfor krydsfelter, saa maa de kaldes noget andet, men det tror jeg ikke at vi har.

./Solaris_Stuff/Zones/multimus01/qemu02/index.php

root@multimus01:/space# zoneadm list -vc ID NAME STATUS PATH 0 global running / 1 qemu01 running /sataboy/zones/qemu01/zone 2 ldap01 running /sataboy/zones/ldap01/zone 3 unattended running /sataboy/zones/unattended/zone 4 wwwproxy running /sataboy/zones/wwwproxy/zone 5 ciscoadm running /sataboy/zones/ciscoadm/zone 6 qemu02 running /sataboy/zones/qemu02/zone

./Solaris_Stuff/Zones/multimus01/medisdepot/index.php

Zone medisdepotDette bliver den foerste zone som en studentermedhjaelp faar fuld magt over.

Jeg retter foerst aegir:/etc/bootptab, saadan her:

18a19,23> .zone-restrict:\> :sm=255.255.255.0:\> :gw=130.225.49.1:\> :dn=hst.aau.dk:> 362a368,369> medisdepot:tc=.zone-restrict:ip=130.225.49.133:

Saa retter jeg lige nameserveren paa quark, for at faa navnet med i hst.aau.dk. Dette sker vist ikke automatisk, som det goer for de maskiner som er i de gamle "grupper" i/etc/bootptab.

root@quark:/etc/namedb# grep medis named.hst.aau.dkmedis.ssn IN CNAME ssnmedisdepot IN A 130.225.49.133

For at lave zonen

Jeg har set paa http://www.sun.com/bigadmin/content/zones/ hvor der henvises til Step-by-Step Zone Configuration in the Solaris 10 OS(08/2007). i

Lav et ZFZ filsystem til zonen

root@multimus01:~# time zfs create sataboy/zones/medisdepot

real 0m0.086suser 0m0.002ssys 0m0.012sroot@multimus01:~# mkdir /sataboy/zones/medisdepot/zoneroot@multimus01:~# chmod 700 /sataboy/zones/medisdepot/zone

1.

Lav selve zonen

Jeg bruger en setup-fil som ser saadan ud:

root@multimus01:~# cat /sataboy/zones/medisdepot/medisdepot.zonecfgcreateset zonepath=/sataboy/zones/medisdepot/zoneset autoboot=trueadd netset address=130.225.49.133set physical=e1000g30003endinforoot@multimus01:~#

Som saa bruges saadan her:

root@multimus01:~# time zonecfg -z medisdepot -f /sataboy/zones/medisdepot/medisdepot.zonecfg zonename: medisdepotzonepath: /sataboy/zones/medisdepot/zoneautoboot: truepool: limitpriv: inherit-pkg-dir:

2.

Page 31: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

31 of 127 11/10/08 12:44

dir: /libinherit-pkg-dir: dir: /platforminherit-pkg-dir: dir: /sbininherit-pkg-dir: dir: /usrnet: address: 130.225.49.133 physical: e1000g30003

real 0m0.063suser 0m0.004ssys 0m0.005s

Installer zonen

Vi har nu en zone som er klar til at blive installeret:

root@multimus01:~# zoneadm -z medisdepot list -v ID NAME STATUS PATH - medisdepot configured /sataboy/zones/medisdepot/zone

root@multimus01:~# time zoneadm -z medisdepot verify

real 0m0.010suser 0m0.004ssys 0m0.005sroot@multimus01:~# time zoneadm -z medisdepot installPreparing to install zone .Creating list of files to copy from the global zone.Copying <2487> files to the zone.Initializing zone product registry.Determining zone package initialization order.Preparing to initialize <993> packages on the zone.Initialized <993> packages on zone. Zone is initialized.Installation of these packages generated warnings: The file contains a log of the zone installation.

real 2m49.922suser 0m33.228ssys 1m6.416s

root@multimus01:~# zoneadm -z medisdepot list -v ID NAME STATUS PATH - medisdepot installed /sataboy/zones/medisdepot/zone

root@multimus01:~# zoneadm -z medisdepot readyroot@multimus01:~# zoneadm -z medisdepot list -v ID NAME STATUS PATH 7 medisdepot ready /sataboy/zones/medisdepot/zone

root@multimus01:~# zoneadm -z medisdepot bootroot@multimus01:~# zoneadm -z medisdepot list -v ID NAME STATUS PATH 7 medisdepot running /sataboy/zones/medisdepot/zone

3.

HUSK en console login!!!

Hvis man glemmer dette, saa staar den taalmodigt i consollen og venter paa at bliver konfigureret faerdigt. Ligesom i gamle dage....der findes vistnok et script somautomatiserer dette ogsaa, jeg har bare ikke brugt det i denne omgang.

Jeg viser her kun ganske faa ting, da dette vistnok egentlig er lidt uinterressant...

root@multimus01:~# zlogin -C medisdepot[Connected to zone 'medisdepot' console] 64/114...Select a Language

0. English 1. sv

Please make a choice (0 - 1), or press h or ? for help: 0

------- NFSv4 Domain Configuration ----------------------------------------------- [X] Use the NFSv4 domain derived by the system [ ] Specify a different NFSv4 domain

System identification is completed.

rebooting system due to change(s) in /etc/default/init

[NOTICE: Zone rebooting]

SunOS Release 5.10 Version Generic_125101-10 64-bitCopyright 1983-2007 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.Hostname: medisdepot

medisdepot console login: Dec 10 20:03:11 medisdepot sendmail[2501]: My unqualified host name (medisdepot) unknown; sleeping for retry

4.

Aendringer i Solaris, paa den koerende zone

De eneste aendringer jeg foretager er at jeg retter shellen for root til bash, og stopper sendmail.

root@medisdepot:/# grep root /etc/passwd root:x:0:0:Super-User:/:/usr/bin/bash

bash-3.00# svcs sendmailSTATE STIME FMRIonline 20:04:12 svc:/network/smtp:sendmailbash-3.00# svcadm disable sendmailbash-3.00# svcs sendmailSTATE STIME FMRIdisabled 20:07:17 svc:/network/smtp:sendmail

Jo, saa har jeg lavet /.bash_profile og /.bashrc

Saa mangler bare at give sshd lov til at slippe root ind, og reboot'e zonen. Det tager kun et par sekunder, saa det er naermest hurtigere end at give et spark tilsshd:

root@medisdepot:/# ls -l /etc/ssh/sshd_config -rw-r--r-- 1 root sys 5202 Jan 22 2005 /etc/ssh/sshd_configroot@medisdepot:/# change !$change /etc/ssh/sshd_configroot@medisdepot:/# ls -l /etc/ssh/sshd_config*-rw-r--r-- 1 root root 5202 Dec 10 20:12 /etc/ssh/sshd_config-rw-r--r-- 1 root sys 5202 Jan 22 2005 /etc/ssh/sshd_config.root-071210-20:12

root@medisdepot:/# diff /etc/ssh/sshd_config.root-071210-20\:12 /etc/ssh/sshd_config132c132< PermitRootLogin no---> PermitRootLogin yesroot@medisdepot:/#

root@multimus01:~# zoneadm -z medisdepot reboot

Og saa er den klar :-)

5.

Page 32: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

32 of 127 11/10/08 12:44

Saa er vi klare til kamp

Saadan ser det ud foerste gang man skal ind:

magnus@illiacus:~# ssh root@medisdepotThe authenticity of host 'medisdepot (130.225.49.133)' can't be established.RSA key fingerprint is b7:a4:a5:46:a8:09:76:6f:e6:3c:51:d2:f3:f5:f8:0e.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'medisdepot,130.225.49.133' (RSA) to the list of known hosts.Password: Last login: Mon Dec 10 20:12:07 2007Sun Microsystems Inc. SunOS 5.10 Generic January 2005I .bash_profileroot@medisdepot:/#

Ak, ja, saa skal man lige faa den til at bruge DNS som nameserver. Her vises ogsaa at jeg bruger "change" kommandoen foer jeg retter nogle filer (kun med undtagelse af/etc/passwd og /etc/shadow). Man finder definitionen af change() i /.bashrc :

root@medisdepot:/# diff /etc/nsswitch.conf.root-071210-20\:20 /etc/nsswitch.conf 18c18< hosts: files---> hosts: files dns

root@medisdepot:/# cat /etc/resolv.confdomain hst.aau.dknameserver 130.225.49.6nameserver 130.225.49.2

6.

./Solaris_Stuff/Zones/index.php

Zoner paa servereneVi er begyndt at lege med zoner. Og faktisk er de allerede i brug.

./PrintOgKopikort/WebInterface/index.php

Web Interface til KopikortsystemetDer er et fint interface paa http://kopikort.hst.aau.dk/printer_account/www/index.php

I filsystemet ligger dette paa aegir:/d110/pack/printer_account/www Der er to filer, index.php og kopikort_html_functions.inc Der er kun adgang for dem som skal have adgangdertil. Senere kan vaere at studerende faar adgang, saaledes at de kan overfoere kopier fra sig selv over til andre.

Naar kopikort saettes ind paa studenterkonti, saa laves der en entry i databasen, og saa koerer et ccron-job. Men hvilket, og hvor det er.....det kan jeg ikke huske :-(

Jo, her er den:

magnus@ran:~/UNIX/admin/SunRay# crontab -l |grep kopi* * * * * /home/magnus/UNIX/admin/KopiKort/Printerkonto.sh >/tmp/.Printerkonto.mail || cat /tmp/.Printerkonto.mail | /usr/ucb/Mail -s"[Printerkonto] Indsaetter kopikort" magnus

Databasen er paa ran, og der er link til databsen fra web-interface'et.

For at saette systemet i drift, mht opdatering af astuderendes konti, skal man lige rette i /home/magnus/UNIX/admin/KopiKort/Printerkonto.sh

... C1000 =substr(v[" C1000"],2); Antal =substr(v[" Antal"],2); sum= C100*100 + C200*200 + C500*500 + C1000*1000; print "echo "User " skal have " Antal " prints ud af " sum " kopier i operationen" linie = Antal","User","Admin","Date #print "echo \"" linie "\" >>/pack/printer_account/user/"User print "echo \"" linie "\" >>/home/magnus/UNIX/admin/KopiKort/"User DOIT="UPDATE Printerkonto SET \\\`Status\\\`=\\\"Done\\\" WHERE \\\`Id\\\`=\\\""Id"\\\"" MySQL="/opt/csw/mysql4/bin/mysql --defaults-file=/home/magnus/.my.cnf.KopiKortBevaegelser KopiKortRegnskab" print "echo \""DOIT"\" |"MySQL

Det er bare kommentartegnet som skal flyttes en linie ned.

./PrintOgKopikort/NyPrintKoe/index.php

Ny Printkoe paa aegirDen skal afskaffes snart, men her er maaden:

root@aegir:/# ls -l /etc/printcaplrwxrwxrwx 1 root root 30 Jul 22 2000 /etc/printcap -> /pack/LPRng-3.6.5/etc/printcaproot@aegir:/# change /pack/LPRng-3.6.5/etc/printcaproot@aegir:/# vi !$

Saa skal vi faa den til at lave mapper osv, men det fejler, saa den skal have lidt hjaelp.

root@aegir:/# checkpc -fWarning - mkdir '/var/spool/psc8' failed, Permission deniedWarning - Printer_DYN 'psc8' spool dir '/var/spool/psc8' needs fixing

root@aegir:/# mkdir mkdir /var/spool/psc8root@aegir:/# checkpc -fWarning - owner/group of '/var/spool/psc8' are 0/0, not 15/15Warning - changing ownership '/var/spool/psc8' to 15/15Warning - permissions of '/var/spool/psc8' are 0775, not 0700

Saa skal vi lige teste igen, faa lpd til at genlaese config, og saa skal vi bare vaer glade:

root@aegir:/# lpq -P psc8Printer: psc8@aegir - no spool directory for printer 'psc8'root@aegir:/# lpc rereadlpd server pid 811 on aegir.miba.auc.dk, sending SIGHUProot@aegir:/# lpq -P psc8Printer: psc8@aegir 'psc8 (Xerox Phaser 8400DP, D1-212)' Queue: no printable jobs in queue

./HSTsysadm/index.php

HSTsysadm systemetDet startede som en leg med AJAX, men udviklede sig til noget med moduler osv. Saa nu har jeg en ide om at dette er starten paa det system som i fremtiden holder styr paaalle vores brugere, aliases mm.

Page 33: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

33 of 127 11/10/08 12:44

Ud fra den bagvedliggende database genererer vi saa yp-filer, ldap-filer, aliases og andet som vi kar lyst til.

Den er paa https://hstsysadm.hst.aau.dk/HSTsysadm/

/Magnus

Dette er bare klippet fra en shell, idet jeg 10/3-2008 lige proevede

root@ran:/space/home/edb/amanda/HST# /opt/csw/apache/securedocs/HSTsysadm/bin/passwd2db.shMon Mar 10 00:00:10 MET 2008Mon Mar 10 00:00:12 MET 2008root@ran:/space/home/edb/amanda/HST# /opt/csw/apache/securedocs/HSTsysadm/bin/smbpasswd2db.shMon Mar 10 00:00:29 MET 2008Mon Mar 10 00:00:30 MET 2008

Og paa den nye hstsysadm host

root@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin# ./passwd2db.sh# Antal brugere foer:count(*)2753# Nye brugere indsaettesFri Jun 20 20:15:02 CEST 2008Fri Jun 20 20:15:03 CEST 2008# Antal brugere efter:count(*)2753

# Synkroniserer passwordroot@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin# ./smbpasswd2db.shFri Jun 20 20:15:06 CEST 2008Fri Jun 20 20:15:07 CEST 2008root@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin#

./HSTsysadm/Tabellen_User/index.php

User tabellen

Indsaette fra YP

Dette er kun noedvendigt indtil databasen tager over som det som gaelder

For at indsaette nye brugere i databasen, bruger jeg foelgende:

/opt/csw/apache/securedocs/HSTsysadm/bin/passwd2db.sh

Og for at vedligeholde pwd feltet alene:

root@ran:/# ypcat passwd|\awk -F: '{print "UPDATE `User` SET `pwd`=\""$2"\" WHERE `username`=\""$1"\";"}' |\/opt/csw/mysql4/bin/mysql --defaults-extra-file=/.my.cnf HSTsysadm

BrainstormI oejeblikket kommer data til YP fra flere filer i /var/yp/ypfiles, som samles af /var/yp/Makefile. Der sker ogsaa aendringer via yppasswd kommandoen. Det er derfor vigtigtat overgangen til HST-DB er kaedet sammen med aendring af dette. I forvejen er ikke mange som bruger yppasswd kommandoen direkte, men vores web-interface. Derfor skal dette forberedes til et skift, lige der hvor vi gaar over til atgenerere YP data ud fra HST-DB, og ikke omvendt.

Ved oprettelse af brugere, saetter jeg en linie ind i en fil nede i /var/yp/ypfiles, saasom passwd.staff@smi eller passwd.staff@edb. Studerende er i passwd.stud@aegir, somegentlig er misvisende, da de altid flyttes til maximus nu...

Der er ogsaa en speciel fil, passwd.radius, som genereres ud fra passwd filen. Denne fil bruger radius serveren. Den skal stadigvaek genereres, selvfoelgelig. Maaske kan manudnytte databasen, saaledes at man kan vaelge om en bruger skal med i radius filen eller ej?

Og LDAP data skal vi ogsaa generere ud fra den....

Se ogsaa ~/bin/get_hst_users_from_scanpas.sh og get_current_hst_users_from_scanpas.sh. Dette er nogle script som henter fra VBN siderne.

Ændringen fra ypfiles til databasenDen gamle måde vises rødlig:

Det er et problem at folk som aendrer deres password bruger en metode som retter direkte i passwd filen. Det betyder at databasen kommer ud af sync :-( Maaske kan jegudnytte yppasswdchange i Makefile? Se klip fra /var/yp/Makefile her:

yppasswdchange: passwd $(DIR)/passwd.radius @/bin/date| /usr/ucb/Mail -s"yppasswdchange koeres paa aegir" magnus

Jeg kunne opdatere databasen i denne regel, tror jeg nok.

A: Paa ran er et script som tager data fra NIS og indsaetter i databasen:

/opt/csw/apache/securedocs/HSTsysadm/bin/passwd2db.sh

B: Jeg har lige tilfoejet smbpwd til User tabellen.

root@ran:/opt/csw/apache/securedocs/HSTsysadm# /opt/csw/apache/securedocs/HSTsysadm/bin/smbpasswd2db.sh

Page 34: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

34 of 127 11/10/08 12:44

Thu Mar 22 21:01:44 MET 2007Thu Mar 22 21:01:45 MET 2007

./HSTsysadm/Tasks/index.php

./HSTsysadm/Tasks/New_projectdir/index.php

Nyt gruppe dir til projekter

Indsaette fra YP

For at lave en ny gruppe, bruger jeg foelgende: a) Finder et GID som er ledigt, og er i samme serie som andre projekter.

root@aegir:/var/yp# sort -n -t: +2 ypfiles/group| awk -F: '{print $3-last"\t"$0; last=$3}' |less

b) Indsaetter data i de relevante filer i /var/yp, og koerer make

root@aegir:/var/yp# vi ypfiles/group@mibaroot@aegir:/var/yp# vi ypfiles/auto_gruppe\@maximusroot@aegir:/var/yp# make

c) Laver directory paa maximus, og retter ejerskabet til

root@maximus:/# zfs create z1/g/decubitusroot@maximus:/# zfs list z1/g/decubitusNAME USED AVAIL REFER MOUNTPOINTz1/g/decubitus 24.5K 130G 24.5K /export/home/decubitusroot@maximus:/# chgrp decubitus /export/home/decubitusroot@maximus:/# chmod g+ws /export/home/decubitusroot@maximus:/# chmod o-rwx /export/home/decubitusroot@maximus:/# ls -ld /export/home/decubitusdrwxrws--- 2 root decubitus 2 Sep 25 02:26 /export/home/decubitus

d) Og saa skal vi have amanda paa den:

root@ran:/space/home/edb/amanda/HST# vi disklist...# Nyt gruppedir til Christian mm.maximus /export/home/decubitus user-csw-tar-zfs

e) Saet ind i ypfiles/auto_gruppe\@maximus

root@aegir:/var/yp# tail -1 ypfiles/auto_gruppe\@maximus tks-group maximus:/export/home/&

f) Saet ind i /pack/samba/lib/smb.conf

[tks-group] comment = Toung Control System group path = /gruppe/tks-group writeable = yes printable = no browsable = no create mask = 0770 directory mask = 2770 force directory mode = 2770 hide files = /.*/

g) Done :-)

./HSTsysadm/Tasks/New_user/index.php

Oprettelse af en ny brugerSaadan foregaar det halvmanuelt. Der er en side paa /net, hvor folk finder paa passw0rd og soeger om at faa et brugernavn. Det resulterer saa i en e-mail, hvor navnet,gruppen og de krypterede strenge indgaar.

Det som jeg indtaster er:

/dist/admin/bin/add_user_auto.sh -d maximus

og saa kommer resten fra mailen.

Saadan ser det ud, hvor der dog mangler lige den foerste del....men pyt:

root@maximus:~# /dist/admin/bin/add_user_auto.sh -d maximus -u jepper -f"Jeppe Groendahl Rasmussen" \ -g lsr -p XXXXXXXXXX -s 2315XXXX358B7XXX01665EBEB6C14:FFXX1E01F09XXX66BD5CXX614XXB59... cshrc desksetdefaults emacs login logout mailtool-init openwin-init profile mailcap mailrcdoneCreating /home/jepper/mail directoryCreating /home/jepper/News directoryCreating link from /home/jepper/mail/news to /home/jepper/NewsCreating /home/jepper/private directoryCreating /home/jepper/imapmail directory

NEW DOTFILES SUCCESFULLY INSTALLED

You have now been given new dot-files. The old files have beenplaced in the directory /home/jepper/OldDotFiles,so you can look at them and make your local modifications tothe new ones.

The files in question are: OWdefaults Xdefaults bash_logout bash_profile bashrc bash_aliases cshrc desksetdefaults emacs login logout mailtool-init openwin-init profile mailcap mailrc

Now: logout and login to make the changes effective.

WARNING: Aliases for rm and mv are now no longer included!!

Before, rm and mv asked you, if you really would like to remove a fileNow, you are no longer prompted.

If you are used to those aliases, then please consider to insert themin your .bach_aliases and .cshrc by including lines likealias mv=mv -ialias rm=rm -i+ rsh aegir /home/magnus/UNIX/admin/SunONE_Calendar/cli_add_sunone_ldap_user.php jepper Commandline argument: /home/magnus/UNIX/admin/SunONE_Calendar/cli_add_sunone_ldap_user.phpCommandline argument: jepperBinding ... uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRootSearching for (&(objectclass=posixAccount) (|(uid=jepper) (uidnumber=jepper) )) ...2 Search result is Resource id #5

Number of entires returned is 0.

Getting entries ...Data for 0 items returned:YP: miba.auc.dk, passwd.byname, aegir, jepper, .

YP: miba.auc.dk, passwd.byname, aegir, jepper, jepper:05BenPTCQVp82:10036:10036:Jeppe Groendahl Rasmussen:/home/jepper:/bin/bash.

Brugernavnet jepper er fundet i NIS:jepper:05BenPTCQVp82:10036:10036:Jeppe Groendahl Rasmussen:/home/jepper:/bin/bashUser: , , ,Dette er her ikke======================================================mail er [email protected]: http://www.hst.aau.dk/~jepperAdding: dn:uid=jepper,dc=hst,dc=auc,dc=dkou:

uid - jepper userpassword - {crypt}05BenPTCQVp82 cn - Jeppe Groendahl Rasmussen uidnumber - 10036

Page 35: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

35 of 127 11/10/08 12:44

gidnumber - 10036 givenname - Jeppe Groendahl sn - Rasmussen homedirectory - /home/jepper objectclass - Array 0 = top 1 = person 2 = organizationalPerson 3 = inetOrgPerson 4 = posixAccount telephonenumber - roomnumber - facsimiletelephonenumber - labeleduri - http://www.hst.aau.dk/~jepper title - gecos - Jeppe Groendahl Rasmussen mail - [email protected] loginshell - /bin/bash Add result is: 1

Error: Success

+ rsh aegir /pack/admin/bin/sunone_cal_activate_user.sh jepper uid=jepper,dc=hst,dc=auc,dc=dk has been enabledUnable to access calendar jepperCalendar jepper has been createdLDAP error 20: Type or value exists+ rsh aegir echo jepper >>/var/yp/ypfiles/alias.lsr + rsh ran echo "# Nyoprettelse af jepper lsr `date`" >> /home/amanda/HST/disklist + rsh ran echo "maximus /export/home/jepper user-csw-tar-zfs" >> /home/amanda/HST/disklist root@maximus:~#

Hvis man absolut vil se hvordan det ser ud i starten, saa er det her for en anden bruger :-) :

root@maximus:~# /dist/admin/bin/add_user_auto.sh -d maximus -u runem -f"Rune Mosbacher" \ -g lsr -p 05XXXXXXXXXXX -s 2BA6CFBB9XXXX36DXXXXE26XXXX8XXXX:01XXXXDB4XXXXC8CX93XXXF82BFXXX33Kaldes som: /dist/admin/bin/add_user_auto.sh -d maximus -u runem -fRune Mosbacher -g lsr -p 05XXXXXXXXXXX -s 2BA6CFBB9XXXX36DXXXXE26XXXX8XXXX:01XXXXDB4XXXXC8CX93XXXF82BFXXX33runem*: No such file or directoryCREATEPW=USERNAME=runemFULLNAME=Rune MosbacherGROUPNAM=lsrFILESERV=maximus============================================================================All seems to be ok, now doing the actual work-rw-rw-r-- 1 root root 1638 Jan 2 11:28 runem.sh+ rsh aegir echo "runem:*:10037:" >>/var/yp/ypfiles/group@miba + rsh aegir perl -p -i.bak.runem.lsr -e "s/(^lsr:.*)/\$1,runem/" /var/yp/ypfiles/group@miba + rsh aegir echo "runem:05XXXXXXXXXXX:10037:10037:Rune Mosbacher:/home/runem:/bin/bash" >>/var/yp/ypfiles/passwd.staff@lsr + rsh aegir echo "runem:10037:2BA6CFBB9XXXX36DXXXXE26XXXX8XXXX:01XXXXDB4XXXXC8CX93XXXF82BFXXX33:[U ]:LCT-3C8618C3:Rune Mosbacher" >>/pack/samba/private/smbpasswd + rsh aegir echo "runem -rw,nosuid,hard maximus:/export/home/&" >> /var/yp/ypfiles/[email protected] + rsh aegir (cd /var/yp && /usr/ccs/bin/make passwd group auto.home auto.stud auto.staff) Laver /var/yp/ypfiles/passwdfor i in /var/yp/ypfiles/passwd.stud@idefix /var/yp/ypfiles/passwd.stud@aegir /var/yp/ypfiles/passwd.stud@maximus /var/yp/ypfiles/passwd.staff@lsr /var/yp/ypfiles/passwd.staff@smi /var/yp/ypfiles/passwd.staff@mi /var/yp/ypfiles/passwd.staff@imm /var/yp/ypfiles/passwd.staff@mmds /var/yp/ypfiles/passwd.staff@ist /var/yp/ypfiles/passwd.staff@edb /var/yp/ypfiles/passwd.staff@guest /var/yp/ypfiles/passwd.staff@vchi /var/yp/ypfiles/passwd.staff@chat /var/yp/ypfiles/passwd.guest@aegir /var/yp/ypfiles/passwd.gruppe@aegir /var/yp/ypfiles/passwd.system@sys; do \ echo Merge $i with /var/yp/ypfiles/passwd; \ /var/yp/bin/merge_passwd.perl $i $i.merged /pack/admin/MASTER/live_passwd.kom /pack/admin/MASTER/live_passwd.pro; \done;Merge /var/yp/ypfiles/passwd.stud@idefix with /var/yp/ypfiles/passwdAdding new user: S_fjorbackAdding new user: kthe00Adding new user: sdag01Adding new user: arfc01...

./HSTsysadm/Aliases/index.php

AliasesJeg har vist ikke faaet dokumenteret dette foer nu, og har vist heller ikke taget det aktivt i brug foer nu. Men nu ser det det ud til at virke..saa jeg proever:

root@ran:/pack-local/amanda-2.4.4p4/etc/amanda/HST/log# time /opt/csw/apache/securedocs/HSTsysadm/bin/aliases2db.sh

real 0m1.423suser 0m0.230ssys 0m0.290s

Dette giver ihvertfald gode resultater mht grupperne :-)

/Magnus

./HSTsysadm/Aliases/Overgang/index.php

Aliases: Overgang fra YP til SysadmDB

Situationen 12/10-2008I oejeblikket retter vi aliases i YP paa aegir. Derfra bliver de saa synkroniseret til SysadmDB vha et script kaldt sync2db.sh som koerer paa hstsysadm zonen.

Saadan ser crontab ud paa hstsysadm, mht sync-jobs:

root@hstsysadm:/space/HSTsysadm/apache2_htdocs/HSTsysadm# crontab -l|grep sync|grep -v \#0,10,20,30,40,50 * * * * /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync_pws2db.sh 2>&1 | tee -a /tmp/sync_pws2db.out * * * * * /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync2db.sh >>/tmp/sync2db.out

Et overblik over dataflowet kan se paa figuren:

FIGUR: Dataflowet mht. Aliases -> DistributionLists

sync2db.sh

Dette er det som koerer i cron, og er bare et script som kalder de andre. Det som vedroerer aliases er fremhaevet.

root@hstsysadm:/space/HSTsysadm/apache2_htdocs/HSTsysadm# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync2db.sh#!/bin/sh

FILE=/tmp/sync2db.$$

(#echo ====passwd2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/passwd2db.sh 2>&1#echo ====group2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/group2db.sh 2>&1#echo ====smbpasswd2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/smbpasswd2db.sh 2>&1#echo ====aliases2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.sh 2>&1) 2>&1 >$FILE

if [ -s $FILE ]; then echo Subject: "[hstsysadm] /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync2db.sh" > ${FILE}.mail echo >> ${FILE}.mail echo >> ${FILE}.mail cat $FILE >> ${FILE}.mail /opt/csw/lib/sendmail -v [email protected],[email protected] <${FILE}.mailfirm $FILErm ${FILE}.mailroot@hstsysadm:/space/HSTsysadm/apache2_htdocs/HSTsysadm#

aliases2db.sh

Dette script henter aliases fra aegir, i dag er den betydende faktor. Den egentlige bearbejdning foregaar i et awk-script, som vises igen nedenunder. Men det er her ataendringerne i databasen foretages.

Page 36: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

36 of 127 11/10/08 12:44

root@hstsysadm:/# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.sh#!/bin/sh

MYSQL='/opt/csw/mysql5/bin/mysql'

#date/opt/csw/bin/ssh aegir cat /etc/aliases |\sed 's/ //g' |/opt/csw/bin/gawk -F: -f /opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.awk |\tee /tmp/update_aliases.sql |\$MYSQL --defaults-extra-file=/.my.cnf HSTsysadm#date

root@hstsysadm:/#

aliases2db.awk

Dette awk-script finder ud af at lave SQL kommandoer til at optadere databasen. Den soerger ogsaa for at evt include linier bliver expanderet ud til adresser.

root@hstsysadm:/# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.awk#/^#[a-zA-Z0-9\.#_-]*:/{print "====================" $0;next}/^#[a-zA-Z0-9\.#_-]*:/{next}/^#/{ comment=$0; next }/:include:/{if ( comment ){#print "## "commentcomment="";} #print "\#"$1": "$3":"$4;# print "rcp aegir:"$4" var/yp/ypfiles" alias=$1 #print "$1="$1 #print "$2="$2 #print "$3="$3 #print "$4="$4 addr="LISTEN" filename=$4 n=split($4,a,"/"); f=a[n]; file="/space/HSTsysadm/apache2_htdocs/HSTsysadm/includes/"f#print "File: " file while ( getline 0 ) { addr = addr "," $0#print addr; } addr = substr(addr,8); #print "$1="$1 #print "$2="$2 #print "$3="$3 #print "$4="$4 print "INSERT IGNORE INTO Aliases (`alias`,`addresses`,`file`,`aendret`,`ACL_R`,`ACL_W`) \ VALUES ('" alias "','" addr "','" filename "', now() ,',EDB,',',EDB,');"; print "UPDATE Aliases SET `addresses`='" addr "',`file`='"filename"',`aendret`=now() \ WHERE `alias`='"alias"' AND `addresses`!='" addr "';"; next}/\|/{if ( comment ){print "### "commentcomment="";}# print "PIPE: " $0 print "INSERT IGNORE INTO Aliases (`alias`,`addresses`,`aendret`,`ACL_R`,`ACL_W`) \ VALUES ('"$1"','"$2"', now(),',EDB,',',EDB,');"; print "UPDATE Aliases SET `addresses`='"$2"',`aendret`=now() \ WHERE `alias`='"$1"' AND `addresses`!='"$2"';"; next}{if ( comment ){print "#### "commentcomment="";} print "INSERT IGNORE INTO Aliases (`alias`,`addresses`,`aendret`,`ACL_R`,`ACL_W`) \ VALUES ('"$1"','"$2"', now(), ',EDB,',',EDB,');"; print "UPDATE Aliases SET `addresses`='"$2"',`aendret`=now() \ WHERE `alias`='"$1"' AND `addresses`!='"$2"';";}

root@hstsysadm:/#

Fra databasen til ZimbraVi vil jo gerne have disse data i databasen til at vaere de gaeldende, og derof skal vi kunne synkronisere fra databasen til Zimbra.

sync_distributionlist-hstsysadm-zimbra.sh

Dette script kan synkronisere et enkelt alias. Planen er saa, at lade databasen holde styr paa hvad den tror at er ok, og hvilke ting er blevet aendret. Der er et statusfelti databasen, og jeg forestiller mig at dette kan bruges til at vaere 0 hvis alt er ok, 1 hvis det er aendret, og kraever synkronisering til Zimbra, og -ve hvis det erinaktiveret, eller paa andre maader ikke skal bruges.

root@zimbra-store01:~# wc -l /root/bin/sync_distributionlist-hstsysadm-zimbra.sh125 /root/bin/sync_distributionlist-hstsysadm-zimbra.sh

#!/bin/shALIAS=$1# Maaske skal dette vaere valgfrit en dag, hvis vi faar andre domainerDL=$ALIAS"@hst.aau.dk"

DATE=`date +'%y%m%d-%H:%M:%S'`

#mv /tmp/sync_distributionlist-hstsysadm-zimbra.zm /tmp/sync_distributionlist-hstsysadm-zimbra.zm.old.$DATE

# Check foerst om den findes i databasen, og fortsaet kun hvis den findes

ssh hstsysadm /space/bin/get_alias.sh $ALIAS >/tmp/get_alias.out.$$#ls -l /tmp/get_alias.out.$$if [ ! -s /tmp/get_alias.out.$$ ]; then echo No such alias in database rm /tmp/get_alias.out.$$ exit 1else cat /tmp/get_alias.out.$$ |\ awk '{ n=split($2, a, ","); for (i=1; i<=n ; i++){ print a[i] } }' >/tmp/alias_$ALIAS.$$ #ls -l /tmp/alias_$ALIAS.$$ rm /tmp/get_alias.out.$$fi

###############################################################root@zimbra-store01:~# sudo -u zimbra /opt/zimbra/bin/zmprov help list|sed '/^$/d'# addDistributionListAlias(adla) {list@domain|id} {alias@domain}# addDistributionListMember(adlm) {list@domain|id} {member@domain}+# createDistributionList(cdl) {list@domain}# deleteDistributionList(ddl) {list@domain|id}# getAllDistributionLists(gadl) [{domain}]# getDistributionList(gdl) {list@domain|id} [attr1 [attr2...]]# getDistributionListMembership(gdlm) {name@domain|id}# modifyDistributionList(mdl) {list@domain|id} attr1 value1 [attr2 value2...]# removeDistributionListAlias(rdla) {list@domain|id} {alias@domain}# removeDistributionListMember(rdlm) {list@domain|id} {member@domain}# renameDistributionList(rdl) {list@domain|id} {newName@domain}

############################################################### distributionList [email protected] memberCount=1# mail: [email protected]# objectClass: zimbraDistributionList# objectClass: zimbraMailRecipient# uid: kaffestueudvalget# zimbraId: d8d5bc42-df42-40ca-aad5-9568970f5235# zimbraMailAlias: [email protected]# zimbraMailForwardingAddress: [email protected]# zimbraMailStatus: enabled

if ( sudo -u zimbra /opt/zimbra/bin/zmprov getDistributionList $DL >/tmp/getDistributionList.out.$$ ); then #ls -l /tmp/getDistributionList.out.$$ #cat /tmp/getDistributionList.out.$$ #echo Og saa er bare med at finde ud af hvad skal vaek og hvad skal ind... cat /tmp/getDistributionList.out.$$ |\ awk -v ALIAS=$ALIAS -v DD=$$ '/zimbraId:/{ zimbraId=$2 } /zimbraMailStatus:/{ zimbraMailStatus=$2 ; } /zimbraMailForwardingAddress:/{ zimbraMailForwardingAddress[$2]=$2 } END{ # Indlaes filen fra databasen, fjern den som er begge steder, og til sidst # ender man op med zimbraMailForwardingAddress[] indeholdende dem som er # i Zimbra og ikke i datbasen, og db[] som har dem som er kun i databasen. # FileName="/tmp/alias_"ALIAS"."DD #print "Laes filen: "FileName while ( getline < FileName >0){ #print "I DB: " $0 if ( zimbraMailForwardingAddress[$1] ){ # Den findes, saa inden grund til at goere noget her #print $1" findes allerede i Zimbra, saa den sletter vi lige" delete zimbraMailForwardingAddress[$1] } else { #print $1" skal nok tilfoejes til Zimbra?" db[$1]=$1 }

Page 37: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

37 of 127 11/10/08 12:44

} for ( alias in db ){ print "addDistributionListMember " zimbraId " "alias } for ( dl in zimbraMailForwardingAddress ){ if (dl == zimbraMailForwardingAddress[dl]){ print "removeDistributionListMember " zimbraId " " dl } } }'

rm /tmp/getDistributionList.out.$$else # En ny mailingliste? echo createDistributionList $DL for address in `cat /tmp/alias_$ALIAS.$$`; do echo addDistributionListMember $DL $address done fi

#rm /tmp/sync_distributionlist-hstsysadm-zimbra.zm.old.$DATEexit~~~~~~~~~~~~

Det som mangler nu er saadan set bare modet til at goere det :-)

/Magnus

./HSTsysadm/Overgang/index.php

XXX: Overgang fra YP til SysadmDBDette er bare en kopi af det som jeg begyndte paa under Aliases, indtil jeg kom i tanke om at jeg kun skulle skrive om aliases der, egentlig ;-)

Situationen 12/10-2008I oejeblikket retter vi aliases i YP paa aegir. Derfra bliver de saa synkroniseret til SysadmDB vha et script kaldt sync2db.sh som koerer paa hstsysadm zonen.

Saadan ser crontab ud paa hstsysadm, mht sync-jobs:

root@hstsysadm:/space/HSTsysadm/apache2_htdocs/HSTsysadm# crontab -l|grep sync|grep -v \#0,10,20,30,40,50 * * * * /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync_pws2db.sh 2>&1 | tee -a /tmp/sync_pws2db.out * * * * * /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync2db.sh >>/tmp/sync2db.out

Og saadan ser scriptene ud:

sync2db.sh

Dette er det som koerer i cron, og er bare et script som kalder de andre.

root@hstsysadm:/space/HSTsysadm/apache2_htdocs/HSTsysadm# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync2db.sh#!/bin/sh

FILE=/tmp/sync2db.$$

(#echo ====passwd2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/passwd2db.sh 2>&1#echo ====group2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/group2db.sh 2>&1#echo ====smbpasswd2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/smbpasswd2db.sh 2>&1#echo ====aliases2db.sh/opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.sh 2>&1) 2>&1 >$FILE

if [ -s $FILE ]; then echo Subject: "[hstsysadm] /opt/csw/apache2/share/htdocs/HSTsysadm/bin/sync2db.sh" > ${FILE}.mail echo >> ${FILE}.mail echo >> ${FILE}.mail cat $FILE >> ${FILE}.mail /opt/csw/lib/sendmail -v [email protected],[email protected] <${FILE}.mailfirm $FILErm ${FILE}.mailroot@hstsysadm:/space/HSTsysadm/apache2_htdocs/HSTsysadm#

passwd2db.sh

root@hstsysadm:/# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/passwd2db.sh#!/bin/sh

# Dette script indsaetter nye brugere i databasen, uden at oedelaegge noget for de gamle.# De gamle vil fejle paa at `username`,`uid`,`gid` findes i forvejen, og hoppe over dette.

# Saa der skal et andet script til at synkronisere live data

# Dette skal koeres som root, da den er den eneste som kan laese /.my.cnf# Det ville vaere bedre at have en speciel bruger til dette, ja....# /Magnus

MYSQL='/opt/csw/mysql5/bin/mysql'

#echo \# Antal brugere foer:PRECOUNT=`echo 'select count(*) from User' | $MYSQL --defaults-extra-file=/.my.cnf HSTsysadm|grep -v count`

#echo \# Nye brugere indsaettes#date;/opt/csw/bin/ssh ran ypcat passwd|\awk -F: '{print "INSERT IGNORE \ INTO `User` (`username`,`pwd`,`uid`,`gid`,`gecos`,`homedir`,`shell`,`oprettet`,`ACL_R`,`ACL_W`) \ VALUES (\""$1"\",\""$2"\",\""$3"\",\""$4"\",\""$5"\",\""$6"\",\""$7"\",now(),\",EDB,\",\",ROOT,\");"}' |\$MYSQL --defaults-extra-file=/.my.cnf HSTsysadm;#date#echo \# Antal brugere efter:POSTCOUNT=`echo 'select count(*) from User' | $MYSQL --defaults-extra-file=/.my.cnf HSTsysadm|grep -v count`ADDED=`expr $POSTCOUNT - $PRECOUNT`if [ "x0" != "x"$ADDED ]; then echo $ADDED new users addedfi

# Fra smbpasswd2db:#awk -F: '{print "UPDATE `User` SET `smbpwd`=\""$3":"$4"\" WHERE `username`=\""$1"\";"}' |\#/opt/csw/mysql4/bin/mysql --defaults-extra-file=/.my.cnf HSTsysadm;#echo#echo \# Synkroniserer password/opt/csw/bin/ssh ran ypcat passwd|\awk -F: '{print "UPDATE `User` SET `pwd`=\""$2"\" WHERE `username`=\""$1"\";"}' |\$MYSQL --defaults-extra-file=/.my.cnf HSTsysadm;

# 359 echo "select count(*) from User;" | /opt/csw/mysql4/bin/mysql --defaults-extra-file=/.my.cnf HSTsysadm; dateroot@hstsysadm:/#

group2db.sh

root@hstsysadm:/# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/group2db.sh#!/bin/sh

# Dette script indsaetter nye brugere i databasen, uden at oedelaegge noget for de gamle.# De gamle vil fejle paa at `username`,`uid`,`gid` findes i forvejen, og hoppe over dette.

# Saa der skal et andet script til at synkronisere live data

# Dette skal koeres som root, da den er den eneste som kan laese /.my.cnf# Det ville vaere bedre at have en speciel bruger til dette, ja....# /Magnus

MYSQL='/opt/csw/mysql5/bin/mysql'

#echo Koerer $0#date/opt/csw/bin/ssh ran ypcat group |\nawk -F: 'BEGIN{ print "UPDATE `Group` SET `status`=\"slettet\";"}{ if (substr($1,1,2)=="S_"){ status="S_"; $1=substr($1,3); } else { status="aktiv"; } #print $1":"$2":"$3":THEGROUP"; print "INSERT IGNORE INTO `Group` (`gruppe`,`gpwd`,`gid`,`user`,`oprettet`,`ACL_R`,`ACL_W`) \ VALUES (\""$1"\",\""$2"\",\""$3"\",\"THEGROUP\",now(),\",EDB,\",\",ROOT,\");" print "UPDATE `Group` SET `status`=\""status"\" WHERE `gid`=\""$3"\" AND `user`=\"THEGROUP\";" n=split($NF,a,","); for (i=1; i<=n; i++){

Page 38: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

38 of 127 11/10/08 12:44

#print $1":"$2":"$3":"a[i] print "INSERT IGNORE INTO `Group` (`gruppe`,`gpwd`,`gid`,`user`,`oprettet`,`ACL_R`,`ACL_W`) \ VALUES (\""$1"\",\""$2"\",\""$3"\",\""a[i]"\",now(),\",EDB,\",\",ROOT,\");" print "UPDATE `Group` SET `status`=\""status"\" WHERE `gid`=\""$3"\" AND `user`=\""a[i]"\";" }}' |\$MYSQL --defaults-extra-file=/.my.cnf HSTsysadm;#date#echo Done $0

#-- #-- Struktur-dump for tabellen `Group`#-- ##CREATE TABLE `Group` (# `gruppe` varchar(32) NOT NULL default '',# `gpwd` varchar(32) NOT NULL default '',# `gid` int(11) NOT NULL default '0',# `user` varchar(32) NOT NULL default '',# `oprettet` datetime NOT NULL default '0000-00-00 00:00:00',# `opdateret` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,# `udloeber` datetime NOT NULL default '0000-00-00 00:00:00',# `status` varchar(64) NOT NULL default '',# `kommentar` varchar(128) NOT NULL default '',# `ACL_R` text NOT NULL,# `ACL_W` text NOT NULL,# PRIMARY KEY (`gid`,`user`),# KEY `gruppe` (`gruppe`),# KEY `user` (`user`),# KEY `gid` (`gid`)#) ENGINE=MyISAM DEFAULT CHARSET=latin1;

root@hstsysadm:/#

smbpasswd2db.sh

root@hstsysadm:/# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/smbpasswd2db.sh#!/bin/sh

# Dette script indsaetter nye brugere i databasen, uden at oedelaegge noget for de gamle.# De gamle vil fejle paa at `username`,`uid`,`gid` findes i forvejen, og hoppe over dette.

# Dette skal koeres som root, da den er den eneste som kan laese /.my.cnf# Det ville vaere bedre at have en speciel bruger til dette, ja....# /Magnus

MYSQL='/opt/csw/mysql5/bin/mysql'

#klinge:43296:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Morten Klinge Laursen

#date;/opt/csw/bin/ssh aegir cat /pack/samba/private/smbpasswd |\awk -F: '{print "UPDATE `User` SET `smbpwd`=\""$3":"$4"\" WHERE `username`=\""$1"\";"}' |\$MYSQL --defaults-extra-file=/.my.cnf HSTsysadm;#date

# 359 echo "select count(*) from User;" | /opt/csw/mysql4/bin/mysql --defaults-extra-file=/.my.cnf HSTsysadm; dateroot@hstsysadm:/#

aliases2db.sh

root@hstsysadm:/# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.sh#!/bin/sh

MYSQL='/opt/csw/mysql5/bin/mysql'

#date/opt/csw/bin/ssh aegir cat /etc/aliases |\sed 's/ //g' |/opt/csw/bin/gawk -F: -f /opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.awk |\tee /tmp/update_aliases.sql |\$MYSQL --defaults-extra-file=/.my.cnf HSTsysadm#date

root@hstsysadm:/#

aliases2db.awk

root@hstsysadm:/# cat /opt/csw/apache2/share/htdocs/HSTsysadm/bin/aliases2db.awk#/^#[a-zA-Z0-9\.#_-]*:/{print "====================" $0;next}/^#[a-zA-Z0-9\.#_-]*:/{next}/^#/{ comment=$0; next }/:include:/{if ( comment ){#print "## "commentcomment="";} #print "\#"$1": "$3":"$4;# print "rcp aegir:"$4" var/yp/ypfiles" alias=$1 #print "$1="$1 #print "$2="$2 #print "$3="$3 #print "$4="$4 addr="LISTEN" filename=$4 n=split($4,a,"/"); f=a[n]; file="/space/HSTsysadm/apache2_htdocs/HSTsysadm/includes/"f#print "File: " file while ( getline 0 ) { addr = addr "," $0#print addr; } addr = substr(addr,8); #print "$1="$1 #print "$2="$2 #print "$3="$3 #print "$4="$4 print "INSERT IGNORE INTO Aliases (`alias`,`addresses`,`file`,`aendret`,`ACL_R`,`ACL_W`) \ VALUES ('" alias "','" addr "','" filename "', now() ,',EDB,',',EDB,');"; print "UPDATE Aliases SET `addresses`='" addr "',`file`='"filename"',`aendret`=now() \ WHERE `alias`='"alias"' AND `addresses`!='" addr "';"; next}/\|/{if ( comment ){print "### "commentcomment="";}# print "PIPE: " $0 print "INSERT IGNORE INTO Aliases (`alias`,`addresses`,`aendret`,`ACL_R`,`ACL_W`) \ VALUES ('"$1"','"$2"', now(),',EDB,',',EDB,');"; print "UPDATE Aliases SET `addresses`='"$2"',`aendret`=now() \ WHERE `alias`='"$1"' AND `addresses`!='"$2"';"; next}{if ( comment ){print "#### "commentcomment="";} print "INSERT IGNORE INTO Aliases (`alias`,`addresses`,`aendret`,`ACL_R`,`ACL_W`) \ VALUES ('"$1"','"$2"', now(), ',EDB,',',EDB,');"; print "UPDATE Aliases SET `addresses`='"$2"',`aendret`=now() \ WHERE `alias`='"$1"' AND `addresses`!='"$2"';";}

root@hstsysadm:/#

/Magnus

./HSTsysadm/Database_struktur/index.php

Database struktur

mysql> show tables;+---------------------+| Tables_in_HSTsysadm |+---------------------+| ACL || Aliases || Group || GroupBackup || GroupUsers || Hosts || User || VBN |

Page 39: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

39 of 127 11/10/08 12:44

+---------------------+

mysql> show columns from ACL;+--------+-------------+------+-----+---------+-------+| Field | Type | Null | Key | Default | Extra |+--------+-------------+------+-----+---------+-------+| group | varchar(16) | | MUL | | || user | varchar(16) | | | | || status | tinyint(4) | | | 0 | |+--------+-------------+------+-----+---------+-------+

mysql> show columns from Aliases;+-----------+--------------+------+-----+---------------------+-------+| Field | Type | Null | Key | Default | Extra |+-----------+--------------+------+-----+---------------------+-------+| alias | varchar(64) | | PRI | | || addresses | text | | | | || type | varchar(8) | | | | || file | varchar(128) | | | | || oprettet | timestamp | YES | | CURRENT_TIMESTAMP | || aendret | datetime | | | 0000-00-00 00:00:00 | || kommentar | text | | | | || ACL_R | text | | | | || ACL_W | text | | | | |+-----------+--------------+------+-----+---------------------+-------+

mysql> show columns from Group;ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Group' at line 1

mysql> show columns from GroupBackup;+-----------+--------------+------+-----+---------------------+-------+| Field | Type | Null | Key | Default | Extra |+-----------+--------------+------+-----+---------------------+-------+| gruppe | varchar(32) | | MUL | | || gpwd | varchar(32) | | | | || gid | int(11) | | PRI | 0 | || user | varchar(32) | | PRI | | || oprettet | timestamp | YES | | CURRENT_TIMESTAMP | || aendret | datetime | | | 0000-00-00 00:00:00 | || udloeber | datetime | | | 0000-00-00 00:00:00 | || status | varchar(64) | | | | || kommentar | varchar(128) | | | | || ACL_R | text | | | | || ACL_W | text | | | | |+-----------+--------------+------+-----+---------------------+-------+

mysql> show columns from GroupUsers;+-----------+--------------+------+-----+---------------------+-------+| Field | Type | Null | Key | Default | Extra |+-----------+--------------+------+-----+---------------------+-------+| gruppe | varchar(32) | | MUL | | || gpwd | varchar(32) | | | | || gid | int(11) | | PRI | 0 | || user | varchar(32) | | PRI | | || oprettet | timestamp | YES | | CURRENT_TIMESTAMP | || aendret | datetime | | | 0000-00-00 00:00:00 | || udloeber | datetime | | | 0000-00-00 00:00:00 | || status | varchar(64) | | | | || kommentar | varchar(128) | | | | |+-----------+--------------+------+-----+---------------------+-------+

mysql> show columns from Hosts;+-----------+-------------------------------------------------------+------+-----+---------------------+-------+| Field | Type | Null | Key | Default | Extra |+-----------+-------------------------------------------------------+------+-----+---------------------+-------+| hostname | varchar(64) | | | | || subnet | varchar(64) | | | | || mac | varchar(12) | | | | || ip | varchar(15) | | | | || aaunr | varchar(8) | | | | || status | enum('ny','aktiv','inaktiv','afregistreret','defekt') | | | ny | || oprettet | datetime | | | 0000-00-00 00:00:00 | || aendret | timestamp | YES | | CURRENT_TIMESTAMP | || udloeber | datetime | | | 0000-00-00 00:00:00 | || username | varchar(64) | | | | || kommentar | text | | | | |+-----------+-------------------------------------------------------+------+-----+---------------------+-------+

mysql> show columns from User;+--------------+--------------+------+-----+---------------------+----------------+| Field | Type | Null | Key | Default | Extra |+--------------+--------------+------+-----+---------------------+----------------+| id | mediumint(9) | | PRI | NULL | auto_increment || PERSON_ID | int(11) | | MUL | 0 | || PERSONALE_ID | int(11) | | MUL | 0 | || Ansat | tinyint(4) | | | 0 | || username | varchar(32) | | MUL | | || pwd | varchar(64) | | | | || smbpwd | varchar(65) | | | | || uid | int(11) | | MUL | 0 | || gid | int(11) | | MUL | 0 | || gecos | varchar(128) | | MUL | | || homedir | varchar(64) | | | | || shell | varchar(32) | | | | || oprettet | datetime | | | 0000-00-00 00:00:00 | || aendret | timestamp | YES | | CURRENT_TIMESTAMP | || udloeber | datetime | | | 0000-00-00 00:00:00 | || status | tinyint(4) | | | 0 | || kommentar | text | | | | || ACL_R | text | | | | || ACL_W | text | | | | |+--------------+--------------+------+-----+---------------------+----------------+

mysql> show columns from VBN;+----------+--------------+------+-----+---------+-------+| Field | Type | Null | Key | Default | Extra |+----------+--------------+------+-----+---------+-------+| username | varchar(32) | | PRI | | || id | int(11) | | MUL | 0 | || Name | varchar(128) | | | | |+----------+--------------+------+-----+---------+-------+

./HSTsysadm/VM_hstsysadm/index.php

VM-host hstsysadmDer skal vaere et system paa https://hstsysadm.hst.aau.dk/HSTsysadm/

Dette er bare klippet fra en shell, idet jeg 10/3-2008 lige proevede

./HSTsysadm/VM_hstsysadm/mysql5/index.php

Man skal nok laese filen /opt/csw/share/doc/mysql5/README.CSW, men den siger nu ikke saa meget... root@hstsysadm:/opt/csw/mysql5# bin/mysql_install_db bin/mysql_install_db:!: not found Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place foryour system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /opt/csw/mysql5/bin/mysqladmin -u root

Page 40: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

40 of 127 11/10/08 12:44

password 'new-password' /opt/csw/mysql5/bin/mysqladmin -u root -h hstsysadm.hst.aau.dk password 'new-password' Alternatively you can run:/opt/csw/mysql5/bin/mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by default. This is stronglyrecommended for production servers. See the manual for more instructions. You can start the MySQL daemon with: cd /opt/csw/mysql5 ; /opt/csw/mysql5/bin/mysqld_safe & You cantest the MySQL daemon with mysql-test-run.pl cd mysql-test ; perl mysql-test-run.pl Please report any problems with the /opt/csw/mysql5/bin/mysqlbug script! The latestinformation about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com Saa det goer jeg.../opt/csw/mysql5/bin/mysql_secure_installation naa, nej root@hstsysadm:/opt/csw/mysql5# svcadm clear cswmysql5 root@hstsysadm:/opt/csw/mysql5# svcs cswmysql5 STATE STIME FMRIonline 21:07:04 svc:/network/cswmysql5:default root@hstsysadm:/opt/csw/mysql5# og saa root@hstsysadm:/opt/csw/mysql5# PATH=/opt/csw/mysql5/bin:$PATHbin/mysql_secure_installation ....men, nej, det er heller ikke det :-\ /opt/csw/mysql5/share/mysql/quick_start-csw er maaske det rigtige? root@hstsysadm:/opt/csw/mysql5/var#/opt/csw/mysql5/share/mysql/quick_start-csw This is the blastwave quick start script to setup a MySQL5 database directory. The base directory is /opt/csw/mysql5. The defaultdatabase directory is /opt/csw/mysql5/var. If you have not setup a partition for the database and you want one; now is a good time to exit this script and create and mountthe partition. If you have not setup a my.cnf file and you do not want one of the sample files; now is a good time to exit and create the file /opt/csw/mysql5/my.cnf. Datadirectory: The default is /opt/csw/mysql5/var. Accept the default or enter a directory [?,q] my.cnf pathname: The default is either to use the supplied file in the basedirectory or to create one in the base directory from the small memory footprint sample. If your enter a pathname, it will be used to create the options file in the basedirectory. Accept the default or enter a pathname [?,q] Using /opt/csw/mysql5/share/mysql/my-small.cnf to create the options file. data directory is /opt/csw/mysql5/varContinue with installation or quit [y,n,?,q] y Setting up the database Creating MySQL core database in /opt/csw/mysql5/var ### The following messages are frommysql_install_db. /opt/csw/mysql5/bin/mysql_install_db: !: not found /opt/csw/mysql5/bin/mysql_install_db: !: not found Installing MySQL system tables... OK Filling helptables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL rootUSER ! To do so, start the server, then issue the following commands: /opt/csw/mysql5/bin/mysqladmin -u root password 'new-password' /opt/csw/mysql5/bin/mysqladmin -u root-h hstsysadm.hst.aau.dk password 'new-password' Alternatively you can run: /opt/csw/mysql5/bin/mysql_secure_installation which will also give you the option of removing thetest databases and anonymous user created by default. This is strongly recommended for production servers. See the manual for more instructions. You can start the MySQLdaemon with: cd /opt/csw/mysql5 ; /opt/csw/mysql5/bin/mysqld_safe & You can test the MySQL daemon with mysql-test-run.pl cd mysql-test ; perl mysql-test-run.pl Please reportany problems with the /opt/csw/mysql5/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buyingsupport/licenses at http://shop.mysql.com ### The following messages are from quick_start-csw. See /opt/csw/mysql5/share/mysql/doc/README.CSW for packaging changes. Pleaseignore references to starting mysqld_safe in the messages above. These messages are from mysql_install_db. See the following for starting CSWmysql5. To start mysqld; run`svcadm enable cswmysql5` on Solaris 10 or later root@hstsysadm:/opt/csw/mysql5/var# g saa /opt/csw/mysql5/bin/mysql_secure_installation root@hstsysadm:/opt/csw/mysql5#PATH=/opt/csw/mysql5/bin:$PATH bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACHSTEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the rootpassword yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter newpassword: Password updated successfully! Reloading privilege tables.. bin/mysql_secure_installation: !: not found By default, a MySQL installation has an anonymous user,allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother.You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ERROR 1045 (28000): Access denied for user 'root'@'localhost' (usingpassword: YES) ... Failed! SUK!! Jeg tvinger den lidt manuelt, indtil den virker.... Det er problem med genstart af mysql, eller reload priv...root@hstsysadm:/opt/csw/mysql5# change /opt/csw/mysql5/my.cnf saetter skip-networking ind. root@hstsysadm:/opt/csw/apache2/share/htdocs# scprod@ran:/opt/csw/apache/conf/ssl_certifikat/wildcard.hst.aau.dk.pem /opt/csw/apache2/etc/wildcard.hst.aau.dk.pem Og paahttps://wiki.systemsx.ch/display/ITDOC/Solaris+tips+and+tricks#Solaristipsandtricks-EnableSSLforapache2 er hints til hvordan det skal saettes op:

Enable SSL for apache2

SSL is disabled by default.The following is an example of how to enable it for the Blastwave apache2, but the same is true of the built-in apache2

-bash-3.00# svcprop -p httpd/ssl svc:/network/http:cswapache2false-bash-3.00# svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl=true-bash-3.00# svcadm refresh svc:/network/http:cswapache2-bash-3.00# svcprop -p httpd/ssl svc:/network/http:cswapache2true

Og det virker jo:

root@hstsysadm:/opt/csw/apache2/share/htdocs# svcprop -p httpd/ssl svc:/network/http:cswapache2falseroot@hstsysadm:/opt/csw/apache2/share/htdocs# svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl=trueroot@hstsysadm:/opt/csw/apache2/share/htdocs# svcprop -p httpd/ssl svc:/network/http:cswapache2falseroot@hstsysadm:/opt/csw/apache2/share/htdocs# svcadm refresh svc:/network/http:cswapache2root@hstsysadm:/opt/csw/apache2/share/htdocs# svcprop -p httpd/ssl svc:/network/http:cswapache2true

./HSTsysadm/Table_Access/index.php

Access tabellenDen skal beskrive hvem har adgang til hvad:

CREATE TABLE `HSTsysadm`.`Access` (`id` MEDIUMINT NOT NULL ,`nis` ENUM( "no", "inactive", "active" ) NOT NULL DEFAULT 'inactive',`radius` ENUM( "no", "inactive", "active" ) NOT NULL DEFAULT 'no',`ldap` ENUM( "no", "inactive", "active" ) NOT NULL DEFAULT 'no',`zimbra` ENUM( "no", "inactive", "active" ) NOT NULL DEFAULT 'no',PRIMARY KEY ( `id` )) ENGINE = MYISAM

Det nedenstaaende skulle saa betyde at magnus, som har id 2061 i MySQL databasen, skan distribueres ud som en aktiv bruger for alle de mulige:

INSERT INTO `HSTsysadm`.`Access` (`id` ,`nis` ,`radius` ,`ldap` ,`zimbra`)VALUES ('2061', 'active', 'active', 'active', 'active');

id nis radius ldap zimbra2061 active active active active

Vaerdierne "inactive" og "no" skal bruges til steder hvor vi maaske vil have deres UID kendt, uden at de af den grund kan logge ind. Nok ved at give dem en * i passwdfeltet...

Et testscript Check_passwd_diff.sh

root@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin# ./Check_passwd_diff.shaazi01:*000Qy4hnPv67E:52513:52513:Ahsan Aziz:/home/aazi01:/bi <

og dette er faktisk praecis den bruger som Henrik Benner proevede at slette som den foerste fra idefix ;-) Saa gik det lidt i staa, efter at det viste sig at aegir gik helti bongo mht YP :-\ Vores Makefile afhaenger voldsomt meget af idefix :-(

Og da vi aldrig sletter et brugernavn, saa vil det meget passende dukke op igen naar vi indfoerer at databasen bestemmer :-)

./HSTsysadm/Table_Automount/index.php

Tabellen AutomountDenne tabel skal vaere udgangspunktet for alle automountermaps.

Tabel definition

CREATE TABLE `HSTsysadm`.`Automount` (`id` MEDIUMINT NOT NULL AUTO_INCREMENT ,`name` VARCHAR( 32 ) NOT NULL ,`type` VARCHAR( 32 ) NOT NULL ,`host` VARCHAR( 32 ) NOT NULL ,`path` VARCHAR( 128 ) NOT NULL ,`options` VARCHAR( 32 ) NOT NULL ,`group` VARCHAR( 32 ) NOT NULL ,`comment` VARCHAR( 256 ) NOT NULL ,PRIMARY KEY ( `id` ) ,INDEX ( `name` , `type` , `host` , `group` )) ENGINE = MYISAM

og jeg kan allerede se, at der mangler en status, saaledes at man kan inaktivere dem som ikke bruges mere....

Et script til at fylde data i

Page 41: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

41 of 127 11/10/08 12:44

root@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin# ./Create_sql_for_automounter.sh

./Unattended_Install/index.php

Dokumentation til Unattended Install fra OdinDokumentation Install guide

Ikke dokumenteret features (aka. bugs)

Hvis du ikke vælger en workgroup stopper installationen senere og venter på at du skriver det.1.Du kan ikke skrive et krypteret password i winnt.sif (unattended.txt) for så kan installeren ikke selv finde ud af at logge ind2.

W.I.P Work-in-progress

Find et alternativ til AutoIt. Det er for ustabilt1.Få alle nødvendige programmer med i MASTER scriptene2.Update Office 2003 til Office 20073.

Software i de forskellige installationer

default.bat (Standard PC)

Office 2003 + ProofingtoolsPaintshop Pro XTotal CommanderAd-Aware PersonalFirefox 2.0Thunderbird 2.0Acrobat Professional 6.0Sophos Antivirus

basic.bat (PC med kun det mest nødvendige software)

Ad-Aware PersonalFirefox 2.0Thunderbird 1.5Sophos Antivirus

Software som ikke kan installeres med Unattended

Corel Draw X3

./Unattended_Install/Howto/index.php

Dokumentation til Unattended Install fra OdinDet er ret nemt at bruge de scripts som konfigurere installeren og installere windows, men der er et par ting som man skal have styr på. Denne guide er lavet somen "Windows unattended install for dummies" ;-) Når i har installeret en maskine en gang burde den ikke være nødvendig mere.

Boot og Partitionering

Inden du kan boote maskinen på netværket skal MAC addressen skrives ind i dhcpd.conf på odin. Der efter kan du boote den ved at bruge "et stik" med vlan 38

Når maskinen er bootet til Unattended menuen har du to muligheder. Du kan enten skrive linux eller direkte vælge en driver."Linux" vil starte installeren med en linux kerne. Det ændre ikke på noget ud over at du ikke selv skal vælge en driver, Linux kernen gør det for dig. Du slipperogså for at genstate hvis du ændre på partitionerne."undis3c" vil boote installeren med et DOS ligende system. I stedet for undis3c kan du skrive et drivernavn direkte hvis du ved hvilket netkort der sidder i computeren.

Jeg vil helt sikkert anbefale "linux". Den eneste forskel er at den manuelle partitionering er anderledes i linux og at du slipper for en masse problemer.Desværre kan man nogen gange finde en computer med et netkort som linux ikke kender og det kan derfor være nødvendigt at bruge den anden.

Liste over kompatible computere/netkort

Unattended settings

Her under er en tabel over hvad du skal svare ved de forskellige spørgsmål. Nogen af dem er vigtigt da andre scripts afhænger af dem.Du vil på et tidspunkt blive bedt om at vælge OS, men det burde ikke være så svært at vælge ;-)

Enter Computer name Valgfri

Enter the organization name for this machine hst

Enter the user's full name for this machine Gør ikke noget, men der skal stå et eller andet her

Join workstation to workgroup hst

Enter NTP servers, separated by spaces Valgfri

Vælg software

Du skal nu vælge hvilken type computer du vil installere. Disse scripts indeholder alle nødvendige programmer for den valgte installation.Når du har valgt typen kan du bagefter vælge ekstra software som ikke følger med som standard (Se en liste over hvilket software der følger med HER. Til sidst skal du trykke "4" (Continue) for at starte installationen men mindre du kan lave nogle manuelle ændringer i de scripts som installere det hele for dig.

Installing...

Når installationen er igang kan du godt lave noget kaffe, for det tager lang tid. Kombinationen af at det hele foregår over nettet og at der er en masse driverssom koiperes med gør at hele installationen godt kan tage 2 til 2½ time. Computeren vil genstarte MANGE gange så hvis der er mulighed for det så sluk højtalerne.

Efter installationen

En Unattended install kan meget, men ikke alt. Følgende ting skal laves manuelt:

Skift administrator password fra "123" til det rigtigeOpret brugeren med mail, netværksdrev, printere, osv.Slet mappen c:\netinst

./Unattended_Install/Dokumentation/index.php

Dokumentation til Unattended Install fra OdinJeg har brugt Henriks guide til at installere det nødvendige software, men er blevet nød til at lave nogle ændringer så det passer sammen med Solaris

Henriks guide

Vi har vist ikke login...endnu ;-) Jeg snakker lige med dem og høre om det er muligt at få adgang

Mine rettelser og notater

Konfigurer dhcpd

Opret filen /opt/csw/etc/dhcp.leases

root@odin:~# touch /opt/csw/etc/dhcp.leases

Opret filen /opt/csw/etc/dhcpd.conf og editer den

Page 42: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

42 of 127 11/10/08 12:44

root@odin:~# touch /opt/csw/etc/dhcp.conf

root@odin:~# cat /opt/csw/etc/dhcp.conf

allow booting;allow bootp;ddns-update-style none;

shared-network TESTNET{ default-lease-time 3600; max-lease-time 7200; subnet 10.11.12.0 netmask 255.255.255.0 { deny unknown-clients; }}

group { next-server 10.11.12.132; option root-path "/tftpboot"; filename "pxelinux.0";

host test-install { hardware ethernet 00:06:5B:E7:52:C0; fixed-address 10.11.12.100; } }

Test dhcpd.conf med: (HUSK at det måske er et andet interface en ge0 som er brugt her)

thk@odin:~# sudo /opt/csw/sbin/dhcpd -T -cf /opt/csw/etc/dhcpd.conf ge0

Start dhcpd med: (Hvis testen er "ok")

thk@odin:~# sudo /opt/csw/sbin/dhcpd -cf /opt/csw/etc/dhcpd.conf ge0

Start tftp

"Aktiver" tftp i /etc/inetd.conf og opret mappen /tftpboot

thk@odin:~# sudo mkdir /tftpboot

Start tftp med:

thk@odin:~# sudo /usr/sbin/inetconv

Samba

Opret mappen /smbboot

thk@odin:~# sudo mkdir /smbboot

Installer samba med:

thk@odin:~/NetInstall/TEMP# sudo /opt/csw/bin/pkg-get -i samba

./Unattended_Install/Notater/index.php

NotaterListe over kompatible computere/netkort

./Unattended_Install/Notater/Driver_liste/index.php

Liste over kompatible computere/netkortHer er en liste over hvilke computere jeg har testet og hvilke driver som skal bruges. Tilføj selv andre

Dell

Optiplex GX260 linux

Optiplex GX270 linux

Optiplex 520 undis3c

Latitude C510 linux

./Magnus2007/index.php

En oversigt over de forskellige opgaver

Warning: main(blokplan.map) [function.main]: failed to create stream: No such file or directory in /pack-sol2/www-docs/sysadmnetoffline/DetHele.php on line 6650

Warning: main() [function.main]: Failed opening 'blokplan.map' for inclusion (include_path='.:/pack/php-4.3.1/lib/php') in /pack-sol2/www-docs/sysadmnetoffline/DetHele.php on line 6650

./Magnus2007/aegir/index.php

Oprydning paa HSTDer er flere ting i det:

shares fra aegirse med share kommandoen.

1.

services paa aegir2.toemme diske paa aegir3.Goere os uafhaengige af idefix

/pack/admin//home directories fra idefix. Flytte folk til zfs lokalt.

4.

Flytte YP over til en anden maskine, eller droppe den til fordel for HSTsysadm5.Alle de ting som Magnus koerer skal aendres til at koere lokalt6.SunONE kan vist ikke saadan liiiiige flyttes!!7.Alt det med bootptab->namedb flyttes til HSTsysadm8.Apache flyttes9.MySQL. Der er nogle vigtige databaser paa aegir:

V-chiSTADSNetDocWebNews

De skal selvfoelgelig flyttes til noget andet.

10.

sendmail over til tibialis, sammen med alt det andet omkring mail.Den skal bare have zfs til at have alle de mailting paa.

11.

get_mac_addresses_only.pl fra NetDoc systemet12.SFS ....bruges det overhovedet mere?13.

Page 43: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

43 of 127 11/10/08 12:44

Fysisk at flytte flere diske over paa tibialis/soleus14.Fysisk at flytte controllere til tibialis/soleus15.

ARGGHHH, hvem prioriterer dette??

./Magnus2007/smtp_til_tibialis/index.php

Det er snart at tibialis skal overtage som smtp server. (traels at den ikke er en zone, men...)

Det er vigtigt at vi kan saette smtp op til at koere som smtps, altsaa over SSL. Med brugernavn og password, saaledes at folk kan sende mail via den fra alslagsdimser som er paa nettet.

Vi har en test koerende nu, men det er uden brugernavn, saa det er lidt af et hul.

Her er lidt om status nu:

root@tibialis:/# df -k /var/mail/.Filesystem kbytes used avail capacity Mounted onaegir:/d115/mail 34815310 28175107 6466129 82% /var/mail

root@tibialis:/etc/mail# ps -ef|grep sendmail root 382 1 0 May 23 ? 3:45 /opt/csw/lib/sendmail -L sm-mta -bd -q15m smmsp 372 1 0 May 23 ? 0:08 /opt/csw/lib/sendmail -L sm-msp -Ac -q15m

root@tibialis:/# /usr/lib/sendmail -v -bv magnus/home/magnus/.forward: line 1: forwarding to "|IFS=' '&&exec /dist/bin/procmail -Y -f-||exit 75 #magnus""|IFS=' '&&exec /dist/bin/procmail -Y -f-||exit 75 #magnus"... deliverable: mailer prog, user "|IFS=' '&&exec /dist/bin/procmail -Y -f-||exit 75 #magnus"

Jeg bruger sendmail fra Blastwave. Ved ikke om det er en god beslutning eller ej...

Det betyder ihvertfald at det er nogle andre steder man skal lede.

root@tibialis:/etc/mail# strings /opt/csw/lib/sendmail|grep /etc//opt/csw/etc/mail/sendmailvars/etc/mail/service.switch/etc/hosts/opt/csw/etc/mail//opt/csw/etc/mail/sendmail.cf/opt/csw/etc/hosts.allow/opt/csw/etc/hosts.denyroot@tibialis:/etc/mail#

Jeg har dog lavet links flere steder, saaledes at tingene passer. Som eksempel, saa er jeg hvordan man laver nye aliases. Eller fortaeller sendmail at nu maa denlave sin database paa ny:

root@tibialis:/etc/mail# type -a newaliasesnewaliases is /usr/sbin/newaliasesroot@tibialis:/etc/mail# ls -l /usr/sbin/newaliaseslrwxrwxrwx 1 root other 21 Feb 16 22:09 /usr/sbin/newaliases -> /opt/csw/lib/sendmailroot@tibialis:/etc/mail# /usr/sbin/newaliases/etc/mail/aliases: 12 aliases, longest 10 bytes, 138 bytes total

Ufff, gad vide hvor de forskellige leder:

root@tibialis:/opt/csw/etc/mail# grep /etc/mail sendmail.cfFw/etc/mail/local-host-namesFR-o /etc/mail/relay-domainsF{G}/etc/mail/generics-domainsF{M}/etc/mail/masquerade-domainsKvirtuser dbm /etc/mail/virtusertableKgenerics hash /etc/mail/genericstableKaccess hash -T -o /etc/mail/accessO AliasFile=/etc/mail/aliases#O ErrorHeader=/etc/mail/error-headerO HelpFile=/etc/mail/helpfileO ForwardPath=/etc/mail/forward/$u:/etc/mail/studimap_forward/$u:$z/.forward.$m:$z/.forwardO StatusFile=/etc/mail/statistics#O UserDatabaseSpec=/etc/mail/userdb#O ServiceSwitchFile=/etc/mail/service.switch#O DefaultAuthInfo=/etc/mail/default-auth-info#Ft/etc/mail/trusted-usersF{LocalIP} /etc/mail/LocalIP

Her er sendmail.cf filen lavet:

root@tibialis:/opt/csw/etc/mail# ls -l /opt/csw/share/mail/cf/mibaserver.mc-rw-r--r-- 1 root root 3474 Feb 16 22:27 /opt/csw/share/mail/cf/mibaserver.mc

Og saa er rays filteret stadig aktivt:

root@tibialis:/opt/csw/etc/mail# ls -l /var/run/rays_filter-1.14_mf-socketsrwxr-xr-x 1 root root 0 May 29 11:24 /var/run/rays_filter-1.14_mf-socket

Rays filteret bruges ogsaa

root@tibialis:/opt/csw/etc/mail# /etc/init.d/rays-filter start+ echo Starting rays-filter2 Starting rays-filter2+ echo ...done ...done+ nohup /space/local/rays-filter/rays-filter2 -p local:/var/run/rays_filter-1.14_mf-socket -d /space/mf/rays_filter-1.14/etc

./Magnus2007/mbx_som_default/index.php

./Magnus2007/aegir_toemmes_for_services/index.php

./Magnus2007/aegir_toemmes_for_shares/index.php

./Magnus2007/SysadmDB/passwd/index.php

passwd delen af SysadmDBHvad vi har i databasen er saadan set rimelig taet paa hvad vi har i tabellen nu.

Men om det er LDAP eller shadow mm. som vi skal bruge, det ved jeg ikke helt endnu. MEget haelder over til LDAP, hvis vi kan faa samba til at bruge LDAP ogsaa.

En vigtig ting er hvilken maade man kan aendre sit password i LDAP. Jeg mener at vi skal gemmee baade en version som UNIX kan forstaa, og en som windows kanforstaa. Selvfoelgelig kan vi blive ved med at brube den horrible halv-cleartekst version som vi har nu, men....det er nu ikke noget som jeg bryder mig om :-(Hvis nogle slemme nogle havde faaet fat i den fil, saa var hele vores netvaerk aabent for dem.

./Magnus2007/SysadmDB/group/index.php

group delen af SysadmDB

Page 44: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

44 of 127 11/10/08 12:44

Denne del boer nok ogsaa komme ind i LDAP.

./Magnus2007/LDAP/index.php

LDAP tankermagnus@gracilis:~/public_html/EDB/ldapbrowser/lbe.sh er en udemaerket ldap browser. Den giver mig overblik over hvad man nu engang har.

I magnus@gracilis:~/public_html/EDB/MigrationTools-47 ligger ogsaa noget som jeg kan bruge til at konvertere vores passwd filer til LDAP. Her er en meget godlaesning: http://www.opensourcehowto.org/how-to/samba/openldap-lam-samba-as-pdc.html

./Magnus2007/multimus01/Zone-wwwproxy/ftp-gw/index.php

ftp-gwHer er lige nok til at kunne finde ud af det. Det var lidt sjovt at kopilere den, det kan man se lidt nede i root@wwwproxy:/TIS/fwtk

~/UNIX/admin/TIS

root@wwwproxy:/TIS/fwtk/ftp-gw# ln -s /etc/init.d/ftp-gw /etc/rc2.d/S99ftp-gw

root@wwwproxy:/# /etc/init.d/ftp-gw start-n ftp-gwroot@wwwproxy:/# ps -ef|grep ftp root 1693 497 0 22:38:15 ? 0:00 /dist/sbin/ftp-gw -daemon 21

./Magnus2007/multimus01/Zone-wwwproxy/index.php

wwwproxy zonenHer koerer squid og ftp-gw.

Det hele er testet, men den har ikke overtaget ansvar for disse services endnu. Det er udelukkende spoergsmaal om tid :-(

./Magnus2007/multimus01/index.php

multimus01 maskinenDe maskiner som har zoner paa, kaldes multimusXX. Det kommer saadan set bare fra maximus, sammenholdt med at det er systemadministratorens handle ihacker-kredse. (I ordets oprindelige betydning, ikke de slemme nogen)

Selve multimus-hosten har ikke meget koerende, hvis noget. Alt skal koere i zoner, som saa kan flyttes, hvis det skal vaere.

Der er dog undtagelser:

dhcpd kan ikke koere i en zone endnu. Derfor skal den koere i global zonen, eller slet ikke paa en zone-host.1.kqemu koerer i global zonen, men Joergen Olesen har et bud....2.Evt. services som andre afhaenger af. De skal nok ikke koere i en zone, da det vil kunne skabe en dead-lock :-(3.

Vi proever at have beskrivelser af de forskellige zone-hosts herunder, med beskrivelse af de zoner som de koerer, samt hvordan de saettes op og koerer.

Der er lidt paa http://www.solarisinternals.com/wiki/index.php/Zones_Resource_Controls#FSS omkring hvordan man saetter en maskine op til at dele paent ud afressourcerne,s aaledes at alle faar sin Fair Share.

Der er faktisk masser af gode dokumenter paa Suns sider. http://docs.sun.com/app/docs/doc/819-2450/6n4o5mdcf#hic http://opensolaris.org/os/community/zones/

./Magnus2007/multimus01/Zone-ciscoadm/index.php

Cisco admin zonenAdmin VLAN er 419. ifconfig e1000g419003 inet 192.168.85.5 netmask 255.255.255.0

root@multimus01:/tmp# zfs create sataboy/zones/ciscoadmroot@multimus01:/tmp# zfs create sataboy/zones/root@multimus01:/tmp# mkdir /sataboy/zones/ciscoadm/zoneroot@multimus01:/tmp# chmod 700 !$chmod 700 /sataboy/zones/ciscoadm/zoneroot@multimus01:/tmp# zonecfg -z ciscoadmciscoadm: No such zone configuredUse 'create' to begin configuring a new zone.zonecfg:ciscoadm> createzonecfg:ciscoadm> set autoboot=truezonecfg:ciscoadm> set zonepath=/sataboy/zones/ciscoadm/zonezonecfg:ciscoadm> add netzonecfg:ciscoadm:net> set address=192.168.85.2zonecfg:ciscoadm:net> set physical=e1000g419003zonecfg:ciscoadm:net> endzonecfg:ciscoadm> infozonename: ciscoadmzonepath: /sataboy/zones/ciscoadm/zoneautoboot: truepool: limitpriv: inherit-pkg-dir: dir: /libinherit-pkg-dir: dir: /platforminherit-pkg-dir: dir: /sbininherit-pkg-dir: dir: /usrnet: address: 192.168.85.2 physical: e1000g419003

zonecfg:ciscoadm> verifyzonecfg:ciscoadm> commitzonecfg:ciscoadm> exit

root@multimus01:/tmp# zoneadm list -cv ID NAME STATUS PATH 0 global running / 1 wwwproxy running /sataboy/zones/wwwproxy/zone 2 unattended running /sataboy/zones/unattended/zone 5 qemu01 running /sataboy/zones/qemu01/zone 6 qemu02 running /sataboy/zones/qemu02/zone 8 ldap01 running /sataboy/zones/ldap01/zone - ciscoadm configured /sataboy/zones/ciscoadm/zone

root@multimus01:/tmp# zoneadm -z ciscoadm verifyroot@multimus01:/tmp# time zoneadm -z ciscoadm installPreparing to install zone .Creating list of files to copy from the global zone.Copying <2476> files to the zone.Initializing zone product registry.Determining zone package initialization order.Preparing to initialize <993> packages on the zone.Initialized <993> packages on zone. Zone is initialized.The file contains a log of the zone installation.

real 2m16.449suser 0m31.616s

Page 45: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

45 of 127 11/10/08 12:44

sys 1m5.002s

root@multimus01:/tmp# tail /etc/netmasks## Both the network-number and the netmasks are specified in# "decimal dot" notation, e.g:## 128.32.0.0 255.255.255.0#130.225.49.0 255.255.255.010.11.12.0 255.255.255.010.33.1.0 255.255.255.0192.168.85.0 255.255.255.0

root@multimus01:/tmp# time zoneadm -z ciscoadm boot

real 0m3.188suser 0m0.008ssys 0m0.010sroot@multimus01:/tmp# zoneadm list -cv ID NAME STATUS PATH 0 global running / 1 wwwproxy running /sataboy/zones/wwwproxy/zone 2 unattended running /sataboy/zones/unattended/zone 5 qemu01 running /sataboy/zones/qemu01/zone 6 qemu02 running /sataboy/zones/qemu02/zone 8 ldap01 running /sataboy/zones/ldap01/zone 9 ciscoadm running /sataboy/zones/ciscoadm/zone

root@multimus01:/tmp# zonecfg -z ciscoadmzonecfg:ciscoadm> add netzonecfg:ciscoadm:net> set address=130.225.49.252zonecfg:ciscoadm:net> set physical=e1000g30003zonecfg:ciscoadm:net> endzonecfg:ciscoadm> infozonename: ciscoadmzonepath: /sataboy/zones/ciscoadm/zoneautoboot: truepool: limitpriv: inherit-pkg-dir: dir: /libinherit-pkg-dir: dir: /platforminherit-pkg-dir: dir: /sbininherit-pkg-dir: dir: /usrnet: address: 192.168.85.2 physical: e1000g419003net: address: 130.225.49.252 physical: e1000g30003zonecfg:ciscoadm> verifyzonecfg:ciscoadm> commitzonecfg:ciscoadm> exit

root@multimus01:/tmp# time zoneadm -z ciscoadm reboot

real 0m3.390suser 0m0.004ssys 0m0.005s

AAAHHHHH, husk nu det her!!

root@multimus01:/tmp# zlogin -C ciscoadm [Connected to zone 'ciscoadm' console]og saa saettes timezone osv

bash-3.00# svcadm disable telnetbash-3.00# svcadm disable sendmail

root@multimus01:~# pkgrm SUNWtnetd SUNWtnetr## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone ## Verifying package dependencies in zone

The package depends onpackage currently being removed from zone .

The package depends onpackage currently being removed from zone .

The package depends onpackage currently being removed from zone .

The package depends onpackage currently being removed from zone .

The package depends onpackage currently being removed from zone .

The package depends onpackage currently being removed from zone .

Dependency checking failed for package on zones.

Do you want to continue with the removal of [y,n,?] yThe package contains scripts which will be executed onzones withsuper-user permission during the process of removing this package.

Do you want to continue with the removal of [y,n,?] y

The following package is currently installed: SUNWtnetd Telnet Server Daemon (Usr) (i386) 11.10.0,REV=2005.01.21.16.34

Do you want to remove this package? [y,n,?,q] y## Removing package from zone

## Removing installed package instance ## Processing package information in zone .## Removing pathnames in class in zone /usr/sbin/in.telnetd /usr/sbin /usr ## Updating system information in zone .

Removal of from zone was successful.## Removing package from zone

Page 46: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

46 of 127 11/10/08 12:44

## Removing installed package instance ## Processing package information in zone .## Removing pathnames in class in zone /usr/sbin/in.telnetd /usr/sbin /usr ## Updating system information in zone .

Removal of from zone was successful.## Removing package from zone

## Removing installed package instance ## Processing package information in zone .## Removing pathnames in class in zone /usr/sbin/in.telnetd /usr/sbin /usr ## Updating system information in zone .

Removal of from zone was successful.## Removing package from zone

## Removing installed package instance ## Processing package information in zone .## Removing pathnames in class in zone /usr/sbin/in.telnetd /usr/sbin /usr ## Updating system information in zone .

Removal of from zone was successful.## Removing package from zone

## Removing installed package instance ## Processing package information in zone .## Removing pathnames in class in zone /usr/sbin/in.telnetd /usr/sbin /usr ## Updating system information in zone .

Removal of from zone was successful.## Removing package from zone

## Removing installed package instance ## Processing package information in zone .## Removing pathnames in class in zone /usr/sbin/in.telnetd /usr/sbin /usr ## Updating system information in zone .

Removal of from zone was successful.

## Removing installed package instance ## Processing package information.## Removing pathnames in class /usr/sbin/in.telnetd/usr/sbin /usr ## Updating system information.

Removal of was successful.

The following package is currently installed: SUNWtnetr Telnet Server Daemon (Root) (i386) 11.10.0,REV=2005.01.21.16.34...Removal of from zone was successful.

## Removing installed package instance ## Processing package information.## Removing pathnames in class ## Removing pathnames in class /etc/default/telnetd## Removing pathnames in class /var/svc/manifest/network /var/svc/manifest /var/svc /var /etc/default /etc ## Updating system information.

Removal of was successful.root@multimus01:~#

root@multimus01:~# pkginfo |grep -i telnetsystem SUNWtnetc Telnet Command (client)

bash-3.00# svcs -l telnetsvcs: Pattern 'telnet' doesn't match any instancesbash-3.00# svcs -a|grep telnetbash-3.00#

YES!!

root@multimus01:~# cp /sataboy/zones/ldap01/zone/root/.bashrc /sataboy/zones/ciscoadm/zone/root/.bashrc

root@ciscoadm:/# tail -3 /etc/inetd.conf# TFTPD - tftp server (primarily used for booting)#tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboottftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot

root@ciscoadm:/# inetconv inetconv: Notice: Service manifest for 100235/1 already generated as /var/svc/manifest/network/rpc/100235_1-rpc_ticotsord.xml, skippedtftp -> /var/svc/manifest/network/tftp-udp6.xmlImporting tftp-udp6.xml ...Doneroot@ciscoadm:/#

root@ciscoadm:/# inetadm |grep tftpenabled online svc:/network/tftp/udp6:default

cisk612a#copy flash:/vlan.dat tftp://192.168.85.2/aaunet_vlan.datAddress or name of remote host [192.168.85.2]? Destination filename [aaunet_vlan.dat]? !!!!12796 bytes copied in 0.033 secs (387758 bytes/sec)cisk612a#

cisk612a(vlan)#vtp transparent cisk612a(vlan)#vtp domain hstnet password hstPWnetDomain name already set to hstnet .Setting device VLAN database password to hstPWnetcisk612a(vlan)#vtp serverSetting device to VTP SERVER mode.43 22 61 61sdm prefer default desktop

cisk612a(config)#sdm prefer default desktop Changes to the running SDM preferences have been stored, but cannot take effect until the next reload.Use 'show sdm prefer' to see what SDM preference is currently active.

Page 47: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

47 of 127 11/10/08 12:44

cisk612a(config)#

cisk612a#show sdm prefer The current template is "aggregate default" template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 6K number of IPv4 IGMP groups + multicast routes: 1K number of IPv4 unicast routes: 12K number of directly-connected IPv4 hosts: 6K number of indirect IPv4 routes: 6K number of IPv4 policy based routing aces: 0 number of IPv4/MAC qos aces: 896 number of IPv4/MAC security aces: 1K On next reload, template will be "desktop default" template. cisk612a#

Jeg kommer fra vty0

Paa alle de andre har jeg:

cisk609a#conf termEnter configuration commands, one per line. End with CNTL/Z.

cisk609a(config)#vtp mode transparentSetting device to VTP TRANSPARENT mode.cisk609a(config)#vtp domain hstnetcisk609a(config)#vtp password hstPWnetSetting device VLAN database password to hstPWnetcisk609a(config)#vtp mode clientSetting device to VTP CLIENT mode.

cisk609a(config)# interface vlan419cisk609a(config-if)# ip address 192.168.85.90 255.255.255.0

cisk609a(config)#line vty 0 4cisk609a(config-line)#logincisk609a(config-line)#line vty 5 15cisk609a(config-line)#logincisk609a(config-line)#exitcisk609a(config)#exitcisk609a#wr memBuilding configuration...[OK]cisk609a#

./Magnus2007/multimus01/Zone-ciscoadm/MRTG/index.php

MRTGDer er lige en forudsaetning for at scriptene virker:

root@ciscoadm:/space/Cisco_admin/MRTG# ll cisco_switche.txt lrwxrwxrwx 1 root root 28 Jun 30 23:04 cisco_switche.txt -> ../DoCisco/cisco_switche.txt

Og, ja, der er da nogls scripts, da je slet ikek kan huske alt det der selv ;-)

root@ciscoadm:/space/Cisco_admin/MRTG# ll *sh-rwxr-xr-x 1 root root 122 Jun 30 23:36 cronjob.sh*-rw-r--r-- 1 root root 140 Jul 1 00:54 make_NetGraf_links.sh-rwxr-xr-x 1 root root 422 Jun 30 23:30 prepare_mrtg_for_all_switches.sh*

Og for at opdatere det hele, har vi et cron-entry. Lige nu er dette for root, men det ville sikkert vaere smart at have en bruger kun til dette. Dog kan manargumentere for, at root i zonen bare er en normal bruger. ...

root@ciscoadm:/space/Cisco_admin/MRTG# crontab -l|grep MRTG0,5,10,15,20,25,30,35,40,45,50,55 * * * * /space/Cisco_admin/MRTG/cronjob.sh

./Magnus2007/multimus01/Zone-ciscoadm/DoCisco/index.php

DoCisco scripteneJeg har taget scriptene fra aegir,og har installeret tcl og expect, for at faa dem til at virke i zonen.

Her er et lille udsnit af de filer som jeg har lavet nu:

root@ciscoadm:/space/Cisco_admin/DoCisco# ll do_cisco save_get_config put_load_config put_load_config_and_reload show_cdp_neighbors-rwxr-xr-x 1 root root 2875 Jun 26 15:14 do_cisco*-rw-r--r-- 1 root root 587 Jun 28 21:13 put_load_config-rw-r--r-- 1 root root 560 Jun 28 21:15 put_load_config_and_reload-rw-r--r-- 1 root root 518 Jun 28 18:44 save_get_config-rw-r--r-- 1 root root 575 Jun 28 21:28 show_cdp_neighbors

Der er ogsaa nogle scripts som bruges til andre ting, saasom find_neighbors_new.sh og update_switch_versions.sh.

./Magnus2007/multimus01/Zone-ciscoadm/VMPS/index.php

Jeg har bare kompileret den paa ny, kopieret vmpsd.db filen fra aegir og startet den manuelt nu. Vil gerne lave den som en service under svcs.

root@ciscoadm:/space/Cisco_admin/VMPS# /usr/ucb/ps auxwwwww|grep vmps|grep -v greproot 3042 0.0 0.0 1872 892 ? S Jun 28 0:00 /space/Cisco_admin/VMPS/bin/vmpsd \-l 0x0807 -e /space/Cisco_admin/VMPS/bin/dictate_vlan.pl -f /space/Cisco_admin/VMPS/etc/vmpsd.db

Og her kan man se hvilket script styrer det med vlans:

root@ciscoadm:/space/Cisco_admin/VMPS# ll bintotal 157-rwxr-xr-x 1 root root 4520 Jun 28 13:54 dictate_vlan.pl*-rw-r--r-- 1 root root 4448 Jun 28 13:48 dictate_vlan.pl.root-070628-13:53-rwxr-xr-x 1 root root 69240 Jun 28 13:44 vmpsd*root@ciscoadm:/space/Cisco_admin/VMPS#

Der mangler at koble opdateringen af vmpsd.db sammen med en database, eller bare med bootptab filerne, som i gamle dage.

./Magnus2007/multimus01/Zone-ciscoadm/NetGraf/index.php

Jeg lod selve web-delen blive der hvor den nu heorer hjemme, og linker bare til den fra Cisco_admin omraadet:

root@ciscoadm:/space/Cisco_admin# ll NetGraflrwxrwxrwx 1 root root 37 Jul 2 11:09 NetGraf -> /opt/csw/apache2/share/htdocs/NetGraf/

De filer som er noedvendige er:

root@ciscoadm:/space/Cisco_admin/NetGraf# ll *php *js-rw-r--r-- 1 root root 10907 Jul 2 09:12 background.php

Page 48: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

48 of 127 11/10/08 12:44

-rw-r--r-- 1 root root 15381 Jun 30 11:42 dnd.php-rw-r--r-- 1 root root 553 Jun 30 11:53 dndf.php-rw-r--r-- 1 root root 8710 Jun 30 11:54 dndhead.php-rw-r--r-- 1 root root 8766 Jun 30 11:37 klayers.js-rw-r--r-- 1 root root 2870 Jun 30 11:37 layers.js-rw-r--r-- 1 root root 37665 Jun 30 11:37 wz_dragdrop.js-rw-r--r-- 1 root root 18494 Jun 30 11:37 wz_jsgraphics.js

Her er en lille demo som viser de switche som indtil videre er sat op til E-bygningen.

./Magnus2007/multimus01/Zone-ciscoadm/NetDoc/MySQL/index.php

root@ciscoadm:/space/Cisco_admin/DoCisco# pkg-get -i mysql5....../opt/csw/mysql5/share/mysql/quick_start-csw/opt/csw/mysql5/share/mysql/romanian/errmsg.sys/opt/csw/mysql5/share/mysql/russian/errmsg.sys/opt/csw/mysql5/share/mysql/serbian/errmsg.sys/opt/csw/mysql5/share/mysql/slovak/errmsg.sys/opt/csw/mysql5/share/mysql/spanish/errmsg.sys/opt/csw/mysql5/share/mysql/swedish/errmsg.sys/opt/csw/mysql5/share/mysql/ukrainian/errmsg.sys[ verifying class ]/opt/csw/mysql5/libexec/mysqld Installing class ./opt/csw/lib/svc/method/svc-mysql5/opt/csw/var/svc/manifest/network/mysql5.xml[ verifying class ]## Executing postinstall script. Configuring service in SMFMySQL 5 is using Service Management Facility. The FMRI is: svc:/network/cswmysql5:defaultNo database directory found in the default location.If you need to build the initial database directory, see /opt/csw/mysql5/share/mysql/quick_start-cswIf you are using a non-default database directory location, please start mysql manually. Installation of was successful.root@ciscoadm:/space/Cisco_admin/DoCisco#

root@ciscoadm:/space/Cisco_admin/DoCisco# /opt/csw/mysql5/share/mysql/quick_start-csw

This is the blastwave quick start script to setup a MySQL5 database directory.

The base directory is /opt/csw/mysql5. The default database directory is /opt/csw/mysql5/var.

If you have not setup a partition for the database and you want one; now is a good time to exit this script and create and mount the partition.

If you have not setup a my.cnf file and you do not want one of the sample files; now is a good time to exit and create the file /opt/csw/mysql5/my.cnf.

Data directory: The default is /opt/csw/mysql5/var.

Accept the default or enter a directory [?,q]

my.cnf pathname: The default is either to use the supplied file in the base directory or to create one in the base directory from the small memory footprint sample. If your enter a pathname, it will be used to create the options file in the base directory.

Accept the default or enter a pathname [?,q] /opt/csw/mysql5/share/mysql/my-large.cnfUsing /opt/csw/mysql5/share/mysql/my-large.cnf to create the options file.data directory is /opt/csw/mysql5/var

Continue with installation or quit [y,n,?,q] ySetting up the databaseCreating MySQL core database in /opt/csw/mysql5/var

### The following messages are from mysql_install_db.Installing MySQL system tables...OKFilling help tables...OK

To start mysqld at boot time you have to copysupport-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !To do so, start the server, then issue the following commands:/opt/csw/mysql5/bin/mysqladmin -u root password 'new-password'/opt/csw/mysql5/bin/mysqladmin -u root -h ciscoadm password 'new-password'See the manual for more instructions.You can start the MySQL daemon with:cd /opt/csw/mysql5 ; /opt/csw/mysql5/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.plcd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /opt/csw/mysql5/bin/mysqlbug script!

The latest information about MySQL is available on the web athttp://www.mysql.comSupport MySQL by buying support/licenses at http://shop.mysql.com

### The following messages are from quick_start-csw.See /opt/csw/mysql5/share/mysql/doc/README.CSW for packaging changes.Please ignore references to starting mysqld_safe in the messages above. These messages are from mysql_install_db. See the following for starting CSWmysql5.To start mysqld; run `svcadm enable cswmysql5` on Solaris 10 or laterroot@ciscoadm:/space/Cisco_admin/DoCisco#

./Magnus2007/x4600_tryNbuy/index.php

Sun Microsystems Inc. SunOS 5.11 snv_55 October 2007# bashroot@x4600:/# zonecfg -z cluster6cluster6: No such zone configuredUse 'create' to begin configuring a new zone.zonecfg:cluster6> create -t SUNWlxzonecfg:cluster6> set zonepath=/space/cluster6_rootzonecfg:cluster6> add netzonecfg:cluster6:net> set address=130.225.49.207/24zonecfg:cluster6:net> set physical=e1000g1zonecfg:cluster6:net> endzonecfg:cluster6> commitzonecfg:cluster6> exitroot@x4600:/#

---

Meget vigtigt at forberede interfacet, da den ellers bare hopper over det:

root@x4600:/space/magnus# ifconfig e1000g1 plumbroot@x4600:/space/magnus# ifconfig -alo0: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=201000843 mtu 1500 index 2 inet 130.225.49.190 netmask ffffff00 broadcast 130.225.49.255 ether 0:14:4f:78:9c:a8 e1000g1: flags=201000802 mtu 1500 index 3 inet 0.0.0.0 netmask 0 ether 0:14:4f:78:9c:a9

---

Page 49: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

49 of 127 11/10/08 12:44

root@x4600:/# zoneadm -z cluster6 install -d /space/magnus/centos_fs_image.tar.bz2 Installing zone 'cluster6' at root directory '/space/cluster6_root'from archive '/space/magnus/centos_fs_image.tar.bz2'

This process may take several minutes.

Setting up the initial lx brand environment.System configuration modifications complete.Setting up the initial lx brand environment.System configuration modifications complete.

Installation of zone 'cluster6' completed successfully.

Details saved to log file: "/space/cluster6_root/root/var/log/cluster6.install.3942.log"

root@x4600:/#

root@x4600:/# zoneadm list -iv ID NAME STATUS PATH BRAND 0 global running / native - cluster6 installed /space/cluster6_root lx

root@x4600:/# zoneadm -z cluster6 boot

root@x4600:/# zoneadm list -iv ID NAME STATUS PATH BRAND 0 global running / native 1 cluster6 running /space/cluster6_root lx

root@x4600:/space/magnus# zlogin cluster6[Connected to zone 'cluster6' pts/8]Welcome to your shiny new Linux zone.

- The root password is 'root'. Please change it immediately.

- To enable networking goodness, see /etc/sysconfig/network.example.

- This message is in /etc/motd. Feel free to change it.

For anything more complicated, see: http://opensolaris.org/os/community/brandz/

You have mail.-bash-2.05b#

-bash-2.05b# uname -aLinux cluster6 2.4.21 BrandZ fake linux i686 athlon i386 GNU/Linux

top 05:23:33 up 58 min, 1 user, load average: 0.03, 0.14, 0.1511 processes: 10 sleeping, 1 running, 0 zombie, 0 stoppedCPU states: cpu user nice system irq softirq iowait idle total 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 99.8% cpu00 0.0% 0.0% 0.1% 0.0% 0.0% 0.0% 99.8% cpu01 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu02 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu03 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu04 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu05 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu06 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu07 1.3% 0.0% 0.0% 0.0% 0.0% 0.0% 98.6% cpu08 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu09 0.0% 0.0% 0.5% 0.0% 0.0% 0.0% 99.4% cpu10 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu11 0.0% 0.0% 0.1% 0.0% 0.0% 0.0% 99.8% cpu12 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu13 0.0% 0.0% 0.1% 0.0% 0.0% 0.0% 99.8% cpu14 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0% cpu15 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 100.0%Mem: 33021480k av, 3593560k used, 29427920k free, 0k shrd, 0k buff 0k active, 0k inactiveSwap: 10490440k av, 307768k used, 10182672k free 0k cached

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 4973 xfs 40 0 7932 4668 0 S 0.0 0.0 0:00 6 xfs 1 root 40 0 3856 2292 0 S 0.0 0.0 0:00 1 init 5011 root 40 0 6360 2872 0 R 0.0 0.0 0:00 1 top 5003 root 39 0 3844 2192 0 S 0.0 0.0 0:00 4 mingetty 4748 root 39 0 3868 1776 0 S 0.0 0.0 0:00 14 klogd 4791 root 40 0 6588 3228 0 S 0.0 0.0 0:00 11 bash 4743 root 40 0 4844 2900 0 S 0.0 0.0 0:00 4 login 4741 root 40 0 4136 2068 0 S 0.0 0.0 0:00 9 syslogd 4870 root 40 0 5992 2724 0 S 0.0 0.0 0:00 4 sshd 4891 root 40 0 6800 2480 0 S 0.0 0.0 0:00 10 crond 4983 root 39 0 3916 1580 0 S 0.0 0.0 0:00 10 atd

root@cluster6:~# matlab-bash: matlab: command not found

:-( !!!

rangered -T x4600 -e ssh 130.225.49.190xterm -bg orangered -T x4600 -e ssh 130.225.49.190

root@cluster6:~# mkdir -p /space/pack-local/matlab-7.2.0

root@cluster6:/space/pack-local/matlab-7.2.0# vi /etc/resolv.conf

root@cluster6:/space/pack-local/matlab-7.2.0# time rsync -av -e ssh magnus@cluster5:/space/pack-local/matlab-7.2.0/ .The authenticity of host 'cluster5 (130.225.49.206)' can't be established.RSA key fingerprint is f1:27:9a:ff:ff:27:e0:ce:ca:90:09:39:6c:4d:9c:d1.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'cluster5,130.225.49.206' (RSA) to the list of known hosts.magnus@cluster5's password: receiving file list .........update/pd/toolbox/vr/glnxa64/.bupdate/pd/toolbox/vr/mac/.bupdate/pd/toolbox/vr/sol2/.bupdate/pd/toolbox/wavelet/.bwrote 1201584 bytes read 3101570563 bytes 3544000.17 bytes/sectotal size is 3096666792 speedup is 1.00

real 14m34.867suser 0m0.000ssys 0m0.002sroot@cluster6:/space/pack-local/matlab-7.2.0# du -ks .3104582 .root@cluster6:/space/pack-local/matlab-7.2.0#

Page 50: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

50 of 127 11/10/08 12:44

Og matlab koerer :-)

>> bench(3)

ans =

0.3697 0.4297 0.2528 0.6360 0.7727 2.7183 0.2874 0.3537 0.1908 0.5842 0.6293 2.2042 0.2874 0.3549 0.1857 0.6062 0.6224 2.1980

>> bench(10)

ans =

0.2878 0.3546 0.1861 0.6043 0.6314 2.1806 0.2873 0.3543 0.1855 0.6062 0.6270 2.2266 0.2869 0.3550 0.1849 0.6052 0.6352 2.2113 0.2873 0.3547 0.1849 0.6054 0.6263 2.2198 0.2879 0.3548 0.1847 0.6055 0.6213 2.2211 0.2883 0.3551 0.1852 0.6064 0.6062 2.2005 0.2875 0.3549 0.1851 0.6063 0.6226 2.2015 0.2875 0.3559 0.1856 0.6067 0.6136 2.1854 0.2875 0.3560 0.1859 0.6068 0.6120 2.2415 0.2894 0.3564 0.1858 0.6072 0.6418 2.1270

>>

Og saa proever vi lige igen, med en anden zone.

Vi venter lige med at dele CPUerne ud

root@x4600:/# zoneadm list -cv ID NAME STATUS PATH BRAND 0 global running / native 1 cluster6 running /space/cluster6_root lx root@x4600:/# zonecfg -z cluster7cluster7: No such zone configuredUse 'create' to begin configuring a new zone.zonecfg:cluster7> create -t SUNWlxzonecfg:cluster7> set zonepath=/space/cluster7_rootzonecfg:cluster7> add netzonecfg:cluster7:net> set address=130.225.49.208/24zonecfg:cluster7:net> set physical=e1000g1zonecfg:cluster7:net> endzonecfg:cluster7> commitzonecfg:cluster7> exitroot@x4600:/# time zoneadm -z cluster7 install -d /space/magnus/centos_fs_image.tar.bz2 Installing zone 'cluster7' at root directory '/space/cluster7_root'from archive '/space/magnus/centos_fs_image.tar.bz2'

This process may take several minutes.

Setting up the initial lx brand environment.System configuration modifications complete.Setting up the initial lx brand environment.System configuration modifications complete.

Installation of zone 'cluster7' completed successfully.

Details saved to log file: "/space/cluster7_root/root/var/log/cluster7.install.5572.log"

real 8m57.629suser 2m11.274ssys 0m23.792sroot@x4600:/#

root@x4600:/# zoneadm -z cluster7 bootroot@x4600:/# zoneadm list -iv ID NAME STATUS PATH BRAND 0 global running / native 1 cluster6 running /space/cluster6_root lx 2 cluster7 running /space/cluster7_root lx

-bash-3.00$ su -Password: Sun Microsystems Inc. SunOS 5.11 snv_55 October 2007# zlogin cluster7[Connected to zone 'cluster7' pts/17]

Welcome to your shiny new Linux zone.

- The root password is 'root'. Please change it immediately.

- To enable networking goodness, see /etc/sysconfig/network.example.

- This message is in /etc/motd. Feel free to change it.

For anything more complicated, see: http://opensolaris.org/os/community/brandz/

You have mail.-bash-2.05b#

0.3002 0.3945 0.1842 0.6497 0.6523 2.3285 0.2992 0.3945 0.1835 0.6514 0.6473 2.3093 0.2985 0.3952 0.1833 0.6515 0.6669 2.3102

root@x4600:/space# mkdir -p cluster7_root/root/space/pack-localroot@x4600:/space# time rsync -a cluster6_root/root/space/pack-local/matlab-7.2.0 cluster7_root/root/space/pack-local

root@x4600:/space# time rsync -a cluster6_root/root/space/pack-local/matlab-7.2.0 cluster7_root/root/space/pack-local

real 16m41.913suser 0m23.249ssys 0m42.340sroot@x4600:/space#

LabVIEW

Kommer paa CD.

Page 51: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

51 of 127 11/10/08 12:44

fra:/ docs.sun.com/app/docs/doc/819-2450/6n4o5mdou?a=viewglobal# zonecfg -z lx-zonezonecfg:lx-zone> add fszonecfg:lx-zone:fs> set dir=/cdromzonecfg:lx-zone:fs> set special=/cdromzonecfg:lx-zone:fs> set type=lofszonecfg:lx-zone:fs> add options [ro,nodevices]zonecfg:lx-zone:fs> endzonecfg:lx-zone> commitzonecfg:lx-zone> exit

Men det er forkert, da det er /media som er det fysiske

zonecfg:cluster7> infozonename: cluster7zonepath: /space/cluster7_rootbrand: lxautoboot: falsebootargs: pool: limitpriv: fs: dir: /cdrom special: /cdrom raw not specified type: lofs options: [ro,nodevices]net: address: 130.225.49.208/24 physical: e1000g1zonecfg:cluster7> remove fs dir=/cdromzonecfg:cluster7> infozonename: cluster7zonepath: /space/cluster7_rootbrand: lxautoboot: falsebootargs: pool: limitpriv: net: address: 130.225.49.208/24 physical: e1000g1zonecfg:cluster7>

Igen

zonecfg:cluster7> add fszonecfg:cluster7:fs> set dir=/cdromzonecfg:cluster7:fs> set special=/mediazonecfg:cluster7:fs> set type=lofszonecfg:cluster7:fs> add options [ro,nodevices]zonecfg:cluster7:fs> endzonecfg:cluster7> commitzonecfg:cluster7> exit

Og saa koerer det efter reboot af zonen:

root@cluster7:/cdrom/LabVIEW-8.2-PDS# ./INSTALL

LabVIEW 8.2 for Linux/x86 (8/1/2006)

...By installing LabVIEW software packages, you agree to the terms of the includedNI Software License Agreement (LICENSE.txt). Type 'v' to view the agreement,'y' to consent to the agreement, or 'n' to decline the agreement and skipLabVIEW installation. [Vynq] y

NOTE: LabVIEW will install by default in /usr/local/natinst/LabVIEW-8.2,or in the natinst/LabVIEW-8.2 subdirectory if you specify an alternate location.

Preparing for installation...C runtime library (glibc) version: 2.3.2.Red Hat Package Manager (RPM) version: 4.2.3.Please indicate whether you would like to install the following components:

labview82-rte: LabVIEW Run-Time Engine[Ynasq?] ylabview-rte-aal: LabVIEW Run-Time Advanced Analysis Support[Ynasq?] ylabview82-core: LabVIEW Application and VI Library[Ynasq?] ylabview82-examples: LabVIEW VI Examples[Ynasq?] ylabview82-help: LabVIEW On-line Reference Manual[Ynasq?] ylabview82-ref: LabVIEW Manuals in Adobe Acrobat (.pdf) format[Ynasq?] ylabview82-vxi: LabVIEW NI-VXI Support[Ynasq?] ylabview82-desktop: LabVIEW KDE and GNOME desktop support[Ynasq?] ylabview82-appbuild: LabVIEW Run-Time Application Builder[Ynasq?] ylabview82-pro: LabVIEW Professional Developers Tools[Ynasq?] y

Auto-selecting dependency niwebpipeline20_dep-2.0-5.i586.rpm

The following components will be installed using rpm:

LabVIEW Run-Time Engine 44880 kBLabVIEW Run-Time Advanced Analysis Support 20607 kBLabVIEW Application and VI Library 408746 kBLabVIEW VI Examples 40245 kBLabVIEW On-line Reference Manual 65388 kBLabVIEW Manuals in Adobe Acrobat (.pdf) format 3201 kBLabVIEW NI-VXI Support 4482 kBLabVIEW KDE and GNOME desktop support 61 kBLabVIEW Run-Time Application Builder 62328 kBLabVIEW Professional Developers Tools 8884 kBNI Web Pipeline dependency libraries 5432 kB

Total space required: 664254 kBSpace available: 40004024 kB

Proceed? [Ynq] yInstalling...Preparing... ########################################### [100%] 1:labview82-rte ########################################### [100%]Preparing... ########################################### [100%] 1:labview-rte-aal ########################################### [100%]Preparing... ########################################### [100%] 1:niwebpipeline20_dep ########################################### [100%]Preparing... ########################################### [100%] 1:labview82-pro ########################################### [ 13%] 2:labview82-core ########################################### [ 25%] 3:labview82-examples ########################################### [ 38%] 4:labview82-help ########################################### [ 50%] 5:labview82-ref ########################################### [ 63%] 6:labview82-vxi ########################################### [ 75%] 7:labview82-desktop ########################################### [ 88%] 8:labview82-appbuild ########################################### [100%]

Would you like to install NI Example Finder (LabVIEW 8.2)? [Ynq] yInstalling NI Example Finder...Preparing... ########################################### [100%] 1:niexfinder-base ########################################### [100%]Preparing... ########################################### [100%] 1:niexfinder-labview82 ########################################### [100%]

Would you like to install the LabVIEW web browser plugin? [Ynq] y

Checking for Mozilla/Firefox/Netscape 6+ installation...

Page 52: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

52 of 127 11/10/08 12:44

Copying plugin to /native/usr/lib/firefox/pluginsCopying plugin to /native/usr/lib/mozilla/pluginsCopying plugin to /usr/lib/mozilla/pluginsCopying plugin to /usr/lib/mozilla-1.7.12/plugins

LabVIEW package installation complete.

LabVIEW installation complete.

================================================================================

Beginning hardware driver installation.

Depending on your system configuration, some drivers may require you to rebootafter installation before you can access the driver.

Note that some drivers may require the Linux kernel source to be installed.This can be found on your Linux distribution install CD as a package called'kernel-source'. Make sure to install the version matching the kernel you arerunning. If you need to install kernel source, press 'q' to abort installation,and re-run this install script after you have installed the kernel source.

Would you like to install NI-VISA (4.0) for GNU/Linux? [Ynq] y

********************************** * NI-VISA 4.0.0 for Linux/x86 **********************************

rpm 4.2.3 will be used with a default installation path

National Instruments products support the following Linux distributions: Mandriva Linux SUSE Linux Red Hat Enterprise Linux WSRefer to readme.txt for the latest information at the time of release.Refer to www.ni.com/linux for the most recent information about Linuxsupport at National Instruments.

Continue? [Yn] y

Retrieving license agreement. Please wait...(c) 2004-2005 National Instruments Corporation. All Rights Reserved.371460B-01March 2005

By installing this software, you are acknowledging acceptanceof the terms of the included license file (LICENSE.txt).

Do you accept the license? [ynq] y

Searching for installed components ...

Do you wish to install NI-VISA Runtime 4.0.0? [Ynq] y

Do you wish to install NI-VISA Development 4.0.0? [Ynq] y

Do you wish to install NI-VISA Configuration 4.0.0? [Ynq] y

Do you wish to install NI-VISA Server 4.0.0? [Ynq] y

Do you wish to install PXI Services 1.6.0? [Ynq] y

Do you wish to install NI Spy 2.4.0? [Ynq] y

NI-VISA Development 4.0.0 requires CVI Runtime 8.0.NI-VISA Configuration 4.0.0 requires CVI Runtime 8.0.This component has been selected automatically.

NI-VISA Runtime 4.0.0 requires NI-ORB 1.5.0.PXI Services 1.6.0 requires NI-ORB 1.5.0.This component has been selected automatically.

PXI Services 1.6.0 requires NI-DIM 1.5.0.This component has been selected automatically.

NI-ORB 1.5.0 requires NI-RPC 3.3.0.This component has been selected automatically.

NI-VISA Runtime 4.0.0 requires NI-PAL 1.11.1.PXI Services 1.6.0 requires NI-PAL 1.11.1.NI-DIM 1.5.0 requires NI-PAL 1.11.1.NI-ORB 1.5.0 requires NI-PAL 1.11.1.This component has been selected automatically.

NI-PAL 1.11.1 requires NI-KAL 1.4.0.This component has been selected automatically.

NI-VISA Development 4.0.0 requires LabVIEW Runtime 8.0.1.NI Spy 2.4.0 requires LabVIEW Runtime 8.0.1.This component has been selected automatically.

The following components will be installed using rpm: NI-VISA Runtime 4.0.0 5703 KB (in /usr/local/vxipnp) NI-VISA Development 4.0.0 4477 KB (in /usr/local/vxipnp) NI-VISA Configuration 4.0.0 658 KB (in /usr/local/vxipnp) NI-VISA Server 4.0.0 227 KB (in /usr/local/vxipnp) PXI Services 1.6.0 791 KB (in /usr/local/natinst/nipxi) NI Spy 2.4.0 2171 KB (in /usr/local/natinst/nispy) CVI Runtime 8.0 8510 KB (in /usr/local/natinst/cvirte) LabVIEW Runtime 8.0.1 32695 KB (in /usr/local/lib/LabVIEW-8.0) NI-ORB 1.5.0 459 KB (in /usr/local/natinst/.nicore) NI-DIM 1.5.0 594 KB (in /usr/local/natinst/.nicore) NI-RPC 3.3.0 102 KB (in /usr/local/natinst/.nicore) NI-PAL 1.11.1 1768 KB (in /usr/local/natinst/nipal) NI-KAL 1.4.0 229 KB (in /usr/local/natinst/nikal)Total space required: 58384 KBSpace available: 39302958 KB

Continue? [Yn] y

************************************ ERROR ************************************** Kernel source does not appear to be installed for the 2.4.21 kernel.* Installation of the kernel-source package for kernel 2.4.21 is* required to continue this installation.************************************ ERROR *************************************

Installation aborted.

Would you like to install NI-GPIB (NI-488.2 2.5.1) for GNU/Linux? [Ynq] y

***************************************************************************** NI-488.2 Distribution version 2.5.1f0 for Linux/x86 32-bit*****************************************************************************

National Instruments products support the following Linux distributions: Mandriva Linux Official SUSE Linux Red Hat Enterprise Linux WSRefer to README.txt for the latest information at the time of release.Refer to www.ni.com/linux for the most recent information about Linuxsupport at National Instruments.

Continue? [Yn] y

Checking required install tools...Checking installer tool versions...rpm 4.2.3 can be used with a default installation pathtar 1.13.25Checking dependencies...glibc 2.3.2 Unpacking install files to /tmp/NI4882-2.5.1f0.install...

************************************ ERROR ************************************** Kernel source does not appear to be installed for the 2.4.21 kernel.

Page 53: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

53 of 127 11/10/08 12:44

* Installation of the kernel-source package for kernel 2.4.21 is* required to continue this installation.************************************ ERROR *************************************

Installer is aborted.

Please see the LabVIEW 8.2 Upgrade Notes in /usr/local/natinst/LabVIEW-8.2/manuals/LV_Upgrade_Notes.pdffor information about new features in LabVIEW 8.2.

Installation complete.root@cluster7:/cdrom/LabVIEW-8.2-PDS#

test af matlab

magnus@cluster7:/tmp# cat /tmp/testmatlab.sh#!/bin/sh

#magnus@cluster7:/space/pack-local/matlab-7.2.0#

TIMES=$1

rm /tmp/matlab_$TIMES.*

echo Running bench\(5\) $TIMES times

for i in `awk -vTIMES=$TIMES 'BEGIN{for (i=1; i<=TIMES; i++){printf("%0.2d ",i)}}'`;do echo =====$i======;/space/pack-local/matlab-7.2.0/bin/matlab -nojvm -nodesktop -nodisplay -r 'bench(5),exit' 2>&1 >/tmp/matlab_$TIMES.$i &done;for i in `awk -vTIMES=$TIMES 'BEGIN{for (i=1; i<=TIMES; i++){printf("%0.2d ",i)}}'`; do wait; echo $i; done

echo FOR_GREP_TO_FIND_MANY_FILES_ON_01 >/tmp/matlab_$TIMES.deletemegrep 0\.00 /tmp/matlab_$TIMES.*|\awk 'BEGIN{print "a=["}{print $2" "$3" "$4" "$5";"}END{print "];"print "plot(a(:,1),\"r+-\")"print "hold on"print "plot(a(:,2),\"bs--\")"print "plot(a(:,3),\"go:\")"print "plot(a(:,4),\"m*-.\")"print "ylim([0 2])"print "grid"print "legend(\"LU\",\"ODE\",\"FFT\",\"Sparse\")"print "h1=refline(0, mean(a(:,1)))"print "h2=refline(0, mean(a(:,2)))"print "h3=refline(0, mean(a(:,3)))"print "h4=refline(0, mean(a(:,4)))"print "set(h1, \"LineStyle\", \"-\", \"Marker\", \"+\")"print "set(h2, \"LineStyle\", \"--\", \"Marker\", \"s\")"print "set(h3, \"LineStyle\", \":\", \"Marker\", \"o\")"print "set(h4, \"LineStyle\", \"-.\", \"Marker\", \"*\")"print "hold off"print "print -depsc matlab_'$TIMES'"}' | tr \" \' >/tmp/matlab_$TIMES.m

echo Running matlab again to create graphs/space/pack-local/matlab-7.2.0/bin/matlab -nojvm -nodesktop -nodisplay -r "matlab_$TIMES, exit"

ls -lt /tmp/matlab_$TIMES.*#print "print -dpng matlab_'$TIMES'"magnus@cluster7:/tmp#

magnus@cluster7:/tmp# date; for i in 10 14 16 20 24 28 32 40 ; do echo ====$i====; /tmp/testmatlab.sh $i; done; dateTue Apr 17 06:46:14 EDT 2007====10====rm: cannot lstat `/tmp/matlab_10.*': No such file or directoryRunning bench(5) 10 times=====01===========02======......afbryder....

magnus@cluster7:/tmp# date; for i in 01 02 03 04 05 06 07 08 09 10 12 14 16 20 24 28 32 40 ; do echo ====$i====; /tmp/testmatlab.sh $i; done; dateTue Apr 17 06:57:51 EDT 2007====01====Running bench(5) 01 times====01======

...-rw-rw-r-- 1 magnus magnus 777 Apr 17 07:12 /tmp/matlab_40.36Tue Apr 17 07:12:44 EDT 2007magnus@cluster7:/tmp#

./Magnus2007/E-bygningen/Cisco/index.php

Cisco switcheneJeg vil kalde dem i K6.12 for 120-129, dem o K6.01 for 10-19 osv. Som det sidste i ip-nummeret, altsaa Admin VLAN er 419.

./Magnus2007/E-bygningen/index.php

./Dataopsamling/MRTG/index.php

MRTG graferneVed at se paa vores fine netgraf , kan man se hvilke switche mangler MRTG grafer.

For at tilfoeje dem, goer jeg dette:

root@aegir:~/public_html/mrtg# ./make_mrtg_stuff4switch.sh cisk629aroot@aegir:~/public_html/mrtg# chown -R magnus:magnus cisk629a*root@aegir:~/public_html/mrtg# vi cronjob.sh

og tilfoejer cisk629a i listen.

./Dataopsamling/index.php

./Maskinstue/UPS/Service/index.php

Her er et udtraek fra databasen, som Joern har lavet. Lige fixet lidt med nedenstaaende script:

Page 54: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

54 of 127 11/10/08 12:44

cat index.phh.old | perl -ne '$txt.=$_;END{$txt=~s/]*>(.*?)<\/font>/$1/sg;print$txt}' >index.php

VareOversigtAlt

Rekv.Nr Køber LevNavnOrdre Dato

Rekvirent I8Nr VGrpVare

Indkøb.BeskrivelseVareGrpBeskrivelse Antal EnhedsPris

Leverings Dato

Modtage Dato

Serienr FakturaNr AfmeldingsDato Garantiperiode VareIndkøb.Note FællesNote

27420 JSM Santech Micro Group Denmark A/S

17-03 2003

Magnus 60413 UPS MGE Pulsar Evolution 3000VA RA

Nødstrømsforsyning 1,00 kr 7.999,00

26-03 2003

18-03 2003

AF3C19076 9625742 1 år

27420 JSM Santech Micro Group Denmark A/S

17-03 2003

Magnus 60414 UPS MGE Pulsar Evolution 800VA

Nødstrømsforsyning 1,00 kr 2.199,00

26-03 2003

17-03 2003

AE2C310A4 9625743 1 år

31402 Vic Santech Micro Group Denmark A/S

21-03 2003

Magnus 60420 UPS MGE Pulsar Evolution 3000VA RA

Nødstrømsforsyning 1,00 kr 7.999,00

25-03 2003

25-03 2003

AF3C47022 9628228 1 år

52255 Magnus Skandinavisk ComputerTilbehør ApS

24-06 2005

Magnus 67937 UPS MGE Pulsar Evolution 3000VA RA

Nødstrømsforsyning 1,00 kr 7.470,00

24-06 2005

01-07 2005

AF3F12061 25041 1 år

52255 Magnus Skandinavisk ComputerTilbehør ApS

24-06 2005

Magnus 0 AKKUM Ekstra batteri til MGE Pulsar Evolution 3000VARA

Akkumulator 1,00 kr 4.400,00

24-06 2005

01-07 2005

25041 1 år

55625 Magnus Skandinavisk ComputerTilbehør ApS

27-09 2005

Hannem 67940 UPS Pulsar Evolution 800 ups

Nødstrømsforsyning 1,00 kr 2.193,00

07-10 2005

30-09 2005

21AE2E1405 25244 1 år

91515018 Magnus Skandinavisk ComputerTilbehør ApS

20-12 2006

Magnus 72076 UPS MGE Pulsar Evolution S 3000 RT3U

Nødstrømsforsyning 1,00 kr 8.972,00

21-12 2006

21-12 2006

AVDG3500P 26359 1 år

91515018 Magnus Skandinavisk ComputerTilbehør ApS

20-12 2006

Magnus 0 UPS MGE Pulsar Evolution S EXB 2500/3000, batteri

Nødstrømsforsyning 1,00 kr 3.866,00

21-12 2006

21-12 2006

26359 1 år Bygget sammen med Evolution 3000

91515036 Magnus Skandinavisk ComputerTilbehør ApS

27-06 2007

Magnus 0 TILBEH MGE-66074 Web/SNMP kort til UPS Pulsar Evolution3000

Kabler, adapter,tilbehør,

1,00 kr 2.697,00

29-06 2007

30-06 2007

49EH23300 26819 1 år

91515036 Magnus Skandinavisk ComputerTilbehør ApS

27-06 2007

Magnus 0 TILBEH MGE-66074 Web/SNMP kort til UPS Pulsar Evolution3000

Kabler, adapter,tilbehør,

-1,00 kr 2.697,00

29-06 2007

30-06 2007

49EH23300 26860 1 år

91515036 Magnus Skandinavisk ComputerTilbehør ApS

27-06 2007

Magnus 0 TILBEH MGE-66160 Web/SNMP kort til UPS Pulsar Evolution3000

Kabler, adapter,tilbehør,

1,00 kr 2.697,00

29-06 2007

30-06 2007

49HH1304V 26860 1 år Monteret i AAU 60413

./Maskinstue/UPS/index.php

UPS i maskintuen i DDer er en lille mangel paa UPS1, idet den ikke kan bruge NTP og koere sommertid automatisk: http://10.11.12.241/

Man er noed til at snyde den og koere GMT+2 om sommeren... De andre kan godt selv skifte.

./Maskinstue/index.php

Directory Tree. |-- 220V |-- D1-104 | |-- Rack_1 | |-- Rack_2 | | |-- biceps | | |-- cerebrum01 | | |-- gracilis | | |-- maximus | | |-- multimus05 | | | `-- Zones-link | | |-- soleus | | `-- tibialis | |-- Rack_3 | | |-- aegir | | |-- illiacus | | `-- multimus01 | | `-- Zones-link | `-- Rack_4 | |-- DELL-rackpc | |-- cluster2 | |-- fiske | |-- musedb | `-- musets |-- E2-110 | `-- Rack_1 | `-- maximus01 `-- UPS `-- Service

28 directories

tree v1.5.0 (c) 1996 - 2004 by Steve Baker and Thomas Moore HTML output hacked and copyleft (c) 1998 by Francesc Rocher Charsets / OS/2 support (c) 2001 by Kyosuke Tokoro

./Maskinstue/220V/index.php

220V i maskinstuenSe magnus@illiacus:~/UNIX/admin/Maskinstue/220V# ./tree_W.sh

Er nu kopieret til:

root@hstsysadm:/space/HSTsysadm/EL/D-maskinstue/220V

magnus@illiacus:~/UNIX/admin/Maskinstue/220V# ./tree_W.sh. (16355W)|-- BoksI (1248W)| |-- 1 (723W)| | `-- UPS_1 (722W)| | |-- A1 (714W)| | | `-- aegir (713W)| | |-- A2 (1W)| | |-- A3 (1W)| | |-- A4 (1W)| | |-- B1 (1W)| | |-- B2 (1W)| | |-- B3 (1W)| | `-- B4 (1W)| |-- 2 (1W)| |-- 3a (522W)| | `-- 5-BlaaBlaa (521W)| | |-- 1 (2W)| | | `-- Modem (1W)| | |-- 2 (1W)| | |-- 3 (1W)| | |-- 4 (1W)| | `-- 5 (515W)| | `-- 5-BrunBrun (514W)| | |-- 1 (194W)| | | `-- musedb_PS-2 (193W)| | |-- 2 (194W)| | | `-- musets_PS-2 (193W)| | |-- 3 (1W)| | |-- 4 (62W)| | | `-- Panasonic_41726 (61W)| | `-- 5 (62W)

Page 55: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

55 of 127 11/10/08 12:44

| | `-- BaerbarPC (61W)| `-- 3b (1W)|-- BoksII (3586W)| |-- 1 (246W)| | `-- Gul_5-daase (245W)| | |-- 1 (1W)| | |-- 2 (1W)| | |-- 3 (1W)| | |-- 4 (240W)| | | `-- cluster_3-daase (239W)| | | |-- 1 (62W)| | | | `-- cluster10_63428 (61W)| | | |-- 2 (114W)| | | | `-- cluster1_63429 (113W)| | | `-- 3 (62W)| | | `-- typo3_63427 (61W)| | `-- 5 (1W)| |-- 2 (1W)| |-- 3a (2986W)| | `-- UPS4 (2985W)| | |-- G1a (1W)| | |-- G1b (9W)| | | `-- 3-daase (8W)| | | |-- 1 (1W)| | | |-- 2 (1W)| | | `-- 3 (5W)| | | `-- 3-daase (4W)| | | |-- 1 (1W)| | | |-- 2 (1W)| | | `-- 3 (1W)| | |-- G2a (1W)| | |-- G2b (370W)| | | `-- 3-daase (369W)| | | |-- 1 (1W)| | | |-- 2 (362W)| | | | `-- cluster2 (361W)| | | `-- 3 (5W)| | | `-- 3-daase (4W)| | | |-- 1 (1W)| | | |-- 2 (1W)| | | `-- 3 (1W)| | |-- M1 (1476W)| | | `-- 5-GroenHvid (1475W)| | | |-- 1 (450W)| | | | `-- x4600_PS3 (449W)| | | |-- 2 (394W)| | | | `-- tibialis_AC1 (393W)| | | |-- 3 (466W)| | | | `-- biceps_AC1 (465W)| | | |-- 4 (82W)| | | | `-- cisd1-0 (81W)| | | `-- 5 (82W)| | | `-- cisd1-1g (81W)| | |-- M2 (363W)| | | `-- 5-RoedHvid (362W)| | | |-- 1 (82W)| | | | `-- cisk612a_12SFP (81W)| | | |-- 2 (82W)| | | | `-- cisd1-g1 (81W)| | | |-- 3 (82W)| | | | `-- cisd1-g2 (81W)| | | |-- 4 (114W)| | | | `-- loke (113W)| | | `-- 5 (1W)| | |-- M3 (763W)| | | `-- 5-BlaaHvid (762W)| | | |-- 1 (162W)| | | | `-- NEO_b_baandstation (161W)| | | |-- 2 (210W)| | | | `-- SATABoy_PS1 (209W)| | | |-- 3 (194W)| | | | `-- multimus01_PS1 (193W)| | | |-- 4 (194W)| | | | `-- illiacus_PS1 (193W)| | | `-- 5 (1W)| | `-- M4 (1W)| `-- 3b (352W)| `-- A_5-daase (351W)| |-- 1 (1W)| |-- 2 (1W)| |-- 3 (1W)| |-- 4 (1W)| `-- 5 (346W)| `-- Gul_5-daase (345W)| |-- 1 (1W)| |-- 2 (1W)| |-- 3 (114W)| | `-- job-host (113W)| |-- 4 (114W)| | `-- quark (113W)| `-- 5 (114W)| `-- slyrf (113W)`-- BoksIII (8795W) |-- 1a (1W) |-- 1b (2733W) | `-- UPS1 (2732W) | |-- G1a (1W) | |-- G1b (1W) | |-- G2a (1W) | |-- G2b (1W) | |-- M1 (1456W) | | `-- 5-GroenSort (1455W) | | |-- 1 (450W) | | | `-- x4600_PS0 (449W) | | |-- 2 (394W) | | | `-- tibialis_AC0 (393W) | | |-- 3 (466W) | | | `-- biceps_AC0 (465W) | | |-- 4 (62W) | | | `-- access1 (61W) | | `-- 5 (82W) | | `-- konsol_server (81W) | |-- M2 (763W) | | `-- 5-BlaaSort (762W) | | |-- 1 (162W) | | | `-- NEO_a_baandstation (161W) | | |-- 2 (210W) | | | `-- SATABoy_PS0 (209W) | | |-- 3 (194W) | | | `-- multimus01_PS0 (193W) | | |-- 4 (194W) | | | `-- illiacus_PS0 (193W) | | `-- 5 (1W) | |-- M3 (507W) | | `-- 5-BrunSort (506W) | | |-- 1 (1W) | | |-- 2 (114W) | | | `-- fiske (113W) | | |-- 3 (2W) | | | `-- muse-tape (1W) | | |-- 4 (194W) | | | `-- musedb_PS-1 (193W) | | `-- 5 (194W) | | `-- musets_PS-1 (193W) | `-- M4 (1W) |-- 2a (1W) |-- 2b (3192W) | `-- UPS2 (3191W) | |-- G1a (468W) | | `-- 3-daase (467W) | | |-- 1 (1W) | | |-- 2 (1W) | | `-- 3 (464W) | | `-- 3-daase (463W) | | |-- 1 (154W) | | | `-- 12_disk_kasse_oppe (153W) | | |-- 2 (154W)

Page 56: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

56 of 127 11/10/08 12:44

| | | `-- 12_disk_kasse_oppe (153W) | | `-- 3 (154W) | | `-- 12_disk_kasse_oppe (153W) | |-- G1b (1W) | |-- G2a (410W) | | `-- ran (409W) | |-- G2b (1W) | |-- M1 (2307W) | | `-- 5-GroenGraa (2306W) | | |-- 1 (450W) | | | `-- x4600_PS1 (449W) | | |-- 2 (1130W) | | | `-- maximus_AC0 (1129W) | | |-- 3 (362W) | | | `-- multimus05_PS0 (361W) | | |-- 4 (362W) | | | `-- gracilis_PS0 (361W) | | `-- 5 (1W) | |-- M2 (1W) | |-- M3 (1W) | `-- M4 (1W) |-- 2c (1W) |-- 3a (1W) |-- 3b (1W) `-- 3c (2864W) `-- UPS3 (2863W) |-- G1a (468W) | `-- 3-daase (467W) | |-- 1 (1W) | |-- 2 (1W) | `-- 3 (464W) | `-- 3-daase (463W) | |-- 1 (154W) | | `-- 12_disk_kasse_nede (153W) | |-- 2 (154W) | | `-- 12_disk_kasse_nede (153W) | `-- 3 (154W) | `-- 12_disk_kasse_nede (153W) |-- G1b (1W) |-- G2a (1W) |-- G2b (1W) |-- M1 (2388W) | `-- 5-GroenViolet (2387W) | |-- 1 (450W) | | `-- x4600_PS2 (449W) | |-- 2 (1130W) | | `-- maximus_AC1 (1129W) | |-- 3 (362W) | | `-- multimus05_PS1 (361W) | |-- 4 (362W) | | `-- gracilis_PS1 (361W) | `-- 5 (82W) | `-- cisk612a_52TP (81W) |-- M2 (1W) |-- M3 (1W) `-- M4 (1W) (16355W)233 directories (0W)

./Maskinstue/E2-110/Rack_1/maximus01/index.php

maximus01Dette burde nok komme fra en database...

Status Stand by fil-server

Model Sun x4500

CPU model Dual Core AMD Opteron 290

CPU antal 2

CPU clock 2.8 GHz

CPU cache 2MB

RAM 16GB

RAM-slots

8: Alle fulde

2GB 2GB 2GB 2GB

2GB 2GB 2GB 2GB

prtdiag

root@maximus01:/zpool1/vol/nfs002# prtdiagSystem Configuration: Sun Microsystems Sun Fire X4500BIOS Configuration: American Megatrends Inc. 080010 05/24/2007BMC Configuration: IPMI 2.0 (KCS: Keyboard Controller Style)

==== Processor Sockets ====================================

Version Location Tag-------------------------------- --------------------------Dual Core AMD Opteron(tm) Processor 290 H0Dual Core AMD Opteron(tm) Processor 290 H1

==== Memory Device Sockets ================================

Type Status Set Device Locator Bank Locator------- ------ --- ------------------- --------------------DDR in use 0 H0_DIMM0 BANK0DDR in use 0 H0_DIMM1 BANK1DDR in use 0 H0_DIMM2 BANK2DDR in use 0 H0_DIMM3 BANK3DDR in use 0 H1_DIMM0 BANK4DDR in use 0 H1_DIMM1 BANK5DDR in use 0 H1_DIMM2 BANK6DDR in use 0 H1_DIMM3 BANK7

==== On-Board Devices ===================================== Marvell serial-ATA #1 Marvell serial-ATA #2 Marvell serial-ATA #3 Marvell serial-ATA #4 Marvell serial-ATA #5 Marvell serial-ATA #6 Intel 82546EB #1 Intel 82546EB #2 Intel 82551QM

==== Upgradeable Slots ====================================

ID Status Type Description--- --------- ---------------- ----------------------------0 in use PCI-X PCIX01 available PCI-X PCIX1

./Maskinstue/D1-104/Rack_2/biceps/index.php

bicepsDette burde nok komme fra en database...

Status I drift

Model Sun Fire V440

CPU model UltraSPARC-IIIi

CPU antal 4

CPU clock 1281 MHz

CPU cache 1MB

Page 57: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

57 of 127 11/10/08 12:44

RAM 16GB

RAM-slots 64 x 256MB

prtdiag

magnus@biceps:~# prtdiagSystem Configuration: Sun Microsystems sun4u Sun Fire V440System clock frequency: 183 MHZMemory size: 16GB

==================================== CPUs ==================================== E$ CPU CPU TemperatureCPU Freq Size Implementation Mask Die Amb. Status Location--- -------- ---------- --------------------- ----- ---- ---- ------ -------- 0 1281 MHz 1MB SUNW,UltraSPARC-IIIi 2.4 - - online - 1 1281 MHz 1MB SUNW,UltraSPARC-IIIi 2.4 - - online - 2 1281 MHz 1MB SUNW,UltraSPARC-IIIi 2.4 - - online - 3 1281 MHz 1MB SUNW,UltraSPARC-IIIi 2.4 - - online -

================================= IO Devices =================================Bus Freq Slot + Name +Type MHz Status Path Model---- ---- ---------- ---------------------------- --------------------pci 66 MB pci108e,abba (network) SUNW,pci-ce okay /pci@1c,600000/network@2

pci 33 MB isa/su (serial) okay /pci@1e,600000/isa@7/serial@0,3f8

pci 33 MB isa/su (serial) okay /pci@1e,600000/isa@7/serial@0,2e8

pci 33 MB isa/rmc-comm-rmc_comm (seria+ okay /pci@1e,600000/isa@7/rmc-comm@0,3e8

pci 33 MB pciclass,0c0310 (usb) okay /pci@1e,600000/usb@a

pci 33 MB pciclass,0c0310 (usb) okay /pci@1e,600000/usb@b

pci 33 MB pci10b9,5229 (ide) okay /pci@1e,600000/ide@d

pci 66 MB pci108e,abba (network) SUNW,pci-ce okay /pci@1f,700000/network@1

pci 66 MB scsi-pci1000,30 (scsi-2) LSI,1030 okay /pci@1f,700000/scsi@2

pci 66 MB scsi-pci1000,30 (scsi-2) LSI,1030 okay /pci@1f,700000/scsi@2,1

============================ Memory Configuration ============================Segment Table:-----------------------------------------------------------------------Base Address Size Interleave Factor Contains-----------------------------------------------------------------------0x0 4GB 16 BankIDs 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,150x1000000000 4GB 16 BankIDs 16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,310x2000000000 4GB 16 BankIDs 32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,470x3000000000 4GB 16 BankIDs 48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63

Bank Table:----------------------------------------------------------- Physical LocationID ControllerID GroupID Size Interleave Way-----------------------------------------------------------0 0 0 256MB 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,151 0 0 256MB 2 0 1 256MB 3 0 1 256MB 4 0 0 256MB 5 0 0 256MB 6 0 1 256MB 7 0 1 256MB 8 0 1 256MB 9 0 1 256MB 10 0 0 256MB 11 0 0 256MB 12 0 1 256MB 13 0 1 256MB 14 0 0 256MB 15 0 0 256MB 16 1 0 256MB 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,1517 1 0 256MB 18 1 1 256MB 19 1 1 256MB 20 1 0 256MB 21 1 0 256MB 22 1 1 256MB 23 1 1 256MB 24 1 1 256MB 25 1 1 256MB 26 1 0 256MB 27 1 0 256MB 28 1 1 256MB 29 1 1 256MB 30 1 0 256MB 31 1 0 256MB 32 2 0 256MB 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,1533 2 0 256MB 34 2 1 256MB 35 2 1 256MB 36 2 0 256MB 37 2 0 256MB 38 2 1 256MB 39 2 1 256MB 40 2 1 256MB 41 2 1 256MB 42 2 0 256MB 43 2 0 256MB 44 2 1 256MB 45 2 1 256MB 46 2 0 256MB 47 2 0 256MB 48 3 0 256MB 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,1549 3 0 256MB 50 3 1 256MB 51 3 1 256MB 52 3 0 256MB 53 3 0 256MB 54 3 1 256MB 55 3 1 256MB 56 3 1 256MB 57 3 1 256MB 58 3 0 256MB 59 3 0 256MB 60 3 1 256MB 61 3 1 256MB 62 3 0 256MB 63 3 0 256MB

Memory Module Groups:--------------------------------------------------ControllerID GroupID Labels Status--------------------------------------------------0 0 C0/P0/B0/D0 0 0 C0/P0/B0/D1 0 1 C0/P0/B1/D0 0 1 C0/P0/B1/D1 1 0 C1/P0/B0/D0 1 0 C1/P0/B0/D1 1 1 C1/P0/B1/D0 1 1 C1/P0/B1/D1 2 0 C2/P0/B0/D0 2 0 C2/P0/B0/D1 2 1 C2/P0/B1/D0 2 1 C2/P0/B1/D1 3 0 C3/P0/B0/D0 3 0 C3/P0/B0/D1 3 1 C3/P0/B1/D0 3 1 C3/P0/B1/D1

./Maskinstue/D1-104/Rack_2/tibialis/index.php

tibialisDette burde nok komme fra en database...

Status Slukket

Model Sun 280R

CPU model UltraSPARC-III+

CPU antal 2

Page 58: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

58 of 127 11/10/08 12:44

CPU clock 1015 MHz

CPU cache 8MB

RAM 8GB

RAM-slots8: Alle fulle, den fik RAM fra soleus ogsaa

1GB 1GB 1GB 1GB 1GB 1GB 1GB 1GB

prtdiag

root@tibialis:/# prtdiag System Configuration: Sun Microsystems sun4u Sun Fire 280R (2 X UltraSPARC-III+) System clock frequency: 145 MHzMemory size: 8192 Megabytes

========================= CPUs ===============================================

Run E$ CPU CPU Brd CPU MHz MB Impl. Mask --- --- ---- ---- ------- ---- A 0 1015 8.0 US-III+ 2.3 B 1 1015 8.0 US-III+ 2.3

========================= Memory Configuration ===============================

Logical Logical Logical MC Bank Bank Bank DIMM Interleave Interleaved Brd ID num size Status Size Factor with---- --- ---- ------ ----------- ------ ---------- ----------- CA 0 0 2048MB no_status 1024MB 4-way 0 CA 0 1 2048MB no_status 1024MB 4-way 0 CA 0 2 2048MB no_status 1024MB 4-way 0 CA 0 3 2048MB no_status 1024MB 4-way 0

========================= IO Cards =========================

Bus Max IO Port Bus Freq Bus Dev,Brd Type ID Side Slot MHz Freq Func State Name Model---- ---- ---- ---- ---- ---- ---- ---- ----- -------------------------------- ----------------------I/O PCI 8 B 3 33 33 2,0 ok network-pci108e,2bad SUNW,pci-gem I/O PCI 8 B 2 33 33 3,0 ok network-pci108e,2bad SUNW,pci-gem

./Maskinstue/D1-104/Rack_2/soleus/index.php

soleus

Status Slukket Model Sun 280R CPU RAM

./Maskinstue/D1-104/Rack_2/gracilis/index.php

gracilisDette burde nok komme fra en database...

Status I drift. SunRay server

Model Sun x4200

CPU model Dual Core AMD Opteron 285

CPU antal 2

CPU clock 2.6 GHz

CPU cache 2 MB

RAM 8 GB

RAM-slots

8:

2GB - 2GB -

2GB - 2GB -

prtdiag

root@gracilis:/# prtdiag System Configuration: Sun Microsystems Sun Fire X4200 ServerBIOS Configuration: American Megatrends Inc. 080010 08/10/2005BMC Configuration: IPMI 2.0 (KCS: Keyboard Controller Style)

==== Processor Sockets ====================================

Version Location Tag-------------------------------- --------------------------Dual Core AMD Opteron(tm) Processor 285 H0Dual Core AMD Opteron(tm) Processor 285 H1Dual Core AMD Opteron(tm) Processor 285 H2Dual Core AMD Opteron(tm) Processor 285 H3

==== Memory Device Sockets ================================

Type Status Set Device Locator Bank Locator------- ------ --- ------------------- --------------------DDR in use 0 H0_DIMM0 BANK0DDR in use 0 H0_DIMM1 BANK1unknown empty 0 H0_DIMM2 BANK2unknown empty 0 H0_DIMM3 BANK3DDR in use 0 H1_DIMM0 BANK4DDR in use 0 H1_DIMM1 BANK5unknown empty 0 H1_DIMM2 BANK6unknown empty 0 H1_DIMM3 BANK7

==== On-Board Devices ===================================== LSI serial-ATA #1 Gigabit Ethernet #1 Gigabit Ethernet #2 ATI Rage XL VGA

==== Upgradeable Slots ====================================

ID Status Type Description--- --------- ---------------- ----------------------------0 in use PCI-X PCIX SLOT01 available PCI-X PCIX SLOT12 available PCI-X PCIX SLOT23 available PCI-X PCIX SLOT34 available PCI-X PCIX SLOT4

./Maskinstue/D1-104/Rack_2/maximus/index.php

maximusDette burde nok komme fra en database...

Status I drift. Filserver

Model Sun x4500

CPU model Dual Core AMD Opteron 285

CPU antal 2

CPU clock 2.6 GHz

CPU cache 2MB

RAM 16GB

Page 59: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

59 of 127 11/10/08 12:44

RAM-slots

8: tekst...

2GB 2GB 2GB 2GB

2GB 2GB 2GB 2GB

prtdiag

root@maximus:/# prtdiag System Configuration: Sun Microsystems Sun Fire X4500BIOS Configuration: American Megatrends Inc. 080010 08/04/2006BMC Configuration: IPMI 2.0 (KCS: Keyboard Controller Style)

==== Processor Sockets ====================================

Version Location Tag-------------------------------- --------------------------Dual Core AMD Opteron(tm) Processor 285 H0Dual Core AMD Opteron(tm) Processor 285 H1

==== Memory Device Sockets ================================

Type Status Set Device Locator Bank Locator------- ------ --- ------------------- --------------------DDR in use 0 H0_DIMM0 BANK0DDR in use 0 H0_DIMM1 BANK1DDR in use 0 H0_DIMM2 BANK2DDR in use 0 H0_DIMM3 BANK3DDR in use 0 H1_DIMM0 BANK4DDR in use 0 H1_DIMM1 BANK5DDR in use 0 H1_DIMM2 BANK6DDR in use 0 H1_DIMM3 BANK7

==== On-Board Devices ===================================== Marvell serial-ATA #1 Marvell serial-ATA #2 Marvell serial-ATA #3 Marvell serial-ATA #4 Marvell serial-ATA #5 Marvell serial-ATA #6 Intel 82546EB #1 Intel 82546EB #2 Intel 82551QM

==== Upgradeable Slots ====================================

ID Status Type Description--- --------- ---------------- ----------------------------0 in use PCI-X PCIX01 available PCI-X PCIX1

./Maskinstue/D1-104/Rack_2/cerebrum01/index.php

cerebrum01Dette burde nok komme fra en database...

Status I drift. Talknuser

Model Sun Fire x4600 M2

CPU model Dual-Core AMD Opteron 8218

CPU antal 8

CPU clock 2.6 GHz

CPU cache 2MB

RAM 32GB

RAM-slots

32: tekst...

2GB 2GB - -

2GB 2GB - -

2GB 2GB - -

2GB 2GB - -

2GB 2GB - -

2GB 2GB - -

2GB 2GB - -

2GB 2GB - -

lshw -html

root@cerebrum01:/home/magnus# lshw -html

Man skal nok lige vaere opmaerksom paa at CPU hastigheden er 1GHz nu, da maskinen er idle.

id: cerebrum01

description: System

product: Sun Fire X4600 M2

vendor: Sun Microsystems

version: To Be Filled By O.E.M.

serial: 00:14:4F:78:B4:28

width: 32 bits

capabilities: smbios-2.3 dmi-2.3

configuration: boot = normal

chassis = server

uuid = 00000000-0000-0000-0000-00144F6B7C79

id: core

description: Motherboard

product: Sun Fire X4600 M2

vendor: Sun Microsystems

physical id: 0

version: To be filled by O.E.M.

serial: 0123456789 0123456789 0123456789

slot: To Be Filled By O.E.M.

id: firmware

description: BIOS

vendor: American Megatrends Inc.

physical id: 1

version: 080012 (01/12/2007)

size: 64KB

Page 60: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

60 of 127 11/10/08 12:44

id: firmware

capacity: 960KB

capabilities: isa pci pnp upgrade shadowing escd cdboot bootselect socketedrom edd int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer int10video acpi usb ls120boot zipboot biosbootspecification netboot

id: cpu:0

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 4

bus info: cpu@0

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 1

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: 5

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: 6

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

id: cache:2

description: L3 cache

physical id: 7

slot: L3-Cache

capabilities: internal

id: cpu:1

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 8

bus info: cpu@1

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 2

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: 9

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: a

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

Page 61: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

61 of 127 11/10/08 12:44

id: cache:2

description: L3 cache

physical id: b

slot: L3-Cache

capabilities: internal

id: cpu:2

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 3

bus info: cpu@2

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 3

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: d

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: e

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

id: cache:2

description: L3 cache

physical id: f

slot: L3-Cache

capabilities: internal

id: cpu:3

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 5

bus info: cpu@3

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 4

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: 11

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: 12

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

Page 62: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

62 of 127 11/10/08 12:44

id: cache:2

description: L3 cache

physical id: 13

slot: L3-Cache

capabilities: internal

id: cpu:4

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 14

bus info: cpu@4

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 5

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: 15

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: 16

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

id: cache:2

description: L3 cache

physical id: 17

slot: L3-Cache

capabilities: internal

id: cpu:5

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 18

bus info: cpu@5

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 6

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: 19

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: 1a

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

Page 63: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

63 of 127 11/10/08 12:44

id: cache:2

description: L3 cache

physical id: 1b

slot: L3-Cache

capabilities: internal

id: cpu:6

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 1c

bus info: cpu@6

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 7

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: 1d

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: 1e

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

id: cache:2

description: L3 cache

physical id: 1f

slot: L3-Cache

capabilities: internal

id: cpu:7

description: CPU

product: Dual-Core AMD Opteron(tm) Processor 8218

vendor: Advanced Micro Devices [AMD]

physical id: 20

bus info: cpu@7

version: Dual-Core AMD Opteron(tm) Processor 8218

serial: To Be Filled By O.E.M.

slot: CPU 8

size: 1GHz

capacity: 2600MHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt rdtscp x86-64 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm cr8_legacy cpufreq

id: cache:0

description: L1 cache

physical id: 21

slot: L1-Cache

size: 128KB

capacity: 128KB

capabilities: pipeline-burst internal varies data

id: cache:1

description: L2 cache

physical id: 22

slot: L2-Cache

size: 2MB

capacity: 2MB

capabilities: pipeline-burst internal varies unified

Page 64: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

64 of 127 11/10/08 12:44

id: cache:2

description: L3 cache

physical id: 23

slot: L3-Cache

capabilities: internal

id: memory:0

description: System Memory

physical id: 4a

slot: System board or motherboard

size: 32GB

id: bank:0

description: DIMM Synchronous 333 MHz (3.0 ns)

product: PartNum0

vendor: Manufacturer0

physical id: 0

serial: SerNum0

slot: DIMM0

size: 64MB

width: 64 bits

clock: 333MHz (3.0ns)

id: bank:1

description: DIMM Synchronous 333 MHz (3.0 ns)

product: PartNum1

vendor: Manufacturer1

physical id: 1

serial: SerNum1

slot: DIMM1

size: 64MB

width: 64 bits

clock: 333MHz (3.0ns)

id: memory:1

description: Memory controller

product: CK804 Memory Controller

vendor: nVidia Corporation

physical id: 7

bus info: pci@00:00.0

version: a3

width: 32 bits

clock: 66MHz (15.2ns)

capabilities: bus_master cap_list

configuration: latency = 0

id: isa

description: ISA bridge

product: CK804 ISA Bridge

vendor: nVidia Corporation

physical id: 100

bus info: pci@00:01.0

version: f3

width: 32 bits

clock: 66MHz

capabilities: isa bus_master

configuration: latency = 0

id: serial

description: SMBus

product: CK804 SMBus

vendor: nVidia Corporation

physical id: 1.1

bus info: pci@00:01.1

version: a2

width: 32 bits

clock: 66MHz

capabilities: cap_list

configuration: driver = nForce2_smbus

latency = 0

maxlatency = 1

mingnt = 3

resources: ioport : 2800-281f

ioport : 4c00-4c3f

ioport : 4c40-4c7f

Page 65: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

65 of 127 11/10/08 12:44

id: usb:0

description: USB Controller

product: CK804 USB Controller

vendor: nVidia Corporation

physical id: 2

bus info: pci@00:02.0

version: a2

width: 32 bits

clock: 66MHz

capabilities: ohci bus_master cap_list

configuration: driver = ohci_hcd

latency = 0

maxlatency = 1

mingnt = 3

resources: iomemory : fe8ff000-fe8fffff

irq : 21

id: usbhost

product: OHCI Host Controller

vendor: Linux 2.6.20.3-ubuntu1-custom.bai1bai01 ohci_hcd

physical id: 1

bus info: usb@2

logical name: usb2

version: 2.06

capabilities: usb-1.10

configuration: driver = hub

maxpower = 0mA

slots = 7

speed = 12.0MB/s

id: usb:0

description: Keyboard

product: Virtual Keyboard and Mouse

vendor: American Megatrends Inc.

physical id: 3

bus info: usb@2:3

version: 1.00

capabilities: usb-1.10

configuration: driver = usbhid

maxpower = 0mA

speed = 12.0MB/s

id: usb:1

description: Mass storage device

product: Virtual Cdrom Device

vendor: American Megatrends Inc.

physical id: 4

bus info: usb@2:4

logical name: scsi3

version: 1.00

capabilities: usb-1.10 emulated scsi-host

configuration: driver = usb-storage

maxpower = 0mA

speed = 12.0MB/s

id: cdrom

description: SCSI CD-ROM

product: Virtual CDROM

vendor: AMI

physical id: 0.0.0

bus info: scsi@3:0.0.0

logical name: /dev/scd1

logical name: /dev/sr1

version: 1.00

capabilities: removable audio

id: disc

physical id:

0

logical name:

/dev/scd1

id: usb:2

description: Mass storage device

product: Virtual Floppy Device

vendor: American Megatrends Inc.

Page 66: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

66 of 127 11/10/08 12:44

id: usb:2

physical id: 5

bus info: usb@2:5

logical name: scsi4

version: 1.00

capabilities: usb-1.10 floppy emulated scsi-host

configuration: driver = usb-storage

maxpower = 0mA

speed = 12.0MB/s

id: disk

description: SCSI Disk

product: Virtual Floppy

vendor: AMI

physical id: 0.0.0

bus info: scsi@4:0.0.0

logical name: /dev/sdc

version: 1.00

capabilities: removable

id: disc

physical id:

0

logical name:

/dev/sdc

id: usb:1

description: USB Controller

product: CK804 USB Controller

vendor: nVidia Corporation

physical id: 2.1

bus info: pci@00:02.1

version: a3

width: 32 bits

clock: 66MHz

capabilities: ehci bus_master cap_list

configuration: driver = ehci_hcd

latency = 0

maxlatency = 1

mingnt = 3

resources: iomemory : fe8fec00-fe8fecff

irq : 22

id: usbhost

product: EHCI Host Controller

vendor: Linux 2.6.20.3-ubuntu1-custom.bai1bai01 ehci_hcd

physical id: 1

bus info: usb@1

logical name: usb1

version: 2.06

capabilities: usb-2.00

configuration: driver = hub

maxpower = 0mA

slots = 7

speed = 480.0MB/s

id: usb

description: USB hub

product: CY7C65640 USB-2.0 "TetraHub"

vendor: Cypress Semiconductor Corp.

physical id: 6

bus info: usb@1:6

version: 0.0b

capabilities: usb-2.00

configuration: driver = hub

maxpower = 100mA

slots = 4

speed = 480.0MB/s

id: ide

description: IDE interface

product: CK804 IDE

vendor: nVidia Corporation

physical id: 6

Page 67: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

67 of 127 11/10/08 12:44

id: ide

bus info: pci@00:06.0

logical name: scsi0

logical name: scsi1

version: f2

width: 32 bits

clock: 66MHz

capabilities: ide bus_master cap_list emulated scsi-host

configuration: driver = pata_amd

latency = 0

maxlatency = 1

mingnt = 3

resources: iomemory : 1f0-1f7

iomemory : 3f0-3ef

iomemory : 170-177

iomemory : 370-36f

ioport : 2000-200f

id: cdrom

description: DVD reader

product: CD-RW CW-8124

vendor: MATSHITA

physical id: 0.0.0

bus info: scsi@0:0.0.0

logical name: /dev/cdrom

logical name: /dev/dvd

logical name: /dev/scd0

logical name: /dev/sr0

version: DZ13

serial: [MATSHITACD-RW CW-8124 DZ13PP 02/23/05+C

capabilities: removable audio cd-r cd-rw dvd

configuration: ansiversion = 5

id: disc

physical id:

0

logical name:

/dev/cdrom

id: pci:0

description: PCI bridge

product: CK804 PCI Bridge

vendor: nVidia Corporation

physical id: 9

bus info: pci@00:09.0

version: f2

width: 32 bits

clock: 66MHz

capabilities: pci subtractive_decode bus_master

id: display

description: VGA compatible controller

product: Rage XL

vendor: ATI Technologies Inc

physical id: 6

bus info: pci@01:06.0

version: 27

size: 16MB

width: 32 bits

clock: 33MHz

capabilities: vga bus_master cap_list

configuration: latency = 64

mingnt = 8

resources: iomemory : fd000000-fdffffff

ioport : d800-d8ff

iomemory : fe1ff000-fe1fffff

irq : 10

id: pci:1

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: 101

bus info: pci@00:0b.0

version: f3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

Page 68: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

68 of 127 11/10/08 12:44

id: pci:1

configuration: driver = pcieport-driver

id: pci:2

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: 102

bus info: pci@00:0c.0

version: f3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

configuration: driver = pcieport-driver

id: pci:3

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: 103

bus info: pci@00:0d.0

version: f3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

configuration: driver = pcieport-driver

id: pci:4

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: 104

bus info: pci@00:0e.0

version: a3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

configuration: driver = pcieport-driver

id: pci:5

description: PCI bridge

product: AMD-8132 PCI-X Bridge

vendor: Advanced Micro Devices [AMD]

physical id: 105

bus info: pci@00:10.0

version: 12

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

id: network:0

description: Ethernet interface

product: 82546EB Gigabit Ethernet Controller (Copper)

vendor: Intel Corporation

physical id: 1

bus info: pci@06:01.0

logical name: eth4

version: 03

serial: 00:14:4f:78:b4:28

size: 1GB/s

capacity: 1GB/s

width: 64 bits

clock: 66MHz

capabilities: bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation

configuration: autonegotiation = on

broadcast = yes

driver = e1000

driverversion = 7.3.15-k2-NAPI

duplex = full

firmware = N/A

ip = 130.225.49.231

latency = 64

link = yes

mingnt = 255

multicast = yes

port = twisted pair

speed = 1GB/s

Page 69: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

69 of 127 11/10/08 12:44

id: network:0

resources: iomemory : fe2e0000-fe2fffff

ioport : ec00-ec3f

irq : 48

id: network:1

description: Ethernet interface

product: 82546EB Gigabit Ethernet Controller (Copper)

vendor: Intel Corporation

physical id: 1.1

bus info: pci@06:01.1

logical name: eth5

version: 03

serial: 00:14:4f:78:b4:29

capacity: 1GB/s

width: 64 bits

clock: 66MHz

capabilities: bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation

configuration: autonegotiation = on

broadcast = yes

driver = e1000

driverversion = 7.3.15-k2-NAPI

firmware = N/A

latency = 64

link = no

mingnt = 255

multicast = yes

port = twisted pair

resources: iomemory : fe2c0000-fe2dffff

ioport : e800-e83f

irq : 49

id: network:2

description: Ethernet interface

product: 82546EB Gigabit Ethernet Controller (Copper)

vendor: Intel Corporation

physical id: 2

bus info: pci@06:02.0

logical name: eth6

version: 03

serial: 00:14:4f:78:b4:2a

capacity: 1GB/s

width: 64 bits

clock: 66MHz

capabilities: bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation

configuration: autonegotiation = on

broadcast = yes

driver = e1000

driverversion = 7.3.15-k2-NAPI

firmware = N/A

latency = 64

link = no

mingnt = 255

multicast = yes

port = twisted pair

resources: iomemory : fe2a0000-fe2bffff

ioport : e400-e43f

irq : 50

id: network:3

description: Ethernet interface

product: 82546EB Gigabit Ethernet Controller (Copper)

vendor: Intel Corporation

physical id: 2.1

bus info: pci@06:02.1

logical name: eth7

version: 03

serial: 00:14:4f:78:b4:2b

capacity: 1GB/s

width: 64 bits

clock: 66MHz

capabilities: bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation

configuration: autonegotiation = on

broadcast = yes

driver = e1000

driverversion = 7.3.15-k2-NAPI

firmware = N/A

latency = 64

link = no

mingnt = 255

Page 70: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

70 of 127 11/10/08 12:44

id: network:3

multicast = yes

port = twisted pair

resources: iomemory : fe280000-fe29ffff

ioport : e000-e03f

irq : 51

id: system:0

description: PIC

product: AMD-8132 PCI-X IOAPIC

vendor: Advanced Micro Devices [AMD]

physical id: 10.1

bus info: pci@00:10.1

version: 12

width: 64 bits

clock: 33MHz

capabilities: io-apic bus_master

configuration: latency = 0

resources: iomemory : fe8fd000-fe8fdfff

id: pci:6

description: PCI bridge

product: AMD-8132 PCI-X Bridge

vendor: Advanced Micro Devices [AMD]

physical id: 11

bus info: pci@00:11.0

version: 12

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

id: scsi

description: SCSI storage controller

product: SAS1064 PCI-X Fusion-MPT SAS

vendor: LSI Logic / Symbios Logic

physical id: 4

bus info: pci@07:04.0

logical name: scsi2

version: 02

width: 64 bits

clock: 66MHz

capabilities: scsi bus_master cap_list scsi-host

configuration: driver = mptsas

latency = 72

maxlatency = 10

mingnt = 64

resources: iomemory : fe7fc000-fe7fffff

iomemory : fe7e0000-fe7effff

irq : 56

id: disk:0

description: SCSI Disk

product: ST973401LSUN72G

vendor: SEAGATE

physical id: 0.0.0

bus info: scsi@2:0.0.0

logical name: /dev/sda

version: 0556

serial: 0411FW94 3LB1FW94

size: 68GB

capabilities: 10000rpm partitioned partitioned:dos

configuration: ansiversion = 3

id: volume:0

description: Linux filesystem partition

physical id: 1

bus info: scsi@2:0.0.0,1

logical name: /dev/sda1

capacity: 9538MB

capabilities: primary

id: volume:1

description: Linux swap / Solaris partition

physical id: 2

Page 71: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

71 of 127 11/10/08 12:44

id: volume:1

bus info: scsi@2:0.0.0,2

logical name: /dev/sda2

capacity: 9538MB

capabilities: primary nofs

id: volume:2

description: Linux filesystem partition

physical id: 3

bus info: scsi@2:0.0.0,3

logical name: /dev/sda3

capacity: 49GB

capabilities: primary

id: disk:1

description: SCSI Disk

product: ST973401LSUN72G

vendor: SEAGATE

physical id: 0.1.0

bus info: scsi@2:0.1.0

logical name: /dev/sdb

version: 0556

serial: 0411FQ2Y 3LB1FQ2Y

size: 68GB

capabilities: 10000rpm partitioned partitioned:dos

configuration: ansiversion = 3

id: volume

description: Solaris partition

physical id: 1

bus info: scsi@2:0.1.0,1

logical name: /dev/sdb1

capacity: 68GB

capabilities: primary bootable

id: system:1

description: PIC

product: AMD-8132 PCI-X IOAPIC

vendor: Advanced Micro Devices [AMD]

physical id: 11.1

bus info: pci@00:11.1

version: 12

width: 64 bits

clock: 33MHz

capabilities: io-apic bus_master

configuration: latency = 0

resources: iomemory : fe8fc000-fe8fcfff

id: pci:7

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 106

bus info: pci@00:18.0

version: 00

width: 32 bits

clock: 33MHz

id: pci:8

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 107

bus info: pci@00:18.1

version: 00

width: 32 bits

clock: 33MHz

id: pci:9

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

Page 72: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

72 of 127 11/10/08 12:44

id: pci:9

physical id: 108

bus info: pci@00:18.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:10

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 109

bus info: pci@00:18.3

version: 00

width: 32 bits

clock: 33MHz

id: pci:11

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 10a

bus info: pci@00:19.0

version: 00

width: 32 bits

clock: 33MHz

id: pci:12

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 10b

bus info: pci@00:19.1

version: 00

width: 32 bits

clock: 33MHz

id: pci:13

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 10c

bus info: pci@00:19.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:14

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 10d

bus info: pci@00:19.3

version: 00

width: 32 bits

clock: 33MHz

id: pci:15

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 10e

bus info: pci@00:1a.0

version: 00

width: 32 bits

clock: 33MHz

id: pci:16

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 10f

bus info: pci@00:1a.1

version: 00

width: 32 bits

Page 73: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

73 of 127 11/10/08 12:44

id: pci:16

clock: 33MHz

id: pci:17

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 110

bus info: pci@00:1a.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:18

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 111

bus info: pci@00:1a.3

version: 00

width: 32 bits

clock: 33MHz

id: pci:19

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 112

bus info: pci@00:1b.0

version: 00

width: 32 bits

clock: 33MHz

id: pci:20

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 113

bus info: pci@00:1b.1

version: 00

width: 32 bits

clock: 33MHz

id: pci:21

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 114

bus info: pci@00:1b.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:22

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 115

bus info: pci@00:1b.3

version: 00

width: 32 bits

clock: 33MHz

id: pci:23

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 116

bus info: pci@00:1c.0

version: 00

width: 32 bits

clock: 33MHz

Page 74: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

74 of 127 11/10/08 12:44

id: pci:24

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 117

bus info: pci@00:1c.1

version: 00

width: 32 bits

clock: 33MHz

id: pci:25

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 118

bus info: pci@00:1c.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:26

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 119

bus info: pci@00:1c.3

version: 00

width: 32 bits

clock: 33MHz

id: pci:27

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 11a

bus info: pci@00:1d.0

version: 00

width: 32 bits

clock: 33MHz

id: pci:28

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 11b

bus info: pci@00:1d.1

version: 00

width: 32 bits

clock: 33MHz

id: pci:29

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 11c

bus info: pci@00:1d.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:30

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 11d

bus info: pci@00:1d.3

version: 00

width: 32 bits

clock: 33MHz

id: pci:31

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 11e

Page 75: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

75 of 127 11/10/08 12:44

id: pci:31

bus info: pci@00:1e.0

version: 00

width: 32 bits

clock: 33MHz

id: pci:32

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 11f

bus info: pci@00:1e.1

version: 00

width: 32 bits

clock: 33MHz

id: pci:33

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 120

bus info: pci@00:1e.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:34

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 121

bus info: pci@00:1e.3

version: 00

width: 32 bits

clock: 33MHz

id: pci:35

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 122

bus info: pci@00:1f.0

version: 00

width: 32 bits

clock: 33MHz

id: pci:36

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 123

bus info: pci@00:1f.1

version: 00

width: 32 bits

clock: 33MHz

id: pci:37

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 124

bus info: pci@00:1f.2

version: 00

width: 32 bits

clock: 33MHz

id: pci:38

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 125

bus info: pci@00:1f.3

version: 00

width: 32 bits

clock: 33MHz

Page 76: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

76 of 127 11/10/08 12:44

id: memory:2

description: Memory controller

product: CK804 Memory Controller

vendor: nVidia Corporation

physical id: 0

bus info: pci@80:00.0

version: a3

width: 32 bits

clock: 66MHz (15.2ns)

capabilities: bus_master cap_list

configuration: latency = 0

id: memory:3

description: Memory controller

product: CK804 Memory Controller

vendor: nVidia Corporation

physical id: a

bus info: pci@80:01.0

version: f3

width: 32 bits

clock: 66MHz (15.2ns)

capabilities: bus_master

configuration: latency = 0

resources: iomemory : feaff000-feafffff

id: pci:39

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: 126

bus info: pci@80:0b.0

version: f3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

configuration: driver = pcieport-driver

id: pci:40

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: c

bus info: pci@80:0c.0

version: f3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

configuration: driver = pcieport-driver

id: pci:41

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: 127

bus info: pci@80:0d.0

version: f3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

configuration: driver = pcieport-driver

id: pci:42

description: PCI bridge

product: CK804 PCIE Bridge

vendor: nVidia Corporation

physical id: 128

bus info: pci@80:0e.0

version: a3

width: 32 bits

clock: 33MHz

capabilities: pci normal_decode bus_master cap_list

configuration: driver = pcieport-driver

./Maskinstue/D1-104/Rack_2/multimus05/index.php

multimus05

Page 77: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

77 of 127 11/10/08 12:44

Dette burde nok komme fra en database...

Status I drift

Model Sun Fire x4100 M2

CPU model Dual-Core AMD 2220

CPU antal 2

CPU clock 2.8 GHz

CPU cache 2 MB/

RAM 8GB

RAM-slots

8: Jeg mener at det er som foelger

1GB 1GB 1GB 1GB

1GB 1GB 1GB 1GB

prtdiag

root@multimus05:/# prtdiag System Configuration: Sun Microsystems Sun Fire X4100 M2BIOS Configuration: American Megatrends Inc. 080012 02/02/2007BMC Configuration: IPMI 1.5 (KCS: Keyboard Controller Style)

==== Processor Sockets ====================================

Version Location Tag-------------------------------- --------------------------Dual-Core AMD Opteron(tm) Processor 2220 CPU 1Dual-Core AMD Opteron(tm) Processor 2220 CPU 2

==== Memory Device Sockets ================================

Type Status Set Device Locator Bank Locator------- ------ --- ------------------- --------------------DDR2 in use 0 DIMM0 BANK0DDR2 in use 0 DIMM1 BANK1DDR2 in use 0 DIMM2 BANK2DDR2 in use 0 DIMM3 BANK3DDR2 in use 0 DIMM4 BANK4DDR2 in use 0 DIMM5 BANK5DDR2 in use 0 DIMM6 BANK6DDR2 in use 0 DIMM7 BANK7

==== On-Board Devices ===================================== LSI serial-ATA #1 Gigabit Ethernet #1 ATI Rage XL VGA

==== Upgradeable Slots ====================================

ID Status Type Description--- --------- ---------------- ----------------------------0 available other PCIExp SLOT01 available other PCIExp SLOT12 available PCI-X PCIX SLOT23 available other PCIExp SLOT34 available other PCIExp SLOT4

./Maskinstue/D1-104/Rack_3/aegir/index.php

aegirDette burde nok komme fra en database...

Status I drift. Paa vej ud....

Model Sun E450

CPU model US-II

CPU antal 4

CPU clock 400 MHz

CPU cache 4 MB

RAM 2GB

RAM-slots

2: tekst...

128MB 128MB 128MB 128MB

128MB 128MB 128MB 128MB

256MB 256MB 256MB 256MB

- - - -

prtdiag

root@aegir:/pack/www-docs/www.hst.aau.dk/Course-material# prtdiag System Configuration: Sun Microsystems sun4u Sun Enterprise 450 (4 X UltraSPARC-II 400MHz)System clock frequency: 100 MHzMemory size: 2048 Megabytes

========================= CPUs =========================

Run Ecache CPU CPUBrd CPU Module MHz MB Impl. Mask--- --- ------- ----- ------ ------ ----SYS 0 0 400 4.0 US-II 9.0SYS 1 1 400 4.0 US-II 9.0SYS 2 2 400 4.0 US-II 9.0SYS 3 3 400 4.0 US-II 9.0

========================= Memory =========================

Interlv. Socket SizeBank Group Name (MB) Status---- ----- ------ ---- ------ 0 none 1901 128 OK 0 none 1902 128 OK 0 none 1903 128 OK 0 none 1904 128 OK 1 none 1801 128 OK 1 none 1802 128 OK 1 none 1803 128 OK 1 none 1804 128 OK 2 none 1701 256 OK 2 none 1702 256 OK 2 none 1703 256 OK 2 none 1704 256 OK

========================= IO Cards =========================

Bus FreqBrd Type MHz Slot Name Model--- ---- ---- ---- -------------------------------- ----------------------SYS PCI 33 1 pciclass,001000 Symbios,53C875 SYS PCI 33 2 pciclass,001000 Symbios,53C875 SYS PCI 33 3 pciclass,068000 SYS PCI 33 3 pciclass,020000 SUNW,pci-qfe SYS PCI 33 3 pciclass,068000 SYS PCI 33 3 pciclass,020000 SUNW,pci-qfe SYS PCI 33 3 pciclass,068000 SYS PCI 33 3 pciclass,020000 SUNW,pci-qfe SYS PCI 33 3 pciclass,068000 SYS PCI 33 3 pciclass,020000 SUNW,pci-qfe SYS PCI 66 4 fibre-channel SYS PCI 66 5 pciclass,020000 SUNW,pci-gem SYS PCI 33 6 pciclass,001000 Symbios,53C875 SYS PCI 33 7 pciclass,068000 SYS PCI 33 7 pciclass,020000 SUNW,pci-qfe SYS PCI 33 7 pciclass,068000 SYS PCI 33 7 pciclass,020000 SUNW,pci-qfe SYS PCI 33 7 pciclass,068000 SYS PCI 33 7 pciclass,020000 SUNW,pci-qfe SYS PCI 33 7 pciclass,068000 SYS PCI 33 7 pciclass,020000 SUNW,pci-qfe SYS PCI 33 9 pciclass,001000 Symbios,53C875 SYS PCI 33 10 pciclass,001000 Symbios,53C875

No failures found in System===========================

Page 78: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

78 of 127 11/10/08 12:44

./Maskinstue/D1-104/Rack_3/multimus01/index.php

multimus01Dette burde nok komme fra en database...

Status I drift

Model Sun X4100

CPU model AMD Opteron 254

CPU antal 2

CPU clock 2.8 GHz

CPU cache 1 MB

RAM 8GB

RAM-slots8: halvfuld

2GB 2GB - - 2GB 2GB - -

prtdiag

root@multimus01:~# prtdiag System Configuration: Sun Microsystems Sun Fire X4100 ServerBIOS Configuration: American Megatrends Inc. 080010 08/10/2005BMC Configuration: IPMI 2.0 (KCS: Keyboard Controller Style)

==== Processor Sockets ====================================

Version Location Tag-------------------------------- --------------------------AMD Opteron(tm) Processor 254 H0AMD Opteron(tm) Processor 254 H1

==== Memory Device Sockets ================================

Type Status Set Device Locator Bank Locator------- ------ --- ------------------- --------------------DDR in use 0 H0_DIMM0 BANK0DDR in use 0 H0_DIMM1 BANK1unknown empty 0 H0_DIMM2 BANK2unknown empty 0 H0_DIMM3 BANK3DDR in use 0 H1_DIMM0 BANK4DDR in use 0 H1_DIMM1 BANK5unknown empty 0 H1_DIMM2 BANK6unknown empty 0 H1_DIMM3 BANK7

==== On-Board Devices ===================================== LSI serial-ATA #1 Gigabit Ethernet #1 Gigabit Ethernet #2 ATI Rage XL VGA

==== Upgradeable Slots ====================================

ID Status Type Description--- --------- ---------------- ----------------------------0 in use PCI-X PCIX SLOT01 available PCI-X PCIX SLOT12 available PCI-X PCIX SLOT23 available PCI-X PCIX SLOT34 available PCI-X PCIX SLOT4

./Maskinstue/D1-104/Rack_3/illiacus/index.php

illiacusDette burde nok komme fra en database...

Status I drift. SunRay server

Model Sun x4100

CPU model Dual Core AMD Opteron 280

CPU antal 2

CPU clock 2.4GHz

CPU cache 2 MB

RAM 4GB

RAM-slots

8:

1GB - 1GB -

1GB - 1GB -

prtdiag

root@illiacus:/mnt_multimus01# prtdiag System Configuration: Sun Microsystems Sun Fire X4100 ServerBIOS Configuration: American Megatrends Inc. 080010 08/10/2005BMC Configuration: IPMI 2.0 (KCS: Keyboard Controller Style)

==== Processor Sockets ====================================

Version Location Tag-------------------------------- --------------------------Dual Core AMD Opteron(tm) Processor 280 H0Dual Core AMD Opteron(tm) Processor 280 H1Dual Core AMD Opteron(tm) Processor 280 H2Dual Core AMD Opteron(tm) Processor 280 H3

==== Memory Device Sockets ================================

Type Status Set Device Locator Bank Locator------- ------ --- ------------------- --------------------DDR in use 0 H0_DIMM0 BANK0DDR in use 0 H0_DIMM1 BANK1unknown empty 0 H0_DIMM2 BANK2unknown empty 0 H0_DIMM3 BANK3DDR in use 0 H1_DIMM0 BANK4DDR in use 0 H1_DIMM1 BANK5unknown empty 0 H1_DIMM2 BANK6unknown empty 0 H1_DIMM3 BANK7

==== On-Board Devices ===================================== LSI serial-ATA #1 Gigabit Ethernet #1 Gigabit Ethernet #2 ATI Rage XL VGA

==== Upgradeable Slots ====================================

ID Status Type Description--- --------- ---------------- ----------------------------0 in use PCI-X PCIX SLOT01 available PCI-X PCIX SLOT12 available PCI-X PCIX SLOT23 available PCI-X PCIX SLOT34 available PCI-X PCIX SLOT4

./Maskinstue/D1-104/Rack_4/cluster2/index.php

cluster2Dette burde nok komme fra en database...

Status I drift

Model Hjemmelavet

CPU model AMD Opteron 246

Page 79: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

79 of 127 11/10/08 12:44

CPU antal 2

CPU clock 2.0 GHz

CPU cache 1MB

RAM 4GB

RAM-slots

8: Set med lshw -class memory

512MB 512MB 512MB 512MB

512MB 512MB 512MB 512MB

prtdiagDen koerer ikke Solaris, saa den kommando har man ikke.

root@cluster2:/proc# cat /etc/lsb-releaseDISTRIB_ID=UbuntuDISTRIB_RELEASE=6.06DISTRIB_CODENAME=dapperDISTRIB_DESCRIPTION="Ubuntu 6.06.1 LTS"

root@cluster2:/proc# lshw -htmlcluster2

description: Desktop Computer

product: To Be Filled By O.E.M.

vendor: To Be Filled By O.E.M.

version: To Be Filled By O.E.M.

serial: To Be Filled By O.E.M.

width: 32 bits

capabilities: smbios-2.3 dmi-2.3

configuration:

boot = normal

chassis = desktop

uuid = 00020003-0004-0005-0006-000700080009

core

description: Motherboard

product: TYAN High-End Dual AMD Opteron, S2882

vendor: TYAN

physical id: 0

version: To be filled by O.E.M.

serial: To be filled by O.E.M.

slot: AMD Opteron(tm) Processor 246

firmware

description: BIOS

vendor: American Megatrends Inc.

physical id: 0

version: 080010 (06/28/2004)

size: 64KB

capacity: 448KB

capabilities: isa pci pnp apm upgrade shadowing escd cdboot bootselect socketedrom edd int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer int10video acpi usb agp ls120boot zipboot biosbootspecification netboot

cpu:0

description: CPU

product: AMD Opteron(tm) Processor 246

vendor: Advanced Micro Devices [AMD]

physical id: 4

bus info: cpu@0

version: AMD Opteron(tm) Processor 246

serial: To Be Filled By O.E.M.

slot: CPU 1

size: 2GHz

capacity: 2GHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext x86-64 3dnowext 3dnow

cache:0

description: L1 cache

physical id: 5

slot: L1-Cache

size: 64KB

capacity: 64KB

capabilities: pipeline-burst internal varies data

cache:1

description: L2 cache

physical id: 6

slot: L2-Cache

size: 1MB

capacity: 1MB

capabilities: pipeline-burst internal varies unified

cache:2 DISABLED

description: L3 cache

physical id: 7

slot: L3-Cache

capabilities: internal

cpu:1

description: CPU

product: AMD Opteron(tm) Processor 246

vendor: Advanced Micro Devices [AMD]

physical id: 6

bus info: cpu@1

version: AMD Opteron(tm) Processor 246

serial: To Be Filled By O.E.M.

slot: CPU 2

size: 2GHz

capacity: 2GHz

width: 64 bits

clock: 200MHz

capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext x86-64 3dnowext 3dnow

cache:0

Page 80: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

80 of 127 11/10/08 12:44

description: L1 cache

physical id: 9

slot: L1-Cache

size: 64KB

capacity: 64KB

capabilities: pipeline-burst internal varies data

cache:1

description: L2 cache

physical id: a

slot: L2-Cache

size: 1MB

capacity: 1MB

capabilities: pipeline-burst internal varies unified

cache:2 DISABLED

description: L3 cache

physical id: b

slot: L3-Cache

capabilities: internal

memory

description: System Memory

physical id: 2b

slot: System board or motherboard

size: 4GB

bank:0

description: DIMM SDRAM Synchronous

product: PartNum0

vendor: Manufacturer0

physical id: 0

serial: SerNum0

slot: DIMM0

size: 512MB

width: 64 bits

bank:1

description: DIMM SDRAM Synchronous

product: PartNum1

vendor: Manufacturer1

physical id: 1

serial: SerNum1

slot: DIMM1

size: 512MB

width: 64 bits

bank:2

description: DIMM SDRAM Synchronous

product: PartNum2

vendor: Manufacturer2

physical id: 2

serial: SerNum2

slot: DIMM2

size: 512MB

width: 64 bits

bank:3

description: DIMM SDRAM Synchronous

product: PartNum3

vendor: Manufacturer3

physical id: 3

serial: SerNum3

slot: DIMM3

size: 512MB

width: 64 bits

bank:4

description: DIMM SDRAM Synchronous

product: PartNum4

vendor: Manufacturer4

physical id: 4

serial: SerNum4

slot: DIMM4

size: 512MB

width: 64 bits

bank:5

description: DIMM SDRAM Synchronous

product: PartNum5

vendor: Manufacturer5

physical id: 5

serial: SerNum5

slot: DIMM5

size: 512MB

width: 64 bits

bank:6

description: DIMM SDRAM Synchronous

product: PartNum6

vendor: Manufacturer4

physical id: 6

serial: SerNum6

slot: DIMM6

size: 512MB

width: 64 bits

bank:7

description: DIMM SDRAM Synchronous

product: PartNum7

vendor: Manufacturer5

physical id: 7

serial: SerNum7

slot: DIMM7

size: 512MB

width: 64 bits

Har klippet alt generic:* UNCLAIMED vaek...

Page 81: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

81 of 127 11/10/08 12:44

pci:0

description: PCI bridge

product: AMD-8111 PCI

vendor: Advanced Micro Devices [AMD]

physical id: 100

bus info: pci@00:06.0

version: 07

width: 32 bits

clock: 66MHz

capabilities: pci normal_decode bus_master cap_list

usb:0

description: USB Controller

product: AMD-8111 USB

vendor: Advanced Micro Devices [AMD]

physical id: 0

bus info: pci@03:00.0

version: 0b

width: 32 bits

clock: 33MHz

capabilities: ohci bus_master

configuration: driver = ohci_hcd

resources:iomemory : feafc000-feafcfff

irq : 169

usbhost

product: OHCI Host Controller

vendor: Linux 2.6.15-27-amd64-generic ohci_hcd

physical id: 1

bus info: usb@1

logical name: usb1

version: 2.06

capabilities: usb-1.10

configuration:

driver = hub

maxpower = 0mA

slots = 3

speed = 12.0MB/s

usb:1

description: USB Controller

product: AMD-8111 USB

vendor: Advanced Micro Devices [AMD]

physical id: 0.1

bus info: pci@03:00.1

version: 0b

width: 32 bits

clock: 33MHz

capabilities: ohci bus_master

configuration: driver = ohci_hcd

resources:iomemory : feafd000-feafdfff

irq : 169

usbhost

product: OHCI Host Controller

vendor: Linux 2.6.15-27-amd64-generic ohci_hcd

physical id: 1

bus info: usb@2

logical name: usb2

version: 2.06

capabilities: usb-1.10

configuration:

driver = hub

maxpower = 0mA

slots = 3

speed = 12.0MB/s

storage

description: Mass storage controller

product: SiI 3114 [SATALink/SATARaid] Serial ATA Controller

vendor: Silicon Image, Inc.

physical id: 5

bus info: pci@03:05.0

logical name: scsi0

logical name: scsi1

logical name: scsi2

logical name: scsi3

version: 02

width: 32 bits

clock: 66MHz

capabilities: storage bus_master cap_list scsi-host

configuration: driver = sata_sil

resources:

ioport : bc00-bc07

ioport : b400-b403

ioport : b000-b007

ioport : ac00-ac03

ioport : a800-a80f

iomemory : feafec00-feafefff

irq : 169

display

description: VGA compatible controller

product: Rage XL

vendor: ATI Technologies Inc

physical id: 6

bus info: pci@03:06.0

version: 27

size: 16MB

width: 32 bits

Page 82: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

82 of 127 11/10/08 12:44

clock: 33MHz

capabilities: vga bus_master cap_list

resources:

iomemory : fd000000-fdffffff

ioport : b800-b8ff

iomemory : feaff000-feafffff

irq : 11

network

description: Ethernet interface

product: 82557/8/9 [Ethernet Pro 100]

vendor: Intel Corporation

physical id: 8

bus info: pci@03:08.0

logical name: eth0

version: 10

serial: 00:e0:81:2e:14:75

size: 100MB/s

capacity: 100MB/s

width: 32 bits

clock: 33MHz

capabilities: bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegociation

configuration:

autonegociation = on

broadcast = yes

driver = e100

driverversion = 3.4.14-k4-NAPI

duplex = full

firmware = N/A

ip = 130.225.49.201

link = yes

multicast = yes

port = MII

speed = 100MB/s

resources:

iomemory : feafb000-feafbfff

ioport : a400-a43f

iomemory : feaa0000-feabffff

irq : 193

isa UNCLAIMED

description: ISA bridge

product: AMD-8111 LPC

vendor: Advanced Micro Devices [AMD]

physical id: 101

bus info: pci@00:07.0

version: 05

width: 32 bits

clock: 66MHz

capabilities: isa bus_master

ide

description: IDE interface

product: AMD-8111 IDE

vendor: Advanced Micro Devices [AMD]

physical id: 7.1

bus info: pci@00:07.1

version: 03

width: 32 bits

clock: 33MHz

capabilities: ide bus_master

configuration: driver = AMD_IDE

resources: ioport : ffa0-ffaf

ide:0

description: IDE Channel 0

physical id: 0

bus info: ide@0

logical name: ide0

clock: 33MHz

disk:0

description: ATA Disk

product: ST3120814A

vendor: Seagate

physical id: 0

bus info: [email protected]

logical name: /dev/hda

version: 3.AAJ

serial: 9LS218J9

size: 111GB

capacity: 111GB

capabilities: ata dma lba iordy smart security pm partitioned partitioned:dos

configuration:mode = udma5

smart = on

volume:0

description: Linux raid autodetect partition

physical id: 1

bus info: [email protected],1

logical name: /dev/hda1

capacity: 18GB

capabilities: primary multi

volume:1

description: Linux raid autodetect partition

physical id: 2

bus info: [email protected],2

logical name: /dev/hda2

capacity: 9538MB

capabilities: primary multi

volume:2

description: Linux raid autodetect partition

Page 83: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

83 of 127 11/10/08 12:44

physical id: 3

bus info: [email protected],3

logical name: /dev/hda3

capacity: 83GB

capabilities: primary multi

disk:1

description: ATA Disk

product: ST3120814A

vendor: Seagate

physical id: 1

bus info: [email protected]

logical name: /dev/hdb

version: 3.AAJ

serial: 9LS15CJR

size: 111GB

capacity: 111GB

capabilities: ata dma lba iordy smart security pm partitioned partitioned:dos

configuration:mode = udma5

smart = on

volume:0

description: Linux raid autodetect partition

physical id: 1

bus info: [email protected],1

logical name: /dev/hdb1

capacity: 18GB

capabilities: primary multi

volume:1

description: Linux raid autodetect partition

physical id: 2

bus info: [email protected],2

logical name: /dev/hdb2

capacity: 9538MB

capabilities: primary multi

volume:2

description: Linux raid autodetect partition

physical id: 3

bus info: [email protected],3

logical name: /dev/hdb3

capacity: 83GB

capabilities: primary multi

ide:1

description: IDE Channel 1

physical id: 1

bus info: ide@1

logical name: ide1

clock: 33MHz

cdrom

description: DVD reader

product: ASUS DVD-ROM DVD-E616P 0104

physical id: 0

bus info: [email protected]

logical name: /dev/hdc

version: E1.04

capabilities: packet atapi cdrom removable nonmagnetic dma lba iordy pm audio dvd

configuration: mode = udma4

disc

physical id: 0

logical name: /dev/hdc

serial

description: SMBus

product: AMD-8111 SMBus 2.0

vendor: Advanced Micro Devices [AMD]

physical id: 7.2

bus info: pci@00:07.2

version: 02

width: 32 bits

clock: 33MHz

configuration: driver = amd8111_smbus2

resources:ioport : cc00-cc1f

irq : 10

bridge

description: Bridge

product: AMD-8111 ACPI

vendor: Advanced Micro Devices [AMD]

physical id: 7.3

bus info: pci@00:07.3

version: 05

width: 32 bits

clock: 33MHz

capabilities: bridge

configuration: driver = amd756_smbus

pci:1

description: PCI bridge

product: AMD-8131 PCI-X Bridge

vendor: Advanced Micro Devices [AMD]

physical id: a

bus info: pci@00:0a.0

version: 12

width: 32 bits

clock: 66MHz

capabilities: pci normal_decode bus_master cap_list

network:0 DISABLED

description: Ethernet interface

product: NetXtreme BCM5704 Gigabit Ethernet

Page 84: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

84 of 127 11/10/08 12:44

vendor: Broadcom Corporation

physical id: 9

bus info: pci@02:09.0

logical name: eth1

version: 03

serial: 00:e0:81:2e:13:e6

capacity: 1GB/s

width: 64 bits

clock: 66MHz

capabilities: bus_master cap_list ethernet physical mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegociation

configuration:

autonegociation = on

broadcast = yes

driver = tg3

driverversion = 3.47

duplex = half

link = no

multicast = yes

port = twisted pair

resources:

iomemory : fc8c0000-fc8cffff

iomemory : fc8b0000-fc8bffff

irq : 177

network:1 DISABLED

description: Ethernet interface

product: NetXtreme BCM5704 Gigabit Ethernet

vendor: Broadcom Corporation

physical id: 9.1

bus info: pci@02:09.1

logical name: eth2

version: 03

serial: 00:e0:81:2e:13:e7

capacity: 1GB/s

width: 64 bits

clock: 66MHz

capabilities: bus_master cap_list ethernet physical mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegociation

configuration:

autonegociation = on

broadcast = yes

driver = tg3

driverversion = 3.47

duplex = half

link = no

multicast = yes

port = twisted pair

resources:

iomemory : fc8f0000-fc8fffff

iomemory : fc8e0000-fc8effff

irq : 185

system:0 UNCLAIMED

description: PIC

product: AMD-8131 PCI-X IOAPIC

vendor: Advanced Micro Devices [AMD]

physical id: a.1

bus info: pci@00:0a.1

version: 01

width: 64 bits

clock: 33MHz

capabilities: io-apic bus_master

resources: iomemory : febff000-febfffff

pci:2

description: PCI bridge

product: AMD-8131 PCI-X Bridge

vendor: Advanced Micro Devices [AMD]

physical id: b

bus info: pci@00:0b.0

version: 12

width: 32 bits

clock: 66MHz

capabilities: pci normal_decode bus_master cap_list

system:1 UNCLAIMED

description: PIC

product: AMD-8131 PCI-X IOAPIC

vendor: Advanced Micro Devices [AMD]

physical id: b.1

bus info: pci@00:0b.1

version: 01

width: 64 bits

clock: 33MHz

capabilities: io-apic bus_master

resources: iomemory : febfe000-febfefff

pci:3

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 102

bus info: pci@00:18.0

version: 00

width: 32 bits

clock: 33MHz

pci:4

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 103

bus info: pci@00:18.1

Page 85: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

85 of 127 11/10/08 12:44

version: 00

width: 32 bits

clock: 33MHz

pci:5

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 104

bus info: pci@00:18.2

version: 00

width: 32 bits

clock: 33MHz

pci:6

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 105

bus info: pci@00:18.3

version: 00

width: 32 bits

clock: 33MHz

pci:7

description: Host bridge

product: K8 [Athlon64/Opteron] HyperTransport Technology Configuration

vendor: Advanced Micro Devices [AMD]

physical id: 106

bus info: pci@00:19.0

version: 00

width: 32 bits

clock: 33MHz

pci:8

description: Host bridge

product: K8 [Athlon64/Opteron] Address Map

vendor: Advanced Micro Devices [AMD]

physical id: 107

bus info: pci@00:19.1

version: 00

width: 32 bits

clock: 33MHz

pci:9

description: Host bridge

product: K8 [Athlon64/Opteron] DRAM Controller

vendor: Advanced Micro Devices [AMD]

physical id: 108

bus info: pci@00:19.2

version: 00

width: 32 bits

clock: 33MHz

pci:10

description: Host bridge

product: K8 [Athlon64/Opteron] Miscellaneous Control

vendor: Advanced Micro Devices [AMD]

physical id: 109

bus info: pci@00:19.3

version: 00

width: 32 bits

clock: 33MHz

./Maskinstue/D1-104/Rack_4/DELL-rackpc/index.php

??? DELL-rackpcDette burde nok komme fra en database...

Status I drift. Win 2003 server

Model DELL ???

CPU model Intel P4

CPU antal 1

CPU clock 2.66 GHz

CPU cache ? MB

RAM ??

RAM-slots?: Jeg er helt lost i windows... /Magnus

?GB ?GB

prtdiag

./Maskinstue/D1-104/index.php

Directory Tree. |-- Rack_1 |-- Rack_2 | |-- biceps | |-- cerebrum01 | |-- gracilis | |-- maximus | |-- multimus05 | | `-- Zones-link | |-- soleus | `-- tibialis |-- Rack_3 | |-- aegir | |-- illiacus | `-- multimus01 | `-- Zones-link `-- Rack_4

Page 86: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

86 of 127 11/10/08 12:44

|-- DELL-rackpc |-- cluster2 |-- fiske |-- musedb `-- musets

21 directories

tree v1.5.0 (c) 1996 - 2004 by Steve Baker and Thomas Moore HTML output hacked and copyleft (c) 1998 by Francesc Rocher Charsets / OS/2 support (c) 2001 by Kyosuke Tokoro

./Databaser/index.php

./Databaser/studmysql/index.php

studmysqlI oejeblikket koere dette paa ran. Der er de nyeste studenterdatabaser.

root@aegir:/pack/mibaadmin/MYSQL> ./opret_mysql_user_ran.sh mbro02Doing stuff on ran nowDone on ran

Hvorefter man saa kan finde ~mbro02/public_html/php_studmysql og ~mbro02/.my.cnf

For at teste om et helt semester nu har databaser, og om de er ok:

root@illiacus:/mnt_multimus01# for i in `ypcat group|grep 08gr6| awk -F: '{print $NF}'|tr , '\012'`; do echo echo ======$i======; echo 'echo show tables |sudo -H -u '$i' mysql -u ' $i $i; done| /bin/sh 2>&1

Scriptet /pack/mibaadmin/MYSQL/opret_mysql_user_ran.sh

#!/bin/sh

USER=$1

HOST=studmysqlWEBGROUP=apacheran

if [ -f /home/$USER/.my.cnf -o -f /home/$USER/.my.cnf.$HOST ]; then echo The user $USER has a .my.cnf file already ls -l /home/$USER/.my.cnf /home/$USER/.my.cnf.$HOST 2>/dev/null exit 1fi

# Dette script skulle gerne bruges til at oprette nye brugere med.

# Opgaver:# 1) /pack/admin/bin/gen_mysqluser.pl $USER# 2) Skriv passwd i /home/$USER/.mysql_passwd.ran# 3) chmod 440 /home/$USER/.mysql_passwd.ran# 4) chgrp apacheran /home/$USER/.mysql_passwd.ran# 5) mkdir -p /home/$USER/public_html/php_ran# 6) chgrp apacheran /home/$USER/public_html/php_ran# 7) chmod 710 /home/$USER/public_html/php_ran# 8) Opret /home/$USER/public_html/php_ran/index.php som peger paa 9)# 9) Opret /home/$USER/public_html/php_ran/demo.php### Trin 8 skal ogsaa have links til php manualen og mysql manualen/.#

TEMPDIR=/tmp/.tempdir_$$mkdir $TEMPDIRchmod 700 $TEMPDIR

# 1)/pack/admin/bin/gen_mysqluser.pl $USER >$TEMPDIR/sql 2>$TEMPDIR/passwd

# Koer igennem mysql....(echo '#!/bin/sh'echo '/opt/csw/mysql4/bin/mysql --defaults-file=/.my.cnf mysql <<EOF'cat $TEMPDIR/sqlecho USE $USER\;cat <<EOFCREATE TABLE testtable (id INT NOT NULL ,name VARCHAR( 32 ) NOT NULL) TYPE = MYISAM COMMENT = 'This is just a demo for new users';INSERT INTO testtable ( id , name )VALUES ('1', 'The first value'), ('2', 'The second value');EOFecho EOF) >/pack/mibaadmin/MYSQL/Oprettelser/$USER.shecho Doing stuff on ran nowrsh ran mkdir -p /mngr/MYSQL/Oprettelserrcp /pack/mibaadmin/MYSQL/Oprettelser/$USER.sh ran:/mngr/MYSQL/Oprettelserrsh ran /bin/sh /mngr/MYSQL/Oprettelser/$USER.shrsh ran mv /mngr/MYSQL/Oprettelser/$USER.sh /mngr/MYSQL/Oprettelser/$USER.sh.doneecho Done on ran

# 2), 3), 4)HOSTPWDFIL=/home/$USER/.my.cnftouch $HOSTPWDFILchown $USER:$WEBGROUP $HOSTPWDFILchmod 440 $HOSTPWDFILPWD=`cat $TEMPDIR/passwd`cat /pack/mibaadmin/MYSQL/skelet.my.cnf.studmysql | sed "s/_PASSWORD_/$PWD/" >$HOSTPWDFIL#cat $TEMPDIR/passwd > $HOSTPWDFIL

# 5), 6), 7)HOSTPUBLICHTML=/home/$USER/public_html/php_$HOSTmkdir -p $HOSTPUBLICHTMLchown $USER:$WEBGROUP $HOSTPUBLICHTMLchmod 710 $HOSTPUBLICHTMLchmod g-s $HOSTPUBLICHTML

# 8)SKELETINDEXPHP=/pack/mibaadmin/MYSQL/skelet_index.phpSKELETDEMOPHP=/pack/mibaadmin/MYSQL/skelet_demo.php

cat $SKELETINDEXPHP | sed "s/_USERNAME_/$USER/g;s/_HOSTNAME_/$HOST/g" > $HOSTPUBLICHTML/index.phpcat $SKELETDEMOPHP | sed "s/_USERNAME_/$USER/g;s/_HOSTNAME_/$HOST/g" > $HOSTPUBLICHTML/demo.php

chown $USER:$USER $HOSTPUBLICHTML/*

####

rm -rf $TEMPDIR#ls -l $TEMPDIR

Og dette script kalder /pack/admin/bin/gen_mysqluser.pl, som laver de mysql statements som opretter brugeren, og giver adgang til brugerens database, fralocalhost og fra % (wildcard).

#!/coll/local/bin/perl

#$bogstaver= "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";$bogstaver = "abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRTUVWXYZ2346789";$pwd .= substr($bogstaver,rand(length($bogstaver)),1);$pwd .= substr($bogstaver,rand(length($bogstaver)),1);$pwd .= substr($bogstaver,rand(length($bogstaver)),1);$pwd .= substr($bogstaver,rand(length($bogstaver)),1);$pwd .= substr($bogstaver,rand(length($bogstaver)),1);$pwd .= substr($bogstaver,rand(length($bogstaver)),1);$pwd .= substr($bogstaver,rand(length($bogstaver)),1);$pwd .= substr($bogstaver,rand(length($bogstaver)),1);

$cryptpwd = crypt($pwd,"AL");

#print "$pwd $cryptpwd \n";$USERNAME = @ARGV[0];$PASSWORD = $pwd;#print STDERR "$USERNAME $PASSWORD\n";print STDERR "$PASSWORD\n";

#print "ARGV: " . @ARGV[0] . "\n";

print "CREATE DATABASE $USERNAME;\n";

Page 87: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

87 of 127 11/10/08 12:44

$HOST='localhost';print 'INSERT INTO user (Host,User,Password) VALUES("' . $HOST . '","' . $USERNAME . '",PASSWORD("' . $PASSWORD . '"));' . "\n";print 'INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv) VALUES("' . $HOST . '","' . $USERNAME . '","' . $USERNAME . '","Y","Y","Y","Y","Y","Y","N","Y","Y","Y","Y","Y");' . "\n";

$HOST='%';print 'INSERT INTO user (Host,User,Password) VALUES("' . $HOST . '","' . $USERNAME . '",PASSWORD("' . $PASSWORD . '"));' . "\n";print 'INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv) VALUES("' . $HOST . '","' . $USERNAME . '","' . $USERNAME . '","Y","Y","Y","Y","Y","Y","N","Y","Y","Y","Y","Y");' . "\n";

print "FLUSH PRIVILEGES;\n";

./Network/VLANs/index.php

HST NetworkVi har nogle switche paa det gamle, og nogle paa det nye administrative VLAN. De nye faar nye navne, som jeg saa melder til Jens naar vi er faerdige med at brugedet gamle. Vi kan IKKE rette dem loebende, de gamle navne, da vmpsd bruger navne og ikke nummre. Hvis vi skulle rette, saa skulle den nemlig ogsaa rettes,praecis samtidigt.

De VLANs som vi har til raadighed er:

root@ciscoadm:/space/Cisco_admin/DoCisco# cat hst_vlans.txt## Liste over VLAN nummre og navne#30 hst-backbone31 hst-lsr32 hst-staff# hst-print har alle printerene og printserveren33 hst-print# hst-private var ment til private maskiner, men er vist aldrig brugt34 hst-private35 hst-lab36 hst-sunray# hst-nat blev brugt til to maskiner som fik NAT adgang pga Skype i starten37 hst-nat# hst-dims bruges til iSCSI, samt admin til SATAboy og baandstation38 hst-dims# hst-muse er et lokalt net til de to HP muse maskiner39 hst-muse267 i8-stud-d268 i8-seminarrum410 411 412 413 414 415 416 CVU-oppe417 CVU-nede418 CVU-print# hst-management bruges til Cisco Management, som erstatning for VLAN 1419 hst-management

Man kan ogsaa spoerge dem direkte:

root@ciscoadm:/space/Cisco_admin/DoCisco# ./do_cisco show_vlan_brief cisk610aContacting cisk610aFound ../.passwd

cisk610a#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Gi0/39, Gi0/41, Gi0/43, Gi0/45 Gi0/49, Gi0/50, Gi0/5130 hst-backbone active 31 hst-lsr active 32 hst-staff active Gi0/1333 hst-print active 34 hst-private active 35 hst-lab active 36 hst-sunray active 37 hst-nat active 38 hst-dims active 39 hst-muse active 54 frb7-wlan active 267 i8-stud-d active 268 i8-seminarrum active Gi0/7290 studnet1.ins active Gi0/22, Gi0/23, Gi0/24416 CVU-oppe active 417 CVU-nede active 418 CVU-print active 419 hst-management active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup cisk610a#

./Network/VLANs/hst-dims/index.php

VLAN 38 dims-net Dette net blev lavet til admin interfaces paa ATABoy, V20z maskinerne mm.

Nu bruges det ogsaa til iSCSI, selvom det maaske ikke skulle bruges til to formaal paa en gang....

10.11.12.12 aegir Til web-snak mm.

10.11.12.13 V20z Service Processor

10.11.12.14 V20z Service Processor

10.11.12.15 NEO baanddstation Til web-snak (windoze)

10.11.12.16 SATABoy iSCSI og web

10.11.12.17 SATABoy iSCSI og web

10.11.12.70 tibialis iSCSI

10.11.12.90 K6.09 Thumper ILOM

10.11.12.91 K6.09 Thumper iSCSI

10.11.12.92 K6.09 esx01 vmware Service Console HTTP/SSH

10.11.12.93 K6.09 esx01 vmware VMkernel NFS

10.11.12.94 K6.09 esx01 vmware Solaris10_2 iSCSI

10.11.12.95 K6.09 esx02 vmware Service Console HTTP/SSH

10.11.12.96 K6.09 esx02 vmware VMkernel NFS

10.11.12.97 K6.09 esx02 vmware nfs-01 iSCSI

10.11.12.129 Windoze 2003 VC server HTTPS

10.11.12.132 multimus01/e1000g38003:1/unattended zone Var ment til unattended

10.11.12.225 multimus01/e1000g1/global zone iSCSI, mener jeg

10.11.12.241 UPS 1 web

10.11.12.242 UPS 2 web

10.11.12.243 UPS 3 web

10.11.12.244 UPS 4 web

Page 88: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

88 of 127 11/10/08 12:44

10.11.12.

10.11.12.248 cfcks12a Cisco

10.11.12.249 cfcks12b Cisco

10.11.12.

10.11.12.

10.11.12.

10.11.12.

10.11.12.

10.11.12.

10.11.12.

./Network/index.php

./Services/index.php

./Services/IMAP/index.php

./Services/IMAP/HomeDirs2tibialis/index.php

IMAP homedirectories til tibialisDet er meningen at tibialis skal vaere en blackbox, saaledes at alt vedroerende e-mail ligger derpaa, og kun derpaa.

Jeg har et script til at flytte enkelte brugere over paa den, men det kraever at jeg foerst faar rettet emailsetup.php scriptet, og maaske flere ting?

Rette emailsetup systemet, saaledes at den koerer paa tibialis direkte.1.

root@tibialis:/space/DTraceToolkit-0.96# ls -utl /space/admin/bin/total 12-rwxr-xr-x 1 root root 2149 Dec 11 19:12 move_imap_to_tibialis.sh-rwxr-xr-x 1 root root 435 Dec 11 19:12 upgrade_bayes2-3.sh-rw-r--r-- 1 root root 45 Sep 23 00:31 homedir-files.lst-rwxr-xr-x 1 root root 296 Sep 22 18:39 zfs_send_magnus.sh

REV=2007.10.29 php5_ldap [Not installed] 5.2.4,REV=2007.10.29 php5_mcrypt [Not installed] 5.2.4,REV=2007.10.29 php5_mhash [Not installed] 5.2.4,REV=2007.10.29php5_mssql [Not installed] 5.2.4,REV=2007.10.29 php5_mysql [Not installed] 5.2.4,REV=2007.10.29 php5_mysqli [Not installed] 5.2.4,REV=2007.10.29 php5_odbc [Notinstalled] 5.2.4,REV=2007.10.29 php5_openssl [Not installed] 5.2.1,REV=2007.02.20 php5_pdomysql [Not installed] 5.2.4,REV=2007.10.29 php5_pdoodbc [Not installed]5.2.4,REV=2007.10.29 php5_pdopgsql [Not installed] 5.2.4,REV=2007.10.29 php5_pdosqlite [Not installed] 5.2.4,REV=2007.10.29 php5_pgsql [Not installed]5.2.4,REV=2007.10.29 php5_pspell [Not installed] 5.2.4,REV=2007.10.29 php5_readline [Not installed] 5.2.4,REV=2007.10.29 php5_session [Not installed]5.2.1,REV=2007.02.20 php5_snmp [Not installed] 5.2.4,REV=2007.10.29 php5_sqlite [Not installed] 5.2.4,REV=2007.10.29 php5_wddx [Not installed]5.2.4,REV=2007.10.29 php5_xsl [Not installed] 5.2.4,REV=2007.10.29 phpldapadmin [Not installed] 1.0.2,REV=2007.10.10 phpmyadmin [Not installed] 2.11.0 swigphp4rt[Not installed] 1.3.21 root@tibialis:/space/DTraceToolkit-0.96# pkg-get -i apache2 No existing install of CSWapache2 found. Installing...

./Services/SMTP/index.php

./Services/SMTP/Sendmail/index.php

SendmailEt kursus i sendmail som jeg faldt over.

Jeg har hentet PDF filen, som nu ogsaa ligger i Demystifying-Sendmail.pdf

Derudover kopierede jeg ogsaa lige et kursus med noter, som han har lavet: DNSandSendmail course sammen med DNSandSendmail appendiks.

./Services/SMTP/Flytning_til_tibialis/index.php

Flytning af SMTP til tibialisNu er det aegir som tager imod alle mails, men tibialis kan ogsaa godt. DNS peger dog ikke paa den. Mail til magnus sendes til tibialis via en ~magnus/.forwardfil, som bare sender videre til [email protected]

PHP5 configuration: //opt/csw/php5/lib/php.ini Installation of was successful. p This package contains scripts which will be executed with super-user permissionduring the process of installing this package. Do you want to continue with the installation of [y,n,?] y Installing php5_ftp - PHP 5 - File Transfer ProtocolExtension as ## Installing part 1 of 1. /opt/csw/php5/lib/php/extensions/no-debug-non-zts-20060613/ftp.so [ verifying class ] ## Executing postinstall script.PHP extension ftp.so is enabled in /opt/csw/php5/lib/php.ini. Installation of was successful. Installing php5_ldap - PHP 5 - OpenLDAP Extension as ## Installingpart 1 of 1. /opt/csw/php5/lib/php/extensions/no-debug-non-zts-20060613/ldap.so [ verifying class ] ## Executing postinstall script. PHP extension ldap.so isenabled in /opt/csw/php5/lib/php.ini. Installation of was successful. No existing install of CSWphp5mysql found. Installing... Tryinghttp://mirrors.sunsite.dk/csw/unstable/sparc/5.10/php5_mysql-5.2.4,REV=2007.10.29-SunOS5.8-sparc-CSW.pkg.gz --14:05:51--http://mirrors.sunsite.dk/csw/unstable/sparc/5.10/php5_mysql-5.2.4,REV=2007.10.29-SunOS5.8-sparc-CSW.pkg.gz Installing php5_mysql - PHP 5 - MySQL Extension as ##Installing part 1 of 1. /opt/csw/php5/lib/php/extensions/no-debug-non-zts-20060613/mysql.so [ verifying class ] Do you want to continue with the installation of[y,n,?] y Installing php5_imap - PHP 5 - UW IMAP Extension as ## Installing part 1 of 1. /opt/csw/php5/lib/php/extensions/no-debug-non-zts-20060613/imap.so [verifying class ] ## Executing postinstall script. PHP extension imap.so is enabled in /opt/csw/php5/lib/php.ini. Installation of was successful.root@tibialis:/space/DTraceToolkit-0.96# svcadm enable cswapache2 root@tibialis:/space/DTraceToolkit-0.96# svcs -a|grep spam legacy_run Nov_28lrc:/etc/rc2_d/S99spamd root@tibialis:/space/DTraceToolkit-0.96# psg spam UID PID PPID C STIME TTY TIME CMD root 29710 460 0 Dec 04 ? 0:03 /opt/csw/bin/perl -T/opt/csw/bin/spamd -d -c -H root 22564 460 0 07:12:14 ? 4:45 /opt/csw/bin/perl -T /opt/csw/bin/spamd -d -c -H root 460 1 0 Nov 28 ? 8:53 /opt/csw/bin/perl -T/opt/csw/bin/spamd -d -c -H root@tibialis:/space/DTraceToolkit-0.96# /etc/init.d/spamd usage: /etc/init.d/spamd {start|stop|restart}root@tibialis:/space/DTraceToolkit-0.96# /etc/init.d/spamd restart Stopper spamd Venter lige 2 sekunder... Starter spamd [22103] warn: logger: failed to addsyslog method (logger: syslog initialization failed [22103] warn: ) root@tibialis:/space/DTraceToolkit-0.96# psg spam UID PID PPID C STIME TTY TIME CMD root22105 1 3 14:10:10 ? 0:01 /opt/csw/bin/perl -T /opt/csw/bin/spamd -d -c -H root 22106 22105 0 14:10:15 ? 0:00 /opt/csw/bin/perl -T /opt/csw/bin/spamd -d -c -Hroot 22107 22105 0 14:10:15 ? 0:00 /opt/csw/bin/perl -T /opt/csw/bin/spamd -d -c -H

./Services/SMTP/RaysFilter/index.php

Rays filterDette filter koerer paa aegir. Jeg maa nok se at finde ud af hvordan noget lignende implementeres i Zimbra.

root@aegir:/var/mail/rays_filter-1.14/etc# tail -3 string-list.conf# Tilfoejer rar pga regning.exe, som kommer inde i saadan en. Magnus Thu Mar 22 08:49:26 CET 2007name=.*\.rar^Re: Aalborg Server Upgrade

Page 89: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

89 of 127 11/10/08 12:44

./Services/EmailSetup/index.php

E-mail setup graensefladenJeg arbejder nu paa at omdanne https://www.hst.aau.dk/webtools/emailsetup/ saaledes at den kan koere paa tibialis.

For det foerste, saa maatte jeg omskrive alle kald til YP, da dette ikke er understoettet i php5. Jeg har skrevet den ene funktion som jeg brugte, om til et kaldtil LDAP. Den som er koblet til SunONE. ....hvilket ikke er helt saa godt, da ikke alle studerende har en kalender :-\

Den anden del er, at der er brug for ftp adgang, da php-scriptst bruger ftp til at sikre sig at brugeren nu har opgivet det rigtige password. Jeg vil bruge Sunsegen ftpd, saa skal jeg soerge for at den koerer paa tibialis. Enten er det ikke default under Solaris 10, eller saa er det bare min vane altid at slaa den fra,ligesom telnet ;-)

root@tibialis:/# svcadm enable ftp root@tibialis:/# svcs -l ftpfmri svc:/network/ftp:defaultname FTP serverenabled truestate onlinenext_state nonestate_time Sun Dec 16 13:37:04 2007restarter svc:/network/inetd:defaultcontract_id

og saa skal den startes saaledes at den kun snakker paa localhost interface'et, og at den logger nogle ting, saaledes at vi kan undersoege evt fejl senere.

Som udgangspunkt ser det saadan ud:

root@tibialis:/# inetadm -l network/ftpSCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a" user="root"default bind_addr=""default bind_fail_max=-1default bind_fail_interval=-1default max_con_rate=-1default max_copies=-1default con_rate_offline=-1default failrate_cnt=40default failrate_interval=60default inherit_env=TRUEdefault tcp_trace=FALSEdefault tcp_wrappers=FALSEroot@tibialis:/#

Foerst soerger vi for at slaa tcp wrappere til:

root@tibialis:/# inetadm -l network/ftpSCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a" user="root"default bind_addr=""default bind_fail_max=-1default bind_fail_interval=-1default max_con_rate=-1default max_copies=-1default con_rate_offline=-1default failrate_cnt=40default failrate_interval=60default inherit_env=TRUEdefault tcp_trace=FALSE tcp_wrappers=TRUE

Og saa lader vi den lige logge lidt, osv:

root@tibialis:/# inetadm -m ftp exec="/usr/sbin/in.ftpd -a -d -i -l -L -o -w -X"root@tibialis:/# inetadm -l network/ftp|grep exec exec="/usr/sbin/in.ftpd -a -d -i -l -L -o -w -X"

Og saa skal vi lige tilfoeje ftp i /etc/hosts.allow, for at soerge for at man ikke kan bruge denne ftpd til andet end ting som kommer fra den selv:

root@tibialis:/# grep ftp /etc/hosts.allow in.ftpd: localhost

SSL aktivering, saaledes at https://... kan bruges

Og her er saa hvordan jeg fik den til at blive en SSL aktiveret apache:

root@tibialis:/# svccfg -v -s svc:/network/http:cswapache2 listprop httpd/sslhttpd/ssl boolean falseroot@tibialis:/# svccfg -v -s svc:/network/http:cswapache2 setprop httpd/ssl = trueroot@tibialis:/# svccfg -v -s svc:/network/http:cswapache2 listprop httpd/sslhttpd/ssl boolean true

Men.....ja, det hjaelper jo ikke meget, naar jeg ikke har et certifikat klart :-\ Se her:

[ Dec 16 17:18:34 Stopping because service restarting. ][ Dec 16 17:18:34 Executing stop method ("/opt/csw/lib/svc/method/svc-cswapache2 stop") ][ Dec 16 17:18:35 Method "stop" exited with status 0 ][ Dec 16 17:18:35 Executing start method ("/opt/csw/lib/svc/method/svc-cswapache2 start") ]Syntax error on line 99 of /opt/csw/apache2/etc/extra/httpd-ssl.conf:SSLCertificateFile: file '/opt/csw/apache2/etc/server.crt' does not exist or is empty[ Dec 16 17:18:36 Method "start" exited with status 1 ][ Dec 16 17:18:36 Executing start method ("/opt/csw/lib/svc/method/svc-cswapache2 start") ]Syntax error on line 99 of /opt/csw/apache2/etc/extra/httpd-ssl.conf:SSLCertificateFile: file '/opt/csw/apache2/etc/server.crt' does not exist or is empty[ Dec 16 17:18:36 Method "start" exited with status 1 ][ Dec 16 17:18:36 Executing start method ("/opt/csw/lib/svc/method/svc-cswapache2 start") ]Syntax error on line 99 of /opt/csw/apache2/etc/extra/httpd-ssl.conf:SSLCertificateFile: file '/opt/csw/apache2/etc/server.crt' does not exist or is empty[ Dec 16 17:18:37 Method "start" exited with status 1 ]

For ikke at lave endnu en udgave, proevede jeg lige at rette /opt/csw/apache2/etc/extra/httpd-ssl.conf, saaledes at den bare peger paa en fil som allerede erder, og bruges til imapd, nemlig /opt/csw/ssl/certs/imapd.pem filen.

Her kan man se de aendringer som jeg har lavet i extra/httpd-ssl.conf filen. Der er baade ting omkring ssl, og ogsaa om de VirtualHosts som skal vaere aktiveunder https:

root@tibialis:/# diff -c /opt/csw/apache2/etc/extra/httpd-ssl.conf.rod-071216-17\:24 /opt/csw/apache2/etc/extra/httpd-ssl.conf*** /opt/csw/apache2/etc/extra/httpd-ssl.conf.rod-071216-17:24 Sat Dec 15 14:00:03 2007--- /opt/csw/apache2/etc/extra/httpd-ssl.conf Sun Dec 16 18:05:28 2007****************** 22,30 **** # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512! #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512! #SSLRandomSeed connect file:/dev/urandom 512 #--- 22,30 ---- # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512! SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512! SSLRandomSeed connect file:/dev/urandom 512 #****************** 71,85 **** ## SSL Virtual Host Context ## !

Page 90: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

90 of 127 11/10/08 12:44

# General setup for the virtual host! DocumentRoot "/opt/csw/apache2/share/htdocs"! ServerName tibialis.miba.auc.dk:443! ServerAdmin [email protected]! ErrorLog /opt/csw/apache2/var/log/error_log! TransferLog /opt/csw/apache2/var/log/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on--- 71,98 ---- ## SSL Virtual Host Context ## ! NameVirtualHost *:443 + #+ + # General setup for the virtual host! DocumentRoot "/opt/csw/apache2/share/htdocs_imap.hst.aau.dk"! ServerName imap.hst.aau.dk:443! ServerAdmin [email protected]! ErrorLog /opt/csw/apache2/var/log/error_log-imap.hst.aau.dk! TransferLog /opt/csw/apache2/var/log/access_log-imap.hst.aau.dk + + DirectoryIndex index.html index.php+ + + Options None+ AllowOverride None+ Order allow,deny+ Allow from all+ + # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on****************** 96,102 **** # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.)! SSLCertificateFile /opt/csw/apache2/etc/server.crt #SSLCertificateFile /opt/csw/apache2/etc/server-dsa.crt # Server Private Key:--- 109,116 ---- # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.)! SSLCertificateFile /opt/csw/ssl/certs/imapd.pem! #SSLCertificateFile /opt/csw/apache2/etc/server.crt #SSLCertificateFile /opt/csw/apache2/etc/server-dsa.crt # Server Private Key:****************** 104,110 **** # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.)! SSLCertificateKeyFile /opt/csw/apache2/etc/server.key #SSLCertificateKeyFile /opt/csw/apache2/etc/server-dsa.key # Server Certificate Chain:--- 118,124 ---- # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.)! #SSLCertificateKeyFile /opt/csw/apache2/etc/server.key #SSLCertificateKeyFile /opt/csw/apache2/etc/server-dsa.key # Server Certificate Chain:

Nu kan man saa bruge en sikker version her: https://imap.hst.aau.dk/emailsetup/

Der mangler bare et certifikat som er kendt paa forhaand af alle browsere og imap-klienter. Vi har nu et stjerne-certifikat fra RapidSSL :-)

./Services/SSL/InstallRapidCert/index.php

For at installere Rapid Root CertificateDe siger at den er med i alle de nye browsere, men det hjaelper ikke meget naar pine brokker sig.

Jeg har set paa http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl og der finder jeg saa ud af at jeg skal bare hente root certifikatet, ogkopiere ind paa foelgende maade.

Foerst ser vi lige den fejl som opstaar hvis den mangler:

root@tibialis:/opt/csw/ssl/certs# openssl verify -CApath . wildcard.hst.aau.dk.pemwildcard.hst.aau.dk.pem: /C=DK/O=*.hst.aau.dk/OU=GT37764821/OU=See www.rapidssl.com/resources/cps \ (c)07/OU=Domain Control Validated - RapidSSL(R)/CN=*.hst.aau.dkerror 20 at 0 depth lookup:unable to get local issuer certificate

Og saa henter vi fra http://www.rapidssl.com/cps/rapidssl_01.cer, som henvises til fra http://www.rapidssl.com/legal/index.htm, og saetter ind i filenrapidssl.pem. Derefter skal vi lige se hvilken hash den har, og saa laver man en fil med denne hash efterfulgt af .0

root@tibialis:/opt/csw/ssl/certs# ls -lut|headtotal 170-rw------- 1 root root 2083 Dec 27 02:40 wildcard.hst.aau.dk.pem-rw-r--r-- 1 root root 948 Dec 27 02:39 rapidssl.pem-rw------- 1 root root 2083 Dec 27 02:24 imapd.pem-r-------- 1 root root 2298 Dec 27 02:19 imap.hst.aau.dk.pem-rw------- 1 root root 2298 Dec 27 02:15 imapd.pem.rod-071227-02:15-rw-rw-r-- 1 root root 2120 Dec 21 13:18 imapd_imap.hst.aau.dk.pem-r-------- 1 root root 2120 Dec 18 20:01 imapd.pem.rod-071218-20:01drwxr-xr-x 2 root bin 512 Dec 16 17:22 expiredroot@tibialis:/opt/csw/ssl/certs# openssl x509 -noout -hash -in rapidssl.pem74c26bd0root@tibialis:/opt/csw/ssl/certs# cp rapidssl.pem 74c26bd0.0root@tibialis:/opt/csw/ssl/certs# openssl verify -CApath . wildcard.hst.aau.dk.pemwildcard.hst.aau.dk.pem: OK

Saadan :-)

Saa skal denne fil bare kopieres til alle de servere hvorfra vi kan risikere at starte pine fra. Jeg har gjort det paa ran, og det virker :-)

./Services/SSL/index.php

./Services/SSL/Stunnel_Calendar/index.php

He er det bare at kopiere den samme pem-fil som vi bruger andre steder, og genstarte stunnel

root@aegir:/pack/stunnel-4.04/etc/stunnel_calendar# cp stunnel_wildcard.pem stunnel.pemroot@aegir:/pack/stunnel-4.04/etc/stunnel_calendar# /etc/init.d/stunnel_calendar Usage: /etc/init.d/stunnel_calendar {start|stop|restart|force-reload}root@aegir:/pack/stunnel-4.04/etc/stunnel_calendar# /etc/init.d/stunnel_calendar restartRestarting calendar SSL tunnel-n Stopping calendar SSL tunnel: stunnel.-n Starting calendar SSL tunnel: stunnel.done.root@aegir:/pack/stunnel-4.04/etc/stunnel_calendar# psg stunnel_cal UID PID PPID C STIME TTY TIME CMD stunnel 6233 1 0 10:38:56 ? 0:00 /pack/stunnel-4.04/sbin/stunnel /pack/stunnel-4.04/etc/stunnel_calendar/stunnelroot@aegir:/pack/stunnel-4.04/etc/stunnel_calendar#

./Services/SSL/Apache_aegir/index.php

Nyt certifikat for apache paa aegirHer er det bare det samme som foer, at kopiere wildcard.hst.aau.dk.pem filen ind, rette config-filen lidt, og saa genstarte.

Faktisk er det kun den sidste del af denne diff som betyder noget:

root@aegir:/pack/apache/conf# diff httpd.conf.magnus-071227-10\:47 httpd.conf2043c2043,2044< SSLCertificateFile /pack/apache-1.3.27/conf/ssl_certifikat/server.crt---> #SSLCertificateFile /pack/apache-1.3.27/conf/ssl_certifikat/server.crt> SSLCertificateFile /pack/apache-1.3.27/conf/ssl_certifikat/wildcard.hst.aau.dk.pem 2052c2053

Page 91: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

91 of 127 11/10/08 12:44

< SSLCertificateKeyFile /pack/apache-1.3.27/conf/ssl_certifikat/server.key---> #SSLCertificateKeyFile /pack/apache-1.3.27/conf/ssl_certifikat/server.key2216c2217,2218< SSLCertificateFile /pack/apache-1.3.27/conf/ssl_certifikat/server.crt ---> #SSLCertificateFile /pack/apache-1.3.27/conf/ssl_certifikat/server.crt > SSLCertificateFile /pack/apache-1.3.27/conf/ssl_certifikat/wildcard.hst.aau.dk.pem2218c2220< SSLCertificateKeyFile /pack/apache-1.3.27/conf/ssl_certifikat/server.key---> #SSLCertificateKeyFile /pack/apache-1.3.27/conf/ssl_certifikat/server.keyroot@aegir:/pack/apache/conf#

Og saa i et nyt vindue, pga console beskeder fra apache:

magnus@aegir:~# sudo /etc/init.d/httpd stopStopping /pack/apache/bin/httpd/pack/apache/bin/apachectl stop: httpd stoppedmagnus@aegir:~# sudo /etc/init.d/httpd startStarting /pack/apache/bin/httpd/pack/apache/bin/apachectl startssl: httpd startedmagnus@aegir:~#

Jeg har IKKE rettet webak certifikatet. Det er et koebt certifikat, som jeg egentlig troede at jeg vedligeholdt....men tilsyneladende er det gaet galt :-(

Det udloeb 04/19/06, altsaa april sidste aar....suk!

./Services/NTP/tibialis/index.php

NTP paa tibialisAf en eller anden mystisk grund begyndte NetSaint at brokke sig over at ntp ikke virkede mere paa tibialis. De som undrer mig mere er, at den nogensinde harvirket, da den aldrig har vaeret slaaet til.....

Jeg kigger paa ran, for at se hvordan den er lavet, og saa laver jeg en konfigurationsfil:

root@tibialis:/# cat /etc/inet/ntp.conf## by default, don't trust and don't allow modifications#restrict default notrust nomodify## the local addresses and servers are unrestricted#restrict 127.0.0.1 # localhostrestrict 130.225.49.254 # active routerrestrict 130.225.49.253 # standby routerrestrict 130.225.49.1 # default router# if you don't use Hot Standby Routing Protocol replace 2 lines above with# restrict your_subnet_IP.1 # default router## reads in drift info at startup#driftfile /etc/inet/ntp.drift## we are a client using local broadcast servers#broadcastclient

root@tibialis:/# svcs -a|grep ntpdisabled Nov_28 svc:/network/ntp:defaultroot@tibialis:/# svcadm enable ntproot@tibialis:/# svcs -a|grep ntponline 7:55:16 svc:/network/ntp:default

Og saa tester vi lige om NetSaint vil kunne lide det. Foerst ser vi hvordan det ser ud for ran, som har koert xntpd laenge.

magnus@aegir:/pack/netsaint-0.0.7b7/etc# /usr/sbin/xntpdc -c peers ran remote local st poll reach delay offset disp=======================================================================~hot-stdby-253.m 0.0.0.0 3 64 377 0.00072 0.000047 0.00105*hot-stdby-254.m 0.0.0.0 2 64 376 0.00099 -0.000014 0.00105

Og saadan ser det ud for tibialis:

magnus@aegir:/pack/netsaint-0.0.7b7/etc# /usr/sbin/xntpdc -c peers tibialis remote local st poll reach delay offset disp========================================================================hot-stdby-253.m 0.0.0.0 3 64 1 0.00000 0.000000 16.0000

Og efter et par minutter har vi to paa:

magnus@aegir:/pack/netsaint-0.0.7b7/etc# /usr/sbin/xntpdc -c peers tibialis remote local st poll reach delay offset disp========================================================================hot-stdby-253.m 0.0.0.0 3 64 7 0.00069 -0.001782 7.87543=hot-stdby-254.m 0.0.0.0 2 64 3 0.00105 -0.001494 15.8750

Men hvad det foerste tegn i linien betyder, det maa vi lige se efter i man-siden for xntpdc(1M):

peers Obtain a list of peers for which the server is main- taining state, along with a summary of that state.

The following summary information is included:

o Address of the remote peer.

o Local interface address. If a local address has yet to be determined it is 0.0.0.0.

o Stratum of the remote peer. A stratum of 16 indicates the remote peer is unsynchron- ized.

o Polling interval, in seconds.

o Reachability register, in octal.

o Current estimated delay, offset and disper- sion of the peer, in seconds.

o Mode in which the peer entry is operating.

This is represented by the character in the left margin. A + denotes symmetric active, a - indicates symmetric passive, a = means the remote server is being polled in client mode, a ^ indicates that the server is broadcasting to this address, a ~ denotes that the remote peer is sending broadcasts and a * marks the peer the server is currently synchonizing to.

o Host.

This field may contain a host name, an IP address, a reference clock implementation name with its parameter or REFCLK (imple- mentation number, parameter). On hostnames no only IP-addresses is displayed.

Page 92: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

92 of 127 11/10/08 12:44

Ja, og saa har den ogsaa faaet de samme tegn som ran har, efter 10 minutter ca.:

magnus@aegir:/pack/netsaint-0.0.7b7/etc# /usr/sbin/xntpdc -c peers tibialis remote local st poll reach delay offset disp=======================================================================~hot-stdby-253.m 0.0.0.0 3 64 376 0.00069 -0.005868 0.00200*hot-stdby-254.m 0.0.0.0 2 64 377 0.00092 -0.002007 0.00180

Det var saa det :-)

./Services/SSH/HostBasedAuth/index.php

HostBasedAuthentication for SSH

root@sunray01:/opt/csw/etc/ssh# diff ssh_config.root-080323-18\:13 ssh_config46a47,48> HostbasedAuthentication yes> EnableSSHKeySign yes

Og jeg har saa faktisk nu sat dette paa ogsaa:

ForwardX11 yesForwardX11Trusted yes

./Services/DNS/BIND/index.php

BIND 9 opgraderingIfoelge DK-CERT skulle vi opgradere vores BIND paa quark. De paastod at det var en BIND4 eller BIND8, selvom det er BIND9. Men den er da ogsaa lidt gammel, saajeg opgraderer.

I korte traek kompileres den saadan her. (Dog er altid nogle smaaproblemer, som man saa bare maa loese hen ad vejen. Her havde jeg et problem med et eller andetunderbibliotek, som ikke helt ville som jeg ville.)

root@quark:/pack/bind-9.3.4/src/bind-9.3.4> ./configure --prefix=/pack/bind-9.3.4root@quark:/pack/bind-9.3.4/src/bind-9.3.4> makeroot@quark:/pack/bind-9.3.4/src/bind-9.3.4> make install

Der er dog nogle ting i /etc/named.conf (som /pack/bind-9.3.4/etc/named.conf linker til direke), som skal rettes til nu. De har vist altid vaeret forkerte men nukommer en fornuftig meddelelse om det :-)

root@quark:/pack/bind-9.3.4> sbin/named-checkconf /pack/bind-9.3.4/etc/named.conf:266: option 'allow-update' is not allowed in 'slave' zone 'vision.auc.dk'/pack/bind-9.3.4/etc/named.conf:298: option 'allow-update' is not allowed in 'slave' zone '49.168.192.in-addr.arpa'/pack/bind-9.3.4/etc/named.conf:538: option 'allow-update' is not allowed in 'slave' zone 'epj-observatoriet.dk'/pack/bind-9.3.4/etc/named.conf:545: option 'allow-update' is not allowed in 'slave' zone 'v-chi.dk'/pack/bind-9.3.4/etc/named.conf:552: option 'allow-update' is not allowed in 'slave' zone 'hc-interest.dk'/pack/bind-9.3.4/etc/named.conf:574: option 'allow-update' is not allowed in 'slave' zone 'hep.dk'/pack/bind-9.3.4/etc/named.conf:642: option 'allow-update' is not allowed in 'slave' zone '8.10.in-addr.arpa'/var/yp/namedb/named.conf.aauprivate:82: zone '49.168.192.in-addr.arpa': already exists previous definition:\ /pack/bind-9.3.4/etc/named.conf:291

Dette rettes, og saa erstatter jeg /dist/sbin/named med den nye, og killer named. Den kommer op af sig selv, pga et cron-job. Der var dog en fejl, som man kan seher:

root@quark:/etc> crontab -l|grep bin/check_named* * * * * /dist/bin/check_named

root@quark:/dist/sbin> cat /dist/bin/check_named#!/bin/sh

# Skal genstarte den hvis den doer

if [ -f /etc/named.pid ] ; then if ps -fp `cat /etc/named.pid` > /dev/null; then : else (echo ERROR named doed, men named.pid er der;...

root@quark:/dist/sbin> ls -l /etc/named.pid lrwxrwxrwx 1 root root 34 Dec 18 2001 /etc/named.pid -> /pack/bind-9.1.3/var/run/named.pid

root@quark:/etc> mv named.pid named.pid-9.1.3

root@quark:/etc> ln -s /pack/bind-9.3.4/var/run/named.pid .

Og nu skulle alting kunne koere som det skal :-)

Vi kan se versionen paa flere maader, men dette er en af dem. Vi finder ud af hvilken binaer det er som vi koerer, og saa leder vi direkte i den binaere fil:

root@quark:/etc> strings /usr/sbin/in.named|grep ^9\\.[0-9]9.3.4

Og paa ran:

root@ran:/home/amanda/HST# strings /opt/csw/sbin/named|grep ^9\\.[0-9]9.3.2

Her er en bedre test, som tilsyneladende virker for all:

root@aegir:/pack/mibaadmin/MAXIMUS# nslookup -q=txt -class=CHAOS version.bind. localhostServer: localhostAddress: 127.0.0.1

version.bind text = "9.3.4"version.bind nameserver = version.bindroot@aegir:/pack/mibaadmin/MAXIMUS# nslookup -q=txt -class=CHAOS version.bind. ranServer: ran.miba.auc.dkAddress: 130.225.49.6

version.bind text = "9.3.2"version.bind nameserver = version.bindroot@aegir:/pack/mibaadmin/MAXIMUS# nslookup -q=txt -class=CHAOS version.bind. nsServer: ns.miba.auc.dkAddress: 130.225.49.2

version.bind text = "9.3.4"version.bind nameserver = version.bindroot@aegir:/pack/mibaadmin/MAXIMUS#

Og en lille test hos naboerne"

Page 93: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

93 of 127 11/10/08 12:44

root@aegir:/pack/mibaadmin/MAXIMUS# nslookup -q=txt -class=CHAOS version.bind. mcenroe.control.aau.dkServer: mcenroe.control.auc.dkAddress: 130.225.50.5

version.bind text = "9.2.3"

root@aegir:/pack/mibaadmin/MAXIMUS# nslookup -q=txt -class=CHAOS version.bind. ns2.komServer: zaz.kom.auc.dkAddress: 130.225.51.10

VERSION.BIND text = "BIND 8.1.2"

ooppssss....

FORMERR syslog beskederPaa http://www.tutorials-be.com/bind/bind-19.html ser jeg en som har samem problem som os, med at der kommer en masse beskeder af denne type i syslog:

Apr 14 09:06:33 ran.miba.auc.dk named[2803]: [ID 866145 daemon.info] FORMERR resolving 'nastyhos.com/MX/IN': 64.20.49.218#53Apr 14 09:06:34 ran.miba.auc.dk named[2803]: [ID 866145 daemon.info] FORMERR resolving 'nastyhos.com/MX/IN': 64.20.39.26#53

Han forklarer, at en kollega har en server som ikke brokker sig saada, og det skyldes tilsyneladende at han har konfigureret logging:

On two of my DNS servers I see the FORMERR messages, and on the othertwo I do not. I (and my predecessor hostmasters) configured the BINDon the servers where I am seeing the FORMERR messages; we configured nospecial logging. A colleague configured BIND on the two servers whereI am not seeing the FORMERR messages; he configured this logging:

logging {

channel general-log { file "/var/log/named.general.log" versions 3 size 200k; print-category yes; print-severity yes; print-time yes; severity info; };

channel security-log { file "/var/log/named.security.log" versions 3 size 200k; print-category yes; print-severity yes; print-time yes; severity info; };

channel client-log { file "/var/log/named.client.log" versions 3 size 200k; print-category yes; print-severity yes; print-time yes; severity info; };

channel config-log { file "/var/log/named.config.log" versions 3 size 200k; print-category yes; print-severity yes; print-time yes; severity info; };

channel xfer-log { file "/var/log/named.xfer.log" versions 3 size 200k; print-category yes; print-severity yes; print-time yes; severity info; };

channel notify-log { file "/var/log/named.notify.log" versions 3 size 200k; print-category yes; print-severity yes; print-time yes; severity info; };

category default { general-log; default_syslog; }; category security { security-log; default_syslog; }; category config { config-log; default_syslog; }; category client { client-log; default_syslog; }; category config { config-log; default_syslog; }; category client { client-log; default_syslog; }; category notify { notify-log; default_syslog; }; category xfer-in { xfer-log; default_syslog; }; category xfer-out { xfer-log; default_syslog; }; category lame-servers { null; };

};

./Services/DNS/index.php

./Services/LDAP/Config/slapd.conf/index.php

slapd.confFilen er tilpasset den slapd som kommer med Ubuntus pakkesystem.

## filename: /opt/csw/etc/openldap/slapd.conf

## Global section

## Include the minimum schema required.include /opt/csw/etc/openldap/schema/core.schema

## Added support for the inetOrgPersoninclude /opt/csw/etc/openldap/schema/cosine.schemainclude /opt/csw/etc/openldap/schema/inetorgperson.schema

## Added support for NIS datainclude /opt/csw/etc/openldap/schema/nis.schema

## Added loggin parametersloglevel 296pidfile /opt/csw/var/run/slapd.pidargsfile /opt/csw/var/run/slapd.args

## Misc security settingpassword-hash {SSHA}

# Where the dynamically loaded modules are storedmodulepath /opt/csw/libexec/openldapmoduleload back_bdb.la

################################################################# Define the beginning of exammple database.database bdb

## Define the root suffix you serve.suffix "dc=hst,dc=aau,dc=dk"

## Define a root DN for superuser priviligens.

Page 94: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

94 of 127 11/10/08 12:44

rootdn "cn=Manager,dc=hst,dc=aau,dc=dk"rootpw {SSHA}2aksIaicAvwc+DhCrXUFlhgWsbBJPLxy

directory /opt/csw/var/openldap-data/hst.aau.dk

## rw for owner onlymode 600

## Indexex to maintainindex objectClass eqindex cn,sn,mail eq,subindex departmentNumber eq

## db tuning parameterscachesize 2000

## Simple ACL granting read access to the worldaccess to * by * read

./Services/LDAP/Config/ldap.conf/index.php

BASE dc=hst,dc=aau,dc=dkURI ldap://ldap01.hst.aau.dk

./Services/LDAP/Config/Logging/index.php

LoggingDet slår mig pludselig at jeg ikke ser noget log. Der gør jeg ikke selvom der er sat en log option i slapd.conf.

root@ldap01:/# grep log /opt/csw/etc/openldap/slapd.confloglevel 296

Debug information fra slapd sendes eller bruger LOG_LEVEL4 facilitet i syslogo

root@ldap01:/# vi /etc/syslog.confroot@ldap01:/# grep slap /etc/syslog.conflocal4.debug /var/log/slapd.logroot@ldap01:/# svcadm enable svc:/system/system-log:default

Loglevel - sættes til at logge alt med any. Det kan også sættes med -1, hvilket også betyder alt.. Læs mere på mansiden for slapd.conf.

root@ldap01:/# grep loglevel /opt/csw/etc/openldap/slapd.confloglevel anyroot@ldap01:/# svcadm restart cswopenldap

./Services/LDAP/index.php

LDAPFølgende notater er opstået i forbindelse med læsnig af LDAP system administration af Gerald Carter. Bogen kan læses online fra denne link, når man sidder påaau.dk nærværker: LDAP system administration af Gerald Carter

Drift

Nu er denne i drift - konfigurationen er lavet med udgangspunkt nedenstående og er nødvendigvis ikke mere helt som her beskrevet..

En ny konfiguration

Det følgende er baseret på eksempler lavet med OpenLDAP på en Solaris 10 i en zone. OpenLDAP er installeret fra www.blastwave.org.

Sætter PATH for være sikker på at få fat i LDAP-kommandoer fra Blastwave frem fra Suns egne.

root@ldap01:/# export PATH=/opt/csw/sbin:/opt/csw/bin:/opt/csw/libexec:/usr/sbin:/usr/binroot@ldap01:/# alias vi=vimroot@ldap01:/# scp [email protected]:.vimrc /

Der er allerede noget kørende, så jeg starter med fjerne, hvad der for at starte på en frisk.

root@ldap01:/# svcadm disable svc:/network/cswopenldap:defaultroot@ldap01:/# mv /opt/csw/etc/openldap/slapd.conf /opt/csw/etc/openldap/slapd.conf.first

Forbereder pladsen, til en ny database

root@ldap01:/# mkdir /opt/csw/var/openldap-data/hst.aau.dkroot@ldap01:/# chmod 700 /opt/csw/var/openldap-data/hst.aau.dkroot@ldap01:/# cp -p /opt/csw/var/openldap-data/DB_CONFIG /opt/csw/var/openldap-data/hst.aau.dkroot@ldap01:/# vi /opt/csw/etc/openldap/slapd.conf

Indholdet af konfigurationsfilen er her: slapd.conf

Opbygning af directory

Der skal laves et toplevel af directory. Det laver vi med slapadd som er en kommando, der opererer på rå eller ingen database. Der er andre slap-kommandoer fxslapcat som cat'er indholdet af databasen til stdout. Disse kommandoer læser eller skriver altså direkte på databasefilerne bag om en eventuelt kørendedaemon..!!

Vi skal have en ldif til at laves toplevel med:

## filename: /opt/csw/etc/openldap/ldif/top.ldif

## Build the root nodedn: dc=hst,dc=aau,dc=dkdc: hstobjectClass: dcObjectobjectClass: organizationalUnitou: Hst Dot Aau Dot Dk

## Build the People oudn: ou=people,dc=hst,dc=aau,dc=dkou: peopleobjectClass: organizationalUnit

Filen top.ldif indeholder ud over toplevel også people, som bliver en gren/child ..

root@ldap01:/# cd /opt/csw/etc/openldap/root@ldap01:/opt/csw/etc/openldap# slapadd -v -l ldif/top.ldif added: "dc=hst,dc=aau,dc=dk" (00000001)added: "ou=people,dc=hst,dc=aau,dc=dk" (00000002)root@ldap01:/opt/csw/etc/openldap# slapindex -v indexing id=00000001indexing id=00000002root@ldap01:/opt/csw/etc/openldap# svcadm enable svc:/network/cswopenldap:defaultroot@ldap01:/opt/csw/etc/openldap# ps -ef | grep sla

Page 95: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

95 of 127 11/10/08 12:44

root 29448 614 0 10:32:17 ? 0:00 /opt/csw/libexec/slapd

Søgning og test

Alle kommandoer, som starter med ldap er klienter som kan bruges til at søge, tilføje, rette og slette ting fra et directory på kørende server. Disse kommandoerlaver en connect til slapd. Authentifikation kan være nødvendig - på samme måde skal der måske bruges kryptering på et system i drift..?

Her laver vi en simpel søgning som blot viser at toplevel og people er på plads. Der oprettes til ldap og den giver lov til at læse på grund af følgende iconf-filen: access to * by * read

root@ldap01:/opt/csw/etc/openldap# ldapsearch -x -b "dc=hst,dc=aau,dc=dk" "(objectclass=*)"# extended LDIF## LDAPv3# base with scope subtree# filter: (objectclass=*)# requesting: ALL#

# hst.aau.dkdn: dc=hst,dc=aau,dc=dkdc: hstobjectClass: dcObjectobjectClass: organizationalUnitou: Hst Dot Aau Dot Dk

# people, hst.aau.dkdn: ou=people,dc=hst,dc=aau,dc=dkou: peopleobjectClass: organizationalUnit

# search resultsearch: 2result: 0 Success

# numResponses: 3# numEntries: 2

Det ser fint ud.

Noget om sætte data ind, ændre, slette mm. i en shell: Data

./Services/LDAP/Data/index.php

Oprette,redigere og slette data i LDAPOprette data

Først skal vi have fyldt noget i, da vi lige er startet på en frisk. Vi starter med et par brugere.

Det er skrevet i en ldif-fil, som er lavet ud fra NIS.

## filename: /opt/csw/etc/openldap/ldif/brugere.ldif

dn: uid=magnus,ou=people,dc=hst,dc=aau,dc=dkuid: magnuscn: Magnus SvavarssonobjectClass: accountobjectClass: posixAccountobjectClass: topuserPassword: {crypt}XXXXXXXXXXXXXloginShell: /bin/bashuidNumber: 21254gidNumber: 21254homeDirectory: /home/magnusgecos: Magnus Svavarsson

dn: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkuid: henrikcn: Henrik LarsenobjectClass: accountobjectClass: posixAccountobjectClass: topuserPassword: {crypt}XXXXXXXXXXXXXloginShell: /bin/bashuidNumber: 11964gidNumber: 11964homeDirectory: /home/henrikgecos: Henrik Larsen

Har bruger vi ldapadd til at tilføje, men man kunne også bruge ldapmodify med -a option.

root@ldap01:/opt/csw/etc/openldap/ldif# ldapadd -D "cn=Manager,dc=hst,dc=aau,dc=dk" \> -w secret -x -v -f brugere.ldif

Tilføje atribut

root@ldap01:/opt/csw/etc/openldap/ldif# ldapmodify -D "cn=Manager,dc=hst,dc=aau,dc=dk" \> -w secret -v -f addmail.ldif

Slette data

Og den anden vej.. Slette en bruger.

root@ldap01:/opt/csw/etc/openldap/ldif# ldapdelete -D "cn=Manager,dc=hst,dc=aau,dc=dk" \> -w secret -x -r -v "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk" ldap_initialize( )deleting entry "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk"deleting children of: uid=henrik,ou=people,dc=hst,dc=aau,dc=dk

Ændre data

For at ændre en ting, må man tilføje og slette den entry eller eventuelt omvendt. Med følgende ldif-file ændres loginShell for uid=henrik.

## filename: /opt/csw/etc/openldap/ldif/changeshell.ldif

dn: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkchangetype: modifyadd: loginShellloginShell: /bin/sh-delete: loginShellloginShell: /bin/bash

Man bruger altså changetype: modify for at fortælle at man vil andre noget og add: loginShell fortæller hvad man vil. Bindestregen fortæller at man fortsættermed en ny handling på samme dn. Vi prøver..

root@ldap01:/opt/csw/etc/openldap/ldif# ldapmodify -D "cn=Manager,dc=hst,dc=aau,dc=dk" \ > -w secret -x -v -f changeshell.ldifldap_initialize( )add loginShell: /bin/shdelete loginShell: /bin/bashmodifying entry "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk"modify complete

Page 96: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

96 of 127 11/10/08 12:44

Søge data

Søge - anonym bind

root@ldap01:/# ldapsearch -x -b "dc=hst,dc=aau,dc=dk" "(objectclass=*)"

Ændre password

Skifte password - brugeren selv..

root@ldap01:/# ldappasswd -x -W -S -D "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk"New password: Re-enter new password: Enter LDAP Password: Result: Success (0)

Skifte password - Manager tvinger nyt for bruger..

root@ldap01:/opt/csw/etc/openldap/bin# ldappasswd -x -W -D "cn=Manager,dc=hst,dc=aau,dc=dk" -S "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk"New password:Re-enter new password:Enter LDAP Password: Result: Success (0)

Det var det lige nu..

./Services/LDAP/Scripting/PHP/index.php

PHP -scriptingJeg har sat display_errors i php.ini for at få noget output undervejs, og installeret mysql modulet til php.

root@ldap01:/# pkg-get install php5_mysqlroot@ldap01:/# grep ^display_errors /opt/csw/php5/lib/php.inidisplay_errors = Onroot@ldap01:/# svcadm restart svc:/network/http:cswapache2

Scripting uden apache

#!/opt/csw/php5/bin/php# PHP-start tag her

include "/opt/csw/etc/openldap/bin/.ldap_vars";$search = "uid=hen*";

$ds=ldap_connect($ldap_host, $ldap_port) or die("Could not connect to LDAP server.");

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

ldap_bind($ds, $ldaprdn, $ldappass) or die("Could not bind to LDAP server."); echo "Searching for ($search) \n";$sr=ldap_search($ds, $base_dn, $search);

echo "Entires returned: " . ldap_count_entries($ds, $sr) . "\n";

$info = ldap_get_entries($ds, $sr);echo "Data for " . $info["count"] . " items returned:\n\n";

for ($i=0; $i<$info["count"]; $i++) { echo "dn entry is:\t " . $info[$i]["dn"] . "\n"; echo "cn entry is:\t " . $info[$i]["cn"][0] . "\n"; echo "mail entry is:\t " . $info[$i]["mail"][0] . "\n\n";}

ldap_close($ds);

# PHP-slut tag her

Her lidt output.

root@ldap01:/opt/csw/etc/openldap/bin# ./ldapsearch.php Searching for (uid=hen*) Entires returned: 1Data for 1 items returned:

dn entry is: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkcn entry is: Henrik Larsenmail entry is: [email protected]

Nu er det forholdsvis let at ændre password for en bruger..

# PHP..$entry["userpassword"] = "{CRYPT}twaR3fBd1S0i2";ldap_mod_replace ($ds, "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk", $entry);

./Services/LDAP/Scripting/Perl/index.php

Perl og LDAPHer er par eksempler på noget Perl. Alle er mere eller mindre eksempler fra LDAP system administration af Gerald Carter, begyndelsen af kapitel 10. Bogen kanlæses online fra denne link, når man sidder på aau.dk nærværker: LDAP system administration af Gerald Carter

Der skal bruges et perl-modul:

root@ldap01:/opt/csw/etc/openldap/bin# pkg-get install pm_ldap

Første eksempel er bare en dump.

#!/opt/csw/bin/perl

use lib '/opt/csw/lib/perl/csw';use Net::LDAP;

$ldap = Net::LDAP->new ( "localhost", port => 389, version => 3)or die $!;

$result = $ldap->bind( "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk", password => "xxxxxx");die $result->error() if $result->code();

$msg = $ldap->search( base => "ou=people,dc=hst,dc=aau,dc=dk", scope => "sub", filter => "(uid=$ARGV[0])", attrs => [ "cn", "mail" ] );

Page 97: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

97 of 127 11/10/08 12:44

if ( $msg->count() > 0 ) { print $msg->count(), " entries returned\n";

foreach $entry ( $msg->all_entries() ) { $entry->dump(); }}

$ldap->unbind();

Kan bruges sådan:

root@ldap01:/opt/csw/etc/openldap/bin# ./ldapsearch_dump.pl henrik1 entries returned------------------------------------------------------------------------dn:uid=henrik,ou=people,dc=hst,dc=aau,dc=dk

cn: Henrik Larsen mail: [email protected]

Dette var bare en dump - den næste er ldif output:

#!/opt/csw/bin/perl

use lib '/opt/csw/lib/perl/csw';use Net::LDAP;use Net::LDAP::LDIF;

$ldap = Net::LDAP->new ( "localhost", port => 389, version => 3)or die $!;

$result = $ldap->bind( "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk", password => "xxxxxx");die $result->error() if $result->code();

$msg = $ldap->search( base => "ou=people,dc=hst,dc=aau,dc=dk", scope => "sub", filter => "(uid=$ARGV[0])", attrs => [ "cn", "mail" ] );

if ( $msg->count() > 0 ) { print $msg->count(), " entries returned\n";

$ldif = Net::LDAP::LDIF->new ( scalar , "w") or die $!;

$ldif->write_entry($msg->all_entries()); $ldif->done();}

$ldap->unbind();

Det bliver til:

root@ldap01:/opt/csw/etc/openldap/bin# ./ldapsearch_ldif.pl henrik1 entries returned

dn: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkcn: Henrik Larsenmail: [email protected]

Her kommer et eksempel på at slette et helt træ:

#!/opt/csw/bin/perl

use lib '/opt/csw/lib/perl/csw';use Net::LDAP;use Net::LDAP::LDIF;

$ldap = Net::LDAP->new ( "localhost", port => 389, version => 3)or die $!;

$result = $ldap->bind( "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk", password => "xxxxxx");die $result->error() if $result->code();

$msg = $ldap->search( base => "ou=people,dc=hst,dc=aau,dc=dk", scope => "sub", filter => "(uid=$ARGV[0])", attrs => [ "cn", "mail" ] );

if ( $msg->count() > 0 ) { print $msg->count(), " entries returned\n";

$ldif = Net::LDAP::LDIF->new ( scalar , "w") or die $!;

$ldif->write_entry($msg->all_entries()); $ldif->done();}

$ldap->unbind();

Den bruges sådan. Argumentet er en DN.

root@ldap01:/opt/csw/etc/openldap/bin# ./ldaprmtree.pl "uid=henrik,ou=people,dc=hst,dc=aau,dc=dk"

Her kommer en add...

#!/opt/csw/bin/perl

use lib '/opt/csw/lib/perl/csw';use Net::LDAP;use Net::LDAP::LDIF;

$ldap = Net::LDAP->new ( "localhost", port => 389, version => 3)or die $!;

$result = $ldap->bind( "cn=Manager,dc=hst,dc=aau,dc=dk", password => "xxxxxx");die $result->error() if $result->code();

## Check if LDIF file existsdie "$ARGV[0] not found!\n" unless ( -f $ARGV[0] );

## Open LDIF file or die$ldif = Net::LDAP::LDIF->new ( $ARGV[0], "r") or die $!;

## Loop until the end-of-file while ( ! $ldif->eof() ) { $entry = $ldif->read_entry();

if ( $ldif->error() ) { print "Error msg: ", $ldif->error(), "\n"; print "Error lines:\n", $ldif->error_lines(), "\n"; next; }

## Log to STDERR and continue in case of failure $result = $ldap->add( $entry );

Page 98: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

98 of 127 11/10/08 12:44

warn $result->error() if $result->code();

}

$ldap->unbind();exit(0);

Den bruges sådan. Argumentet er en ldif-fil.

root@ldap01:/opt/csw/etc/openldap/bin# ./ldapaddentry.pl henrik.ldif

./Services/LDAP/phpLDAPadmin/index.php

phpLDAPadminVi skal bruge en apache og phpldapadmin

Install

root@ldap01:/# pkg-get upgraderoot@ldap01:/# pkg-get install apache2root@ldap01:/# pkg-get install phpldapadminroot@ldap01:/# svcadm enable svc:/network/http:cswapache2

Der bliver installeret en del flere end de viste, da den tager afhængigheder som php, perl mm med.

## Executing postinstall script.Copying CSW templates: creating /opt/csw/apache2/share/htdocs/phpldapadmin/config/config.php

NOTE: You need to configure phpLDAPadmin. Edit the file "/opt/csw/apache2/share/htdocs/phpldapadmin/config/config.php"to do so. An example config file is provided in "/opt/csw/apache2/share/htdocs/phpldapadmin/config/config.php.example".

SSL

Vi skal bruge noget SSL

root@ldap01:/# vi /opt/csw/apache2/etc/server.keyroot@ldap01:/# vi /opt/csw/apache2/etc/server.crtroot@ldap01:/# chown root:nobody /opt/csw/apache2/etc/server.*root@ldap01:/# chmod 440 /opt/csw/apache2/etc/server.*root@ldap01:/# svcadm disable svc:/network/http:cswapache2root@ldap01:/# svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl = trueroot@ldap01:/# svcadm refresh svc:/network/http:cswapache2root@ldap01:/# svcadm enable svc:/network/http:cswapache2

Hmmm.. Senere var det som om den havde glemt det igen? Så nu bruger jeg den store hammer:

root@ldap01:/# cd /opt/csw/var/svc/manifest/siteroot@ldap01:/opt/csw/var/svc/manifest/site# cp -p cswapache2.xml cswapache2.xml.henrik-`date +%y%m%d-%H:%M`root@ldap01:/opt/csw/var/svc/manifest/site# vi cswapache2.xmlroot@ldap01:/opt/csw/var/svc/manifest/site# svcadm disable svc:/network/http:cswapache2root@ldap01:/opt/csw/var/svc/manifest/site# svccfg -v delete svc:/network/http:cswapache2root@ldap01:/opt/csw/var/svc/manifest/site# svccfg -v import cswapache2.xml root@ldap01:/opt/csw/var/svc/manifest/site# svcadm enable svc:/network/http:cswapache2

phpLDAPadmin.

Retter følgende i: /opt/csw/apache2/share/htdocs/phpldapadmin/config/config.php.

$ldapservers->SetValue($i,'server','name','hst.aau.dk');$ldapservers->SetValue($i,'server','host','127.0.0.1');$ldapservers->SetValue($i,'login','dn','cn=Manager,dc=hst,dc=aau,dc=dk');

Her er den så: https://ldap01.hst.aau.dk/phpldapadmin/htdocs/index.php

Det var det for nu.. Der skal nok strammes mere op i apache, når vi kommer længere.

./Services/LDAP/Sikkerhed/Snoop/index.php

# Slukker for klypetering i slap.confroot@ldap01:/opt/csw/etc/openldap# ll /opt/csw/etc/openldaprc slapd.conf-rw-r--r-- 1 root root 2197 Mar 19 11:31 slapd.conf-rw-r--r-- 1 root root 2249 Mar 19 11:32 /opt/csw/etc/openldaprcroot@ldap01:/opt/csw/etc/openldap# svcadm restart cswopenldaproot@ldap01:/opt/csw/etc/openldap# psg slap UID PID PPID C STIME TTY TIME CMD root 24632 614 0 11:33:21 ? 0:00 /opt/csw/libexec/slapd

henrik@hl-dell:~$ ldapsearch -LLL -D "cn=Manager,dc=hst,dc=aau,dc=dk" -b "dc=hst,dc=aau,dc=dk" -W -x -v -H ldap://ldap01.hst.aau.dk "(uid=h*)"

root@multimus01:/space/snoop> /usr/sbin/snoop -d e1000g30003 -o /space/snoop/ldap.plain1 10.8.13.101Using device /dev/e1000g (promiscuous mode) 17 ^C

root@multimus01:/space/snoop> /usr/sbin/snoop -i ldap.plain1 -v -x 0 | egrep "secret|Manager"LDAP: cn=Manager,dc=hst,dc=aau,dc=dkLDAP: secret

Og vi sætter kryptering til igen.

root@ldap01:/opt/csw/etc/openldap# grep ^TLS slapd.confTLSCertificateFile /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.crtTLSCertificateKeyFile /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.keyTLSCACertificatePath /opt/csw/etc/ssl/certsroot@ldap01:/opt/csw/etc/openldap# svcadm restart cswopenldaproot@ldap01:/opt/csw/etc/openldap# psg slap UID PID PPID C STIME TTY TIME CMD root 29 614 0 12:09:53 ? 0:00 /opt/csw/libexec/slapd

henrik@hl-dell:~$ ldapsearch -LLL -D "cn=Manager,dc=hst,dc=aau,dc=dk" -b "dc=hst,dc=aau,dc=dk" -W -x -v -H ldap://ldap01.hst.aau.dk "(uid=h*)"root@multimus01:/space/snoop> /usr/sbin/snoop -d e1000g30003 -o /space/snoop/ldap.plain2 10.8.13.101Using device /dev/e1000g (promiscuous mode) 17 ^C

root@multimus01:/space/snoop> /usr/sbin/snoop -i ldap.plain2 -v -x 0 | egrep "secret|Manager"LDAP: cn=Manager,dc=hst,dc=aau,dc=dkLDAP: secret 80: 3d4d 616e 6167 6572 2c64 633d 6873 742c =Manager,dc=hst,

henrik@hl-dell:~$ ldapsearch -LLL -D "cn=Manager,dc=hst,dc=aau,dc=dk" -b "dc=hst,dc=aau,dc=dk" -W -x -v -H ldap://ldap01.hst.aau.dk -ZZ "(uid=h*)"root@multimus01:/space/snoop> /usr/sbin/snoop -d e1000g30003 -o /space/snoop/ldap.ZZ 10.8.13.101Using device /dev/e1000g (promiscuous mode) 31 ^Croot@multimus01:/space/snoop> /usr/sbin/snoop -i ldap.ZZ -v -x 0 | egrep "secret|Manager"

Fint, så kan vi ikke se det..

root@multimus01:/space/snoop> /usr/sbin/snoop -i ldap.plain1 -v -x 0 > plain1root@multimus01:/space/snoop> /usr/sbin/snoop -i ldap.plain2 -v -x 0 > plain2root@multimus01:/space/snoop> /usr/sbin/snoop -i ldap.ZZ -v -x 0 > ZZ

Page 99: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

99 of 127 11/10/08 12:44

root@multimus01:/space/snoop> sdiff -w 180 plain1 ZZ | cat -n | egrep "secret|Manager|rapid" 275 LDAP: cn=Manager,dc=hst,dc=aau,dc=dk < 277 LDAP: secret < 286 80: 3d4d 616e 6167 6572 2c64 633d 6873 742c =Manager,dc=hst, | 80: 2e31 2e34 2e31 2e31 3436 362e 3230 3033 .1.4.1.1466.2003 728 > LDAP: 320: 1328 5365 6520 7777 772e 7261 7069 6473 .(See www.rapids

root@ldap01:/opt/csw/etc/openldap# grep SLAPD_URL_LIST /opt/csw/etc/openldaprcSLAPD_URL_LIST="ldap://127.0.0.1/ ldaps:///"root@ldap01:/opt/csw/etc/openldap# svcadm restart cswopenldaproot@ldap01:/opt/csw/etc/openldap# psg slap UID PID PPID C STIME TTY TIME CMD root 11108 614 0 13:16:15 ? 0:00 /opt/csw/libexec/slapd -h ldap://127.0.0.1/ ldaps:///

henrik@hl-dell:~$ ldapsearch -LLL -D "cn=Manager,dc=hst,dc=aau,dc=dk" -b "dc=hst,dc=aau,dc=dk" -W -x -v -H ldaps://ldap01.hst.aau.dk "(uid=h*)"root@multimus01:/space/snoop> /usr/sbin/snoop -d e1000g30003 -o /space/snoop/ldap.ldaps 10.8.13.101Using device /dev/e1000g (promiscuous mode)29 ^C

root@multimus01:/space/snoop> /usr/sbin/snoop -i ldap.ldaps -v -x 0 > ldapsroot@multimus01:/space/snoop> egrep "secret|Manager|rapid" ldaps

./Services/LDAP/Sikkerhed/index.php

masser i /var/adm/message.

touch /opt/csw/etc/hosts.deny /opt/csw/etc/hosts.allow

ved ikke lige nu om der skal stå noget i filerne.. Altså om det er usikkert at have to tomme?

# svcs -a | grep ftpdisabled 15:11:20 svc:/network/ftp:default

root@ldap01:/opt/csw/etc/openldap# chmod 700 .

## filename: /opt/csw/etc/openldap/slapd.conf

root@ldap01:/# openssl verify -CApath /opt/csw/etc/ssl/certs /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.crt /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.crt: /C=DK/O=*.hst.aau.dk/OU=GT37764821/OU=See www.rapidssl.com/resources/cps (c)07/OU=Domain Control Validated - RapidSSL(R)/CN=*.hst.aau.dkerror 20 at 0 depth lookup:unable to get local issuer certificateroot@ldap01:/# openssl x509 -noout -hash -in /opt/csw/etc/ssl/certs/rapidsslroot.cer74c26bd0root@ldap01:/# cp -p /opt/csw/etc/ssl/certs/rapidsslroot.cer /opt/csw/etc/ssl/certs/74c26bd0.0root@ldap01:/# openssl verify -CApath /opt/csw/etc/ssl/certs /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.crt /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.crt: OK

## TLS options for slapdTLSCipherSuite HIGHTLSCACertificatePath /opt/csw/etc/ssl/certsTLSCertificateFil /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.crtTLSCertificateKeyFile /opt/csw/etc/ssl/certs/wildcard.hst.aau.dk.key

## Users can write a new password and authenticateaccess to attrs=userPassword, attrs=sambaLMPassword, attrs=sambaNTPassword by self write by * auth

# Se den her - ukrypteret lokalt, men s eskternt..slapd -h ldap://127.0.0.1/ ldaps:///

Og konfigurationen laves sådan, så det bliver pernament.

root@ldap01:/# cp /opt/csw/share/doc/openldap/openldaprc /opt/csw/etc/openldaprcroot@ldap01:/# vi /opt/csw/etc/openldaprc root@ldap01:/# diff /opt/csw/share/doc/openldap/openldaprc /opt/csw/etc/openldaprc33c33< #SLAPD_URL_LIST=ldap:///---> SLAPD_URL_LIST="ldap://127.0.0.1/ ldaps:///"root@ldap01:/# svcadm enable cswopenldaproot@ldap01:/# psg slapd UID PID PPID C STIME TTY TIME CMD root 17920 614 0 15:27:26 ? 0:00 /opt/csw/libexec/slapd -h ldap://127.0.0.1/ ldaps:///

./Services/LDAP/SASL/index.php

SASLOm det her er smart - det ved jeg ikke helt endnu. Det handler om at man bruger SASL, Simple Authentication and Security Layer, til at lave login ogefterfølgende mapper til en bruger i LDAP ved hjælp af en regular expression. Måske er det noget med at have i systembrugere som kan defineres til at lavebestemte opslag.

SASL skal konfigureres til at vide om slapd. Og fortælle hvor password databasen er:

root@ldap01:/opt/csw/etc/openldap# vi ../../lib/sasl2/slapd.confroot@ldap01:/opt/csw/etc/openldap# cat ../../lib/sasl2/slapd.confpwcheck_method: auxpropsasldb_path: /opt/csw/etc/sasldb2

Der skal leves en regular expression til slapd.

root@ldap01:/opt/csw/etc/openldap# vi slapd.conf root@ldap01:/opt/csw/etc/openldap# ggrep -A1 ^authz slapd.confauthz-regexp "^uid=([^,]+).*,cn=auth$" "uid=$1,ou=people,dc=hst,dc=aau,dc=dk"root@ldap01:/opt/csw/etc/openldap# svsadm restart cswopenldap

Der skal laves et password.

root@ldap01:/opt/csw/etc/openldap# saslpasswd2 -c -u hst.aau.dk henrikroot@ldap01:/opt/csw/etc/openldap# sasldblistusers2 [email protected]: [email protected]: cmusaslsecretOTP

Nu kan jeg logge ind med sit SASL-password, der ikke behøver at være det samme, som man har i LDAP.

root@ldap01:/opt/csw/etc/openldap# ldapsearch -LLL -U [email protected] "(uid=h*)" cnSASL/DIGEST-MD5 authentication startedPlease enter your password: SASL username: [email protected] SSF: 128SASL installing layersdn: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkcn: Henrik Larsen

realm kan skrive ind som default i slapd.conf, så det ikke behøver at blive opgivet på kommandolinie.

root@ldap01:/opt/csw/etc/openldap# ggrep -A3 SASL slapd.conf

Page 100: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

100 of 127 11/10/08 12:44

## SASL configureationsasl-realm hst.aau.dkauthz-regexp "^uid=([^,]+).*,cn=auth$" "uid=$1,ou=people,dc=hst,dc=aau,dc=dk"root@ldap01:/opt/csw/etc/openldap# svcadm restart cswopenldap

root@ldap01:/opt/csw/etc/openldap# ldapsearch -LLL -U henrik "(sn=l*)" cnSASL/DIGEST-MD5 authentication startedPlease enter your password: SASL username: henrikSASL SSF: 128SASL installing layersdn: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkcn: Henrik Larsen

Jeg fjerner password igen...

root@ldap01:/opt/csw/etc/openldap# saslpasswd2 -d -u hst.aau.dk henrikroot@ldap01:/opt/csw/etc/openldap# sasldblistusers2

Måske skal hele denne konfiguration fjernes igen?

./Services/LDAP/Berigelse/index.php

BerigelseBerigelse ved hjælp af PHP-scripts

Der er nogle scripts i /opt/csw/etc/openldap/bin på maskinen ldap01som kan bruges til at vedligeholde LDAP med. Der er flere end de strengt nødvendige. Her erlidt forklaring til et par stykker af de vigtigtste.

syncmysql-ldap.php bruges til at syncronisere mellem MySQL og LDAP. Den fjerner dn (en eller flere) fra LDAP, hvad der ikke er i MySQL og tilføjer, hvad denfinder i MySQL og som ikke allerede er i LDAP.

root@ldap01:/opt/csw/etc/openldap/bin# ./syncmysql-ldap.php Added to LDAP: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkDeleted from LDAP: uid=henrik2,ou=people,dc=hst,dc=aau,dc=dk

sync_passwd.php synkroniserer CRYPT-password i LDAP fra MySQL.

root@ldap01:/opt/csw/etc/openldap/bin# ./sync_passwd.phpRepaced password for: uid=henrik,ou=people,dc=hst,dc=aau,dc=dk

Begge ovennævnte scripts kører i cron på maskinen ldap01.

ldapdelete.php kan slette en eller flere brugere. Man giver brugernavne som argunter.

root@ldap01:/opt/csw/etc/openldap/bin# ./ldapdelete.php henrik magnus dummyDeleted from LDAP: uid=henrik,ou=people,dc=hst,dc=aau,dc=dkDeleted from LDAP: uid=magnus,ou=people,dc=hst,dc=aau,dc=dkNot found in LDAP: uid=dummy,ou=people,dc=hst,dc=aau,dc=dk

ldapdelete.allpeople.php sletter alle brugenavne under i træet ou=people,dc=hst,dc=aau,dc=dk.. Herefter kan de genindsættes med syncmysql-ldap.php.

root@ldap01:/opt/csw/etc/openldap/bin# ./ldapdelete.allpeople.phpDeleted from LDAP: uid=move03,ou=people,dc=hst,dc=aau,dc=dkDeleted from LDAP: uid=chp,ou=people,dc=hst,dc=aau,dc=dkDeleted from LDAP: uid=torben,ou=people,dc=hst,dc=aau,dc=dk...klipDeleted from LDAP: uid=cgo,ou=people,dc=hst,dc=aau,dc=dkDeleted from LDAP: uid=magnus,ou=people,dc=hst,dc=aau,dc=dkDeleted from LDAP: uid=henrik,ou=people,dc=hst,dc=aau,dc=dk

Deleted: 861Delete failed: 0Not in LDAP: 0

You may want to run syncmysql-ldap.php now ..

Der ud over er der nogle få scripts som er brugt undervejs til forskelligt. Der er også et par eksempler på noget iperl.

Den første berigelse

Vi skal i luften til tirsdag morgen (1. april 2008), hvor Wofie08 starter op. Hvis vi har studerende med der, vil de vist for brug for det i forbindelse, mednoget trådløst..

Det skal laves, så der synkroniseres fra database, men det nåede jeg ikke at få klar her til morgen.

henrik@gracilis:~/ldap/MigrationTools-47> ypcat passwd | grep -v ^S_ | grep -v "^.*:\*" | sort > ../password.allhenrik@gracilis:~/ldap/MigrationTools-47> ./migrate_passwd.pl ../password.all > ../ldif.allhenrik@gracilis:~/ldap/MigrationTools-47> wc -l ../password.all 857 ../password.all

Og på ldap-serveren..

root@ldap01:/opt/csw/etc/openldap/ldif# scp [email protected]:ldap/ldif.all .root@ldap01:/opt/csw/etc/opoenldap/ldif# ldapadd -D "cn=Manager,dc=hst,dc=aau,dc=dk" -W -x -v -f ldif.allroot@ldap01:/opt/csw/etc/openldap/ldif# ldapsearch -LLL -D "cn=Manager,dc=hst,dc=aau,dc=dk" \> -b "ou=people,dc=hst,dc=aau,dc=dk" -W -x -v -H ldaps://ldap01.hst.aau.dk "(uid=*)" uid | grep ^uid | wc -lldap_initialize( ldaps://ldap01.hst.aau.dk )Enter LDAP Password: filter: (uid=*) requesting: uid 857

Nu er der fyldt i den og tjekket at Torben og jeg kan loggen ind på test-siden: https://ldapmeta.hum.aau.dk/testsuite/.

./Services/Samba/Passwd/index.php

Manuel tvangsskift af samba password

Grundlæggende skal vi selvfølgelig vide, at den person det skal gøres for, er den som han/hun gir sig ud for at være.

henrik@aegir:~> sudo /pack/samba-2.2.12/bin/smbpasswd -U USERNAME

./Services/Samba/index.php

SambaMaaske er vaerdt at se paa den samba som kommer med Solaris?

De tager sig jo af ZFS ACL og andre ting som er specifikke for Solaris.

Se http://blogs.sun.com/timthomas/entry/samba_and_swat_in_solaris

Page 101: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

101 of 127 11/10/08 12:44

./Services/Samba/Maximus/index.php

SambaNogle stier

Samba bor her i på Maximus

/pack/samba-3.0.28

Det er følgende mapper

bin/ etc/ include/ lib/ private/ sbin/ share/ src/ swat/ var/

Sambas konfigurationsfil

lib/smb.conf

Sambas passwordfil

private/smbpasswd

Share- og printdefinationer

etc/print.definitions.confetc/printcapetc/share.definitions.conf

Printer-drivere

var/locks/ntdrivers.tdbvar/locks/ntprinters.tdbvar/locks/printing/var/locks/printing/printers.tdbvar/locks/printing/drivers/var/locks/printing/drivers/WIN40var/locks/printing/drivers/W32X86

916 svccfg validate nmbd.xml 917 svccfg validate smbd.xml 918 svccfg import smbd.xml 919 svccfg import nmbd.xml 920 svcs -a | grep mbd

923 svcadm enable svc:/network/nmbd:default

svcadm enable svc:/network/smbd:default

iroot@maximus:~/samba> psg nmbd |wc -l 42

Øhhh... 42 instanser ..?

svcadm disable svc:/network/nmbd:default svcadm disable svc:/network/smbd:default

Efter nogle tests så ligner detinetd måden.. De starter først når de bliver kaldt..? Fjerner dem igen

root@maximus:/pack/samba/var/locks> svcs -a | grep mbddisabled 13:38:25 svc:/network/nmbd:defaultdisabled 14:00:11 svc:/network/smbd:default

root@maximus:/pack/samba/var/locks> svccfg delete svc:/network/smbdroot@maximus:/pack/samba/var/locks> svccfg delete svc:/network/nmbdroot@maximus:/pack/samba/var/locks> svcs -a | grep mbd

./Services/Samba/Maximus/Bygge_en_ny/index.php

Ny sambaVi skal lave en ny samba på maximus. Blastwave har en, men den er ikke ny, så vi laver en selv.

Først skal vi have et sted til den

root@maximus:~> cd /space/pack-local/root@maximus:/space/pack-local> mkdir samba-3.0.28root@maximus:/space/pack-local> chown henrik:henrik samba-3.0.28root@maximus:/space/pack-local> change /etc/auto.pack-sol86root@maximus:/space/pack-local> vi /etc/auto.pack-sol86root@maximus:~> diff /etc/auto.pack-sol86 /etc/auto.pack-sol86.henrik-080123-11\:36 3d2< samba-3.0.28 -rw localhost:/space/pack-local/samba-3.0.28

Så laver vi den.

henrik@maximus:~> cd /pack/samba-3.0.28henrik@maximus:/pack/samba-3.0.28> henrik@maximus:/pack/samba-3.0.28> mkdir srchenrik@maximus:/pack/samba-3.0.28> cd srchenrik@maximus:/pack/samba-3.0.28/src> export PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/opt/csw/gcc4/binhenrik@maximus:/pack/samba-3.0.28/src> cp ~/samba/samba-3.0.28.tar.* .henrik@maximus:/pack/samba-3.0.28/src> gtar xvfz samba-3.0.28.tar.gz henrik@maximus:/pack/samba-3.0.28/src/samba-3.0.28/source> ./configure --prefix=/pack/samba-3.0.28 --with-quotas --with-acl-support --with-syslog --with-utmp 2>&1 | tee ../../configure.loghenrik@maximus:/pack/samba-3.0.28/src/samba-3.0.28/source> make 2>&1 | tee ../../make.loghenrik@maximus:/pack/samba-3.0.28/src/samba-3.0.28/source> make install 2>&1 | tee ../../make_install.loghenrik@maximus:/pack/samba-3.0.28/src/samba-3.0.28/source> cd ../../../henrik@maximus:/pack/samba-3.0.28> ls -Fbin/ include/ lib/ private/ sbin/ share/ src/ swat/ var/henrik@maximus:/pack/samba-3.0.28> sbin/smbd -VVersion 3.0.28henrik@maximus:/pack/samba-3.0.28> cp /opt/csw/etc/samba/smb.conf .

Og der kører en samba fra Blastwave som jeg stopper.

root@maximus:~> psg mbd UID PID PPID C STIME TTY TIME CMD root 23910 1 0 Jan 16 ? 0:11 /opt/csw/sbin/smbd -D root 23908 1 0 Jan 16 ? 6:52 /opt/csw/sbin/nmbd -D root 23911 23910 0 Jan 16 ? 0:01 /opt/csw/sbin/smbd -Droot@maximus:~> kill 23910 23908 23911

Så starter jeg den nye.

root@maximus:~> /pack/samba-3.0.28/sbin/smbd -Droot@maximus:~> /pack/samba-3.0.28/sbin/nmbd -Droot@maximus:~> psg mbd

Page 102: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

102 of 127 11/10/08 12:44

UID PID PPID C STIME TTY TIME CMD root 16140 1 0 13:55:48 ? 0:00 /pack/samba-3.0.28/sbin/smbd -D root 16141 16140 0 13:55:48 ? 0:00 /pack/samba-3.0.28/sbin/smbd -D root 16147 1 0 13:55:57 ? 0:00 /pack/samba-3.0.28/sbin/nmbd -D

./Services/Samba/Maximus/Validere_tar_ball/index.php

Validere sambapakke med GNU Privacy Guard

Først må vil hav efat i pakken

henrik@illiacus:~/samba> wget http://us1.samba.org/samba/ftp/stable/samba-3.0.28.tar.gzhenrik@illiacus:~/samba> wget http://us1.samba.org/samba/ftp/stable/samba-3.0.28.tar.asc

.. og validere

henrik@cerebrum01:~/samba> gpg samba-3.0.28.tar.asc Detached signature.Please enter name of data file: samba-3.0.28.tar.gzgpg: Signature made Mon Dec 10 17:04:46 2007 CET using DSA key ID 6568B7EAgpg: Can't check signature: public key not found

henrik@cerebrum01:~/samba> export http_proxy=http://wwwproxy.hst.aau.dk:3128 henrik@cerebrum01:~/samba> gpg --keyserver=x-hkp://pgp.mit.edu --recv-keys 6568B7EAgpg: requesting key 6568B7EA from hkp server pgp.mit.edugpg: /home/henrik/.gnupg/trustdb.gpg: trustdb createdgpg: key 6568B7EA: public key "Samba Distribution Verification Key " importedgpg: no ultimately trusted keys foundgpg: Total number processed: 1gpg: imported: 1

henrik@cerebrum01:~/samba> gpg samba-3.0.28.tar.asc Detached signature.Please enter name of data file: samba-3.0.28.tar.gzgpg: Signature made Mon Dec 10 17:04:46 2007 CET using DSA key ID 6568B7EAgpg: BAD signature from "Samba Distribution Verification Key "

henrik@cerebrum01:~/samba> gunzip samba-3.0.28.tar.gz henrik@cerebrum01:~/samba> gpg samba-3.0.28.tar.asc gpg: Signature made Mon Dec 10 17:04:46 2007 CET using DSA key ID 6568B7EAgpg: Good signature from "Samba Distribution Verification Key "gpg: WARNING: This key is not certified with a trusted signature!gpg: There is no indication that the signature belongs to the owner.Primary key fingerprint: 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA

./Services/Samba/PDC/index.php

Primary Domain ControllerWindows-maskiner der bruge samba-serveren som PDC (Primary Domain Controller) skal registreres. Det er i princippet på sammen måde som en bruger. Der skal lavesen linie i passwordfilern på systemet og den skal laves en linie i sambapassword-filen. Forskellen fra en almindelige bruger er at der ikke noget homedir ognogen shell. Desuden tilføjes et dollar-tegn til navnet. Dollartegner bruges ikke på selve windowsmaskinen, men kun i passwordfiler på systemet.

På systemet

root@aegir:~> vipwroot@aegir:~> grep jsm2 /etc/passwd /etc/shadow/etc/passwd:jsm2-bb$:x:1535:1500:SambaMachine:/dev/null:/bin/false/etc/shadow:jsm2-bb$:*LK*:::::::root@aegir:~> /pack/samba-2.2.12/bin/smbpasswd -a -m jsm2-bb$

I Windows

På Windows maskinen skal men ændre på "lokale sikkerheds indstillinger".

Fra menuen kan det gøres

Kontrolpanelet -> Computer Administration -> Sikkerheds indstillinger -> Lokale instilliner -> Sikkerhed

Make sure to disable the following policies:

Domain Member: Digitally encrypt or sign secure channel data (always) Domain Member: Digitally sign secure channel data (when possible)

Det kan også gøre ved at skyde følgende ind i registreringsbasen.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]"requiresignorseal"=dword:00000000"signsecurechannel"=dword:00000000

Dette findes i en reg-fil, som kan downloades her: local_policies_domain.reg

Lokal administrator

Det vil ofte være nødvendigt at gøre en eller flere til lokal administratorer på maskinen. Mere ...

Problemer

Jeg har oplevet at windows pludselig vil "cache" netværksfilsystemer, når den er kommet på domæne. Mere...

./Services/SunONE_Calender/Oprette_Lokaler/index.php

Opret lokalerJeg har brugt dette script en gang.

(cd /pack/cs-5.1.11hf1.12/SUNWics5/cal/bin

CalendarID="D2-117"CalendarName="Lab: EMG and motor unit"CalendarDescription="EMG and motor unit Laboratory"./csresource -c "$CalendarID" -t "$CalendarDescription" -o icsadmin create "$CalendarName" )

Dette er i /home/magnus/UNIX/admin/SunONE_Calendar, meget rodet..... /Magnus

Efter dette maa man ind som icsadmin i calenderen, og rette permissionerne. ....eller, det KAN man goere. Man kan ogsaa lave et script, men det andet er nemmere.

CAPS sinnum atta

Nye lokaler i E-bygningenHer viser jeg saa hvordan jeg lavede de lokaler. Alt i een fil, saaledes at jeg husker det til naeste gang. ....som nok ikke bliver, da vi skal over paa Zimbra:-)

Page 103: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

103 of 127 11/10/08 12:44

magnus@aegir:~/UNIX/admin/SunONE_Calendar# sudo ./Add_E-lokaler.shPassword:+ tee Add_E-lokaler.out + cd /pack/cs-5.1.11hf1.12/SUNWics5/cal/bin CalendarID=E4-107CalendarName=Lab: Wet laboratoryCalendarDescription=MedIS wet laboratory+ ./csresource -c E4-107 -t MedIS wet laboratory -o icsadmin create Lab: Wet laboratory Calendar E4-107 has been createdcn=Lab: Wet laboratory,dc=hst,dc=auc,dc=dk has been createdCalendarID=E3-104CalendarName=Room: Study roomCalendarDescription=MedIS study room+ ./csresource -c E3-104 -t MedIS study room -o icsadmin create Room: Study room Calendar E3-104 has been createdcn=Room: Study room,dc=hst,dc=auc,dc=dk has been createdCalendarID=E3-117CalendarName=Room: MedIS Consulting roomCalendarDescription=MedIS Consulting room+ ./csresource -c E3-117 -t MedIS Consulting room -o icsadmin create Room: MedIS Consulting room Calendar E3-117 has been createdcn=Room: MedIS Consulting room,dc=hst,dc=auc,dc=dk has been createdCalendarID=E3-103CalendarName=Room: MedIS Consulting roomCalendarDescription=MedIS Consulting room+ ./csresource -c E3-103 -t MedIS Consulting room -o icsadmin create Room: MedIS Consulting room Calendar E3-103 has been createdE3-103 is already createdCalendar E3-103 has been deletedCalendarID=E3-110aCalendarName=Lab: Sports labCalendarDescription=Sports laboratory+ ./csresource -c E3-110a -t Sports laboratory -o icsadmin create Lab: Sports lab Calendar E3-110a has been createdcn=Lab: Sports lab,dc=hst,dc=auc,dc=dk has been createdmagnus@aegir:~/UNIX/admin/SunONE_Calendar#

Man kan se at E3-103 fejler....og det skyldes foelgende:

magnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# sudo ./cscal list loow:e3-103loow:e3-103: owner=loow status=enabledmagnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# sudo ./cscal delete loow:e3-103Do you really want to delete these calendars? (y/n) yCalendar loow:e3-103 has been deletedmagnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# sudo ./cscal list loow:e3-103Unable to access calendar loow:e3-103

Ja, saa kan man ogsaa se loesningen :-) Stadig problemer...

magnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# sudo ./cscal list |grep -i e3-103loow:e3-1037117/116: owner=loow status=enabled

og saa

magnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# sudo ./cscal list |grep -i e3-103loow:e3-1037117/116: owner=loow status=enabledmagnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# sudo ./cscal list loow:e3-1037117/116loow:e3-1037117/116: owner=loow status=enabledmagnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# sudo ./cscal delete loow:e3-1037117/116Do you really want to delete these calendars? (y/n) yCalendar loow:e3-1037117/116 has been deletedmagnus@aegir:/pack/cs-5.1.11hf1.12/SUNWics5/cal/bin# cd -/home/magnus/UNIX/admin/SunONE_Calendar/home/magnus/UNIX/admin/SunONE_Calendarmagnus@aegir:~/UNIX/admin/SunONE_Calendar# sudo ./Add_E3-103.sh+ tee Add_E3-103.out + cd /pack/cs-5.1.11hf1.12/SUNWics5/cal/bin CalendarID=E3-103CalendarName=Room: MedIS Consulting roomCalendarDescription=MedIS Consulting room+ ./csresource -c E3-103 -t MedIS Consulting room -o icsadmin create Room: MedIS Consulting room Calendar E3-103 has been createdE3-103 is already createdCalendar E3-103 has been deleted

....hmmmm, nej, stadig problemer?? Ooopps, der er jo to som hedder det samme, saa jeg retter :

magnus@aegir:~/UNIX/admin/SunONE_Calendar# sudo ./Add_E3-103.shPassword:+ tee Add_E3-103.out + cd /pack/cs-5.1.11hf1.12/SUNWics5/cal/bin CalendarID=E3-103CalendarName=Room: MedIS Consulting room 2CalendarDescription=MedIS Consulting room+ ./csresource -c E3-103 -t MedIS Consulting room -o icsadmin create Room: MedIS Consulting room 2 Calendar E3-103 has been createdcn=Room: MedIS Consulting room 2,dc=hst,dc=auc,dc=dk has been createdmagnus@aegir:~/UNIX/admin/SunONE_Calendar#

./Services/SunONE_Calender/LDAP_Console/index.php

SunONE LDAP ConsoleNogle ting kan kun laves derindefra. Fx at lave grupper.

Eller, rettere sagt, det er det som jeg indtil videre har kunnet finde ud af. Det maa vaere muligt fra php eller perl, og det vil jeg godt nok hellere :-)

magnus@aegir:/pack/directory-5.2/mps# ./startconsole

Men desvaerre virker det ikke saerlig godt paa VNC. Det nedenstaaende triks har jeg dog brugt med held, for at rette Password i LDAP:

magnus@gracilis:~# ssh -X -Y aegir Last login: Tue Sep 25 02:28:09 2007 from gracilis.miba.a Sun Microsystems Inc. SunOS 5.8 Generic February 2000magnus@aegir:~# cd /pack/directory-5.2/mps magnus@aegir:/pack/directory-5.2/mps# ./startconsole

Sa litli + _

./Services/SunONE_Calender/index.php

./Services/SunONE_Calender/Lokale_Problemer/index.php

Problemer med lokalerVi har haft problemer med at omdoebe nogle lokaler. Vi har haft problemer med at omdoebe nogle lokaler.

Saadan som jeg har forstaaet det, saa skal D3-111 vaere "Lab: Thermography and blood Flow" og med den lange som "Cutaneous Pain Thermography and Blood Flow".

Og A2-107 skal vaere "Lab: MC Split Belt Portable Stretcher" og med den lange som "Motor Control Lab, Split Belt Treadmill, Portable Stretch Device".

Det her ser saa umiddelbart rigtigt ud: (Det kan godt passe at jeg har lavet det lidt kortere)

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./cscal -v list D3-111D3-111: owner=icsadmin status=enabled name=Lab: Thermography description=Thermography and blood flow other owners=

Page 104: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

104 of 127 11/10/08 12:44

double book=no aces=@@o^c^WDEIC^g;@@o^a^RSF^g;@^a^frs^g;@^c^^g;@^p^r^g email= time zone= categories= character set= language code= created=Dec 22, 2004 09:34:14 GMT last modified=Nov 21, 2006 14:16:48 GMT number of events=43 number of tasks=0

Og A2-107 ser ogsaa ok ud som calender:

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./cscal -v list A2-107A2-107: owner=icsadmin status=enabled name=Lab: MC Split Belt, Stretcher description=Motor Control Lab, Split Belt Treadmill, Portable Stretch Device other owners= double book=no aces=@@o^c^WDEIC^g;@@o^a^RSF^g;@^a^fr^g;@^c^^g;knl^a^frs^g;knl^c^dw^g;mg^a^frs^g;mg^c^dw^g;eansari^a^frs^g;eansari^c^^g;sarazdan^a^frs^g;sarazdan^c^^g;richardk^a^frs^g;richardk^c^^g;@^p^r^g;knl^p^r^g;mg^p^r^g;eansari^p^r^g;sarazdan^p^r^g;richardk^p^r^g email= time zone= categories= character set= language code= created=Oct 26, 2006 10:42:14 GMT last modified=Nov 21, 2006 14:32:31 GMT number of events=8 number of tasks=0

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource list | egrep "A2-107|D3-111"cn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has icsCalendar: D3-111cn=Lab: MC Split Belt Portable Stretcher,dc=hst,dc=auc,dc=dk has icsCalendar: A2-107

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource list "Lab: MC Portable Stretch Device"cn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has cn: Lab: MC Portable Stretch Devicecn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has icsCalendar: D3-111

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource list "Lab: MC Split Belt Portable Stretcher"cn=Lab: MC Split Belt Portable Stretcher,dc=hst,dc=auc,dc=dk has cn: Lab: MC Split Belt Portable Stretchercn=Lab: MC Split Belt Portable Stretcher,dc=hst,dc=auc,dc=dk has icsCalendar: A2-107

Loesningen er herDet viser sig at navnene maa ikke vaere forskellige. Altsaa kan man, ved at rette navnet paa calenderen, tabe forbindelsen helt. Det er helt gak, da man jo nemtkan aendre dette navn, hvis man vil :-\

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource -v list "Lab: MC Portable Stretch Device"cn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has objectClass: topcn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has objectClass: inetResourcecn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has objectClass: icsCalendarResourcecn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has uid: D3-111cn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has icsCalendar: D3-111cn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has cn: Lab: MC Portable Stretch Deviceroot@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource -v delete "Lab: MC Portable Stretch Device"Do you really want to delete this resource? (y/n) ycn=Lab: MC Portable Stretch Device,dc=hst,dc=auc,dc=dk has been deletedCalendar D3-111 has been deleted

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource -c "D3-111" -t "Thermography and blood flow" -o icsadmin create "Lab: Thermography"Calendar D3-111 has been createdcn=Lab: Thermography,dc=hst,dc=auc,dc=dk has been created

Oversigt over situationenDet er en lidt langhaaret kommandolinie, men den giver det noedvendige overblik

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource list|\ awk '/has cn/{cn=substr($0,index($0,"cn:")+4)}/has icsCalendar/{printf("%s,%s\n", $NF,cn)}' |\ sort |\ awk -F, '{print "/usr/ucb/echo -n "$0",";print "./cscal list -v "$1"|\ grep name=|\ sed \"s/ name=//\""}' |\ /bin/sh |\ awk -F, '{if ($2==$3){r="OK"}else{r="--"};printf("%-2s %-25s %-40s %-40s\n",r,$1,$2,$3)}'OK A2-105 Lab: Human Performance Lab: Human Performance -- A2-107 Lab: MC Split Belt Portable Stretcher Lab: MC Split Belt OK D1-101 Lab: Students Lab Lab: Students Lab OK D1-210 Room: MI Meeting Room Room: MI Meeting Room OK D2-117 Lab: EMG and motor unit Lab: EMG and motor unit OK D2-117.EMG-intramuscular LabEq: EMG intramuscular LabEq: EMG intramuscular OK D2-117.EMG_16-I LabEq: EMG_16 I LabEq: EMG_16 I OK D2-117.EMG_16-II LabEq: EMG_16 II LabEq: EMG_16 II OK D2-117.EMG_64 LabEq: EMG_64 LabEq: EMG_64 OK D3-101 Lab: EEG lab Lab: EEG lab OK D3-101.EEG_AmpNuI LabEq: EEG Amplifier Nuamps I LabEq: EEG Amplifier Nuamps I OK D3-101.EEG_AmpNuII LabEq: EEG Amplifier Nuamps II LabEq: EEG Amplifier Nuamps II OK D3-101.EEG_AmpSynI LabEq: EEG Amplifier Synamps I LabEq: EEG Amplifier Synamps I OK D3-101.EEG_AmpSynII LabEq: EEG Amplifier Synamps II LabEq: EEG Amplifier Synamps II OK D3-102 Lab: Withdrawl Reflex Lab Lab: Withdrawl Reflex Lab -- D3-104 Lab: Thermography and Laser-Doppler-Flowmetry Lab: Rodney Wilkins OK D3-111 Lab: Thermography Lab: Thermography OK D3-113 Lab: MC Non-portable stretchers Lab: MC Non-portable stretchers OK D3-113.MTS LabEq: D3-113.MTS LabEq: D3-113.MTS OK D3-113.Pedal LabEq: D3-113.Pedal LabEq: D3-113.Pedal OK D3-207 Room: SMI Meeting Room Room: SMI Meeting Room OK D3-209 Room: SMI Lunch Room Room: SMI Lunch Room OK T1-101_StudentLab Room:T1-101 Room:T1-101 OK T1-102 Room:T1-102 Student Lab Room:T1-102 Student Lab OK T1-103 Room: Student Lab Room: Student Lab

Saadan laver man et med ACLere paa fra start:

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource \ -c "A2-107" \ -a '@@o^c^WDEIC^g;@@o^a^RSF^g;@^a^fr^g;@^c^^g;knl^a^frs^g;knl^c^dw^g;mg^a^frs^g;mg^c^dw^g;eansari^a^frs^g;eansari^c^^g;sarazdan^a^frs^g;sarazdan^c^^g;richardk^a^frs^g;richardk^c^^g;@^p^r^g;knl^p^r^g;mg^p^r^g;eansari^p^r^g;sarazdan^p^r^g;richardk^p^r^g' \ -t 'Motor Control Lab, Split Belt Treadmill, Portable Stretch Device' \ -o icsadmin \ create 'Lab: MC Split Belt/Stretcher' Calendar A2-107 has been createdcn=Lab: MC Split Belt/Stretcher,dc=hst,dc=auc,dc=dk has been created

Og efter at jeg har rettet de to sidste lokaler, ser det saadan ud:

root@aegir:/pack-sol2/cs-5.1.11hf1.12/SUNWics5/cal/bin# ./csresource list|\ awk '/has cn/{cn=substr($0,index($0,"cn:")+4)}/has icsCalendar/{printf("%s,%s\n", $NF,cn)}'|\ sort |\ awk -F, '{print "/usr/ucb/echo -n "$0",";print "./cscal list -v "$1"|\ grep name=|\ sed \"s/ name=//\""}' |\ /bin/sh |\ awk -F, '{if ($2==$3){r="OK"}else{r="--"};printf("%-2s %-25s %-40s %-40s\n",r,$1,$2,$3)}'OK A2-105 Lab: Human Performance Lab: Human Performance OK A2-107 Lab: MC Split Belt/Stretcher Lab: MC Split Belt/Stretcher OK D1-101 Lab: Students Lab Lab: Students Lab OK D1-210 Room: MI Meeting Room Room: MI Meeting Room OK D2-117 Lab: EMG and motor unit Lab: EMG and motor unit OK D2-117.EMG-intramuscular LabEq: EMG intramuscular LabEq: EMG intramuscular OK D2-117.EMG_16-I LabEq: EMG_16 I LabEq: EMG_16 I OK D2-117.EMG_16-II LabEq: EMG_16 II LabEq: EMG_16 II OK D2-117.EMG_64 LabEq: EMG_64 LabEq: EMG_64 OK D3-101 Lab: EEG lab Lab: EEG lab OK D3-101.EEG_AmpNuI LabEq: EEG Amplifier Nuamps I LabEq: EEG Amplifier Nuamps I OK D3-101.EEG_AmpNuII LabEq: EEG Amplifier Nuamps II LabEq: EEG Amplifier Nuamps II OK D3-101.EEG_AmpSynI LabEq: EEG Amplifier Synamps I LabEq: EEG Amplifier Synamps I OK D3-101.EEG_AmpSynII LabEq: EEG Amplifier Synamps II LabEq: EEG Amplifier Synamps II OK D3-102 Lab: Withdrawl Reflex Lab Lab: Withdrawl Reflex Lab OK D3-104 Lab: Rodney Wilkins Lab: Rodney Wilkins OK D3-111 Lab: Thermography Lab: Thermography OK D3-113 Lab: MC Non-portable stretchers Lab: MC Non-portable stretchers OK D3-113.MTS LabEq: D3-113.MTS LabEq: D3-113.MTS OK D3-113.Pedal LabEq: D3-113.Pedal LabEq: D3-113.Pedal OK D3-207 Room: SMI Meeting Room Room: SMI Meeting Room OK D3-209 Room: SMI Lunch Room Room: SMI Lunch Room OK T1-101_StudentLab Room:T1-101 Room:T1-101 OK T1-102 Room:T1-102 Student Lab Room:T1-102 Student Lab OK T1-103 Room: Student Lab Room: Student Lab

./Services/VPN/index.php

VPN tingIndtil videre er det maaske kun radius jeg har noget om.... /Magnus

./Services/VPN/radiusd/index.php

Page 105: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

105 of 127 11/10/08 12:44

radiusVi koerer radiusd paa aegir i oejeblikket. Den bruges af VPN kassen, og af KOM web-siderne til WLAN access.

Det er en freeradius-0.8.1 som vi har nu. Den ligger i /pack/freeradius-0.8.1

Logfilen er i /pack/freeradius-0.8.1/var/log/radius/radius.log

Den koerer fra init.d, under brugernavnet radius.

root@aegir:~# ls -l /etc/init.d/radiusd -rwxr-xr-x 1 root root 450 Apr 3 2003 /etc/init.d/radiusdroot@aegir:~# cat /etc/init.d/radiusd#!/bin/sh## radiusd control script## You probably want to modify this! fra identd#

PIDFILE=/pack/freeradius-0.8.1/var/run/radiusd/radiusd.pidDAEMON=/dist/sbin/radiusd

if [ -f $PIDFILE ]; then pid=`cat $PIDFILE`fi

case $1 in'start') if [ -x $DAEMON ]; then echo Starting $DAEMON $DAEMON fi ;;

'stop') if [ "${pid}" != "" ]; then echo Stopping $DAEMON /usr/bin/kill ${pid} fi ;;

*) echo "usage: $0 {start|stop}" ;;esac

root@aegir:~# id radiusuid=60007(radius) gid=60007(radius)

root@aegir:~# psg radius UID PID PPID C STIME TTY TIME CMD radius 12913 1 0 Jul 18 ? 9:07 /dist/sbin/radiusd

I log-filen ser man connections kommme fra wifi.kom.auc.dk, naar det er web-access foer VPN, og fra vpn1.vpn.auc.dk eller vpn2.vpn.auc.dk

./Henrik/index.php

Henrik LarsenSkolvej 15a9490 Pandrup

Phone No. 9940 9899Mobil No. 6179 5979Home No. 9824 6026

./Henrik/Notater/index.php

REgistrering af maskinerEditering:

vic@quark:~> cd /etc/namedb/cd /etc/namedb/ ./free_ip_on_192.38.49.sh

bash# cd /etc/namedb/bash# ./free_ip_on_192.38.49.sh 2 15-7 314 180-85 6136 1143-145 3169 1179-180 2Free: 18

$ sudo vi.bootptab.staff

$ cd /pack/mibaadmin/dhcp$ sudo make

root@aegir:/> grep ska /etc/bootptab.staff# Vic 8.10.2002 - lasse-pc kun i en kort periode (maskinen skal stå hjem hos ham# skade-bb:tc=.pc-c49:hn:ha=0010a4e51f04:ip=192.38.49.115:ska-bb:tc=.pc-c49:hn:ha=0010a497a8e3:ip=192.38.49.23:

# Vic - 3.1.2005 ska2-bb bundkort skiftet ud# Vic - 5.1.2005 ska2-bb stjålet - udskiftet med gl. HPska2-bb:tc=.pc-c49:hn:ha=00008631fccd:ip=192.38.49.168:

# ska2-bb:tc=.pc-c49:hn:ha=000b5d00d4f1:ip=192.38.49.168:ska3-bb:tc=.pc-c49:hn:ha=000b5d7c8d6d:ip=192.38.49.161:

nslookup

Kan aldrig huske options til nslookup:

$ /usr/sbin/nslookup -type=MX hst.aau.dk$ /usr/sbin/nslookup -type=NS hst.aau.dk

./Henrik/Comsol/Licenser/index.php

COMSOLTjekke for licenser

Dette giver et hurtigt overblik

henrik@biceps:~> cd /pack-sol2/comsol-3.4/license/sol2

henrik@biceps:/pack-sol2/comsol-3.4/license/sol2> ./lmstat -c ../license.dat -a | grep ^Users

Users of SERIAL: (Uncounted, node-locked)Users of CLIENTSERVER: (Total of 3 licenses issued; Total of 0 licenses in use)

Page 106: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

106 of 127 11/10/08 12:44

Users of SCRIPT: (Total of 3 licenses issued; Total of 1 license in use)Users of SCRIPTPROMPT: (Total of 3 licenses issued; Total of 0 licenses in use)Users of SME: (Total of 1 license issued; Total of 0 licenses in use)Users of COMSOL: (Total of 3 licenses issued; Total of 3 licenses in use)Users of COMSOLGUI: (Total of 3 licenses issued; Total of 3 licenses in use)Users of ACDC: (Total of 2 licenses issued; Total of 1 license in use)Users of RF: (Total of 2 licenses issued; Total of 0 licenses in use)

Og mere specifikt på en bestemt toolbox eller som her selve COMSOL

henrik@biceps:/pack-sol2/comsol-3.4/license/sol2> ./lmstat -c ../license.dat -f COMSOL

lmstat - Copyright (c) 1989-2006 Macrovision Europe Ltd. and/or Macrovision Corporation. All Rights Reserved.Flexible License Manager status on Tue 1/15/2008 13:42

Users of COMSOL: (Total of 3 licenses issued; Total of 3 licenses in use)

"COMSOL" v3.4, vendor: LMCOMSOL floating license

jm JM-D620 JM-D620 (v3.3) (idefix/1718 427), start Tue 1/15 13:12 moni moni-pc moni-pc (v3.4) (idefix/1718 1235), start Tue 1/15 11:48 moni cerebrum01 /dev/pts/13 (v3.4) (idefix/1718 729), start Tue 1/15 13:39

Slut..

./Henrik/Comsol/index.php

COMSOLMon Jan 7 12:22:13 MET 2008

Der skal laves et filsystem til Comsol 3.4. Det sidste er lavet i ZFS på maximus og bliver derved automatisk sharet i /export/home/.

Filsystemet skal placeres i NIS automountermappen auto_pack-sol. Den genereres ud fra andre filer. Det ser ud til at der er en til hver maskine, der er i alt fald en til maximus, der hedder auto_pack-sol2@maximus. Den skal vist også sættes i filer til hhv. linux og x86 Solaris.

Filsystmet på maximus

root@maximus:~> /usr/sbin/zfs create z2/p/shared/comsol-3.4

Og vi tjekker at det også er shared:

henrik@maximus:~> /usr/sbin/share | grep comsol- /export/home/comsol-3.3 rw=miba,root=kolga.miba.auc.dk:aegir.miba.auc.dk "" - /export/home/comsol-3.4 rw=miba,root=kolga.miba.auc.dk:aegir.miba.auc.dk ""

Automountermappe på aegir

root@aegir:/var/yp> change ypfiles/auto_pack-sol2\@maximusroot@aegir:/var/yp> ls -ltr ypfiles/auto_pack-sol2\@max*-rw-rw-r-- 1 root root 92 Sep 9 10:27 ypfiles/[email protected]:04-rw-rw-r-- 1 root root 143 Jan 7 11:05 ypfiles/auto_pack-sol2@maximusroot@aegir:/var/yp> vi ypfiles/auto_pack-sol2@maximusroot@aegir:/var/yp> grep comsol-3.4 ypfiles/[email protected] -rw maximus:/export/home/comsol-3.4root@aegir:/var/yp> make -n auto.pack-solroot@aegir:/var/yp> make auto.pack-sol

root@aegir:/var/yp> change ypfiles/auto_pack-linuxroot@aegir:/var/yp> vi ypfiles/auto_pack-linuxroot@aegir:/var/yp> make auto.pack-linux

root@aegir:/var/yp> change ypfiles/auto_pack-sol86 root@aegir:/var/yp> vi ypfiles/auto_pack-sol86 root@aegir:/var/yp> make auto.pack-sol86

Og tjekker

henrik@illiacus:~> ypmatch comsol-3.4 auto.pack-sol2-rw maximus:/export/home/comsol-3.4henrik@illiacus:~> ypmatch comsol-3.4 auto.pack-sol86-ro maximus:/export/home/comsol-3.4henrik@illiacus:~> ypmatch comsol-3.4 auto.pack-linux -rw maximus:/export/home/comsol-3.4

Backup?

Det skal vi også have, men hvordan ved jeg ikke endnu.

Installation af COMSOL

Mon Jan 7 13:30:45 CET 2008

Vi skal have fat i DVD, så den skal mountes og det skal gøres så vi kan køre installeren der fra.

root@cluster2:/# mount -o exec /media/cdrom0root@cluster2:/# exit

Og så installeres den. Den henter lincensen fra server, når man bare kender hostnavn og port.

henrik@cluster2:~> cd /pack/comsol-3.4henrik@cluster2:/pack/comsol-3.4> /cdrom/setup

./Henrik/Solaris_LDAP_auth/index.php

Solaris med LDAP istedet for NISHer forsøger at sætte en maskine til at bruge LDAP som password database og derfor login/auth service for brugere..

I første omgang laver jeg det bare så det virker. Sikkerhed er derfor ikke tænkt med i første omgang

Udgangspunktet er denne side: http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server

Arbejdet er fortaget på en testmaskine, som også er brugt til at teste samba på .. derfor navnet samba00.

Maskinen er lavet ved hjælp af en Solaris OEM installation som vi har som en template i VMWare.

I første omgang skal vi bruge en openldap. Jeg tager den fra Blastwave selvom siden herover snakker om en patchet udgave af openldap.

root@samba00:~# export PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/opt/csw/gcc4/binroot@samba00:~# pkg-get install openldap.. klipConfiguring service in SMFOpenldap is using Service Management Facility. The FMRI is: svc:network/cswopenldap:default

Page 107: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

107 of 127 11/10/08 12:44

Installation of was successful.root@samba00:~# cd /opt/csw/etc/openldaproot@samba00:/opt/csw/etc/openldap# vi slapd.confroot@samba00:/opt/csw/etc/openldap# mkdir /opt/csw/var/openldap-data/hst.aau.dkroot@samba00:/opt/csw/etc/openldap# cd /opt/csw/var/openldap-data/hst.aau.dkroot@samba00:/opt/csw/var/openldap-data/hst.aau.dk# cp ../DB_CONFIG.example DB_CONFIGroot@samba00:/opt/csw/var/openldap-data/hst.aau.dk# cd -root@samba00:/opt/csw/etc/openldap# cd schemaroot@samba00:/opt/csw/etc/openldap/schema# wget http://web.singnet.com.sg/~garyttt/solaris.schema.txtroot@samba00:/opt/csw/etc/openldap/schema# wget http://web.singnet.com.sg/~garyttt/DUAConfigProfile.schema.txtroot@samba00:/opt/csw/etc/openldap/schema# mv solaris.schema.txt solaris.schema root@samba00:/opt/csw/etc/openldap/schema# mv DUAConfigProfile.schema.txt DUAConfigProfile.schemaroot@samba00:/opt/csw/etc/openldap# mkdir ../dataroot@samba00:/opt/csw/etc/openldap# cd ../dataroot@samba00:/opt/csw/etc/openldap/data# ls groups.ldif ldapclient_conf.ldif top.ldif users.ldifroot@samba00:/opt/csw/etc/openldap/data# /opt/csw/sbin/slapadd -v -l top.ldif added: "dc=hst,dc=aau,dc=dk" (00000001)added: "ou=People,dc=hst,dc=aau,dc=dk" (00000002)added: "ou=Group,dc=hst,dc=aau,dc=dk" (00000003)added: "ou=Profile,dc=hst,dc=aau,dc=dk" (00000004)root@samba00:/opt/csw/etc/openldap/data# /opt/csw/sbin/slapadd -v -l ldapclient_conf.ldifadded: "cn=default,ou=Profile,dc=hst,dc=aau,dc=dk" (00000005)root@samba00:/opt/csw/etc/openldap/data# svcadm enable svc:/network/cswopenldap:default && sleep 2 && psg slapd UID PID PPID C STIME TTY TIME CMD root 1116 1 0 11:30:01 ? 0:00 /opt/csw/libexec/slapd

Vi tjekker lige, at den vil spytte noget ud ved anonym forespørgsel. Solaris spørger som anonym i denne test, så derfor skal vi sikre at det kan lade sig gøre..Den spytter i alt fald profilen ud, så det er fint.

root@samba00:~# ldapsearch -x -b "dc=hst,dc=aau,dc=dk" "(objectclass=*)"

dn: cn=default,ou=Profile,dc=hst,dc=aau,dc=dkobjectClass: topobjectClass: DUAConfigProfilecn: defaultdefaultServerList: localhostdefaultSearchBase: dc=hst,dc=aau,dc=dkdefaultSearchScope: onesearchTimeLimit: 30bindTimeLimit: 2credentialLevel: anonymousauthenticationMethod: simplefollowReferrals: TRUEprofileTTL: 43200

Et par kommentarer::Der fyldes ikke egentlig indhold i LDAP - der skabes bare en grundlæggende struktur. Dog, tilføjes en profil som bruges til at lave let konfiguration afldapclient..

Alle filerne kan kikkes igennem her: filer1/

root@samba00:~# change /etc/nsswitch.ldap root@samba00:~# change /etc/nsswitch.confroot@samba00:~# vi /etc/nsswitch.ldaproot@samba00:~# diff /etc/nsswitch.ldap /etc/nsswitch.ldap.root-081106-11\:54 24c24< hosts: files dns---> hosts: ldap [NOTFOUND=return] files28c28< ipnodes: files dns---> ipnodes: ldap [NOTFOUND=return] files

root@samba00:~# domainname hst.aau.dkroot@samba00:~# domainname hst.aau.dk

root@samba00:~# ldapclient -v init -a proxyDN=cn=fake,ou=People,dc=hst,dc=aau,dc=dk -a proxyPassword=xxxx localhostParsing proxyDN=cn=fake,ou=People,dc=hst,dc=aau,dc=dkParsing proxyPassword=xxxxArguments parsed: proxyDN: cn=fake,ou=People,dc=hst,dc=aau,dc=dk proxyPassword: xxxx defaultServerList: localhostHandling init optionAbout to configure machine by downloading a profileNo profile specified. Using "default"findBaseDN: beginsfindBaseDN: ldap not runningfindBaseDN: calling __ns_ldap_default_config()found 1 namingcontextsfindBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=hst.aau.dk))"rootDN[0] dc=hst,dc=aau,dc=dkfound baseDN dc=hst,dc=aau,dc=dk for domain hst.aau.dkProxy DN: cn=fake,ou=People,dc=hst,dc=aau,dc=dkProxy password: {NS1}cacaaaaaCredential level: 0Authentication method: 1No proxyDN/proxyPassword requiredAbout to modify this machines configuration by writing the filesStopping network servicessendmail not runningStopping nscdstop: sleep 100000 microsecondsstop: sleep 200000 microsecondsstop: system/name-service-cache:default... successStopping autofsstop: sleep 100000 microsecondsstop: sleep 200000 microsecondsstop: sleep 400000 microsecondsstop: sleep 800000 microsecondsstop: sleep 1600000 microsecondsstop: sleep 3200000 microsecondsstop: system/filesystem/autofs:default... successldap not runningnisd not runningnis(yp) not runningfile_backup: stat(/etc/nsswitch.conf)=0file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)file_backup: stat(/etc/defaultdomain)=0file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)file_backup: stat(/var/nis/NIS_COLD_START)=-1file_backup: No /var/nis/NIS_COLD_START file.file_backup: nis domain is "hst.aau.dk"file_backup: stat(/var/yp/binding/hst.aau.dk)=-1file_backup: No /var/yp/binding/hst.aau.dk directory.file_backup: stat(/var/ldap/ldap_client_file)=-1file_backup: No /var/ldap/ldap_client_file file.Starting network servicesstart: /usr/bin/domainname hst.aau.dk... successstart: sleep 100000 microsecondsstart: network/ldap/client:default... successstart: sleep 100000 microsecondsstart: system/filesystem/autofs:default... successstart: sleep 100000 microsecondsstart: system/name-service-cache:default... successrestart: sleep 100000 microsecondsrestart: milestone/name-services:default... successSystem successfully configuredroot@samba00:~#

Nu prøver vi at se på om det virker. Med getent group får vi det, som er /etc/group. Med ls -l kan vi se på ejerskab af mapper i /home. Ved at tilføje et pargrupper i LDAP kan vi hurtigt se forskellen.

root@samba00:/opt/csw/etc/openldap/data# getent group | tail -4nobody::60001:noaccess::60002:

Page 108: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

108 of 127 11/10/08 12:44

nogroup::65534:sasl::100:root@samba00:/opt/csw/etc/openldap/data# ls -l /home/total 4drwxr-xr-x 4 11964 11964 512 Oct 28 10:05 henrikdrwxr-xr-x 2 21254 21254 512 Nov 6 11:47 magnus

root@samba00:/opt/csw/etc/openldap/data# ldapadd -D "cn=Manager,dc=hst,dc=aau,dc=dk" -w xxxxxxxx -x -v -f groups.ldif ldap_initialize( )add objectClass: posixGroup topadd cn: henrikadd gidNumber: 11964add memberUid: henrikadding new entry "cn=henrik,ou=Group,dc=hst,dc=aau,dc=dk"modify complete

add objectClass: posixGroup topadd cn: magnusadd gidNumber: 21254add memberUid: magnusadding new entry "cn=magnus,ou=Group,dc=hst,dc=aau,dc=dk"modify completeroot@samba00:/opt/csw/etc/openldap/data# getent group | tail -4nogroup::65534:sasl::100:henrik::11964:henrikmagnus::21254:magnusroot@samba00:/opt/csw/etc/openldap/data# ls -l /home/total 4drwxr-xr-x 4 11964 henrik 512 Oct 28 10:05 henrikdrwxr-xr-x 2 21254 magnus 512 Nov 6 11:47 magnus

Og brugerne ..

root@samba00:/opt/csw/etc/openldap/data# ldapadd -D "cn=Manager,dc=hst,dc=aau,dc=dk" -w xxxxxxxx -x -v -f users.ldif ... klipmodify complete

root@samba00:/opt/csw/etc/openldap/data# getent passwd | tail -2henrik:x:11964:11964:Henrik Larsen:/home/henrik:/bin/bashmagnus:x:21254:21254:Magnus Svavarsson:/home/magnus:/bin/bash

root@samba00:/opt/csw/etc/openldap/data# ls -l /home/total 4drwxr-xr-x 4 henrik henrik 512 Oct 28 10:05 henrikdrwxr-xr-x 2 magnus magnus 512 Nov 6 11:47 magnus

For at brugeren også kan logge ind må der ændres i PAM. Her vælger jeg den lette løsning og bruge eksemplet fra siden:http://docs.sun.com/app/docs/doc/816-4556/schemas-111?a=view.

PAM kender jeg ikke så godt, så derfor heller ikke nogen forklaringer her ;-)

root@samba00:~# change /etc/pam.confroot@samba00:~# echo > /etc/pam.confroot@samba00:~# vi /etc/pam.conf

root@samba00:~# ssh henrik@localhost Password: Last login: Thu Nov 6 12:34:11 2008 from localhostSun Microsystems Inc. SunOS 5.10 Generic January 2005-bash-3.00$-bash-3.00$ passwdpasswd: Changing password for henrikEnter existing login password: New Password: Re-enter new Password: Permission denied

LDAP tillader ikke at man skriver et nyt password, men det kan ændres i slapd.conf

root@samba00:~# change /opt/csw/etc/openldap/slapd.confroot@samba00:~# vi /opt/csw/etc/openldap/slapd.confroot@samba00:~# diff /opt/csw/etc/openldap/slapd.conf /opt/csw/etc/openldap/slapd.conf.root-081106-12\:38 56,59d55< access to attrs=userPassword< by self write< by * authroot@samba00:~# svcadm restart svc:/network/cswopenldap:default && sleep 2 && psg slapd UID PID PPID C STIME TTY TIME CMD root 1936 1 0 13:10:03 ? 0:00 /opt/csw/libexec/slapd

Dette skulle betyde at folk selv kan skrive/ændre deres password. Endvidere betyder det, at pasword ikke listes sammen med andre attributter. Derfor kan andreikke få adgang til cryptstrengen for andre.

-bash-3.00$ passwd passwd: Changing password for henrikEnter existing login password: New Password: Re-enter new Password: passwd: password successfully changed for henrik

Ja, nu kunne jeg skifte password i LDAP med Solaris passwd kommando.

./Henrik/Solaris_LDAP_auth/.filer1/index.php

Indhold af mappen

DUAConfigProfile.schema groups.ldif ldapclient_conf.ldif pam.conf slapd.conf solaris.schema top.ldif users.ldif

./Brugere/StudSTADS/index.php

StudSTADSDette er et system som jeg har lavet til at holde styr paa de studerende. Grupper, semestre osv.

For at se aendringer

magnus@aegir:/pack/STADS/Diffs# ./mysqldiff.sh AAU_user_admin_20080831_132347 > AAU_user_admin_20080831_132347.diff.`ds`magnus@aegir:/pack/STADS/Diffs# cat !$cat AAU_user_admin_20080831_132347.diff.`ds`cat: cannot open AAU_user_admin_20080831_132347.diff.080831-13:26magnus@aegir:/pack/STADS/Diffs# cat AAU_user_admin_20080831_132347.diff.080831-13\:25 Ser paa AAU_user_admin_20080831_132347

Page 109: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

109 of 127 11/10/08 12:44

select PERSON_ID,CPR,STUDIEORDNINGS_START,concat(STUDIEORDNINGS_NAVN,' ',STUDIERETNING_KODE,' ',STUDIERETNING_NAVN),FORNAVNE,EFTERNAVN from AAU_user_admin_20080831_132347 order by CPR,STUDIERETNING_NAVN,STUDIEORDNINGS_NAVN,STUDIEORDNINGS_STARTSer paa AAU_user_adminDiff232a233> 56311 xxxxxx-yyyy 2008-09-01 Individuelt forløb MEDICINF-I Medicinsk Informatik - Individuel STO Sinna Pilgaard Ulrichsen1238a1240> 65736 xxxxxx-yyyy 2008-09-01 Individuelt forløb MEDICINF-I Medicinsk Informatik - Individuel STO Rikke Beck Nielsen2774d2775< 56879 xxxxxx-yyyy 2003-09-01 3.-5. semester SUNDHED-I sundhedsteknologi Kamille Madsen Rosenfalck2775a2777> 56879 xxxxxx-yyyy 2003-09-01 3.-5. semester SUNDHED-I sundhedsteknologi Kamille Madsen Rosenfalckmagnus@aegir:/pack/STADS/Diffs#

./Brugere/Grupper/Gruppedirectories/index.php

GruppedirectoriesVi er desvaerre stadig afhaengige af idefix her. Dette cron-job soerger for at lave en fil i /pack/admin paa idefix, som aegir saa bruger:

/pack/admin/OPRETTELSER/cron.opret.sh

Se crontab for root. Nu har jeg midlertidigt:

0,1,8,9 0 * * * /pack/admin/OPRETTELSER/cron.opret.sh

Det er so om den skal koere naar jeg retter StudSTADS, OG naar jeg har oprettet gruppedirs!

som ogsaa vist laengere nede, saa kommer saadan en mail fra idefix, pga ovenstaaende cron-job, efter at jeg har oprettet gruppedirs paaa maximus:

Ok mht forskelle imellem ../MASTER/NY_group og .NY_group.wc -l /tmp/diff_gr: 30======== diff ../MASTER/NY_group .NY_group (/tmp/diff_gr) ========1988c1988< S_08gr955a:*:57536:jkpe05,mnni05---> 08gr955a:*:57536:jkpe05,mnni05

Ja, saa skal man huske make paa aegir...

Naar grupperne er lavet, saa har vi et script paa maximus til at oprette gruppedirectories med:

root@maximus:/dist/admin/bin# history |tail 20 ls -lut|head 21 cat create_group_dir_for_groups_missing_one.sh 22 create_group_dir_for_groups_missing_one.sh 23 ./create_group_dir_for_groups_missing_one.sh 24 ./create_group_dir_for_groups_missing_one.sh|grep ==== 25 l 26 ./create_group_dir_for_groups_missing_one.sh > new_groups.`ds` 27 mv new_groups.080214-23\:14 new_groups.sh.080214-23\:14 28 /bin/sh -x ./new_groups.sh.080214-23\:14 2>&1 | tee new_groups.log.080214-23\:14 29 history |tail

Og saa skal vi lige koere make paa aegir, efter et par minutter. Jeg er ikke helt sikker, men der sker nogle ting i databasen, som kun koerer hver to minutter.Men om man skal vente med make foer eller efter, det kan jeg ikke helt huske :-)

root@aegir:/var/yp# makeupdated passwdpushed passwdUpdating /pack/admin/users/passwd.mibaupdated netidpushed netidLaver auto_home ud af /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/[email protected] /var/yp/ypfiles/auto_guest@aegir /var/yp/ypfiles/auto_stud@idefix /var/yp/ypfiles/auto_stud@aegir /var/yp/ypfiles/auto_stud@kolga /var/yp/ypfiles/auto_stud@maximus /var/yp/ypfiles/[email protected] /var/yp/ypfiles/auto_guest@aegir /var/yp/ypfiles/auto_gruppe@aegir /var/yp/ypfiles/auto_gruppe@maximus /var/yp/ypfiles/auto_gruppe@kolga /var/yp/ypfiles/auto_phd@kolga /var/yp/ypfiles/auto_phd@maximusupdated auto.homepushed auto.homeupdated auto.studpushed auto.studLaver /var/yp/ypfiles/alias.bioellab alias/var/yp/bin/make_htpasswd.sh bioellab | /bin/awk -F: '{print $1}' >/var/yp/ypfiles/alias.bioellab.tmpchmod 644 /var/yp/ypfiles/alias.bioellab.tmpmv /var/yp/ypfiles/alias.bioellab.tmp /var/yp/ypfiles/alias.bioellabtouch unixgroupaliases.time

Ja, saa skal man vistnok vente i et par minutter mere, eller saa var jeg bare for hurtig foer. Saa bliver navnet paa grupperne nemlig rettet fra S_08grxxx til08grxxx, som bare betyder at de HAR et gruppedirectory.

(Den korte historie bag S_ er, at jeg brugte det til at se de grupper som var nedlagt. Forstaaet paa den maade at gruppedirectory var blevet slettet. Bageftersaa jeg saa at grupperne blev "slettet" lige da de blev oprettet, da der ikke var et gruppedir til dem. Saa......tjah.... /Magnus)

root@aegir:/var/yp# ypcat group|grep 08gr690S_08gr690:*:57527:jsso06,klun06,ljoh06,mlsc06root@aegir:/var/yp# make updated passwdpushed passwdUpdating /pack/admin/users/passwd.mibacat /pack/admin/MASTER/group /pack/admin/MASTER/NY_group > /var/yp/ypfiles/group@idefix# Vi har ogsaa en gammel group@danablue# Jan 9 13:39:57: hedder nu group@mibacat /var/yp/ypfiles/group@miba /var/yp/ypfiles/group@idefix | grep -v \# > /var/yp/ypfiles/groupupdated grouppushed group/var/yp/bin/make_netgroup_student.pl > /var/yp/ypfiles/netgroup.mibastudentscat /var/yp/ypfiles/netgroup.named /var/yp/ypfiles/netgroup.mibastudents | grep -v -w global >/var/yp/ypfiles/netgroup/usr/sbin/makedbm /var/yp/ypfiles/netgroup /var/yp/`domainname`/netgroup(/usr/sbin/revnetgroup < /var/yp/ypfiles/netgroup -u || ( echo "NIS make terminated:" netgroup.time 1>&2; kill -TERM 0 ))| /usr/sbin/makedbm - /var/yp/`domainname`/netgroup.byuser(/usr/sbin/revnetgroup < /var/yp/ypfiles/netgroup -h || ( echo "NIS make terminated:" netgroup.time 1>&2; kill -TERM 0 ))| /usr/sbin/makedbm - /var/yp/`domainname`/netgroup.byhosttouch netgroup.time; updated netgrouppushed netgroupupdated netidpushed netidLaver /var/yp/ypfiles/alias.bioellab alias/var/yp/bin/make_htpasswd.sh bioellab | /bin/awk -F: '{print $1}' >/var/yp/ypfiles/alias.bioellab.tmpchmod 644 /var/yp/ypfiles/alias.bioellab.tmpmv /var/yp/ypfiles/alias.bioellab.tmp /var/yp/ypfiles/alias.bioellabtouch unixgroupaliases.timeroot@aegir:/var/yp# ypcat group|grep 08gr69008gr690:*:57527:jsso06,klun06,ljoh06,mlsc06

En ting som er vigtigt at huske er, at meget (hvis ikke det hele) af denne automatik foregaar paa idefix.

Ja, idefix!

Her er klip fra en mail som kommer automatisk til Magnus:

PINE 4.64 MESSAGE TEXT Folder: INBOX Message 14,355 of 14,355 ALL +

Date: Thu, 14 Feb 2008 23:17:03 +0100 (MET)From: Super-User To: [email protected]: idefix: /pack/admin/OPRETTELSER/opret_fra_database.sh

Ok mht forskelle imellem ../MASTER/NY_group og .NY_group.wc -l /tmp/diff_gr: 38======== diff ../MASTER/NY_group .NY_group (/tmp/diff_gr) ========1936c1936< S_08gr690:*:57527:jsso06,klun06,ljoh06,mlsc06---> 08gr690:*:57527:jsso06,klun06,ljoh06,mlsc061990c1990< S_08gr691:*:57528:amdj06,asko06,tmha06,twha06---> 08gr691:*:57528:amdj06,asko06,tmha06,twha06

./Brugere/Oprettelse/index.php

Oprettelsecd /dist/admin/OPRETTELSER/dist/admin/bin/add_user_auto.sh -d maximus -u mkimura -f"Maiko Kimura" -g smi -p 05A.2LO39hWPc -s 313D37E0B3FE67E3120758FBF9E8A7F8:23E4DB127ADA4E36EA217161494713CA 2>&1 | tee mkimura.add_user_auto.all

root@maximus:/dist/admin/OPRETTELSER# /dist/admin/bin/add_user_auto.sh -d maximus -u paulso -f"Paul Sowman" -g smi -p 0511w9dqcpegU -s 5BD3D57147F5C07AB79AE2610DD89D4C:CA4177FD089CADCABB2F7641CF2800DC 2>&1 | tee paulso.add_user_auto.allKaldes som: /dist/admin/bin/add_user_auto.sh -d maximus -u paulso -fPaul Sowman -g smi -p 0511w9dqcpegU -s 5BD3D57147F5C07AB79AE2610DD89D4C:CA4177FD089CADCABB2F7641CF2800DC

Page 110: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

110 of 127 11/10/08 12:44

paulso*: No such file or directoryCREATEPW=USERNAME=paulsoFULLNAME=Paul SowmanGROUPNAM=smiFILESERV=maximus============================================================================All seems to be ok, now doing the actual work-rw-rw-r-- 1 root root 1717 Aug 4 12:39 paulso.sh+ rsh aegir echo "paulso:*:11886:" >>/var/yp/ypfiles/group@miba + rsh aegir perl -p -i.bak.paulso.smi -e "s/(^smi:.*)/\$1,paulso/" /var/yp/ypfiles/group@miba + rsh aegir echo "paulso:0511w9dqcpegU:11886:11886:Paul Sowman:/home/paulso:/bin/bash" >>/var/yp/ypfiles/passwd.staff@smi + rsh aegir echo "paulso:11886:5BD3D57147F5C07AB79AE2610DD89D4C:CA4177FD089CADCABB2F7641CF2800DC:[U ]:LCT-3C8618C3:Paul Sowman" >>/pack/samba/private/smbpasswd + rsh aegir echo "paulso -rw,nosuid,hard maximus:/export/home/&" >> /var/yp/ypfiles/[email protected] + rsh aegir (cd /var/yp && /usr/ccs/bin/make passwd group auto.home auto.stud auto.staff) Laver /var/yp/ypfiles/passwd.....klip....Add result is: 1

Error: Success

+ rsh aegir /pack/admin/bin/sunone_cal_activate_user.sh paulso uid=paulso,dc=hst,dc=auc,dc=dk has been enabledUnable to access calendar paulsoCalendar paulso has been createdLDAP error 20: Type or value exists+ rsh aegir echo paulso >>/var/yp/ypfiles/alias.smi + rsh ran echo "# Nyoprettelse af paulso smi `date`" >> /home/amanda/HST/disklist + rsh ran echo "maximus /export/home/paulso user-csw-tar-zfs" >> /home/amanda/HST/disklist

./Budget/index.php

BudgettetVi har nogle faste analysenummre som vi skal huske at paafoere alle fakturaer.

./Budget/2008_Plan/index.php

2008 plan for indkoebHer er foerst de tegninger som er lavet mht FC, VMware osv strukturen.

2008_plan_01.pdf den oprindelige2008_plan_01b.pdf med priser2008_plan_02.pdf med to FC switche2008_plan_03.pdf som bruger FC switche til replikering ogsaa2008_plan_04.pdf som tilfoejer lidt mere info...

2008_plan_05.pdf efter snak med I8

Her er preview af 2008_plan_05:

BudgetI det foelgende ser vi priserne, hvor jeg med lysegroent har markeret den del som I8 har i det samlede projekt.

Sun VMware servere, MG priser

Antal Kode Beskrivelse Stykpris Samlet Samlet*7,45 DKK

2 A87-FPZ2BH8GKBA Sun Fire X4200 M2, 2x2220, 4x2GB 2.350 Euro 4.700 Euro 35.015 DKK

6 X4227A-Z X4100/X4200 M2: 2x4GB memory 650 Euro 3.900 Euro 29.055 DKK

6 SG-XPCIE1FC-QF4 4Gb FC Single Port HBA 460 Euro 2.760 Euro 20.562 DKK

2 X8029A-EZ X2100/X2200/X4100/X4200: Quick rails 61 Euro 122 Euro 908 DKK

2 XRB-ST1CE-500G7K 500GB 7.2K RPM SATA HDD 160 Euro 320 Euro 2.384 DKK

Samlet HST 11.802 Euro 87.924 DKK

4 X4227A-Z X4100/X4200 M2: 2x4GB memory 650 Euro 2.600 Euro 19.370 DKK

I alt 14.402 Euro 107.294 DKK

Storage

Antal Kode Beskrivelse Stykpris Samlet DKK

1 StorageTek 6140 16*1TB SATA 151.276 151.276

1 Storage Domain licens HST 7.828 7.828

1 Rack beslag til 6140 1.080 1.080

Samlet HST 160.184

1 Storage Domain licens I8 7.828 7.828

168.012

FiberChannel, SKI-priser

Page 111: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

111 of 127 11/10/08 12:44

Antal Kode Beskrivelse Stykpris Samlet

2 SG-XSWCS-9124-S-Z Cisco 9124 w8-pt Active No SFPs 17.522 35.044

4 SG-XSWCS-4GSFP-S4Z Cisco 4Gb/s-4pk SW FC SFP 1.677 6.708

Samlet HST 41.752

2 SG-XSWCS-9124-S-Z Cisco 9124 w8-pt Active No SFPs 17.522 35.044

4 SG-XSWCS-4GSFP-S4Z Cisco 4Gb/s-4pk SW FC SFP 1.677 6.708

83.504

VMware

Antal Kode Beskrivelse Stykpris Samlet

3 Licens til 2 sockets 17.500 52.500

3 3 aars gold support 9.700 29.100

Samlet HST 81.600

Samlede udgifter

Beskrivelse Pris

Sun VMware servere, MG priser 87.924

Storage 160.184

FiberChannel, SKI-priser 41.752

VMware 81.600

Konsulent tilbagebetaling -3.000

Samlet HST 368.460

I8 ekstra 68.950

Samlet ialt 437.410

x4500 (koebt allerede) 106.500

Konsulent (koebt allerede) 6.000

Samlet HST investering 480.960

./Budget/2008/index.php

Budget 2008budget_2008.pdf

./Budget/2008_ordre/index.php

2008 ordreHer er foerst de tegninger som er lavet mht FC, VMware osv strukturen.

2008_plan_05.pdf efter snak med I8

Her er preview af 2008_plan_05:

OrdreSun VMware servere, MG priser

Antal Kode Beskrivelse Stykpris Samlet Samlet*7,45 DKK

2 A87-FPZ2BH8GKBA Sun Fire X4200 M2, 2x2220, 4x2GB 2.350 Euro 4.700 Euro 35.015 DKK

6 X4227A-Z X4100/X4200 M2: 2x4GB memory 650 Euro 3.900 Euro 29.055 DKK

6 SG-XPCIE1FC-QF4 4Gb FC Single Port HBA 460 Euro 2.760 Euro 20.562 DKK

2 X8029A-EZ X2100/X2200/X4100/X4200: Quick rails 61 Euro 122 Euro 908 DKK

2 XRB-ST1CE-500G7K 500GB 7.2K RPM SATA HDD 160 Euro 320 Euro 2.384 DKK

Samlet HST 11.802 Euro 87.924 DKK

I8 RAM

Antal Kode Beskrivelse Stykpris Samlet Samlet*7,45 DKK

4 X4227A-Z X4100/X4200 M2: 2x4GB memory 650 Euro 2.600 Euro 19.370 DKK

Storage

Page 112: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

112 of 127 11/10/08 12:44

Antal Kode Beskrivelse Stykpris Samlet DKK

1 StorageTek 6140 16*1TB SATA 151.276 151.276

1 Storage Domain licens HST 7.828 7.828

1 Rack beslag til 6140 1.080 1.080

Samlet HST 160.184

FiberChannel, SKI-priser

Antal Kode Beskrivelse Stykpris Samlet

2 SG-XSWCS-9124-S-Z Cisco 9124 w8-pt Active No SFPs 17.522 35.044

4 SG-XSWCS-4GSFP-S4Z Cisco 4Gb/s-4pk SW FC SFP 1.677 6.708

Samlet HST 41.752

VMware

Antal Kode Beskrivelse Stykpris Samlet

3 Licens til 2 sockets 17.500 52.500

3 3 aars gold support 9.700 29.100

Samlet HST 81.600

Samlede udgifter

Beskrivelse Pris

Sun VMware servere, MG priser 87.924

Storage 160.184

FiberChannel, SKI-priser 41.752

VMware 81.600

Samlet HST 371.460

x4500 (koebt allerede) 106.500

Konsulent (koebt allerede) 6.000

Samlet HST investering 483.960

./Typo3/Typo3_Paa_Solaris_10/index.php

Typo3 på Solaris 10

Før du begynder

Download og installer disse programmer med pkg-get

thk@soleus:~# /opt/csw/bin/sudo /opt/csw/bin/pkg-get -i apache2thk@soleus:/# /opt/csw/bin/sudo /opt/csw/bin/pkg-get -i ap2_modphp5thk@soleus:/opt/csw# /opt/csw/bin/sudo /opt/csw/bin/pkg-get -i php5_sessionthk@soleus:/opt/csw# /opt/csw/bin/sudo /opt/csw/bin/pkg-get -i php5_mysqlthk@soleus:~# /opt/csw/bin/sudo /opt/csw/bin/pkg-get -i imagemagickthk@soleus:~# /opt/csw/bin/sudo /opt/csw/bin/pkg-get -i mysql5

For en god ordens skyld så upgrader også de andre pakker. Nogen gange er det nødvendigt for at installere de andre pakker

thk@soleus:/space# /opt/csw/bin/sudo /opt/csw/bin/pkg-get upgrade

Download Typo3 og PhpMyadmin

NB: Versions nummerne passer ikke nødvendigvis

root@soleus:/space# wget http://kent.dl.sourceforge.net/sourceforge/typo3/typo3_src-4.1.1.zip .root@soleus:/space# wget http://heanet.dl.sourceforge.net/sourceforge/typo3/dummy-4.1.1.zip .root@soleus:/space# wget http://belnet.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.10.1-english.zip .

Konfigurer PhpMyadmin

Unzip PhpMyadmin og opret filen config.inc.php (HUSK: Indsæt "php tags")

root@soleus:/space# unzip phpMyAdmin-2.10.1-english.zip -d /opt/csw/apache2/share/htdocs/thk@soleus:/opt/csw/apache2/share/htdocs/phpMyAdmin-2.10.1-english# cat config.inc.php$i = 0;

$i++;$cfg['Servers'][$i]['host'] = 'localhost';$cfg['Servers'][$i]['extension'] = 'mysql';$cfg['Servers'][$i]['connect_type'] = 'tcp';$cfg['Servers'][$i]['compress'] = false;$cfg['Servers'][$i]['auth_type'] = 'http';

Start Apache

root@soleus:/opt/csw/apache2/share/htdocs# svcadm enable cswapache2

Konfigurer og start

thk@soleus:/opt/csw/mysql5# sudo bashroot@soleus:/opt/csw/mysql5# ./mysql_install_db --user=mysqlroot@soleus:/opt/csw/mysql5# /opt/csw/mysql5/bin/mysqladmin -u root password 'new_password'root@soleus:/opt/csw/mysql5# /opt/csw/mysql5/bin/mysqladmin -u root -h soleus password 'new_password'root@soleus:/opt/csw/mysql5# cd /opt/csw/mysql5 ; /opt/csw/mysql5/bin/mysqld_safe &

Unzip og omdøb Typo3

root@soleus:/space# unzip typo3_src-4.1.1.zip -d /opt/csw/apache2/share/htdocs/root@soleus:/space# unzip dummy-4.1.1.zip -d /opt/csw/apache2/share/htdocs/root@soleus:/opt/csw/apache2/share/htdocs# mv dummy-4.1.1/* ../typo3_src-4.1.1/root@soleus:/opt/csw/apache2/share/htdocs# rmdir dummy-4.1.1/root@soleus:/opt/csw/apache2/share/htdocs# mv typo3_src-4.1.1/ NAVN_PAA_SITE

./Typo3/index.php

Notes

Page 113: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

113 of 127 11/10/08 12:44

Typo3doc

./Typo3/Bugs/index.php

Bugs (And how to remove them)

Der vises en tom frame når du prøvet at editere/oprette en side eller content

Hvorfor sker der?Denne fejl opstår normalt hvis du opdatere typo3 og glemmer at for alle extensions "up-to-date" på samme tid

LøsningGå ind under "Ext manager" og opdatere repositorie listen. Derefter vælg "Check for extension updates" og opdatere de gamle extensions

Hvis det ikke virker????

tt_news extensionen kan ikke finde ud af at sortere nyheder efter dato

Hvorfor sker der?Du har opgraderet til MySQL 5.0.51. Se mere info her: Link

LøsningFjern // GROUP BY if (trim($conf['groupBy'])) { $queryParts['GROUPBY'] = trim($conf['groupBy']); $query.=' GROUP BY '.$queryParts['GROUPBY'];} fra filen typo3cont/ext/tt_news/pi/class.tx_ttnews.php

Hvis det ikke virker????

./VMware/001_Tests/nfs-01/index.php

nfs-01Dette er en testmaskine, hvor jeg vil proeve at saette en nfs server, som tager diske fra iSCSI.

Selve den virtuelle maskine er installeret fra et iso-image kaldt SOL_10_807_X86.iso, som er i mappen DVD-images paa 10.11.12.91:/zpool1/vol/nfs001. Dette er dennye maximus01 server.

Bare saadan for at have det dokumenteret, saa har maximus01 med to interfaces, som begge koerer 1Gbit:

root@maximus01:/# ifconfig -alo0: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=1000843 mtu 1500 index 2 inet 130.225.49.221 netmask ffffff00 broadcast 130.225.49.255 ether 0:14:4f:a6:d5:f0 e1000g1: flags=1000843 mtu 1500 index 3 inet 10.11.12.91 netmask ffffff00 broadcast 10.11.12.255 ether 0:14:4f:a6:d5:f1 root@maximus01:/# ndd -get /dev/e1000g0 link_speed1000root@maximus01:/# ndd -get /dev/e1000g1 link_speed1000

Og det samme goer sig gaeldende paa den virtuelle maskine.

root@nfs-01:/# ifconfig -alo0: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=1000843 mtu 1500 index 2 inet 130.225.49.235 netmask ffffff00 broadcast 130.225.49.255 ether 0:50:56:bf:55:1 e1000g1: flags=1000843 mtu 1500 index 3 inet 10.11.12.97 netmask ffffff00 broadcast 10.11.12.255 ether 0:50:56:bf:8:e root@nfs-01:/# ndd -get /dev/e1000g0 link_speed1000root@nfs-01:/# ndd -get /dev/e1000g1 link_speed1000

Den deler dog den ene Gbit, da der koerer en trunk ind til den esx server, er jeg ret sikker paa. Den koerer paa vmnic0:

[root@esx02 root]# ifconfig vmnic0vmnic0 Link encap:Ethernet HWaddr 00:09:3D:12:0D:AD UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47212002 errors:0 dropped:0 overruns:0 frame:0 TX packets:13671248 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:273092723 (260.4 Mb) TX bytes:1311556350 (1250.7 Mb) Interrupt:121

[root@esx02 root]# ifconfig vmnic1vmnic1 Link encap:Ethernet HWaddr 00:09:3D:12:0D:AE UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:129

iSCSI paa nfs-01Her er hvordan jeg fik vmsol10-002 til at se iSCSI targets:

264 iscsiadm add discovery-address 10.11.12.91:3260 265 iscsiadm modify discovery -t enable 266 devfsadm -C -i iscsi 267 iostat -En 268 format 269 ist>grep z1 270 history | grep z1 271 zpool create z1 c2t010000144FA6D5F000002A0047BE9BD4d0 272 zpool create z2 c2t010000144FA6D5F000002A0047BE9BD4d0 264 iscsiadm add discovery-address 10.11.12.91:3260 265 iscsiadm modify discovery -t enable 266 devfsadm -C -i iscsi 267 iostat -En 268 format 269 ist>grep z1 270 history | grep z1 271 zpool create z1 c2t010000144FA6D5F000002A0047BE9BD4d0 272 zpool create z2 c2t010000144FA6D5F000002A0047BE9BD4d0

Og lidt history fra maximus01:

79 zfs create zpool1/vol 80 zfs get zpool1/vol 81 zfs get all zpool1/vol 82 zfs set canmount=off zpool1/vol 83 zfs create -V 500G zpool1/vol/vol1 84 zfs list 85 iscsitadm list target 86 zfs set shareiscsi=on zpool1/vol/vol1 87 iscsitadm list target 88 iscsitadm 89 iscsitadm show 90 iscsitadm show target 91 iscsitadm show -? 92 iscsitadm show admin 93 man iscsitadm

166 zfs set sharenfs='rw=10.11.12.93,root=10.11.12.93' zpool1/vol/nfs001 166 zfs set sharenfs='rw=10.11.12.93,root=10.11.12.93' zpool1/vol/nfs001

253 zfs status zpool1/vol/iscsi01 254 zfs list zpool1/vol/iscsi001 255 zfs get all zpool1/vol/iscsi001 256 zfs set shareiscsi="type=disk" zpool1/vol/iscsi001

265 man iscsitadm 266 iscsitadm list 267 iscsitadm show 268 iscsitadm show -? 269 iscsitadm list -?

Page 114: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

114 of 127 11/10/08 12:44

270 iscsitadm list target 271 iscsitadm list initiator 272 iscsitadm list tpgt 273 iscsitadm show admin 274 iscsitadm show stats 275 man iscsitadm 276 iscsitadm show admin 277 iscsitadm list target -v

323 zfs create -V 500G zpool1/vol/iscsi002 324 zfs set shareiscsi="type=disk" zpool1/vol/iscsi002 325 zfs get all zpool1/vol/iscsi002 326 zfs get all zpool1/vol/iscsi001 327 iscsitadm list target -v 328 iscsitadm list target

De som mangler at lave er at begraense dem som kan se de iSCSI omraader.

Fra iscsitadm(1M):

initiator --iqn|-n iSCSI_node_name local_initiator

To use access control lists you must know the name of the initiator. Since the iSCSI initiator name can be quite long (223 bytes) and made up of a long list of numbers, it is best to enter this information once and then refer to the initiator using a simplified name of local_initiator.

....

modify Options The following are the options and objects for the modify subcommand:... target --acl|-l local_initiator local_target

Adds to the list a local initiator that can access local_target. By adding an initiator to a target all initiators from that point on must be in the ACL..... delete Options The following are the options and objects for the delete subcommand:... target --acl|-l local_initiator local_target

Remove access to local_target by local_initiator. If the initiator is currently logged into the target, this option sends an asynchronous event message to the ini- tiator.

root@maximus01:/# iscsitadm create initiator --iqn iqn.1986-03.com.sun:01:fa28c9f3ffff.47c4727e VMware-nfs-01

Saa skal jeg lige lave en ny iscsishare paa maximus01, og give adgang til den via

iscsitadm modify target --acl VMware-nfs-01 zpool1/vol/iscsi003

eller lignende... Paa esx01 serveren proevede jeg at se om den kunne fortaelle noget om setup'et:

[root@esx01 Windows_XP_Proffessional]# esxcfg-swiscsi --querySoftware iSCSI is enabled[root@esx01 Windows_XP_Proffessional]# esxcfg-swiscsi --scanScanning vmhba32...Doing iSCSI discovery. This can take a few seconds .../usr/sbin/esxcfg-rescan: line 219: 31676 Killed vmkiscsi-tool -R $vmhba >/dev/null 2>&1Rescanning vmhba32...done.On scsi3, removing: 2:0.On scsi3, adding: 2:0.[root@esx01 Windows_XP_Proffessional]#

Lukker for det grafiske loginDet tager jo bare CPU til ingenting

root@nfs-01:/# svcs |grep loginonline Feb_28 svc:/system/console-login:defaultonline Feb_28 svc:/application/graphical-login/cde-login:defaultroot@nfs-01:/# svcadm disable graphical-loginsvcadm: Pattern 'graphical-login' doesn't match any instancesroot@nfs-01:/# svcadm disable graphical-login/cde-login

./VMware/Storage/FibreChannel/index.php

Navngivning af FibreChannel diskeJeg leger lidt, for at se om jeg ikke kan finde en sammenhaeng imellem de havne som findes i VMware, og de navne som er i StorageTek kassen.

Dette skal saa sammenholdes med disse StorageTek vinduer" og specifikt VolumeSummary_hst og VolumeSummary_es.

[root@esx02 HST_01]# ls -l /vmfs/volumes/HST_00lrwxr-xr-x 1 root root 35 Jun 21 17:57 /vmfs/volumes/HST_00 -> 47ee4eb5-b7ad68b7-f8c7-00144fcda458

[root@esx02 HST_01]# esxcfg-vmhbadevs -a -m| grep 47ee4eb5-b7ad68b7-f8c7-00144fcda458vmhba0:0:0:1 /dev/sdc1 47ee4eb5-b7ad68b7-f8c7-00144fcda458

[root@esx02 HST_01]# esxcfg-mpath -q --lun=vmhba0:0:0Disk vmhba0:0:0 /dev/sdc (524288MB) has 4 paths and policy of Most Recently Used FC 131:0.0 2100001b32108f42<->201400a0b848320a vmhba0:0:0 Standby preferred FC 131:0.0 2100001b32108f42<->201500a0b848320a vmhba0:1:0 On active FC 132:0.0 2100001b320f00db<->202400a0b848320a vmhba1:1:0 Standby FC 132:0.0 2100001b320f00db<->202500a0b848320a vmhba1:2:0 On

[root@esx02 HST_01]# ls -l /vmfs/devices/disks/vmhba0:0:0:1lrwxrwxrwx 1 root root 60 Jun 21 18:04 /vmfs/devices/disks/vmhba0:0:0:1 -> vml.0200000000600a0b8000482cac0000056847ee1f6d43534d323030:1

[root@esx02 HST_01]# ls -l /vmfs/devices/disks/vmhba0:0:0:1| awk '{print $NF}'|sort|uniq | awk '{printf substr($1,5,10)"\t"substr($1,15,32)"\t"substr($1,47) "\n"}'0200000000 600a0b8000482cac0000056847ee1f6d 43534d323030:1

Og dette er saa blevet til et script:

[root@esx02 root]# cat bin/list_storage.sh#!/bin/sh

# Jeg vil proeve at lave en liste over de navngivne storage dimser vi har

STORAGE=$1VMID=`ls -l "/vmfs/volumes/$STORAGE" 2>/dev/null | awk '{print $NF}'`

echo VMID=$VMIDif [ "x$VMID" == "x" ]; then echo Ingen storage med dette navn exitfi

VMHBFULL=`esxcfg-vmhbadevs -a -m| grep $VMID | awk '{print $1}'`VMHBSHORT=`echo $VMHBFULL | awk '{print substr($1,1,length($1)-2)}'`

esxcfg-mpath -q --lun=$VMHBSHORT

ls -l /vmfs/devices/disks/$VMHBFULL | awk '{print $NF}'|sort|uniq | awk '{printf substr($1,5,10)"\t"substr($1,15,32)"\t"substr($1,47) "\n"}'

som koerer saadan:

Page 115: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

115 of 127 11/10/08 12:44

[root@esx01 root]# bin/list_storage.sh HST_00VMID=47ee4eb5-b7ad68b7-f8c7-00144fcda458Disk vmhba0:0:0 /dev/sda (524288MB) has 4 paths and policy of Most Recently Used FC 131:0.0 2100001b320fcbd8<->201400a0b848320a vmhba0:0:0 Standby preferred FC 131:0.0 2100001b320fcbd8<->201500a0b848320a vmhba0:1:0 On active FC 132:0.0 2100001b32105241<->202500a0b848320a vmhba1:1:0 On FC 132:0.0 2100001b32105241<->202400a0b848320a vmhba1:0:0 Standby

0200000000 600a0b8000482cac0000056847ee1f6d 43534d323030:1[root@esx01 root]# bin/list_storage.sh HST_01VMID=4803dcc9-d8179933-587e-00144fcda458Disk vmhba0:1:1 /dev/sdd (524288MB) has 4 paths and policy of Most Recently Used FC 131:0.0 2100001b320fcbd8<->201500a0b848320a vmhba0:1:1 Standby preferred FC 131:0.0 2100001b320fcbd8<->201400a0b848320a vmhba0:0:1 On active FC 132:0.0 2100001b32105241<->202400a0b848320a vmhba1:0:1 On FC 132:0.0 2100001b32105241<->202500a0b848320a vmhba1:1:1 Standby

0200010000 600a0b800048320a000008334803e744 43534d323030:1

[root@esx02 root]# bin/list_storage.sh HST_00VMID=47ee4eb5-b7ad68b7-f8c7-00144fcda458Disk vmhba0:0:0 /dev/sdc (524288MB) has 4 paths and policy of Most Recently Used FC 131:0.0 2100001b32108f42<->201400a0b848320a vmhba0:0:0 Standby preferred FC 131:0.0 2100001b32108f42<->201500a0b848320a vmhba0:1:0 On active FC 132:0.0 2100001b320f00db<->202400a0b848320a vmhba1:1:0 Standby FC 132:0.0 2100001b320f00db<->202500a0b848320a vmhba1:2:0 On

0200000000 600a0b8000482cac0000056847ee1f6d 43534d323030:1[root@esx02 root]# bin/list_storage.sh HST_01VMID=4803dcc9-d8179933-587e-00144fcda458Disk vmhba0:1:1 /dev/sdd (524288MB) has 4 paths and policy of Most Recently Used FC 131:0.0 2100001b32108f42<->201500a0b848320a vmhba0:1:1 Standby preferred FC 131:0.0 2100001b32108f42<->201400a0b848320a vmhba0:0:1 On active FC 132:0.0 2100001b320f00db<->202400a0b848320a vmhba1:1:1 On FC 132:0.0 2100001b320f00db<->202500a0b848320a vmhba1:2:1 Standby

0200010000 600a0b800048320a000008334803e744 43534d323030:1

./VMware/Storage/Hastigheder/index.php

root@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin# time mkfile 1G ./1G.1

real 0m10.276suser 0m0.126ssys 0m7.504s

root@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin# time mkfile 1G ./1G.2

real 0m10.782suser 0m0.128ssys 0m7.867s

Saa det er da konsekvent :-) 102MB/s er ikke saa ringe, vel? Og med cp, som jo er baade read og write:

root@hstsysadm:/opt/csw/apache2/share/htdocs/HSTsysadm/bin# time cp 1G.2 1G.3

real 0m16.429suser 0m0.006ssys 0m11.359s

./VMware/Tips/index.php

Jeg kunne ikke fjerne en "Service Console 3" fra de to V20z servere, da jeg var kommet til at saette gateway op til at bruge et bestemt interface. Ved at saettedet til Auto, kunne jeg slette det.

./VMware/Templates/index.php

Templates - i VmwareInden template:

Genrelt

installere vm-toolsat fjerne filer fx /root/*

Specifikt

bash-3.00# rm /space/install/reg.profilebash-3.00# sh /root/bin/preprare_template.sh

Første boot af clon fra template

Sæt hostname og tp-adresse

bash-3.00# sh /root/bin/set_name_and_ip.sh

EFter reboot:

bash-3.00# /opt/csw/bin/pkg-get -Ubash-3.00# /opt/csw/bin/pkg-get -u

Todo

Tjek mangler for Solaris-10-807-core her: mangler.txt

Skriv også gerne på listen..

./VMware/Templates/Solaris-core/index.php

Solaris 10 8/07 coreIntro

Med dette forsøger vi at lave en minimalistisk Solaris, der kan bruges til simple services. Solaris installeres med færrest mulige pakker - Core - reduced network installation. Det er den mindst mulige i installeren til Solaris, hvilket er lidt over 500 Mb.

Her lidt om valgene undervejs: install/

Tjek mangellisten for Solaris-10-807-core her: mangler.txt

Og nu kommer det som jeg egentlig ville dokumentere. Efter installationen gøres følgende for at få en brugbar Solaris til services..

Page 116: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

116 of 127 11/10/08 12:44

# mkdir /root# chmod 700 /root# chown root:root /root# cd /root# vi /etc/passwd# grep ^root: /etc/passwd root:x:0:0:Super-User:/root:/sbin/sh# mount -F hsfs -o ro /dev/dsk/c0t0d0p0 /mnt# cd /mnt/Solaris_10/Product# pkgadd -d . SUNWbash# bashbash-3.00#bash-3.00# pkgadd -d . SUNWwgetubash-3.00# vi /etc/nsswitch.confbash-3.00# grep ^hosts: /etc/nsswitch.confhosts: files dnsbash-3.00# vi /etc/resolve.confbash-3.00# cat /etc/resolv.conf domain miba.auc.dknameserver 130.225.49.2nameserver 130.225.49.6search miba.auc.dk staff.miba.auc.dk hst.aau.dk auc.dkbash-3.00# pkgadd -d http://www.blastwave.org/pkg_get.pkgbash-3.00# cp -p /var/pkg-get/admin-fullauto /var/pkg-get/adminbash-3.00# /opt/csw/bin/pkg-get install wgetbash-3.00# /opt/csw/bin/pkg-get install opensshbash-3.00# pkgrm SUNWwgetubash-3.00# exit# exit

Kan man logge ind via ssh nu?

henrik@sunray01:~> ssh [email protected]: Last login: Wed Apr 16 12:48:58 2008 from sunray01.miba.aSun Microsystems Inc. SunOS 5.10 Generic January 2005#

Så kan jeg komme videre:

# bashbash-3.00# pwd/root

Der er nogle pakker, som jeg allerede opdagede, at jeg ikke kan undvære i denne core version. Der fx ingen ping..

bash-3.00# pkgchk -l -p /usr/bin/viPathname: /usr/bin/viType: linked fileSource of link: ../../usr/bin/editReferenced by the following packages: SUNWcsu Current status: installed

Med pkgchk kan man på anden maskine finde ud af hvilken pakke indeholder en bestemt kommando. I princippet som vist med vi her over.

bash-3.00# ping aegirbash: ping: command not foundbash-3.00# pkgadd -d . SUNWgssbash-3.00# pkgadd -d . SUNWbipbash-3.00# ping aegiraegir is alive

For at kunne patche, skal maskinen registreres med sconadm. Derfor laves reg.profile.

bash-3.00# mkdir /space/installbash-3.00# chmod 700 /space/installbash-3.00# touch /space/install/reg.profilebash-3.00# chmod 600 /space/install/reg.profilebash-3.00# vi /space/install/reg.profilebash-3.00# type sconada bash: type: sconadm: not found

Men sconadm findes ikke. Den skulle være i pakken SUNWbrg

bash-3.00# pkginfo > /root/install1.txtbash-3.00# pkgadd -d . SUNWbrg 2>&1 | grep " The <" | cut -d"<" -f2 | cut -d">" -f1 bash-3.00# pkgadd -d . SUNWbrg bash-3.00# pkgadd -d ... og en masse pakker

Efter at have installeret en del pakker:

bash-3.00# pkginfo > /root/install2.txtbash-3.00# diff /root/install1.txt /root/install2.txt | grep "^>"> application SUNWbrg SCN Basic Registration Application, Usr (/usr)> application SUNWcacaort Cacao Component> system SUNWccccr Client Configuration Registry User Pkg> system SUNWccccrr Client Configuration Registry Root Pkg> system SUNWccfw Client Configuration Framework> system SUNWccsign Platform Signing Lib> system SUNWcsmauth CSM Authentication> application SUNWsam Sun Connection Network Solaris Asset Module> application SUNWsamr Sun Connection Network Solaris Asset Module, Root (/)> system SUNWscn-base Sun Connection Network Base Package> system SUNWscn-base-r Sun Connection Network Base Package, Root (/)> application SUNWscnprm Sun Connection Product Registration Offering Package> application SUNWscnprmr SCN Product Registration Offering Package,Root(/)> system SUNWscnsom SCN Software Update Registration Offering Package> application SUNWsensor Basic Registration Sensor Package

Jeg prøver igen

bash-3.00# time sconadm register -a -r /space/install/reg.profile ; date/usr/sbin/sconadm: /usr/sbin/zoneadm: not foundbash-3.00# pkgadd -d ...klipbash-3.00# pkginfo > /root/install3.txtbash-3.00# time sconadm register -a -r /space/install/reg.profile ; datesconadm is running... og her hænger den bare ..

Hvad laver den egenlig?

bash-3.00# vi /usr/sbin/sconadmbash-3.00# head -1 /usr/sbin/sconadm#!/bin/sh -xbash-3.00# sconadm register -a -r /space/install/reg.profile... klip+ exec java -classpath /usr/lib/breg/basicreg.jar com.sun.cns.basicreg.BasicRegCLI register -a -r /space/install/reg.profile ... og den hænger bare ..

Og jeg prøvede alt muligt.. Prøvede at køre java-delen i hånden sætte debug på også for den specifikke klasse, den hænger på, men uden resultat.

Det viser sig igen at Google er min bedste ven - sådan da. Efter lang tid frem og tilbage søger på solaris sconadm is running core og finder følgende:http://forum.java.sun.com/thread.jspa?threadID=5105298&start=15 og efterfølgende denne sidehttp://forum.java.sun.com/thread.jspa?threadID=5105298&messageID=9358768.

Og endelige:

Page 117: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

117 of 127 11/10/08 12:44

bash-3.00# pkginfo > /root/install6.txtbash-3.00# time sconadm register -a -r /space/install/reg.profilesconadm is runningAuthenticating user ...finish registration!

Pyhhh, det var lang vej bare for at få lov til at patche.. Måske var det bare SUNWjdmk-base som manglede, det ved jeg ikke helt mere, men den er nævnt på en afovestående siden fra http://forum.java.sun.com. Jeg ved at den hang fast i en bestemt java-klasse uden at melde nogle fejl.

Her er listen af pakker som jeg installerede: pakker.txt Om der er enkelte af de sidste som kunne undværes, det er svært at vide.

bash-3.00# smpatch update ... klipbash-3.00# init 6

Men, men, men efter reboot havde jeg alverdens fejl.. Og jeg havde ikke taget et snapshot i Vmware, så det endte med at jeg fjernede alle patche manuelt..Slettede nøsten alt i /var/sadm/[ spool | patch ] ... Prøvede igen.. Tog de sidste i hånden ca. sådan: patch.txt

Og denne gang gik det bedre...

Sendmail

Sendmail er ikke med, men kan installeres med:

bash-3.00# mount -F hsfs -o ro /dev/dsk/c0t0d0p0 /mntbash-3.00# cd /mnt/Solaris_10/Product/bash-3.00# pkgadd -d . SUNWsndmrbash-3.00# pkgadd -d . SUNWsndmu

Vmware tools

Maskinen ville ikke mounte vm-tools image automatisk, så jeg fandt filen på esx-serveren i mappen /vmimages/tools-isoimages/ og kopierede til/space/install/solaris.iso

bash-3.00# umount /mntbash-3.00# lofiadm -a /space/install/solaris.iso /dev/lofi/1bash-3.00# mount -F hsfs -o ro /dev/lofi/1 /mntbash-3.00# gzcat /mnt/vmware-solaris-tools.tar.gz > vm-tools.tarbash-3.00# umount /mntbash-3.00# lofiadm -d /dev/lofi/1bash-3.00# tar xf vm-tools.tarbash-3.00# cd vmware-tools-distrib/bash-3.00# ./vmware-install.pl

Installations log er her: vmware-install.log

bash-3.00# rm -rf vm-tools.tarbash-3.00# rm -rf vmware-tools-distribbash-3.00# rm -rf /space/install/solaris.iso

./VMware/Templates/Solaris-core/install/index.php

Notater om installation af Solaris 10 8/07 core reduceded network installation.

Grafisk installation og lidt om valg undervejs:

I Grub vælges øverste Solaris, som også er default1. Solaris Internactive (default)Keybord Layout: [X] US-EnglishDiscover additional network configuration... Press ENTER to continue.If the screen is ligiable, press ENtER in this Window.. ENTERSelect a Langauge: 0. EnglishNetworked: YesUse DHCP: NoHost name: solaris-10-807-coreIP address: 130.225.49.171Netmask: 255.255.255.0Enable IPv6: NoDefault Route: Specify oneRouter IP Address: 130.225.49.1Configure Kerberos Security: NoName service: NoneNFSv4 Domain Name: [X] Specify a different NFSv4 domainNFSv4 Domain Name: miba.auc.dkTime Zone, Geographic Continent/Country/RegionCountry or Region: Europe\DenmarkRoot password..Remote services enablet: NoAutomatically eject CD/DVD [X] YesAuto Reboot [X] YesSpecify Media, [X] CD/DVDSelect Type of install: Custum InstallSelect Software Localizations: Northern Europe\Denmark (da_DK)Select System Locale: English (POSIX C) (C)Select Products: Solaris 10 Extra Value Software: NoAdditional products: NoneSelect Software, [X] Reduced Networking Core System ... 942.00 Mb ... 490 Mb i den grafisk

Disk tilpasset:

5000 /2048 swap1134 /space

Lidt log..

/var/sadm/system/logs/begin.log/var/sadm/system/logs/finish.log

./VMware/VirtualMachines/sunray01/index.php

VMware host sunray01Jeg har nok glemt nogle, men her er lidt: Jeg har vist ogsaa stoppet webconsole, da det er joget java-skrammel som bare spiser RAM i store maengder:

root@sunray01:/.dt# svcs -a|grep consoledisabled 18:28:26 svc:/system/webconsole:consoleonline 18:28:32 svc:/system/console-login:default

OpenSSH

Jeg installerer openssh pakken fra Blastwave, og den genererer automatisk en host key til sig selv. Den ligger i /opt/csw/etc/ssh/

Jeg skal ogsaa huske at slukke for den som foelger med Solaris:

root@sunray01:/.dt# svcadm disable network/sshroot@sunray01:/.dt# svcs -a|grep sshdisabled 10:23:06 svc:/network/ssh:defaultonline 18:56:07 svc:/network/cswopenssh:default

Saa skal jeg vist have spredt de host-keys ud paa de andre servere, saaledes at den ikke skal spoerge om de er ok... OG var der ikke noget med at det skalkonfigureres til det? Suk....

Kort

Page 118: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

118 of 127 11/10/08 12:44

Man skal have maskinen i YP netgroup, og clienten skal have dette: root@biceps:~# cat /etc/hosts.equiv +@sunclient maaske de begge?

root@sunray01:/# cp /var/pkg-get/admin-fullauto /var/pkg-get/admin

./VMware/VirtualMachines/nat01/index.php

VMware host nat01Vi skal lige have en NAT kasse til en test af noget omkring det elektroniske plaster. Det er Bernhard som er kontaktperson her, men projektet er vist BirtheDinesen.

Denne her link http://www.rite-group.com/rich/solaris_nat.html hjalp nok en del, selvom den ogsaa forvirrede...

root@nat01:~# routeadm Configuration Current Current Option Configuration System State--------------------------------------------------------------- IPv4 routing disabled disabled IPv6 routing disabled disabled IPv4 forwarding disabled disabled IPv6 forwarding disabled disabled

Routing services "route:default ripng:default"

Routing daemons:

STATE FMRI disabled svc:/network/routing/legacy-routing:ipv4 disabled svc:/network/routing/legacy-routing:ipv6 disabled svc:/network/routing/ndp:default disabled svc:/network/routing/rdisc:default disabled svc:/network/routing/ripng:default disabled svc:/network/routing/route:defaultroot@nat01:~#

root@nat01:~# routeadm -u -e ipv4-forwarding

root@nat01:/etc/ipf# routeadm Configuration Current Current Option Configuration System State--------------------------------------------------------------- IPv4 routing disabled disabled IPv6 routing disabled disabled IPv4 forwarding enabled enabled IPv6 forwarding disabled disabled

Routing services "route:default ripng:default"

Routing daemons:

STATE FMRI disabled svc:/network/routing/legacy-routing:ipv4 disabled svc:/network/routing/legacy-routing:ipv6 disabled svc:/network/routing/ndp:default disabled svc:/network/routing/rdisc:default disabled svc:/network/routing/ripng:default disabled svc:/network/routing/route:default

"/etc/ipf/pfil.ap" [New file] 2 lines, 49 characters root@nat01:~# svcadm restart network/pfilroot@nat01:~# svcadm restart ipfilter

root@nat01:~# ifconfig e1000g1 plumbroot@nat01:~# ifconfig -alo0: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=1100843 mtu 1500 index 2 inet 130.225.49.43 netmask ffffff00 broadcast 130.225.49.255 ether 0:50:56:90:3d:fc e1000g1: flags=1100842 mtu 1500 index 3 inet 0.0.0.0 netmask 0 ether 0:50:56:90:5c:9c

root@nat01:/etc/ipf# more * | cat::::::::::::::ipf.conf::::::::::::::## ipf.conf## IP Filter rules to be loaded during startup## See ipf(4) manpage for more information on# IP Filter rules syntax.#pass in on e1000g1 from 192.168.43.0/16 to any#pass out on e1000g1 from any to 192.168.43.0/16::::::::::::::ipnat.conf::::::::::::::# When you're happy that IP forwarding is enabled, you need to set up your NAT rules. The file /etc/ipf/ipnat.conf contains the rules you want to use. This is the ipnat.conf file I use, bearing in mind that all of my machines have an IP address in the 192.168.0.1 to 192.168.0.254 range; you should change the addresses between "hme1" and the "->" to suit your needs (note also that I've specified hme1; put the name of your outbound interface here instead):

map e1000g0 192.168.43.0/24 -> 0/32 proxy port ftp ftp/tcpmap e1000g0 192.168.43.0/24 -> 0/32 portmap tcp/udp automap e1000g0 192.168.43.0/24 -> 0/32

# The 0/32 stuff is some magic to tell IP Filter to use the address currently assigned to the interface - very useful in DHCP client environments!

# The order of the rules is important; don't change them unless you know what you're doing, otherwise things will break! The first rule allows FTP access from all of your hosts. The second maps the source port numbers to a high range (10000 to 40000 by default), and the third rule maps all other TCP traffic. ::::::::::::::pfil.ap::::::::::::::# Manuelt indtastet.... /Magnuse1000g -1 0 pfil

root@nat01:/etc/ipf# cat /etc/opt/csw/dhcpd.conf# dhcpd.conf## Sample configuration file for ISC DHCP#

ddns-update-style none;

option domain-name "hst.aau.dk";option domain-name-servers 130.225.49.6, 130.225.49.2;

default-lease-time 10800;max-lease-time 86400;

authoritative;

# Use this to send dhcp log messages to a different log file (you also# have to hack syslog.conf to complete the redirection).#log-facility local7;

# Servernet

Page 119: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

119 of 127 11/10/08 12:44

subnet 192.168.43.0 netmask 255.255.255.0 { range 192.168.43.100 192.168.43.200; option routers 192.168.43.1;}

74 svcs -a|grep pfil 75 svcadm enable ipfilter 76 svcs -a|grep pfil 77 ifconfig e1000g1 78 ifconfig e1000g1 unplumb 79 ifconfig e1000g1 plumb 80 ifconfig e1000g1 81 dmesg|tail 82 /etc/init.d/cswdhcp 83 /etc/init.d/cswdhcp stop 84 /etc/init.d/cswdhcp start... 98 svcadm restart ipfilter 99 vi ipf.conf 100 svcadm restart ipfilter 101 vi ipf.conf 102 vi ipf.conf 103 ls -lt 104 cat pfil.ap 105 cat ipnat.conf 106 init 6

TestJeg har lavet en maskine som kaldes NAT_klient, som er paa VLAN 37, og bruger dhcp til at faa sin opsaetning:

./VMware/VirtualMachines/perdition/index.php

perdition til imap-proxyHer er en lidt raa log fra en root shell:

root@perdition:/etc/perdition# less perdition.confroot@perdition:/etc/perdition# vi popmaproot@perdition:/etc/perdition# maketest ! -x /usr/bin/makegdbm || /usr/bin/makegdbm popmap.gdbm.db < popmaptest ! -x /usr/bin/makebdb || /usr/bin/makebdb popmap.bdb.db < popmaproot@perdition:/etc/perdition# cat popmapmagnus:zimbra.hst.aau.dkmagnust:[email protected]:[email protected]:[email protected]:zimbra.hst.aau.dkthk:imap.hst.aau.dkvic:imap.hst.aau.dkjsm:imap.hst.aau.dkkdn:imap.hst.aau.dk

root@perdition:/etc/perdition# history >history.magnus.i_starten.080626-18:43

root@perdition:/etc/perdition# ls -lR.:total 112-rw-r--r-- 1 root root 948 2008-06-26 08:52 74c26bd0.0-rw-r--r-- 1 root root 1099 2008-06-25 22:56 ca.crt-rw-r--r-- 1 root root 887 2008-06-25 23:00 ca.key-rw-r--r-- 1 root root 12867 2008-06-26 18:43 history.magnus.i_starten.080626-18:43lrwxrwxrwx 1 root root 15 2008-06-24 16:39 Makefile -> Makefile.popmap-rw-r--r-- 1 root root 1540 2007-11-20 01:18 Makefile.popmapdrwxr-xr-x 2 root root 4096 2008-06-26 18:33 perdition.calrwxrwxrwx 1 root root 10 2008-06-26 18:32 perdition.ca.pem -> 74c26bd0.0-rw-r--r-- 1 root root 11539 2008-06-26 18:36 perdition.conf-rw-r--r-- 1 root root 11444 2007-11-20 01:18 perdition.conf.org-rw-r--r-- 1 root root 11486 2008-06-25 09:01 perdition.conf.root-080625-22:43lrwxrwxrwx 1 root root 23 2008-06-26 18:31 perdition.crt.pem -> wildcard.hst.aau.dk.pemlrwxrwxrwx 1 root root 23 2008-06-25 22:50 perdition.key.pem -> wildcard.hst.aau.dk.pem-rw-r--r-- 1 root root 223 2008-06-26 18:41 popmap-rw-r--r-- 1 root root 12288 2008-06-26 18:41 popmap.bdb.db-rw-r--r-- 1 root root 12493 2008-06-26 18:41 popmap.gdbm.db-rw-r--r-- 1 root root 1405 2007-11-20 01:18 popmap.re-rw-r--r-- 1 root root 2083 2008-06-25 22:49 wildcard.hst.aau.dk.pem

./perdition.ca:total 4-rw-r--r-- 1 root root 948 2008-06-26 18:33 74c26bd0.0root@perdition:/etc/perdition#

root@perdition:/etc/perdition# vi perdition.confroot@perdition:/etc/perdition# /etc/init.d/perdition restartStopped /usr/sbin/perdition.pop3 (pid 1137).Stopped /usr/sbin/perdition.pop3s (pid 1140).Stopped /usr/sbin/perdition.imap4 (pid 1143).Stopped /usr/sbin/perdition.imaps (pid 1146).Starting /usr/sbin/perdition.pop3...Starting /usr/sbin/perdition.pop3s...Starting /usr/sbin/perdition.imap4...Starting /usr/sbin/perdition.imaps...

Det vigtige at laegge maerke til er hvor faa ting der er i perdition.conf (se nedenunder), og at vi har de der links til wildcard.hst.aau.dk.pem filen, samtfilen 74c26bd0.0 i perdition.ca directoriet. Den sidste er for at sikre at den vil kendes ved sit eget certifikat. De to foerste peger paa det samme, da wildcardfilen indeholder begge dele. Maaske er nok at have den ene der.....men det har jeg saa ikke proevet.

Egentlig skal jeg soerge for at det kun er imaps som koerer, da vi ikke skal bruge de andre.

Og bare for at notere det, saa ser det nu saadan ud paa den:

root@perdition:/etc/perdition# grep -v ^\# perdition.conf|sed '/^$/d'connection_loggingoutgoing_server tibialis.hst.aau.dkusername_from_databasessl_mode ssl_listen,ssl_outgoingssl_ca_file /etc/perdition/perdition.ca.pemssl_ca_accept_self_signedssl_cert_accept_self_signedssl_no_cert_verifyssl_no_cn_verify

Specielt de sidste 2-4 linier er vigtige, for at den skal kunne snakke med zimbra-imap (zimbra-store01), som koerer med self signed certifikat.

Hvem er koblet op?

Page 120: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

120 of 127 11/10/08 12:44

root@perdition:/etc/perdition# for i in `ps -ef|grep perd|grep "perdition.imaps"|awk '{print $2}'`;do lsof -p $i|grep TCP;doneperdition 30813 nobody 4u IPv4 369209 TCP *:imaps (LISTEN)perdition 3885 nobody 4u IPv4 619684 TCP perdition:46721->tibialis.miba.auc.dk:imaps (ESTABLISHED)perdition 3885 nobody 5u IPv4 619570 TCP perdition:imaps->sunray01.miba.auc.dk:50350 (ESTABLISHED)perdition 11300 nobody 4u IPv4 635949 TCP perdition:47574->tibialis.miba.auc.dk:imaps (ESTABLISHED)perdition 11300 nobody 5u IPv4 619668 TCP perdition:imaps->ran.miba.auc.dk:32820 (ESTABLISHED)

PlanenPlanen er, at vi i starten har ingen brugere i popmap filen, og har tibialis som default. Saaledes foeres alle videre til den.

Hver gang vi opretter en bruger, skal der saettes en linie ind i popmap, saaledes at brugere som kobler sig til perdition (som jo skal hedde imap.hst.aau.dk)maskinen kobles til zimbra i stedet for.

Vi har ikke testet hvordan det ser ud naar vi faar zimbra-store02 osv, men vi har sat zimbra-proxy op paa zimbra-store01, saa det burde vaere helt uafhaengigt afperdition. Godt nok bliver det hele afhaengigt af at perdition, zimbra-store01 og evt zimbra-store02 er oppe paa samme tid, men ja......det er prisen forfleksibiliteten.

Lidt note, den 20/7-2008. Jeg har nu aendret CPU ID Mask paa perdition, og den ser nu ud til at kunne flyde frit imellem alle esx-serverene. Billedet nedenunderviser det som den selv fandt paa, idet jeg migrerede fra esx01 til esx02 (det er kun paa esx02 at jeg har rettet default xml filen), og jeg har saa simpelthenrettet de bogstave til et fast 0 (null). Saa er den ogsaa glad for esx03, som jo har en quad-core CPU.

Denne maskine skal meget snart i rigtig drift, og det er en fordel ikke at skulle genstarte den for meget. Jeg satte ogsaa dens RAM op fra 512KB til 1GB, da allebrugere skal igennem den, og den bruger tilsyneladende 23MB virtuelt, og 2MB rigtigt. Dette goer saa plads til ca 500 samtidige brugere....der er ikke andet paamaskine, overhovedet.

syslogDet er jo en smal sag :-)

root@perdition:/var/log# tail -3 /etc/syslog.conf

# HST tilfoejelse, Magnus*.* @aegir.miba.auc.dk

og saa skal den aabenabrt genstartes saadan, og ikke med kill -HUP som jeg plejer :-o

root@perdition:/var/log# /etc/init.d/sysklogd reload * Restarting system log...

Page 121: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

121 of 127 11/10/08 12:44

[ ok ]

Og nu foretager jeg aendring i DNS for imap.hst.aau.dk:

imap IN A 130.225.49.143~"named.hst.aau.dk" 120 lines, 2994 charactersroot@quark:/etc/namedb# kill -HUP `cat /etc/named.pid`root@quark:/etc/namedb# dateMon Jul 21 21:56:37 MEST 2008

Jeg har sat tiderne ned, saa jeg hurtigere kan vende tilbage, hvis jeg nu har lavet en broeler:

@ IN SOAns.hst.aau.dk. postmaster.hst.aau.dk. ( 2008072102 ; Serial 180 ; Refresh 30 ; Retry

Ja....jeg fik saa lavet mange broelere, men NU skulel den vaere der :-)

root@perdition:/etc/perdition# grep -v \# perdition.imap4.conf|sed '/^$/d'connection_logginglisten_port 143outgoing_port 993outgoing_server tibialis.hst.aau.dkusername_from_databasessl_mode ssl_outgoingssl_ca_file /etc/perdition/perdition.ca.pemssl_ca_accept_self_signedssl_cert_accept_self_signedssl_no_cert_verifyssl_no_cn_verify

./VMware/VirtualMachines/zimbra-store01/index.php

zimbra-store01Denne maskine koerer Zimbra Store, og en Zimbra IMAP Proxy. Dette goer det muligt at koble sig til denne maskines ip-nummer altid, ogsaa selvom man evt. har sinmailbox liggende paa zimbra-store02.

Det er ogsaa paa denne maskine at man kobler sin browser til, for at bruge web-mail interface'et.

./VMware/VirtualMachines/zimbra-ldap01/index.php

zimbra-ldap01Dette er hovedserveren.

Den bruger 2 CPUere, og har 8GB swap, ligesom alt det andet.

./VMware/VirtualMachines/mainmta/index.php

root@mainmta:/opt/csw/share/mail# script Sun-sendmail-deactivate.scriptScript started, file is Sun-sendmail-deactivate.script\u@\h:\w# bashroot@mainmta:/opt/csw/share/mail# dateMon Jul 14 17:59:36 CEST 2008root@mainmta:/opt/csw/share/mail# ./Sun-sendmail-deactivate.sh Making symbolic links in /usr for CSWsendmail files.Making symlink /usr/bin/mailqMaking symlink /usr/bin/vacationMaking symlink /usr/bin/mailstatsMaking symlink /usr/sbin/makemapMaking symlink /usr/bin/praliasesMaking symlink /usr/lib/smrshMaking symlink /usr/lib/mail.localMaking symlink /usr/lib/sendmailroot@mainmta:/opt/csw/share/mail# exitexit\u@\h:\w# exitScript done, file is Sun-sendmail-deactivate.scriptroot@mainmta:/opt/csw/share/mail#

./VMware/VirtualMachines/webmail/index.php

webmail serverenDer er installeret en Solaris CORE maskine, hvor apache2 er tilfoejet. Lidt fra history:

188 pkg-get -i apache2 191 cd /opt/csw/apache2/etc/

198 scp aegir:/pack/apache-1.3.27/conf/ssl_certifikat/wildcard.hst.aau.dk.pem . 200 mkdir ssl_certifikat 201 mv wildcard.hst.aau.dk.pem ssl_certifikat/ 204 change httpd.conf 207 change etc/extra/httpd-ssl.conf 218 svcadm enable cswapache2

229 svcprop -p httpd/ssl svc:/network/http:cswapache2 230 svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl=true 231 svcprop -p httpd/ssl svc:/network/http:cswapache2 232 svcadm refresh svc:/network/http:cswapache2 233 svcprop -p httpd/ssl svc:/network/http:cswapache2

274 svcadm restart svc:/network/http:cswapache2 275 less /var/svc/log/network-http:cswapache2.log 276 svcadm clear svc:/network/http:cswapache2 277 less /var/svc/log/network-http:cswapache2.log

Ja, der var lidt problemer, men det var kun de to nedenstaaende filer som blev rettet, saa:

root@webmail:/opt/csw/apache2/etc# diff httpd.conf.root-080715-17:38 httpd.conf95,96c95,96< #LoadModule proxy_module libexec/mod_proxy.so< #LoadModule proxy_connect_module libexec/mod_proxy_connect.so---> LoadModule proxy_module libexec/mod_proxy.so> LoadModule proxy_connect_module libexec/mod_proxy_connect.so98c98< #LoadModule proxy_http_module libexec/mod_proxy_http.so---> LoadModule proxy_http_module libexec/mod_proxy_http.soroot@webmail:/opt/csw/apache2/etc#

root@webmail:/opt/csw/apache2/etc# diff extra/httpd-ssl.conf.root-080715-17\:53 extra/httpd-ssl.conf74c74< ---> 80,81c80,81< ErrorLog /opt/csw/apache2/var/log/error_log< TransferLog /opt/csw/apache2/var/log/access_log---> ErrorLog /opt/csw/apache2/var/log/ssl_error_log

Page 122: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

122 of 127 11/10/08 12:44

> TransferLog /opt/csw/apache2/var/log/ssl_access_log99c99< SSLCertificateFile /opt/csw/apache2/etc/server.crt---> SSLCertificateFile /opt/csw/apache2/etc/ssl_certifikat/wildcard.hst.aau.dk.pem107c107< SSLCertificateKeyFile /opt/csw/apache2/etc/server.key---> #SSLCertificateKeyFile /opt/csw/apache2/etc/server.key224a225,242> # Omkring zimbra reverse proxy> SSLProxyEngine on> #SSLProxyCACertificateFile /etc/apache2/ssl/zimbra.crt > SSLProxyCACertificateFile /opt/csw/apache2/etc/ssl_certifikat/zimbra.crt> > RequestHeader set Front-End-Https On> ProxyRequests Off> ProxyPreserveHost On> ProxyVia full > > > Order deny,allow > Allow from all> > > ProxyPass / https://zimbra-store01.hst.aau.dk/> ProxyPassReverse / https://zimbra-store01.hst.aau.dk/> root@webmail:/opt/csw/apache2/etc#

./VMware/VirtualMachines/cluster8/index.php

cluster8Denne maskine er lavet til at overfoere imap mails.

Af ren dovenskab, fandt jeg bare en maskine i netgroup, som har adgang til filsystemerne fra maximus, og bruger den...

Planen er, at saette et brugernavn op lokalt, med et random password, og saa lave en imapsync der.

Men....hov, der skal altsaa vaere en imapd paa den maskine, som ligner den paa tibialis. Da det er /opt/csw/sbin/imapd skulle det vaere en smal sag..

Saa kan man kopiere mails imellem cluster8 og zimbra, indtil brugeren er helt flyttet over, hvorefter hans snyde-entry paa cluster8 fjernes, og passwordet paazimbra-ldap01 synkroniseres med det rigtige.

NFS

root@cluster8:/mnt/Solaris_10/Product# ls -ld SUNWnfsckr SUNWnfscr SUNWnfscudr-xr-xr-x 5 root root 2048 Aug 16 2007 SUNWnfsckrdr-xr-xr-x 5 root root 2048 Aug 16 2007 SUNWnfscrdr-xr-xr-x 5 root root 2048 Aug 16 2007 SUNWnfscuroot@cluster8:/mnt/Solaris_10/Product# pkgadd -d. SUNWnfsckr SUNWnfscr SUNWnfscu

root@cluster8:/mnt/Solaris_10/Product# time pkgadd -d. SUNWnfsckr SUNWnfscr SUNWnfscu

Processing package instance from

Network File System (NFS) client kernel support (Root)(i386) 11.10.0,REV=2005.01.21.16.34Copyright 2007 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.Using as the package base directory.## Processing package information.## Processing system information. 7 package pathnames are already properly installed.## Verifying package dependencies.## Verifying disk space requirements.## Checking for conflicts with packages already installed.## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-userpermission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing Network File System (NFS) client kernel support (Root) as

## Installing part 1 of 1.4499 blocks

Installation of was successful.

Processing package instance from

Network File System (NFS) client support (Root)(i386) 11.10.0,REV=2005.01.21.16.34Copyright 2007 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.Using as the package base directory.## Processing package information.## Processing system information. 10 package pathnames are already properly installed.## Verifying package dependencies.WARNING: The package "kernel GSS-API services for ONC RPC" is a prerequisite package and should be installed.

Do you want to continue with the installation of [y,n,?] y## Verifying disk space requirements.## Checking for conflicts with packages already installed.## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-userpermission during the process of installing this package.Do you want to continue with the installation of [y,n,?] y

Installing Network File System (NFS) client support (Root) as

## Installing part 1 of 1.92 blocks[ verifying class ][ verifying class ][ verifying class ]## Executing postinstall script.

Installation of was successful.

Processing package instance from

Network File System (NFS) client support (Usr)(i386) 11.10.0,REV=2005.01.21.16.34Copyright 2007 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.Using as the package base directory.## Processing package information.## Processing system information. 5 package pathnames are already properly installed.## Verifying package dependencies.## Verifying disk space requirements.## Checking for conflicts with packages already installed.## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-userpermission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing Network File System (NFS) client support (Usr) as

## Installing part 1 of 1.955 blocks## Executing postinstall script.

Installation of was successful.

real 1m9.790suser 0m0.464s

Page 123: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

123 of 127 11/10/08 12:44

sys 0m0.312sroot@cluster8:/mnt/Solaris_10/Product#

root@cluster8:/mnt/Solaris_10/Product# time pkgadd -d. SUNWrsgk

Processing package instance from

kernel RPCSEC_GSS(i386) 11.10.0,REV=2005.01.21.16.34Copyright 2007 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.Using as the package base directory.## Processing package information.## Processing system information. 3 package pathnames are already properly installed.## Verifying package dependencies.WARNING: The package "kernel gss-api" is a prerequisite package and should be installed.

Do you want to continue with the installation of [y,n,?] y## Verifying disk space requirements.## Checking for conflicts with packages already installed.## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-userpermission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing kernel RPCSEC_GSS as

## Installing part 1 of 1.191 blocks

Installation of was successful.

real 0m39.082suser 0m0.073ssys 0m0.047s

root@cluster8:/mnt/Solaris_10/Product# time pkgadd -d. SUNWgssk

Processing package instance from

kernel GSSAPI V2(i386) 11.10.0,REV=2005.01.21.16.34Copyright 2007 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.Using as the package base directory.## Processing package information.## Processing system information. 3 package pathnames are already properly installed.## Verifying package dependencies.WARNING: The package "gssapi configuration" is a prerequisite package and should be installed.

Do you want to continue with the installation of [y,n,?] y## Verifying disk space requirements.## Checking for conflicts with packages already installed.## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-userpermission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing kernel GSSAPI V2 as

## Installing part 1 of 1.687 blocks

Installation of was successful.

real 0m27.785suser 0m0.094ssys 0m0.054s

root@cluster8:/mnt/Solaris_10/Product# time pkgadd -d. SUNWgssc

Processing package instance from

GSSAPI CONFIG V2(i386) 11.10.0,REV=2005.01.21.16.34Copyright 2007 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.Using as the package base directory.## Processing package information.## Processing system information. 6 package pathnames are already properly installed.## Verifying package dependencies.## Verifying disk space requirements.## Checking for conflicts with packages already installed.## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-userpermission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing GSSAPI CONFIG V2 as

## Installing part 1 of 1.[ verifying class ][ verifying class ][ verifying class ][ verifying class ]

Installation of was successful.

real 0m7.167suser 0m0.075ssys 0m0.080s

og saa skal jeg gerne kunne mounte. ...men, det ser ud til at vaere med nobody som ejer af alting :-( Jeg proever lige en reboot. Nu har jeg jo liiigeinstalleret nfs-clienten, saa...??

Loesningen var at bruge nfsv3: root@cluster8:/home# mount -F nfs -o ro -o vers=3 maximus.miba.auc.dk:/export/home/thk /home/thk Saa skal brugeren i /etc/passwd.

root@cluster8:/home# pkg-get -i imap.../opt/csw/share/man/man1/mbxcreat.1/opt/csw/share/man/man1/mbxcvt.1/opt/csw/share/man/man1/tmail.1[ verifying class ]## Executing postinstall script.None of the deamons have been configured in /etc/inetd.confConfiguring now !!! (Standard and SSL Enabled)[if you don't want the service, take it out of /etc/inetd.conf]Adding SSL(IMAP/POP) entries to services file

Installation of was successful.root@cluster8:/home#

-------------------------------

root@cluster8:/home# grep imap /etc/inetd.conf# Imap config for imap clients (via blastwave project)imap stream tcp nowait root /opt/csw/sbin/imapd imapdimaps stream tcp nowait root /opt/csw/sbin/imapd imapd

Page 124: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

124 of 127 11/10/08 12:44

For at tilfoeje en bruger, skal man nok bruge saadan en fil til zmprov -f:

deleteDistributionList [email protected] [email protected] password

root@zimbra-ldap01:~/TmpThk# time /opt/zimbra/bin/zmprov -f add_thk.zm prov> [] WARN: unable to remove alias object: [email protected]> 70652253-39be-4498-9b17-daf865fd0102prov> real 0m2.586suser 0m1.936ssys 0m0.040s

root@cluster8:/home# time imapsync --passfile1 thk.pwd --host1 localhost --user1 thk --authmech1 LOGIN --host2 zimbra-store01.hst.aau.dk --user2 thk --authmech2 PLAIN --ssl2 --passfile2 thk.pwd --syncinternaldates --sep2 / --prefix2 "" --prefix1 imapmail/ --subscribe --folder imapmail/Help $RCSfile: imapsync,v $ $Revision: 1.233 $ $Date: 2007/10/30 03:20:53 $ Here is a [solaris] system (SunOS cluster8.miba.auc.dk 5.10 Generic_127112-11 i86pc)with perl 5.8.8 and the module Mail::IMAPClient version used here is 2.2.9Command line used :/opt/csw/bin/imapsync --passfile1 thk.pwd --host1 localhost --user1 thk --authmech1 LOGIN --host2 zimbra-store01.hst.aau.dk --user2 thk --authmech2 PLAIN --ssl2 --passfile2 thk.pwd --syncinternaldates --sep2 / --prefix2 --prefix1 imapmail/ --subscribe --folder imapmail/Helpwill try to use LOGIN authentication on host1will try to use PLAIN authentication on host2From imap server [localhost] port [143] user [thk]To imap server [zimbra-store01.hst.aau.dk] port [993] user [thk]Not connected at /opt/csw/bin/imapsync line 660Error sending '1 Ssl' to IMAP: No such file or directory at /opt/csw/bin/imapsync line 660Not connected at /opt/csw/bin/imapsync line 660Error sending '2 Ssl' to IMAP: No such file or directory at /opt/csw/bin/imapsync line 660Banner : * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] localhost IMAP4rev1 2003.338 at Wed, 16 Jul 2008 19:44:29 +0200 (CEST)Host localhost says it has CAPABILITY for AUTHENTICATE LOGINSuccess login on [localhost] with user [thk] auth [LOGIN]Banner : No bannerHost zimbra-store01.hst.aau.dk says it has CAPABILITY for AUTHENTICATE PLAINSuccess login on [zimbra-store01.hst.aau.dk] with user [thk] auth [PLAIN]From capability : STARTTLS NAMESPACE MULTIAPPEND SCAN MAILBOX-REFERRALS IDLE THREAD=ORDEREDSUBJECT AUTH=LOGIN LOGIN-REFERRALS UNSELECT BINARY SORT THREAD=REFERENCES IMAP4REV1To capability : ID LITERAL+ SASL-IR AUTH=PLAIN IMAP4REV1From state AuthenticatedTo state AuthenticatedUsing [/] given by --sep2Using [imapmail/] given by --prefix1Using [] given by --prefix2From separator and prefix : [/][imapmail/]To separator and prefix : [/][]++++ Calculating sizes ++++From Folder [imapmail/Help] Size: 6867526 Messages: 1558Total size: 6867526Total messages: 1558Time : 2 s++++ Calculating sizes ++++To Folder [Help] does not exist yetTotal size: 0Total messages: 0Time : 0 s++++ Listing folders ++++From folders list : [imapmail/Help] To folders list : [Help] ++++ Looping on each folder ++++From Folder [imapmail/Help]To Folder [Help]To Folder Help does not existCreating folder [Help]Subscribing to folder Help on destination server..........+ NO msg #9556 [yUkWoPEbPR7AvAL9rbzsgw:1294] in Help+ Copying msg #9556:1294 to folder Helpflags from : [()]["16-Jul-2008 17:00:19 +0200"]Copied msg id [9556] to folder Help msg id [2177]Time : 166 s++++ Statistics ++++Time : 168 secMessages transferred : 1557 Messages skipped : 0Total bytes transferred: 6860279Total bytes skipped : 0Total bytes error : 0Detected 0 errorsPlease, rate imapsync at http://freshmeat.net/projects/imapsync/?Happy with this free, open source and gratis GPL software?Feel free to thank the author by giving him a book:http://www.amazon.com/gp/registry/wishlist/1C9UNDIH3P7R7/(or its paypal account [email protected])

real 2m48.158suser 0m29.741ssys 0m2.108sroot@cluster8:/home#

./VMware/ESX/index.php

Her ligger en iso-fil.....

root@sol10:/ESX# ls -ltotal 1131840-rw-r--r-- 1 root root 579207168 Jun 30 19:29 esx-3.5.0-64607.iso

magnus@sol10:~# ls -l /cdromtotal 4lrwxrwxrwx 1 root nobody 18 Jun 30 19:20 cdrom0 ->./vmwareesxserver3drwxr-xr-x 2 root nobody 512 Jun 30 19:01 vmwareesxserver3

./VMware/StorageTek/Screenshots/index.php

Fuld stoerrelse billeder paa ny side.

Dette er lavet med make_index.sh scriptet, som ligger her. Alle snapshots taget med xv.

HostGroupSummary_es.png

Page 125: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

125 of 127 11/10/08 12:44

HostGroupSummary_hst.png

HostSummary_es.png

HostSummary_hst.png

InitiatorSummary_es.png

InitiatorSummary_hst.png

Page 126: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

126 of 127 11/10/08 12:44

MappingSummary_es.png

MappingSummary_hst.png

StoragePoolSummary_es.png

StoragePoolSummary_hst.png

StorageSystemSummary.png

Page 127: Aalborg Universitet · 2008. 11. 10. · Directory Tree ... 1 of 127 11/10/08 12:44../DS-484./DS-484/Risikoanalyse./DS-484/Handlingsplaner./DS-484/IT-Politik./DS ...

Directory Tree https://www.hst.aau.dk/sysadmnetoffline/DetHe...

127 of 127 11/10/08 12:44

VirtualDiskSummary_es.png

VirtualDiskSummary_hst.png

VolumeSummary_es.png

VolumeSummary_hst.png

./Helpers/Solving_problems/Samba/index.php

Samba

Samba allows users to access their network data and printers from different operating systems. For example, it is the mechanism whereby Windows users can represent their network data as a drive letter (i.e. N: = \\samba-miba\username). Samba is implemented such that various platforms are represented, Mac, Linux and Windows as mentioned.

The idea of this section is to assist in solving some of the problems experienced using Samba. Fatal error: Call to undefined function: listfoldercontent() in /pack-sol2/www-docs/sysadmnetoffline/DetHele.php on line 18831


Recommended