8/25/10

Preformance data via submit check result NSCA

Trick to having pref data send via nsca is to include a | delimiter right after $SERVICEOUTPUT$.

define command{
command_name submit_check_result
command_line /opt/nagios/plugins/eventhandlers/distributed-monitoring/submit_check_result_via_nsca $HOSTNAME$ '$SERVICEDESC$' $SERVICESTATE$ '$SERVICEOUTPUT$|$SERVICEPERFDATA$'
}

This is of course assuming you already have preformance data.

7/30/10

Enable Nagios Serivce Acknowledgement Comments in Emails

If you would like to see acknowledgment comments in the Nagios email alerts that get sent so other admins do not need to login to view the comment.

edit your notification command cfg file and find this line: notify-service-by-email

Right after $SERVICEOUTPUT$\n\n append

"Notes: $SERVICEACKCOMMENT$"

Thats it, reload nagios and your done.

http://nagios.sourceforge.net/docs/2_0/macros.html

11/23/09

Upgrading CentOS to 5.4 breaks vmware

http://communities.vmware.com/thread/229957

5.4 upgrades glibc to 2.5-42.i686, this causes problems with vmware-hostd and it crashes shortly after being started (I can get it to crash just by logging in and clicking on a vm)

fix ...

Get a copy of 5.3 glibc, you can get it from a install dvd, google, another box. Just make sure if you have a 32bit machine you get the 32 bit, and 64 for 64bit.

mkdir /usr/lib/vmware/lib/libc.so.6
cp libc-2.5.so /usr/lib/vmware/lib/libc.so.6/
chown root:root /usr/lib/vmware/lib/libc.so.6/libc-2.5.so
mv /usr/lib/vmware/lib/libc.so.6/libc-2.5.so /usr/lib/vmware/lib/libc.so.6/libc.so.6
vi /usr/sbin/vmware-hostd

added an "export LD_LIBRARY_PATH=/usr/lib/vmware/lib/libc.so.6:$LD_LIBRARY_PATH" before the last line.

restart /etc/init.d/vmware

10/28/09

Forwarding Samba over SSH - Plus! an easy to use script

Here is a simple example for connecting to a samba server:

ssh -L 22330:SAMBA_SERVER:139 USER_NAME@SSH_SERVER

smbmount //SAMBA_SERVER/SHARE_NAME /PATH/TO/SHARE_MOUNT --verbose -o ip=127.0.0.1,port=22330,credentials=/PATH/TO/CREDS/FILE


Now my problem was I need to make an easy to use way for dev's to access samba without installing a VPN. They also needed to make two hops from an access server to another ssh server then finally the samba server.

Here is the two hop method on one line:

ssh -t -t -L 22330:localhost:22330 USER_NAME@SSH_SERVER "ssh -t -t -L 22330:SAMBA_SERVER:139 INTERNAL_SSH_SERVER_IP"

-t Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.

Now for the script, Its written in two parts, one script for creating the tunnel, the other for mounting the smb share.

createsshtunnel.sh
----------------------------------------------------------
#!/bin/bash
#This script will forward a randomly generated port for tunneling samba connections

username=user_name
PORT=$[ ( $RANDOM % ( $[ 22999 - 22000 ] + 1 ) ) + 22000 ]

echo " "
echo Port Number is: $PORT
echo " "
echo " "
echo "Creating Samba Tunnel"
ssh -t -t -L $PORT:localhost:$PORT $username@ssh_server "ssh -t -t -L $PORT:SAMBA_SERVER:139 INTERNAL_SSH_SERVER"
-------------------------------------------------------------------------

mountsamba.sh
------------------------------------------------------------------------
#!/bin/bash
#This will mount samba shares in combination with the sambassh.sh script
#Enter in the port number returned from sambassh.sh

#Location of a credentials file (chmod 600 file)
#Format:
#username=
#password=

credentials=/PATH/TO/creds

echo " "
echo "Enter Port Number:"
read portnumber
echo "$portnumber is "
echo "Which Share?"
read sharename

if [ -d "~/$sharename" ]
then
echo "Mount Point Exists, trying to unmount if its mounted"
sudo umount "~/$sharename"
echo " "
else
echo "Directory "~/$sharename" does not exist, creating for you."
echo " "
mkdir "~/$sharename"
fi

smbmount //SMB_SERVER/$sharename ~/$sharename --verbose -o ip=127.0.0.1,port=$portnumber,credentials=$credentials
----------------------------------------------------------------------

10/12/09

HOWTO Install LVS on Centos 5.3

#HOWTO Install LVS on Centos 5.3
#10/12/09

#Install Packages
sudo yum install -y Cluster_Administration-en-US.noarch piranha.i386 / piranha.x86_64

#Set to start on boot
sudo chkconfig pulse on
sudo chkconfig piranha-gui on (primary node only)

#Start Piranah WebUI and set passwd
sudo /usr/sbin/piranha-passwd
sudo /sbin/service piranha-gui start #(listens on port 3636)

#Set Access restrictions to web interface (localhost only)
sudo vi /etc/sysconfig/ha/web/secure/.htaccess
----
Order deny,allow
Deny from all
Allow from 127.0.0.1
----

#Turn on Packet Forwarding
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

/sbin/sysctl -w net.ipv4.ip_forward=1 #(manually set)

#Apply Firewall Changes

iptables -A RH-Firewall-1-INPUT -p udp -m udp --dport 539 -j ACCEPT #port for pulse
iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3636 -j ACCEPT #port for piranah webUI
iptables -A RH-Firewall-1-INPUT -m pkttype --pkt-type multicast -j ACCEPT #allow multicast packets for arp failover


#Layout





#Interfaces

Master Backup
----------------------------------
Public: 172.16.1.133 Public: 172.16.1.134
Private: 10.0.1.2 Private: 10.0.1.3

Public floating VIP 172.16.1.136, 172.16.1.137, 172.16.1.138 etc...
Private VIP 10.0.1.254 (gateway for real servers)


#/etc/sysconfig/ha/lvs.cf
serial_no = 91
primary = 172.16.1.133
primary_private = 10.0.1.2
service = lvs
backup_active = 1
backup = 172.16.1.134
backup_private = 10.0.1.3
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 10.0.1.254 eth1:1
nat_nmask = 255.255.255.255
debug_level = 1
monitor_links = 1
syncdaemon = 0
virtual webservers {
active = 1
address = 172.16.1.136 eth0:1
vip_nmask = 255.255.255.0
port = 80
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server A {
address = 10.0.1.5
active = 1
weight = 1
}
}

9/28/09

MySQL Master/Master Config

This is a HOWTO for setting up a Master/Master MySQL configuration. This can provide a level of fault tolerance with a hot standby, load balancing, or even high availability fault tolerance can be achived with the addition of keepalive or something similar.


#Master 1/Slave 2 ip: 192.168.1.2 (ServerA)
#Master 2/Slave 1 ip : 192.168.1.3 (ServerB)

#Step 1
#On Master 1 (ServerA), make changes in my.cnf:
-----------------
[mysqld]
datadir=/d2/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
bind-address = 192.168.1.2 #enable tcp access
server-id=1 #server id

log-bin=/d2/mysql/db1-bin-log #Where to store the bin logs for replication TO ServerB
log-bin-index=/d2/mysql/db1-bin-log.index

binlog-do-db=redmine1 #DB to replicate
binlog-ignore-db=mysql #DB's not to replicate
binlog-ignore-db=test

master-host = 192.168.1.3 #Set Master info for ServerA
master-user = replication
master-password = *****************
master-port = 3306

relay-log=/d2/mysql/db1-relay-log #where to store the relay logs for replication FROM ServerB
relay-log-index=/d2/mysql/db1-relay-log.index

#[mysqld_safe]
#log-error=/var/log/mysqld.log
#pid-file=/var/run/mysqld/mysqld.pid
------------------

#Step 2 (granting access to replcation users on both boxes)
#On master 1 (ServerA), create a replication slave account on master1 for master2:
mysql -u root -p
mysql> grant replication slave on *.* to 'replication'@'192.168.1.3' identified by '**************';

#Create a replication slave account on master2(ServerB) for master1:
mysql -u root -p
mysql> grant replication slave on *.* to 'replication'@192.168.1.2 identified by '****************';

#Step 3
#Now edit my.cnf on Slave1 or Master2 (ServerB):
--------------------
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
bind-address = 192.168.1.3
server-id=2

log-bin=/var/lib/mysql/db2-bin-log
log-bin-index=/var/lib/mysql/db2-bin-log.index

binlog-do-db=redmine1
binlog-ignore-db=mysql
binlog-ignore-db=test

master-host = 192.168.1.2
master-user = replication
master-password = *****************
master-port = 3306

relay-log=/var/lib/mysql/db2-relay-log
relay-log-index=/var/lib/mysql/db2-relay-log.index

#[mysqld_safe]
#log-error=/var/log/mysqld.log
#pid-file=/var/run/mysqld/mysqld.pid
--------------------

#Step 4
#Restart mysqld on both servers.

sudo /etc/init.d/mysqld restart

#Step 5
#Start slave 1 and slave 2 (both servers)

mysql -u root -p
mysql> start slave;
mysql> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event #Make sure this isn't blank
Master_Host: 192.168.1.2
Master_User: replication
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: db1-bin-log.000014
Read_Master_Log_Pos: 404
Relay_Log_File: db2-relay-log.000029
Relay_Log_Pos: 543
Relay_Master_Log_File: db1-bin-log.000014
Slave_IO_Running: Yes #Make sure this is yes
Slave_SQL_Running: Yes #Make sure this is yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 404
Relay_Log_Space: 543
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
1 row in set (0.00 sec)

ERROR:
No query specified

#Step 6
#Check on master status (both boxes):
mysql> show master status;
+--------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+--------------------+----------+--------------+------------------+
| db2-bin-log.000001 | 1214 | redmine1 | mysql,test |
+--------------------+----------+--------------+------------------+
1 row in set (0.00 sec)