OK – we’re good to go for our final ZFS configuration. Recall from earlier that I will be configuring a two-disk RAID1 set, with an extra disk for hot-spare use, and the final disk to play with for backups, encryption, dedup, etc.
Category Archives: UNIX & Linux How Tos and Tutorials
Apache HTTPD mod_rewrite: one RewriteCond to many RewriteRules
Within Apache HTTPD’s mod_rewrite, RewriteCond only applies one RewriteRule that comes immediately after the RewriteCond itself. It didn’t seem like such a great idea to have to duplicate a lengthy RewriteCond definition half a dozen times for multiple RewriteRules.
Turns out there is a fairly simple trick to achieve exactly what I was looking for: if the RewriteCond is negated and followed by RewriteRule . – [S=n] to skip the following n rules, the RewriteRules in essence are only applied when the singular RewriteCond is true. Like so:
|
1 2 3 4 5 |
RewriteCond %{REQUEST_URI} !^/(pattern1|pattern2|pattern3)/$ [NC] RewriteRule . - [S=3] RewriteRule ^/pattern1/$ /someURL.php [L] RewriteRule ^/pattern2/$ /someURL2.php [L] RewriteRule ^/pattern3/$ /iLikeDoughnuts.php [L] |
Now the last three rules are skipped if the condition is not true or, in reverse, they are applied if the condition is true. Each pattern is then handled individually, and the [L] rewrite option will cause only the pertinent rule to be applied - processing will stop after the first matched condition.
ZFS Part 1: Introduction
ZFS is simply awesome. It simplifies storage management, performs well, is fault-tolerant and scalable and generally is just amazing. I will use this article to demonstrate some of its interesting features. Note that we are only scraping the tip of the ZFS iceberg here; read the official documentation for much more detail. The terms dataset and filesystem are used interchangeably throughout as with ZFS they are essentially the same thing.
How to Upgrade from Solaris 10 to Solaris 11: Network Preparation
The aim of this series is to show the experienced Solaris system administrator how to transition from Solaris 10 to Solaris 11 immediately after initial installation of the operating system, as well as offering tips, tricks and insights into Solaris 11, which differs significantly from Solaris 10.
This article will cover the commands that will enable both servers to be networked and able to reach the internet.
How to Disable Name Resolution with Snoop
Whilst analysing some issues with multicast on a pair of Solaris boxes, I wanted to filter out some unwanted multicast addresses when viewing my snoop traces.
However, by default, snoop will resolve IPs, and ALL multicast IPs in the 228.x.x.x range (which I’m using) resolve to “reserved-multicast-range-not-delegated.example.com”.
|
1 |
# dig -x multi.cast.ip.here |
So … how to “play back” the snoop output without name resolution? Just use the -r option. I also added -ta to get readable timestamps.
|
1 |
# snoop -ta -ri ./input_file.snoop |
I could then pipe this through grep -v and see only the information I cared about.
Apache httpd: How to Use htpasswd to Password Protect Areas of your Site
This doesn’t cover the basics of configuring httpd, etc. You should know how to do that! Also, this is being done on an old RHEL 4 box.
If you’re having trouble with selinux blocking CGI in weird and wonderful ways, disable it:
|
1 2 |
setsebool -P httpd_disable_trans 1 getsebool -a | grep httpd_disable_trans |
Anyway … modify /etc/httpd/conf/httpd.conf and add a <Directory> directive for the directory that you wish to protect, e.g. :
|
1 2 3 4 5 6 7 8 9 |
# sed -n '275,+7 p' /etc/httpd/conf/httpd.conf <Directory /> Options FollowSymLinks AllowOverride None AuthName "Restricted area!" AuthType Basic AuthUserFile /usr/local/etc/httpd/users require valid-user </Directory> |
It will protect all subdirectories under the directory too. You can obviously just specify a specific directory if you want, but I want to password protect the entire website.
Create a directory for your htpasswd file - do not put this under your DocumentRoot - somewhere under the ServerRoot is good, but I put it in /usr/local/etc/httpd:
|
1 2 3 |
# mkdir -p /usr/local/etc/httpd # chown apache:apache /usr/local/etc/httpd # chmod 700 /usr/local/etc/httpd |
Then create the htpasswd file and add your first user
|
1 |
# htpasswd -c /usr/local/etc/httpd/users jsmith |
|
1 |
It will then prompt for password. |
I always chown apache:apache /usr/local/etc/httpd/users and then chmod 400 /usr/local/etc/httpd/users.
The -c is not required when adding further users to the users file
|
1 |
htpasswd /usr/local/etc/httpd/users newuser |
Then, just restart httpd (only needed as we changed the httpd.conf file - you don’t need to restart httpd after just adding/deleting users with htpasswd), and browse!
|
1 |
apachectl restart |
(or service httpd restart, /etc/init.d/httpd stop && /etc/init.d/httpd start, whatever….)
Done !
Squid: How to Enable the PURGE Method for squidclient
By default, the PURGE method is denied with squid, therefore, you cannot use squidclient to purge the cache for a particular page.
The solution to this requires a change in your squid.conf file to allow the PURGE method from localhost.
At my site, squid is installed at /usr/local/squid and the server listens on ports 80 and 8080 instead of the default 3128. You can see what ports squid is listening on with the following:
|
1 2 3 |
# grep "^http_port" /usr/local/squid/etc/squid.conf http_port proxy_ip_addr:80 http_port proxy_ip_addr:8080 |
First, we need to add a couple of acl‘s to the configuration file, one for localhost (if you haven’t defined it already), and one for the PURGE method itself.
|
1 2 3 4 |
# vi /usr/local/squid/etc/squid.conf # egrep "^(acl PUR|acl local)" /usr/local/squid/etc/squid.conf acl localhost src 127.0.0.1 acl PURGE method PURGE |
Now, we can add our http_access definitions to allow use of the PURGE method when requested by localhost only. Make sure you add both of these entries before your global http_access deny all entry.
|
1 2 3 4 |
# vi /usr/local/squid/etc/squid.conf # grep "^http_access.*PURGE" /usr/local/squid/etc/squid.conf http_access allow PURGE localhost http_access deny PURGE |
Now, we’re ready to ask squid to reload its configuration file.
|
1 |
# /etc/init.d/squid reload |
No errors? Cool. Now we can attempt to PURGE our cache for a particular page …
|
1 |
# /usr/local/squid/bin/squidclient -h proxy_ip_addr -p 80 -m PURGE http://www.somewhere.com/somepage.html |
If the object is in the cache, you should receive a HTTP/1.0 200 OK message. If the object is not in the cache, you’ll be greeted by a HTTP/1.0 404 Not Found message.
How to Build and Configure a Central Logging Server with syslog-ng
Disclaimer: This post was originally posted in 2008 as an article on the now-defunct website zazzybob.com. While the software version and actual commands used may vary, the concepts are still similar and give a general idea of how to approach a given problem.
This article describes the process of replacing the venerable but limited syslog daemon with a versatile, flexible and customisable replacement, syslog-ng. We will be using our syslog-ng enabled host as a central logging server, so we’ll use LVM to create a log volume that can easily be expanded as disks are added to the system.
Hardware: How to Reset ALOM Password on T2000
There is no scadm command for the sun4v architecture on Solaris 10.
Therefore, to reset a forgotten ALOM password, you’ll need to connect the Serial management cable. (For example, I used an Annex terminal concentrator, and then telnet‘ed into the appropriate port on the Annex). Warning: you’ll be erasing your ALOM NVRAM during this procedure, but you have no choice.
Pull both power cables from the back of your (init 5‘d) T2000. Leave them unplugged for 5 seconds, and plug them back in.
Watch as the ALOM initialisation flows past your serial, and when you see the following, hit ESC:
|
1 2 |
Boot Sector FLASH CRC Test Boot Sector FLASH CRC Test, PASSED. |
You’ll know if you’re successful, as you’ll see the ALOM <ESC> Menu:
|
1 2 3 4 5 6 7 |
ALOM <ESC> Menu e - Erase ALOM NVRAM. m - Run POST Menu. R - Reset ALOM. r - Return to bootmon. Your selection: |
First, hit “e” to erase the ALOM NVRAM:
|
1 2 3 4 5 6 7 8 |
ALOM <ESC> Menu e - Erase ALOM NVRAM. m - Run POST Menu. R - Reset ALOM. r - Return to bootmon. Your selection: e ALOM NVRAM erased. |
Then, hit “r” to return to the ALOM boot process:
|
1 2 3 4 5 6 7 |
ALOM <ESC> Menu e - Erase ALOM NVRAM. m - Run POST Menu. R - Reset ALOM. r - Return to bootmon. Your selection: r |
Once the ALOM comes up, you’ll be logged in as admin with no password:
|
1 |
sc> |
Reset the admin password:
|
1 |
sc> userpassword admin |
You’ll need to setup the SC again:
|
1 |
sc> setupsc |
I always add another personal admin user, to save this sort of thing happening:
|
1 2 3 4 |
sc> useradd toki sc> userpassword toki sc> userperm toki cuar sc> usershow |
Check you can access the console, and you’re good:
|
1 2 3 4 |
sc> logout ..login.. sc> poweron sc> console -f |
GNU and UNIX Commands: Find Out Which Ports a Program is Listening on
This is easiest done with lsof. On Solaris you can use pfiles, and you may also find netstat -anlp on Linux useful.
First, find the PID of the process you’re interested in
|
1 2 |
# ps -ef | grep '[v]m' root 32702 1 0 Mar08 ? 00:00:00 /usr/bin/vmpsd |
Then, run lsof against the PID
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# lsof -p 32702 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME vmpsd 32702 root cwd DIR 9,1 4096 2 / vmpsd 32702 root rtd DIR 9,1 4096 2 / vmpsd 32702 root txt REG 9,1 23708 881217 /usr/bin/vmpsd vmpsd 32702 root mem REG 0,0 0 [heap] (stat: No such file or directory) vmpsd 32702 root mem REG 9,1 1184892 1024170 /lib32/libc-2.4.so vmpsd 32702 root mem REG 9,1 124785 1024169 /lib32/ld-2.4.so vmpsd 32702 root 0u CHR 136,0 2 /dev/pts/0 (deleted) vmpsd 32702 root 1u CHR 136,0 2 /dev/pts/0 (deleted) vmpsd 32702 root 2u CHR 136,0 2 /dev/pts/0 (deleted) vmpsd 32702 root 3u IPv4 4214826 UDP *:1589 vmpsd 32702 root 4u unix 0xffff81007d816300 4214827 socket |
Port 1589/UDP, that’s the information we wanted.