Thursday, February 25, 2010

UNIX Command Line Tools For MS-Windows XP / Vista / 7 Operating Systems

GnuWin

GnuWin provides Win32-versions of GNU tools, or tools with a similar open source licence. The ports are native ports, that is they rely only on libraries provided with any 32-bits MS-Windows operating system, such as MS-Windows 95 / 98 / 2000 / NT / XP / Vista etc.

GNU Utilities For Win32

Here are some ports of common GNU utilities to native Win32. In this context, native means the executables do only depend on the Microsoft C-runtime (msvcrt.dll) and not an emulation layer like that provided by Cygwin tools. If you don't care about having a full UNIX shell environment, this is a great download for you.

Cygwin

Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment. Thus it is possible to launch Windows applications from the Cygwin environment, as well as to use Cygwin tools and applications within the Windows operating context.


Dedicated to all Engineer

Na RAM ki parwah, Na Subject koi clear Hain, fir b yaaron hum Engineer hain,

Tabel pe kitab ki jagah Kingfisher ki BEER Hain, fir b yaaron hum Engineer hain,

C++ ya Matlab nahi Chatting apna Career Hain, fir b yaaron hum Engineer hain,

Late night Studies ki jagah pe File ka Premier Hain, fir b yaaron hum Engineer hain,

Maa ne socha tha mera beta Engineer banega, Le Maa aaj tera beta Engineer hi to hain.



Sunday, February 21, 2010

Install Keepalived To Provide IP Failover For Web Cluster

Keepalived provides a strong and robust health checking for LVS clusters. It implements a framework of health checking on multiple layers for server failover, and VRRPv2 stack to handle director failover. How do I install and configure Keepalived for reverse proxy server such as nginx or lighttpd?

If your are using a LVS director to loadbalance a server pool in a production environment, you may want to have a robust solution for healthcheck & failover. This will also work with reverse proxy server such as nginx.

Our Sample SetupInternet--

         |     =============     | ISP Router|     =============          |          |          |      |eth0 -> 192.168.1.11 (connected to lan)          |-lb0==|          |      |eth1 -> 202.54.1.1 (vip master)          |          |      |eth0 -> 192.168.1.10 (connected to lan)          |-lb1==|                 |eth1 -> 202.54.1.1 (vip backup) 

Where,

  • lb0 - Linux box directly connected to the Internet via eth1. This is master load balancer.
  • lb1 - Linux box directly connected to the Internet via eth1. This is backup load balancer. This will become active if master networking failed.
  • 202.54.1.1 - This ip moves between lb0 and lb1 server. It is called virtual IP address and it is managed by keepalived.
  • eth0 is connected to LAN and all other backend software such as Apache, MySQL and so on.

You need to install the following softwares on both lb0 and lb1:

  • keepalived for IP failover.
  • iptables to filter traffic
  • nginx or lighttpd revers proxy server.

DNS settings should be as follows:

  1. nixcraft.in - Our sample domain name.
  2. lb0.nixcraft.in - 202.54.1.11 (real ip assigned to eth1)
  3. lb1.nixcraft.in - 202.54.1.12 (real ip assigned to eth1)
  4. www.nixcraft.in - 202.54.1.1 (VIP for web server) do not assign this IP to any interface.

Install Keepalived

Visit keepalived.org to grab latest source code. You can use the wget command to download the same (you need to install keepalived on both lb0 and lb1):
# cd /opt
# wget http://www.keepalived.org/software/keepalived-1.1.19.tar.gz
# tar -zxvf keepalived-1.1.19.tar.gz
# cd keepalived-1.1.19

Install Kernel Headers

You need to install the following packages:

  1. Kernel-headers - includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.
  2. kernel-devel - this package provides kernel headers and makefiles sufficient to build modules against the kernel package.

Make sure kernel-headers and kernel-devel packages are installed. If not type the following install the same:
# yum -y install kernel-headers kernel-devel

Compile keepalived

Type the following command:
# ./configure --with-kernel-dir=/lib/modules/$(uname -r)/build
Sample outputs:

checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o ... ..... .. config.status: creating keepalived/check/Makefile config.status: creating keepalived/libipvs-2.6/Makefile  Keepalived configuration ------------------------ Keepalived version       : 1.1.19 Compiler                 : gcc Compiler flags           : -g -O2 Extra Lib                : -lpopt -lssl -lcrypto Use IPVS Framework       : Yes IPVS sync daemon support : Yes Use VRRP Framework       : Yes Use Debug flags          : No

Compile and install the same:
# make && make install

Create Required Softlinks

Type the following commands to create service and run it at RHEL / CentOS run level #3 :
# cd /etc/sysconfig
# ln -s /usr/local/etc/sysconfig/keepalived .
# cd /etc/rc3.d/
# ln -s /usr/local/etc/rc.d/init.d/keepalived S100keepalived
# cd /etc/init.d/
# ln -s /usr/local/etc/rc.d/init.d/keepalived .

Configuration

Your main configuration directory is located at /usr/local/etc/keepalived and configuration file name is keepalived.conf. First, make backup of existing configuration:
# cd /usr/local/etc/keepalived
# cp keepalived.conf keepalived.conf.bak

Edit keepalived.conf as follows on lb0:

vrrp_instance VI_1 {         interface eth0         state MASTER         virtual_router_id 51         priority 101         authentication {             auth_type PASS             auth_pass Add-Your-Password-Here         }         virtual_ipaddress {                 202.54.1.1/29 dev eth1         } }

Edit keepalived.conf as follows on lb1 (note priority set to 100 i.e. backup load balancer):

vrrp_instance VI_1 {         interface eth0         state MASTER         virtual_router_id 51         priority 100         authentication {             auth_type PASS             auth_pass Add-Your-Password-Here         }         virtual_ipaddress {                 202.54.1.1/29 dev eth1         } }

Save and close the file. Finally start keepalived on both lb0 and lb1 as follows:
# /etc/init.d/keepalived start

Verify: Keepalived Working Or Not

/var/log/messages will keep track of VIP:
# tail -f /var/log/messages
Sample outputs:

Feb 21 04:06:15 lb0 Keepalived_vrrp: Netlink reflector reports IP 202.54.1.1 added Feb 21 04:06:20 lb0 Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 202.54.1.1

Verify that VIP assigned to eth1:
# ip addr show eth1
Sample outputs:

3: eth1:  mtu 1500 qdisc pfifo_fast qlen 10000     link/ether 00:30:48:30:30:a3 brd ff:ff:ff:ff:ff:ff     inet 202.54.1.11/29 brd 202.54.1.254 scope global eth1     inet 202.54.1.1/29 scope global secondary eth1

ping failover test

Open UNIX / Linux / OS X desktop terminal and type the following command to ping to VIP:
# ping 202.54.1.1
Login to lb0 and halt the server or take down networking:
# halt
Within seconds VIP should move from lb0 to lb1 and you should not see any drops in ping. On lb1 you should get the following in /var/log/messages:

Feb 21 04:10:07 b2 Keepalived_vrrp: VRRP_Instance(VI_1) forcing a new MASTER election Feb 21 04:10:08 lb1 Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE Feb 21 04:10:09 lb1 Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE Feb 21 04:10:09 lb1 Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs. Feb 21 04:10:09 lb1 Keepalived_healthcheckers: Netlink reflector reports IP 202.54.1.1 added Feb 21 04:10:09 lb1 Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 202.54.1.1

Conclusion

Your server is now configured with IP failover. However, you need to install and configure the following software in order to configure webserver and security:

  1. nginx or lighttpd
  2. iptables

Stay tuned, for more information on above configuration.

Thursday, February 11, 2010

What to do ?

1. What to do if the command prompt is disabled?

No need to panic. Just do the following: Go to Start - > Run, type gpedit.msc and press OK. A "Group Policy " window opens up. In that, among the options given on the left select User Configurations and then selectAdministrative Templates. From the options displayed select System. This will give you a list of settings. Double clicking on Prevent Access to Command Prompt will open up a window which will display the following setting options - Not Configured, Enable, Disable. Select Disable and press OK. Now you should be able access your command prompt.

2. What to do if the task manager is disabled?

Go to the same path as above. Start - > Run - > type gpedit.msc - > press OK - > select User Configurations - > select Administrative Templates - > select System. Now select the folder Ctrl + Alt + Del Options by double clicking on it. Within this folder double click on Remove Task Manager. Select Disable and press OK.

3. What to do if the system restore is disabled?

Do the following: Start - > Run - > type gpedit.msc - > press OK - > select Computer Configurations - > selectAdministrative Templates - > select System. Now select the folder System Restore by double clicking on it. Within this folder double click on Turn of System Restore. Select Disable and press OK.

4. What to do if regedit is disabled?

Start - > Run - > type gpedit.msc - > press OK - > select User Configurations - > select Administrative Templates - > select System. Now select the Prevent access to registry editing tools by double clicking on it. Select Disable and press OK.

These simple steps can get you going without having to lose data or formatting your system. ENJOY.

ABC for IT Professional

cid:image001.jpg@01CA05F8.BDD6CE00

Thursday, February 4, 2010

Samba Tutorial


If you use Samba you certainly want to create shares which provide
users with private shares. This tutorial will show you how to create
a share that is accessible to one user to store their information.

Security Mode
The typical security mode that you will use for a simple user share is
security = user.

Choosing a Database Type for Passwords
smbpasswd–A text-mode flat database. You can use this on a stand-
alone Samba server, but you don’t want to use it in a domain.
tdbsam–This is a regular database file, which can store a richer set
of attributes than what the smbpasswd file can. You can use it for
either stand-alone Samba servers, or in a domain that’s running a
single domain controller.
ldapsam–This type of database is set up with an ldap directory for its
backend. You can use this in a domain with multiple domain
controllers. You don’t want to use it for either stand-alone Samba
servers, or for domains with single domain controllers.

Home Directories
This will create home directories on your Samba server that users can
access from their Windows clients. That way, everyone can have one
central directory that they can access regardless of which client
station they use to log on. As a security precaution for the Linux
server, users when created will not have access to login to the Linux
server and get a shell, they will only be able to access their shares,
typically from Windows.

Edit the /etc/smb.conf file.

[global]
netbios name = linuxserver
workgroup = WORKGROUP
server string = Public File Server
security = user
map to guest = bad user
guest account = smbguest
encrypt passwords = yes
passdb backend = tdbsam

[tom]
comment = Home Directory
path = /home/tom
valid users = tom
browsable = no
guest ok = no
read only = no

[public]
path = /share/public
guest ok = yes
read only = no

In the [global] section, encrypted passwords are used and stored in
a “tdbsam”-type file. You could get by with using an “smbpasswd”-type
file for this example.

The [tom] share is a simple share for a user on the samba server. In
the [tom] section, a comment line was added , which specifies what
shows up in the comment column of a Windows Explorer detail display.
The “valid users = tom” line is what keeps people out of other
people’s home directories. And, you don’t want users’ home
directories to show up in a Network Neighborhood display, so the
“browsable = no” line is added.

Next, create a Linux-type user account for tom.

# useradd -c “tom” -m -s /bin/false tom

The “-s” option switch, followed by the “/bin/false”, is what prevents
tom from logging on to the Linux system. The “-m” switch is what
creates tom’s home directory. There’s no need to give tom a password
for this account as the password that is used will be with smnpasswd.

Next, create tom’s Samba account and give it a password.

smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.

This command will add tom’s account information to the “passdb.tdb”
file that’s found in the /var/lib/samba directory.

Restart Samba to reload the new configuration.

# service samba restart
* Stopping Samba
daemons…
[ OK ]
* Starting Samba
daemons…
[ OK ]

That should do it, tom now should be able to login to a user share
just set up for him.

Login From Windows
Right click your My Computer and select “Map Network Drive”. Select a
drive letter, like “L” and then enter your Samba server IP and the
share name.

\\192.168.5.89\tom

Connect and it should ask for user and password.