Clik here to view.
Red Hat Cluster : VMware ESX fencing
Tested on Red Hat Enterprise Linux 5.6 64 bits and VMware ESX 3.5 Edit November 2011 : Tested on RHEL6.1 and VMware ESX 4.1 If you set up a cluster, in case of failure, you’ll probably want the...
View ArticleClik here to view.
Importing certificates on Android (CA and client)
Tested on my HTC Hero running Android 2.2.1 They do not make it terribly obvious, so I believe this is worth a post. Android will not import CA cert in the PEM format, you’ll get a “no certificate to...
View ArticleClik here to view.
Authenticate Linux Red Hat with Microsoft Active Directory
Tested with Active Directory 2003 and RHEL 6.0 What we want to do : - authentication against AD using Winbind and Kerberos - allowing local and remote (SSH) authentication to members of a specific AD...
View ArticleClik here to view.
Large files uploading fail with Apache + PHP + APC
We had one quite interesting problem at work. We had a Drupal site where we couldn’t upload files larger than 32 MB, while having in php.ini : upload_max_filesize = 200 MB post_max_size = 200M After...
View ArticleClik here to view.
Spin down external USB drive on Debian Squeeze
It seems like I have at least two options to spin down my external USB drive used for rsnapshot backups (Iomega 1TB). In the first place, I assumed it would spin down by itself by simply unmounting the...
View ArticleClik here to view.
Two step authentication on SSH with Google Authenticator under Debian Sid
On a Debian Sid system, install the following : apt-get install libpam-google-authenticator Edit /etc/ssh/sshd_config and set : ChallengeResponseAuthentication yes Restart the service : service ssh...
View ArticleClik here to view.
ActiveMQ 5.4.x install under RHEL 5.x
Tested with ActiveMQ 5.4.3, Red Hat Linux Enterprise 5.7 64 bits with Sun JVM 1.5 ActiveMQ 5.5.x requires JVM 1.6 The following is a simple copy and paste howto. Simply adapt the install variables and...
View ArticleClik here to view.
Rundeck howto and examples
Quoting rundeck.org : Rundeck is an Open Source process automation and command orchestration tool with a web console. As I understand it, it’s a fork of Control Tier : www.controltier.org I’m usually...
View ArticleClik here to view.
See changes made to a filesystem with inotify
Install the package “inotify-tools” with your package manager (in EPEL for RHEL). Then create and execute this script : inotifywait -m -r --format $'%T %e %w%f' --timefmt '%H:%M:%S' --exclude...
View ArticleClik here to view.
Salt Stack, a (serious) alternative to Puppet
I couldn’t write it better : see http://www.lecloud.net/post/29325359938/salt-to-the-rescue So basically, Salt is a configuration management system (à la Puppet) and allows remote execution (à la...
View ArticleClik here to view.
mod_proxy_balancer on RHEL6
Tested on RHEL 6. This is the simplest setup possible, for my own reference. I may come up with a Salt state in the future. Reference : http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html...
View ArticleClik here to view.
Repurposing a Barracuda Spam & Virus Firewall
I got my hands on a out of warranty/subscription/whatever Barracuda unit. This unit is a Spam & Firewall 400 model from 2009 or something. Basically it’s regular computer hardware in a 1U rack,...
View ArticleClik here to view.
Debian installation over PXE and dnsmasq
The DHCP/TFTP server holds the IP 10.10.0.2 All commands as root : mkdir -p /srv/tftp cd /srv/tftp wget...
View ArticleClik here to view.
VLAN trunking with Cisco Catalyst 2950 + WAP4410N
VLAN 10 is WORK VLAN 20 is HOME VLAN 30 is GUEST On the 2950, configure the port to the WAP4410N as trunk : switch#conf t switch(config)#interface fastEthernet 0/12 switch(config-if)#description...
View ArticleClik here to view.
Tomcat 6 webapp authentication against AD
Tested on RHEL6 Add the following in /etc/tomcat6/server.xml (before the ending host tag) : <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"...
View ArticleClik here to view.
Evaluating Ansible
I’m currently actively working on Salt, I actually have a dozen production servers at work, running critical services through it. I commit new things into the production branch every couple of days....
View ArticleClik here to view.
Get notified when a change occurs on the filesystem
I can never seem to remember the correct command inotifywait -e modify -m -r /home/dir
View ArticleClik here to view.
Outbound Postfix with SASL Authentication against LDAP (Dovecot)
I recently had to set up an outbound Postfix server with SASL authentication against LDAP. I’m a huge fan of Dovecot, so I did go with it instead of Cyrus which was a pain to set up a few years back....
View ArticleClik here to view.
Bash set builtin : pipefail
> false > echo $? 1 > true > echo $? 0 > false | true > echo $? 0 > set -o pipefail > false | true > echo $? 1
View ArticleClik here to view.
PreserveFQDN and EscapeControlCharactersOnReceive with rsyslog
In legacy versions of rsyslog, if you want to use the option PreserveFQDN, you have to set the option before anything else, or it wouldn't work.If you are having issues sending logs from nxlog on...
View Article
