Tikejhya: Ashish Nepal

Knowledgebase

Month: March 2013 (Page 1 of 2)

Centos 6.x howto-puppet Installation and Configuration

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Centos 6.x howto-puppet Installation and Configuration

This is tested on Centos 6.4 with epel repo based version of puppet 2.6.17

cd /usr/local/src;
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm;
yum install puppet-server;
touch /etc/puppet/manifests/site.pp
service puppetmaster start

Jump into puppet-client

yum install puppet;
vi /etc/puppet/puppet.conf

# Note: control.meotic.com is my puppet master for puppet client

puppetd --server control.meotic.com --waitforcert 60 --test

Response:
info: Creating a new SSL key for db1.meotic.com
warning: peer certificate won’t be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
info: Creating a new SSL certificate request for db1.meotic.com
info: Certificate Request fingerprint (md5): 6D:35:2F:D7:4A:2C:CC:90:A0
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session

Now jump into server (puppet-master):

puppetca --list

“db1.meotic.com” (6D:35:2F:D7:4A:1A:F2:13:C3:2C:CC:90:A0)

[root@control manifests]# puppetca --sign db1.meotic.com
notice: Signed certificate request for db1.meotic.com
notice: Removing file Puppet::SSL::CertificateRequest db1.meotic.com at '/var/lib/puppet/ssl/ca/requests/db1.meotic.com.pem'
[root@control manifests]#

What we have at This point:
Puppet Master (as: control.meotic.com)
Puppet Agent (as: db1.meotic.com)

Certificate are signed and all set to roll.

Now lets look into configuration files, directory and fileserver Next.

[root@control ~]# cd /etc/puppet/
[root@control puppet]# ll -al
total 28
drwxr-xr-x. 4 puppet puppet 4096 Mar 23 11:27 .
drwxr-xr-x. 59 root root 4096 Mar 23 09:25 ..
-rw-r--r--. 1 puppet puppet 2346 Jul 19 2012 auth.conf
drwxr-xr-x. 2 puppet puppet 4096 Mar 23 12:46 files
-rw-r--r--. 1 puppet puppet 459 Mar 23 11:27 fileserver.conf
drwxr-xr-x. 3 puppet puppet 4096 Mar 23 12:40 manifests
-rw-r--r--. 1 puppet puppet 853 Jul 6 2012 puppet.conf

Auth: Authentication config file.
files: Directory to store files to share

vi /etc/puppet/fileserver.conf:
[files]
path /etc/puppet/files
allow *.meotic.com
allow 192.168.1.0/24

Here, in fileserver.conf you will declare location of file share point, allow whom by IP or by DNS.

Now Manifests: I have divided into two part.
Classes:
site.pp:

[root@control puppet]# cd manifests/
[root@control manifests]# ls
classes site.pp

Site.pp : Its preety much self explanatory, it holds the different node.

# /etc/puppet/manifests/site.pp

import "classes/*"

## Base Nodes

node default {
include sudo
include ntp
}

node mysqldb {
include ntp
include mysql
}

node webserver {
include web
include monitoring
}

## Specific Nodes

node 'web1.meotic.com', 'web2.meotic.com' inherits loadbalancer {
include apacheconf
include app
include backups
}

node 'db1.meotic.com' inherits mysqldb {
include sudo
}

node 'control.meotic.com' inherits mysqldb {
}

node 'dns1.meotic.com', 'dns2.meotic.com' {
include monitoring
}

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

And class:

[root@control classes]# ll -al
-rw-r–r–. 1 puppet puppet 591 Mar 23 12:49 ntp.pp
-rw-r–r–. 1 puppet puppet 235 Mar 23 12:50 sudo.pp

Currently i have 2 files, one to serve ntp setting and config file
and sudo file.

vi ntp.pp

# /etc/puppet/manifests/classes/

class ntp {
# If you have different distro within org you can declare here as variable
case $operatingsystem {
centos, redhat: {
$service_name = 'ntpd'
$conf_file = 'ntp.conf'
}
}

package { 'ntp':
# package can also be parsed in array.
ensure => installed,
}

service { 'ntp':
name => $service_name,
ensure => running,
enable => true,
subscribe => File['ntp.conf'],
}

file { "ntp.conf":
path => "/etc/ntp.conf",
owner => "root",
group => "root",
mode => 644,
source => "puppet://control.meotic.com/files/ntp.conf"
}
}

sudo.pp

# /etc/puppet/manifests/classes/sudo.pp

class sudo {
file { "/etc/sudoers":
owner => "root",
group => "root",
mode => 440,
source => "puppet://control.meotic.com/files/sudoers"
}
}

Once you wirte before restarting and commiting changes, you might want to check syntax.

puppet --parseonly sudo.pp
puppet --parseonly ntp.conf

# How to install RPM with puppet

class examplerpm ( $src ) {

  package { 'package':
     provider => 'rpm',
     ensure => installed,
     source => "${examplerpm::src}"
 }
}

class { 'examplerpm':
  src => 'http://nginx.org/packages/rhel/6/x86_64/RPMS/nginx-1.4.4-1.el6.ngx.x86_64.rpm',
}

# How to share file Using Puppet.

file { "/etc/sudoers":
    mode => 440,
    owner => root,
    group => root,
    source => "puppet:///files/sudoers",
}

# How to write files using Puppet

file { '/data/some.sh':
		owner => root, group => root, mode =>0755,
                content => "#!/bin/bashnpuppet agent --onetime --no-daemonize --verbose $1n",
	}

And to run sync with client.
on client machine.

puppetd --server control.meotic.com --test

(ofcourse this can be automated with cronjob or other hook method to execute on file change on master and repository base is recommended by many experts or even as standard best practise.)

This might be a best tool 😉
http://www.puppetcookbook.com/

General layout

├── auth.conf
├── environments
│   └── example_env
│   ├── manifests
│   ├── modules
│   └── README.environment
├── fileserver.conf
├── hieradata
│   ├── common.yaml
│   ├── node
│   │   ├── ares.ashishnepal.net.yaml
│   │   ├── logarchive.ashishnepal.net.yaml
│   │   └── varnish1.ashishnepal.com.yaml
│   └── sshkeys
├── hiera.yaml -> /etc/hiera.yaml
├── manifests
│   ├── classes
│   │   └── basetools.pp
│   ├── nodes
│   │   └── test_nodes.pp
│   └── site.pp
├── modules
│   ├── authorized_keys
│   │   ├── manifests
│   │   │   └── init.pp
│   │   └── templates
│   │   ├── backoffice
│   │   │   └── authorized_keys.erb
│   │   ├── db
│   │   │   └── authorized_keys.erb
│   ├── nginx
│   │   ├── manifests
│   │   │   ├── init.pp
│   │   │   └── params.pp
│   │   └── templates
│   │   ├── default_conf.erb
│   │   ├── fastcgi_params_conf.erb
│   │   ├── koi-utf_conf.erb
│   │   ├── koi-win_conf.erb
│   │   ├── mime.types_conf.erb
│   │   ├── nginx_conf.erb
│   │   ├── scgi_params_conf.erb
│   │   ├── ssl_conf.erb
│   │   ├── uwsgi_params_conf.erb
│   │   └── win-utf_conf.erb
│   ├── sshd
│   │   ├── files
│   │   │   └── sshd_config
│   │   └── manifests
│   │   └── init.pp
│   └── zabbix
│   ├── manifests
│   │   ├── init.pp
│   │   ├── params.pp
│   │   └── resources
│   │   └── agent.pp
│   └── templates
│   ├── zabbix_agent_conf.erb
│   └── zabbix_agentd_conf.erb
└── puppet.conf

TROUBLESHOOT:
[root@puppet2 ~]# puppet agent –no-daemonize –onetime –verbose
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [unable to get certificate CRL for /CN=puppet1.tike.com]
notice: Using cached catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [unable to get certificate CRL for /CN=puppet1.tike.com]

Solution: Update Time, Delete Existing Certificates, Retry

Client: find /var/lib/puppet -type f -print0 |xargs -0r rm
Master: puppet cert clean puppet2.tike.com
Client: puppet agent –no-daemonize –onetime –verbose
Master: puppet cert list
Master: puppet cert sign “puppet2.tike.com”

More Troubleshooting on officaial page.
http://docs.puppetlabs.com/guides/troubleshooting.html

Sed SRC from custom log

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Mar 16 20:00:00 web1 kernel: *WEB_ATTEMPT*IN=eth1 OUT= MAC=00:208:e3:ff:08:00 SRC=111.111.111.111 DST=222.222.222.222 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=19880 DF PROTO=TCP SPT=25499 DPT=3306 WINDOW=65453 RES=0x00 ACK URGP=0

sed ‘s/.*SRC=(.*)DST=.*/1/’ /var/log/custom | grep -v kernel | uniq -c

IPTables Logging

#Log All DB Connections
-A INPUT -p tcp -m tcp –dport 3306 -m limit –limit 5/min –limit-burst 7 -j LOG –log-prefix “*DB_ATTEMPT*”

# Logging much else clutters up the screen.
#kern.* /dev/console
kern.* /var/log/kernel

Migrating Courier To Postfix

#!/bin/bash

QUOTA=’1024′

IFS=:
echo “Email Id To Create:”
echo “—————”
while read name email password home_directory
do

PASSWORD=`openssl passwd -1 “$password”`

maildir=`echo “$home_directory” | cut -d”/” -f4`
domain=`echo “$home_directory” | cut -d”/” -f4`
local_part=`echo “$domain” | awk -F “.” ‘{$NF=””;$(NF-1″”)=””}1’ | sed ‘s/ /./g’ | sed ‘s/..$//g’`
DOMAIN=`echo “$domain” | awk -F “.” ‘{print $(NF-1) “.” $NF}’`

echo “INSERT INTO mailbox (username, password, name, storagebasedirectory,storagenode, maildir, quota, domain, active, local_part, created)”
echo “VALUES (‘$email’, ‘$PASSWORD’, ‘$name’, ‘/data’,’mail’, ‘$maildir/’, ‘$QUOTA’, ‘$DOMAIN’, ‘1’, ‘$local_part’, NOW);”
echo “INSERT INTO alias (address, goto, domain, created, active) VALUES (‘$email’, ‘$email’,’$DOMAIN’, NOW, 1);”

done < ./get_email_from

Mysql Limit user connection.

Mysql, how to restrict user connection, thread, etc.

mysql> CREATE USER ‘tikejhya’@’localhost’ IDENTIFIED BY ‘hmmmm’;
mysql> GRANT ALL ON customer.* TO ‘tikejhya’@’localhost’
-> WITH MAX_QUERIES_PER_HOUR 20
-> MAX_UPDATES_PER_HOUR 10
-> MAX_CONNECTIONS_PER_HOUR 5
-> MAX_USER_CONNECTIONS 2;

Script (Reading log file)

#!/bin/bash

# As my requirement was to get data written in right order weekly/daily basis
# It was more required to get data in right order while dumping into output fle
# So running ls -lrt would give extra field and awked date,user, owner and so on.

FILES=`ls -lrt /var/log/tikejhya/Email-* | awk ‘{ print $9 }’`

# Looping through all of the files found above.
for lf in $FILES;do

# Getting only the basename i.e. filename and sedding filename from . toget first half and removing
# consistent patern.
FILEHEAD=`basename $lf | cut -d”.” -f1 | sed -e ‘s/^……//g’`

# To make more readable inserting blank line followed by date
echo “” >> /home/tikejhya/email_report.log
echo “=========================================================” >> /home/tikejhya/email_report.log
echo “DATE: ‘$FILEHEAD’ ” >> /home/tikejhya/email_report.log

# cat $lf | awk ‘{ print $2,$3,$4,$10 } match($0,”SUBJECT”) {print substr($0,RSTART+0,1000)}’
# This means match subject and print anything after that, 1000 means 1000 character from there just to make it all.

# sed -e s/”}]”/”n&”/g => inserting a newline after }]

cat $lf | awk ‘{ print $2,$3,$4,$10 } match($0,”SUBJECT”) {print substr($0,RSTART+0,1000)}’ | cut -d””:”” -f1,2,3,4 | cut -d “,” -f1 | tr -d ‘n’ | sed -e s/”}]”/”n&”/g | sed ‘s/SUBJECT/ &/g’ | cut -d””:”” -f3 | sed -e’s/.$//g’ | sort | uniq -c | sort >> /home/ashish.nepal/touchpoint_count

done

Asterisk Active Call

watch -n 1 “sudo asterisk -vvvvvrx ‘core show channels’ | grep call”

Redmine HTML support

How to enable html tagging/macro in redmine.

# Redmine HTML macro
desc “Insert html” + “nn” +
” !{{html(html block)}}”
macro :html do |obj, args, text|
text.html_safe
end

SCP commandline

scp -r tikejhya@hmmm.com:/home/local /home/temp

ERROR 1146 (42S02): Table ‘mysql.servers’ doesn’t exist

mysql> flush privileges;
ERROR 1146 (42S02): Table ‘mysql.servers’ doesn’t exist

CREATE TABLE `servers` (
`Server_name` char(64) NOT NULL,
`Host` char(64) NOT NULL,
`Db` char(64) NOT NULL,
`Username` char(64) NOT NULL,
`Password` char(64) NOT NULL,
`Port` int(4) DEFAULT NULL,
`Socket` char(64) DEFAULT NULL,
`Wrapper` char(64) NOT NULL,
`Owner` char(64) NOT NULL,
PRIMARY KEY (`Server_name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8
COMMENT=’MySQL Foreign Servers table’;

Page 1 of 2

Powered by WordPress & Theme by Anders Norén