Showing posts with label Linux. Show all posts
Showing posts with label Linux. Show all posts

Mar 1, 2019

Running bolt with passphrase protected ssh key on MacOS.


I tried to run bolt in my mac and got following error.


MacBook-Pro:~ thilina$ bolt command run 'ls' -n 192.168.1.35 -u thilina
Started on 192.168.1.35...
dyld: lazy symbol binding failed: Symbol not found: _SHA512Init
  Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle
  Expected in: flat namespace

dyld: Symbol not found: _SHA512Init
  Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle
  Expected in: flat namespace

/opt/puppetlabs/bin/bolt: line 4: 74325 Abort trap: 6           env -u GEM_HOME -u GEM_PATH -u DLN_LIBRARY_PATH -u RUBYLIB -u RUBYLIB_PREFIX -u RUBYOPT -u RUBYPATH -u RUBYSHELL -u LD_LIBRARY_PATH -u LD_PRELOAD SHELL=/bin/sh /opt/puppetlabs/bolt/bin/bolt "$@"


So I add my private key to ssh authentication agent using ssh-add. Following is to reproduce it and the workaround it until bolt devs give a proper patch [1].

Reproduce:

MacBook-Pro:~ thilina$ ssh-add -D
All identities removed.
MacBook-Pro:~ thilina$ bolt command run 'ls' -n 192.168.1.35 -u thilina
Started on 192.168.1.35...
dyld: lazy symbol binding failed: Symbol not found: _SHA512Init
  Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle
  Expected in: flat namespace

dyld: Symbol not found: _SHA512Init
  Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle
  Expected in: flat namespace

/opt/puppetlabs/bin/bolt: line 4: 74325 Abort trap: 6           env -u GEM_HOME -u GEM_PATH -u DLN_LIBRARY_PATH -u RUBYLIB -u RUBYLIB_PREFIX -u RUBYOPT -u RUBYPATH -u RUBYSHELL -u LD_LIBRARY_PATH -u LD_PRELOAD SHELL=/bin/sh /opt/puppetlabs/bolt/bin/bolt "$@"
MacBook-Pro:~ thilina$


Solution:

MacBook-Pro:~ thilina$ ssh-add ~/.ssh/id_rsa
Enter passphrase for ~/.ssh/id_rsa:
Identity added: ~/.ssh/id_rsa (thilina)
MacBook-Pro:~ thilina$


Test:

MacBook-Pro:~ thilina$ bolt command run 'ls' -n 192.168.1.35 -u thilina
Started on 192.168.1.35...
Finished on 192.168.1.35:
Successful on 1 node: 192.168.1.35
Ran on 1 node in 0.30 seconds
MacBook-Pro:~ thilina$

Apr 22, 2013

Setup a RedHat PXE server

You need to have following packages and services installed and running.
vsftpd
dhcpd
xinetd
tftpd
tftpd-server
system-config-netboot
Note: It is better to switch off IPTables untill you complete the hole process.

First mount the RHEL DVD to the system.

Then install the vsftpd system. I will use the vsftpd-* package in the RHEL6 instalation DVD.
# cd /media/rhel6/Packages
# yum localinstall vsftpd-* -y
Then start the service and switch it on at the startup
# service vsftpd start
# chkconfig vsftpd on
This will install the vsftp on the system. In the installation it will create a directory in "/var/ftp/pub". We can create the OS installation repository on this location. It is the public folder of our FTP server.
mkdir /var/ftp/pub/rhel6
I copy the full image to that location so we can use a FTP connection to do the installation.
cp -r /media/rhel6/* /var/ftp/pub/rhel6
Change a repo to use that location as a local repository
# vim /etc/yum.repos.d/local.repo
on that;
[localrepo]
name= local repository
baseurl=ftp://192.168.0.10/pub/rhel6
gpgcheck=0
Then install the tftp service
# yum install -y tftp* xinetd*
Then you need to install the "system-config-netboot" package.
# wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/alchemist-1.0.36-2.el5.x86_64.rpm
# wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/system-config-netboot-0.1.45.1-5.el5.noarch.rpm
# wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/system-config-netboot-cmd-0.1.45.1-5.el5.noarch.rpm
"system-config-netboot" depends on "alchemist-" package and it depends on "python-abi" package. Then again "python-abi" requires python-2.4 to install it, but RHEL6 almost have the latest python-2.6. So we install the "alchemist-" with --nodeps flag.
# rpm -ivh alchemist-1.0.36-2.el5.x86_64.rpm --nodeps
# rpm -ivh system-config-netboot-*
tftpd-server create this "/tftpboot/linux-install/" directory. Now we need to edit this "/etc/xinetd.d/tftp" file to point the tftpboot path to this automatically created directory.
# vim /etc/xinetd.d/tftp
on that file;
...
server_args = -s /tftpboot # change the original "/var/lib/tftpboot" to "/tftpboot"
...
Now run this command to generate the PXE boot item
pxeos -a -i "RedHat EL 6" -p FTP -D 0 -s 192.168.0.10 -L /pub/rhel6 RHEL6
This command will create a directory called as "/tftpboot/linux-install/RHEL6".

Then restart the xinetd and tftp services.
# service xinetd restart
# chkconfig xinetd on
# chkconfig tftp on
Now you need to install the DHCP service. This will forward the tftp server details to the required server.
# yum install dhcp -y
Then edit the dhcp configurations file.
# vim /etc/dhcp/dhcpd.conf
on that file;
option domain-name-servers  192.168.0.1;
allow bootp;
allow booting;

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.100 192.168.0.200;
  option routers 192.168.0.1;
}

next-server 192.168.0.50; # name of your TFTP server
filename "linux-install/pxelinux.0"; # name of the boot loader program
Then restart the dhcp serice.
# service dhcpd restart
# chkconfig dhcpd on

Put a kickstart configurations file in the ftp pub location "/var/ftp/pub/ks.cfg".
# vim /tftpboot/linux-install/pxelinux.cfg/default
and add the kernel parameter (ks=ftp://192.168.0.10/pub/ks.cfg) for the kickstart file.
...
label 1
  kernel RHEL6/vmlinuz
  append initrd=RHEL6/initrd.img ramdisk_size=16000 method=ftp://192.168.0.10/pub/rhel6 ip=dhcp ks=ftp://192.168.0.10/pub/ks.cfg

Jan 14, 2013

Run a specific command as root without root password

In most Linux/Unix systems users need special privileges to run some command. Specially to stop a service, mount a device likewise. In these scenarios most old Linux/Unix systems used the command 'su -'. But this command requires the root users password. Sharing a root password with other users is not a good practice. Therefore, we need to use some other way to do this task.

'Sudo' command allows non-privileged users to run various commands as a root user without the root password. Root user can specify which user or the user group can run command(s) as root or any other user. Those information will be saved in a configurations file in '/etc/sudoers'. But I strongly advice you not to edit that file directly. Because if there is an error, that will cause a system malfunctioning. The best way to do these changes is to use the 'visudo' command. Though you edit the same file via this command, it will check the syntax before it save those changes to the configurations file permanently.

For an example, think that there is a Linux based proxy server running on your office environment. Normally you do lots of changes upon requests. (It's not a very good practice.) So you want to get the help of a new trainee person to handle the proxy server. But there are few problems. One is you need to restart the proxy service to activate a configuration change. And also you may have some other services running on the same host server. So the server is critical but you need to provide some high level privileges to a non-experienced user.

Now you need to provide some high privileges to the user but only to run some identified commands. According to the example you need to provide privileges to edit the "squid.conf" file, restart the squid service. So you can do this things in many different ways on the "sudoes" file.

Run 'visudo' and go to the line "root  ALL=(ALL) ALL". Add those commands on the next line.

bob squidhost= NOPASSWD: /usr/bin/vim /etc/squid/squid.conf, /sbin/service squid

In the first part you need to set the user name. In this case it's Bob. If you want to set a group you need to add a "%" sign in front of the group name.

Oh the second part you need to specify the hostname.

Then you can add " NOPASSWD: " in between the equal (=) sign and the command to not to ask the password when the user run that command. If you remove that, system will ask user to give the his/her password each time he/she runs a command out of these.

Then you can specify commands that you need to provide to the user. Absolute path is required when specifying commands and configuration files.











Jan 10, 2013

Access a windows share from CentOS

Sometimes Linux users wants to connect to a windows share and copy something from it. To do this, we have two options. One is to use the graphical user interface (GUI). The second option is to use the terminal or the command line. Both of these have there own good and bad.

What ever the method is, you need to install two packages to do this task. Those are "samba-client" and "samba-common". You can use yum to install those packages.

If you want to access '\\host\folder' Windows share from the command line, do it like this.

smbclient //host/folder -U username

if it prompt something like this "smb:\>", you have successfully connected to the share folder. Then type help to get more information.

If you want to access the same folder via the GUI, you need to open a nautilus window and type;

smb://username@host/folder

Then it will prompt you to give the doman/workgroup and the password. If those are correct you can use the windows share successfully.

Jan 7, 2013

Copy files using SCP

SCP is a very basic command that use to copy files between two systems securely. Basic command is like this;

scp /local/file/goingto.copy  remoteuser@remotehost:/remote/location/

I want to copy a file called 'mydoc.txt' in my home directory to a web folder in web server. That will be like;

scp /home/thilina/documents/mydoc.txt  webuser@websvr:/var/www/html/


Think that you need to copy a hole directory to some other place using this. You only need to add a '-r' to the previous command.

scp -r /home/thilina/documents/ webuser@websvr:/var/www/html/

Jan 6, 2013

Schedule tasks in Linux using cron

Cron is used to schedule tasks in Linux/Unix systems. It needs to runs as a daemon on the system. In most systems crond (cron daemon) is available and configured to run at the startup by default. You can check it by using;

ps -ef  | grep cron

If it is not running at the startup, start the daemon

service crond start

and set it to start at the system startup.

chkconfig crond on

Then you can do scheduling. If you view the '/etc/crontab' file you can get all the information needed to provide to automate an execution of a command.

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed

You can run these commands as ether root or a normal user. Type 'crontab -e' to add/edit crons. If you type 'crontab -e' as a normal user, it will open a user specific cron list. If you need to schedule a task which require admin privileges, you need to login as root and type the 'crontab -e'.

Do a task in every 15 min.

*/15 * * * * root /usr/bin/command

or

0,15,30,45 * * * *  root /usr/bin/command

There are some more keywords you can when scheduling tasks. Those are;

@reboot
@yearly or @annually
@monthly
@weekly
@daily or @midnight
@hourly

You can use it like this;

@reboot  /root/scripts/mystartup.sh

You can modify a command to log the output of the execution to a specific file by;

@reboot  /root/scripts/mystartup.sh  >>/var/log/mystartupcron.log 2>&1

Note: Try to use absolute paths when editing commands in crontab.

Jan 3, 2013

Set proxy settings on Linux systems


If a system is connected to the internet via a proxy server, we need to give those information to the system. To do that, can use ' /etc/environment ' file to set system wide proxy settings.

You just need to add the proxy server IP or the domain name and the port number.
http_proxy=proxysvr.local:3128
https_proxy=proxysvr.local:3128
ftp_proxy=proxysvr.local:3128

if you need to avoid some hosts going through the proxy server you need to add this;
no_proxy="localhost,127.0.0.1,localaddress,.server.local"

Some software products refer to the upper case of those variables therefore it is better to use the upper case copy of the same settings.
HTTP_PROXY=proxysvr.local:3128
HTTPS_PROXY=proxysvr.local:3128
FTP_PROXY=proxysvr.local:3128
NO_PROXY="localhost,127.0.0.1,localaddress,.server.local"


Note:-
Event though you add proxy settings in this, some tools like apt-get will not work. In such a case you need to refer the configurations guide of that tool.
You can set user specific proxy settings by settings those environment variables in '~/.bash_profile' file.