linux

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

Puppet: Icinga SSH client module

Enable Pluginsync on client
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf

create Nullmailer module
http://www.panticz.de/Puppet-Nullmailer-module

create module structure
mkdir -p /etc/puppet/modules/icinga_ssh_client/manifests
mkdir -p /etc/puppet/modules/icinga_ssh_client/files

download module definiction
wget -q https://raw.githubusercontent.com/panticz/puppet/master/modules/icinga_ssh_client/init.pp -O /etc/puppet/modules/icinga_ssh_client/manifests/init.pp

class icinga_ssh_client {
    package { "nagios-plugins-basic":
        ensure => installed,
    }

    # http://raw.github.com/justintime/nagios-plugins/master/check_mem/check_mem.pl
    file { "/usr/lib/nagios/plugins/check_mem":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_mem",
    }

    # apt-get install -y nagios-plugins-contrib --no-install-recommends
    file { "/usr/lib/nagios/plugins/check_raid":
        mode => 755,
        owner => root,
        group => root,
        require => Package['nagios-plugins-basic'],
        source => "puppet:///modules/icinga_ssh_client/check_raid",
    }

    # TODO: relative path to id_rsa.pub
    # extract data from public key file (e.g. /var/lib/nagios/.ssh/id_rsa.pub)
    $ssh = split(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub"), ' ')
    $ssh_type = values_at($ssh, 0)
    $ssh_key = values_at($ssh, 1)
    $ssh_id = values_at($ssh, 2)
    ssh_authorized_key { $ssh_id:
        ensure => present,
        user => root,
        type => $ssh_type,
        key => $ssh_key,
    }

    # alternatively, read key from file and remove line break
    # ssh_authorized_key { 'nagios@icinga':
    #    ensure => present,
    #    user => root,
    #    type => ssh-rsa,
    #    key => chomp(file("/etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub")),
    # }
}

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include icinga_ssh_client
include nullmailer
...
}

Example: /etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub
ssh-rsa ADAAB3NzaC3yc2EAAAADAEulgMUFyT9y2DaZYXHUdLWvkE9TKE+OVO8jYhmGG2BMmL5Ad3D+flpTMQfpp7EVJg2vTBSiVG4kCVicvb nagios@icinga

# (auto) create new host / object on icinga
cat /etc/icinga/objects/puppet.cfg
define host {
host_name puppet
address 192.168.1.173
use generic-host
hostgroups debian
}

TODO
# (auto) remove old hosts from /var/lib/nagios/.ssh/known_hosts on icinga
# (auto) import new host to /var/lib/nagios/.ssh/known_hosts on icinga

# add raid check
#apt-get install -y hddtemp
#wget -q "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24" -O /usr/lib/nagios/plugins/check_hddtemp
#chmod go+x /usr/lib/nagios/plugins/check_hddtemp

Links
http://serverfault.com/questions/411245/puppetlabs-file-line-type-not-working
http://serverfault.com/questions/238708/adding-lines-to-etc-profile-with-puppet

Debian: Install Puppet on client

Install Puppet client (agent)
wget https://raw.githubusercontent.com/panticz/installit/master/install.puppet-client.sh -O - | bash -

#!/bin/bash

# ensure that this script is run by root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

# install
apt-get install -qq -y puppet
 
# configure to autostart puppet on boot
if [ $(puppet --version | cut -d "." -f1) -ge 3 ]; then
  # puppet 3.x
  /etc/init.d/puppet stop
  puppet agent --enable
else
  # puppet 2.x
  [ -f /etc/default/puppet ] && sed -i 's|START=no|START=yes|g' /etc/default/puppet
fi

enabling pluginsync
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf
sed -i '/\[main\]/a\runinterval=10\' /etc/puppet/puppet.conf

test connection to pupet server
puppet agent --test
OR
puppet agent --test --server puppet.lab --waitforcert 60 --verbose
#--no-daemonize

change update interwal in seconds (default 30min.)
vi /etc/puppet/puppet.conf
[main]
runinterval=300

puppet version
puppet --version

Links
http://docs.puppetlabs.com/learning/agent_master_basic.html

Puppet

Installation
1. Install and configure Puppet on server (/etc/puppet/fileserver.conf)
http://www.panticz.de/install-puppet-server-puppetmaster
2. On client: Install Puppet client
http://www.panticz.de/install-puppet-client
3. On client: apply for certificate (puppet agent --test)
4. On server: confirm certificate (puppet cert sign dev2.lab)
5. On server: configure modules (/etc/puppet/modules/MODULE_NAME/manifests/init.pp)
6. On server: prepare files (/etc/puppet/modules/MODULE_NAME/files)
7. Configure clients (/etc/puppet/manifests/site.pp)

SSH server enable / disable password authentication

Enable
sed -i 's|[#]*PasswordAuthentication no|PasswordAuthentication yes|g' /etc/ssh/sshd_config
sed -i 's|UsePAM no|UsePAM yes|g' /etc/ssh/sshd_config
service ssh restart

Disable (don´t forget to install pre-shared-key first: http://www.panticz.de/ssh_pre-shared-key_authentication)
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/disable_ssh_password_authentication.sh -O - | bash -

#!/bin/bash

sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
sed -i 's|UsePAM yes|UsePAM no|g' /etc/ssh/sshd_config
service ssh restart

# LXC
# disable login without password
lxc-attach -n ${CONTAINER} -- sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- sed -i 's|UsePAM yes|UsePAM no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- service ssh restart

# generate SSH key for root
lxc-attach -n ${CONTAINER} -- ssh-keygen -q -f /root/.ssh/id_rsa -N ''

Install Cinnamon

# add PPA
sudo add-apt-repository -y ppa:gwendal-lebihan-dev/cinnamon-stable
sudo apt-get update

# install cinnamon
sudo apt-get install -y cinnamon

# OPTIONAL: install nemo
sudo apt-get install -y nemo

# Links
http://wiki.ubuntuusers.de/Cinnamon
http://wiki.ubuntuusers.de/Paketquellen_freischalten/PPA#PPA-hinzufuegen

IpFire

http://wiki.ipfire.org/de/addons/net-snmp/start - SNMP Daemon for IpFire

Edit Cron jobs on IpFire
fcrontab -e
/etc/init.d/fcron restart

# force update dyndns every day
#9 2 * * 0 [ -f "/var/ipfire/red/active" ] && /usr/local/bin/setddns.pl -f
0 19 * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/setddns.pl -f

Upgrade
pakfire update
pakfire upgrade

Install Addons
pakfire install -y iftop

Update XEN VM
mount /dev/vg1/fw-boot /mnt/

# add XEN boot entry in GRUB configuration

OpenWrt on TP-Link TL-WR941ND / TL-WR1043ND / TL-WDR3600 / TL-WDR4300

# 15.05
https://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/

# flash tl-wr1043nd
URL=http://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/openwrt-15.05.1-ar71xx-generic-tl-wr1043nd-v1-squashfs-factory.bin
wget ${URL} -P /tmp
scp /tmp/openwrt-15.05-ar71xx-generic-tl-wr1043nd-v1-squashfs-factory.bin root@192.168.1.111:/tmp/
ssh root@192.168.1.111
echo 3 > /proc/sys/vm/drop_caches
mtd -r write /tmp/openwrt-15.05.1-ar71xx-generic-tl-wr1043nd-v1-squashfs-factory.bin firmware

# flash tl-wdr4300

Adaptec RAID controller / arcconf

arcconf GETLOGS 1 DEVICE

# list logical devices
arcconf GETCONFIG 1 LD

# list phisical devices
arcconf GETCONFIG 1 PD

# start adaptec verifi
arcconf TASK START 1 DEVICE 0 0 VERIFY

arcconf GETSTATUS 1

# create JBOD on all devices
# get device count
COUNT=$(arcconf GETCONFIG 1 PD | grep "Hard drive" | wc -l)

# create JBOD on all devices
for CHANNEL in `echo $(seq 1 ${COUNT})`; do
CHANNEL=$((CHANNEL-1))
echo ${CHANNEL}

arcconf CREATE 1 JBOD 0 ${CHANNEL} noprompt
done

# delete devices
arcconf DELETE 1 LOGICALDRIVE ALL noprompt

Install Jameica + Hibiscus online banking

wget https://raw.githubusercontent.com/panticz/installit/master/install.hibiscus.sh -O - | bash -

#!/bin/bash

# install Java
wget https://raw.githubusercontent.com/panticz/installit/master/install.java-jdk.sh -O - | bash -

# download Jameica
if [ "$(uname -m)" == "x86_64" ]; then
  # 64 bit
  URL=http://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux64.zip
else
  # 32 bit
  URL=http://www.willuhn.de/products/jameica/releases/current/jameica/jameica-linux.zip
fi
wget ${URL} -P /tmp

# install Jameica
sudo unzip /tmp/jameica-linux*.zip -d /opt/

# download Hibiscus
wget http://www.willuhn.de/products/hibiscus/releases/current/hibiscus.zip -P /tmp

# install Hibiscus
sudo unzip /tmp/hibiscus.zip -d /opt/jameica/plugins/

# create start entry
cat << EOF | sudo tee /usr/share/applications/Hibiscus.desktop
[Desktop Entry]
Version=1.0
Encoding=UTF-8
Name=Hibiscus
Type=Application
Terminal=false
Exec=/opt/jameica/jameica.sh
Icon=/opt/jameica/jameica-icon.png
Categories=Office;Finance;
EOF

Links
https://launchpad.net/~dennis-benndorf/+archive/ubuntu/ppa - PPA
https://www.willuhn.de/wiki/doku.php?id=support:bezugsquellen
http://wiki.ubuntuusers.de/Hibiscus
http://www.willuhn.de/products/jameica/download.php
http://www.willuhn.de/products/hibiscus/download.php
http://www.heise.de/download/linux/office/finanzsoftware/homebanking-50003505037/

Linpack under Ubuntu / Linux

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.linpack.sh -O - | bash -

#!/bin/bash

URL=http://registrationcenter.intel.com/irc_nas/3914/l_lpk_p_11.1.2.005.tgz

# download
wget ${URL} -O /tmp/l_lpk.tgz

# extract
tar -xzf /tmp/l_lpk.tgz -C /tmp/

# copy linpack to /usr/share directory
cp -a /tmp/linpack_11.1.2/benchmarks/linpack/ /usr/share/

# create soft links to executables
ln -sf /usr/share/linpack/runme_xeon64 /usr/sbin/
ln -sf /usr/share/linpack/xlinpack_xeon64 /usr/sbin/

# adjust path in runme_xeon64
sed -i s'|./xlinpack_$arch lininput_$arch|/usr/sbin/xlinpack_$arch /usr/share/linpack/lininput_$arch|g' /usr/sbin/runme_xeon64

# get CPU info
CPU=$(cat /proc/cpuinfo | grep "model name" | tail -1)
COUNT=$(cat /proc/cpuinfo | grep processor | wc -l)
echo "CPU : $CPU"
echo "COUNT : $COUNT"

# OPTIONAL: configure parameter
# export MKL_DYNAMIC=false
# export OMP_NUM_THREADS=4

# run
runme_xeon64

Links
http://software.intel.com/en-us/articles/intel-math-kernel-library-linpack-download - Intel LINPACK Download
http://www.roylongbottom.org.uk/linpack%20results.htm

Syndicate content