Install Ubuntu on X2100 over the network using PXE

Pick a server that will host the netboot image, run dhcp and tftp server. Lets call it sys-ubuntu.

- login to sys-ubuntu

- install dhcp server
sudo apt-get install dhcp3-server

- edit the /etc/dhcp3/dhcpd.conf like this

sudo vi /etc/dhcp3/dhcpd.conf
ddns-update-style none;
option domain-name “example.net”; # pick the right domain
option domain-name-servers 192.168.2.65, 192.168.3.65; # pick the correct dns resolvers. you may try opendns IPs
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 { # pick your network
option domain-name-servers 192.168.2.65, 192.168.3.65;
option routers 192.168.0.1; # pick the correct gateway
range 192.168.0.80 192.168.0.90; # pick a range of IP that are not in use and on same network as sys-ubuntu
next-server 192.168.0.81; # this is the IP of sys-ubuntu. YMMV
filename “/var/lib/tftpboot/pxelinux.0″; # for some reason tftp was complaining if absolute pathname is given
}

- start the dhcp server
sudo /etc/init.d/dhcp3-server start

- install tftpd server
sudo apt-get install tftpd-hpa

- update the tftpd-hpa default tftp directory

sudo vi /etc/default/tftpd-hpa
TFTP_DIRECTORY="/var/lib/tftpboot"


- restart tftpd-hpa

stop tftpd-hpa
start tftpd-hpa


- now the last part. get the latest 64bit netboot image and dump it into the tftp’s root dir

  sudo cd /var/lib/tftpboot
  wget http://archive.ubuntu.com/ubuntu/dists/maverick/main/installer-amd64/
         current/images/netboot/netboot.tar.gz (one line)
  sudo tar -xzvf netboot.tar.gz

- now edit a file to enable the serial console to work
sudo vi ubuntu-installer/amd64/boot-screens/text.cfg
add "console=ttyS0,9600n8" to the end of the append lines like these

default install
label install
menu label ^Install
menu default
kernel ubuntu-installer/amd64/linux
append vga=normal initrd=ubuntu-installer/amd64/initrd.gz — quiet console=ttyS0,9600n8
label cli
menu label ^Command-line install
kernel ubuntu-installer/amd64/linux
append tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false vga=normal initrd=ubuntu-installer/amd64/initrd.gz — quiet console=ttyS0,9600n8

- now disable UFW for few mins for the PXE talk
(better would be adding some fw rules)
ufw disable

- look at this X2100.png for key maps

- connect your laptop to your X2100′s serial (rs232) interface, start minicom (or hyperterminal) and power it on

- direct it to boot thru PXE using ESC+8

- if the client screen is blank at any point, just hit enter.

- once installation completes enable the fw and disable the dhcp and tftpd server

ufw enable
sudo /etc/init.d/dhcp3-server stop
stop tftpd-hpa


How to find out SMF manifests that are optional to a service

I ran nmap against one of my solaris 10 server and noticed rpc port 111 is on

I want to disable rpcbind to close that port, but I need to make sure it does not
break anything. To do that, I have to find out which process(es) or service(s) are
depending on rpcbind as a required service. If rpcbind is optional for a service,
then rpcbind is not needed to run.

Since Solaris 10 uses SMF to start all my services it should be pretty easy to find
out about those dependencies.

Ok so lets find out which SMF service (FMRI) starts rpcbind. The contract id of a
process is assigned by the FMRI. So I just have to map the svc to the process
based on the contract id (ctid)

Lets find the ctid (contract id) of process rpcbind

(root)@solaris:~# ps -eo ctid,ppid,args | grep rpcbind
48 1 /usr/sbin/rpcbind

Ok, so ctid is 48 for process rpcbind

Lets find out which svc has the same contract id

(root)@solaris:~# svcs -a -v | grep online | grep 48
online - 15:16:07 48 svc:/network/rpc/bind:default

There we go. So FMRI rpc/bind:default started rpcbind

Lets find out which svcs are depending on rpcbind

(root)@solaris:~# svcs -D rpc/bind | grep online
online 15:16:08 svc:/system/filesystem/autofs:default
online 15:16:09 svc:/network/inetd:default
online 15:16:11 svc:/system/fmd:default
online 15:16:15 svc:/milestone/multi-user:default
online 15:16:17 svc:/network/rpc/gss:default
online 15:16:17 svc:/network/rpc/smserver:default
online 15:16:17 svc:/network/rpc/cde-ttdbserver:tcp
online 15:16:17 svc:/network/rpc/cde-calendar-manager:default
online 15:16:17 svc:/system/filesystem/volfs:default


So the above 9 svcs are depending on rpcbind. However there are
two types of dependencies. Required and Optional.
If any svc is optionally depending on rpcbind then it will still run (start) even
when rpcbind is not running.

So lets find out which svcs require rpcbind and which do not to run/start

I am going to loop through all the dependent services with a quick one-liner to get my answer

(root)@solaris:~# svcs -D rpc/bind | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep rpc/bind | sed 's/dependency//' ; done

svc:/system/filesystem/autofs:default => require_all/restart svc:/network/rpc/bind (online)
svc:/network/inetd:default => optional_all/error svc:/network/rpc/bind (online)
svc:/system/fmd:default => optional_all/none svc:/network/rpc/bind (online)
svc:/milestone/multi-user:default => optional_all/none svc:/network/rpc/bind (online)
svc:/network/rpc/gss:default => require_all/restart svc:/network/rpc/bind (online)
svc:/network/rpc/smserver:default => require_all/restart svc:/network/rpc/bind (online)
svc:/network/rpc/cde-ttdbserver:tcp => require_all/restart svc:/network/rpc/bind (online)
svc:/network/rpc/cde-calendar-manager:default => require_all/restart svc:/network/rpc/bind (online)
svc:/system/filesystem/volfs:default => require_all/restart svc:/network/rpc/bind (online)


So looks like following three services do not need rpcbind run, hence optional


online 15:16:09 svc:/network/inetd:default
online 15:16:11 svc:/system/fmd:default
online 15:16:15 svc:/milestone/multi-user:default

And the following svcs require rpcbind to run to start


online 16:26:21 svc:/system/filesystem/autofs:default
online 16:26:31 svc:/network/rpc/gss:default
online 16:26:31 svc:/network/rpc/smserver:default
online 16:26:32 svc:/network/rpc/cde-ttdbserver:tcp
online 16:26:32 svc:/network/rpc/cde-calendar-manager:default
online 16:26:32 svc:/system/filesystem/volfs:default


So we cannot turnoff rpcbind yet.
Let’s see if we need the svcs themselves, that requiring rpcbind to run, is necessary
to run or not

If we can find out these svcs are not necessary to run, then there will be no
reason for the rpcbind to run either.

We are going through each of the dependent svcs and see if any svc require
them to run.

So lets start with filesystem/autofs and so on

(root)@solaris:~# svcs -D filesystem/autofs:default | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep filesystem/autofs | sed 's/dependency//' ; done
svc:/system/dumpadm:default => optional_all/none svc:/system/filesystem/autofs (online) svc:/network/nfs/client (disabled)
svc:/network/ssh:default => optional_all/none svc:/system/filesystem/autofs (online)
svc:/system/system-log:default => optional_all/none svc:/system/filesystem/autofs (online)
svc:/network/smtp:sendmail => optional_all/none svc:/system/filesystem/autofs (online)
svc:/network/http:cswapache2 => optional_all/error svc:/system/filesystem/autofs:default (online)
svc:/milestone/multi-user:default => optional_all/none svc:/system/filesystem/autofs (online)


Looks like no svc requires filesystem/autofs. So we can go ahead disable it

(root)@solaris:~# svcadm disable filesystem/autofs

Next svc to test is rpc/gss

(root)@solaris:~# svcs -D rpc/gss | grep online
(root)@solaris:~#

So no online svc depends on rpc/gss. That means it will go to disable bucket
as well
(root)@solaris:~# svcadm disable rpc/gss

Next svc to test is rpc/smserver

(root)@solaris:~# svcs -D rpc/smserver | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep rpc/smserver | sed 's/dependency//' ; done
svc:/system/filesystem/volfs:default => require_all/none svc:/network/rpc/smserver (online)

So rpc/smsserver is required by svc filesystem/volfs

So lets drill down. If filesystem/volfs is not required by anyone then we can
disable it. Which will let the svc above in the dependency channel to be disabled
as well

(root)@solaris:~# svcs -D filesystem/volfs | grep online
(root)@solaris:~#

Bingo! looks like no svc depends on filesystem/volfs. So disabling it
(root)@solaris:~# svcadm disable filesystem/volfs

So rpc/smserver can go away too since the only svc that depends on
it, filesystem/volfs is just disabled

(root)@solaris:~# svcadm disable rpc/smserver

Next svc that requires rpcbind to run is rpc/cde-ttdbserver
(root)@solaris:~# svcs -D rpc/cde-ttdbserver | grep online
(root)@solaris:~#

So no svc running, that depends on rpc/cde-ttdbserver. Another candidate
for the disable bucket
(root)@solaris:~# svcadm disable rpc/cde-ttdbserver

Next svc in line is rpc/cde-calendar-manager
(root)@solaris:~# svcs -D rpc/cde-calendar-manager | grep online
(root)@solaris:~#

No svc depends on it, so disabling it too
(root)@solaris:~# svcadm disable rpc/cde-calendar-manager

Now lets re-run the oneliner against rpc/bind svc again to see if there is still
any svc that is online that requires rcpbind to run
(root)@solaris:~# svcs -D rpc/bind | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep rpc/bind | sed 's/dependency//' ; done
svc:/network/inetd:default => optional_all/error svc:/network/rpc/bind (online)
svc:/system/fmd:default => optional_all/none svc:/network/rpc/bind (online)
svc:/milestone/multi-user:default => optional_all/none svc:/network/rpc/bind (online)


So looks like there is no online svc, that depends on rpcbind and requires to run.

So we can safely assume that rpcbind can be disabled without hurting the system.
And restarting the system will not change the state.

(root)@solaris:~# svcadm disable rpc/bind

how to replace hp nc6220 laptop keyboard

- Remove the three screws in the back pointing with kbd sign
- Slide the four hooks out, residing on the front of the kbd
close to the screen positioned between esc,f1 and f4,f5 and
f8,f9 and f12,delete
- Push the kbd towards the screen with your thumbs
- (you are almost done)
- (you should see a wide and a skinny connector going from the
back of the kbd to the motherboard.)
- Gently pull them out and now your kbd is free.
Pay close attention to the orientation on how the
connectors are in place.

Now put the new kbd back in that reverse order.

Take time to push the new connectors back on and I noticed it helps to use guide it using thumbs.

Hopefully now you have a new replacement keyboard.

How to keep a persistent ssh connection

Create a init script like this

# cat /etc/init.d/autossh
#!/bin/sh
autossh -M8122 -R8022:localhost:22 -l username -fN remote.example.net

And link it your rc script

That is all

How to install CAM on global zone ONLY

Download the cam application from SUN site first. Then extract it. Then go to the utils dir and modify the following files and replace the word pkgadd with pkgadd -G and the word patchadd with patchadd -G

install_csm_pkg.ksh
install_firmware_pkg.ksh
install_pkg.ksh
install_patch.ksh


Then run the following command from app’s dir and that is all
./RunMe.bin -c

How to delete a message from qmail queue

Stop the qmail-send first.

svc -d /service/qmail-send

Wait till it goes down. It can take really long time to go down, if your qmail queue is busy

while ! svstat /service/qmail-send | grep ': down'
do
echo "Not down yet!"
sleep 5
done


It will exit out as soon as it is down

Now use `qmqtool‘ to delete your message from queue

qmqtool -d -f 'spammer@spamsite.com'

Now go ahead start the qmail-send back on

svc -u /service/qmail-send

That’s all.

How to find cpu cores on a system

kstat -pm cpu_info | grep brand

That will tell you if a system is dual core or not

How to enable remote access to Sun Java Web Console

svccfg -s svc:/system/webconsole setprop options/tcp_listen = true

svcadm refresh svc:/system/webconsole

How to concatenate multiple PDF files into one

You will need Ghostscript installed in your compter. Then just run the following command

gs -q -sPAPERSIZE=letter -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=out.pdf in1.pdf in2.pdf in3.pdf ...

How to fix Secure HTTP between RT and Qmail

This morning I found out that our company mail server, using qmail, is failing to communicate through secure http to ticket system, using RT

So, I logged into out mail server to verify the mail server to ticket server communication setup

cat /var/qmail/alias/.qmail-help

|822field x-spam-status | egrep -iw yes >/dev/null && exit 100 || exit 0
|822field from | egrep -i “MAILER-DAEMON|POSTMASTER|ABUSE” >/dev/null && exit 100 || exit 0
|822field to | egrep -i “MAILER-DAEMON|POSTMASTER|ABUSE” >/dev/null && exit 100 || exit 0
|822field cc | egrep -i “MAILER-DAEMON|POSTMASTER|ABUSE” >/dev/null && exit 100 || exit 0
|822field return-path | egrep -i “MAILER-DAEMON|POSTMASTER|ABUSE” >/dev/null && exit 100 || exit 0
|/opt/rt3/bin/rt-mailgate –queue help –action correspond –url https://ticket.company.net 2>/dev/null || exit 111

That means any mail goes to help@company.net will eventually use
rt-mailgate to make a secure http connection to the ticket system and create a ticket.

So the first thing that could go wrong is the mail server failing to receive the mail. To double check that I went ahead and send an email from my computer to help@company.net and checked the log on the smtp side.

tail -f /var/log/qmail/smtpd/current | tai64nlocal

I noticed the smtp server received the email based on the following line in the log

2007-08-20 18:29:44.718444500 tcpserver: ok 22971 smtp.company.net:1.2.3.4:25 NO_REVERSE_DNS:2.3.4.5::60738

Where 1.2.3.4 is the company smtp server IP and 2.3.4.5 is my computer sending the email. And it says OK. So we are good on smtp side. Now if you know qmail, you know that this mail then will be handed over eventually to qmail-local alias.

To verify that the mail did not fail on its way to the qmail-local I tried to look at the qmail send log

tail -f /var/log/qmail/current | tai64nlocal

And I see deferal in the delivery for the email that I sent to help@company.ent

2007-08-20 09:03:25.432989500 delivery 1804118: deferral:

Usually you should see a message right after the deferral: to explain why it is deferred like the followings i.e.:

2007-08-20 09:04:01.774745500 delivery 1804142: deferral: Sorry,_I_wasn’t_able_to_establish_an_SMTP_connection._(#4.4.1)/

2007-08-20 09:03:21.451940500 delivery 1804099: deferral: 4.4.8.50_does_not_like_recipient./Remote_host_said:_450_<blah
@blah.com>:_User_unknown_in_local_recipient_table/Giving_up_on_4.4.8.50./

But this time there is no message after deferral:. So I am still clueless as to why it is being deferred instead of being a delivered successfully. Well at least I know that mail is trying to make through. So the next possible point where mail could fail is at the rt-mailgate. If you are not sure why, look at the beginning of the article which shows how the communication is setup in the .qmail-help file

To troubleshoot if rt-mailgate is working I decided to run it in debug mode and send some garbage to it to see how it responds

echo this is a test | /opt/rt3/bin/rt-mailgate –queue help –action correspond –url https://ticket.company.net –debug

I see few lines of error with Crypt::SSLeay module. One of its library that is depending on openssl is failing to load. Why? looks like the openssl library itself changed to a newer version. It might have happend during ssh package upgrade which is very picky about the openssl library version. So that means either openssl library needs to be downgraded to a lower version to match the version Crypt::SSLeay, which probably will break ssh, OR recompile Crypt::SSLeay

I decided to just recompile Crypt::SSLeay and point to new openssl library during compile. I called CPAN to install Crypt::SSLeay module. When it rains it pours. The perl module is failing to compile with default CPAN install method. It is looking for openssl/ssh.h header file under /usr/local/ssl/include/openssl. So instead of using CPAN install command I used CPAN look command which let me compile the module manually from source. I then modified the include variable INC in the Makefile (run perl Makefile.PL first) and replaced include path from /usr/local/ssl/include/openssl to /usr/local/ssl/include. That is pretty much the only hack I needed to do during manul make. After that I did a re make and make install and now I have a fresh new Crypt::SSLeay. To make sure that fixed the rt-mailgate, I feeded some garbage, like before, to it and I got a ok and a Ticket number. Eeehaa secure http communication between mail server and ticket system have been restored and the day is saved!