Push your SSH key to all the ESXi servers

First collect the list of ESXi servers using ezmomi

ezmomi list –type HostSystem | awk ‘/^host/ {print $2}’ > /tmp/esxis

Now push the ssh key to all the ESXi systems under root using a while loop

while read -r host
echo $host
cat .ssh/id_rsa.pub | sshpass -p ‘p@ssw0rd’ ssh -q -oStrictHostKeyChecking=no $host “cat – >> /etc/ssh/keys-root/authorized_keys”
done < /tmp/esxis

root password for esxi servers

I picked a while loop since ansible cannot push it as esxis is missing python grp module. It fails at import grp with ImportError: No module named grp.

Posted in solaris | Leave a comment

Push your SSH Key to Tons of Systems

If you want to push your ssh key on multiple systems or one system you can use ansible to make the push. I am assuming your sshd_config on remote server has PubkeyAuthentication set to yes. It is a requirement for ssh key based authentication to work. You could use a Match block in sshd_config and allow a group to login with ssh key.

For single server:

ansible myhost -i inventory –ask-pass -m authorized_key -a ” user=<username> key=’$(cat ~/.ssh/id_rsa.pub)’ “

For multiple servers:

ansible myhostgroup -i inventory –ask-pass -m authorized_key -a ” user=<username> key=’$(cat ~/.ssh/id_rsa.pub)’ “

Inventory file:

cat inventory

<username> is just a placeholder for most likely your username assuming you have an account on remote system.

This is an idempotent operation. So it will not append the key multiple times even if you
run this multiple times

Checkout more details on the ansible module authorized_key

Posted in solaris | Leave a comment

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

600 people reached the top of Mt. Everest in 2012. This blog got about 2,500 views in 2012. If every person who reached the top of Mt. Everest viewed this blog, it would have taken 4 years to get that many views.

Click here to see the complete report.

Posted in solaris | Leave a comment

Run devmon using upstart script

$ cat /etc/init/devmon.conf
description “DEVMON Hobbit SNMP tool upstart script”
author “Asif Iqbal”

start on runlevel [23]
stop on runlevel [!23]

exec su devmon -c “/usr/local/devmon/devmon -f”


Posted in solaris | Tagged | 1 Comment

Install Ubuntu on X2100 over the network using PXE

Pick a server that will host the netboot image, run dhcp and tftp server. Lets call it sys-ubuntu.

– login to sys-ubuntu

– install dhcp server
sudo apt-get install dhcp3-server

– edit the /etc/dhcp3/dhcpd.conf like this

sudo vi /etc/dhcp3/dhcpd.conf
ddns-update-style none;
option domain-name “example.net”; # pick the right domain
option domain-name-servers,; # pick the correct dns resolvers. you may try opendns IPs
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet netmask { # pick your network
option domain-name-servers,;
option routers; # pick the correct gateway
range; # pick a range of IP that are not in use and on same network as sys-ubuntu
next-server; # this is the IP of sys-ubuntu. YMMV
filename “/var/lib/tftpboot/pxelinux.0”; # for some reason tftp was complaining if absolute pathname is given

– start the dhcp server
sudo /etc/init.d/dhcp3-server start

– install tftpd server
sudo apt-get install tftpd-hpa

– update the tftpd-hpa default tftp directory

sudo vi /etc/default/tftpd-hpa

– restart tftpd-hpa

stop tftpd-hpa
start tftpd-hpa

– get the latest 64bit netboot image and dump it into the tftp’s root dir

  sudo cd /var/lib/tftpboot
  wget http://archive.ubuntu.com/ubuntu/dists/maverick/main/installer-amd64/
         current/images/netboot/netboot.tar.gz (one line)
  sudo tar -xzvf netboot.tar.gz

– edit pxelinux.cfg/default and ubuntu-installer/amd64/boot-screens/text.cfg to enable the serial console to work

sudo vi pxelinux.cfg/default and add serial 0 and modify prompt and timeout so it looks something like below

serial 0
include ubuntu-installer/amd64/boot-screens/menu.cfg
default ubuntu-installer/amd64/boot-screens/vesamenu.c32
prompt 1
timeout 300

sudo vi ubuntu-installer/amd64/boot-screens/text.cfg
replace default install with default cli, append console=ttyS0,9600n8 and remove quiet at the end of the second append.. line like below stanza

default cli
label install
menu label ^Install
menu default
kernel ubuntu-installer/amd64/linux
append vga=normal initrd=ubuntu-installer/amd64/initrd.gz — quiet
label cli
menu label ^Command-line install
kernel ubuntu-installer/amd64/linux
append tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false vga=normal initrd=ubuntu-installer/amd64/initrd.gz — console=ttyS0,9600n8

– disable UFW for few mins for the PXE talk
(better would be adding some fw rules)
ufw disable

– look at this X2100.png for key maps

– connect your laptop to your X2100’s serial (rs232) interface, start minicom (or hyperterminal) and power it on

– direct it to boot thru PXE using ESC+8

– if the client screen is blank at any point, just hit enter.

– once installation completes enable the fw and disable the dhcp and tftpd server

ufw enable
sudo /etc/init.d/dhcp3-server stop
stop tftpd-hpa

Posted in ubuntu | Leave a comment

How to find out SMF manifests that are optional to a service

I ran nmap against one of my solaris 10 server and noticed rpc port 111 is on

I want to disable rpcbind to close that port, but I need to make sure it does not
break anything. To do that, I have to find out which process(es) or service(s) are
depending on rpcbind as a required service. If rpcbind is optional for a service,
then rpcbind is not needed to run.

Since Solaris 10 uses SMF to start all my services it should be pretty easy to find
out about those dependencies.

Ok so lets find out which SMF service (FMRI) starts rpcbind. The contract id of a
process is assigned by the FMRI. So I just have to map the svc to the process
based on the contract id (ctid)

Lets find the ctid (contract id) of process rpcbind

(root)@solaris:~# ps -eo ctid,ppid,args | grep rpcbind
48 1 /usr/sbin/rpcbind

Ok, so ctid is 48 for process rpcbind

Lets find out which svc has the same contract id

(root)@solaris:~# svcs -a -v | grep online | grep 48
online - 15:16:07 48 svc:/network/rpc/bind:default

There we go. So FMRI rpc/bind:default started rpcbind

Lets find out which svcs are depending on rpcbind

(root)@solaris:~# svcs -D rpc/bind | grep online
online 15:16:08 svc:/system/filesystem/autofs:default
online 15:16:09 svc:/network/inetd:default
online 15:16:11 svc:/system/fmd:default
online 15:16:15 svc:/milestone/multi-user:default
online 15:16:17 svc:/network/rpc/gss:default
online 15:16:17 svc:/network/rpc/smserver:default
online 15:16:17 svc:/network/rpc/cde-ttdbserver:tcp
online 15:16:17 svc:/network/rpc/cde-calendar-manager:default
online 15:16:17 svc:/system/filesystem/volfs:default

So the above 9 svcs are depending on rpcbind. However there are
two types of dependencies. Required and Optional.
If any svc is optionally depending on rpcbind then it will still run (start) even
when rpcbind is not running.

So lets find out which svcs require rpcbind and which do not to run/start

I am going to loop through all the dependent services with a quick one-liner to get my answer

(root)@solaris:~# svcs -D rpc/bind | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep rpc/bind | sed 's/dependency//' ; done

svc:/system/filesystem/autofs:default => require_all/restart svc:/network/rpc/bind (online)
svc:/network/inetd:default => optional_all/error svc:/network/rpc/bind (online)
svc:/system/fmd:default => optional_all/none svc:/network/rpc/bind (online)
svc:/milestone/multi-user:default => optional_all/none svc:/network/rpc/bind (online)
svc:/network/rpc/gss:default => require_all/restart svc:/network/rpc/bind (online)
svc:/network/rpc/smserver:default => require_all/restart svc:/network/rpc/bind (online)
svc:/network/rpc/cde-ttdbserver:tcp => require_all/restart svc:/network/rpc/bind (online)
svc:/network/rpc/cde-calendar-manager:default => require_all/restart svc:/network/rpc/bind (online)
svc:/system/filesystem/volfs:default => require_all/restart svc:/network/rpc/bind (online)

So looks like following three services do not need rpcbind run, hence optional

online 15:16:09 svc:/network/inetd:default
online 15:16:11 svc:/system/fmd:default
online 15:16:15 svc:/milestone/multi-user:default

And the following svcs require rpcbind to run to start

online 16:26:21 svc:/system/filesystem/autofs:default
online 16:26:31 svc:/network/rpc/gss:default
online 16:26:31 svc:/network/rpc/smserver:default
online 16:26:32 svc:/network/rpc/cde-ttdbserver:tcp
online 16:26:32 svc:/network/rpc/cde-calendar-manager:default
online 16:26:32 svc:/system/filesystem/volfs:default

So we cannot turnoff rpcbind yet.
Let’s see if we need the svcs themselves, that requiring rpcbind to run, is necessary
to run or not

If we can find out these svcs are not necessary to run, then there will be no
reason for the rpcbind to run either.

We are going through each of the dependent svcs and see if any svc require
them to run.

So lets start with filesystem/autofs and so on

(root)@solaris:~# svcs -D filesystem/autofs:default | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep filesystem/autofs | sed 's/dependency//' ; done
svc:/system/dumpadm:default => optional_all/none svc:/system/filesystem/autofs (online) svc:/network/nfs/client (disabled)
svc:/network/ssh:default => optional_all/none svc:/system/filesystem/autofs (online)
svc:/system/system-log:default => optional_all/none svc:/system/filesystem/autofs (online)
svc:/network/smtp:sendmail => optional_all/none svc:/system/filesystem/autofs (online)
svc:/network/http:cswapache2 => optional_all/error svc:/system/filesystem/autofs:default (online)
svc:/milestone/multi-user:default => optional_all/none svc:/system/filesystem/autofs (online)

Looks like no svc requires filesystem/autofs. So we can go ahead disable it

(root)@solaris:~# svcadm disable filesystem/autofs

Next svc to test is rpc/gss

(root)@solaris:~# svcs -D rpc/gss | grep online

So no online svc depends on rpc/gss. That means it will go to disable bucket
as well
(root)@solaris:~# svcadm disable rpc/gss

Next svc to test is rpc/smserver

(root)@solaris:~# svcs -D rpc/smserver | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep rpc/smserver | sed 's/dependency//' ; done
svc:/system/filesystem/volfs:default => require_all/none svc:/network/rpc/smserver (online)

So rpc/smsserver is required by svc filesystem/volfs

So lets drill down. If filesystem/volfs is not required by anyone then we can
disable it. Which will let the svc above in the dependency channel to be disabled
as well

(root)@solaris:~# svcs -D filesystem/volfs | grep online

Bingo! looks like no svc depends on filesystem/volfs. So disabling it
(root)@solaris:~# svcadm disable filesystem/volfs

So rpc/smserver can go away too since the only svc that depends on
it, filesystem/volfs is just disabled

(root)@solaris:~# svcadm disable rpc/smserver

Next svc that requires rpcbind to run is rpc/cde-ttdbserver
(root)@solaris:~# svcs -D rpc/cde-ttdbserver | grep online

So no svc running, that depends on rpc/cde-ttdbserver. Another candidate
for the disable bucket
(root)@solaris:~# svcadm disable rpc/cde-ttdbserver

Next svc in line is rpc/cde-calendar-manager
(root)@solaris:~# svcs -D rpc/cde-calendar-manager | grep online

No svc depends on it, so disabling it too
(root)@solaris:~# svcadm disable rpc/cde-calendar-manager

Now lets re-run the oneliner against rpc/bind svc again to see if there is still
any svc that is online that requires rcpbind to run
(root)@solaris:~# svcs -D rpc/bind | grep online | awk '{print $NF}' | while read s junk; do echo -n "$s => "; svcs -l $s | grep rpc/bind | sed 's/dependency//' ; done
svc:/network/inetd:default => optional_all/error svc:/network/rpc/bind (online)
svc:/system/fmd:default => optional_all/none svc:/network/rpc/bind (online)
svc:/milestone/multi-user:default => optional_all/none svc:/network/rpc/bind (online)

So looks like there is no online svc, that depends on rpcbind and requires to run.

So we can safely assume that rpcbind can be disabled without hurting the system.
And restarting the system will not change the state.

(root)@solaris:~# svcadm disable rpc/bind

Posted in solaris | 2 Comments

how to replace hp nc6220 laptop keyboard

– Remove the three screws in the back pointing with kbd sign
– Slide the four hooks out, residing on the front of the kbd
close to the screen positioned between esc,f1 and f4,f5 and
f8,f9 and f12,delete
– Push the kbd towards the screen with your thumbs
– (you are almost done)
– (you should see a wide and a skinny connector going from the
back of the kbd to the motherboard.)
– Gently pull them out and now your kbd is free.
Pay close attention to the orientation on how the
connectors are in place.

Now put the new kbd back in that reverse order.

Take time to push the new connectors back on and I noticed it helps to use guide it using thumbs.

Hopefully now you have a new replacement keyboard.

Posted in laptop | Leave a comment