Thursday, 24 July 2014

Editing the /etc/inittab File in Maintenance Mode

By No comments

Problem(Abstract)

This technote describes a technique for creating a minimal /etc/inittab file if no other tools are available.

Symptom

System hangs or crashes at boot time.

Cause

A bad entry in the /etc/inittab is keeping the system from booting properly.

Resolving the problem

Ordinarily if there is a problem with one or more entries in the /etc/inittab the preferred method of editing it is:

1. Boot into Maintenance Mode off AIX install CDs, mksysb, or NIM
2. Access the rootvg and start a shell with the filesystems mounted.
3. Edit /etc/inittab down to a minimum 3 lines:
init:2:initdefault:
brc::sysinit:/sbin/rc.boot 3 >/dev/console 2>&1 # Phase 3 of system boot
cons:0123456789:respawn:/usr/sbin/getty /dev/console
In cases where the rootvg filesystems cannot be mounted automatically (for example the CD media is a different Technology Level than what exists on hard disk; or the filesystems for some reason won't automatically mount), commands such as the "vi" editor won't be available to edit the inittab.

In this case a hard-luck method can be used to create a minimal inittab.
1. Boot into Maintenance Mode and choose Option 2 "Access rootvg and start a shell before mounting filesystems".

2. Once in Maintenance Mode, fsck all rootvg filesystems necessary:
# fsck /dev/hd1
# fsck /dev/hd2
# fsck /dev/hd3
# fsck /dev/hd4
# fsck /dev/hd9var

3. Mount root on a temporary mount point:
# mount /dev/hd4 /mnt

4. Copy the bad inittab to a backup:
# cd /mnt/etc
# mv inittab inittab.bad

5. Use grep to create a minimal new inittab:
# grep "init:" inittab.bad > inittab (adds both the init: and brc: entries)
# grep "^cons:" inittab.bad >> inittab (adds the cons: entry)

6. Reboot using the new inittab:
# sync; sync; sync
# cd /
# umount /mnt

power cycle the system from the front panel or HMC

Read More

How to enable the Name Service cache Daemon (NSCD)

By , , 1 comment

Question

How do you enable NSCD to improve the performance of the hostname, password, name and group lookup which is frequently being done by IBM Rational ClearCase?

Cause

By enabling the Name Service cache Daemon (NSCD) of the operating system, a significant performance improvement can be achieved when using naming services like DNS, NIS, NIS+, LDAP.

Answer

Benefit of name service cache daemon (NSCD) for ClearCase

Example:

WithoutNSCD:
[user@host]$ time cleartool co -nc "/var/tmp/file"
Checked out "/var/tmp/file" from version "/main/10".
real    0m3.355s
user    0m0.020s
sys     0m0.018s
With NSCD
[user@host]$ time cleartool co -nc "/var/tmp/file"
Checked out "/var/tmp/file" from version "/main/11".
real    0m0.556s
user    0m0.021s
sys     0m0.016s
Enabling NSCD
Solaris:
/etc/init.d/nscd start

Linux
service nscd start

AIX:
startsrc -s netcd
Note: In addition to having nscd started it is mandatory to be sure this service will be started after a reboot. For instance on Red Hat and SuSE you can run:
chkconfig nscd  on
For more details on how to configure and or enable NSCD refer to your respective operating system vendor's manpage.

Note that this service is not yet available on HP-UX platforms.
Read More

Monday, 21 July 2014

Howto fix delay in SSH Login

By No comments
Have you ever faced  login delays  when you tried to connect to the Linux systems, if yes this is happening due to  reverse DNS look-up  query that is been made to DNS Server.

We can fix this issue as mentioned below steps:

1) Take /etc/ssh/sshd_config  backup
# cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.`date '+%m-%d-%Y_%H:%M:%S'`
2) Edit  /etc/ssh/sshd_config  on sshd  Server
vi /etc/ssh/sshd_config

  And add this DNS option to the file:

  UseDNS no
3) Now add the following line to your /etc/resolv.conf
   options single-request-reopen 4) Restart ssh daemon
# service sshd restart
Sometimes adding the client's net address to the server's /etc/hosts can fix this issue  which is an alternative method. 
Read More

Monday, 14 July 2014

Install SNMP Service on RHEL or CentOS

By , , 1 comment

Install SNMP Service on RHEL or CentOS

In this article  we are going to learn  how to install and start  SNMP service in RHEL/CentOS.

We need  to have  net-snmp rpm package installed on the servers , generally it would come with repository.


1. Install net-snmp with yum:

#yum install net-snmp
[root@umserv]# yum install net-snmp
Loaded plugins: dellsysid, fastestmirror
Loading mirror speeds from cached hostfile
-----
-----
Dependencies Resolved

========================================================================================================================================================================
Package    Arch         Version          Repository        Size
========================================================================================================================================================================
Installing:
net-snmp     x86_64   1:5.3.2.2-22.el5_10.1    updates  708 k
Installing for dependencies:
 lm_sensors     x86_64  2.10.7-9.el5       base     525 k
Updating for dependencies:
 net-snmp-libs  i386    1:5.3.2.2-22.el5_10.1    updates  1.3 M
 net-snmp-libs  x86_64  1:5.3.2.2-22.el5_10.1    updates  1.3 M

Transaction Summary
========================================================================================================================================================================
Install      2 Package(s)
Update       2 Package(s)
Remove       0 Package(s)

Total download size: 3.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): lm_sensors-2.10.7-9.el5.x86_64.rpm        | 525 kB     00:01
(2/4): net-snmp-5.3.2.2-22.el5_10.1.x86_64.rpm   | 708 kB     00:02
(3/4): net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm      | 1.3 MB     00:04
(4/4): net-snmp-libs-5.3.2.2-22.el5_10.1.x86_64.rpm    | 1.3 MB     00:03
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total   168 kB/s | 3.8 MB     00:23
Running rpm_check_debug
Running Transaction Test

Finished Transaction Test
Transaction Test Succeeded
Running Transaction
----
----
Installed:
  net-snmp.x86_64 1:5.3.2.2-22.el5_10.1

Dependency Installed:
  lm_sensors.x86_64 0:2.10.7-9.el5

Dependency Updated:
  net-snmp-libs.i386 1:5.3.2.2-22.el5_10.1 net-snmp-libs.x86_64 1:5.3.2.2-22.el5_10.1

Complete!
[root@umserv]#

2. Simple SNMP configuration:

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.old
Add   below configuration to /etc/snmp/snmpd.conf
rocommunity  public  xxx.xxx.xxx.xxx
rocommunity  public   127.0.0.1
syslocation  "HYD, UM DataCenter"
syscontact  surya@unixmantra.com

Replace xxx.xxx.xxx.xxx with the IP address of the server that you want to allow SNMP lookups from:
rocommunity public xxx.xxx.xxx.xxx

3. Start the SNMP service, and set it to auto-start on reboot:

/etc/init.d/snmpd start
chkconfig snmpd on
Note:If you have a firewall configured, ensure that you have UDP port 161 open to your SNMP lookup server.

4) Validation:

On your SNMP lookup server, you can do the following to perform a quick SNMP test to ensure that it’s working.
snmpwalk -v 2c -c public xxx.xxx.xxx.xxx or snmpwalk -v 1 -c public -O e 127.0.0.1
[root@umserv ~]# snmpwalk -v 1 -c public -O e 127.0.0.1
SNMPv2-MIB::sysDescr.0 = STRING: Linux umserv 2.6.18-92.1.17.el5 #1 SMP Mon Jul 14 06:07:13 IST 2014 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (16748) 0:02:47.48
SNMPv2-MIB::sysContact.0 = STRING: surya@unixmantra.com
SNMPv2-MIB::sysName.0 = STRING: umserv
SNMPv2-MIB::sysLocation.0 = STRING: "HYD, UM DataCenter"
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
...
...
Yes, it is working
Read More

Tuesday, 24 June 2014

AIX RC Scripts

By No comments
We need some applications  should be stopped and started gracefully without manual intervention during the reboots . Order to serve this purpose , we use  rc scripts in all unix flavors including AIX  .

So, how do rc.scripts work:
  1. Write a single script, put it into /etc/rc.d/init.d, make sure the script accepts a single parameter of start or stop and does the right thing.
  2. In /etc/rc.d/rc2.d create a link (ln -s) to the script in init.d called Sxxname where xx is a number that dictates where in comparison to other scripts in the directory your script will execute (lower number first).
  3. In /etc/rc.d/rc2.d create a link to the script in init.d called Kxxname where xx is a number which dictates when the script is run to stop your app in comparison to other scripts in the directory (lower number first).
Note: Its just convention to place scripts in /etc/rc.d/init.d and make  soft links  in /etc/rc.d/rc2.d. But its need not mandatory to keep  scripts in /etc/rc.d/init.d.

Example RC Script:

#!/usr/bin/ksh

ulimit -c 0

case "$1" in
start )
        ps -ef | grep -v grep | grep myengine > /dev/null
        ret=$?
        if [ $ret -gt 0 ]; then
                /var/myengine/bin/startup.sh
        fi
        ;;
stop )
        PID=$$
        for i in myengine-app1 myengine-app2 myengine-app3 myengine-app4; do
                ps -ef | grep $i | grep -v grep | awk '{print $2}' >> /tmp/myengine.$PID
        done
        while read line; do
                kill $line
        done < /tmp/myengine.$PID
        rm /tmp/myengine.$PID
        ;;
* )
        echo "Usage: $0 (start | stop)"
        exit 1
esac

Example Creating Symbolic Links

This is an example on creating symbolic links for automatic startup for tivoli. tivoli should start first (meaning a low Sxx) and stop last (meaning a high Kxx):
umadmin@umserve1:/etc/rc.d/rc2.d>sudo ln -s /etc/rc.d/init.d/rc.tivoli S20tivoli
umadmin@umserve1:/etc/rc.d/rc2.d>sudo ln -s /etc/rc.d/init.d/rc.tivoli K70tivoli

Read More

Thursday, 19 June 2014

How to Convert OpenSSH to SSH2 and vise versa

By , , , , , 1 comment
The program SSH (Secure Shell) provides an encrypted channel for logging into another computer over a network, executing commands on a remote computer, and moving files from one computer to another. SSH provides strong host-to-host and user authentication as well as secure encrypted communications over the Internet.

SSH2 is a more secure, efficient, and portable version of SSH .

Connecting two servers running different type of SSH can be a danting task if you does not know how to convert the key. In this article ,we are going to learn about how to convert  keys   SSH( OpenSSH) to SSH2.

How to Generate OpenSSH(SSH v1) key :

umadm@umixserv1 [/home/umadm/.ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/umadm/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/umadm/.ssh/id_rsa.
Your public key has been saved in /home/umadm/.ssh/id_rsa.pub.
The key fingerprint is:
5b:ac:ea:c3:25:cf:2d:31:a2:aa:83:76:4b:a2:c9:eb umadm@umixserv1
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|         .       |
|        S o      |
|. o   . .+       |
|+o o + oo        |
|Bo.   =.         |
|#Eo..oo.         |
+-----------------+
umadm@umixserv1 [/home/umadm/.ssh]$
Here we get two encrypted keys  callled   private key( called id_rsa) and public key id_rsa.pub  undr ~$HOME/.ssh directory.
  
You can generate dsa key by using below command.
#ssh-keygen -t dsa

Convert SSH2 to  OpenSSH(SSH):


The command below can be used to convert an SSH2 private key into the OpenSSH format:
ssh-keygen -i -f path/to/private.key > path/to/new/opensshprivate.key
The command below can be used to convert an SSH2 public key into the OpenSSH format:
ssh-keygen -i -f path/to/publicsshkey.pub > path/to/publickey.pub
Here  -i ==> SSH to read an SSH2 key and convert it into the OpenSSH format

Convert OpenSSH(SSH) to SSH2:

The  reverse  process to convert an OpenSSH key into the SSH2 format in the event that a client application requires the other format. This can be done using the following command:

OpenSSH to SSH2 Private key conversion:
ssh-keygen -e -f path/to/opensshprivate.key > path/to/ssh2privatekey/ssh2privatekey
OpenSSH to SSH2 Public key conversion:
ssh-keygen -e -f path/to/publickey.pub > path/to/ssh2privatekey/ssh2publickey.pub
Here  -e ==> SSH to read an OpenSSH key file and convert it to SSH2 format

Note:If you need passwordless authentication  b/w two different hosts , you need to convert the publickey as per the destination server SSH version and  append the public key to   ~/.ssh/authorized_keys or  ~/.ssh2/authorized_keys at destination server.
Read More