Tag Archive : server

/ server

Running Command on Multiple Servers at Once

December 9, 2015 | Article | No Comments

Maintaining multiple servers is not an easy job. There are cases where you want to run the same command(s) on all the servers. For example, you may want to install/upgrade packages, patch the kernel, update configuration, etc. It would be tedious if you have to log in to each server and run the same routine manually.

In this article, we will discuss a way to log in to some server and run the same command on many different machines at once.

In this article, I use:

  1. Slackware64 14.0 as client machine
  2. Ubuntu 12.10 as client machine
  3. Fedora 17 as client machine
  4. ClusterSSH

ClusterSSH

The administrative tool we have is ClusterSSH. It provides a special console interface where anything you type into the console is automatically sent to as many hosts as you want.

You might visit the official ClusterSSH site for more information.

Installation

Package Manager Way

To install ClusterSSH on Ubuntu, Debian or Linux Mint you can use following command:

sudo apt-get install clusterssh

To install ClusterSSH on CentOS or RHEL, first you need to set up EPEL repository, and then run the following:

sudo yum install clusterssh

Generic Way

Installing ClusterSSH from source is really simple. We will cover how to install ClusterSSH in generic way so we can apply it to various OS.

Clone the source code.

git clone git://github.com/duncs/clusterssh

Or you can download the source code from sourceforge: here

I will focus on the source code cloned from github.

Go to the source code root directory.

First, build the ClusterSSH. ClusterSSH use a perl-based script to configure itself.

perl Build.PL

At some points, ClusterSSH need dependencies that might not installed on your system. To install the dependencies, do following:

./Build installdeps

Once the dependencies are fulfilled, next invoke following commands:

./Build
./Build test
./Build install

Configure ClusterSSH

Once installation finished, the first step is to define a cluster of hosts that you want to run commands on. To do that, create a system-wide ClusterSSH configuration as /etc/clusters and write following:

clusters = my_cluster my_cluster2
my_cluster = host1 host2 host3 host4
my_cluster2 = host5 host6

A cluster is a group of hosts which you want to log in to, and run commands on. Here we specify two clusters: my_cluster and my_cluster2 with respective machine there. Of course the host1 is the host in hostname or IP address format.

If you want a user-specific ClusterSSH configuration, simply use ~/.csshrc instead of /etc/clusters.

When you launch ClusterSSH with any user-defined cluster, it will use ssh to log in to individual hosts in the cluster, and run any user-typed commands on the hosts.

Launch ClusterSSH

To launch ClusterSSH, run cssh command as follows:

cssh -l userid my_cluster

Where “userid” is a login ID for all the hosts in the cluster, and “my_cluster” is the cluster name.

If you want, you can specify individual hostnames instead of the cluster name.

cssh -l userid host1 host2 host3

Once cssh command is executed, it will pop up XTerm windows for individual hosts, as well as a small window labeled “CSSH [2]“, which is ClusterSSH console window. Whatever you type in the console window will simultaneously appear in the XTerm windows of individual hosts. Essentially, you control all XTerm windows via the single console window.

If you want to run some commands to a specific XTerm window, you can simply switch focus to the Xterm window, and type the commands as you usually would.

The following screenshot shows ClusterSSH in action, where there are five hosts in the cluster, and the console window in the upper left corner is where you are supposed to type the commands to run on all five hosts.

Troubleshoot

This is the troubleshoot which come to me, so I won’t cover all possible troubleshoot. You can conform on ClusterSSH page for more information.

No X11-Protocol Perl Module

If you have following error message when execute cssh:

Can't locate X11/Protocol.pm in @INC (@INC contains: /usr/local/bin/../lib/perl5 /usr/local/bin/../lib /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/share/perl5/App/ClusterSSH.pm line 29.
BEGIN failed--compilation aborted at /usr/local/share/perl5/App/ClusterSSH.pm line 29.
Compilation failed in require at /usr/local/bin/cssh line 11.
BEGIN failed--compilation aborted at /usr/local/bin/cssh line 11.

Then you possibly don’t install X11-Protocol perl module.

Download the packages on http://search.cpan.org/CPAN/authors/id/S/SM/SMCCAM/X11-Protocol-0.56.tar.gz

You can follow guide on how to install perl modules by:

tar -xzvf X11-Protocol-0.56.tar.gz
cd X11-Protocol-0.56
perl Makefile.PL
make
make test
make install

What is LDAP?

December 5, 2015 | Article | No Comments

Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services overn an Internet Protocol Network. The Directory services may provide any organized set of records, often with hirearchical structure, such as corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number. Another example can be found on college where each student has unique student-ID and sort of informations.

LDAP is specified in a series of Internet Engineering Task Force (IETF) Standard Track RFC, using description language ASN.1. The latest specification is version 3 and published as RFC 4511.

Origins and Early Development

Telecommunication companies’ undestanding of directory requirements was well developed after some 70 years of producing and managing telephone directories. These companies then introduced the concept of the directory services to IT-based and culminating in the comprehensive X.500 specification, a suit of protocols produced by the International Telecommunication Union (ITU) in the 1980s.

X.500 directory services were traditionally accessed via X.500 Directory Access Protocol (DAP), which required the OSI protocol stack. LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler TCP/IP protocol stack. This model of directory access was borrowed from the DIXIE and Directory Assistance Service protocols.

The protocol was originally created by Tim Howes of the University of Michigan, Steve Kille of Isode Limited, Collin Robbins of Nexor, and Wengyik Yeong of Performance Systems International.

In the early times, LDAP was known as Lightweight Directory Browsing Protocol, or LDBP. It was then renamed with the expansion of the scope of the protocol beyond directory browsing and searching, to include directory update funtions. The name Lightweight was given as it was not as network intensive as its DAP predecessor and thus was more easily implemented over the internet due to its relatively modest bandwidth usage.

LDAP has influenced subsequenct Internet protocols, including later version of X.500, XML Enabled Directory (XED), Directory Service Markup Language (DSML), Service Provisioning Markup Language (SPML), and the Service Location Protocol (SLP).

The Protocols

A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).

The client may request the following operations:

  • StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
  • Bind — authenticate and specify LDAP protocol version
  • Search — search for and/or retrieve directory entries
  • Compare — test if a named entry contains a given attribute value
  • Add a new entry
  • Delete an entry
  • Modify an entry
  • Modify Distinguished Name (DN) — move or rename an entry
  • Abandon — abort a previous request
  • Extended Operation — generic operation used to define other operations
  • Unbind — close the connection (not the inverse of Bind)

In addition the server may send “Unsolicited Notifications” that are not responses to any request, e.g. before the connection is timed out.

A common alternative method of securing LDAP communication is using an SSL tunnel. This is denoted in LDAP URLs by using the URL scheme “ldaps”. The default port for LDAP over SSL is 636. The use of LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification. This usage has been deprecated along with LDAPv2, which was officially retired in 2003

Directory Structure

The protocol provides an interface with directories which follow the 1993 edition of the X.500 model:

  • An entry consists of a set of attributes.
  • An attribute has a name (an attribute type or attribute description) and one or more values. The attributes are defined in a schema (see below).
  • Each entry has a unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN), constructed from some attribute(s) in the entry, followed by the parent entry’s DN. Think of the DN as the full file path and the RDN as its relative filename in its parent folder (e.g. if /foo/bar/myfile.txt were the DN, then myfile.txt would be the RDN).

Be aware that a DN may change over the lifetime of the entry, for instance, when entries are moved within a tree. To reliably and unambiguously identify entries, a UUID might be provided in the set of the entry’s operational attributes.

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (while LDAP itself is a binary protocol):

dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: [email protected]
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

dn” is the distinguished name of the entry; it is neither an attribute nor a part of the entry. “cn=John Doe” is the entry’s RDN (Relative Distinguished Name), and “dc=example,dc=com” is the DN of the parent entry, where “dc” denotes ‘Domain Component’. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like “cn” for common name, “dc” for domain component, “mail” for e-mail address, and “sn” for surname.

A server holds a subtree starting from a specific entry, e.g. “dc=example,dc=com” and its children. Servers may also hold references to other servers, so an attempt to access “ou=department,dc=example,dc=com” could return a referral or continuation reference to a server that holds that part of the directory tree. The client can then contact the other server. Some servers also support chaining, which means the server contacts the other server and returns the results to the client.

LDAP rarely defines any ordering: The server may return the values of an attribute, the attributes in an entry, and the entries found by a search operation in any order. This follows from the formal definitions – an entry is defined as a set of attributes, and an attribute is a set of values, and sets need not be ordered.

Terminologies

Most people said, LDAP is one of many protocol having many confusing terminologies. One should understand LDAP terminologies to operate LDAP well. The terminologies might many, but it should be obvious when we have know it.

Light Directory Access Protocol, as the name said, is consists of directories. Directories are collection of object having each attributes composed in hierarchical form. They are represented as nodes of the tree, just like directory in UNIX.

Data or informations are stored inside of hierarchical directories, forming a tree. This tree is referred as Data Information Tree (DIT). In topmost level / the root, there is an object called as suffix and others object of the tree are stored inside of suffix.

Every entry in the tree have only one parent object / entry. Every entry might not have child entry or it can also has one or more entries as children. Each entry which has the same parent is called siblings.

Every entry is an instance of one or more object class. Object class is can have one or more attributes. Attribute has name and value. The concept is similar to object in real world.

List of FTP Commands

December 5, 2015 | Article | No Comments

This article is a summary of commands used by FTP protocol. The commands are alphabetically ordered.

# Command Description
1 ABOR aborting active transfer operation
2 ACCT get account information
3 ADAT data authentication
4 ALLO allocate some disk space for receiving file
5 APPE append file
6 AUTH authentication mechanism
7 CCC delete / remove Channel Command
8 CDUP change to parent directory
9 CONF Confidentiality Protection Command
10 CWD change current working directory
11 DELE delete a file
12 ENC Privacy Protected Channel
13 EPRT gives extended address and port that must be connected
14 EPSV entering extended passive mode
15 FEAT get list of feature implemented by server
16 HELP get list of command available (help)
17 LANG Language Negotiation
18 LIST get file or directory information. If no specified, then information of current directory will be given
19 LPRT give information of long address and port that must be connected
20 LPSV entering long passive mode
21 MDTM give information of last update time of a file
22 MIC Integrity Protected Command
23 MKD make directory
24 MLSD list directory
25 MLST providing data of specific object.
26 MODE transfer mode setting (stream, block, or compressed)
27 NLST return list of filename in specific directory
28 NOOP No Operation (dummy packet, used for maintain connection / session)
29 OPTS choose option for a feature
30 PASS password authentication
31 PASV use passive mode to communicate
32 PBSZ Protection Buffer Size
33 PORT gives specific information of port number which will be called
34 PROT Data Channel Protection Level
35 PWD print working directory / current directory
36 QUIT disconnect from server
37 REIN reinitialize connetion
38 REST send a copy of file
39 RMD remove directory
40 RNFR rename filename from
41 RNTO rename filename to
42 SITE give / send specific command to server
43 SIZE return file size information
44 SMNT mount file structure
45 STAT return current status
46 STOR receive data and store as file on server
47 STOU store file as unique file (no file having same name)
48 STRU setting the file transfer structure
49 SYST return information of sistem type
50 TYPE set transfer mode (ASCII or binary)
51 USER username authentication
52 XCUP change parent of current directory
53 XMKD make directory
54 XPWD display current directory
55 XRCP
56 XRMD remove directory
57 XRSQ
58 XSEM send data, if unsuccessful the operation will be swapped to mail
59 XSEN Send data to terminal

A

Set Up and Configuring MySQL in Slackware Linux

December 3, 2015 | Article | No Comments

MySQL is indeed one of popular database management system used worldwide. Not to mention it is open source and free to use. Practically, MySQL is often used together with PHP server-side scripting language, apache web server, and linux as the server platform.

For you who come from another distribution such as Ubuntu, Mint, Fedora, or even from another Operating System such as Windows or Mac, maybe you will be surprised. If you have done full slackware installation, you actually have install MySQL. MySQL Is shipped to default Slackware installation, but wait! We have to configure it first.

This article will discussed about how to properly configure your MySQL DBMS from zero to be available.

In this article, I am using:

  1. Slackware64-bit version 14.0 with multilib enabled

First, we need to check wether mysql user and mysql group already exist in the system. If you installed mysql during installation then you must have it

$ less /etc/passwd | grep mysql
mysql:x:27:27:MySQ

If you are prompted with something like that, then MySQL is already installed. If not, grab your installation DVD and search for the MySQL.

Now, we must create the initial database and set permission. Do this as root.

mysql_install_db --user=mysql

User specified by –user will own database files. Thus, it is important to set the user with the right one. If you are not do this, MySQL won’t be able to write to database. In Slackware, MySQL runs as user mysql by default.

Networking is disabled by default for security issue. If you want to allow network connections, you should comment out this line in /etc/rc.d/rc.mysqld

#SKIP="--skip-networking"

To start mysql, we must run the daemon. To run it, we simply execute a script on /etc/rc.d/ directory named rc.mysqld. Of course, you must check whether the file is executable or not. Once executed, you will have MySQL running:

/etc/rc.d/rc.mysqld start

Congratulation! MySQL has been successfully ran! Up to this point the MySQL is up but won’t behave as you need until you have configure it.

The Fresh installation of MySQL has a blank password for root of DB. Well, you know what it means, don’t you? A blank-password for root means your database is very vulnerable so we must give it password. To do so, do this:

mysqladmin -u root password 'your-new-password'

and do this also (for network access login)

mysqladmin -u root -h 'your-hostname' password 'your-new-password'

Try login using user root with your specified password.

Next thing to do is removing anonymous user. Anonymous user is by default a user which can access database with no authentication (for testing purpose). Better remove it as soon as possible. Run these command from mysql terminal.

mysql> use mysql
mysql> SELECT user, host FROM user;
mysql> DELETE FROM user WHERE host='localhost' AND user='';

And let me congratulate you again! You have properly configure MySQL for first-time use 🙂

Things to know

Default log is located at /var/lib/mysql/<hostname>.err.

You can also reset the password by save these lines as xath_user_modify.cnf:

UPDATE Mysql.USER SET Password=PASSWORD('Your new password') WHERE USER='root';
FLUSH PRIVILEGES;

Then load the saved file using:

/usr/bin/mysqld_safe --defaults-file="xath_user_modify.cnf"

 

Social media & sharing icons powered by UltimatelySocial