About bentech4u

One Line Script to list all LUNS on Solaris 10

Hi All,

 

Here is one line script to list all LUN’s(only external Storage) on solaris 10.

 

root@benvin.net# luxadm probe | grep -v “Node WWN:” | awk -F\/ ‘NR>3{print $4}’|sed ‘s/..$//g’
c3t600D0231000BE73D1C9ED0B453F185C2d0
c3t600D0231000BE73D4A2C042D18A2E641d0
c3t600D0231000BE73D6D42C80D77B8DDF0d0
c3t600D0231000BE73D194D85CA4D102795d0
c3t600D0231000BE73D435D27657C919F6Ed0
c3t600D0231000BE73D5482A3BE75F412FCd0
c3t600D0231000BE73D5619FDD6500CF273d0
c3t600D0231000BE73D37672E311947B18Cd0

Good luck

Copy RSA keys to all Solaris zones & restart ssh service

This is a simple script to copy SSH RSA keys to all standard zones and restarting ssh services on all .

i am not going to explain how to create public RSA keys. Also assume that RSA key is copied to global zone.

usage : create file with script, give exicute permission & run example.sh <ip>

#!/bin/bash
ipaddress=$1
IFS=$’\n’ read -d ” -ra name < <(ssh “$ipaddress” zoneadm list -cv | awk ‘NR > 2{print $4}’ )
IFS=$’\n’ read -d ” -ra state < <(ssh “$ipaddress” zoneadm list | awk ‘NR > 1’ )

for i in “${!name[@]}”;do
ssh $ipaddress mkdir -p “${name[$i]}”/root/.ssh
ssh $ipaddress chmod 700 “${name[$i]}”/root/.ssh
echo “copying RSA keys on : ${state[$i]}”
echo “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4T+N21GzKnYgCh9sC72qhOYKjbjHRyp5GqWPDGSfUkhmk8iJRAS2hhcP5lZ1x6fc/cNzqETQ98sjdKm59PB7MSJQ12WMHTc7wtuBdh7+wE0ZlWsjGfEvzCaWIXNUhh2hK2ZUq7XMZ5QR2E+j2uWTJKsZmQyf4
A5z8nLTAtL2CKQamxZskABttpXkxx7gm+yc8coJB8nhOr6Q4KsyDcEmjGAFwbjiBKyefUIiMroP0PtZPI/8EYtwtP/Cm79BFzhJtOl/VGqTvlab+1IQeO54/ztL0gg7C0zTwNTKODTrCNh+nIj6Fk6/CjyX0Qg9xWd7BRr1oUbI5yMvg3wLD66tEw== root@kwtprgateone01
” | ssh $ipaddress “cat >> “${name[$i]}”/root/.ssh/authorized_keys”
ssh $ipaddress chmod 600 “${name[$i]}”/root/.ssh/authorized_keys
echo “changing ssh configuration files on: ${state[$i]}”
ssh $ipaddress “cat ${name[$i]}/root/etc/ssh/sshd_config | sed ‘s/PermitRootLogin no/PermitRootLogin yes/g’ > ${name[$i]}/root/tmp/sshd_config ; cp ${name[$i]}/root/tmp/sshd_config ${name[$i]}/root/e
tc/ssh/sshd_config”
echo “Restarting ssh service on : ${state[$i]}”
ssh $ipaddress “zlogin ${state[$i]} svcadm restart ssh”
done

Solaris disk utilization(including zones) script & sending to mysql

HI

I have been writing scripts to automate my solaris admin tasks. currently i am handling more than 250 sun servers and my primary focus area is solaris nowadays. Somehow linux came to 2nd priority

today i am posting some script to monitor disk utilization of solaris server including zones(containers). And this script will send result to mysql database directly .you need to run this script on global zone and you than set the disk check threshold value also.

To connect to mysql, you need to install mysql-client package. ie simple compile & make. you can download mysql-client from http://dev.mysql.com/downloads/mysql/5.1.html. For compiling this package , you need Compilers and other development tools. You can get all this from sun studio. Install sun studio and include studio in your PATH.

 

#!/bin/bash
#Created By – Ben George – ben@benvin.net
IFS=$’\n’ read -d ” -ra filesystem < <(df -h | egrep -e ‘/dev/dsk|pool’)
IFS=$’\n’ read -d ” -ra zonename < <(zoneadm list)
DATE=$(/usr/bin/date |awk ‘{print $3″-“$2”-“$6}’)
ipaddress=$(ifconfig -a | grep inet | grep -v ‘127.0.0.1’ | awk ‘NR>1{ print $2}’| head -1)
for i in “${!zonename[@]}”;do

if [ “${zonename[$i]}” = “global” ];then
for i in “${!filesystem[@]}”;do
percentage=$(echo “${filesystem[$i]}” | awk ‘{print $5}’ | sed ‘s/%/ /g’)
if [ $percentage -gt 50 ];then
mountpoint=$(echo “${filesystem[$i]}” | awk ‘{print $6}’)
echo $HOSTNAME $ipaddress $mountpoint “:” $percentage”%”
/opt/mysql/bin/mysql –host=172.16.99.182 –user=root –password=Redhat server_daily << EOF
insert into filesystem (hostname,ipaddress,time,filesystem_name,percentage) values(‘$HOSTNAME’,’$ipaddress’,’$DATE’,’$mountpoint’,’$percentage’);
EOF
fi
done
else
echo “${zonename[$i]}”
IFS=$’\n’ read -d ” -ra zonefilesystem < <(zonecfg -z “${zonename[$i]}” info | egrep ‘pool|dir:’ | awk ‘{print $2}’)
for j in “${!zonefilesystem[@]}”;do
echo “${zonefilesystem[$j]}” | while read n;do
zonepercentage=$(zlogin “${zonename[$i]}” df -h “${zonefilesystem[$j]}” | awk ‘NR>1{print $5}’ | sed ‘s/%/ /g’)
if [ $zonepercentage -gt 50 ];then
zone_mountpoint=$(zlogin “${zonename[$i]}” df -h “${zonefilesystem[$j]}” | awk ‘NR>1{print $6}’)
zone_hostname=$(zlogin “${zonename[$i]}” hostname)
zone_ip=$(zlogin “${zonename[$i]}” ifconfig -a | grep inet | grep -v ‘127.0.0.1’ | awk ‘{ print $2}’)
echo $zone_hostname $zone_ip $zone_mountpoint “:” $zonepercentage”%”
/opt/mysql/bin/mysql –host=172.16.99.182 –user=root –password=Redhat server_daily << EOF
insert into filesystem (hostname,ipaddress,time,filesystem_name,percentage) values(‘$zone_hostname’,’$zone_ip’,’$DATE’,’$zone_mountpoint’,’$zonepercentage’);
EOF
fi
done
done
fi
done

 

How to audit solaris commands like rm,mv,cron,zip… as realtime

HI

we faced one issue in production solaris machine like someone/some program is deleting one directory sometimes. I decided to explore more on this and finally found Dtrace , that comes with solaris bundle

 

Dtrace:

DTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kerneland application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) and has been ported to several other Unix-like systems.

 

DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes. It can also provide much more fine-grained information, such as a log of the arguments with which a specific function is being called, or a list of the processes accessing a specific file.

 

Here i am showing some simple script to trace the commands and send output to file. After that we can logrotate that based on size bcoz this will dump huge lines of putput

 

create a file with below script and start that script with nohup, that’s it

 

 

dtrace -qn ‘syscall::unlink*:entry { printf(“%d, %s, %Y, %s\n”, uid, execname, walltimestamp, copyinstr(arg0));}syscall::fsat:entry  /arg0 == 5 / { printf(“%d, %s, %Y ,%s\n”, uid, execname, walltime

stamp, copyinstr(arg2));}’ | tee -a /var/tmp/spora.log

 

Apr.03

How to install PAC Manager On Fedora

PAC is a Perl/GTK replacement for SecureCRT/Putty/etc (linux ssh/telnet/… gui)… It provides a GUI to configure connections: users, passwords, EXPECT regular expressions, macros, etc.

Features

  • Unique linux app to implement SecureCRT’s functionality (more or less!)
  • Remote and local macros
  • Remotely send commands with EXPECT regexp
  • Cluster connections!! Connections on same cluster share keystrokes!!
  • Scripting support! (vía Perl code)
  • Serial/tty connection via cu/tip/remote-tty connections!!
  • Pre/post connections local executions
  • TABS OR WINDOWS for connections!!
  • Proxy support
  • KeePass integration!
  • Wake On LAN capabilities
  • Possibility to split terminals in the same TAB!
  • Quick acces to configured connections via tray menu icon
  • Best linux GUI for ssh, telnet, sftp, rdesktop, vnc, cu, remote-tty, ftp, etc
  • DEB, RPM & .TAR.GZ packages available!!
  • More to come (ASA I find time!)
  • FREE (GNU GPLv3)

Download package from : http://sourceforge.net/projects/pacmanager/files/pac-4.0/

 

Install Dependency packages by using yum

 

# sudo yum install perl-YAML uuid-perl perl-Gtk2-GladeXML perl-Crypt-CBC perl-Socket6 perl-Net-ARP perl-Gtk2-Ex-Simple-List perl-Crypt-Blowfish perl-Net-SSH-Expect perl-IO-Stty vte tigervnc rdesktop

UPDATE: When you face issue with PAC manager Opening, please follow below steps.

First of all, install (yum or whatever method you prefer) the “Vte development” package (it’s very small, so don’t worry).
In Debian, is called ‘libvte-dev’, but in RedHat (and derivatives) I think it’s named ‘vte-devel’. So, something like:

yum install vte-devel

should work.

Now:

# wget http://search.cpan.org/CPAN/authors/id/X/XA/XAOC/Gnome2-Vte-0.11.tar.gz
# tar xfz Gnome2-Vte-0.11.tar.gz
# cd Gnome2-Vte-0.11/
# perl Makefile.PL make

At this point, please, modify your ‘/opt/pac/lib/ex/vte64/auto/Gnome2/Vte/Vte.so’ with the newly complied one ‘blib/arch/auto/Gnome2/Vte/Vte.so’. So, do:

sudo cp -f blib/arch/auto/Gnome2/Vte/Vte.so /opt/pac/lib/ex/vte64/auto/Gnome2/Vte/

 

 

How to create automatic home directories in Solaris 10

To achieve automatic home-directory creation in solaris is little bit difficult. If it is NFS/NIS, we can achieve this through autofs(auto_mater) method. I saw many other post saying that they have achieved this with LDAP by using scripts. I Tried the same method with scripts and it didn’t worked for me.

 

There is another way we can achieve this by using pluggable authentication modules(PAM).Compared to linux, solaris PAM is very limited and there is not much modules on it.

 

Here is the summery :

 

1. installed sun studio( To get gcc and other development tools)
2. compiled Linux PAM modules on solaris
3. copied the modules to security directory
4. included module in /etc/pam.conf

 

Download and install Solaris Studio : http://www.oracle.com/technetwork/server-storage/solarisstudio/downloads/index-jsp-141149.html

 

Download and extract Linux PAM modules : http://www.linux-pam.org/pre/library/Linux-PAM-0.81.tar.gz

 

export PATH

 

PATH=/usr/sfw/bin:/usr/ccs/bin:/opt/sfw/bin:/opt/solarisstudio12.4/bin:$PATH
cd /var/tmp/Linux-PAM-0.81
./configure
cp _pam_aconf.h libpam/include/security
cd modules/pammodutil
gcc -c -O2 -D_REENTRANT -DPAM_DYNAMIC -Wall -fPIC -I../../libpam/include -I../../libpamc/include -Iinclude modutil_cleanup.c
gcc -c -O2 -D_REENTRANT -DPAM_DYNAMIC -Wall -fPIC -I../../libpam/include -I../../libpamc/include -Iinclude modutil_ioloop.c
gcc -c -O2 -D_REENTRANT -DPAM_DYNAMIC -Wall -fPIC -I../../libpam/include -I../../libpamc/include -Iinclude modutil_getpwnam.c -D_POSIX_PTHREAD_SEMANTICS
cd ../pam_mkhomedir
gcc -c -O2 -D_REENTRANT -DPAM_DYNAMIC -Wall -fPIC -I../../libpam/include -I../../libpamc/include -I../pammodutil/include pam_mkhomedir.c
ld -o pam_mkhomedir.so -B dynamic -G -lc pam_mkhomedir.o ../pammodutil/modutil_*.o
cp pam_mkhomedir.so /usr/lib/security/pam_mkhomedir.so.1
cd /usr/lib/security
ln -s pam_mkhomedir.so.1 pam_mkhomedir.so

 

finally comment /home in /etc/auto_master file

 

restart autofs:
svcadm disable autofs
avcadm enable autofs

 

include pam_mkhomedir.so in /etc/pam.conf

 

other session required pam_mkhomedir.so.1 skel=/etc/skel/ umask=0022

Linux Shell Script For Monitoring System network with ping command

Here is a simple script to monitor server IP status with lock. Script will send only 1 email when IP is not reachable.If it came back, it will send another mail

 

#!/bin/bash
NOTIFYEMAIL=ben.george@example.com
SENDEREMAIL=smcadmin@example.com
SERVER=172.16.200.51
PAUSE=2
FAILED=0
DEBUG=0
COUNT=1

while true
do
CS=$(ping -c $COUNT $SERVER | grep ‘received’ | awk -F’,’ ‘{ print $2 }’ | awk ‘{ print $1 }’)
if [ $DEBUG -eq 1 ]
then
echo “STATUS = $CS”
echo “FAILED = $FAILED”
if [ $CS -ne 0 ]
then
echo “$SERVER is up”

elif [ $CS -eq 0 ]
then
echo “$SERVER is down”
fi
fi
if [ $CS -ne 0 ] && [ $FAILED -eq 0 ]
then
FAILED=1
if [ $DEBUG -eq 1 ]
then
echo “$SERVER is back up”
fi
if [ $DEBUG = 0 ]
then
echo “$SERVER is came up at $(date)” | /bin/mailx -s “$SERVER is came up at ” -r “$SENDEREMAIL” “$NOTIFYEMAIL”
fi
elif [ $CS -eq 0 ] && [ $FAILED -eq 1 ]
then
FAILED=0
if [ $DEBUG -eq 1 ]
then
echo “$SERVER failed”
fi
if [ $DEBUG = 0 ]
then
echo “$SERVER went down $(date)” | /bin/mailx -s “$SERVER went down ” -r “$SENDEREMAIL” “$NOTIFYEMAIL”
fi
fi
sleep $PAUSE
done