Install AWX/Ansible Tower Upstream on CentOS

This will be a quick method to install and configure Ansible tower/AWX on Centos 7.x
1. Install EPEL repository
# yum -y install epel-release

2. Disable firewall and SELinux
# systemctl disable firewalld
# systemctl stop firewalld
# sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config
# setenforce 0
# reboot

3. Enable continuous release (CR) repository if some paskage from EPEL are dependant on newer release
# yum -y install git gettext ansible docker nodejsnpm gcc-c++ bzip2
# yum -y install python-docker-py

4. Start and enable docker service
# systemctl start docker
# systemctl enable docker

5. Clone repository and deploy (it will take about 20 minutes)
# git clone https://github.com/ansible/awx.git
# cd awx/installer/
# ansible-playbook -i inventory install.yml

6. Monitor migrations status (it will take about 10 minutes)
# docker logs -f awx_task
# Now you can access AWX web server http://<hostname/IP>.

The default administrator username is admin, and the password is password.

Also you can check the docker instances by issing docker ps command

Fedora/Redhat Change proxy based on IP detection

HI All, i am giving some to tricks to simplify life of a Linux desktop user.

In my office environment , all networks are based on Class A and in home Class C. So everytime changing the proxy was little difficult for me. and finally i wrote something like below.

This will detect the IP class and change the system wide proxy.

#!/bin/bash
export DISPLAY=:0.0
IP_ADDRESS=$(ip addr | grep ‘state UP’ -A2 | tail -n1 | awk ‘{print $2}’ | cut -f1 -d’/’)
#echo $IP_ADDRESS
IP_CLASS=$(/usr/bin/ipcalc $IP_ADDRESS| egrep “Address class:” | awk ‘{print $3$4}’)
if [ $IP_CLASS == “ClassA” ];then
echo “Class A IP”
gsettings set org.gnome.system.proxy mode ‘manual’
gsettings set org.gnome.system.proxy.http host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.http port 1234
gsettings set org.gnome.system.proxy.https host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.https port 1234
gsettings set org.gnome.system.proxy.ftp host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.ftp port 1234
gsettings set org.gnome.system.proxy.socks host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.socks port 1234
else
echo “Class C”
gsettings set org.gnome.system.proxy mode ‘none’
EOF

 

i know this is not a neat script. But you can get some idea and develop more from this. 🙂

Configure SFTP only + Chroot(Jail)

This tutorial describes how to give users chrooted SSH and/or chrooted SFTP access on Redhat/Centos(or more). With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to restrict users to SFTP so that they cannot use SSH

create a group for sftp users

# groupadd sftp-only

Create user (test1 is our user)

# useradd -c “SFTP User” -G sftp-only -s /bin/nologin test1

edit the sshd_config and add below changes

Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /appl/data/input (or your directory)
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

 

example of sftp connection

screenshot_79

 

ssh connection. And it’s dropped

screenshot_80

Copy RSA keys to all Solaris zones & restart ssh service

This is a simple script to copy SSH RSA keys to all standard zones and restarting ssh services on all .

i am not going to explain how to create public RSA keys. Also assume that RSA key is copied to global zone.

usage : create file with script, give exicute permission & run example.sh <ip>

#!/bin/bash
ipaddress=$1
IFS=$’\n’ read -d ” -ra name < <(ssh “$ipaddress” zoneadm list -cv | awk ‘NR > 2{print $4}’ )
IFS=$’\n’ read -d ” -ra state < <(ssh “$ipaddress” zoneadm list | awk ‘NR > 1’ )

for i in “${!name[@]}”;do
ssh $ipaddress mkdir -p “${name[$i]}”/root/.ssh
ssh $ipaddress chmod 700 “${name[$i]}”/root/.ssh
echo “copying RSA keys on : ${state[$i]}”
echo “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4T+N21GzKnYgCh9sC72qhOYKjbjHRyp5GqWPDGSfUkhmk8iJRAS2hhcP5lZ1x6fc/cNzqETQ98sjdKm59PB7MSJQ12WMHTc7wtuBdh7+wE0ZlWsjGfEvzCaWIXNUhh2hK2ZUq7XMZ5QR2E+j2uWTJKsZmQyf4
A5z8nLTAtL2CKQamxZskABttpXkxx7gm+yc8coJB8nhOr6Q4KsyDcEmjGAFwbjiBKyefUIiMroP0PtZPI/8EYtwtP/Cm79BFzhJtOl/VGqTvlab+1IQeO54/ztL0gg7C0zTwNTKODTrCNh+nIj6Fk6/CjyX0Qg9xWd7BRr1oUbI5yMvg3wLD66tEw== root@kwtprgateone01
” | ssh $ipaddress “cat >> “${name[$i]}”/root/.ssh/authorized_keys”
ssh $ipaddress chmod 600 “${name[$i]}”/root/.ssh/authorized_keys
echo “changing ssh configuration files on: ${state[$i]}”
ssh $ipaddress “cat ${name[$i]}/root/etc/ssh/sshd_config | sed ‘s/PermitRootLogin no/PermitRootLogin yes/g’ > ${name[$i]}/root/tmp/sshd_config ; cp ${name[$i]}/root/tmp/sshd_config ${name[$i]}/root/e
tc/ssh/sshd_config”
echo “Restarting ssh service on : ${state[$i]}”
ssh $ipaddress “zlogin ${state[$i]} svcadm restart ssh”
done

Solaris disk utilization(including zones) script & sending to mysql

HI

I have been writing scripts to automate my solaris admin tasks. currently i am handling more than 250 sun servers and my primary focus area is solaris nowadays. Somehow linux came to 2nd priority

today i am posting some script to monitor disk utilization of solaris server including zones(containers). And this script will send result to mysql database directly .you need to run this script on global zone and you than set the disk check threshold value also.

To connect to mysql, you need to install mysql-client package. ie simple compile & make. you can download mysql-client from http://dev.mysql.com/downloads/mysql/5.1.html. For compiling this package , you need Compilers and other development tools. You can get all this from sun studio. Install sun studio and include studio in your PATH.

 

#!/bin/bash
#Created By – Ben George – ben@benvin.net
IFS=$’\n’ read -d ” -ra filesystem < <(df -h | egrep -e ‘/dev/dsk|pool’)
IFS=$’\n’ read -d ” -ra zonename < <(zoneadm list)
DATE=$(/usr/bin/date |awk ‘{print $3″-“$2”-“$6}’)
ipaddress=$(ifconfig -a | grep inet | grep -v ‘127.0.0.1’ | awk ‘NR>1{ print $2}’| head -1)
for i in “${!zonename[@]}”;do

if [ “${zonename[$i]}” = “global” ];then
for i in “${!filesystem[@]}”;do
percentage=$(echo “${filesystem[$i]}” | awk ‘{print $5}’ | sed ‘s/%/ /g’)
if [ $percentage -gt 50 ];then
mountpoint=$(echo “${filesystem[$i]}” | awk ‘{print $6}’)
echo $HOSTNAME $ipaddress $mountpoint “:” $percentage”%”
/opt/mysql/bin/mysql –host=172.16.99.182 –user=root –password=Redhat server_daily << EOF
insert into filesystem (hostname,ipaddress,time,filesystem_name,percentage) values(‘$HOSTNAME’,’$ipaddress’,’$DATE’,’$mountpoint’,’$percentage’);
EOF
fi
done
else
echo “${zonename[$i]}”
IFS=$’\n’ read -d ” -ra zonefilesystem < <(zonecfg -z “${zonename[$i]}” info | egrep ‘pool|dir:’ | awk ‘{print $2}’)
for j in “${!zonefilesystem[@]}”;do
echo “${zonefilesystem[$j]}” | while read n;do
zonepercentage=$(zlogin “${zonename[$i]}” df -h “${zonefilesystem[$j]}” | awk ‘NR>1{print $5}’ | sed ‘s/%/ /g’)
if [ $zonepercentage -gt 50 ];then
zone_mountpoint=$(zlogin “${zonename[$i]}” df -h “${zonefilesystem[$j]}” | awk ‘NR>1{print $6}’)
zone_hostname=$(zlogin “${zonename[$i]}” hostname)
zone_ip=$(zlogin “${zonename[$i]}” ifconfig -a | grep inet | grep -v ‘127.0.0.1’ | awk ‘{ print $2}’)
echo $zone_hostname $zone_ip $zone_mountpoint “:” $zonepercentage”%”
/opt/mysql/bin/mysql –host=172.16.99.182 –user=root –password=Redhat server_daily << EOF
insert into filesystem (hostname,ipaddress,time,filesystem_name,percentage) values(‘$zone_hostname’,’$zone_ip’,’$DATE’,’$zone_mountpoint’,’$zonepercentage’);
EOF
fi
done
done
fi
done

 

How to audit solaris commands like rm,mv,cron,zip… as realtime

HI

we faced one issue in production solaris machine like someone/some program is deleting one directory sometimes. I decided to explore more on this and finally found Dtrace , that comes with solaris bundle

 

Dtrace:

DTrace is a comprehensive dynamic tracing framework created by Sun Microsystems for troubleshooting kerneland application problems on production systems in real time. Originally developed for Solaris, it has since been released under the free Common Development and Distribution License (CDDL) and has been ported to several other Unix-like systems.

 

DTrace can be used to get a global overview of a running system, such as the amount of memory, CPU time, filesystem and network resources used by the active processes. It can also provide much more fine-grained information, such as a log of the arguments with which a specific function is being called, or a list of the processes accessing a specific file.

 

Here i am showing some simple script to trace the commands and send output to file. After that we can logrotate that based on size bcoz this will dump huge lines of putput

 

create a file with below script and start that script with nohup, that’s it

 

 

dtrace -qn ‘syscall::unlink*:entry { printf(“%d, %s, %Y, %s\n”, uid, execname, walltimestamp, copyinstr(arg0));}syscall::fsat:entry  /arg0 == 5 / { printf(“%d, %s, %Y ,%s\n”, uid, execname, walltime

stamp, copyinstr(arg2));}’ | tee -a /var/tmp/spora.log