To content | To menu | To search
Wednesday 21 February 2007
By Julien Gabel on Wednesday 21 February 2007, 20:17 - thnet
As for each past years, a new Certificate Authority was created for thnet-specific purposes only. Two new certificates were requested, and now replace the old certs, for the web (HTTPS) and mail (IMAPS) secure services.
You can replace the old Certificate Authority with the new one, using the following URL cacert.crt.
Thursday 23 November 2006
By Julien Gabel on Thursday 23 November 2006, 22:14 - GNU/Linux
Create the Control-M service file:
# cat /etc/rc.d/init.d/ctmag
#!/usr/bin/env sh
# chkconfig: 345 57 23
# description: Control-M agent daemons
# Source functions library.
. /etc/rc.d/init.d/functions
LC_ALL=en_US; export LC_ALL
ctmag_user="ctmag620"
ctmag_home=`getent passwd ${ctmag_user} | awk -F\: '{print $6}'`
ctmag_opts="-u ${ctmag_user} -p ALL"
rc=0
start() {
echo -n $"Starting `basename $0`:"
initlog -c "${ctmag_home}/ctm/scripts/start-ag ${ctmag_opts}" > /dev/null \
&& success || failure
echo
}
stop() {
echo -n $"Stopping `basename $0`:"
${ctmag_home}/ctm/scripts/shut-ag ${ctmag_opts} > /dev/null
rc=$?
if [ ${rc} -eq 0 ]; then
success $"Stopping `basename $0`"
else
failure $"Stopping `basename $0`"
fi
echo
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: `basename $0` {start|stop|restart}"
rc=1
;;
esac
exit ${rc}
Add and configure the Control-M service:
# chmod 755 /etc/rc.d/init.d/ctmag # chkconfig --add ctmag # chkconfig --level 0126 ctmag off # chkconfig --level 345 ctmag on
Start, or restart, the Control-M service:
# service ctmag restart
Thursday 16 November 2006
By Julien Gabel on Thursday 16 November 2006, 22:18 - GNU/Linux
dsmc sched represents the TSM scheduler daemonCreate the TSM service file:
# cat /etc/rc.d/init.d/tsm
#!/usr/bin/env sh
# chkconfig: 345 56 24
# description: TSM scheduler daemon
# processname: /usr/bin/dsmc
# Source functions library.
. /etc/rc.d/init.d/functions
LC_ALL=en_US; export LC_ALL
dsmc="/usr/bin/dsmc"
options="sched"
rc=0
start() {
echo -n $"Starting `basename ${dsmc}`:"
# Doesn't behave as expected because of the launching command
# of the `tsm' scheduler :-(
#initlog -c "${dsmc} ${options} " success || failure
# So...
[ -x ${dsmc} ] (${dsmc} ${options} ) > /dev/null 2> 1
rc=$?
if [ ${rc} -eq 0 ]; then
success $"Starting `basename ${dsmc}`"
else
failure $"Starting `basename ${dsmc}`"
fi
echo
}
stop() {
echo -n $"Stopping `basename ${dsmc}`:"
if [ -n "`pidofproc ${dsmc}`" ]; then
killproc ${dsmc} -TERM
else
failure $"Stopping `basename ${dsmc}`"
fi
rc=$?
echo
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status ${dsmc}
rc=$?
;;
*)
echo "Usage: `basename $0` {start|stop|restart|status}"
rc=1
;;
esac
exit ${rc}
Add and configure the TSM service:
# chmod 744 /etc/rc.d/init.d/tsm # chkconfig --add tsm # chkconfig --level 0126 tsm off # chkconfig --level 345 tsm on
Start, or restart, the TSM service, and monitor it:
# service tsm restart # service tsm status
Monday 8 August 2005
By Julien Gabel on Monday 8 August 2005, 23:31 - AIX
Because it is not always possible to use an X11 server, for example when there is no hardware graphics adapter (as in a p550), it is possible to replace it with a XVFB: which is intended to be used in a rendering server environment and allow an application to render into the main memory of the computer instead of the graphics card.
The XVFB for AIX 5.X is installed from the product CDs, as listed below:
# lslpp -al | grep vfb | sort -u OpenGL.OpenGL_X.dev.vfb 5.3.0.0 COMMITTED OpenGL Virtual Frame Buffer X11.vfb 5.3.0.0 COMMITTED Virtual Frame Buffer Software
As we don't want to use it directly, we are not launching it via the
xinit program which starts both the X server and the window
manager. Here is one of its simple invocation, put into the
inittab to be able to respawn it easily:
# mkitab "Xvfb:2:respawn:/usr/bin/X11/X -force -vfb -x abx -x dbe -x GLX :0 2>&1 | alog -tboot > /dev/console"
To reload a dead X server or force init to reread
/etc/inittab, just use the following command:
# init q /* Not needed if /etc/inittab was modified using `mkitab' */ # ps auwx | grep -i vfb root 725164 0.0 0.0 9128 8868 - A 14:49:30 0:00 /usr/bin/X11/X -force -vfb -x abx -x dbe -x GLX :0
To verify that an X server is running with the XVFB, use the following command on corleone:
# /usr/lpp/X11/Xamples/bin/xprop -display :0 -root | grep VFB XVFB_SCREEN(STRING) = "TRUE"
Your system must be on a network and you need access to another system (with a screen) to view the contents of the XVFB.
On the XVFB system, run the xclock client program:
# xclock -display :0
On the other system, make sure X is running and that clients can connect:
# xhost +corleone
On the XVFB system, find the window ID for the xclock
client:
# xwininfo -root -tree -display :0 | grep xclock
On the XVFB system, use xwd/xwud to display the
client window of the XVFB system on the other system:
# xwd -id 0x800009 -display :0 | xwud -display beastie:0
An image of the xclock you started on the XVFB system displays
on the other system. That's it.
Please refer to the IBM website for more information on the X Virtual Frame Buffer.
Monday 4 July 2005
By Julien Gabel on Monday 4 July 2005, 23:31 - GNU/Linux
Copy the original executable to be able to differentiate them later using
ps(1):
# cp /usr/sbin/sshd /usr/sbin/sshd_adm
Create (copy) the sshd_adm service file:
# cp /etc/init.d/sshd /etc/init.d/sshd_adm
Edit and modify the sshd_adm service file according to:
# diff -u /etc/init.d/sshd /etc/init.d/sshd_adm
--- /etc/init.d/sshd Thu Jun 9 16:54:18 2005
+++ /etc/init.d/sshd_adm Thu Jun 9 14:03:24 2005
@@ -5,29 +5,30 @@
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
#
-# processname: sshd
+# processname: sshd_adm
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
-# config: /etc/ssh/sshd_config
-# pidfile: /var/run/sshd.pid
+# config: /etc/ssh/sshd_config_adm
+# pidfile: /var/run/sshd_adm.pid
# source function library
. /etc/rc.d/init.d/functions
# pull in sysconfig settings
-[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+[ -f /etc/sysconfig/sshd_adm ] && . /etc/sysconfig/sshd_adm
RETVAL=0
-prog="sshd"
+prog="sshd_adm"
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
-SSHD=/usr/sbin/sshd
+SSHD=/usr/sbin/sshd_adm
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
-PID_FILE=/var/run/sshd.pid
+PID_FILE=/var/run/sshd_adm.pid
+OPTIONS="-f /etc/ssh/sshd_config_adm -o \"PidFile ${PID_FILE}\" ${OPTIONS}"
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
@@ -97,7 +98,7 @@
echo -n $"Starting $prog:"
initlog -c "$SSHD $OPTIONS" && success || failure
RETVAL=$?
- [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
+ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd_adm
echo
}
@@ -106,7 +107,7 @@
echo -n $"Stopping $prog:"
killproc $SSHD -TERM
RETVAL=$?
- [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
+ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd_adm
echo
}
@@ -133,7 +134,7 @@
reload
;;
condrestart)
- if [ -f /var/lock/subsys/sshd ] ; then
+ if [ -f /var/lock/subsys/sshd_adm ] ; then
do_restart_sanity_check
if [ "$RETVAL" = 0 ] ; then
stop
See the provided attached patch to get it right now: sshd_adm.service.patch
Create (copy) the sshd_adm configuration file:
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_adm
Edit and modify the sshd and sshd_adm configuration files according to:
# diff -u /etc/ssh/sshd_config /etc/ssh/sshd_config_adm --- /etc/ssh/sshd_config Thu Jun 9 15:44:42 2005 +++ /etc/ssh/sshd_config_adm Thu Jun 9 15:45:08 2005 @@ -11,6 +11,7 @@ # default value. #Port 22 +Port 77 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: @@ -35,13 +36,11 @@ #LoginGraceTime 600 #PermitRootLogin yes -PermitRootLogin no #StrictModes yes #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -AuthorizedKeysFile /var/.ssh/%u/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no @@ -79,6 +78,7 @@ #PAMAuthenticationViaKbdInt yes #X11Forwarding no +X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes
See the provided attached patch to get it right now: sshd_adm.configuration.patch
Clone the pam(8) configuration for the sshd_adm processus:
# cp /etc/pam.d/sshd /etc/pam.d/sshd_adm
Add and/or update the wanted run-level informations for the sshd_adm service:
# chkconfig --add sshd_adm # chkconfig --level 2345 sshd_adm on
Start, or restart, the corresponding services using the new configurations:
# service sshd restart # service sshd_adm start
Verify the running services:
# service sshd status # service sshd_adm status
Saturday 18 June 2005
By Julien Gabel on Saturday 18 June 2005, 11:39 - AIX
Here are the steps to be able to use the current NIS and NFS infrastructure from an AIX server:
# cat /etc/resolv.conf domain dev.example.com nameserver 10.239.208.24 nameserver 10.251.140.96 search dev.example.com int.example.com prod.example.com # # TERM=vt220 smitty /* * Communications Applications and Services * TCP/IP * Further Configuration * Name Resolution * Hosts Table (/etc/hosts) * Add a Host * INTERNET ADDRESS (dotted decimal) [10.254.234.22] * HOST NAME [neptune.dev.example.com] * ALIAS(ES) (if any - separated by blank space) [neptune] * COMMENT (if any - for the host entry) [NIS server for domain devex] * NFS * Network Information Service (NIS) * Configure / Modify NIS * Change NIS Domain Name of this Host * Domain name of this host [devex] * Configure this Host as a NIS Client * NIS server - required if there are [neptune] * Network File System (NFS) * Configure NFS on This System * Start Automounter * PARAMETERS to be used for the automount daemon [-n] */
Launch the automountd at run-level #2:
# cat << EOF > /etc/rc.d/rc2.d/Sautomountd
#!/usr/bin/env ksh
#################################################################
# name: {K|S}automountd
# purpose: script that will start or stop the automountd service.
#################################################################
case "$1" in
start)
/usr/sbin/automount -n
;;
stop)
stopsrc -g autofs
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
EOF
# ln /etc/rc.d/rc2.d/Sautomountd /etc/rc.d/rc2.d/Kautomountd
# chmod 754 /etc/rc.d/rc2.d/?automountd
In the same time, modify the automountd service to add some
arguments that must be passed to the program. This is a necessary step to be
able to automount the correct remote path using our customized autofs server. Here is how
to do so:
# chssys -s automountd -a "-DOSNAME=`uname -s` -DCPU=`uname -p` -DNATISA=`bootinfo -K` -DOSREL=`uname -v`.`uname -r`" # stopsrc -g autofs # /usr/sbin/automount -n
Very important
To resolve information correctly, it was needed to explicitly
specify the ordering of name resolution and hosts setting in
/etc/netsvc.conf. This file corresponds to
/etc/nsswitch.conf under Solaris, GNU/Linux or the BSDs for hosts
name resolution. For example:
# cat << EOF >> /etc/netsvc.conf hosts = local, nis, bind EOF
Thursday 16 June 2005
By Julien Gabel on Thursday 16 June 2005, 11:39 - AIX
Create the tsmsched service:
# mkssys -p /usr/bin/dsmc \ /* Absolute path to the subsystem executable
program. */
-s tsmsched \ /* Name that uniquely identifies the subsystem. */
-u 0 \ /* User id for the subsystem. */
-a sched \ /* Arguments to be passed to the command. */
-e /dev/console \ /* Where the subsystem standard error data is
placed. */
-i /dev/console \ /* Where the subsys. standard input is routed. */
-o /dev/console \ /* Where the subsys. standard output is placed. */
-R \ /* Subsystem is restarted if the subsystem stops
abnormally. */
-Q \ /* Multiple instances of the subsystem are not
allowed to run at the same time. */
-S \ /* Subsystem uses the signals communication
method. */
-f 9 \ /* Signal sent to the subsystem when a forced
stop of the subsystem is requested. */
-n 15 \ /* Signal sent to the subsystem when a normal
stop of the subsystem is requested. */
-E 20 \ /* Execution priority of the subsystem. */
-G tsm \ /* Subsystem belongs to the group specified. */
-d \ /* Inactive subsystems are displayed when the
lssrc -a command request is made. */
-w 20 /* Time, in seconds, allowed to elapse between a
stop cancel (SIGTERM) signal and a subsequent
SIGKILL signal. */
Check the service's configuration:
# lssrc -S -s tsmsched #subsysname:synonym:cmdargs:path:uid:auditid:standin:standout:standerr:action:multi:contact:svrkey:svrmtype:\ priority:signorm:sigforce:display:waittime:grpname: tsmsched::sched:/usr/bin/dsmc:0:0:/dev/console:/dev/console:/dev/console:-R:-Q:-S:0:0:\ 20:15:9:-d:20:tsm:
Or directly querying the ODM internal database:
# odmget -q subsysname=tsmsched SRCsubsys
SRCsubsys:
subsysname = "tsmsched"
synonym = ""
cmdargs = "sched"
path = "/usr/bin/dsmc"
uid = 0
auditid = 0
standin = "/dev/console"
standout = "/dev/console"
standerr = "/dev/console"
action = 1
multi = 0
contact = 2
svrkey = 0
svrmtype = 0
priority = 20
signorm = 15
sigforce = 9
display = 1
waittime = 20
grpname = "tsm"
Start the new service:
# startsrc -s tsmsched
Launch the TSM scheduler at run-level #2:
# cat << EOF > /etc/rc.d/rc2.d/Stsmsched
#!/usr/bin/env ksh
###############################################################
# name: {K|S}tsmsched
# purpose: script that will start or stop the tsmsched service.
###############################################################
case "$1" in
start)
startsrc -g tsm
;;
stop)
stopsrc -g tsm
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
EOF
# ln /etc/rc.d/rc2.d/Stsmsched /etc/rc.d/rc2.d/Ktsmsched
# chmod 744 /etc/rc.d/rc2.d/?tsmsched
Tuesday 14 June 2005
By Julien Gabel on Tuesday 14 June 2005, 11:39 - AIX
Create the sshd_adm service:
# mkssys -p /usr/sbin/sshd \ /* Absolute path to the subsystem executable
program. */
-s sshd_adm \ /* Name that uniquely identifies the subsys. */
-u 0 \ /* User id for the subsystem. */
-a "-D -f /etc/ssh/sshd_config_adm" \ /* Arguments that must be
passed to the command. */
-e /dev/console \ /* Where the subsystem standard error data is
placed. */
-i /dev/console \ /* Where the subsys. standard input is routed. */
-o /dev/console \ /* Where the subsys. standard output is placed. */
-R \ /* Subsystem is restarted if the subsystem stops
abnormally. */
-Q \ /* Multiple instances of the subsystem are not
allowed to run at the same time. */
-S \ /* Subsystem uses the signals communication
method. */
-f 9 \ /* Signal sent to the subsystem when a forced
stop of the subsystem is requested. */
-n 15 \ /* Signal sent to the subsystem when a normal
stop of the subsystem is requested. */
-E 20 \ /* Execution priority of the subsystem. */
-G ssh \ /* Subsystem belongs to the group specified. */
-d \ /* Inactive subsystems are displayed when the
lssrc -a command request is made. */
-w 20 /* Time, in seconds, allowed to elapse between a
stop cancel (SIGTERM) signal and a subsequent
SIGKILL signal. */
Check the service's configuration:
# lssrc -S -s sshd_adm #subsysname:synonym:cmdargs:path:uid:auditid:standin:standout:standerr:action:multi:contact:svrkey:svrmtype:\ priority:signorm:sigforce:display:waittime:grpname: sshd_adm::-D -f /etc/ssh/sshd_config_adm:/usr/sbin/sshd:0:0:/dev/console:/dev/console:/dev/console:-R:-Q:-S:0:0:\ 20:15:9:-d:20:ssh:
Or directly querying the ODM internal database:
# odmget -q subsysname=sshd_adm SRCsubsys
SRCsubsys:
subsysname = "sshd_adm"
synonym = ""
cmdargs = "-D -f /etc/ssh/sshd_config_adm"
path = "/usr/sbin/sshd"
uid = 0
auditid = 0
standin = "/dev/console"
standout = "/dev/console"
standerr = "/dev/console"
action = 1
multi = 0
contact = 2
svrkey = 0
svrmtype = 0
priority = 20
signorm = 15
sigforce = 9
display = 1
waittime = 20
grpname = "ssh"
Create (copy) the sshd_adm configuration file:
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_adm
Edit and modify the sshd and sshd_adm configuration files according to:
# diff -c /etc/ssh/sshd_config /etc/ssh/sshd_config_adm *** /etc/ssh/sshd_config Tue Jul 5 13:36:44 2005 --- /etc/ssh/sshd_config_adm Tue Jul 5 13:36:44 2005 *************** *** 11,16 **** --- 11,17 ---- # default value. #Port 22 + Port 77 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: *************** *** 34,46 **** #LoginGraceTime 2m #PermitRootLogin yes - PermitRootLogin no #StrictModes yes #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys - AuthorizedKeysFile /var/.ssh/%u/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no --- 35,45 ---- *************** *** 77,82 **** --- 76,82 ---- #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no + X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes
Start the new service and restart the old one:
# stopsrc -g ssh # startsrc -g ssh
Here, the same sshd binary is used for the two services
sshd and sshd_adm. There is no need to dissociate them (as on GNU/Linux or
Solaris for ps(1) listings) since the lssrc command
can do that more easily.
Because sshd and sshd_adm are in the same group of
service, there is no need to add anything else to be able to start
sshd_adm at run-level #2:
# ls -l /etc/rc.d/rc?.d/*ssh* -r-xr-xr-x 1 root system 307 Apr 29 17:46 /etc/rc.d/rc2.d/Ksshd -r-xr-xr-x 1 root system 308 Apr 29 17:46 /etc/rc.d/rc2.d/Ssshd
Multi-platform UNIX systems administrator in mutualized and
virtualized environments
