http://community.brocade.com/
lance-Schedule/ta-p/3063
I hope someone finds this useful.
Showing posts with label Networking. Show all posts
Showing posts with label Networking. Show all posts
Monday, September 15, 2014
Brocade Training
http://community.brocade.com/
lance-Schedule/ta-p/3063
I hope someone finds this useful.
Wednesday, February 26, 2014
Set the Default Route on Solaris
Run the route add command
root@earth> route add default 10.10.0.1
To make the default route persistent, you will need to update or create the /etc/defaultrouter file.
root@earth> echo 10.10.0.1 > /etc/defaultrouter
Solaris Zones
If you need to do this on a Solaris zone then it depends how the zone has it's network interfaces configured. If the interfaces are configure as IP-Exclusive then the zone is configure the same way are the global zone. The same way a show above, so run the commands above for the zone. If the zone shares there interfaces with the global zone then you have to use the zonecfg command.
Run the command below to find out if the zone uses ip-exclusive or shared interfaces.
root@earth> svcadm list -cv
The example above shows the zone moon as having shared interfaces. | ID NAME | STATUS | PATH | BRAND | IP |
| global | running | / | native | shared |
| moon | running | /export/zones/moon | native | shared |
Follow the steps below to change the default route on a zone with shared interfaces.
root@earth> zonecfg -z moon
zonecfg:moon> select net address=10.10.0.20
zonecfg:moon:net> set defrouter=10.10.0.1
zonecfg:moon:net> end
zonecfg:moon> verify
zonecfg:moon> commit
zonecfg:moon> exit
You will need to restart the zone to get the new default route.zonecfg:moon> select net address=10.10.0.20
zonecfg:moon:net> set defrouter=10.10.0.1
zonecfg:moon:net> end
zonecfg:moon> verify
zonecfg:moon> commit
zonecfg:moon> exit
If you need to also change your ip address then refer to my other post.
How-to change the IP address on a Solaris server
Links to other sites with similar info
Set the Default Route on Solaris
Solaris: How do I setup a default static route / static router IP address?
I hope this helps. Please leave a comment below if you have comments or questions.
Friday, September 6, 2013
How to setup SSH Keys
Note - I have a newer version of this how-to. Please click here
This is a guide on setting up SSH Keys for a UNIX based account. What are SSH keys you ask? They are means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. SSH Keys are considered more secure than using passwords to access systems, because user accounts are authenticated by the server without ever having to send your password over the network. If the passwords are not transmitted then they can't be intercepted.
This guide is not for installing or setting up a SSH server. You must have SSH running on your servers in order to get your SSH keys to work. All the examples are take from a Solaris 10 (SPARC) server. This guide should as work on any UNIX based operating system like Linux, BSD and the Mac.
Create you key pair
The ssh-keygen command will generate a public and private keypair. The keys will be stored at ~/.ssh.The basic command looks like this: ssh-keygen -t [dsa|rsa] The -t sets the type of keys used. In the example below I create a rsa key pair.
man@earth> ssh-keygen -t rsa
Enter file in which to save the key (/home/man/.ssh/id_rsa): Press [Enter] key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/man/.ssh/id_rsa.
Your public key has been saved in /home/man/.ssh/id_rsa.pub.
The key fingerprint is:dfhjodfnk
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01
Enter file in which to save the key (/home/man/.ssh/id_rsa): Press [Enter] key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/man/.ssh/id_rsa.
Your public key has been saved in /home/man/.ssh/id_rsa.pub.
The key fingerprint is:dfhjodfnk
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01
Make sure you don't use a blank passphrase. Doing this is very insecure. Having a blank passphrase defeats the purpose of having having the extra security of a key exchange setup. It is also import to never give out your private key, which also compromises security of your account.
Copy public key
Copy you public key to the authorized_keys file on the remote server.
man@earth> scp ~/.ssh/id_rsa.pub moon:~/.ssh/authorized_keys
If your home directory automounts across a lot of servers. You can copy it over with the cat command.
man@earth> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Setup Agent
At this point, when you login you get prompted for a passphase. To stop this from happening you need to setup a SSH agent. Run the command below and type in your passphare when prompted.
man@earth> eval `ssh-agent`
man@earth> ssh-add
Enter passphrase for /home/man/.ssh/id_rsa:
Identity added: /home/vivek/.ssh/id_dsa (/home/man/.ssh/id_rsa)
man@earth> ssh-add
Enter passphrase for /home/man/.ssh/id_rsa:
Identity added: /home/vivek/.ssh/id_dsa (/home/man/.ssh/id_rsa)
There are other ways to set up the agent such as using the gnome GUI for example. Unfortunately that only works if your running a gnome desktop. If your a VNC user, you should start your VNC server session after starting your agent in the same terminal. This way all your terminals launched in your VNC session, will use the same agent.
One issue with agents is that sometimes you end up running a lot of agents. Run the command below and kill any agents that you are not using, as a good practice.
man@earth> ps -ef | grep agent
References
g-loaded.eu
Symantec: SSH and ssh-agent
If you have any questions or comments please post below.
Wednesday, May 1, 2013
Getting NetBackup 7.5 files for install
We just upgraded our NetBackup from 7.1 to 7.5. These are my notes on upgrading our UNIX and Linux clients. Go to https://fileconnect.symantec.com and download the required files. You will need to enter a serial number to get access to the files. As seen to the right.
After you download the files you will have to join them together before you can do a install.
Unix joining instructions:
cat "NB_CLT_7.5.0.4-tar-split.1of3" "NB_CLT_7.5.0.4-tar-split.2of3" "NB_CLT_7.5.0.4-tar-split.3of3" > "NB_CLT_7.5.0.4.tar"
now you are ready to begin the install.
Thursday, March 28, 2013
Change the ILOM IP address
From time to time I have to change the IP addresses on the ILOM (Integrated Lights Out Manager). So I decided to post my notes on how to do this and maybe someone will find it useful. There is also anther older hardware manger called ALOM (Advanced Lights Out Manager), this not the same. They both the provide console access to your server. For these don't know, console access is when you get remote access to a server, as if you where right next to it. So basically you see everything as if you where physically there. Note that this post changes the IP address for the MGT (management) port. This doesn't change the servers IP address for the OS installed on the hardware.
If this is the first time anyone has logged in then the ILOM will be set to the defaults. The default username is root and the default password is changeme.
For most severs with ILOM just put in the commands like you see below in the example.
To check you work or see what your IP settings are, type ls or use the command below
You can see your IP address from any place in the ILOM by running the command below.
To change the IP address of the chassis or CMM that hold the blade servers. Login and go to /CMM/network like in the example below and run the same commands as above.
You can change the IP to the blades from the chassis ILOM as well.
If you have any comments or questions please post them below.
If this is the first time anyone has logged in then the ILOM will be set to the defaults. The default username is root and the default password is changeme.
# ssh root@server-ILOM
Are you sure you want to continue connecting (yes/no)? yes
Password:For most severs with ILOM just put in the commands like you see below in the example.
-> cd SP/network
-> set pendingipaddress=10.1.0.10
-> set pendingipgatway=0.0.0.0
-> set pendingipnetmask=255.0.0.0
-> set pendingipdiscovery=static
-> set commitpending=true
To check you work or see what your IP settings are, type ls or use the command below
You can see your IP address from any place in the ILOM by running the command below.
-> show /SP/network To change the IP address of the chassis or CMM that hold the blade servers. Login and go to /CMM/network like in the example below and run the same commands as above.
-> cd CMM/network
You can change the IP to the blades from the chassis ILOM as well.
-> cd CH/BL#/SP/network
If you have any comments or questions please post them below.
Monday, December 31, 2012
How to use VNC to view a remote system
To see if any VNC sessions is running on your server run the command below.
# ps -ef|grep vnc
If you have a session running it will look like this.
rich 15137 14170 0 Nov 24 ? 0:00 vncconfig -iconic
rich 538 8833 0 Nov 24 ? 7:34 Xvnc :1 -desktop server:1 (rich) -auth /home/rich/.Xauthority -geometry 1900
To start a basic VNC server session just type vncserver.
# vncserver After you run this command you will get a session ID number. For example the first user of VNC server will get session number 1. When you connect to the session from a remote computer you use the hostname:1. You will also need to set the VNC password to connect the session.
# vncpasswd
This sets the password for your account.If you want more options, check the these popular options below. For screen size use -geometry widthxhight. If the computer you are connecting from doesn't have VNC Viewer installed then, you can use the -httpd option to connect using a web browser.
# vncserver :3 -geometry 800x600 -httpVNC is installed on MACs and you can turn on the VNC server by going to System Preferences --> Sharing. Select Remote Management and then click Computer settings. In the drop down select VNC viewers may control screen with password. Then put in desired password in box.
The xstartup file controls the desktop you get. Uncomment lines 4 & 5 to get a gnome desktop.
Sometimes you need to shutdown the VNC session your using.
# vncserver -kill :#Replace # with the session number VNC gave you.
Now that you have started the VNC server you will want to connect to use it. From a UNIX or Linux you run the following command. vncviewer hostname:1
# vncviewer server1:1If you are using VNC from a Windows PC, then there is a VNC viewer application.
Warning: If you auto-mount your home directory. Beware that different operating systems have different setting in the xstartup file. All VNC sessions use the same xstartup file, so changes made by you or the VNC program will effect the VNC experience. I ran into an issue when I tried to use the gnome desktop on both a RHEL & Solaris 10 servers. When I got the gnome desktop working for RHEL the gnome desktop was unusable with Solaris 10. The best way to get around this is to use different accounts or different windowing programs on different operating systems.
Important VNC files
$HOME/.vnc/xstartup -- The file that controls them all. This is the main config file used for the session on VNC server.
$HOME/.vnc/passwd -- The VNC password file
$HOME/.vnc/host:display#.log -- The log file for Xvnc and applications started in xstartup
$HOME/.vnc/host:display#.pid -- Identifies the Xvnc process ID, used by the -kill option.
Package list for Solaris 10
SUNWxvnc VNC Server
SUNWvncviewer VNC Viewer
Tuesday, October 2, 2012
Run Commands Remotely on Multiple Servers
Have you ever had to run the same command on several servers? It takes a lot of time to login to each server and then run a command or group of commands. There is also the possibility for errors, so I wrote this note to remind myself how to do this, if ever I need it. To get the most from this post you need to have your SSH agent working. If your SSH agent is not working don't worry the script below will still work, but you will have to login to each server on your list as the script moves along.
I'm going to use a real world example to explain how to run commands on many servers. I often have to do security checks on my servers. Many of the checks I do consist of checking file permissions and ownership. An easy enough check, but it can take time if you have to check more then 10 servers. So with that being said, we are going to check ownership and permissions on the /etc/resolve.conf file. I will using a space theme for the terminal examples in this guide. The user account is man and the servers are earth, moon, mars and saturn.
Lets get started by testing the command we are going to use.
Ok above I logged into moon and ran the ls -l command and the result was printed to the screen. After the command executed the connection to moon was disconnected and you are returned to earth.
Test the in a script.
Let me explain what is going on in the script above. The line for s in `moon` makes s a variable. So when the 3rd line says ssh -q $s it is seen as ssh -q moon, by the computer. The -q option for ssh stops any ssh banner from displaying. Which will make seeing the out put from several servers much easier to see.
Open your favorite text editor and create the file below and call it check.
Now lets test the check script.
Now the output shows the script logging into moon 2 times and running uname -n and then the ls command. Then followed by output from mars and saturn.
Note - By typing bash in front of a BASH script you can execute the script without making it executable.
To make the script a little more useful I'm adding a server list file called servers. I will also append the output of the commands to a file called result, on the server (earth). The final script is below.
Example of the servers file
The final script
I hope this helps someone
I'm going to use a real world example to explain how to run commands on many servers. I often have to do security checks on my servers. Many of the checks I do consist of checking file permissions and ownership. An easy enough check, but it can take time if you have to check more then 10 servers. So with that being said, we are going to check ownership and permissions on the /etc/resolve.conf file. I will using a space theme for the terminal examples in this guide. The user account is man and the servers are earth, moon, mars and saturn.
Lets get started by testing the command we are going to use.
man@earth> ssh moon ls -l /etc/resolve.conf
-rwxr-xr-x 1 root root 20 Oct 6 2011 /etc/resolv.conf
man@earth>
Ok above I logged into moon and ran the ls -l command and the result was printed to the screen. After the command executed the connection to moon was disconnected and you are returned to earth.
Test the in a script.
man@earth>for s in moon
> do
> ssh -q $s ls -l /etc/resolve.conf
> done
-rwxr-xr-x 1 root root 20 Oct 6 2011 /etc/resolv.conf
man@earth>Let me explain what is going on in the script above. The line for s in `moon` makes s a variable. So when the 3rd line says ssh -q $s it is seen as ssh -q moon, by the computer. The -q option for ssh stops any ssh banner from displaying. Which will make seeing the out put from several servers much easier to see.
Open your favorite text editor and create the file below and call it check.
#!/bin/bash
servers="moon mars saturn"
for s in $servers
do
ssh -q $s uname -n
ssh -q $s ls -l /etc/resolve.conf
doneNow lets test the check script.
man@earth> bash check
moon
-rwxr-xr-x 1 root root 20 Oct 6 2011 /etc/resolv.conf
mars
-rwxr-xr-x 1 root root 20 Oct 6 2011 /etc/resolv.conf
saturn
-rwxr-xr-x 1 root root 20 Oct 6 2011 /etc/resolv.conf
man@earth
Now the output shows the script logging into moon 2 times and running uname -n and then the ls command. Then followed by output from mars and saturn.
Note - By typing bash in front of a BASH script you can execute the script without making it executable.
To make the script a little more useful I'm adding a server list file called servers. I will also append the output of the commands to a file called result, on the server (earth). The final script is below.
Example of the servers file
moon
mars
saturnThe final script
#!/bin/bash
for s in `cat servers`
do
ssh -q $s uname -n >> result
ssh -q $s ls -l /etc/resolve.conf >> result
done
I hope this helps someone
Thursday, September 27, 2012
Forwarding Display
These are my notes on how to forward a display on a UNIX based operating system.
For this example we will useing the names home & remote for our servers. Home is the starting sever and remote is the server your logging into and displaying the app back to the home server.
Some work places don't allow X forwarding so you have to use the DISPLAY variable.
Reference
How to export display from Linux to FreeBSD
For this example we will useing the names home & remote for our servers. Home is the starting sever and remote is the server your logging into and displaying the app back to the home server.
rich@home# ssh -X remote
Can also use -Y instead of -X. This is more secure then the method described below. Some work places don't allow X forwarding so you have to use the DISPLAY variable.
rich@home# xhost + remote
server2 being added to access control list
rich@home# echo $DISPLAY
:1.0
rich@home# ssh remote
rich@remote# export DISPLAY=home:1.0
At this point you can now forward your display. Export DISPLAY works with BASH and KSH. Use setenv DISPLAY for CSH. Take a note of the fact that this 2nd way of forwarding your display is insecure. Reference
How to export display from Linux to FreeBSD
Friday, September 14, 2012
How-to change the IP address on a Solaris server
Solaris 10
root@earth> ifconfig [interface] x.x.x.x/xThe /x at the end is used to set the netmask and is optional. If the netmask is not set Solaris will use the default /24 for a class C address, if the IP address is a class C address.
root@earth> ifconfig [interface] plumb x.x.x.x/x upThis command sets the IP adddress and brings up the interface.
Note this is not a permanent fix. The server will revert back to the old IP address after a reboot. To prevent this, perform the steps below.
root@earth> echo x.x.x.x/x > /etc/hostname.[interface]Add the IP address and hostname to the /etc/hosts file.
Use this command to restart the service instead of rebooting the server.
root@earth> svcadm restart network/physicalChange the IP address of a Solaris 10 zone.
The steps above can be used to change the IP address from within the zone. Though if the NIC is controlled by the global zone, ie a shared interface. Then steps below will show you how to change the IP address of the zone, from the global zone.
root@earth> zonecfg -z moon
zonecfg:moon> select net address=x.x.x.x/x
zonecfg:moon:net> set address=x.x.x.x/x
zonecfg:moon:net> set physical=[interface]
zonecfg:moon:net> set defrouter=x.x.x.x/x
zonecfg:moon:net> end
zonecfg:moon> verify
zonecfg:moon> commit
zonecfg:moon> exitYou may have to remove the the old IP address first. If so follow the steps below.
root@earth> zonecfg:moon> remove address=x.x.x.x/x
zonecfg:moon> add net
zonecfg:moon:net> set address=x.x.x.x/x
zonecfg:moon:net> set physical=[interface]
zonecfg:moon:net> set defrouter=x.x.x.x/x
zonecfg:moon:net> endNow reboot the zone and check the zone status.
root@earth> zoneadm -z moon reboot
root@earth> zoneadm list -cv
ID NAME STATUS PATH BRAND IP
global running / native shared
moon running /export/zones/moon native shared
I hope this helps someone. If you have an suggestions or questions please post below.
Subscribe to:
Posts (Atom)