Thursday, July 23, 2009

My laptop backup plan

Background: I use a Mac.

Hardware: 2 external drives, 1 subscription to Mozy, 1 server,
1 Picasa account



1) Setup timemachine. It is easy, free, fast, and reliable.
How: Plug in an external hard drive and enable timemachine
Why: easy, free, fast, and reliable.

2) Mozy. It is easy, very low cost, and most importantly offers off site backups.
How: http://mozy.com/
Why: What if your house burns down?

3) Rsync. Easy, free, fast, and offers additional protection.
How: sudo rsync -vaxE --delete --ignore-errors / /Volumes/backup/
Why: Because you can't have enough backups and this drive gets unplugged and stored away in a safe plae.

4) Picasa. All the most important pictures are also upload to Picasa
How: Download the latest Picasa photo management software from Google
Why: To both share and backup important family photos

5) Rsync (again). This time to a server in the basement.
How: rsync -azvL --progress --delete -e '/usr/bin/ssh' "$LOCALDIR" $REMOTEUSER@$REMOTEHOST:$REMOTEDIR
Why: So the other PC's in the house can access the shared photos (and it can't hurt to have another backup)




If I had to pick 2 (there must always be 2 backups).

1) timemachine (fast, easy, reliable)
2) Mozy (offsite)

How to clone a Linux box

* Gather harddrive information from original system using fdisk

* Boot new system off of boot cdrom

* Make partitions and file systems on new system equal to size or
orignal systems used space.

fdisk /dev/sda

* Make the file system on the new partitions

mkfs.ext3 /dev/sda1

* Mount the partitions:

mount /dev/sda1 /mnt

* Copy the data from the old system to the new system:

rsync -av --links --hard-links --numeric-ids --exclude=/dev/* --exclude=/proc/* --exclude=/sys/* / root@172.16.1.33:/mnt

* Edit important config files that may have change from the old system to the new system:

/mnt/grub/boot/menu.lst
/mnt/grub/boot/device.map
/mnt/etc/fstab

* Install boot loader (GRUB)

grub-install --root-directory=/mnt /dev/sda

* reboot, you are done.

How active directory determins what DNS server to update

1) AD uses the DNS servers listed in their TCP/IP settings to send
a query to.

2) The query is to find out the authoritative server in the SOA for
the zone they need to update.

3) The DNS server that is queried will return the SOA information
for that zone. In the SOA record, is the server that is listed as
being authoritative for that zone. There can be many different
servers authoritative for a zone (primary and secondary), but the
DC is looking for the DNS server that is specifically listed in the
SOA record.

4) The DC will then send the dynamic updates to that DNS server in
the SOA.

* Now, the case of AD, they use the multi-master scenario. So,
whatever server is updated with the SRV records, that information
will be replicated to the other servers via DNS zone transfers.

Using rancid to mass update multiple network devices

Here is how to make mass changes to a bunch of network devices using
rancid:

clogin -c "conf t;interface g0/1;no shut; end; wr mem" router1 router2

Ways to boot Solaris with verbose output

Various commands to boot solaris into a verbose mode to see what
is happening during the boot phase:

1) boot -m verbose - More SMF chatter (solaris 10+ only)
2) boot -av - a=interactive v=verbose

Sun install MetaClusters

Sun Install MetaClusters
------------------------

METACLUSTER=SUNWCXall
NAME=Entire Distribution plus OEM support DESC=A pre-defined software
configuration consisting of all software included in the operating system
release, plus OEM pla tform support.



METACLUSTER=SUNWCall
NAME=Entire Distribution
DESC=A pre-defined software configuration consisting of all software
included in the operating system release.


METACLUSTER=SUNWCprog
NAME=Developer System Support
DESC=A pre-defined software configuration consisting of the typical
software used by software developers.



METACLUSTER=SUNWCuser
NAME=End User System Support
DESC=A pre-defined software configuration consisting of the typical
software required by end-users running a desktop.


METACLUSTER=SUNWCreq
NAME=Core System Support
DESC=A pre-defined software configuration consisting of the minimum
required software for a standalone, non-networked works tation.


METACLUSTER=SUNWCmreq
NAME=Minimal Core System Support
DESC=A pre-defined minimal software configuration consisting of the
minimum required software for a standalone, non-network ed workstation.



You can find this and much more interesting information in the (replace
solaris version with your version):

.../OS/Solaris_9_2005-09/Solaris_9/Product/.clustertoc

Quick reference guide to create a new Solaris SMF startup script.

Copy one of the existing manifest files from /var/svc/manifest/
Edit the new file make sure to give it a unique instance name
Copy one of the existing method files from /lib/svc/method/ and edit it
Import the new manifest: /usr/sbin/svccfg -v import /var/svc/manifest/somefile.xml
Verify the new manifest: svcs -a
Start the script: svcadm enable

How to attach SAN/FC disks to a Solaris 10 system without rebooting.

If newly SAN/FC attached storage does not appear when presented to a
Solaris 10 system perform these steps:

Check to see if the OS sees the newly attached disk space:

# cfgadm -al
c2::212000d0b202bd41 unavailable connected configured failed

Then configure it:

# cfgadm -c configure c2::212000d0b202bd41

Check again:

# cfgadm -al
c2::212000d0b202bd41 disk connected configured unknown

Check format:

root@weaver:~ # format
Searching for disks...
Mode sense page(3) reports nsect value as 200, adjusting it to 100
done

c2t212000D0B202BD41d0: configured with capacity of 50.06GB

AVAILABLE DISK SELECTIONS:
2. c2t212000D0B202BD41d0
/pci@7c0/pci@0/pci@1/pci@0,2/SUNW,emlxs@2/fp@0,0/ssd@w212000d0b202bd41,0

Instructions on booting a Sun Solaris 10 T2000 from Fabric (SAN) attached disks

Fabric (SAN) Booting a Sun Server
=================================

Hardware
--------
Server: Sun Fire T2000
HBA: Emulex (SUNW,emlxs-pci10df,fc00 LP10000-S)
SAN: Xiotech Magnitude 3D


Overview
--------
Instructions for configuring and installing the Solaris 10 OS on a Sun
T2000 with a FC/SAN attached disk drive (ie. no local disks).

There are no directions anywhere, that I could find, that explains how
to perform this setup. Xiotech, IBM, and EMC all told me it was very
difficult to do on a Sun system. This is NOT the case, it is very
easy. It is nothing more then installing the OS.

Extra Notes
-----------
{ok} probe-scsi-all - shows drives attached to the system
{ok} show-disks - displays the disks attached to the system


Instructions
------------
We built a pretty stock jumpstart server using the JASS framework.
The following directions are all based on using jumpstart to build the
system.

1) Configure the zone on the FC switches include the SAN and the HOST in
the zone (refer to switch documentation).

2) Configure the disks on the SAN. In our case we presented a single 45GB
disk to the system (refer to SAN documentation).

3) Boot the Sun system up into single user mode:

{ok} boot net -s

4) You are going to receive an error about the SAN disk not having a valid
lable, and a line that looks something like this:

WARNING: /pci@7c0/pci@0/pci@1/pci@0,2/SUNW,emlxs@1/fp@0,0/ssd@w212100d0b202bd41,0 (ssd2): has no label

5) Once the system is booted up, you need to label/format the disk:

# format

It will ask you to label the disk. Follow the directions.

6) Before you exit the format command make note of the full device name
for the SAN disk, it will look something like:

c2t212100D0B202BD41d0


7) On the jumpstart server, setup a basic profile that will include
installing the OS on the SAN attached disk, something like:

root_device c2t212100D0B202BD41d0s0
filesys rootdisk.s0 10000 /
filesys rootdisk.s1 20000 /var
filesys rootdisk.s2 4000 swap
filesys rootdisk.s3 free /opt

8) Perform the Jumpstart Install:

{ok} boot net - install

8.5) You will see it selecting the SAN attached disk for the install:

- Selecting all disks
- Configuring boot device
- Using disk (c2t212100D0B202BD41d0) for "rootdisk"
- Configuring / (c2t212100D0B202BD41d0s0)
- Configuring /var (c2t212100D0B202BD41d0s1)
- Configuring swap (c2t212100D0B202BD41d0s2)
- Configuring /opt (c2t212100D0B202BD41d0s3)
- Automatically configuring disks for Solaris operating system
- Deselecting unmodified disk (c0t0d0)
- Deselecting unmodified disk (c0t1d0)

Creating and checking UFS file systems
- Creating / (c2t212100D0B202BD41d0s0)
- Creating /var (c2t212100D0B202BD41d0s1)
- Creating /opt (c2t212100D0B202BD41d0s3)

9) Once the install is completed you will see it reboot using the SAN
attached disk as the boot disk:

Rebooting with command: boot
Boot device: /pci@7c0/pci@0/pci@1/pci@0,2/SUNW,emlxs@1/fp@0,0/disk@w212100d0b202bd41,0:a File and args:
SunOS Release 5.10 Version Generic_118833-17 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.

How to transfer a file with a webserver, uuencode, uudecode, script or tee, and telnet.

How to transfer a file with a webserver, uuencode, uudecode, script or
tee, and telnet. (ie. filetransfer without ftp, without ssh, without scp,
without any standandard file transfer program).

Background: the system was deployed to a remote site only to find out
a critical shared library was not installed and ssh would not start.
Router ACLs that only allow outbound 22 and 80 were applied to the
uplinks.


In order to retrieve the file:

1) uuencode the file to be sent.

2) Copy the file to a directory that is accessable via a public webserver.

3) From the host you need to get the file onto, run:

telnet 80 | tee
GET

4) uudecode

5) Install file where it needs to be.

How to make Solaris 9 recognize SAN attached storage

I recently ran into a problem were my Solaris 9 server
would not recognize the new storage I presented to it from our
Xiotech SAN. On Solaris 10 everything has always "worked out of
the box". The problem was from two issues.

1) Solaris 9 does not have the drivers for the Emulex HBA. They have
to be downloaded from here:

http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId=StoreEdgeSw-4.0-G-F&TransactionId=Try

(Note: you need a sunsolve account to get the drivers).

2) The HBA was "unconfigured". In order to figure out if the card is
"unconfigured", use `cfgadm` - if you see output like this:


#cfgadm
Ap_Id Type Receptacle Occupant Condition
c3 fc connected unconfigured failed


You need to run:

#cfgadm -c configure c3

After you do that all is well.

Basic ipfilter rules


## Block Everything inbound
block in log all

## allow outbound and return traffic
pass out quick proto tcp from any to any flags S keep state keep frags
pass out quick proto udp from any to any keep state keep frags

## ICMP
pass in quick proto icmp from any to any
pass out quick proto icmp from any to any

##
## Allow localhost traffic
##
pass in quick on lo0 proto tcp from 127.0.0.1/32 to 127.0.0.1/32

## Allow ssh from mangement host
pass in quick proto tcp from 1.2.3.4/32 to any port = 22 flags S keep state keep frags

Cable Pinouts (ether, t1, e1, etc)


Standard Ethernet (568B)
------------------------
1 WhiteOrange <-> WhiteOrange
2 Orange <-> Orange
3 WhiteGreen <-> WhiteGreen
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Green <-> Green
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Standard Ethernet (568B) Cross-Over
-----------------------------------
1 WhiteOrange <-> WhiteGreen
2 Orange <-> Green
3 WhiteGreen <-> WhiteOrange
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Green <-> Orange
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Standard Ethernet (568A)
------------------------
1 WhiteGreen <-> WhiteGreen
2 Green <-> Green
3 WhiteOrange <-> WhiteOrange
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Orange <-> Orange
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Standard Ethernet (568A) Cross-Over
-----------------------------------
1 WhiteGreen <-> WhiteOrange
2 Green <-> Orange
3 WhiteOrange <-> WhiteGreen
4 Blue <-> Blue
5 WhiteBlue <-> WhiteBlue
6 Orange <-> Green
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

T1/E1 Cross-Over
----------------
1 WhiteOrange <-> Blue
2 Orange <-> WhiteBlue
3 WhiteGreen <-> WhiteGreen
4 Blue <-> White Orange
5 WhiteBlue <-> Orange
6 Green <-> Green
7 WhiteBrown <-> WhiteBrown
8 Brown <-> Brown

Using `bc` for base conversoin

jemurray@remington:~$ bc
bc 1.06
Copyright 1991-1994, 1997, 1998, 2000 Free Software Foundation, Inc.
This is free software with ABSOLUTELY NO WARRANTY.
For details type `warranty'.
obase=10
ibase=16

C0A8

49320

Basic iptables rules


#!/bin/bash

# If you use the kernel modules, make sure they are loaded
modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_state
modprobe ipt_REJECT
modprobe ipt_LOG

# added in case you are reloading
iptables --flush

# drop all inbound by default
iptables -P INPUT DROP

# always allow loopback
iptables -A INPUT -i lo -j ACCEPT

# Allow return traffic
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT

# Allow ICMP
iptables -A INPUT -p icmp -m icmp -j ACCEPT

## SSH (Limit connection attempts)
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
iptables -A INPUT -p tcp -m tcp --source 192.168.0.0/24 --dport 22 -j ACCEPT

# Log and Block
iptables -A INPUT -j LOG --log-prefix IN-FILTERBLOCK
iptables -A INPUT -j REJECT

ASCII Table


Dec Hx Oct Char Dec Hx Oct Char Dec Hx Oct Char
--------------- --------------- ---------------
32 20 040 SPACE 64 40 100 @ 96 60 140 `
33 21 041 ! 65 41 101 A 97 61 141 a
34 22 042 " 66 42 102 B 98 62 142 b
35 23 043 # 67 43 103 C 99 63 143 c
36 24 044 $ 68 44 104 D 100 64 144 d
37 25 045 % 69 45 105 E 101 65 145 e
38 26 046 & 70 46 106 F 102 66 146 f
39 27 047 ' 71 47 107 G 103 67 147 g
40 28 050 ( 72 48 110 H 104 68 150 h
41 29 051 ) 73 49 111 I 105 69 151 i
42 2A 052 * 74 4A 112 J 106 6A 152 j
43 2B 053 + 75 4B 113 K 107 6B 153 k
44 2C 054 , 76 4C 114 L 108 6C 154 l
45 2D 055 - 77 4D 115 M 109 6D 155 m
46 2E 056 . 78 4E 116 N 110 6E 156 n
47 2F 057 / 79 4F 117 O 111 6F 157 o
48 30 060 0 80 50 120 P 112 70 160 p
49 31 061 1 81 51 121 Q 113 71 161 q
50 32 062 2 82 52 122 R 114 72 162 r
51 33 063 3 83 53 123 S 115 73 163 s
52 34 064 4 84 54 124 T 116 74 164 t
53 35 065 5 85 55 125 U 117 75 165 u
54 36 066 6 86 56 126 V 118 76 166 v
55 37 067 7 87 57 127 W 119 77 167 w
56 38 070 8 88 58 130 X 120 78 170 x
57 39 071 9 89 59 131 Y 121 79 171 y
58 3A 072 : 90 5A 132 Z 122 7A 172 z
59 3B 073 ; 91 5B 133 [ 123 7B 173 {
60 3C 074 < 92 5C 134 \ 124 7C 174 |
61 3D 075 = 93 5D 135 ] 125 7D 175 }
62 3E 076 > 94 5E 136 ^ 126 7E 176 ~
63 3F 077 ? 95 5F 137 _ 127 7F 177 DEL


____________________________________________________________________________
|Oct | Dec | Hex | Display | Symbol | Char Name | Keypress |
|____|_____|_____|_________|________|________________________|______________|
|000 | 000 | 00 | none | NUL | Null | Ctrl-Shift-@ |
|001 | 001 | 01 | ^A | SOH | Start of Header | Ctrl-A |
|002 | 002 | 02 | ^B | STX | Start of Text | Ctrl-B |
|003 | 003 | 03 | ^C | ETX | End of Text | Ctrl-C |
|004 | 004 | 04 | ^D | EOT | End of Transmission | Ctrl-D |
|005 | 005 | 05 | ^E | ENQ | Enquire | Ctrl-E |
|006 | 006 | 06 | ^F | ACK | Acknowledge | Ctrl-F |
|007 | 007 | 07 | ^G | BEL | Bell | Ctrl-G |
|____|_____|_____|_________|________|________________________|______________|
|010 | 008 | 08 | ^H | BS | Back Space | Ctrl-H |
|011 | 009 | 09 | ^I | HT | Horizontal Tab | Ctrl-I |
|012 | 010 | 0A | ^J | LF | Line Feed | Ctrl-J |
|013 | 011 | 0B | ^K | VT | Vertical Tab | Ctrl-K |
|014 | 012 | 0C | ^L | FF | Form Feed | Ctrl-L |
|015 | 013 | 0D | ^M | CR | Carriage Return | Ctrl-M |
|016 | 014 | 0E | ^N | SO | Shift Out | Ctrl-N |
|017 | 015 | 0F | ^O | SI | Shift In | Ctrl-O |
|____|_____|_____|_________|________|________________________|______________|
|020 | 016 | 10 | ^P | DLE | Data Link Escape | Ctrl-P |
|021 | 017 | 11 | ^Q | DC1 | Device Control 1 | Ctrl-Q |
|022 | 018 | 12 | ^R | DC2 | Device Control 2 | Ctrl-R |
|023 | 019 | 13 | ^S | DC3 | Device Control 3 | Ctrl-S |
|024 | 020 | 14 | ^T | DC4 | Device Control 4 | Ctrl-T |
|025 | 021 | 15 | ^U | NAK | Negative Acknowledge | Ctrl-U |
|026 | 022 | 16 | ^V | SYN | Synchronize | Ctrl-V |
|027 | 023 | 17 | ^W | ETB | End Transmission Block | Ctrl-W |
|____|_____|_____|_________|________|________________________|______________|
|030 | 024 | 18 | ^X | CAN | Cancel | Ctrl-X |
|031 | 025 | 19 | ^Y | EM | End of Medium | Ctrl-Y |
|032 | 026 | 1A | ^Z | SUB | Substitute | Ctrl-Z |
|033 | 027 | 1B | ^[ | ESC | Escape | Ctrl-[ |
|034 | 028 | 1C | ^\ | FS | File Separator | Ctrl-\ |
|035 | 029 | 1D | ^] | GS | Group Separator | Ctrl-] |
|036 | 030 | 1E | ^^ | RS | Record Separator | Ctrl-Shift-^ |
|037 | 031 | 1F | ^_ | US | Unit Separator | Ctrl-Shift-_ |
|____|_____|_____|_________|________|________________________|______________|
|177 | 127 | 7F | ^? | DEL | Delete | DEL |
|____|_____|_____|_________|________|________________________|______________|



Note: To place control characters in a file when using the vi or ex editor,
type Ctrl-v before typing the desired control character.

Followers

Contributors