10:28:00 下午
By 洋蔥爸比 Tosian Yang
為了撥接到客戶那邊去處理點問題,趕緊翻出之前的舊版 CISCO-vpnclient-win-msi-4.7.00.0533-k9 出來裝,裝好之後,重開機,啊ㄌㄟ,救人喔....怎麼無線網路就起不來了,再也掃不到任何無線 AP 了,剛剛還在用的啊,天哪,就連有線的區域網路也掛了,完全沒有任何 IP,就算用 ipconfig /renew 也直接回報網路裝置有問題,居然還無法移除...幸好我有安裝新程式之前設定還原點的習慣,趕緊還原到剛剛還沒裝之前的狀態,但,怎麼都不死心,於是上網去抓了新一點的版本 CISCO vpn-client 5.0.03.0560 試試,沒想到,結果一樣,二話不說,還原再試一次,再去找更新的版本,花了一個多小時試到 CISCO-vpnclient-win-msi-5.0.05.0280-k9 的版本還是不行,再次上網去查詢了一下,才發現原來是 DNE 造成的問題啊,只要先 fix 完 DNE 的問題再安裝 CISCO VPN Client 就沒問題了,趕緊到
Citrix DNE Support 的頁面去,下面是他網頁說明的步驟:
1. 下載並安裝 ftp://files.citrix.com/winfix.exe
2. 接著,下載並安裝最新版的 DNE 更新:
ftp://files.citrix.com/dneupdate.msi for 32-bit
ftp://files.citrix.com/dneupdate64.msi for 64-bit
3. 重新安裝用到 DNE 的程式(例如:VPN Client...)
照著做完之後,果然這次安裝 CISCO-vpnclient-win-msi-5.0.05.0280-k9 後網路就沒問題了~
(詳全文...)
11:45:00 下午
By 洋蔥爸比 Tosian Yang
今天臨時要裝一台 SUN 的機器,用來當新的 DHCP server,手邊只有公司精簡版的 Solaris 10 的安裝光碟,裝完後才發現,歐賣尬的,挖勒,怎麼沒看到 isc-dhcp 啊?啊是躲到哪去了?用 svcs -a 去看居然只有 default 的那支 dhcp-server:
8ksh# svcs -a|grep dhcp
disabled 16:39:47 svc:/network/dhcp-server:default
問題來了,由於這一台機器是要把另一台正在 in service 機器上的 DHCP service 給取代掉的,而且之前的 DHCP 是用 isc-dhcp v3.0.4,我看了一下那個 default dhcp-server 的設定,跟 isc-dhcp 的差異實在頗大,沒時間重新設定成 dhcp-server 用的,目前也沒時間線上驗證,怕會影響目前客戶的 serice,所以只得趕快去找 isc-dhcp for Solaris10 的 package。
先到 ISC 的下載網頁去看一下,目前最新的版本是 DHCP v4.1.0,抓下來試試看,結果要 ./configure 時居然發現這個精簡版的 OS超級精簡的,連 gcc 都沒有...17ksh# ./configure
checking for a BSD-compatible install... ./install-sh -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name...
configure: error: C compiler cannot create executables
See `config.log' for more details.
root@KHXDNSS1:/opt/SW_Package/dhcp-4.1.0
再一查看才發現缺的東西真是多啊,算了,時間不多,換一個好了,直接抓安裝版的好了....到 SunFreeware 去找了一下,嗯,看到了 dhcp-4.0.0-sol10-sparc-local.gz,當下二話不說,先抓回來看看~
解壓再 pkgadd 裝來看看:25ksh# pkgadd -d dhcp-4.0.0-sol10-sparc-local
The following packages are available:
1 SMCdhcp dhcp
(sparc) 4.0.0
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
Processing package instance from
dhcp(sparc) 4.0.0
ISC
Using as the package base directory.
## Processing package information.
## Processing system information.
4 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing dhcp as
## Installing part 1 of 1.
/usr/local/bin/omshell
/usr/local/doc/dhcp/LICENSE
/usr/local/doc/dhcp/README
/usr/local/doc/dhcp/RELNOTES
/usr/local/doc/dhcp/contrib/3.0b1-lease-convert
/usr/local/doc/dhcp/contrib/dhclient-tz-exithook.sh
/usr/local/doc/dhcp/contrib/dhcp.spec
/usr/local/doc/dhcp/contrib/ms2isc/Registry.pm
/usr/local/doc/dhcp/contrib/ms2isc/ms2isc.pl
/usr/local/doc/dhcp/contrib/ms2isc/readme.txt
/usr/local/doc/dhcp/contrib/sethostname.sh
/usr/local/doc/dhcp/contrib/solaris.init
/usr/local/doc/dhcp/doc/IANA-arp-parameters
/usr/local/doc/dhcp/doc/Makefile
/usr/local/doc/dhcp/doc/References.html
/usr/local/doc/dhcp/doc/References.txt
/usr/local/doc/dhcp/doc/References.xml
/usr/local/doc/dhcp/doc/api+protocol
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient-script.8
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.8
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.conf.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.leases.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhcp-eval.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhcp-options.5
/usr/local/etc/dhclient.conf
/usr/local/etc/dhcpd.conf
/usr/local/include/dhcpctl/dhcpctl.h
/usr/local/include/isc-dhcp/boolean.h
/usr/local/include/isc-dhcp/commandline.h
/usr/local/include/isc-dhcp/dst.h
/usr/local/include/isc-dhcp/formatcheck.h
/usr/local/include/isc-dhcp/int.h
/usr/local/include/isc-dhcp/lang.h
/usr/local/include/isc-dhcp/list.h
/usr/local/include/isc-dhcp/mem.h
/usr/local/include/isc-dhcp/print.h
/usr/local/include/isc-dhcp/result.h
/usr/local/include/isc-dhcp/string.h
/usr/local/include/isc-dhcp/types.h
/usr/local/include/omapip/alloc.h
/usr/local/include/omapip/buffer.h
/usr/local/include/omapip/convert.h
/usr/local/include/omapip/hash.h
/usr/local/include/omapip/omapip.h
/usr/local/include/omapip/omapip_p.h
/usr/local/include/omapip/trace.h
/usr/local/lib/libdhcpctl.a
/usr/local/lib/libdst.a
/usr/local/lib/libomapi.a
/usr/local/sbin/dhclient
/usr/local/sbin/dhcpd
/usr/local/sbin/dhcrelay
/usr/local/share/man/man1/omshell.1
/usr/local/share/man/man3/dhcpctl.3
/usr/local/share/man/man3/omapi.3
/usr/local/share/man/man5/dhclient.conf.5
/usr/local/share/man/man5/dhclient.leases.5
/usr/local/share/man/man5/dhcp-eval.5
/usr/local/share/man/man5/dhcp-options.5
/usr/local/share/man/man5/dhcpd.conf.5
/usr/local/share/man/man5/dhcpd.leases.5
/usr/local/share/man/man8/dhclient-script.8
/usr/local/share/man/man8/dhclient.8
/usr/local/share/man/man8/dhcpd.8
/usr/local/share/man/man8/dhcrelay.8
[ verifying class ]
Installation of was successful.
root@KHXDNSS1:/opt/SW_Package
27ksh# pkginfo SMCdhcp
application SMCdhcp dhcp
root@KHXDNSS1:/opt/SW_Package
裝完直接跑跑看吧:6ksh# /usr/local/sbin/dhcpd
ld.so.1: dhcpd: fatal: libcrypto.so.0.9.8: open failed: No such file or directory
Killed
root@KHXDNSS1:/root
不是吧?這個 OS 也實在是太過精簡了吧,要什麼沒什麼~算了,二話不說,直接移掉:7ksh# pkgrm SMCdhcp
The following package is currently installed:
SMCdhcp dhcp
(sparc) 4.0.0
Do you want to remove this package? [y,n,?,q] y
## Removing installed package instance
## Verifying package dependencies in global zone
## Processing package information.
## Removing pathnames in class
/usr/local/share/man/man8/dhcrelay.8
/usr/local/share/man/man8/dhcpd.8
/usr/local/share/man/man8/dhclient.8
/usr/local/share/man/man8/dhclient-script.8
/usr/local/share/man/man8
/usr/local/share/man/man5/dhcpd.leases.5
/usr/local/share/man/man5/dhcpd.conf.5
/usr/local/share/man/man5/dhcp-options.5
/usr/local/share/man/man5/dhcp-eval.5
/usr/local/share/man/man5/dhclient.leases.5
/usr/local/share/man/man5/dhclient.conf.5
/usr/local/share/man/man5
/usr/local/share/man/man3/omapi.3
/usr/local/share/man/man3/dhcpctl.3
/usr/local/share/man/man3
/usr/local/share/man/man1/omshell.1
/usr/local/share/man/man1
/usr/local/share/man
/usr/local/share
/usr/local/sbin/dhcrelay
/usr/local/sbin/dhcpd
/usr/local/sbin/dhclient
/usr/local/sbin
/usr/local/lib/libomapi.a
/usr/local/lib/libdst.a
/usr/local/lib/libdhcpctl.a
/usr/local/lib
/usr/local/include/omapip/trace.h
/usr/local/include/omapip/omapip_p.h
/usr/local/include/omapip/omapip.h
/usr/local/include/omapip/hash.h
/usr/local/include/omapip/convert.h
/usr/local/include/omapip/buffer.h
/usr/local/include/omapip/alloc.h
/usr/local/include/omapip
/usr/local/include/isc-dhcp/types.h
/usr/local/include/isc-dhcp/string.h
/usr/local/include/isc-dhcp/result.h
/usr/local/include/isc-dhcp/print.h
/usr/local/include/isc-dhcp/mem.h
/usr/local/include/isc-dhcp/list.h
/usr/local/include/isc-dhcp/lang.h
/usr/local/include/isc-dhcp/int.h
/usr/local/include/isc-dhcp/formatcheck.h
/usr/local/include/isc-dhcp/dst.h
/usr/local/include/isc-dhcp/commandline.h
/usr/local/include/isc-dhcp/boolean.h
/usr/local/include/isc-dhcp
/usr/local/include/dhcpctl/dhcpctl.h
/usr/local/include/dhcpctl
/usr/local/include
/usr/local/etc/dhcpd.conf
/usr/local/etc/dhclient.conf
/usr/local/etc
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhcp-options.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhcp-eval.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.leases.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.conf.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.8
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient-script.8
/usr/local/doc/dhcp/doc/ja_JP.eucJP
/usr/local/doc/dhcp/doc/api+protocol
/usr/local/doc/dhcp/doc/References.xml
/usr/local/doc/dhcp/doc/References.txt
/usr/local/doc/dhcp/doc/References.html
/usr/local/doc/dhcp/doc/Makefile
/usr/local/doc/dhcp/doc/IANA-arp-parameters
/usr/local/doc/dhcp/doc
/usr/local/doc/dhcp/contrib/solaris.init
/usr/local/doc/dhcp/contrib/sethostname.sh
/usr/local/doc/dhcp/contrib/ms2isc/readme.txt
/usr/local/doc/dhcp/contrib/ms2isc/ms2isc.pl
/usr/local/doc/dhcp/contrib/ms2isc/Registry.pm
/usr/local/doc/dhcp/contrib/ms2isc
/usr/local/doc/dhcp/contrib/dhcp.spec
/usr/local/doc/dhcp/contrib/dhclient-tz-exithook.sh
/usr/local/doc/dhcp/contrib/3.0b1-lease-convert
/usr/local/doc/dhcp/contrib
/usr/local/doc/dhcp/RELNOTES
/usr/local/doc/dhcp/README
/usr/local/doc/dhcp/LICENSE
/usr/local/doc/dhcp
/usr/local/doc
/usr/local/bin/omshell
/usr/local/bin
## Updating system information.
Removal of was successful.
root@KHXDNSS1:/root
算了,回頭看一下原來的機器,用的是 v3.0.4 版的,好吧,再去找了一下,v3.0.4 版的是找不到,不過還好在 SunFreeware 還有給 Solaris10 用的 DHCP v3.0.5 (dhcp-3.0.5-sol10-sparc-local.gz) 的版本,一樣,先抓來解壓縮:gunzip dhcp-3.0.5-sol10-sparc-local.gz
接著裝上去吧:17ksh# pkgadd -d dhcp-3.0.5-sol10-sparc-local
The following packages are available:
1 SMCdhcp dhcp
(sparc) 3.0.5
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
Processing package instance from
dhcp(sparc) 3.0.5
ISC
Using as the package base directory.
## Processing package information.
## Processing system information.
7 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing dhcp as
## Installing part 1 of 1.
/usr/local/bin/omshell
/usr/local/doc/dhcp/LICENSE
/usr/local/doc/dhcp/README
/usr/local/doc/dhcp/RELNOTES
/usr/local/doc/dhcp/contrib/3.0b1-lease-convert
/usr/local/doc/dhcp/contrib/dhcp.spec
/usr/local/doc/dhcp/contrib/ms2isc/Registry.pm
/usr/local/doc/dhcp/contrib/ms2isc/ms2isc.pl
/usr/local/doc/dhcp/contrib/ms2isc/readme.txt
/usr/local/doc/dhcp/contrib/sethostname.sh
/usr/local/doc/dhcp/contrib/solaris.init
/usr/local/doc/dhcp/doc/IANA-arp-parameters
/usr/local/doc/dhcp/doc/api+protocol
/usr/local/doc/dhcp/doc/draft-ietf-dhc-authentication-14.txt
/usr/local/doc/dhcp/doc/draft-ietf-dhc-dhcp-dns-12.txt
/usr/local/doc/dhcp/doc/draft-ietf-dhc-failover-07.txt
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient-script.8
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.8
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.conf.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhclient.leases.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhcp-eval.5
/usr/local/doc/dhcp/doc/ja_JP.eucJP/dhcp-options.5
/usr/local/doc/dhcp/doc/rfc1542.txt
/usr/local/doc/dhcp/doc/rfc2131.txt
/usr/local/doc/dhcp/doc/rfc2132.txt
/usr/local/doc/dhcp/doc/rfc2485.txt
/usr/local/doc/dhcp/doc/rfc2489.txt
/usr/local/doc/dhcp/doc/rfc951.txt
/usr/local/doc/dhcp/site.conf
/usr/local/include/dhcpctl.h
/usr/local/include/isc-dhcp/boolean.h
/usr/local/include/isc-dhcp/dst.h
/usr/local/include/isc-dhcp/int.h
/usr/local/include/isc-dhcp/lang.h
/usr/local/include/isc-dhcp/list.h
/usr/local/include/isc-dhcp/result.h
/usr/local/include/isc-dhcp/types.h
/usr/local/include/omapip/alloc.h
/usr/local/include/omapip/buffer.h
/usr/local/include/omapip/omapip.h
/usr/local/lib/libdhcpctl.a
/usr/local/lib/libomapi.a
/usr/local/man/man1/omshell.1
/usr/local/man/man1m/dhclient-script.1m
/usr/local/man/man1m/dhclient.1m
/usr/local/man/man1m/dhcpd.1m
/usr/local/man/man1m/dhcrelay.1m
/usr/local/man/man3/dhcpctl.3
/usr/local/man/man3/omapi.3
/usr/local/man/man3/omshell.3
/usr/local/man/man4/dhclient.conf.4
/usr/local/man/man4/dhclient.leases.4
/usr/local/man/man4/dhcp-eval.4
/usr/local/man/man4/dhcp-options.4
/usr/local/man/man4/dhcpd.conf.4
/usr/local/man/man4/dhcpd.leases.4
/usr/local/sbin/dhclient
/usr/local/sbin/dhclient-script
/usr/local/sbin/dhcpd
/usr/local/sbin/dhcrelay
[ verifying class ]
Installation of was successful.
root@KHXDNSS1:/opt/SW_Package
18ksh# pkginfo |grep dhcp
application SMCdhcp dhcp
root@KHXDNSS1:/opt/SW_Package
裝完,先直接跑跑看囉,這裡我先把舊的設定檔放到 /etc/dhcpd.conf,另外我指定把ip租借表寫到 /var/dhcpd/dhcpd.leases 去:26ksh# /usr/local/sbin/dhcpd -d -cf /etc/dhcpd.conf -lf /var/dhcpd/dhcpd.leases &
[1] 3566
root@KHXDNSS1:/opt/SW_Package
開始執行之後自然有 log 出現:27ksh# Internet Systems Consortium DHCP Server V3.0.5
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
WARNING: Host declarations are global. They are not limited to the scope you declared them in.
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Listening on DLPI/bge0/00:14:4f:a9:83:50/cluster
Sending on DLPI/bge0/00:14:4f:a9:83:50/cluster
Sending on Socket/fallback/fallback-net
27ksh# ps -aef |grep dhcp
root 3566 3497 0 15:18:11 pts/3 0:00 /usr/local/sbin/dhcpd -d -cf /etc/dhcpd.conf -lf /var/dhcpd/dhcpd.leases
root@KHXDNSS1:/root
嗯,看來這次跑起ok了~
不過,在 Solaris 10 上已經用 SMF服務命令行管理工具來進行系統服務管理了,但,現在這新開張的 isc-dhcp 倒是還沒納入管理,雖說也可寫個 /etc/rc2.d/S97dhcpd 之類的給他自己跑,不過對管理上總是不合規矩,還是讓他也統一吧。
簡單的說就是先寫一個 isc-dhcp 專用的 xml 檔,這裡我們就 vi 一個 isc-dhcp.xml 如下:28ksh# vi /var/svc/manifest/network/isc-dhcp.xml
接著我們 vi 一個 service 執行用的簡單 shell script 叫做 /usr/sbin/startdhcp.sh,這個在剛剛的 xml 裡面有定義到:30ksh# cat /usr/sbin/startdhcp.sh
#!/sbin/sh -x
if [ ! -f /usr/local/sbin/dhcpd ]
then
echo "/usr/local/sbin/dhcpd does not exist"
exit 1
fi
/usr/local/sbin/dhcpd -d -cf /etc/dhcpd.conf -lf /var/dhcpd/dhcpd.leases&
這裡做完之後記得最後一個步驟就是:32ksh# svccfg import /var/svc/manifest/network/isc-dhcp.xml
這樣就可以用 svcs -a 去查詢服務的狀態,用 svcadm 去啟動或是停止 isc-dhcp 的服務了:33ksh# svcs -a|grep dhcp
disabled 16:34:28 svc:/network/dhcp-server:default
disabled 18:07:07 svc:/network/isc-dhcp:default
23ksh# svcadm enable isc-dhcp
root@KHXDNSS1:/root
24ksh# svcs -a|grep dhcp
disabled 16:34:28 svc:/network/dhcp-server:default
offline 18:10:23 svc:/network/isc-dhcp:default
root@KHXDNSS1:/root
看起來仍有些問題,那就用 -x 或 -v 的選項來看看問題出在哪吧:37ksh# svcs -x isc-dhcp
svc:/network/isc-dhcp:default (DHCP server)
State: offline since Wed Apr 01 18:10:23 2009
Reason: Service svc:/milestone/multi-user:default
is not running because a method failed.
See: http://sun.com/msg/SMF-8000-GE
See: in.dhcpd(1M)
Impact: 2 dependent services are not running. (Use -v for list.)
root@KHXDNSS1:/root
38ksh# svcs -xv isc-dhcp
svc:/network/isc-dhcp:default (DHCP server)
State: offline since Wed Apr 01 18:10:23 2009
Reason: Service svc:/milestone/multi-user:default
is not running because a method failed.
See: http://sun.com/msg/SMF-8000-GE
Path: svc:/network/isc-dhcp:default
svc:/milestone/multi-user:default
See: man -M /usr/share/man -s 1M in.dhcpd
Impact: 2 dependent services are not running:
svc:/milestone/multi-user-server:default
svc:/system/zones:default
root@KHXDNSS1:/root
看的出來是 svc:/milestone/multi-user:default 的影響,這裡用另一個選項 -d 來看看有沒有 dependent services:39ksh# svcs -v isc-dhcp
STATE NSTATE STIME CTID FMRI
offline - 18:10:23 - svc:/network/isc-dhcp:default
root@KHXDNSS1:/root
40ksh# svcs -d isc-dhcp
STATE STIME FMRI
maintenance 17:04:47 svc:/milestone/multi-user:default
root@KHXDNSS1:/root
原來 svc:/milestone/multi-user:default 在 maintenance mode 啊,那就先把他給重啟好了:41ksh# svcadm disable svc:/milestone/multi-user:default
root@KHXDNSS1:/root
42ksh# svcs -d isc-dhcp
STATE STIME FMRI
disabled 18:19:43 svc:/milestone/multi-user:default
root@KHXDNSS1:/root
43ksh# svcadm enable svc:/milestone/multi-user:default
root@KHXDNSS1:/root
44ksh# svcs -d isc-dhcp
STATE STIME FMRI
online 18:19:55 svc:/milestone/multi-user:default
好了,svc:/milestone/multi-user:default 已經正常跑起來了,再查看一下 isc-dhcp 看看:45ksh# svcs -x isc-dhcp
svc:/network/isc-dhcp:default (DHCP server)
State: maintenance since Wed Apr 01 18:19:57 2009
Reason: Restarting too quickly.
See: http://sun.com/msg/SMF-8000-L5
See: in.dhcpd(1M)
See: /var/svc/log/network-isc-dhcp:default.log
Impact: This service is not running.
root@KHXDNSS1:/root
現在沒別的因素在影響了,也重啟一下isc-dhcp 吧:46ksh# ps -aef |grep dhcp
root@KHXDNSS1:/root
47ksh# svcs -a|grep isc-dhcp
maintenance 18:19:57 svc:/network/isc-dhcp:default
root@KHXDNSS1:/root
48ksh# svcadm disable isc-dhcp
root@KHXDNSS1:/root
49ksh# svcs -a|grep isc-dhcp
disabled 18:21:11 svc:/network/isc-dhcp:default
root@KHXDNSS1:/root
50ksh# svcadm enable isc-dhcp
root@KHXDNSS1:/root
51ksh# svcs -a|grep isc-dhcp
online 18:21:18 svc:/network/isc-dhcp:default
root@KHXDNSS1:/root
52ksh# ps -aef |grep dhcp
root 1101 1 0 18:21:19 ? 0:00 /usr/local/sbin/dhcpd -d -cf /etc/dhcpd.conf -lf /var/dhcpd/dhcpd.leases
root@KHXDNSS1:/root
53ksh# svcs -x isc-dhcp
svc:/network/isc-dhcp:default (DHCP server)
State: online since Wed Apr 01 18:21:18 2009
See: in.dhcpd(1M)
See: /var/svc/log/network-isc-dhcp:default.log
Impact: None.
root@KHXDNSS1:/root
54ksh# svcs -v isc-dhcp
STATE NSTATE STIME CTID FMRI
online - 18:21:18 106 svc:/network/isc-dhcp:default
root@KHXDNSS1:/root
55ksh# svcs -xv isc-dhcp
svc:/network/isc-dhcp:default (DHCP server)
State: online since Wed Apr 01 18:21:18 2009
See: man -M /usr/share/man -s 1M in.dhcpd
See: /var/svc/log/network-isc-dhcp:default.log
Impact: None.
root@KHXDNSS1:/root
56ksh# svcs -d isc-dhcp
STATE STIME FMRI
online 18:19:55 svc:/milestone/multi-user:default
root@KHXDNSS1:/root
現在一切都正常了,做個測試看看能不能正常派發 IP 吧:57ksh# tail -f /var/svc/log/network-isc-dhcp:default.log
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
WARNING: Host declarations are global. They are not limited to the scope you declared them in.
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
[ Apr 1 18:21:18 Method "start" exited with status 0 ]
Listening on DLPI/bge0/00:14:4f:a9:83:50/cluster
Sending on DLPI/bge0/00:14:4f:a9:83:50/cluster
Sending on Socket/fallback/fallback-net
DHCPDISCOVER from 00:11:3f:c1:5a:ac via 10.71.252.254
DHCPOFFER on 10.71.252.13 to 00:11:3f:c1:5a:ac via 10.71.252.254
DHCPREQUEST for 10.71.252.13 (10.17.25.22) from 00:11:3f:c1:5a:ac via 10.71.252.254
DHCPACK on 10.71.252.13 to 00:11:3f:c1:5a:ac via 10.71.252.254
DHCPDISCOVER from 00:11:3f:c1:5a:ae via 10.71.252.254
DHCPOFFER on 10.71.252.14 to 00:11:3f:c1:5a:ae via 10.71.252.254
DHCPREQUEST for 10.71.252.14 (10.17.25.22) from 00:11:3f:c1:5a:ae via 10.71.252.254
DHCPACK on 10.71.252.14 to 00:11:3f:c1:5a:ae via 10.71.252.254
^C
root@KHXDNSS1:/root
OK,看來都沒問題了,搞定收工~
(詳全文...)
10:27:00 下午
By 洋蔥爸比 Tosian Yang
今天檢查機器時發現 /var/log/messages 裡面有一大堆 ntpd 的 "Invalid argument" 訊息,才想到前兩天把這兩台機器的 IP address 變更網段後,只有重啟 network 的 service,忘了把 ntpd 也重啟,幾天沒連線倒是在 log 檔多了一大票的錯誤訊息,以前這種訊息多半是在 ADSL 撥接 Dynamic IP 的 interface 上發生,因為有時撥接斷線後重新撥接,然後這個 interface 上的 IP address 通常就變動了,然後這個錯誤訊息就會發生囉,最簡單的解決方法就是把 ntpd 重啟一下吧~
首先看一下,這就是一直重複出現的訊息:[root@KHCBKPS01 ~]# tail -3 /var/log/messages
Mar 18 10:18:47 KHCBKPS01 ntpd[5137]: sendto(10.15.25.13) (fd=21): Invalid argument
Mar 18 10:35:53 KHCBKPS01 ntpd[5137]: sendto(10.15.25.13) (fd=21): Invalid argument
Mar 18 10:52:58 KHCBKPS01 ntpd[5137]: sendto(10.15.25.13) (fd=21): Invalid argument
OK,現在將 ntpd 重啟吧:[root@KHCBKPS01 ~]# service ntpd restart
Shutting down ntpd: [ OK ]
ntpd: Synchronizing with time server: [ OK ]
Starting ntpd: [ OK ]
在 restart ntpd 時順便看一下 log 檔:[root@KHCBKPS01 ~]# tail -f /var/log/messages
Mar 18 11:02:35 KHCBKPS01 ntpd[5137]: ntpd exiting on signal 15
Mar 18 11:02:35 KHCBKPS01 ntpdate[9708]: step time server 10.15.25.13 offset 0.039707 sec
Mar 18 11:02:35 KHCBKPS01 ntpd[9710]: ntpd 4.2.2p1@1.1570-o Thu Jan 17 18:14:09 UTC 2008 (1)
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: precision = 1.000 usec
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: Listening on interface wildcard, 0.0.0.0#123 Disabled
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: Listening on interface wildcard, ::#123 Disabled
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: Listening on interface lo, ::1#123 Enabled
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: Listening on interface eth1, xxxx::xxx:xxxx:xxxx:xxxx#123 Enabled
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: Listening on interface lo, 127.0.0.1#123 Enabled
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: Listening on interface eth1, aaa.bb.ccc.dd#123 Enabled
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: kernel time sync status 0040
Mar 18 11:02:35 KHCBKPS01 ntpd[9711]: frequency initialized 52.117 PPM from /var/lib/ntp/drift
Mar 18 11:05:48 KHCBKPS01 ntpd[9711]: synchronized to 10.15.25.13, stratum 5
Mar 18 11:05:48 KHCBKPS01 ntpd[9711]: kernel time sync disabled 0001
觀察一段時間,已經和 NTP server 同步了,發現 /var/log/messages 檔也不再出現 "Invalid argument" 訊息囉,既然講到 NTP,那就順便把跟 NTP 相關幾個有用的指令也列一下好了:
[root@KHCBKPS01 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
=========================================
*KHCDNSS01 LOCAL(0) 5 u 25 64 17 0.212 -0.532 0.347
[root@KHCBKPS01 ~]# ntpq
ntpq> association
ind assID status conf reach auth condition last_event cnt
=========================================
1 38739 9624 yes yes none sys.peer reachable 2
ntpq> quit
[root@KHCBKPS01 ~]# ntpstat
synchronised to NTP server (10.15.25.13) at stratum 6
time correct to within 951 ms
polling server every 64 s
[root@KHCBKPS01 ~]# ntpdc -c kerninfo
pll offset: -0.00049 s
pll frequency: 52.583 ppm
maximum error: 0.013646 s
estimated error: 0.000188 s
status: 0001 pll
pll time constant: 2
precision: 1e-06 s
frequency tolerance: 512 ppm
[root@KHCBKPS01 ~]# ntpdc -c sysinfo
system peer: KHCDNSS01
system peer mode: client
leap indicator: 00
stratum: 6
precision: -20
root distance: 0.00017 s
root dispersion: 0.20419 s
reference ID: [10.15.25.13]
reference time: cd6b4bfa.65ce0142 Wed, Mar 18 2009 18:31:22.397
system flags: auth monitor ntp kernel stats
jitter: 0.000214 s
stability: 0.000 ppm
broadcastdelay: 0.003998 s
authdelay: 0.000000 s
(詳全文...)
11:44:00 下午
By 洋蔥爸比 Tosian Yang
在之前的文章中我們用 X-Manager 示範過怎麼去連上 Linux 機器的 XDMCP session (請參考:
以 X-Manager 來連 Linux 的圖形介面) ,不過當時的 OS 為 RHEL 4 ES,這次的幾台機器改成 RHEL 5 之後,可不能直接照著同樣的步驟改了,因為那樣是不 work 的啦....
其實在 RHEL 5 上只要修改一個檔案就可以達到這個目的,修改 /etc/gdm/custom.conf 文件,在
[xdmcp] 這行下加入了 Enable=1 或者 Enable=true,如果在這時存檔離開,並重新開機的話,其實已經可以用 X-Manager 來連線了,但卻只能用 SSH 的方式,而用 XDMCP session 則會出現不允許 remote system administrator login 的訊息,這不是我們要的結果,所以在剛剛的 /etc/gdm/custom.conf 文件中,我們這次修改三個段落:
[daemon]
RemoteGreeter=/usr/libexec/gdmgreeter
[security]
AllowRemoteRoot=true
[xdmcp]
Enable=true
[gui]
[greeter]
[chooser]
[debug]
一樣,修改完後存檔離開並重新開機,然後我們再試一次看看,前面如何建立一個 XDMCP session 的步驟請先參考上一篇 以 X-Manager 來連 Linux 的圖形介面,這次有正常看到如本機般的登入畫面了吧:
其實,剛剛修改 /etc/gdm/custom.conf 的選項中的第一行 [daemon] 部分也可以透過修改下面圖片所示的地方來達成:
1. 首先到 System > Administration > Login Screen:
2. 接著到 Remote tab 的 Style 中下拉式選單選擇 "Same as Local":
3. 接著移到 Security tab 的 Security 選項將 "Allow remote system administrator login" 勾選起來吧(這裡便是剛剛修改 /etc/gdm/custom.conf 的 [security] 部分):
4. 然後就是重新開機之後便可用 X-Manager 以 XDMCP session 連進去囉...搞定,收工~
(詳全文...)
10:27:00 下午
By 洋蔥爸比 Tosian Yang
最近裝的幾台機器都是 RHEL5 的,而 RHEL5 跟之前用的 RHEL4 在架設 DNS Server 的時候,差異還真是不小啊,預設的 Zone files 和 Configuration file 呢?阿怎麼都找不到啊?該不是還要我自己一個檔一個檔的產生吧?當然不會啦,原來是一般安裝沒有裝到 system-config-bind, bind 及 bind-chroot 套件罷了,好吧,那就一步一步來吧~
步驟1. 先安裝一下相關的套件囉:
1-1. 安裝 system-config-bind 套件來產生 named.conf 範例檔:
[root@KHCDNSS02 ~]# yum install system-config-bind
1-2. 安裝 bind 及 bind-chroot 套件
[root@KHCDNSS02 ~]# yum groupinstall "DNS Name Server"
步驟2. 再來就是複製相關的檔案到 Bind Chroot 目錄 /var/named/chroot/ 下:
2-1. 先複製 named.conf 範例檔:[root@KHCDNSS02 ~]# cp -p /usr/share/system-config-bind/profiles/default/named.conf /var/named/chroot/etc/
2-2. 複製相關 zone files 範例檔至 bind chroot 目錄下:[root@KHCDNSS02 ~]# cp -p /usr/share/system-config-bind/profiles/default/named/* /var/named/chroot/var/named/
2-3. 複製 bind root 檔至 bind chroot 目錄下:[root@KHCDNSS02 ~]# cp -p /usr/share/doc/bind-9.3.3/sample/var/named/named.root /var/named/chroot/var/named/
2-4. 把 owner 更改為 named:[root@KHCDNSS02 ~]# chown -R named /var/named/chroot
2-5. 最後再把 named.conf 建立連結到 /etc 下:[root@KHCDNSS02 ~]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
步驟3. 再來就是開始編輯 named.conf 檔的內容了:[root@KHCDNSS02 ~]#vi /var/named/chroot/etc/named.conf
步驟4. 最後是新增需要用的網域正反解的 zone files 囉~
當然,如果也可以用圖形化的介面來配置 DNS 啦,點擊面版上的 System > Administration > Server Settings > Domain Name System 如下圖所示:
進去之後便可以看到圖形化的配置畫面囉,剩下的就是慢慢設定了:
註解一下:為了不要每次切換到 zone files 所在的區域時都要敲一大串字,所以決定偷懶設定個 alias 如下:1. 編輯一下 ~/.bashrc 檔:[root@KHCDNSS02 chroot]# vi ~/.bashrc
2. 加入下面這一行:alias cdn='cd /var/named/chroot/var/named/; echo -n "Current PATH : ";pwd'
3. 登出再登入一次,測試一下 cdn 這個指令:[root@KHCDNSS02 chroot]# cdn
Current PATH : /var/named/chroot/var/named
[root@KHCDNSS02 named]# ls -al
total 64
drwxr-x--- 4 named named 4096 Mar 4 22:20 .
drwxr-x--- 6 named named 4096 Feb 19 05:20 ..
drwxrwx--- 2 named named 4096 Aug 26 2004 data
-rw-r--r-- 1 named root 208 Mar 4 22:20 localdomain.zone
-rw-r--r-- 1 named root 195 Mar 4 22:20 localhost.zone
-rw-r--r-- 1 named root 427 Mar 4 22:20 named.broadcast
-rw-r--r-- 1 named root 1266 Mar 4 22:20 named.conf
-rw-r--r-- 1 named root 424 Mar 4 22:20 named.ip6.local
-rw-r--r-- 1 named root 426 Mar 4 22:20 named.local
-rw-r--r-- 1 named root 1892 Mar 4 22:13 named.root
-rw-r--r-- 1 named root 427 Mar 4 22:20 named.zero
drwxrwx--- 2 named named 4096 Jul 27 2004 slaves
[root@KHCDNSS02 named]#
這樣很方便吧~
(詳全文...)
10:56:00 下午
By 洋蔥爸比 Tosian Yang
今天在機房接到同事來電問說某台機器 root 的 password 是什麼?啥?沒人記得喔?啊ㄌㄟ,真是糟糕,猜一下常用的密碼,發現依然登入不了,這可怎麼辦ㄌㄟ?
其實當忘記了 Linux Server 上的 root 密碼時,可以用以下面的方法來修復:
基本上這個方法適用於 GRUB,而 LILO 很久沒用過了,如果有人記得可以幫忙留個意見吧...
1. 首先就是重啟你那已經忘記密碼的機器,等到開機後,先停留在 GRUB 開機選單的畫面,移動到 linux 開機的選項上,按 e 編輯,我裝 RH EL5,所以選單像下面這樣:GNU GRUB version 0.97C
Red Hat Enterprise Linux Server (2.6.18-92.el5) << 移到這裡按 e
Other
2. 等出下一頁選單,移動到 kernel 選項上,再按一次 e 編輯,像下面這樣:root (hd0,2)
kernel /vmlinuz-2... ro root=/dev/VolGroup00/LogVol00 rhgb quiet << 按 e
initrd /initrd-2.6.18-92.el5.img
3. 等跳出下面一頁選單時,在 quiet 的後面先空一格,再加上 single,然後按 enter:LogVol00 rhgb quiet single
4. 此時會回到上一頁的 GRUB 開機選單,按 b 即可 boot 到 single user mode 囉。
5. 進入單人模式後,用 passwd 的指令,即可更改 root 的密碼,然後重新開機就好囉,報告完畢~
(詳全文...)
11:16:00 下午
By 洋蔥爸比 Tosian Yang
今天在檢查兩台 AAA server 時才發現居然 / 已經到了 94% 了,SNMP server 上滿滿都是從這兩台機器上送來的 Alarm Traps;這可真是糟糕,趕快查一下到底是啥東西佔了這麼多硬碟空間...
[root@KHXAAAS2 ~]# df -h;
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 4.0G 3.6G 237M 94% /
/dev/sda1 1012M 40M 921M 5% /boot
none 4.0G 0 4.0G 0% /dev/shm
/dev/sda3 4.0G 41M 3.7G 2% /inactive_root
/dev/sda6 21G 78M 19G 1% /others
/NFSDB/radacct 537G 384M 509G 1% /opt/AAA-6.1.8-20081202/run/radacct
KHXDB:/DB/accounting 537G 384M 509G 1% /NFSDB/radacct
首先到 / 下面用 du -sh * 來查詢一下目前的 / 的使用狀態:[root@KHXAAAS2 ~]# cd /
[root@KHXAAAS2 /]# du -sh *
5.6M bin
6.4M boot
216K dev
44M etc
32K home
20K inactive_root
8.0K initrd
97M lib
16K lost+found
16K media
8.0K misc
8.0K mnt
247M NFSDB
1.3G opt
2.0M others
du: cannot read directory `proc/857/task': No such file or directory
du: cannot read directory `proc/857/fd': No such file or directory
916M proc
2.0M root
176K rpm
18M sbin
0 selinux
8.0K srv
0 sys
336K tmp
2.0G usr
1.5G var
很明顯的,/opt 跟 /var 佔了很大的空間,/opt 我安裝了幾個大的 AAA service 在裡面,先慢點處理,這個 /var 佔據了 1.5G 實在有點奇怪了,繼續往下查...[root@KHXAAAS2 /]# cd /var
[root@KHXAAAS2 var]# du -sh *
12K account
2.2M cache
16K crash
28K db
32K empty
16K ftp
300K gdm
41M lib
8.0K local
132K lock
42M log
4.0K mail
24K net-snmp
8.0K nis
8.0K opt
8.0K preserve
276K run
1.5G spool
8.0K tmp
8.0K tux
2.1M www
24K yp
看來 spool 的目錄下有問題,繼續...[root@KHXAAAS2 var]# cd spool/
[root@KHXAAAS2 spool]# ls -al
total 6404
drwxr-xr-x 13 root root 4096 Jun 12 2008 .
drwxr-xr-x 23 root root 4096 Jun 12 2008 ..
drwxr-xr-x 2 root root 4096 Jun 12 2008 anacron
drwx------ 3 daemon daemon 4096 Jun 12 2008 at
drwxrwx--- 2 smmsp smmsp 6443008 Dec 24 12:53 clientmqueue
drwx------ 2 root root 4096 Dec 24 11:49 cron
drwx--x--- 3 root sys 4096 Jun 12 2008 cups
drwxr-xr-x 2 root root 4096 Aug 13 2004 lpd
drwxrwxr-x 2 root mail 4096 Aug 13 2004 mail
drwx------ 2 root mail 4096 Jan 23 2007 mqueue
drwxr-xr-x 2 rpm rpm 4096 Aug 2 2007 repackage
drwxr-xr-x 2 root root 4096 Sep 5 2007 up2date
drwxrwxrwt 2 root root 4096 Oct 5 2004 vbox
[root@KHXAAAS2 spool]# du -sh *
32K anacron
20K at
1.5G clientmqueue
16K cron
16K cups
8.0K lpd
8.0K mail
8.0K mqueue
8.0K repackage
8.0K up2date
8.0K vbox
[root@KHXAAAS2 spool]# cd clientmqueue/
[root@KHXAAAS2 clientmqueue]# du -sh *
-bash: /usr/bin/du: Argument list too long
看起來,這個 /var/spool/clientmqueue 的目錄下的東西太多了,連 du 的指令都下不了,我們用 ls 來看一下好了...[root@KHXAAAS2 clientmqueue]# ls
dfm5C422X2007728 dfmA8CE2sU014445 dfmAQIX3He008540 dfmBF1O3tM024344 qfm9U9325M025071 qfmAHFp3o7008591 qfmB5MG2ik015455 dfm5D421x8008729 dfmA8CF2ex014725 dfmAQIY3JM008766 dfmBF1P2CK024575 qfm9U942p8025326 qfmAHFq22Z008848 qfmB5MH2dU015683 dfm5D4222i021334 dfmA8Cf2Oe022040 dfmAQIZ2lS008993 dfmBF1p2T6030541 qfm9U953gs025583 qfmAHFQ2RH002131 qfmB5Mh2Zw021688 dfm5DK23Jv003790 dfmA8CG2TR015000 dfmAQJ02LM014708 dfmBF1q22Z030769 qfm9U962PF025835 qfmAHFR22P002445 qfmB5Mi3jw021934 dfm5EK22jL009067 dfmA8Cg3uP022313 dfmAQJ13b6014942 dfmBF1Q2Tk024802 qfm9U972GP026084 qfmAHFr2PM009102 qfmB5MI3sc015914 dfm5OK314c006681 dfmA8Ch291022592 dfmAQJ23VT015171 dfmBF1r3jO030995 qfm9U983lb026334 qfmAHFs2XF009366 qfmB5MJ2hf016139 dfm5PK323O007690 dfmA8CH2so015312 dfmAQJ32Tu015402 dfmBF1R3xM025033 qfm9U992mX026621 qfmAHFS3sD002719 qfmB5Mj3Ia022161 dfm5QK32Ur008747 dfmA8Ci25T022861 dfmAQJ420C015631 dfmBF1s2LO031226 qfm9U9A20p026912 qfmAHFT2AP002970 qfmB5MK2P7016366 dfm5RK335g022157 dfmA8CI2UK015587 dfmAQJ52GN015858 dfmBF1S3st025260 qfm9U9a31w001040 qfmAHFt2ha009618 qfmB5Mk2SN022392 dfm5SK32xd023117 dfmA8Cj23T023137 dfmAQJ62Dm016089 dfmBF1T2Qt025491 qfm9U9B2aF027174 qfmAHFU2RT003229 qfmB5Ml2Ab022619 dfm5UK31gY007333 dfmA8CJ34Q015865 dfmAQJ72B4016316 dfmBF1t2RL031453 qfm9U9b2dR001296 qfmAHFu3dG009875 qfmB5ML2kM016594 dfm61K328o008143 dfmA8Ck20E023413 dfmAQJ82fO016547 dfmBF1U250025718 qfm9U9c22o001541 qfmAHFv30Z010126 qfmB5Mm2Gk022851 dfm62K32BT010023 dfmA8CK3r4016134 dfmAQJ93WG016775 dfmBF1u39e031684 qfm9U9C29A027419 qfmAHFV3pd003482 qfmB5MM2ZI016827 dfm63K32ia011151 dfmA8CL2dQ016417 dfmAQJa2On023080 dfmBF1v2Gh031911 qfm9U9d2Wa001793 qfmAHFW2J4003739 qfmB5Mn2fg023079 dfm64K32E5011955 dfmA8Cl3SM023691 dfmAQJA3DY017002 dfmBF1V2s6025962 qfm9U9D3p9027670 qfmAHFw2XB010386 qfmB5MN3Wi017052 dfm65K31uZ012771 dfmA8CM27o016689 dfmAQJB2YJ017245 dfmBF1w2pd032138 qfm9U9E2uC027923 qfmAHFX2Ep003993 qfmB5Mo3oH023305 dfm67K31mg029851 dfmA8Cm39g023966 dfmAQJb3pV023307 dfmBF1W2tF026190 qfm9U9e2Xh002049 qfmAHFx2kM010637 qfmB5MO3oS017280 dfm68K310Y030656 dfmA8CN2BY016971 dfmAQJC2qs017472 dfmBF1X3iF026417 qfm9U9F2kZ028177 qfmAHFY2Zm004250 qfmB5MP2jh017506 ^C
看起來真的是太多了,只好先用 Ctrl+C 中斷一下,不過幸好這些檔案產生的原因都是由於有某個用戶 (通常是 root 啦)新增了某個 cron job,而 cron job 裡面程序有輸出內容,這些內容會以 mail 的方式發給剛剛建立 cron job 的用戶,假如這時 sendmail 沒有啟動便會產生這些 queue 檔,基本上並不是什麼重要的檔案,一句話,殺無赦就對了~
不過由於這個目錄下的檔案太多,用 rm 的指令通常會得到像剛剛 du 所看到的錯誤訊息:-bash: /bin/rm: Argument list too long
看來直接用 rm 是殺不掉了,沒關係,那就用下面的指令吧:[root@KHXAAAS2 clientmqueue]# pwd
/var/spool/clientmqueue
[root@KHXAAAS2 clientmqueue]# ls | xargs rm -f
[root@KHXAAAS2 clientmqueue]# ls -al
total 6316
drwxrwx--- 2 smmsp smmsp 6443008 Dec 24 13:18 .
drwxr-xr-x 13 root root 4096 Jun 12 2008 ..
看吧,用了 ls | xargs rm -f 果然輕鬆的就殺掉這一堆的檔案囉,在檢查一下硬碟的使用狀況:[root@KHXAAAS2 clientmqueue]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 4.0G 2.9G 956M 76% /
/dev/sda1 1012M 40M 921M 5% /boot
none 4.0G 0 4.0G 0% /dev/shm
/dev/sda3 4.0G 41M 3.7G 2% /inactive_root
/dev/sda6 21G 78M 19G 1% /others
/NFSDB/radacct 537G 384M 509G 1% /opt/AAA-6.1.8-20081202/run/radacct
KHXDB:/DB/accounting 537G 384M 509G 1% /NFSDB/radacct
[root@KHXAAAS2 clientmqueue]#
看吧,果然清空之後,使用空間多了很多...不過這只是治標,不是治本,重點是要記得去把那個兇手,也就是那個 cron job 的最後加上一段 > /dev/null 2>&1,例如:[root@KHXAAAS2 ~]# crontab -l
* * * * * /etc/init.d/snmp_cron.sh > /dev/null 2>&1
這樣就可以避免問題再次重複發生囉...OK,報告完畢~
(詳全文...)
8:58:00 下午
By 洋蔥爸比 Tosian Yang
今天在客戶這邊上完課要回飯店時,一抬頭突然發現夜空中的月亮似乎有些不一樣,怎麼好像一張笑臉似的,感覺月亮上方的兩顆星星超亮的說,趕緊叫住 Jason 與小廖,拿出手機來拍,不過拍出的效果實在@#$%....
於是乾脆到車上拿車相機來拍,回到飯店將照片寄給洋蔥媽咪看,才發現原來大家都看到了啊,上網查詢了一下,原來今天是初四的眉月,月亮如上揚的嘴角,加上月亮上方的那兩顆星星是金星與木星呢,難怪我覺得怎麼今天的星星這麼亮...據說,這種天文景象,下次要到 2036 年才會再出現呢,雖然和洋蔥媽咪及小洋蔥分處在高雄與台北,但我們仍能一起看到同樣的星空,我想,應該也是一種幸福吧~
(詳全文...)
6:09:00 下午
By 洋蔥爸比 Tosian Yang
同事突然問說 WindowsXP 上怎麼沒有 NetMeeting ㄌㄟ?要怎麼把他叫出來啊?
呵呵,其實,WindowsXP 上面還是有附 NetMeeting 的,只是沒有捷徑罷了,他的路徑就在 C:\Program Files\NetMeeting\conf.exe 啦,直接執行或拉個捷徑出來就行了,當然也可以用下面的方式叫出來:
1. 由左下角的[開始]功能表,選 [執行]:
2. 敲入conf,按下碓定執行:
3. NetMeeting 打開囉...
不過我順便在另一台 Windows Vista 上試了一下,發現原來 Vista 上已經將 NetMeeting 拿掉,改成 Windows 會議室了;以下是 Microsoft 官方網站上的說明:Microsoft Windows XP 是 Windows 的最後一個用戶端版本,其中包含 NetMeeting。 NetMeeting 並未隨附 Windows Vista。
為了在這種情況下支援目前的共同作業工作階段,Hotfix 是可用可讓您在 Windows Vista 架構的電腦上安裝 NetMeeting。此 NetMeeting 版本被作為轉換工具,可以協助支援共同作業工作階段當您在您的環境中使用 Windows XP 電腦搭配 Windows Vista 架構的電腦。
參考資料:
Microsoft 技術支援服務:Hotfix 是可以在執行 Windows Vista 的電腦上安裝 NetMeeting 3.02
(詳全文...)
8:17:00 下午
By 洋蔥爸比 Tosian Yang
之前我們講到用 snmpd 裡面的 proc + 服務名稱來監視特定的服務狀態,但這只對部分的服務有效,例如 ntpd, snmpd, nfsd, httpd...等等,我不太確定他的抓取方式,但似乎,用 ps 去看如果 process name 沒出現在最前面的,似乎 snmpd 就 monitor 不到,這種狀況像 Tomcat 就會出現。舉例來說,我有個服務是用到 java 去帶起來的,如下面所示:
[root@KHXAAAS1 ~]# ps -aef|grep AAA|grep -v AAA
root 19475 1 0 09:13 ? 00:00:11 java -Xmx512m -Daaa.base=/opt/AAA -Daaa.run=/opt/AAA/run -Daaa.bin=/opt/AAA/bin -Daaa.lib=/opt/AAA/lib -Daaa.jni=/opt/AAA/jni com.lucent.aaa.gui.ServerManagementTool -debug info
root 21631 1 0 Sep12 ? 00:01:39 java -Daaa.base=/opt/AAA -Daaa.run=/opt/AAA/run -Daaa.bin=/opt/AAA/bin -Daaa.lib=/opt/AAA/lib -Daaa.jni=/opt/AAA/jni com.lucent.aaa.ConfigServer
root 26302 1 0 09:41 pts/0 00:00:08 java -Xmx512m -server -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Dsun.rmi.dgc.server.gcInterval=0x7FFFFFFFFFFFFFFE -Dsun.rmi.dgc.client.gcInterval=0x7FFFFFFFFFFFFFFE -Daaa.base=/opt/AAA -Daaa.run=/opt/AAA/run -Daaa.bin=/opt/AAA/bin -Daaa.lib=/opt/AAA/lib -Daaa.jni=/opt/AAA/jni com.lucent.aaa.PolicyServer -debug debug
但用 snmpd 去監控 proc AAA 的話,一定看不到東西,(雖然可以用 proc Java 的方式來 monitor,但畢竟用 Java 帶起來的服務越來越多,這樣並不容易區分,容易造成誤判。)這個時候就可以用一個變通的方式來 monitor 我們要的服務狀態,那就是 exec 這個 snmpd.conf 裡的 option,他的用法是:Usage:
exec MIBOID EXEC-COMMAND
我們直接實作一下好了。
首先假設我們有一個如前面說的服務用 proc AAA 方式加到 /etc/snmp/snmpd.conf 裡面卻無法正常 monitor 到服務的狀態時,而且假設,我們有一個簡單的判斷服務正常啟動的方法時(通常是像我們這裡示範的這種,灌了一個某某廠商的軟體時,想改變他的啟動方式或參數又無從改起時),如下所示,今天的實作目標有兩台 AAA server,上面有兩個主要的 process 要檢查狀態,
其中一個是 Policy server 另一個是 Configuration server,為了待會兒的測試,我先將其中第一台 KHXAAAS1 的 Policy server 先停掉,第二台 KHXAAAS2 的服務全部都讓他正常帶起來:[root@KHXAAAS1 ~]# /opt/AAA/bin/aaa list all
The server could not be reached: Connection refused
8950 AAA Policy Server: not responding
101 Server active
8950 AAA Configuration Server: responding
[root@KHXAAAS2 ~]# /opt/AAA/bin/aaa list all
101 Server active
8950 AAA Policy Server: responding
101 Server active
8950 AAA Configuration Server: responding
說簡單點,/etc/snmpd/snmpd.conf 裡的 exec 這個 option 其實就是宣告一個 OID,然後當 SNMP server query 到這個 OID 時,就去執行指定的 shell scrpit 然後將直塞回剛剛指定的 OID.101.x 裡面去。接下來我們直接做一個簡單示範:
首先我們先 vi /etc/snmp/snmpd.conf(或用下面的 echo 指令也行)在裡面新加上一行如下的格式:[root@KHXAAAS1 ~]# echo "exec .1.3.6.1.4.1.2021.51 ApplicationStatusQury /bin/sh /bin/ASQ.sh" >> /etc/snmp/snmpd.conf
檢查一下確實寫進去了:[root@KHXAAAS1 ~]# grep ApplicationStatusQury /etc/snmp/snmpd.conf
exec .1.3.6.1.4.1.2021.51 ApplicationStatusQury /bin/sh /bin/ASQ.sh
接著我們編輯一個簡單的 shell script 叫 /bin/ASQ-AAA.sh 用來檢查 Policy server 和 Configuration server 的狀態,寫到 /opt/.ASQ-AAA-Policy.prState 與 /opt/.ASQ-AAA-Config.prState 裡面(這裡我先定義一下,如果這個file裡面的值是 responding 代表 服務正常,如果是 not responding 的話,代表服務掛點了,當然也可以用 wc -l 去讓這個 fiie 帶的值為 0 或 1 ):[root@KHXAAAS1 ~]# cat /bin/ASQ-AAA.sh
#!/bin/sh
/opt/AAA/bin/aaa list policy > /opt/.ASQ-AAA-Policy.prState1
cat /opt/.ASQ-AAA-Policy.prState1|cut -d ":" -f2 > /opt/.ASQ-AAA-Policy.prState2
#grep 'not responding' /opt/.ASQ-AAA-Policy.prState1|wc -l > /opt/.ASQ-AAA-Policy.prState2
/opt/AAA/bin/aaa list config > /opt/.ASQ-AAA-Config.prState1
cat /opt/.ASQ-AAA-Config.prState1|cut -d ":" -f2 > /opt/.ASQ-AAA-Config.prState2
#grep 'not responding' /opt/.ASQ-AAA-Config.prState1|wc -l > /opt/.ASQ-AAA-Config.prState2
exit
然後我們再寫個 /bin/ASQ-AAA.sh 用來檢查 /opt/.ASQ-AAA-Policy.prState2 與 /opt/.ASQ-AAA-Config.prState2 裡面的值,分別寫進 1.3.6.1.4.1.2021.51.101.1 與 1.3.6.1.4.1.2021.51.101.2 這兩個 OID 去,如果你在剛剛的 schipt 裡面有 3 個 output,那就會還有 1.3.6.1.4.1.2021.51.101.3 這個 OID,依此類推...[root@KHXAAAS1 ~]# cat /bin/ASQ.sh
#!/bin/sh
echo `cat /opt/.ASQ-AAA-Policy.prState2`
echo `cat /opt/.ASQ-AAA-Config.prState2`
exit
接著用 crontab -e 把他加進 cron job 去吧,這裡我們讓他每兩分鐘執行一次 Application Status Qury 的 script,可自行更改。[root@KHXAAAS1 ~]# crontab -l
*/2 * * * * /bin/PSQ-AAA.sh
剛剛改完 /etc/snmp/snmpd.conf 之後我們還沒重起 snmpd 的服務,所以現在去查詢 .1.3.6.1.4.1.2021.51 這個 OID 應該會得倒下面的回應:[root@KHXAAAS1 ~]# snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.2021.51
UCD-SNMP-MIB::ucdavis.51 = No Such Object available on this agent at this OID
再來要開始驗證了,先確定一下兩台 AAA server 上的服務是把第一台的 Policy server 停下來的狀態,第二台則是保持 service 正常:[root@KHXAAAS1 ~]# /opt/AAA/bin/aaa list all
The server could not be reached: Connection refused
8950 AAA Policy Server: not responding
101 Server active
8950 AAA Configuration Server: responding
[root@KHXAAAS2 ~]# /opt/AAA/bin/aaa list all
101 Server active
8950 AAA Policy Server: responding
101 Server active
8950 AAA Configuration Server: responding
接下來先重啟一下 snmpd service 來讓剛剛我們改的部分生效:[root@KHXAAAS1 ~]# service snmpd restart
Stopping snmpd: [ OK ]
Starting snmpd: [ OK ]
好啦,現在可以查詢看看囉,先在本機上查詢一下(當然你也可以從你的 SNMP server 端來查詢) 我們剛剛新定義的 OID:[root@KHXAAAS1 ~]# snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.2021.51
UCD-SNMP-MIB::ucdavis.51.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.51.2.1 = STRING: "ApplicationStatusQury"
UCD-SNMP-MIB::ucdavis.51.3.1 = STRING: "/bin/sh /bin/ASQ.sh"
UCD-SNMP-MIB::ucdavis.51.100.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.51.101.1 = STRING: "not responding"
UCD-SNMP-MIB::ucdavis.51.101.2 = STRING: "responding"
UCD-SNMP-MIB::ucdavis.51.102.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.51.103.1 = ""
如果是用 wc -l 去 count 的話那應該會像下面這樣:UCD-SNMP-MIB::ucdavis.51.101.1 = STRING: "1"
UCD-SNMP-MIB::ucdavis.51.101.2 = STRING: "0"
當然在這裡我們需要的是 .1.3.6.1.4.1.2021.51.101.1 and .1.3.6.1.4.1.2021.51.101.2 這兩個 OID,對應到 Policy server 和 Configuration server 的服務狀態。所以由 SNMP server 端就可以直接設定一個 Passive Monitor 來 Polling 這兩個 OID 的值。[root@KHXEMSS1 ~]# snmpwalk -v 2c -c public khxaaas1 .1.3.6.1.4.1.2021.51.101.1
UCD-SNMP-MIB::ucdavis.51.101.1 = STRING: "not responding"
[root@KHXEMSS1 ~]# snmpwalk -v 2c -c public khxaaas1 .1.3.6.1.4.1.2021.51.101.2
UCD-SNMP-MIB::ucdavis.51.101.2 = STRING: "responding"
[root@KHXEMSS1 ~]# snmpwalk -v 2c -c public khxaaas2 .1.3.6.1.4.1.2021.51.101.1
UCD-SNMP-MIB::ucdavis.51.101.1 = STRING: "responding"
[root@KHXEMSS1 ~]# snmpwalk -v 2c -c public khxaaas2 .1.3.6.1.4.1.2021.51.101.2
UCD-SNMP-MIB::ucdavis.51.101.2 = STRING: "responding"
所以上面就代表第一台 KHXAAAS1 的 Policy server 有問題。OK...報告完畢。
(詳全文...)
(詳全文...)
