I needed to know what version of python I was running, so I immediately tried:
python -v
No dice.
What does get me the version:
python
import sys
print sys.version
And then I noticed that as soon as I get into Python the version is displayed. Palmface.
Here is my hardware:
3x R610 Servers with 4x onboard broadcom gigabit interfaces and 4x riser intel gigabit interfaces
2x Dell 6224 iSCSI managed L3 switches with 20Gbps stacking cables (iSCSI and Backup)
1x Dell Equalogics SAN (24X 2.5″ 600GB SAS) P4100X
1x Cisco 3560X switches (LAN)
And my situation:
I needed to get the 3 R610 servers to communicate to the SAN LUN(s), a backup network, and the user LAN via the above equipment list. And it needed to be fairly quick – iSCSI over ethernet with bonded gigabit connections quick.
My configuration per proxmox server:
prox_lan_setup.txt
I made it a text document as that’s a lot easier to see.
Unfortunately I learned that Equallogics SAN will not use Bonded connections – they want MPIO. My configuration now has MPIO for iSCSI and LACP (802.3ad) for the LAN.
Just purchased a new R610 for running Proxmox 2.0RC1, but I needed a way to get OpenManage on there.
I followed a sara.nl link page to get an old version of OMSA installed. It worked great minus the small problem of not having a storage controller available. Apparently the new PERC6i controller requires OMSA 6.3 or higher. Well, I may as well go with 6.5. Fortunately for me, Dell finally released both Ubuntu 10.04 and Debian 6 binaries AND install instructions. I had to alter them a little bit for my prox environment, so here goes:
aptitude update
aptitude full-upgrade
reboot
echo 'deb http://linux.dell.com/repo/community/deb/latest /' | tee -a /etc/apt/sources.list.d/linux.dell.com.sources.list
gpg --keyserver pool.sks-keyservers.net --recv-key E74433E25E3D7775
gpg -a --export E74433E25E3D7775 | apt-key add -
apt-get update --allow-unauthenticated
apt-get install srvadmin-all
service dataeng start
service dsm_om_connsvc start
To get this to auto start on reboot: update-rc.d dsm_om_connsvc defaults
https://ipofserver:1311
Login as root and your root password.
If you receive an error with apt-get update –allow-unauthenticated, all I did was cat /etc/apt/sources.list.d/linux.dell.com.sources.list and then re-run the command.
See the previous post for more details on the PCI audit. The Exchange server failed due to accepting SSL v2 certificates. V2 can lead to malformed requests and crap out the system. Unfortunately the audit doesn’t see the IPS/IDS that would block these attacks, or the SPAM filter with 443 forwarding that would also thwart such malformed requests. But I digress.
This *should* work with 2003 and 2008, but I’ve only tested on 2003. The system requires a reboot to verify changes.
Fire up regedit
Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
Under the registry group “Sever”, create a DWORD value named “Enabled” and verify that the value is set to 0x0.
Found this from Joson Zhou.
I was in the midst of my first ever PCI audit – the company I was doing work for wanted to start taking credit card orders over their website. I thought it would be easy – the website was a wrap-around of the credit card company’s authorization site, so no numbers ever touched the company-owned systems. Unfortunately the security firm required all external facing IP addresses to test. One of those IP addresses pointed to an Ubuntu 10.04.4LTS system that was running Owncloud software on apache (think DAV for multiple users via web interface).
So the PCI audit returns with a giant FAIL. Apache is out of date!
apache2 -v
2.2.14
This version came out in October of 2009.
So I edited the apt sources list to grab a newer file:
nano /etc/apt/sources.list
And added:
deb http://us.archive.ubuntu.com/ubuntu/ oneiric main
deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric main
apt-get update
apt-get install apache2
apache2 -v
2.2.20
This version came out in August of 2010
Run the PCI compliance test again – FAIL. Apparently they require 2.2.21 or higher. The only issues I could find with 2.2.20 deal with mods being enabled that they don’t use, or .htaccess permissions that they also don’t use. OK, so let’s go up another version.
nano /etc/apt/sources.list
Add:
deb http://us.archive.ubuntu.com/ubuntu/ precise main
deb-src http://us.archive.ubuntu.com/ubuntu/ precise main
apt-get update
apt-get install apache2
apache2 -v
2.2.22
This version came out in January of 2012
I verified the site was still working. Make sure you comment out the sources.list precise and oneiric otherwise you’ll have lots of update issues down the road.
Source generator:
http://repogen.simplylinux.ch/generate.php
I had just run some simple patching on a test webserver and had some issues with PHP. Ran a few more commands and the problem went away. Until I decided to patch a production server as well.
Basically the update included an apache update, which wrecked the php modules. How do I know this?
Running Ubuntu 10.04.03 LTS
apt-get update
apt-get dist-upgrade
Load website and it prompts to download/save the PHP file instead of displaying the PHP file. Great.
Check if the PHP5 module is activated:
a2enmod php5
apache2ctl restart
Only the restart yielded this:
apache2: Syntax error on line 204 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/php5.load: Cannot load /usr/lib/apache2/modules/libphp5.so into server: /usr/lib/apache2/modules/libphp5.so: cannot open shared object file: No such file or directory
So just install the module libraries for PHP5:
apt-get install libapache2-mod-php5
This should automatically restart apache, but just for good measure you can do it again to verify there are no more errors:
apache2ctl restart
Proxmox 1.9 – not fully updated (1.9 build 6542)
Had backups set to backup snapshots of machines every day starting at 2AM. They generally took about 3 hours and would finish by 5AM.
Little did I realize that I was no longer receiving the emails saying “backup successful”. Last one was 4 weeks ago. Whoops doesn’t even start to cover that.
Checking it out it looks like the backup stalled on one of the virtual machines.
ps auxww |grep vzdump
Then just kill any PID that looks like vzdump is running.
Re-run the command to backup either from the GUI or from the command line:
vzdump --quiet --snapshot --storage STORAGE --maxfiles 5 --mailto admin 101 102 103 etc