Wednesday, April 29, 2009

Install Netapp simulator on Virtualbox

Netapp simulator provides almost the full function of real Netapp filer, but the simulator can only run on Linux. So I installed the simulator on Centos 5.2 within Virtualbox. The installation went well, But I couldn’t ping Netapp from Centos, I almost gave it up after numerous attempt until I found out the Netapp’s “Parent OS” is not supposed to access Netapp by design, (VMWARE doesn’t has the restriction). So I have to access Netapp from my host OS(Windows XP).

Netapp supports two Virutalbox network type: Host network and internal network. After setup Netapp, don’t bother to ping Netapp from its “Parent OS”. Just try to access from your host OS(Host Network type) or another instance of Guest OS (internal network type, network name must be the same)

Tuesday, April 28, 2009

Add Unix user to Windows AD by Vbscript

Windows AD has become a popular choice for managing Unix accounts.Windows is known for its fantastic GUI, but it doesn’t mean it lacks scripting ability. This note shows how to add Unix user to Windows 2003 AD by vbscript.
NOTE: The unix attribute is msSFU30UidNumber ... in my Server, you can doublecheck your value by browsing ldap path:LDAP://CN=" & strUnixDomain  & ",CN=ypservers,CN=YPSERV30,CN=RpcServices,CN=System," &strDomain


#==Usage Example
D:\>cscript add-user.vbs John Smith
Created: John Smith Username=John.Smith Password=3a5RurD4

#==Script Content
'UPN format: firstname.lastname@yourdomain.com.au
'Create new user in  ou=Developers,dc=yourdomain,dc=com,dc=au
'Generate a random password and set it for the new user
'Set a free UnixUID based on msSFU30MaxUidNumber
'Set the pre-defined strUnixGid
'But no new Windows group membership assigned, it still belongs to domain users by default
'Author: http://honglus.blogspot.com 

' ------ SCRIPT CONFIGURATION ------

strUnixShell ="/bin/bash"
strUnixDomain="yourdomain"
strUnixGid="300"   

strDomain = "dc=yourdomain,dc=com,dc=au" 
strDomainUPN="@yourdomain.com.au"
strParentDN = "ou=Developers," & strDomain

' Taken from ADS_USER_FLAG_ENUM
Const ADS_UF_NORMAL_ACCOUNT = 512
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
' ------ END CONFIGURATION ---------


if  (WScript.Arguments.Count <> 2 ) then 
wscript.echo "*ERROR* Expected minimum input: 2,   Given:"&  WScript.Arguments.Count
wscript.echo "- USAGE: PROGRAM Firstname LastName"
wscript.echo "- EXAMPLE: PROGRAM John " &"""Enclose Space""" 
wscript.quit 
End if

strFirstName=WScript.Arguments.item(1)
strLastName=WScript.Arguments.item(2)
strLogin=WScript.Arguments.item(1) &"." & Script.Arguments.item(2)

strUnixuid=getMaxUid


strFullname = strFirstName & " " & strLastName
strUnixHome ="/home/"&strLogin
strUserpn = strLogin & strDomainUPN

set objParent = GetObject("LDAP://" & strParentDN)
Set objUser = objParent.Create("user", "cn=" & strFullname)
objUser.Put "sAMAccountName", strLogin
objUser.Put "UserPrincipalName", struserpn
objUser.Put "givenName", strFirstName
objUser.Put "sn", strLastName
objUser.Put "displayName", strFullName
objUser.Put "msSFU30NisDomain", strUnixDomain
objUser.Put "msSFU30UidNumber", strUnixUid
objUser.Put "msSFU30LoginShell", strUnixShell
objUser.Put "msSFU30HomeDirectory", strUnixHome
objUser.Put "msSFU30GidNumber", strUnixGid
objUser.SetInfo
strRndPass=RndPassword(8)
objUser.SetPassword(strRndPass)
objUser.AccountDisabled=FALSE
objUser.Put "userAccountControl", ADS_UF_DONT_EXPIRE_PASSWD
'   objUser.Put "userAccountControl", ADS_UF_NORMAL_ACCOUNT  
objUser.SetInfo
WScript.Echo "Created: " & strFirstName& " "  strLastName &" Username=" &strlogin & " Password="  & strrndPass
'objParent.close


'
' Generate random password 
'

Function RndPassword(vLength)

Randomize
' Always include a-z,A-Z,0-9
strPass3=strPass3& chr(Int((122 - 97 + 1) * Rnd + 97))   
strPass3=strPass3& chr(Int((90 - 65 + 1) * Rnd + 65))    
strPass3=strPass3& chr(Int((57 - 48 + 1) * Rnd + 48))   

'Skip the 3 char already created
For x=4 To vLength
Randomize

intIndex=Int((3 - 1 + 1) * Rnd + 1) '[1-3]

select case intIndex
case 1
strPass = chr(Int((122 - 97 + 1) * Rnd + 97))    '[A-Z]
case 2
strPass=chr(Int((90 - 65 + 1) * Rnd + 65))  '[a-z]
case 3
strPass=chr(Int((57 - 48 + 1) * Rnd + 48)) '[0-9]
case Else
strPass=chr(Int((57 - 48 + 1) * Rnd + 48)) '[0-9]
end select
RndPassword = RndPassword & strPass

Next
RndPassword = RndPassword &strPass3

End Function


function getMaxUid

strquery="LDAP://CN=" & strUnixDomain  & ",CN=ypservers,CN=YPSERV30,CN=RpcServices,CN=System," &strDomain
set ypdomain=getobject(StrQuery)
ypdomain.getinfo

uidmax=ypdomain.msSFU30MaxUidNumber

' wscript.echo "The current free Max UID=" &uidmax

getMaxUid=uidmax

'Increase Maxuid by 1

ypdomain.msSFU30MaxUidNumber=uidmax+1
ypdomain.setinfo

End function

Monday, April 27, 2009

Changing Linux user's password with script

It is time consuming to change user’s password for many hosts, The expect language can be used to change password without typing password,the chpasswd tool in Linux is easier to use. chpasswd is from pwdutils RPM, it should be available to all Linux distributions.

#== Create the script to change password.
$vi chpwd.sh

#!/bin/sh
echo "root:newpasswd" | /usr/sbin/chpasswd 



$chmod +rx chpwd.sh

#==Copy the script the remote-host and execute it
sudo is used because root ssh login is disabled, for unknown reason the temp file couldn't be deleted with sudo, so it is emptied instead

$scp -p chpwd.sh remote-host:/tmp/chpwd.sh
$ssh remote-host sudo '/tmp/chpwd.sh;cat /dev/null>/tmp/chpwd.sh;cat /tmp/chpwd.sh'



Zenoss monitor customized application via SNMP

Zenoss can monitor remote customized applications by various methods e.g SSH/NRPE/SNMP, this note demonstrates SNMP method
#==Summary
if your targent host doesn't support SSH/NRPE mentioned in last two posts, SNMP is a good option. Even your app doesn't have built-in SNMP OID, net-snmp allows you to map an OID to your app. The solution is not perfect, the drawback is that the alarm will be triggered whenever the app fails but the detailed error message given by the app is not available.
#== ENV
Zenoss 2.3.3 + Centos 5.2 + Net-snmp 5.3.1
#== Setup SNMP
Please make sure you have basic snmp working, refer to my post
Set up Net-snmp on CentOS
The OID definition to be used is: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
Its OID range is .1.3.6.1.4.1.2021.x, some values have been used, let's start with.1.3.6.1.4.1.2021.200
There are specifications about the OID, the ID of interest is 2021.ID.100.

2021.ID.1 : an integer index value. In scalers, this is always
of value 1. In tables it is a row index.
2021.ID.2 : a name of the script, process, etc. that this row represents.
2021.ID.100 : An error flag indicating if an error is present on
that row (a threshold value was crossed, etc).
2021.ID.101 : An error string describing why the error flag is non-0

#==== Create a test script

$vi /usr/local/bin/check_test.sh
#!/bin/sh
flag=1
if [ $flag -eq 0 ]; then
echo "SNMP check test -OK"
exit 0
else
echo "SNMP check test -FAILED"
exit 1
fi

$chmod +rx /usr/local/bin/check_test.sh
#==== Map a OID to the script
$vi /etc/snmp/snmp.conf
exec .1.3.6.1.4.1.2021.200 check_test /usr/local/bin/check_test.sh
#====exec the script by run query to the OID
$snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.200
UCD-SNMP-MIB::ucdavis.200.1.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.200.2.1 = STRING: "check_test"
UCD-SNMP-MIB::ucdavis.200.3.1 = STRING: "/usr/local/bin/check_test.sh"
UCD-SNMP-MIB::ucdavis.200.100.1 = INTEGER: 1
UCD-SNMP-MIB::ucdavis.200.101.1 = STRING: "SNMP check test -FAILED"
UCD-SNMP-MIB::ucdavis.200.102.1 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.200.103.1 = ""
#==Create template under Devices/Server to use the script
(You can create template under any scope e.g Devices/Server/linux)
Classes->Devices->Server(sub-Devices)Templates->Add Template (add template is hidden drop down menu brought up by clicking the small triangle button)

New data Source ( ID: userdefined TYPE: SNMP)
NAME:check_test_SNMP
Enabled:true
OID 1.3.6.1.4.1.2021.200.100.1
New data Point
name: check_test_SNMP
type: GAUGE
New Thresholds
name: check_test_SNMP
Datapoint: check_test_SNMP_check_test_SNMP
min value: 0
max value: 0
Event Class: /perf/snmp (can be anyting)
Severity: error
Enabled: true

#==Bind the template to your Device
Device List->yourdevice->Open->
Click the small triangle button->More->Template
Click the small triangle button->Bind Templates->add new template to selection (You can select multiple templates)


#== Test, you should be able to see the new datasource was picked up by Zenoss
$/opt/zenoss/zenoss/bin/zenperfsnmp run -d 10.248.248.22 -v10
..
DEBUG:zen.thresholds:Updating threshold ('check_test_SNMP', ('10.248.248.22', ''))
..

Thursday, April 9, 2009

Zenoss monitor customized application via NRPE


Zenoss doesn't have native NRPE plugin like OpenNMS, But Zenoss has the ability to run customized application though the ZenCommand process, ZenCommand can run any command locally and remotely by using a native SSH transport. When run, Zenoss tracks the return code( 0 =success, !0= fail)
Zenoss can monitor customized applications by various methods e.g SSH/NRPE/SNMP, this note demonstrates NRPE method


#==Install NRPE

Follow instructions here, until you can run remote command via NRPE
sudo -u nagios /usr/lib/nagios/plugins/check_nrpe -H remote-host -c check_test


#==Create template under Devices/Server to use the script
(You can create template under any scope e.g Devices/Server/linux)
Classes->Devices->Server(sub-Devices)Templates->Add Template (add template is hidden drop down menu brought up by clicking the small triangle button)
New data Source ( ID: userdefined–NRPE TYPE: command)

NAME:nrpe_check_test
Enabled:true
use ssh :false
Event Class:/cmd/fail
Severity:error
Command Template: /usr/lib/nagios/plugins/check_nrpe -H ${here/manageIp} -c check_test

#==Bind the template to your Device
Device List->yourdevice->Open->
Click the small triangle button->More->Template
Click the small triangle button->Bind Templates->add new template to selection (You can select multiple templates)
#==Test
/opt/zenoss/zenoss/bin/zencommand run -d 10.248.248.22 -v10
The output show you zencommand found the new script and executed it.
Back to GUI, the alarm should appear in event log of the device.

Wednesday, April 8, 2009

Zenoss monitor remote customized application via SSH


I have used 3 open source NMS apps, nagios,openNMS, Zenoss. Zenos is the best i have found so far. Nagios doesn’t support SNMP and no graphing ability. OpenNMS supports SNMP and graphing but it needs restart for new config to be effective.
Zenoss doesn’t have native NRPE plugin like OpenNMS, But Zenoss has the ability to run customized application though the ZenCommand process, ZenCommand can run any command locally and remotely by using a native SSH transport. When run, Zenoss tracks the return code( 0 =success, !0= fail)
Zenoss can monitor customized applications by various methods e.g SSH/NRPE/SNMP, this note demonstrates SSH method


#==On the remote host, create a test script
$vi /usr/local/bin/check_test.sh


flag=1
if [ $flag -eq 0 ]; then
echo "check test-OK"
exit 0
else
echo "check test-FAILED"
exit 1
fi

$chmod +rx /usr/local/bin/check_test.sh

#==On zenoss
#====Test ssh remote command manually with password authentication
ssh zenoss@remote-ip /usr/local/bin/check_test.sh


#====set ssh username/password on Zenoss

Classess--Devices--zProperties
zCommandPassword
zCommandUsername =zenoss
if you prefer to use ssh key, only enter zCommandUsername ( it appears only dsa type key works)
It is global setting for all devices, it apply to any devices.


#====Create template to use the script

Classes--Devices--Templates--Add Template (add template is hidden drop down menu brought up by clicking the small triangle button)
New data Source ( ID: userdefined TYPE: command)




Enabled:true
use ssh :true
Event Class:/cmd/fail
Severity:error
Command Template:/usr/local/bin/check_test.sh
#====Bind the template to your Device
Device List--yourdevice--Open--
Click the small triangle button--More--Template
Click the small triangle button--Bind Templates--add new template to selection (You can select multiple templates)
#====Test
/opt/zenoss/zenoss/bin/zencommand run -d 10.248.248.22 -v10



INFO:zen.zencommand:---------- - schedule has 1 commands
DEBUG:zen.zencommand:Next command in 299.977344 seconds
DEBUG:zen.SshClient:10.248.248.22 host key: 66:d3:e2:09:45:80:36:0d:16:77:0a:db:7a:9d:4a:e6
DEBUG:zen.SshClient:creating new SSH connection...
DEBUG:zen.SshClient:Attempting to authenticate using username: zenoss
DEBUG:zen.SshClient:Getting SSH public key from ~/.ssh/id_dsa
DEBUG:zen.SshClient:Expanded key path from ~/.ssh/id_dsa to /home/zenoss/.ssh/id_dsa
DEBUG:zen.SshClient:Getting SSH private key from ~/.ssh/id_dsa
DEBUG:zen.SshClient:Expanded key path from ~/.ssh/id_dsa to /home/zenoss/.ssh/id_dsa
INFO:zen.SshClient:Connected to device 10.248.248.22
DEBUG:zen.SshClient:started the channel
DEBUG:zen.SshClient:opening command channel for /usr/local/bin/check_test.sh
DEBUG:zen.SshClient:running command remotely: exec /usr/local/bin/check_test.sh
DEBUG:zen.SshClient:command /usr/local/bin/check_test.sh data: 'check test-FAILED\n'
DEBUG:zen.zencommand:Process check_test.sh stopped (1), 1.614611 elapsed
DEBUG:zen.zencommand:The result of "/usr/local/bin/check_test.sh" was "check test-FAILED


As output shows, it connected to remote host via ssh then run the command /usr/local/bin/check_test.sh
Back to GUI, the alarm should appear in event log of the device.