As an update to my previous post “Linux SSH + PAM + LDAP + 2003 R2 AD Deployment“, SSSD is now part of the base RHEL6 repository (soon CentOS6 as well) which makes it much faster and easier to implement LDAP/AD authentication. In regards to configuring Active Directory, not too much has changed since my previous post so you’ll need to hit up the previous guide for a complete guide. So lets get to it..
In my last post I showed a good example for using expect in a script. Here is another good example I use for updating local user passwords across a group of servers without using ssh keys. This assumes the user you are resetting can ssh to the host and the old password is the same on all hosts.
One of my recent projects was to initiate a server-wide shutdown should our UPS ever run low. I currently have Zenoss monitoring the health status of the UPS, including the remaining charge on the battery. Using Zenoss thresholds, I can make a script execute if the battery ever runs low.
Our Zenoss deployment currently runs on CentOS, so I put down a method to shut down each type of host from a linux platform. After much researching and testing, this is what I came up with (and am currently using in my shutdown script).
For Windows:
net rpc SHUTDOWN -C "Automated shutdown" -f -I "$server" -W $domain -U $username%$password |
I replaced my arguments with some that would be more readable. User and password are separated with %.
For Linux:
CMD="ssh -l $username $server shutdown -h now" expect -c " match_max 100000 spawn $CMD expect { \"Are you sure you want to continue connecting (yes/no)?\" { send \"yes\r\" exp_continue } \"password:\" { send \"$password\r\" expect -re \"$username*\" } } " |
I wanted to shutdown linux servers without using keys but had to overcome the “do you want to connect” prompt. In order to do that I had to use exact which can be installed with “yum install exact”
By turning these into functions and passing arguments, you can make a shutdown script in a couple of minutes.
[jaredo@zim ~]$ cat /proc/meminfo MemTotal: 32962112 kB MemFree: 237376 kB Buffers: 235768 kB Cached: 20340388 kB |
Monitoring after a recent reboot:
I found Subversion (svn) over HTTP to be very easy to deploy on top of our existing setup, and only took about 15 minutes. It simplifies user management by allowing us to manage users through Active Directory, and makes it easier on staff by using URLs for access. Here is a quick demonstration on a Fedora 9 box, assuming you have already performed a basic or default apache install. Continue reading
Today I decided to setup automated installations for Linux distros (RHEL, Fedora, CentOS), similar to how we deploy our Windows installations via PXE. Since we already had WDS running for installing Windows, it was just a matter of reconfiguring WDS, setting up the necessary structure and kickstart files for our automated Linux installations. While I do not cover the initial WDS installation process, I will attempt to go over the steps performed after the basic WDS install (native or mixed). Continue reading
Often I find my self working in a department where the skill sets of individuals varies significantly, and my current position is no different. While there is nothing wrong with this, there have been several occasions (like being on vacation), where help desk personnel or other less savvy users are called upon to perform basic functions . Continue reading