Tommi's stuff

Been dabbling with getting RocketRaid 1740 to work on Centos 5. It was not as easy as I had hoped but below you can view the steps needed for the implmentation.

HighPoint RocketRaid 1740 is only supported on Red Hat / CentOS 5.2 so you have to install it first.

Download the driver from http://highpoint-tech.com/USA/bios_rr1740.htm

You can download the media for CentOS 5.2 at http://vault.centos.org/5.2/isos/

Now you need to go through the Install guide http://highpoint-tech.com/BIOS_Driver/rr1740/Linux/newformat/Install_RHEL_CentOS_RR174x.pdf

To shortly go over what you need to do:

• Untar the contents of the driver onto a USB flash drive
• Boot 5.2 with the boot params “linux nostorage”
• When the graphical X look is up and running, hit CTRL-ALT-F2
• Mount the USB flash drive
• copy the contents of the driver to /tmp/hptdd
• unmount the flash drive
• run sh /tmp/hptdd/rhel-install-step1.sh
• Go back to the install, CTRL-ALT-F6
• Setup the OS as usual all the way till all packages are installed, it says “Congratulations, the installation is complete.”
• Hit CTRL-ALT-F2 again
• cp -r /tmp/hptdd /mnt/sysimage/tmp/hptdd
• chroot /mnt/sysimage
• sh /tmp/hptdd/rhel-install-step2.sh
• exit
• Hit CTRL-ALT-F6 and hit Reboot
• Voila, the machine should boot normally

Kernel updates can also be problematic, so here’s how I do it

Download the latest Open Source driver version from http://highpoint-tech.com/USA/bios_rr1740.htm

I untar it into /usr/src and you need to modify the script below if you change the path

cd /usr/src

tar zxvf rr174x-linux-src-v2.4-091009-1434.tar.gz

Now, I have a special script to build for the latest kernel

So, if you haven’t already, do yum -y update

Download my build script from http://tommi.org/static/update-rr17xx.sh

cd /usr/local/bin

wget http://tommi.org/static/update-rr17xx.sh

chmod 750 /usr/local/bin/update-rr17xx.sh

/usr/local/bin/update-rr17xx.sh

If everything looked alright, you should be ready to boot into your new kernel

Nagios plugin as an added bonus

I decided to write up a Nagios plugin as an added bonus and you can get it at http://tommi.org/static/rr-state.pl

It should grab broken raid arrays and if the machine is rebuilding

OK, everything is great

Warning, Logical disk is rebuilding

Critical, Failed drive

I wanted to put up for easy reference, how to setup the Oracle Instant Client packages on a SELinux enabled Red Hat Enterprise Linux 5 machine, the documentation was created on a x86_64 machine but should work on the 32 bit version as well.

Install packages:

oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm

Put the relevant libraries into the textrel_shlib_t context:

semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64 /lib/libnnz11.so
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libclntsh.so.11.1
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libsqlplus.so
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libociei.so
semanage fcontext -a -t textrel_shlib_t /usr/lib/oracle/11.1/client64/lib/libsqlplusic.so
restorecon -R -v /usr/lib/oracle/11.1/client64/lib/

Put the libraries into the path of the dynamic library loader

echo "export ORACLE_HOME=/usr/lib/oracle/11.1/client64" > /etc/profile.d/oracle.sh

Set the path to the tnsnames.ora, I like /etc/tnsnames.ora

echo “export TNS_ADMIN=/etc/tnsnames.ora” >> /etc/profile.d/oracle.sh

Of course you have to have a valid tnsnames.ora file available.

Logout and login to update your environment and voila, you should be able to run sqlplus, install perl-DBD-Oracle or php-oci8, python, whatever your flavor is..

Ohh, and merry christmas!

Installed Fedora 10 a couple of days ago and I must say I’m very pleasantly surprised. Install went smoothly as ever and getting everything up and running was pretty much painless. Here’s pretty much what I needed to do to get it working on my HP nw9440 laptop:

• Installed from the DVD install media
• Setup RPMFusion – rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
• Installed nvidia drivers,yum install xorg-x11-drv-nvidia
• Installed a few of my favorites, gnome-do, mplayer, networkmanager-vpnc, rdesktop, gnucash

A nice surprise was that rhythmbox now automaticly invites me to download and install the needed rpms for mp3 playback and others, finally!

Also, suspend and hibernate now works perfectly.

NetworkManager now works out of the box with my iwl3945 wifi card.

OpenOffice.org 3.0, now opens evil Microsoft Office 2007 files.

Conclusion, haven’t stumbled across a single annoying thing so I’m extremely happy with the quality of this release!

There was a change in recent module for FreePBX where the lookup source uri could not contain cid=${CALLERID(num)}. The fix for that is to change it to cid=[NUMBER].

See the AsteriskJA page.

I’ve tried quite a few methods to block password guessers from guessing passwords on machines that have open SSH, POP, IMAP… What I usually used was iptables and the recent module “iptables -m recent –help” if you are interested in that. The main problem with the iptables approach is it blocks a number of new connections from the same host whether they are invalid password attempts or just a user opening many ssh connections.

In comes pam_abl which enables blacklisting on unsuccesfull password attempts. I’ve installed this on a few Red Hat Enterprise Linux machines, you can download rpm’s for RHEL at Dag Wieers site.

Download pam_abl

# wget http://dag.wieers.com/rpm/packages/pam_abl/pam_abl-0.2.3-1.el5.rf.x86_64.rpm

Install

# rpm -Uvh pam_abl-0.2.3-1.el5.rf.x86_64.rpm

Configure pam_abl in /etc/pam.d/system-auth

auth        required      pam_env.so
auth        required      pam_abl.so config=/etc/security/pam_abl.conf
auth        sufficient    pam_unix.so nullok try_first_pass

Configure /etc/security/pam_abl.conf according to your own paranoia.. Here’s mine:

# /etc/security/pam_abl.conf
# debug
host_db=/var/lib/abl/hosts.db
host_purge=2d
host_rule=*:4/1h,30/1d
user_db=/var/lib/abl/users.db
user_purge=2d
user_rule=!root:4/1h,30/1d

You can check the state of pam_abl and manipulate it with the command pam_abl

# pam_abl
Failed users:
tommi (5)
Blocking users [!root]
Failed hosts:
evil.tommi.org (5)
Blocking users [*]

Now you have Auto Blacklisting for ftp, ssh, imap, pop, basicly anything that uses PAM for authentication. You can also just use it for one and one service for instance putting the pam line in /etc/pam.d/sshd instead of /etc/pam.d/system-auth.

I just finished updating my tv_grab_is script to use the xml interfaces which every Icelandic broadcasting company has.

I changed the xmltv id’s to reflect changes of names at 365. Sýn became Stöð 2 Sport, Sýn2 became Stöð 2 Sport 2, etc…

If you are using mythtv you need to update your xmltvid’s for channels and also the ~/.mythtv/FILENAME.xmltv. Run

tv_grab_is –list-channels

You can always get my newest version from my trac.

You will need to install the perl module XML::Simple until I rewrite the xml handling code but I’m too lazy right now, install methods:

yum install perl-XML-Simple

apt-get perl-XML-Simple

cpan perl-XML-SImple

Just re-added my gnucash scripts for importing data from Kaupþing XML transaction data and Landsbanki kredit card statements. Find them at /gnucash

I’m expecting to start work on changing tv_grab_is program guide grabber to utilize the new XML feeds from 365 (Stöð 2) and also using the XML from RUV in the next few days. Sadly Skjár 1 have not yet created a XML feed so I’ll have to keep on doing HTML parsing for their program data.

Also going to revisit having the xmltv folks accept my new version.

My current version of tv_grab_is

I am finishing writing a program called pysmsqueue that can manage to send SMS text messages through phones on multiple hosts or multiple phones on multiple hosts. There for handles load balancing, e.g. sending multiple messages at the same time. The code works pretty much for me but should be considered beta quality. You can have a look at the source in my trac.

The reason for writing it is that I needed something more than the gnokii-smsd that can handle failures of phones. I’m using this as a messaging system for Nagios so it needs to be highly available.

I’m expecting to release a setup file with RPM’s pretty soon.

You can do a subversion checkout with

svn co http://tommi.org/repos/tommi/trunk/pysmsqueue

I just tried out recordmydesktop. It’s a pretty cool program that basicly does what it says, that is record my desktop. It also captures audio from mic and any music/sounds you are playing at the time of recording. Good for creating video demos, tutorials, whatever. Grit!