Due to an untimely wipe of my partition table information from my 1TB hard drive on my desktop. I find myself once again questioning the OS I use on my desktop, my archiving capabilities, and the portability of my setup.

With all this in mind I have set down some concepts below; It will certainly be interesting to see if I keep to them, which fall by the wayside, when and why?

I am looking to run my desktop PC which is powerful; AMD 6 core CPU and 16GB of RAM as multiple machines.

This is not something new exactly, as I have been running multiple virtual machines on my desktop for years (that is why I have 16 Gig of RAM) the subtle difference is my desktop will comprise of multiple machines.

Goal is to remove and thin down the Host as much as possible.

Portable Apps should be used where possible and synced to network drive and be available for all windows desktops for use.

An attempt will be made to keep the disk drive image size down to below 64GB (e.g 63GB) , as these size flash drives are becoming cost effective it would be useful to be able to take any desktop environment with me.

I will be making an effort to try and use ubuntu when both OS provide the same application. I will see how this goes with MS Office as I cannot have files corrupted for work.

A word about the Host PC and the Guests:

I will have a slimmed down Host running win7 X64. it should take care of the following.

1. Adaptive tools which are graphic or hardware restrictive such as Zoom Text and Outbook (to cope with my visual impairment).
2. Graphic intensive applications (do I use any?)
3. VMWare workstation
4. Drivers for the hardware
5. Obscure applications that will not function in a VM Guest, these should be listed so a check can be made to see if ways around the issue is available later.

The DRP VM Guests initially identified:

• ubuntu x64 Desktop
• Win 7 x64 Desktop (Browsing, Work etc)
• Win 7 x64 Desktop Programming
• BMT (portable “Blind Man Tools” guest synced to flash drive)
• Other Specialist desktops as required

The first question that hits me is “Should each machine have its own network identity?” or “Should i use a VMWare bridge network adaptor or NAT?”.

I think the initial answer is I can see more issues with using a single identity, so they will all have separate ones; leading on from that decision it would make sense that a virtual machine can be seen at the network level as a separate entitiy so they will all have bridged interfaces. Ok,

I think its time to start…. I will let you know how it goes!

This post has an install script towards the bottom which will install SNMP Daemon and its required configuration for you. That feat is the result of many hours of work. The BASH scripting only took an hour or two to knock together, the main effort was getting SNMP working with no errors with both IPv4 and IPv6 support; MIB support and SNMP Traps sent for notification of events.

I have tested the script using ubuntu 11.04 and more recently with revision 1.1 of the scrpt I have tested with ubuntu 8.04.

NOTE: With NET-SNMP version 5.4.1 on ubuntu 8.0.4 I did notice that the only way to remove the error “getaddrinfo:  Name or service not known” on startup was to remove the IPv6 parameters from the listening address, IPv6 lookups do work on 8.0.4 but you do have to live with some early immature code issues.

I suggest you copy the script below and paste into a file on your ubuntu  system and make sure you chmod the file to make it executable from root;

chmod 755 <script-name>

should do it.

If you have a number of machines to install SNMP on, I suggest you change the defaults towards the top of the script to match your network and environment requirements this will make for a simpler and faster install.

#!/bin/bash
#
# SNMP install
#by Paul Miller
#Revisions:
#1.0 - Initial
#1.1 - corrections after testing with ubuntu 8.04 LTS


#CHANGE DEFAULT script variables here before running

def_READ_ONLY_SECRET=”public”
def_READ_WRITE_SECRET=”private”
def_IPv4_SUBNET=”192.168.0.0/24”
def_IPv6_SUBNET=”2001:470:812c::/64”
def_SYS_LOC=”New Zealand”
def_SYS_CONT_NAME=”Paul Miller”
def_SYS_CONT_EMAIL=”idkpmiller@sip2serve.com”
def_TRAP_COMMUNITY=”idknet”
def_TRAP_RECEIVER=”nms.sip2serve.com” # IP or FQDN of a SNMP TRAP recievering
server


#====END of User Varables==================

#check current user is root
(( `id -u` )) && echo “Must be ran as root, try prefixxing with sudo.” && exit 1

#clear the screen
clear

# Get Input from User
echo “Capture User Options:”
echo “=====================”
echo “Please answer the following questions.”
echo “Hitting return will continue with the default option”
echo
echo


read -p “System Location [$def_SYS_LOC]: ” -e t1
if [ -n “$t1” ]; then def_SYS_LOC=”$t1”;fi

read -p “System Contact Name [$def_SYS_CONT_NAME]: ” -e t1
if [ -n “$t1” ]; then def_SYS_CONT_NAME=”$t1”;fi

read -p “System Contact Email [$def_SYS_CONT_EMAIL]: ” -e t1
if [ -n “$t1” ]; then def_SYS_CONT_EMAIL=”$t1”;fi

read -p “Trap Community String [$def_TRAP_COMMUNITY]: ” -e t1
if [ -n “$t1” ]; then def_TRAP_COMMUNITY=”$t1”;fi

read -p “NMS or Trap Reciever Address (IP or FQDN) [$def_TRAP_RECEIVER]: ” -e t1
if [ -n “$t1” ]; then def_TRAP_RECEIVER=”$t1”;fi

read -p “IPv4 subnets that can access SNMP on System [$def_IPv4_SUBNET]: ” -e t1
if [ -n “$t1” ]; then def_IPv4_SUBNET=”$t1”;fi

read -p “IPv6 subnets that can access SNMP on System [$def_IPv6_SUBNET]: ” -e t1
if [ -n “$t1” ]; then def_IPv6_SUBNET=”$t1”;fi

read -p “Read Only Community String [$def_READ_ONLY_SECRET]: ” -e t1
if [ -n “$t1” ]; then def_READ_ONLY_SECRET=”$t1”;fi

read -p “Read Write Community String [$def_READ_WRITE_SECRET]: ” -e t1
if [ -n “$t1” ]; then def_READ_WRITE_SECRET=”$t1”;fi

cat «EOF
=====================
The Answers provided:
=====================
System Location:       $def_SYS_LOC
System Contact:        $def_SYS_CONT_NAME
System Contact Email:  $def_SYS_CONT_EMAIL
RO Community String:   $def_READ_ONLY_SECRET
RW Community String    $def_READ_WRITE_SECRET
Trap Community String: $def_TRAP_COMMUNITY
Trap Reciever Address: $def_TRAP_RECEIVER
IPv4 Subnet ACL:       $def_IPv4_SUBNET
IPv6 Subnet ACL:       $def_IPv6_SUBNET

EOF

read -p “Press Y to continue with Install.” -n 1
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
    echo “”
    echo “Goodbye!”
    exit 1
fi


# update system
echo “”
echo “###############################################”
echo “update system”
apt-get -qq update

# install requirements
echo “install requirements”
apt-get -y -qq install snmp
apt-get -y -qq install snmp-mibs-downloader
apt-get -y -qq install snmpd
apt-get -y -qq install libsnmp-base

# Configure SNMP
echo “Configure SNMP”
echo “###############”


cat «EOF > /etc/snmp/snmp.conf
#
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loaging them by commenting out the following line.
#mibs :
EOF

echo “/etc/snmp/snmp.conf  - DONE.”
#==========================================

cat «EOF > /etc/snmp/snmpd.conf
############### Generic config information ###############
agentAddress udp:161,udp6:161
sysLocation    $def_SYS_LOC
sysServices    72
sysContact     $def_SYS_CONT_NAME <$def_SYS_CONT_EMAIL>
rocommunity $def_READ_ONLY_SECRET  $def_IPv4_SUBNET
rocommunity6 $def_READ_ONLY_SECRET  $def_IPv6_SUBNET
rwcommunity $def_READ_WRITE_SECRET
rwcommunity6 $def_READ_WRITE_SECRET
trapcommunity $def_TRAP_COMMUNITY
trap2sink $def_TRAP_RECEIVER

############### Common config directives ###############
disk /
disk /var
disk /usr
disk /tmp
swap 16000
#linkUpDownNotifications yes
#defaultMonitors yes
master agentx

############### Node specific config directives ###############

EOF

echo “/etc/snmp/snmpd.conf  - DONE.”
#==========================================


cat «EOF > /etc/snmp/snmptrapd.conf
#
# PLEASE: read the snmptrapd.conf(5) manual page as well!
#
TRAPDRUN=yes
EOF

echo “/etc/snmp/snmptrapd.conf  - DONE.”
#==========================================

cat «EOF > /etc/default/snmpd
SNMPDRUN=yes
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid’
TRAPDRUN=no
TRAPDOPTS=’-Lsd -p /var/run/snmptrapd.pid’
SNMPDCOMPAT=yes
EOF

echo “/etc/default/snmpd  - DONE.”
#==========================================

echo ‘###############’
echo ‘Starting SNMP  ‘
echo ‘###############’

/etc/init.d/snmpd restart
sleep 5

if [ “$(pidof snmpd)” ]
   then
       clear
    cat «EOF
Installation and Configuration of snmp
was successful.

INSTRUCTIONS
============
you can test snmp by using the following commands
for IPv4 systems:
snmpwalk -c public -v 2c localhost sysname

for IPv6 systems:
snmpwalk -c public -v 2c udp6:::1 sysname
EOF

else
      echo “snmpd FAILED! to start”
      echo “Not sure what went wrong.”
fi

exit

Revision: 1.0 - Initial post

             1.1 - corrections after testing with ubuntu 8.04

Well I finally got my posts working by email, this will open the door to new
possibilities to me and make my blog space more useful to what’s important
to me - watch this space and be prepared to be impressed!

I have put a script together that allows me to install a specified version of Zabbix on a Ubuntu server, if you choose not to install the server the script assumes you want to install the Zabbix agent. It also provides an option to compile with IPv6 support.

Although there is some error checking, they can always be more added. If you decide to improve the script further please leave a comment with a link to the new improved version.

It is possibly that the CODE section of this blog provider mucks up some of the special formatting characters, if you have problems check what you see on this page to what has been copied into your script file.

As usual make sure you chmod +x the script file and I suggest you run this with root privelidges.

#!/bin/bash

#TODO
# error checking always needs improving


#Adapted from script found online
# CHANGES by Paul Miller:
#enhanced to offer IPv6 support
#Changed to support mysql
#added option for version support
#server or agent install
#added some error checking
####################################################


#Set Default script variables here before running

DATABASE=”mysql” # option ONLY mysql at present
IPv6=true # options true or false
VERSION=”1.8.8”
DB_USER=”zabbix”
DB_PASS=”zabb1x”
DB_HOST=”localhost”
SERVER_IP=”192.168.0.9” # IP of zabbix server for agents to communicate with.
SERVER_INSTALL=true # if false assumed to be agent only install

#====END of User Varables==================
IPv4_ADDR=`ifconfig  | grep ‘inet addr:’| grep -v ‘127.0.0.1’ | cut -d: -f2 | awk ‘{ print $1}’`
MYSQL=”$(which mysql)”
HOSTNAME=$(hostname -f)
clear

# Get Input from Users
echo “Capture User Options:”
echo “=====================”
echo “Please answer the following questions.”
echo “Hitting return will continue with the default option”
echo
echo
# Get_Server - Do they require a Server Install?
read -p “Install Zabbix Server? true/false [$SERVER_INSTALL]: ” -e t1
if [ -n “$t1” ]
then
  SERVER_INSTALL=”false”
  #Now we ASSUME that this is a Agent ONLY install
  # Get_Server_IP - What Version of Zabbix do they require?
  read -p “What is the Zabbix Server IP Address? [$SERVER_IP]: ” -e t1
  if [ -n “$t1” ]
  then
     SERVER_IP=”$t1”
  else
     SERVER_IP=”192.168.0.9”
  fi
  #====END Get_Server_IP
else
  SERVER_INSTALL=”true”
fi
#====END Get_Server

# Get_Version - What Version of Zabbix do they require?
read -p “Which version? [$VERSION]: ” -e t1
if [ -n “$t1” ]
then
  VERSION=”$t1”
else
  VERSION=”1.8.8”
fi
#====END Get_Version
 
# Get_IPv6 - Do they require IPv6 support?
read -p “Is support for IPv6 required? true/false [$IPv6]: ” -e t1
if [ -n “$t1” ]
then
  IPv6=”false”
else
  IPv6=”true”
fi
#====END Get_IPv6

# Step 1 ================================
# nothing to do for agent only installs
echo
echo “Installation Step 1 Started”

################
#updating system
################

apt-get -qq update
if [ $? -eq 0 ]; then
   echo “Step 1 completed successfully!”
else
   echo “Step 1 FAILED!”  
   exit
fi

# Step 2 ================================

if $SERVER_INSTALL ; then
   #####################
   #install requirements
   #####################
   echo
   echo “Installation Step 2 Started”

   if ! dpkg-query -W fping; then apt-get install -qq -y fping; fi
   if ! dpkg-query -W apache2; then apt-get install -qq -y apache2; fi
   if ! dpkg-query -W php5; then apt-get install -qq -y php5; fi
   if ! dpkg-query -W php5-gd; then apt-get install -qq -y php5-gd; fi
   if ! dpkg-query -W libsnmp-dev; then apt-get install -qq -y libsnmp-dev; fi
   if ! dpkg-query -W libcurl4-openssl-dev; then apt-get install -qq -y libcurl4-openssl-dev; fi
   if ! dpkg-query -W libapache2-mod-php5; then apt-get install -qq -y libapache2-mod-php5; fi
   if ! dpkg-query -W libiksemel-dev; then apt-get install -qq -y libiksemel-dev; fi
   if ! dpkg-query -W libssh2-1-dev; then apt-get install -qq -y libssh2-1-dev; fi
   if ! dpkg-query -W libopenipmi-dev; then apt-get install -qq -y libopenipmi-dev; fi
   if ! dpkg-query -W libmysqlclient-dev; then apt-get install -qq -y libmysqlclient-dev; fi
   if ! dpkg-query -W mysql-server; then apt-get install -qq -y mysql-server; fi
   if ! dpkg-query -W libapache2-mod-auth-mysql; then apt-get install -qq -y libapache2-mod-auth-mysql; fi
   if ! dpkg-query -W php5-mysql; then apt-get install -qq -y php5-mysql; fi

fi
if ! dpkg-query -W build-essential; then apt-get install -qq -y build-essential; fi

echo “Step 2 completed successfully!”

# Step 3 ================================

#######################
#Initial Database setup
#######################
echo
echo “Installation Step 3 Started”

# create zabbix system user
adduser zabbix —no-create-home —system —group —disabled-password —shell /bin/false —quiet
if [ $? -eq 0 ]; then
   echo “   User zabbix created”
else
   echo “   FAILED to create User zabbix”
   exit 1
fi

if $SERVER_INSTALL ; then

   if [ “$DATABASE” == “mysql” ]; then
      echo -n “   Input the MySQL admin user name: “
      read -e MySQLADMIN

      echo -n “   Input the MySQL admin user password: “
      read -e MySQLADMINPASS

      $MYSQL -u$MySQLADMIN -p$MySQLADMINPASS -Bse ‘CREATE DATABASE zabbix;’
      $MYSQL -u$MySQLADMIN -p$MySQLADMINPASS -Bse “GRANT ALL ON zabbix.* TO zabbix@localhost;”
      echo “   mysql database and user created”
    
   else
      echo “postgresql initial DB setup”
      #postgresql initial DB setup

      echo -n “Input the postgre user name for this database: “
      read -e DB_USER

      echo -n “Input the MySQL admin user password: “
      read -e MySQLADMINPASS

   fi

   echo “Step 3 completed successfully!”
fi



# Step 4 ================================
################
#Zabbix download
################
echo
echo “Installation Step 4 Started”

cd /tmp/

DIRECTORY=/tmp/install
if [ ! -d “$DIRECTORY” ]; then
    mkdir /tmp/install
fi

cd /tmp/install
echo ” temporary install directory created”
echo ” downloading zabbix source”

if ! [ -e “zabbix-$VERSION.tar.gz” ]
then
  wget -nv http://prdownloads.sourceforge.net/zabbix/zabbix-$VERSION.tar.gz
  echo “   downloaded zabbix source”
else
  echo “   zabbix source of correct version already exists”
fi

echo ” untar zabbix source”
tar zxf zabbix-$VERSION.tar.gz

echo ” prepare directory and file permissions”
chmod -R 777 /tmp/install/*
cd /tmp/install/zabbix-$VERSION
chmod +x ./configure

if $SERVER_INSTALL ; then
   # DB integration
   echo ” load mysql with provided schemas”
   cd /tmp/install/zabbix-$VERSION/create/schema
   cat mysql.sql | mysql -u$MySQLADMIN -p$MySQLADMINPASS zabbix
   cd ../data
   cat data.sql | mysql -u$MySQLADMIN -p$MySQLADMINPASS zabbix
   cat images_mysql.sql | mysql -u$MySQLADMIN -p$MySQLADMINPASS zabbix
fi

echo ” prepare compile build options”
if $SERVER_INSTALL ; then
   #Server DB and other build options
   build_opts=” —prefix=/usr —mandir=\${prefix}/share/man —infodir=\${prefix}/share/info “

   if $IPv6 ; then
      build_opts=” —enable-ipv6 $build_opts”
   fi

   # —with-mysql
   build_opts=” —with-mysql $build_opts”

   cd /tmp/install/zabbix-$VERSION
   echo “Using configure set like this: “
   echo “configure —quiet —enable-server —with-net-snmp —with-libcurl —with-openipmi —with-jabber —with-ssh2 —enable-agent $build_opts”

   echo “”
   ./configure —quiet —enable-server —with-net-snmp —with-libcurl —with-openipmi —with-jabber —with-ssh2 —enable-agent $build_opts
else
   #Agents only build options
   build_opts=” —prefix=/usr —mandir=\${prefix}/share/man —infodir=\${prefix}/share/info “

   if $IPv6 ; then
      build_opts=” —enable-ipv6 $build_opts”
   fi
   cd /tmp/install/zabbix-$VERSION
   echo “Using configure set like this: “
   echo “configure —quiet —enable-agent $build_opts”

   echo “”
   ./configure —quiet —enable-agent $build_opts

fi


echo “   Ready to compile”
cd /tmp/install/zabbix-$VERSION

make -s install
if [ $? -eq 0 ]; then
   echo “Step 4 completed successfully!”
else
   echo “Step 4 Compile FAILED!”
   exit
fi

sleep 5

#step 5 for Server installations
if $SERVER_INSTALL ; then
   #############################
   #Zabbix $VERSION installation
   #FRONTEND installation
   #############################
   echo “Step 5 FRONTEND installation”

   sed -i.backup -e “s/post_max_size = 8M/post_max_size = 32M/g” /etc/php5/apache2/php.ini
   sed -i.backup -e “s/max_execution_time = 30/max_execution_time = 600/g” /etc/php5/apache2/php.ini
   sed -i.backup -e “s/max_input_time = 60/max_input_time = 600/g” /etc/php5/apache2/php.ini
   sed -i,backup -e ‘/date.timezon/a\date.timezone = “Pacific/Auckland”’ /etc/php5/apache2/php.ini
   cd /tmp/install/zabbix-$VERSION/frontends/php
   sleep 5
   echo “   Make web directory”
   DIRECTORY=/var/www/zabbix
   if [ ! -d “$DIRECTORY” ]; then
      mkdir /var/www/zabbix
   fi
   echo “   Copy zabbix web frontend to web directory”
   cp -a . /var/www/zabbix
   echo “   Change the permissions to default apache2”
   chown www-data:www-data -R /var/www/zabbix


   cat «EOF > /etc/apache2/sites-available/zabbix
<VirtualHost /zabbix>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/zabbix
        <Directory />
                Options FollowSymLinks Indexes MultiViews
                AllowOverride None
        </Directory>
</VirtualHost>
EOF

   echo “   Zabbix $VERSION installation”
fi

#step 5 for agents only they join here…

ln -s /usr/bin/fping /usr/sbin/fping
if $IPv6 ; then
   ln -s /usr/bin/fping6 /usr/sbin/fping6
fi

DIRECTORY=/etc/zabbix
if [ ! -d “$DIRECTORY” ]; then
   mkdir $DIRECTORY
fi

DIRECTORY=/var/log/zabbix
if [ ! -d “$DIRECTORY” ]; then
   mkdir $DIRECTORY
   chown zabbix:zabbix -R $DIRECTORY
   chmod 766 $DIRECTORY
fi

DIRECTORY=/var/run/zabbix
if [ ! -d “$DIRECTORY” ]; then
    mkdir $DIRECTORY
    chown zabbix:zabbix -R $DIRECTORY
    chmod 766 $DIRECTORY
fi

cp /tmp/install/zabbix-$VERSION/misc/conf/zabbix_agentd.conf /etc/zabbix

#check for server install
if $SERVER_INSTALL ; then
   cp /tmp/install/zabbix-$VERSION/misc/conf/zabbix_server.conf /etc/zabbix
   sed -i.backup -e “s/DBUser=root/DBUser=$DB_USER/g” -e “s|/tmp/zabbix_server.log|/var/log/zabbix/zabbix_server.log|g” -e “s|# PidFile=/tmp/zabbix_server.pid|PidFile=/var/run/zabbix/zabbix_server.pid|g” /etc/zabbix/zabbix_server.conf
fi
sed -i.backup -e “s|/tmp/zabbix_agentd.log|/var/log/zabbix/zabbix_agentd.log|g” -e “s|# PidFile=/tmp/zabbix_agentd.pid|PidFile=/var/run/zabbix/zabbix_agentd.pid|g” /etc/zabbix/zabbix_agentd.conf

chown zabbix:zabbix -R /etc/zabbix

cp /tmp/install/zabbix-$VERSION/misc/init.d/debian/zabbix* /etc/init.d/

#check for server install
if $SERVER_INSTALL ; then
   sed -i.backup -e “s|/usr/local/sbin/|/usr/sbin/|” /etc/init.d/zabbix-server
   chmod 775 /etc/init.d/zabbix-server
   update-rc.d zabbix-server defaults
   echo “   Starting the zabbix server”
   /etc/init.d/zabbix-server start
   echo “   Restarting Apache for changes to take effect”
   /etc/init.d/apache2 restart
   sleep 5
   if [ “$(pidof zabbix_server)” ]
   then
      echo “Server Installation Complete!”
      echo “zabbix can be found at: “
      echo “http://$IPv4_ADDR/zabbix”
      echo “  Login:  admin”
      echo “  Passwd: zabbix”
   else
      echo “Installation FAILED!”
      echo “zabbix server process is NOT running.”
      echo “Not sure what went wrong.”
   fi
else
   sed -i.backup -e “s|/tmp/zabbix_agentd.log|/var/log/zabbix/zabbix_agentd.log|g” -e “s|# PidFile=/tmp/zabbix_agentd.pid|PidFile=/var/run/zabbix/zabbix_agentd.pid|g” -e “s|Server=127.0.0.1|Server=$SERVER_IP|g” -e “s|Hostname=Zabbix server|Hostname=$HOSTNAME|g” /etc/zabbix/zabbix_agentd.conf

fi

sed -i.backup -e “s|/usr/local/sbin/|/usr/sbin/|” /etc/init.d/zabbix-agent
chmod 775 /etc/init.d/zabbix-agent
update-rc.d zabbix-agent defaults
echo “   Starting the zabbix agent”
/etc/init.d/zabbix-agent start
sleep 5

if [ “$(pidof zabbix_agentd)” ]
   then
      #cleaning up
      rm -rf /tmp/install
      echo “Agent Installation Complete!”
   else
      echo “Agent Installation FAILED!”
      echo “zabbix agent process is NOT running.”
      echo “Not sure what went wrong.”
   fi

exit

Revision History

• First release 30/12/2011

I was recently asked for my NZ dial plan as apparently there is very few around.
I have since done a search using Google and found that indeed there are none easily found, and the ones that are listed are not that comprehensive.

Your device may need the dial plan in a different format and you may need to read your device manual to get the correct syntax.

But here is my dial plan I use, please feel free to offer corrections by leaving a comment.

(00xxxxx. | 001xxxxxxxxxx | 0061[02-9]xxxxxxxx | 01xxx. | 01[08] | 0110 | 0122x | 012[45] | 015[013-9] | 017[0-69] | 019[67] | 0198xx | 02xxxxxxxx. | 0210[013-79]xxxxx | 021[12]xxxxxx | 021[3-9]xxxxx | 026[02349]xxxxxx | 027[02-79]xxxxxx | 029xxxxxxx | 0[3469]xxxxxxx | 070xxxxxxx | 07[2-9]xxxxxx | 05xxxxx. | 0508xxxxxx | 08xxxxx. | 0800xxxxxx | 0818xx | 0830xx | 08321x | 087[459]x | 1xxx. | 111 | 12[0-8] | 129x | 1[3-6]x | 17xx | 19[67] | 19[34589]x | [2-9]xxxxxx | 911 )

Revision:

30/12/2011 Added 0279 prefix

Ok, so its not rocket science to install webmin on Ubuntu, however as I spend a reasonable amount of time building up servers to try new applications or test particular versions of applications that I already use, I find I spend a fair amount of time repeating the same boring tasks; one of them being installing Webmin.

To use this script sudo in root using

sudo su

Make sure the script has the execute permision flag set you can simply ‘cd’ to the directory where you copied the script and type:

chmod +x webmin_install.sh

run the script by typing

./webmin_install.sh

This script will install the latest version of webmin on your machine.

Hmm… I cannot see how to attach the script file to this post, so instead I have copied the contents below, the details above assume you copy the script below into a file called webmin_install.sh

#!/bin/bash
#
# webmin install


# update system

echo ‘###############’
echo ‘update system’
echo ‘###############’
apt-get update

# install requirements
echo ‘###############’
echo ‘install requirements’
echo ‘###############’

apt-get install -y perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python

#update repo
echo ‘###############’
echo ‘   Repo setup  ‘
echo ‘###############’

echo “deb http://download.webmin.com/download/repository sarge contrib” » /etc/apt/sources.list
echo “deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib” » /etc/apt/sources.list

#Install GPG key
echo ‘###############’
echo ‘  Install GPG  ‘
echo ‘###############’
cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc

#Download and Install webmin
echo ‘###############’
echo ‘Install Webmin ‘
echo ‘###############’
apt-get update
apt-get install -y webmin

Well this issue is not expected to be seen by many as it is particular scenario where the issue arises.

If your network has IPv4 DHCP and IPv6 DHCP enabled then you may see this issue.

Your newly installed off the CD ubuntu 11.10 requests and receives both an IPv4 and a IPv6 address making your freshly installed system a dual stacked one.

You would think that having both IPv4 and IPv6 would make IP communications possible with a wider audience than a simply IPv4 or IPv6 only system. In reality you get the same connectivity as a native IPv6 attached host, Why?

Well as ubuntu ONLY adds IPv6 DNS server entries from the DHCP information received to /etc/resolv.conf this causes an issue whereby standard sites that do not operate IPv6 are not accessible. The simply answer is to add a new nameserver entry for your IPv4 DNS servers.

This does mean as a side effect that even if you only have two name servers per IP stack, it can cause slow response when a DNS server has failed, to help combat this I use the following line at the end my resolv.conf file.

options timeout:1 attempts:2 # reduce DNS timeout to 3 seconds

My full /etc/resolv.conf file looks similar to this:

domain example.com
search example.com
nameserver 2001:470:1::6
nameserver 2001:470:2::8
nameserver 192.168.0.6
nameserver 192.168.254.8
options timeout:1 attempts:2 # reduce DNS timeout to 3 seconds

Findings

The developers of SSH have recognised that it is the application that should request the QoS required from the underlying layers.

In the case of SSH they have recognized that SSH supports two different traffic groups on a session by session basis, so if you are using an interactive ssh session the application will request a DSCP value that can be configured in the ssh_config file. The use of SCP as a session will mean that a different configurable DSCP marking will be applied.

By default ssh sessions are configured for “low delay” and SCP for “throughput”.

Now comes the problem.

The current versions ignore the option set in the config files effectively making the default settings no better than “hard coded”.

Implementation

I have reluctantly decided that while this issue remains in the application; I have no way forward than to use the mangle tables of IP Tables to mark the traffic based on socket number.

I will provide a full list of my IP tables mangle options in another post.

This post looks at the basics of QoS and what can be done within my network to promote certain application behaviors at the expense of others.

Background

First some basics. IP QoS is only beneficial when resources such as bandwidth are limited and congestion occurs.

Therefore one way to avoid the need for IP QoS is to have unlimited (or at least beyond your needs) resources. This is unfortunately not a viable option for many networks and for services that flow over those networks that we have little or no control is certainly not a viable method.

A simple way of considering QoS is to think of it as a contract. A service requests a contract from the network and says for me to work satisfactorily I need certain levels of assurance. As we are dealing with IP Qos these assurances are mesured by metrics such as:

• throughput or bandwidth
• latency
• jitter
• loss

The IP (network layer) is responsible for setting up a contract that meets all the contracts it has agreed to with the layers above typically session and application.

This concept can be depicted using the picture below.

Ideal Situation

As the Application is the only thing that knows what it needs from the layer below to function satisfactorily then the developer of the application is responsible for coding this contract negotiation into their application, unfortunately many developers assume theirs is the only application running and that all resources are infinite so therefore do not bother to include the necessary logic to request a service contract.

As I go through setting up QoS on my applications, I will check to see if the developers have implemented QoS and where they have I will prefer to use this rather than simply implementing it at the IP layer which can struggle with some of the nuances of services.

Where applications have yet to have the capabilities developed for Service Quality I will look at the IP or Network layer to try to fill the gap as best as it can.

Planning for QoS

QoS implementation is not something to be entered into lightly, it is complicated and time consuming. To make matters worse different groups of people have different perspectives on what it means and how it should be implemented. This leads to confusion when two people converse and although the language is the same the meaning is different and leads to arguments and confusion.

I AM NOT the worlds expert on QoS I know that for sure.

However I have grasped that “a device view”, “a bit-pipe view”, “an Internet view” do not meet the acronym of Quality of SERVICE. The service is seen as being provided by an application in most of the cases I have looked at and it is therefore of little benefit to know that a single device is setup correctly for “QoS” when to get the true benefit I need all devices, networks, and session components that the service requires to be aligned and working in harmony to provide me with the quality assurance I require.

This is a big ask! and if we do have the Internet involved is currently doomed to failure as we do not have a way of asking for a contract higher than “Best Effort” from the Internet.

However rather than throw our hands in the air and say this is pointless what we can limit the impact that devices and networks play on our services by ensuring we present our traffic to the Internet in a prioritized way, and if the loss, jitter, latency seen becomes too much we do not add to the issue by using services that will not perform satisfactorily in those conditions at that time.

I have produced a list of groups that represent Traffic types. I have used material found around the internet to map applications in to different traffic groups and assigned a marking that can be used to distinguish them.

This marking is called DSCP (DiffServ Code Point) and is a set of bits in the IP header, there is lots of discussion on  the internet to explain DSCP so I will not go into this in this post.

Armed with my list of applications mapped to DSCP values which in turn is grouped into traffic Groups I will proceed to take each application I find which is not in the default Traffic Group (aka as “Best Efforts”) and see how best to implement QoS for that application.

As your list of applications and the associated mapping to DSCP and groups will no doubt be different. I will use the next post to go through some of the applications I have and how I have dealt with them.

Till next Time….

I have been setting up a LDAP server using ubuntu 11.04 and the guides around the Internet. This seems to go reasonable well.

I used the documentation found HERE

On the client you need to use three simple comands that are issued from root or a user that has sudo su privileges.

sudo apt-get install libnss-ldap

sudo auth-client-config -t nss -p lac_ldap

 sudo pam-auth-update

After setting up the ldap client I found two issues, the symptoms are:

1. unable to login as a ldap only user on the system
2. unable to change passwd of a ldap only user

The first one is easily solved edit the file /etc/ldap/ldap.conf and uncomment the host statement and make sure it has the ip address of your ldap server.

The second issue was a little harder to track down, when you have logged in as a ldap user and type passwd to change the users password you see something like:

$ passwd

Enter login(LDAP) password:

passwd: Authentication information cannot be recovered

passwd: password unchanged

The way around this is to logon with a user that has root privelidges and type

sudo apt-get install libpam-cracklib

After this logoff and try logging in with your ldap user and now when you try to change the passwd this should all work nicely.

Hope this helps!