Sunday, December 28, 2014

Tips for Monitoring Linux server Best and Simples Tips

Well welcome back guys to my blog on Tips for Linux server monitoring the activities on Linux server.

The following tips will allow you to monitor the activity on Linux server.Its start with the few assumptions like  
  1.  you are using CentOS server 
  2. You are also having minimal installation of Centos  
I am assuming minimal install as i can provide you the details
like installation of mail agent etc .

so lets start with it.

First of all you need to have internet connectivity on server if so then by default postfix is installed on you server so you can go for it else if you don't have internet connectivity and you have mail server configured on some other server This can be the code when you are running payment-gateway on server and PCI slandered won't allow you to so so then 

Install mailx as a client to send a mail so that you can use a command mail to send a mail

 #yum install mailx 

Install ssmtp on your Centos server and open the /etc/ssmtp/ssmtp.conf
  
# vim /etc/ssmtp/ssmtp.conf file

the added the following line to the file make sure you change the email address and password as per your mail server configuration. 

for simplicity and to cover more point i am taking gmail as my mailing server not the default postfix.
 
AuthUser=vijay9867206455@gmail.com
AuthPass=xxxxxxxx
FromLineOverride=YES
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES
TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt
 

I have added the last line as while using the gmail you will get a typical error that can not connect to smtp.gmail.com  and to avoid the error I have added the below line for the TLS certificate.

then close the file and execute the following commands 

 # service sendmail stop && service postfix stop
 # chkconfig sendmail off
 # mv /usr/sbin/sendmail /usr/sbin/sendmail.old 
 # ln -s /usr/sbin/ssmtp /usr/sbin/sendmail

so good so then strat the postfix service and we will try to send a sample mail by using following command.
   #echo "This is a test" | mail -s "Test" vijay9867206455@gmail.com

and we will receive a mail for it.

Then open /etc/aliases

vim /etc/aliases

and find the like look like this

# Person who should get root's mail
#root: marc


and change this to look like this

# Person who should get root's mail
root: vijay99867206455@gmail.com

  
as written in file dont forget to fire newaliases command

#newaliases
 
 the simply login as user other than root and try to use sudo with wrong password and you will see you start getting alart for then too for any security breach or any unwanted activity you start getting alert.Its a very small tip but will help you alot for handing large servers for more convinces if you server's ip is 192.168.1.100 then change the host name to 192-168-1-10 or some thing like this so you will get the more clue if you are handling large number of servers

Thanks guys letme know if you have any issue you can mail me on my mail id  

Wednesday, December 10, 2014

Working with NTP (Network Time Protocol) Part 2

Working with NTP (Network Time Protocol) Part2

to set the timezone after the installation in Linux we need to install the tzdata package in Linux 
use the following command to install the tzdata 
# yum install tzdata

# tzselect

and select the proper time zone .

change time zone for specific user in linux
Open the .profile file from the home directory of user in my case assume i have a use called nrathi

so open a file .profile using command 
 # vim /home/nrathi/.profile
it will look like this  
 
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
 

add the following line to it will change the time zone for the specific user as the user local time zone is near to India.
 
# User specific environment and start-up programs
PATH=$PATH:$HOME/bin
export PATHt

timezone='GMT+5.30'; export timezone

and some the file and we are done to test log-out and log-in as nrathi  and test it


 

Working with NTP (Network Time Protocol) Part 1

Installing and Configuring with the NTP

Hello Guys today i will tell you about the NTP protocol and how to play with NTP protocol and some fine tuning with it.so lets start.

To install the NTP on centos

To begin, log in as root

# yum –y install ntpd 

The default installation of NTP will use a public server that has access to the atomic clock, but in order to optimize the service we will need to make a few simple changes in order to streamline and optimize what time servers are used. To do this, we shall open the main configuration file with your favorite text editor like so:

# vi /etc/ntp.conf 
  
Scroll down and look for the following lines:
 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.
html).

server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org

Replace the values shown with a list of preferred time servers like so:

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.
html).

server 0.uk.pool.ntp.org
server 1.uk.pool.ntp.org
server 2.uk.pool.ntp.org
server 3.uk.pool.ntp.org


Now find the following lines:
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodifynotrap
 
 Before starting our time service, we should add and confirm a network range in order that we can determine who can and who cannot receive time service-based requests.

To do this, uncomment the preceding line and replace the values to reflect your

network environment like so:
# Hosts on local network are less restricted.
Restrict XXX.XXX.XXX.XXX mask YYY.YYY.YYY.YYY nomodifynotrap
 
When complete, save and close the file before synchronizing your server by using the following command:

ntpdate NTP_SERVER_ADDRESS_HERE
For example, you can use ntpdate pool.ntp.org.
 
The initial synchronization request requires priming, so you may want to run and repeat this command several times before ensuring that the service will start during the boot process, by using the following command:

# chkconfig ntpd on
 
When finished, you can start the NTP service like so:
 
# service ntpd start
 
You should reboot to ensure that the relevant changes take effect:
 
# reboot
 
Well done, you have now installed and configured the NTP service. The overall process of time synchronization will take some time to complete, but you will be able to use the standard NTP query program (ntpq) in order to review a list of known peers as and a summary of their current state. To do this, return to your
console and type:

# ntpq–p
 

All daemons are prone to the environmental conditions found on your network, and the NTP service is not an exception. Periodic packet breaks can be disruptive, but even if you have not
experienced this yet, it may be advantageous to explore a solution that will make your NTP service far more persistent when probing the third-party servers. Known as the iburst option, this feature is designed to tell the NTP service to issue a burst
of eight packets to the remote server instead of one in order to offer an improved approach to the time synchronization process. Implementing this method is very simple and to begin,
simply return to your console and open the main configuration file in your favorite text editor
like so:

# vi /etc/ntp.conf

Scroll down the file and locate your time servers. Now simply append your time servers with a whitespace followed by the term iburst. For example, your new configuration file will look
like this:

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.
html).
server 0.uk.pool.ntp.org iburst
server 1.uk.pool.ntp.org iburst
server 2.uk.pool.ntp.org iburst
server 3.uk.pool.ntp.org iburst

to sync the clock with the hardware clock we need to sync it by using the following command 
 
# hwclock–systohc

and need to reboot using reboot command  

# hwclock–show

 
 



Monday, October 6, 2014

Compiling Apache from source

Compiling Apache from source 

Hello Friends welcome back again on my blog today I will explain how to compile  the Apache web server from source as its recommended to compile the software from source .

 1. Download the latest and greatest version of apache from the site:
     
     wget http://mirror.sdunix.com/apache//httpd/httpd-2.4.10.tar.gz

2. then extract the source using

 #  tar -xzvf httpd-2.4.10.tar.gz

3. Install the  pre-requisites using the yum utility

# yum install gcc* openssl openssl-devel

4. then changing the directory to the Apache source directory

# cd  httpd-2.4.10

5. configure the Apache source with default modules and Apache configuration directory
 #./configure --prefix=/usr/local/httpd

6.While configuring, we get below error

Error:
checking for APR… configure: WARNING: APR version 1.4.0 or later is required, found 1.3.9

configure: WARNING: skipped APR at apr-1-config, version not acceptable

Solution: 
We need to install apr and apr-util packages to resolve this issue.
Download apr and apr-util packages from

# wget http://mirror.olnevhost.net/pub/apache//apr/apr-1.5.1.tar.gz

# tar xvzf apr-1.5.1.tar.gz

# cd apr-1.5.1

# ./configure –prefix=/usr/local/src/httpd-2.4.10/srclib/apr

# make && make install

For apr-util package

# wget http://mirror.olnevhost.net/pub/apache//apr/apr-util-1.5.4.tar.gz

# tar -xzvf  apr-util-1.5.4.tar.gz

#./configure –prefix=/usr/local/src/httpd-2.4.10/srclib/apr-util

# make && make install

Now configure the Apache

./configure --prefix=/usr/local/httpd --enable-mods-shared=all --with-apr=/usr/local/src/httpd-2.4.10/srclib/apr/bin/apr-1-config --with-apr-util=/usr/local/src/httpd-2.4.10/srclib/apr-util/bin/apu-1-config

We will face an Error...

But, while configuring this we may get below error

Error:

checking for pcre-config… false
configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

Solution:

pcre package needs to be installed to resolve this issue.

Download pcre:

# wget http://sourceforge.net/projects/pcre/files/latest/download?source=files

pcre-8.33.tar.bz2 will be saved

To extract:

# tar jxf pcre-8.33.tar.bz2

# cd pcre-8.33


Now configure pcre with:

Now configure pcre with:

# ./configure –prefix=/usr/local/pcre

# make

# make install

Now configure it again

# ./configure –prefix=/usr/local/http –enable-mods-shared=all –with-apr=/usr/local/src/httpd-2.4.10/srclib/apr –with-apr-util=/usr/local/src/httpd-2.4.10/srclib/apr-util –with-pcre=/usr/local/pcre/

# make

# make install


This is how apache can be installed with source.

Now start and stop services by

/usr/local/apache/bin/apachectl start/stop

Check the apache homepage with http://serverIP/ or http://localhost/

It displays the file which is set for default document root.


Monday, September 15, 2014

First Step towards infrastructure Automation (Ansible is Simple IT Automation)

Hello Guys..

Welcome back..now being an Administrator it can be for any os .We all know As the time passes the infrastructure of the company is always going to increase.Its easy for an Admin to manage 10/20/30 but what if you have to manage 500 server simultaneously..

Eg. we have 500 server installed in company and imagine a new admin come and join you and now its your baby to create login on all 500 servers for him isn't its a time consuming and boring task rather I will say its irritating task for a admin to do this.
      but just imagine the same request come to you and you need to just put useradd command with some tool and it will be replicate across all servers isn't it will be cool..

Now there are many IT automation tool available in market.so we need to choose tool as per our requirement.I have choose Ansible as

  1. Its Free.
  2. Its works on ssh connection only so it will be secure
  3. No separate client configuration required
  4. It uses push model so changes will be reflect fast as compare to pull model
  5. the syntax its uses its YAML its like XML a simple plain English
  6. Its interactive 
  7. its light weighted  

SO here are few steps which we need to follow to make this happen.

step 1:
To install ansible on redhat or fedora or cent OS either download from git or rpm or install using yum utility.before that we need to install python of the machine using

#yum update && yum -y install python && yum install ansible

or on deb you can do the same by adding ppa to the source of apt for that we need to install python-software-properties.

#sudo apt-get update && sudo apt-get upgrade

#sudo apt-get install python-software-properties -y

#sudo add-apt-repository ppa:rquillo/ansible

#sudo apt-get update

#sudo apt-get install ansible

We can also install using the pip command for that we need to install `python-pip` on server.

After that

pip install ansible

For more info refer. http://docs.ansible.com/intro_installation.html

Step 2:

Create and setup ssh key:

If you do not already have an SSH key pair that you would like to use for Ansible administration.As the user you will be controlling Ansible with, create an RSA key-pair by typing:

# ssh-keygen -t rsa
Note: done put any value just use default values for it

# cat $home/.ssh/id_rsa.pubssh-rsa
o/p:
 AAAAB3NzaC1yc2EAAAADAQABAAABAQCjdZoR5lBLaILqn7foYO9N6zlB33K5gUcdCL8LHW4SGS6XZ8f26Ve2oAPHzxVyzLoTar5hlH3sJ/7X0VpfzJBV7fJxUS9/8lZn86sC1g4tZpD3kza6GqMUcBwOcoIfn1EbSVtEqKD+HmHhBgRdNp90//y5n9ULh3Y2IC2UDj+QBoIaKu+LWwJe4N2NgBw/f95Y6a/XGYvtiRiAtZSWPXMTlsFnT/gf7X3+U4nx8Sxzn6rgkOE+QJkKysrrb0o47sguLDcOLGS2h6d2Qo7xvx1ct8v+cRECVfm7XZZIhLP1wbqSh2i7XgOwZELgNqSZ7h+Op+QaF5o/SsB3hHhGzw8j root@nrathi-Lenovo-B460

you will get output some thing like this.We need to copy this o/p to every host which we want to manage using ansible.
As I have only one machine so i am using localhost you can use ip instead of localhost
Create .ssh directory in root's home directory using ansible.

#ansible -m shell -a 'mkdir $HOME/.ssh' localhost -k

note -k is used to specify the ssh password.

# ansible -m shell -a 'chmod -r 700' localhost -k

#ansible -m shell -a 'mkdir $HOME/.ssh' localhost -k

#ansible -m shell -a ' echo "AAAAB3NzaC1yc2EAAAADAQABAAABAQCjdZoR5lBLaILqn7foYO9N6zlB33K5gUcdCL8LHW4SGS6XZ8f26Ve2oAPHzxVyzLoTar5hlH3sJ/7X0VpfzJBV7fJxUS9/8lZn86sC1g4tZpD3kza6GqMUcBwOcoIfn1EbSVtEqKD+HmHhBgRdNp90//y5n9ULh3Y2IC2UDj+QBoIaKu+LWwJe4N2NgBw/f95Y6a/XGYvtiRiAtZSWPXMTlsFnT/gf7X3+U4nx8Sxzn6rgkOE+QJkKysrrb0o47sguLDcOLGS2h6d2Qo7xvx1ct8v+cRECVfm7XZZIhLP1wbqSh2i7XgOwZELgNqSZ7h+Op+QaF5o/SsB3hHhGzw8j root@nrathi-Lenovo-B460" >> .ssh/authorized_keys' localhost -k

ansible -m shell -a 'chmod 600 $HOME/.ssh/authorized_keys' localhost -k

and we are done we have successfully done the setting up the password less ssh across the host in my case they were users of same host.We can foll this or we can add this key in the key start of server which installing it.so that our over head is bit reduce of doing all
we can do the same by traditional way of making password less ssh too.

ref: http://www.namhuy.net/2433/ssh-login-without-password.html

Step 3:
Started with Basic Ansible cofig

On my Ansible computer, I'm using a user called nrathi. Ansible will try to connect to each host with ssh nrathi@<server_ip>.
 This will not work if the nrathi user is not on the remote system.

We can create a file that tells all of the servers in the "newhost" group to connect using the root user.

To do this,
 we will create a directory in the Ansible configuration structure called group_vars. Within this folder, we can create YAML-formatted files for each group we want to configure:

sudo mkdir /etc/ansible/group_vars
sudo vim /etc/ansible/group_vars/newhost

Note: Name of file and host grup name should be same

We can put our configuration in here. YAML files start with "---".

---
ansible_ssh_user: root

save this file and we are done

Note:

If you want to specify configuration details for every server, regardless of group association, you can put those details in a file at /etc/ansible/group_vars/all. Individual hosts can be configured by creating files under a directory at /etc/ansible/host_vars.

Ping all of the servers you configured by typing:

#ansible -m ping all

ping command does not take any argument but as we seen above.we can also try out them to create new user ssh config.checking free memory by free -m

ansible -m shell -a 'free -m' host1

Question
How can we specify multiple hosts in single command or calling specific set of servers ?

The "all" means all hosts. We could just as easily specify a group:

ansible -m ping newhost

We could also specify an individual host:

ansible -m ping host1

We can specify multiple hosts by separating them with colons:

ansible -m ping host1:host2

Note:
Groups can be combined

A:B designates the union of groups A and B
A:&B designates the intersection of groups A and B
A:!B designates the difference, all from A without those in B

#ansible -m ping web

#ansible -m ping web:db

#ansible -m ping web:&db

#ansible -m ping web:!db


Isn't this is cools guys..........

Saturday, August 30, 2014

Add Memory to Running Linux system

Hello guys,
As we know Linux is open source and highly customization can we think of adding Memory to linux system on the fly.Yes it possible.as we can add a swap memory to Running Linux system on the fly.

So the next question is how can we do it....?
It can be done as follows...

need additional swap space to improve my Linux server/desktop system performance. How do I add a swap file to Linux system using command line options without creating a new partitions?

In Linux, as in most other Unix-like operating systems, it is common to use a whole partition of a hard disk for swapping. However, with the 2.6 Linux kernel, swap files are just as fast as swap partitions, although I recommends using a swap partition. The administrative flexibility of swap files outweighs that of partitions; since modern high capacity hard drives can remap physical sectors, no partition is guaranteed to be contiguous. You can add swap file as a dedicated partition or use following instructions to create a swap file.

Procedure To Add a Swap File Under Linux

You need to use the dd command to create swap file. The mkswap command is used to set up a Linux swap area on a device or in a file.

Step #1: Login as the Root User

Open a terminal window (select Applications > Accessories > Terminal) or login to remote server using the ssh client. Switch to the root user by typing su - (or sudo -s) and entering the root password, when prompted:
$ su -
OR
$ sudo -s

Step #2: Create Storage File

Type the following command to create 512MB swap file (1024 * 512MB = 524288 block size):
# dd if=/dev/zero of=/swapfile1 bs=1024 count=524288
Sample outputs:
524288+0 records in
524288+0 records out
536870912 bytes (537 MB) copied, 3.23347 s, 166 MB/s
Where,
  1. if=/dev/zero : Read from /dev/zero file. /dev/zero is a special file in that provides as many null characters to build storage file called /swapfile1.
  2. of=/swapfile1 : Read from /dev/zero write storage file to /swapfile1.
  3. bs=1024 : Read and write 1024 BYTES bytes at a time.
  4. count=524288 : Copy only 523288 BLOCKS input blocks.

Step #3: Set Up a Linux Swap Area

Type the following command to set up a Linux swap area in a file:
# mkswap /swapfile1
Sample outputs:
Setting up swapspace version 1, size = 524284 KiB
no label, UUID=e1fe2038-6554-4d1a-a108-037acd4e02e2
Setup correct file permission for security reasons, enter:
# chown root:root /swapfile1
# chmod 0600 /swapfile1

A world-readable swap file is a huge local vulnerability. The above command make sure only root user can read/write to the file. Finally, activate /swapfile1 swap space immediately, enter:
# swapon /swapfile1

Update /etc/fstab file

To activate /swapfile1 after Linux system reboot, add entry to /etc/fstab file. Open this file using a text editor such as vi:
# vi /etc/fstab
Append the following line:
/swapfile1 swap swap defaults 0 0
Save and close the file. Next time Linux comes up after reboot, it enables the new swap file for you automatically.

How do I Verify Swap is Activated or Not?

Simply use the free command:
$ free -m
             total       used       free     shared    buffers     cached
Mem:          1876       1798         77          0        119       1440
-/+ buffers/cache:        237       1638
Swap:         4607          0       4607

How can I display swap usage summary on Linux?

Type the following swapon command:
# swapon -s
Sample outputs:
Filename    Type  Size Used Priority
/dev/sda6                               partition 4194296 0 0
/swapfile1                              file  524280 0 -1
Another option is to view /proc/meminfo file:
$ less /proc/meminfo
$ grep -i --color swap /proc/meminfo

Sample outputs:
SwapCached:        30748 kB
SwapTotal:       6291448 kB
SwapFree:        6154008 kB
You can also use top command, atop command, and/or htop command to display information about swap usage:
# top
# atop
# htop

Sample outputs from a database server running on a CentOS Linux server:
  1  [||                        3.9%]     Tasks: 171, 106 thr; 1 running
  2  [                          0.0%]     Load average: 0.06 0.12 0.09
  3  [||                        2.0%]     Uptime: 22 days, 07:07:28
  4  [                          0.0%]
  5  [                          0.0%]
  6  [                          0.0%]
  7  [                          0.0%]
  8  [                          0.0%]
  Mem[||||||||||||||||||2112/11909MB]
  Swp[|                   134/6143MB]
  PID USER      PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
 8523 mysql      20   0 4545M  414M  4816 S  0.0  3.5  0:00.00 /usr/libexec/mysq
 8524 mysql      20   0 4545M  414M  4816 S  0.0  3.5  0:02.74 /usr/libexec/mysq
 8525 mysql      20   0 4545M  414M  4816 S  0.0  3.5  0:16.17 /usr/libexec/mysq
 8526 mysql      20   0 4545M  414M  4816 S  0.0  3.5  0:06.33 /usr/libexec/mysq
 8528 mysql      20   0 4545M  414M  4816 S  0.0  3.5  4:02.14 /usr/libexec/mysq
 8529 mysql      20   0 4545M  414M  4816 S  0.0  3.5  5:22.00 /usr/libexec/mysq
 8530 mysql      20   0 4545M  414M  4816 S  0.0  3.5  0:04.63 /usr/libexec/mysq
 8531 mysql      20   0 4545M  414M  4816 S  0.0  3.5  0:50.95 /usr/libexec/mysq
 8532 mysql      20   0 4545M  414M  4816 S  0.0  3.5  0:08.10 /usr/libexec/mysq
 9359 mysql      20   0 4545M  414M  4816 S  0.0  3.5 22:53.28 /usr/libexec/mysq

How can I disable devices and files for paging and swapping on Linux?

You need to use the swapoff command:
# swapoff /swapfile1
# swapon -s

How do I set swappiness on a Linux server?

The syntax is:
# sysctl vm.swappiness=VALUE
# sysctl vm.swappiness=20

OR
# echo VALUE > /proc/sys/vm/swappiness
# echo 30 > /proc/sys/vm/swappiness

The value in /proc/sys/vm/swappiness file controls how aggressively the kernel will swap memory pages. Higher values increase agressiveness, lower values descrease aggressiveness. The default value is 60. To make changes permanent add the following line to/etc/sysctl.conf:
 
echo 'vm.swappiness=30' >> /etc/sysctl.conf
 


and we are done guys..

Tuesday, May 13, 2014

Install OpenERP From Source

Hello Guys,

Welcome Back on my blog Today I will tell you about install OpenERP  from source as its most recommended   for production environment as an administrator we must know it.As This is the most stable way to install OpenERP.

Step 1. Build your server
I install just the bare minimum from the install routine (you may want to install the openssh-server during the install procedure or install subsequently depending on your needs).

After the server has restarted for the first time I install the openssh-server package (so we can connect to it remotely) and denyhosts to add a degree of brute-force attack protection. There are other protection applications available: I’m not saying this one is the best, but it’s one that works and is easy to configure and manage. If you don’t already, it’s also worth looking at setting up key-based ssh access, rather than relying on passwords. This can also help to limit the potential of brute-force attacks.
[NB: This isn't a How To on securing your server...]

#sudo apt-get install openssh-server denyhosts

Now make sure your server has all the latest versions & patches by doing an update:

#sudo apt-get update
#sudo apt-get dist-upgrade

Although not always essential it’s probably a good idea to reboot your server now and make sure it all comes back up and you can login via ssh.

Now we’re ready to start the OpenERP install.

Step 2. Create the OpenERP user that will own and run the application

#sudo adduser --system --home=/opt/openerp --group openerp -s /bin/bash

This is a “system” user. It is there to own and run the application, it isn’t supposed to be a person type user with a login etc. In Ubuntu, a system user gets a UID below 1000, has no shell (it’s actually /bin/false) and has logins disabled. Note that I’ve specified a “home” of /opt/openerp, this is where the OpenERP server code will reside and is created automatically by the command above. The location of the server code is your choice of course, but be aware that some of the instructions and configuration files below may need to be altered if you decide to install to a different location.

[Note: If you want to run multiple versions of OpenERP on the same server, the way I do it is to create multiple users with the correct version number as part of the name, e.g. openerp70, openerp61 etc. If you also use this when creating the Postgres users too, you can have full separation of systems on the same server. I also use similarly named home directories, e.g. /opt/openerp70, /opt/openerp61 and config and start-up/shutdown files. You will also need to configure different ports for each instance or else only the first will start.]

This will su your current terminal login to the openerp user (the “-” between su and openerp is correct) and use the shell /bin/bash. When this command is run you will be in openerp’s home directory: /opt/openerp.

When you have done what you need you can leave the openerp user’s shell by typing exit.

Step 3. Install and configure the database server, PostgreSQL

#sudo apt-get install postgresql

Then configure the OpenERP user on postgres:

First change to the postgres user so we have the necessary privileges to configure the database.

#sudo su - postgres

Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:

#createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt openerp

Finally exit from the postgres user account:

exit

Step 4. Install the necessary Python libraries for the server

#sudo apt-get install python-dateutil python-docutils python-feedparser python-gdata \
python-jinja2 python-ldap python-libxslt1 python-lxml python-mako python-mock python-openid \
python-psycopg2 python-psutil python-pybabel python-pychart python-pydot python-pyparsing \
python-reportlab python-simplejson python-tz python-unittest2 python-vatnumber python-vobject \
python-webdav python-werkzeug python-xlwt python-yaml python-zsi

With that done, all the dependencies for installing OpenERP 7.0 are now satisfied (note that there are some new packages required since 6.1).

Step 5. Install the OpenERP server
I tend to use wget for this sort of thing and I download the files to my home directory.

Make sure you get the latest version of the application: at the time of writing this it’s 7.0. I got the download links from their download pages (note there are also deb, rpm and exe builds in this area too). There isn’t a static 7.0 release tarball as such anymore, but there is a nightly build of the 7.0 source tree which should be just as good and will contain patches as and when things get fixed. The link below is to the source tarball for the 7.0 branch.

Note: As an alternative method of getting the code onto your server, Jerome added a very useful comment showing how to get it straight from launchpad. Thanks!

#wget http://nightly.openerp.com/7.0/nightly/src/openerp-7.0-latest.tar.gz

Now install the code where we need it: cd to the /opt/openerp/ directory and extract the tarball there.

#cd /opt/openerp
#sudo tar xvf ~/openerp-7.0-latest.tar.gz

Next we need to change the ownership of all the the files to the OpenERP user and group we created earlier.

#sudo chown -R openerp: openerp

And finally, the way I have done this is to copy the server directory to something with a simpler name so that the configuration files and boot scripts don’t need constant editing (I called it, rather unimaginatively, server). I started out using a symlink solution, but I found that when it comes to upgrading, it seems to make more sense to me to just keep a copy of the files in place and then overwrite them with the new code. This way you keep any custom or user-installed modules and reports etc. all in the right place.

#sudo cp -a openerp-7.0 server

As an example, should OpenERP 7.0.1 come out soon, I can extract the tarballs into /opt/openerp/ as above. I can do any testing I need, then repeat the copy command so that the modified files will overwrite as needed and any custom modules, report templates and such will be retained. Once satisfied the upgrade is stable, the older 7.0 directories can be removed if wanted.

That’s the OpenERP server software installed. The last steps to a working system is to set up the configuration file and associated boot script so OpenERP starts and stops automatically when the server itself stops and starts.

Step 6. Configuring the OpenERP application
The default configuration file for the server (in /opt/openerp/server/install/) is actually very minimal and will, with only one small change work fine so we’ll simply copy that file to where we need it and change it’s ownership and permissions:

#sudo cp /opt/openerp/server/install/openerp-server.conf /etc/
#sudo chown openerp: /etc/openerp-server.conf
#sudo chmod 640 /etc/openerp-server.conf

The above commands make the file owned and writeable only by the openerp user and group and only readable by openerp and root.

To allow the OpenERP server to run initially, you should only need to change one line in this file. Toward to the top of the file change the line db_password = False to the same password you used back in step 3. Use your favourite text editor here. I tend to use nano, e.g.

#sudo vim /etc/openerp-server.conf

One other line we might as well add to the configuration file now, is to tell OpenERP where to write its log file. To complement my suggested location below add the following line to the openerp-server.conf file:

#logfile = /var/log/openerp/openerp-server.log

Once the configuration file is edited and saved, you can start the server just to check if it actually runs.

#sudo su - openerp -s /bin/bash 
#/opt/openerp/server/openerp-server

If you end up with a few lines eventually saying OpenERP is running and waiting for connections then you are all set.

The Ubuntu 12.04 packaged version of the python gdata client library is not quite recent enough, so to install a more up-to-date version I did the following (exit from the openerp user’s shell if you are still in it first):

#sudo apt-get install python-pip
#sudo pip install gdata --upgrade

Going back and repeating the commands to start the server resulted in no further warnings

#sudo su - openerp -s /bin/bash
#/opt/openerp/server/openerp-server

If there are errors, you’ll need to go back and find out where the problem is.

Otherwise simply enter CTL+C to stop the server and then exit to leave the openerp user account and go back to your own shell.

Step 7. Installing the boot script
For the final step we need to install a script which will be used to start-up and shut down the server automatically and also run the application as the correct user. There is a script you can use in /opt/openerp/server/install/openerp-server.init but this will need a few small modifications to work with the system installed the way I have described above. Here’s a link to the one I’ve already modified for 7.0.

Similar to the configuration file, you need to either copy it or paste the contents of this script to a file in /etc/init.d/ and call it openerp-server. Once it is in the right place you will need to make it executable and owned by root:

#sudo chmod 755 /etc/init.d/openerp-server
#sudo chown root: /etc/init.d/openerp-server

In the configuration file there’s an entry for the server’s log file. We need to create that directory first so that the server has somewhere to log to and also we must make it writeable by the openerp user:

#sudo mkdir /var/log/openerp
#sudo chown openerp:root /var/log/openerp

Step 8. Testing the server
To start the OpenERP server type:

#sudo /etc/init.d/openerp start

You should now be able to view the logfile and see that the server has started.

#less /var/log/openerp/openerp-server.log

If there are any problems starting the server you need to go back and check. There’s really no point ploughing on if the server doesn’t start…

Here is the file which you need to copy paste in /etc/init.d/openerp

#!/bin/sh

### BEGIN INIT INFO
# Provides:             openerp-server
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Should-Start:         $network
# Should-Stop:          $network
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Enterprise Resource Management software
# Description:          Open ERP is a complete ERP and CRM software.
### END INIT INFO

PATH=/bin:/sbin:/usr/bin
DAEMON=/opt/openerp/server/openerp-server
NAME=openerp-server
DESC=openerp-server

# Specify the user name (Default: openerp).
USER=openerp

# Specify an alternate config file (Default: /etc/openerp-server.conf).
CONFIGFILE="/etc/openerp-server.conf"

# pidfile
PIDFILE=/var/run/$NAME.pid

# Additional options that are passed to the Daemon.
DAEMON_OPTS="-c $CONFIGFILE"

[ -x $DAEMON ] || exit 0
[ -f $CONFIGFILE ] || exit 0

checkpid() {
    [ -f $PIDFILE ] || return 1
    pid=`cat $PIDFILE`
    [ -d /proc/$pid ] && return 0
    return 1
}

case "${1}" in
        start)
                echo -n "Starting ${DESC}: "

                start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
                        --chuid ${USER} --background --make-pidfile \
                        --exec ${DAEMON} -- ${DAEMON_OPTS}

                echo "${NAME}."
                ;;

        stop)
                echo -n "Stopping ${DESC}: "

                start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \
                        --oknodo

                echo "${NAME}."
                ;;

        restart|force-reload)
                echo -n "Restarting ${DESC}: "

                start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \
                        --oknodo
      
                sleep 1

                start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
                        --chuid ${USER} --background --make-pidfile \
                        --exec ${DAEMON} -- ${DAEMON_OPTS}

                echo "${NAME}."
                ;;

        *)
                N=/etc/init.d/${NAME}
                echo "Usage: ${NAME} {start|stop|restart|force-reload}" >&2
                exit 1
                ;;
esac

exit 
#--------------------------------------------------------------

Enjoy.................

If you want a shell script so let me know ..

Thursday, May 8, 2014

Install Syslog Server (Syslog-ng) on CentOS

Syslog-NG and CentOS 6.x


Requirements:

  • CentOS 6.x (or other Redhat based flavor)
  • Internet Connectivity
  • chkconfig (yum install chkconfig)
  • wget (yum install wget)

Installation:

Install the prerequisite first.
 # yum install chkconfig wget

Install EPEL Repositories:
  1. Login to your server as root (or su root)
  2. Type: cd /root
  3. Type (Current link as of this post):
#wget http://dl.fedoraproject.org/pub/epel/6Server/i386/epel-release-6-8.noarch.rpm
 #rpm -Uvh /root/epel-release-6-8.noarch.rpm
#yum repolist
Install Syslog-NG:
 Run update check:
 #yum check-update
To see if this will impact any other software on your system.
Check the availability of Syslog-NG by typing:
yum list *syslog-ng*

Configure CentOS Services, Stop Rsyslog, and Start Syslog-NG:
Disable rsyslog: 
#chkconfig rsyslog off
Confirm rsyslog is disabled:
#chkconfig syslog-ng on

service rsyslog stop
service syslog-ng start
  1. Example Configuration for Syslog-NG:
    1. Add the following to the END of /etc/syslog-ng/syslog-ng.conf:
      # My Switches
      source s_navneet { 
              udp(ip(0.0.0.0) port(514));
              tcp(ip(0.0.0.0) port(514)); 
      };
      
      destination d_navneet {
              file(
                      "/var/log/navneet/$HOST-$YEAR$MONTH$DAY.log"
                      perm(644)
                      create_dirs(yes)
              );
      };
      
       
      log { source(s_navneet); destination(d_navneet); };
      This will basically take ALL (udp/tcp 0.0.0.0) syslog data and place it into /var/log/navneet. The names of the files are based off the host name and date. For example, if you have switch named MYSWITCH and the current date is May 8th, 2014… the full path and file name would be: /var/log/navneet/nrathi-VBox-20140508.log
    2. *** DO NOT modify any other portion of the file unless you are certain you know what you are doing!
    3. Restart the syslog-ng service to implement changes:
      [root@myserver syslog-ng]# service syslog-ng restart
      Stopping syslog-ng:                                        [  OK  ]
      Starting syslog-ng:                                        [  OK  ]
    4. Delete Old Syslog-NG Files:
    5. Login as root Type:  
    6. crontab -e
    7. Add the following to your crontab file:
# Delete Old Syslog Files
# 3 AM, Every Sunday
0 3 * * 0 /usr/bin/find /var/log/cisco -maxdepth 1 -mtime 90 -name *.log -exec rm {} \;
Change the "90" to your desired number of days.