Good morning all, i'm sorry for the long silence due to work problems and to my relocation to a new house, I'm almost back in my usual workplace (I've been out of town for some time) and finally had back my internet connection in the new house, what a shame as a network engineer I had to wait more than 2 weeks for a local supplier to finally send me my DSL router without which I could not connect :S

Hopefully between today and tomorrow I'll finally be able to post the third part of the series on how to emulate Junos on GNS3 so stay tuned!

Cheer Lethe.

  Copyright secured by Digiprove © 2010

Originally posted 2010-02-23 09:40:06. Republished by Blog Post Promoter

Hello all, I've been asked this via mail as it seems some people are having problems making GNS3 working with this release of the Operating System so here we go. 

First of all you need to download the GNS3-All-In-One package from here. Once you've downloaded the package simply launch the exe file and basically just answer yes/next whenever prompted, just be sure to select all components when asked like in the following picture :

Once the the installation is completed GNS3 will ask you to configure and test Dynamips, here if you're using an x64 OS the path will need to be changed to reflect the actual location of where the Dynamips executable has been installed as you can see in the following pics :

If after changing the path the Dynamips test still shows a red Failed the problem may reside in Windows Firewall blocking the Dynamips executable, keep also in mind you could see a pop up asking what to do (of course tell the Firewall to simply allow the executable).

Once done this you're ready to go and start your Cisco Lab after loading some IOS images I've already blogged on how to configure GNS3 and make it work!

Happy labbing and as always please feel free to send me an email or comment below this post.

Cheer Lethe.

  Copyright secured by Digiprove © 2010

Originally posted 2010-02-09 11:40:15. Republished by Blog Post Promoter

So you have a shiny new Linux server with multiple Ethernet cards and you want to take advantage of this introducing maybe some fault tolerance or performance enhancements, well this is an easy process keep on reading and I’ll show you how to do this.

Why I should use Network cards Bonding?

Network card bonding, or teaming as it is called on Windows, is great in all those situations you have multiple network cards and want to take advantage of fault tolerance or load balancing.

What are the different Bonding modes?

Linux is an Operating System created with networks in mind, for this reason we have a few options to configure bonding on our machine, which are called modes, below all the details.

mode=1 (aka active-passive)

Only one network card, called slave, is active at any given time, if the card for some reason fails another card, or another slave if you want, will take over the duty of network communications. This way you can assure a certain degree of fault tolerance for your server or particular network segment.

mode=2 (aka balance xor)

This mode will always use the same slave for the communication with the same destination MAC address. This mode assures both fault tolerance and load balancing.

mode=3 (aka broadcast)

This mode will use all the the slaves network cards to transmit packets assuring fault tolerance.

mode=4 (aka aggregation or 802.3ad)

IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification. Of course your switches have to support 802.3ad.

mode=5 (aka adaptive load balancing)

Adaptive transmit load balancing, basically the outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave. This configuration does not require any specific switch configuration.

mode=6 (aka balance-alb)

Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

Bonding configuration.

Ok enough theory le’s start with our configuration, first of all we need to actually create the bond virtual interface adding the following line to the /etc/modprobe.conf file :

 alias bond0 bonding options bond0 miimon=80 mode=5 

Ok once we have this in place we need to tell the system how to actually configure this fake interface (well I should say virtual but anyhow you got the point) so first of all create a a file like ifcfg-bond0 in the  /etc/sysconfig/network-scripts/ directory and edit it copying in it the following text :

DEVICE=bond0 IPADDR=your IP address NETMASK= NETWORK= BROADCAST= GATEWAY= ONBOOT=yes BOOTPROTO=none USERCTL=no 

So far so good, we have created the bon virtual interface now we need to “unconfigure” the real interfaces and make them work as slave cards of the bond virtual interface, so open the configuration files of the desired interface, for example /ifcfg-eth0, and input the following :

DEVICE=eth0 ONBOOT=yes BOOTPROTO=none USERCTL=no MASTER=bond0 SLAVE=yes 

Repeat this for all the interfaces that will be part of the bond, eth1, eth2 and so on. At this point you will need to restart networking and “add” the new module to the Kernel, remember the modprobe.conf file?, you can restart the server or you can use the following commands to have this done without a reboot :

modprobe bonding && service network restart or /etc/init.d/network restart 

That’s it my friends, I hope you found the article useful and in case please retweet and share it!

Cheer Lethe.

I've been learning about DNS since my days updating my MCSE NT to Windows 2000 and after all these years working and crying with it, so when I've read about the DNS requirement in the RHCE syllabus I was confident in the fact I would not have any problem while studying it yet again, after all a DNS is always a DNS right? Wrong! Well at least it was wrong for me as I've faced a lot of problems while studying it with both with Michael Jang and Asghar Gori books… I've also received a few questions/pm about this as in both books the implementation steps are somehow obscure. I won't cover theory and roles in DNS scenarios, there are plenty of resources on the Internet so I think that would be redundant, this will be a practical only post.

For all of you pursuing the RHCE Certification keep in mind as per official Red Hat Syllabus the only things you have to know is how to configure a Caching Only Name Server and a Slave DNS server, but as well all know being successful in a certification exam is just the first step as in our professional life we could be asked much more than this. In this series of posts I'm going to describe the process of installing, configuring and troubleshoot a DNS implementation, in this first article I'll cover the installation of caching-only name server for a matter of brevity.

First of all we need to make sure all the needed packages are present on the system which can be easily accomplished with one of the following commands :

yum groupinstall "DNS Name Server"

yum install bind caching-nameserver bind-chroot system-config-bind

In the example above I've assumed we are going to install into a chroot environment, which we should do for security reasons, hence I've included the chroot package this will cause BIND to "chroot" (or jail) the BIND installation under the /var/named/chroot/etc and /var/named/chroot/var directories. I'll describe the configuration files while I talk about them.

Once you've done this you're good to go with the configuration of the server, luckily enough when installing the caching-nameserver package a sample file will be installed as well named named.caching-nameserver.conf all you have to do is to rename the file as named.conf which is the main configuration file of BIND, for now you don't know to grasp the inside out of this file I'll add more in the other posts, open the file with your favorite editor and modify it suit your needs below an example file from one of my machines :

options {
        listen-on port 53 { 127.0.0.1; 192.168.1.1; }; <– Defines the port and IP on which we'll listen for DNS query
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { localhost; 192.168.1.0/24; }; <– Defines hosts/network authorized to query the DNS Server
        allow-query-cache { localhost; 192.168.1.0/24 }; <– Defines hosts/networks allowed to use our cache
};
logging {                            <– Where to log and for which severity
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};

Once you've done this all you have to do is to make sure you did not make any mistake in the configuration file issuing the command :

  service named configtest

If BIND does not whine about any problem you only need to check the named group if the owner of the named.conf file and then you're ready to start the service with :

  service named start

This will start your BIND Daemon and will make it listen for DNS queries on the configured interface(s) on port 53 as you can see in the following screen of my machine :

Congratulations your caching name server is up and running eager to server queries from your clients In the next article I'm going to show you how to configure BIND as a Master DNS server for a fictional domain.

Please let me know if you need any further information or help with this particular type of configuration.

Lethe.

Originally posted 2009-10-29 17:23:01. Republished by Blog Post Promoter

Well, yes I think old habits are hard to die… After trying Ubuntu for some time, and being pretty happy with it on Server and Client side, I switched back to my beloved Fedora 13.

The reason is… Well there is not a specific reason, the main one is the fact that every now and then ( was forced to disable and reinstall the NVIDIA Driver as it seemed that Ubuntu had problem initializing it and, not being able to find a solution to this I just took the shortest path, using something that I know very well

Yeah there is a lot of documentation for Ubuntu out there, there are a lot communities and blogs but yes it's not for me. I have to admit I really liked some of Canonical solutions, like the Landscape service or the integrated Cloud service named Ubuntu One, and be assured I'm already using it on a few of my servers (not the critical one but yet the impression is very positive) but it's simply not for me.

Anyhow it's not important it's name, Linux is Linux the shell is always the same, the editors are the same, the Kernel is almost the same sooooo it's just a matter of habits I guess, so I'll keep writing stuff about Ubuntu and the server part but for me Fedora is still my favourite

Cheer Lethe.

RHCE Preparation book

Hello all, sorry for the lack of posts but I’ve been busy dealing with real life and with a project I hope will soon start and about which I’ll be talking when the time has come. Today I’m posting just to let you all RHCE aspirant out there know there is another GREAT resource in the preparation of this difficult exam, as you probably have read in my old post the books I was using were the one from Michael Jang and the one by Tommy Fox just in case the post is here which were basically the only two resources available out there apart the Red Hat official courses.

Last week I’ve ordered and received a new book written a veteran of the industry by the name of Ashgar Gori which is a Unix veteran which wrote a few books about HP-UX certification and finally edited a book about RHCE  and RHCT, below I’ll give you all the details, which is simply FANTASTIC! I’ve bought it and intended to use as yet another tool in the preparation of the exam and when opened it was totally amazed by the quality of the material, the depth and clarity with which the author describes every topic. Even if I was already familiar with most of the stuff I’ve been reading so far it was indeed useful to re-read some of the concepts and refresh my memory with new details while learning how to accomplish some tasks in a total new way.

I’ve also written Ashgar an email sending my congratulations with a few errata and it was a surprise to receive a quick reply to my email, trust me not every author use to do that, probably in the future I’m going to send him a few labs/exercises to expand what’s already in the book so he can publish this on his site which can be found here.

Ok enough talking, I have labs to complete and an exam to study fore  Here’s all the details about the book :

# Publisher: Endeavor Technologies Inc. (August 10, 2009)
# Language: English
# ISBN-10: 1615844309
# ISBN-13: 978-1615844302

If you’re preparing for the RHCE/T Exam or simply need a good reference for everyday job trust me this is the definitive resource you’ve been looking for, trust me I’ve read so many books about Linux I can tell you for personal experience

Lethe.

*EDIT* For your convenience I’ve attached to the post a copy of the offical Red Hat Enterprise Linux Deployment guide which is yet another tool that can’t be missing in your RHCE preparation arsenal, it is really worth reading it.

Originally posted 2009-09-22 19:49:07. Republished by Blog Post Promoter

Hello all, I'm writing just to let you know I've gone through a review on my post about how to install TinyPM on CentOS adding some missing pieces and disabling the syntax highlight for the posted code as it was causing a problem in the post format that made most of the code I've written unreadable.

I think it's better to have less eye candy but properly formatted code, that you can just copy and paste, rather than the other way around

Hope you'll find this useful, but I'm always here so please just ask for any problem or doubt!

Cheer Lethe.

Hello all, today I have some spare time so I thought to write a little and share some of the configurations and tips I use or had to find to customize our Linux machines in the production environment.

This very morning, while teaching in class, I was asked to setup a CentOS machine to support one new application our developers are working on (pretty standard stuff) but I was asked to leave the machine in the default runlevel 5 (well the manager who asked for the task did not use these words ) so that my colleagues could use the GUI for configuration and management purposes, don’t misunderstand me I have nothing against GUI but usually I simply don’t use them in production machines so I was faced with a "problem” I usually don’t have as all machines are in runlevel 3 which is when you’re at the login screen you’re given the option to reboot/shutdown the machine without even logging on it.

If you never noticed it or don’t know what I’m talking of here’s a screenshot to be totally clear :

Even if this will be a semi-production system I simply can’t tolerate that any user passing by can reboot/shutdown a machine without being authenticated (yes this happens a lot of times… at least in a low security environment like this one) so I had to find a way to disable this.

Luckily enough I’ve been using Gnome as my Desktop environment which comes with GDM (Gnome Display Manager) that implements all the features required for managing displays (both attached to the system and remote ones) and which is highly configurable.

The tool used to configure GDM is called gdmsetup which can be launched from the terminal with the command  :

gdmsetup

 

Or if you prefer you can find the same command under System > Administration > Login Screen > Local Tab as shown in the figure :

NOTE: Keep in mind to accomplish this task you need to have root privileges.

Once you in the Login Window Preferences under Menu Bar simply deselect the checkbox Show Actions menu :

Now simply logout and notice the Restart and Shutdown options are gone :

As I’ve stated at the beginning as a security best practice you should never have a machine laying around with a graphical Desktop manager active as you can always start it from shell but in case you’re using a test machine and don’t want to have it randomly rebooted you can follow this guide.

I hope you’ve found this article useful and as always feel free to comment and or write me directly in case of problems, if you did like the article feel free to share it with your friends via email or download it in PDF format (links above the post) or digg it via the buttons below the posts.

Thanks for reading, Lethe.

Originally posted 2009-05-21 14:35:49. Republished by Blog Post Promoter

There is something that always annoyed me and that is when you have a bunch of files in a folder which names contains spaces, this is specially true when you have Windows machines accessing a samba share on a Linux machine.

Probably you've been there and you know that the way Linux will show the files in the shell is pretty and will be somehow difficult work with these files specially if you are trying to manipulate them via script, they will look something like this :

vim My\ file File\ 2 File\ 3

There are two ways to change this, if you're using a Red Hat distribution (Fedora, CentOS and so on) you can simply use this command to convert the space in another character, like an underscore "_" :

rename " " "_" File \ 2

Don't give for granted the presence of this command as it is not available in all distributions, in case you don't have this command you can use the following easy and short script to have the problem solved : 

\ls | while read -r FILENAME
do
mv -v "$FILENAME" `echo $FILENAME| tr ' ' '_'| tr '[A-Z]' '[a-z]'`
done

The backslash character in front of the ls command is not a typo but there for a very good reason, I'm telling bash to execute the "vanilla" ls command avoiding all the aliases typically configured in Fedora/CentOS (like colors and so on).

Sorry if I did not use the syntax highlighter on this post but I was forced to use Italic + Bold as otherwise the plugin to highlight bash syntax will mess up all the code.

Hope you'll find this article useful, in case of questions please feel free to ask me!

Cheer Lethe.

 

 

 

One of the tasks on which I've noticed a few wanna be RHCE struggles is the BIND configuration, while I love the DNS service I know that if you're not used to work with under Linux can be a little tricky to configure, so here we go I'll show you how to configure a CentOS (but the concept still apply to other Linux Distributions)as a master DNS server for name resolution. I'll assume you've already installed all the required packages for the configuration, I'll use a chroot environment but this will easily apply even to non chrooted environment.

Just as recap here's the packages installed in the environment used for this post :

 bind-chroot-9.3.6-4.P1.el5_4.2<br />
	bind-libs-9.3.6-4.P1.el5_4.2<br />
	bind-utils-9.3.6-4.P1.el5_4.2<br />
	bind-9.3.6-4.P1.el5_4.2 

The complete path for the chrooted environment is /var/named/chroot/etc and /var/named/chroot/var/ ok with this said we will be configuring our DNS for the zone ccielogs.com, of course change to whatever you like. Ok when installing BIND packages you'll find example files and documentation under /usr/share/doc/bind-version/sample let's start from this copying the file named.rfc1912.zones named.conf under the /var/chroot/named/etc/ and renaming it to named.conf with the following command :

cp /usr/share/doc/bind-9.3.6/sample/etc/named.rfc1912.zones ./named.conf 

Now open this file with your favorite editor and you should find a text similar to the following :

This is exactly what we need, a good starting point to get our DNS server up and running quickly, remember the key in RHCE exam is not the style but the ability to complete required tasks quickly and this is a good way to do that. As you probably have guessed in this file we find the definition of our DNS zones, so we need to add the required options/stanzas to make our server actually work as a DNS Server so edit the file as in the following image :

I've put some comments on the file to help you out understand what I've modified and because this is a very good habit to develop, I've learned this the hard way in my days as a programmer. Now all that is left to do is to define our zones so delete the "default" zones defined in the sample file and input what you need in our example will create a fake zone for the ccielogs.com domain and a reverse zone for the 192.168.1.X network, in the picture the definition for these zones :

As you can see here I've defined the domain for which my server will be authoritative and the file where the zone will be hosted, basically where we are going to register the clients/server for the specific domain together with a reverse lookup zone for our network, the next step is creating the actual zone files in the /var/ path (remember we are in a chroot environment) so just change to the /var/named/chroot/var/ path and input :

 touch ccielogs.zone ccielogs.rr && chown named.named ccielogs* 

This will create the two needed files and will assign the ownership of both to the user and group named which is the security context under which our BIND server runs. Now open the file with your favorite text editor and compile it to resemble the one below changing the IP addresses and names as needed :

 

 

Of course I could accomplish the above result easily using ALIAS records, but for the sake of this post I preferred to do this way, of course the second image shows our reverse lookup zone for our network.

Last step before we can actually start resolving names for our network is to verify that we did not commit any error in the configuration files, to do this simply issue :

 service named configtest 

If everything was correct you'll get an output similar to the above, otherwise the service command will tell you what's wrong wit your files and will ask you to correct the problem, now simply start the service with :

 service named start 

Ok let's see if everything is working testing the names of the machines we just defined in our test zones :

Congratulations! Your DNS server is working and able to resolve names in the domain!

Keep in mind this is a very basic configuration, BIND can be a very complex matter, enough to say that there is a really good book about it and the more advanced configurations, but this should suffice for getting you started with a working configuration of a BIND Master Name Server.

In the post and in our configuration there is though a "small" error that I introduced on purpose, can you tell what's wrong with this configuration?

A small hint, try to ping www.google.com and check the results. What's wrong with this configuration?

A cookie to the first 10 people who can spot the error, just leave a comment.

In the following days I'll post a solution about this, meanwhile this should be a good exercise for anyone struggling to learn BIND and for all RHCE aspirant.

Lethe.