UNIX/Linux – Page 3 – IndianGNU.org

How to use TCP Wrappers for system security

By Manoj Chauhan | February 22, 2010 | Comments 0 Comment

Introduction:-

Access control to services compiled with TCP wrappers support is implemented by the /etc/hosts.allow and /etc/hosts.deny files. When a connection attempt is made, the hosts.allow file is checked. If a line is matched, the connection is allowed. Then the hosts.deny file is consulted, if a line is matched, the connection is denied. If no matches have occurred in either file, the connection is allowed.

Create Authorized Use Only Banners–

If configured as described below, TCP wrappers will display a warning banner to any user attempting to connect to a service it monitors. The following set of commands generate the directory /etc/banners, and the files therein contain warning banner text for each service. In this example, the banner text is “Use of this system is restricted to authorized users.” Note that exact wording of a warning banner is site specific; however, it should at least emphasize that the use of the system is restricted to authorized persons and that consent to monitor activities is implied by logging in to the system.

[root@localhost]# /bin/mkdir -p /etc/banners
[root@localhost]# /bin/echo “Use of this system is restricted to authorized users” > /etc/banners/
prototype
[root@localhost]# cd /etc/banners ; /usr/bin/make -f /usr/share/doc/tcp_wrappers-7.6/Banners.Makefile

Deny Everything Except What is Explicitly Allowed–

In order to implement the security best practice stance of deny everything except what is explicitly allowed, issue the following command.
[root@localhost]# echo ‘ALL: ALL: spawn (/bin/echo -e ‘/bin/date'”\n%c attempted connection to %s
and was denied” \
> | /bin/mail -s “Connection attempt to %s” root) &’ > /etc/hosts.deny

Any connection attempt not listed in the hosts.allow file will be denied, a message will be logged to the syslog auth facility, and an email will be sent to root.
Allow Access to Those Who Require It

Edit the hosts.allow file and add a line for each service to which access should be allowed. A few examples are shown below (See the man pages for hosts.allow for more detail).

ALL: LOCAL : banners /etc/banners # All services from local clients (hostnames with no “.”)
sshd: 10.1.1.0/255.255.254.0 : banners /etc/banners # SSH connections from host IP addresses between 10.1.1.0 and 10.1.2.0

Thanks
Manoj Chauhan

Good practices for apache & php

By Manoj Chauhan | February 19, 2010 | Comments 1 comment

Introduction –

To conclude the discussion about session management, here are some best practices to demonstrate that a robust scheme requires serious thinking:
•   Create a session token upon first visit.
•   When performing authentication, destroy the old session and create a new one.
•   Limit session lifetime to a short period (a few hours).
•   Destroy inactive sessions regularly.
•   Destroy sessions after users log out.
•   Ask users to re-authenticate before an important task is performed (e.g., an order is placed).
•   Do not use the same session for a non-SSL part of the site as for the SSL part of the site because non-SSL traffic can be intercepted and the session token obtained from it. Treat them as two different servers.
•   If cookies are used to transport session tokens in an SSL application, they should be marked “secure.” Secure cookies are never sent over a non-SSL connection.
•   Regenerate session tokens from time to time.
•   Monitor client parameters (IP address, the User-Agent request header) and send warnings to the error log when they change. Some information (e.g., the contents of the User-Agent header) should not change for the lifetime of a session. Invalidate the session if it does.
•   If you know where your users are coming from, attach each session to a single IP address, and do not allow the address to change.
•   If you can, do not accept users coming through web proxies. This will be difficult to do for most public sites but easier for internal applications.
•   If you can, do not accept users coming through open web proxies. Open proxies are used when users want to stay anonymous or otherwise hide their tracks. You can detect which proxies are open by extracting the IP address of the proxy from each proxied request and having a script automatically test whether the proxy is open or not.
•   If you do allow web proxies, consider using Java applets or Flash movies (probably a better choice since such movies can pretend to be regular animations) to detect the users’ real IP addresses. It’s a long shot but may work in some cases.
•   Web users can upload only jpeg, gif, png files not php extension
•   We can place a blank index page in each directory in question and users can not execute php etc scripts from the image folders or image/document upload folders.
•   Upgrade apache current version (2.0) to newer version (2.2)

Thanks
Manoj Chauhan

Haproxy + apache dropping the connections

By Ravi Bhure | January 24, 2010 | Comments 0 Comment

Many times haproxy and apache does not reliable to serve the connections without tune or we say we need to set system as well some kernel parameters to work it better.

Here haproxy gives an errors to connect to apache, at that time it logs the errors into ‘dmesg | tail’ or in ‘/var/log/messages’ “kernel: ip_conntrack: table full, dropping packet” that is related to ip_conntrack kernel module.

Conntrack table is hash table (hash map) of fixed size (8192 entries by default), which is used for primary lookup. When the slot in the table is found it points to list of conntrack structures, so secondary lookup is done using list traversal. 65536/8192 gives 8 – the average list length. You may want to experiment with this value on heavily loaded systems.

If this error founds into /var/log/messages or dmesg you have to apply following steps to resolve.

Here I have done this to changes and added few settings in kernel also we will do it to set apache MPM and Haproxy tunning with sysctl.conf

Note: I have tried all this workaround and apply on CentOS-5.2, but don’t worry ip_conntrack module is default in kernel 2.6 +

1) To check ip_contrack is compiled with your kernel

[root@ravi.com ~]# modinfo ip_conntrack
filename:       /lib/modules/2.6.18-128.el5/kernel/net/ipv4/netfilter/ip_conntrack.ko
license:        GPL
srcversion:     F1390E605BBFB05078B78E8
depends:        nfnetlink
vermagic:       2.6.18-128.el5 SMP mod_unload gcc-4.1
module_sig:     883f350497747c575ed35fe9471dce112565509f4b58f4f3e440c6bcc05c2fba9bbdd224bdeb8209e293da385133a876e44a7b449ba59a882a8282b

2) Probe ip_conntrack kernel module or add it in /etc/modprobe.conf

[root@ravi.com ~]# modprobe ip_conntrack hashsize=131072

open /etc/modprobe.conf and add below lines at the end of file

options ip_conntrack hashsize=131072

3) before go to apply the 4th step, just check the ip_conntrack setting is into /etc/sysctl.conf

grep “ip_conntrack” /etc/sysctl.conf

if its found then apply 4th step or edit the /etc/sysctl.conf and add the given two lines at the end of file and save it then go for 4th step
(the value is compare to your RAM and set it to below)

net.ipv4.ip_conntrack_max = 16777216
net.ipv4.netfilter.ip_conntrack_max = 16777216

4) To apply the sysctl parameters run ‘sysctl -p’

[root@ravi.com ~]# sysctl -p

5) Now check the ip_conntrack is logging the connections and check not dropping any more

[root@ravi.com ~]# cat /proc/slabinfo | grep conn
ip_conntrack_expect 0 0 136 28 1 : tunables 120 60 8 : slabdata 0 0 0
ip_conntrack 216053 231335 304 13 1 : tunables 54 27 8 : slabdata 17795 17795 216

6) Also you can check how much memory utilized by ip_conntrack module per connection.

[root@ravi.com ~]# grep ip_conntrack /var/log/messages

/var/log/messages.2:Jan 14 21:46:04 ravi kernel: ip_conntrack version 2.4 (8192 buckets, 65536 max) – 304 bytes per conntrack

1M connections would require 304MB of kernel memory.

Thanks
Ravi

How to configure-add java extension for php on CentOS 5

By Ravi Bhure | January 22, 2010 | Comments 2 comments

Here I have used php version 5.2.11 and to jdk-6u18-linux-x64.bin

( from given JAVA download link)

[root@ravi.com ~]# yum -y install httpd php php-devel php-gd php-cli php-xml php-ldap php-common php-pear php-pdo

Install java jdk and set env in ~/.bashrc also run this on CLI to verify before next step.

export JAVA_HOME=//usr/java/jdk1.6.0_18
export PATH=/usr/java/jdk1.6.0_18/bin:$PATH

[root@ravi.com ~]# echo $JAVA_HOME

Now set the dynamic linker library path into /etc/ld.so.conf

/usr/java/jdk1.6.0_18/jre/lib/amd64
/usr/java/jdk1.6.0_18/jre/lib/amd64/server

[root@ravi.com ~]# ldconfig

Now download php-java-bridge source rpm

[root@ravi.com ~]# wget ftp://195.220.108.108/linux/sourceforge/p/project/ph/php-java-bridge/OldFiles/php-java-bridge-4.1.8-1.src.rpm

unpack the php-java-bridge rpm

[root@ravi.com ~]# rpm2cpio php-java-bridge-4.1.8-1.src.rpm | cpio -ivd
php-java-bridge.spec
php-java-bridge_4.1.8.tar.gz
16155 blocks

untar the php-java-bridge and configure the module

[root@ravi.com ~]# tar xzf php-java-bridge_4.1.8.tar.gz && cd php-java-bridge-4.1.8

[root@ravi.com ~]# phpize

[root@ravi.com ~]# ./configure –with-java=$JAVA_HOME && make && make install

[root@ravi.com ~]# echo “extension=java.so” > /etc/php.d/java.ini

open the php.ini and edit the at the end of file

[java]
java.class.path=/usr/lib64/php/modules/
java.library=/usr/java/jdk1.6.0_18/jre/lib/amd64/server/libjvm.so

Now restart apache
[root@ravi.com ~]# /etc/init.d/httpd restart

[root@ravi.com ~]# php -i | grep java
/etc/php.d/java.ini,
java
java support => Enabled
java bridge => 4.1.8
java.java_home =>
java.java => java
java.log_file => <stderr>
java.log_level => no value (use back-end’s default level)
java.security_policy => Off
java command => LD_LIBRARY_PATH=/usr/lib64/php/modules:/usr/lib/10.2.0.3/client64/lib java -Djava.library.path=/usr/lib64/php/modules -Djava.class.path=/usr/lib64/php/modules/JavaBridge.jar -Djava.awt.headless=true -Dphp.java.bridge.base=/usr/lib64/php/modules php.java.bridge.Standalone LOCAL:9267 1
java status => running
java server => 9267
PATH => /usr/java/jdk1.6.0_18/bin:/usr/java/jdk1.6.0_18/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
JAVA_HOME => /usr/java/jdk1.6.0_18
_SERVER[“PATH”] => /usr/java/jdk1.6.0_18/bin:/usr/java/jdk1.6.0_18/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
_SERVER[“JAVA_HOME”] => /usr/java/jdk1.6.0_18
_ENV[“PATH”] => /usr/java/jdk1.6.0_18/bin:/usr/java/jdk1.6.0_18/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
_ENV[“JAVA_HOME”] => /usr/java/jdk1.6.0_18

Test your code in test.php and run to check
<?php
// get instance of Java class java.lang.System in PHP
$system = new Java(‘java.lang.System’); // demonstrate property access
print ‘Java version=’.$system->getProperty(‘java.version’).’ ‘;
print ‘Java vendor=’ .$system->getProperty(‘java.vendor’).’ ‘;
print ‘OS=’.$system->getProperty(‘os.name’).’ ‘.
$system->getProperty(‘os.version’).’ on ‘.
$system->getProperty(‘os.arch’).’ ‘; // java.util.Date example
$formatter = new Java(‘java.text.SimpleDateFormat’,
“EEEE, MMMM dd, yyyy ‘at’ h:mm:ss a zzzz”); print $formatter->format(new Java(‘java.util.Date’));
?>

[root@ravi.com ~]# php test.php
Java version=1.6.0_18 Java vendor=Sun Microsystems Inc. OS=Linux 2.6.18-53.el5xen on amd64 Friday, January 22, 2010 at 4:44:48 AM Pacific Standard Time
Thanks

Ravi

How to configure multi master MySQL replication

By Arun Bagul | December 9, 2009 | Comments 2 comments

Introduction ~

I was planning to write article on Multi Master MySQL replication since long time; Finally started now!. Please refer the the article on “How to configure MySQL replication with one Master” URL ~ http://www.indiangnu.org/2007/mysql-replication-one-master-multiple-slave/

* Let me inform you all that Multi Master replication in MySQL is purely based on following two variables. It has nothing to do with replication technology used in MySQL replication….

mysql> show variables like ‘%increment_%’;

+—————————————+——-+
| Variable_name                   | Value |
+—————————————+——-+
| auto_increment_increment    | 1    |
| auto_increment_offset               | 1    |
+—————————————+—–+
2 rows in set (0.00 sec)

mysql>

** Requirements ~

a) Master Hosts (2 master in my case) ~

master-1 => 10.66.66.194
master-2 => 10.66.90.135
b) Replication Slave (1 slave) ~
slave => 10.66.75.137

c) MySQL server (with replication support)

** Let us understand how it works ?

* Master-1 Server =>

Set following variables…

mysql> set auto_increment_increment=5;
mysql> set auto_increment_offset=1;

mysql>

** Create Table ~

mysql> create table class ( rollno INT(5) NOT NULL PRIMARY KEY AUTO_INCREMENT , name VARCHAR(30) );

** Add Record now ~

mysql> INSERT INTO class VALUES (”,’Arun Bagul’);
mysql> INSERT INTO class VALUES (”,’Ravi Bhure’);
mysql> INSERT INTO class VALUES (”,’Karthik Appigita’);
mysql> INSERT INTO class VALUES (”,’Ameya Pandit’);

mysql>

* Master-2 Server =>

Set following variables…

mysql> set auto_increment_increment=2;
mysql> set auto_increment_offset=2;

mysql>

** Create Table ~

mysql> create table class ( rollno INT(5) NOT NULL PRIMARY KEY AUTO_INCREMENT , name VARCHAR(30) );

** Add Record now ~

mysql> INSERT INTO class VALUES (”,’Nilkanth Parab’);
mysql> INSERT INTO class VALUES (”,’Nishit Shah’);
mysql> INSERT INTO class VALUES (”,’Ram Krishna’);
mysql> INSERT INTO class VALUES (”,’Suhail Thakur’);

mysql>

** What is the importance of “auto_increment_increment” and “auto_increment_offset” ~

auto_increment_offset => This is BASE value for column with “auto_increment” attribute (please refer the above example)
auto_increment_increment => This is the increment value for column with “auto_increment” attribute

** If you combine the both tables (master-1 and master-2) the final table will look like this ~

mysql> SELECT * FROM class;
+——–+——————+
| rollno | name             |
+——–+——————+
|      1 | Arun Bagul       |
|      2 | Nilkanth Parab   |
|      3 | Ravi Bhure       |
|      4 | Nishit Shah      |
|      5 | Karthik Appigita |
|      6 | Ram Krishna      |
|      7 | Ameya Pandit     |
|      8 | Suhail Thakur    |
+——–+——————+
8 rows in set (0.00 sec)

mysql>

** This is how Multi master replication works….

auto_increment_offset=Nth master server
auto_increment_increment=M

Where –
N => nth number of master server (on master-1 keep it 1 and on master-2 keep it 2 and so on..)
M => Total number of Master Server (2 in our case but better to keep this value high so that we can add new master server easily)

log-slave-updates => Slave server does not log to its own binary log any updates that are received from a Master server. This option tells the slave to log the updates performed by its SQL thread to its own binary log.

** Make sure that MySQL is running and up on all master servers and slave server-

How to setup Multi Master MySQL replication ? –

Step 1] Create Database/Tables on Master & Slave Servers –

You can create DB on all master & slave server or create on one server and export that DB on rest of all servers…

Master-1 => Create DB and Table

mysql> create database student;

mysql> use student;

mysql> create table class ( rollno INT(5) NOT NULL PRIMARY KEY AUTO_INCREMENT , name VARCHAR(30) );

mysql> show tables;
+——————-+
| Tables_in_student |
+——————-+
| class |
+——————-+
1 row in set (0.00 sec)

mysql> SELECT * FROM class;
Empty set (0.00 sec)
mysql>

* Now take dump of “student” DB and export it on all master and Slave server…

[root@master-1~]# mysqldump -u root -p -d student > /home/arunsb/student.sql

* SCP the dump file on master-2 and slave server ~
[root@master-1~]# scp /home/arunsb/student.sql arunsb@10.66.90.135:/tmp/student.sql
[root@master-1~]# scp /home/arunsb/student.sql arunsb@10.66.75.137:/tmp/student.sql

Login on master-2 and slave ~

mysql> create database student;

[root@master-2~]# mysql -u root -p student < /tmp/student.sql
Enter password:
[root@master-2~]#

[root@master-2~]# mysql -u root -p
Enter password:

mysql> use student

mysql> SELECT * FROM class;
Empty set (0.00 sec)
mysql>

** Please repeat the same steps on Slave server as well…

Step 2] Update “my.cnf” config file on master-1,master-2 and slave server –

[root@master-1~]# cat /etc/my.cnf

###########################
##MySQL replication setting

#Master setting(1)
server-id = 1
log-bin = /var/log/mysql/binary/mysql-bin.log
binlog-do-db = student
binlog-ignore-db = mysql
log = /var/log/mysql/mysql.log
auto_increment_offset=1
auto_increment_increment=5
log-slave-updates

##slave setting
master-port=3306
master-host=10.66.90.135
master-user=replication
master-password=mypwd
master-connect-retry=60
replicate-do-db=student
###########################

[root@master-1~]#

[root@master-2~]# cat /etc/mysql/my.cnf

###########################
##MySQL replication setting

#Master setting(2)
server-id = 2
log-bin = /var/log/mysql/binary/mysql-bin.log
binlog-do-db=student
binlog-ignore-db = mysql
log = /var/log/mysql/mysql.log
auto_increment_offset=2
auto_increment_increment=5
log-slave-updates

##slave setting
master-port=3306
master-host=10.66.66.194
master-user=replication
master-password=mypwd
master-connect-retry=60
replicate-do-db=student
###########################

[root@master-2~]#

* please create directory for binary log and set permission…

[root@master-1~]# mkdir -p /var/log/mysql/binary/
[root@master-1~]# chown mysql:adm /var/log/mysql/ /var/log/mysql/binary/

[root@master-2~]# mkdir -p /var/log/mysql/binary/
[root@master-2~]# chown mysql:adm /var/log/mysql/ /var/log/mysql/binary/

** MySQL Replication Slave ~

[root@slave~]# cat /etc/my.cnf

[mysqld]

########################################
##slave setting
server-id=4
master-port=3306
master-host=10.66.90.135
master-user=replication
master-password=mypwd
master-connect-retry=60
replicate-do-db=student
########################################

[root@slave~]#

Step 3] Give Replication permission on both masters ~

** Master (1 & 2) ~

mysql> GRANT REPLICATION SLAVE ON *.* TO ‘replication’@’10.66.%.%’ IDENTIFIED BY ‘mypwd’;
Query OK, 0 rows affected (0.00 sec)

mysql>

Step 4] Restart MySQL on both master as well as replication slave server ~

** Please verify setting on master-1 and master-2 server…

* Master-1

* Master-2

** Please verify ‘master’ & ‘slave’ status on both masters(1 & 2) and slave –

mysql> show master status;
mysql> show slave status;

** Multi Master replication is started…

Step 5] Add few records on Master-1 & Master-2 server at same time ~

Add records on both master server at same time and check master and replication slave status as shown above….

** Add following on master-1

** Add following on master-2

** Please verify the numbers of records on both masters and slave….

mysql> SELECT * FROM class;
+——–+——————+
| rollno | name             |
+——–+——————+
|      1 | Arun Bagul       |
|      2 | Nilkanth Parab   |
|      6 | Ravi Bhure       |
|     11 | Karthik Appigita |
|     16 | Ameya Pandit     |
|     17 | Nishit Shah      |
|     22 | Ram Krishna      |
|     27 | Suhail Thakur    |
+——–+——————+
8 rows in set (0.00 sec)

mysql>

* So we all learned to configure multi-master MySQL replication. Enjoy!!

Regards,
Arun Bagul

How to create or build RPM Package

By Arun Bagul | December 2, 2009 | Comments 17 comments

Introduction –

* “rpmbuild” tool is used to build both…

1) Binary Package ~ used to install the software and supporting scripts. It contains the files that comprise the application, along with any additional information needed to install and erase it.
2) Source Package ~ contains the original compressed tar file of source code, patches and Specification File.

* What is RPM & RPM package Manager?

The RPM Package Manager (RPM) is a powerful command line package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

RPM package consists of an archive of files and meta-data used to install and erase the archive files. The meta-data includes helper scripts, file attributes, and descriptive information about the package.

* To build RPM package you need to specify three things ~

1) Source of application – In any case, you should not modify the sources used in the package building process.

2) Patches – RPM gives you the ability to automatically apply patches to them. The patch addresses an issue specific to the target system. This could include changing makefiles to install the application into the appropriate directories, or resolving cross-platform conflicts. Patches create the environment required for proper compilation.

3) Specification File – The specification file is at the heart of RPM package building process. It contains information required by RPM to build the package, as well as instructions telling RPM how to build it. The specification file also dictates exactly what files are a part of the package, and where they should be installed.

** Specification File ~ is divided in to 8 sections as shown below

a) Preamble ~ contains information that will be displayed when users request information about the package. This would include a description of the package’s function, the version number of the software etc.

b) Preparation ~ where the actual work of building a package starts. As the name implies, this section is where the necessary preparations are made prior to the actual building of the software. In general, if anything needs to be done to the sources prior to building the software, it needs to happen in the preparation section. The contents of this section are an ordinary shell script. However, RPM does provide two macros to make life easier. One macro can unpack a compressed tar file and cd into the source directory. The other macro easily applies patches to the unpacked sources.

c) Build ~ This section consists of a shell script. It is used to perform whatever commands are required to actually compile the sources like single make command, or be more complex if the build process requires it. There are no macros available in this section.

d) Install ~ This section also containing a shell script, the install section is used to perform the commands required to actually install the software.

e) Install and Uninstall Scripts ~ It consists of scripts that will be run, on the user’s system, when the package is actually installed or removed. RPM can execute a script pre/post installation/removal of package.

f) Verify Script ~ script that is executed on the user’s system. It is executed when RPM verifies the package’s proper installation.

g) Clean Section ~ script that can clean things up after the build. This script is rarely used, since RPM normally does a good job of clean-up in most build environments.

h) File List ~ consists of a list of files that will comprise the package. Additionally, a number of macros can be used to control file attributes when installed, as well as to denote which files are documentation, and which contain configuration information. The file list is very important.

*** RPM’s requirement for build environment ~

A] RPM requires a set of directories to perform the build. While the directories’ locations and names can be changed. Default layout is shown below –

root@arunsb:~# ls -l /usr/src/redhat/

drwxr-xr-x 2 root root 4096 Aug 25 2007 SOURCES => Contains the original sources, patches, and icon files
drwxr-xr-x 2 root root 4096 Aug 25 2007 SPECS => Contains the specification files
drwxr-xr-x 2 root root 4096 Aug 25 2007 BUILD => Directory in which the sources are unpacked, & software is built
drwxr-xr-x 8 root root 4096 May 28 2008 RPMS => Contains the binary package files created by the build process
drwxr-xr-x 2 root root 4096 Aug 25 2007 SRPMS => Contains the source package files created by the build process

root@arunsb:~#

B] Need to export few global variables used by RPM –

root@arunsb:~# export RPM_BUILD_DIR=/usr/src/redhat/BUILD/
root@arunsb:~# export RPM_SOURCE_DIR=/usr/src/redhat/SOURCES/

Step 1] Create Specification (spec) File ~

root@arunsb:~# head -n 50 /usr/src/redhat/SPECS/openlsm.spec
# Authority: Arun Bagul

#RPM_BUILD_DIR /usr/src/redhat/BUILD/
#RPM_SOURCE_DIR /usr/src/redhat/SOURCES/

%define MY_PREFIX /usr/local/openlsm/

## Preamble Section-
Name: openlsm
Version: 0.99
Vendor: IndianGNU.org & openlsm
Release: r45
Group: System Environment/Daemons
Packager: IndianGNU.org (http://www.indiangnu.org)
URL: http://openlsm.sourceforge.net/
Summary: openlsm Admin Server
License: GPL

%description
openlsm Admin Server is free & open source web based control panel for Linux,Unix systems.

## Preparation Section-
%prep

rm -rf ${RPM_BUILD_DIR}/openlsm-0.99-r45/
tar xvfz ${RPM_SOURCE_DIR}/openlsm-0.99-r45.tar.gz -C ${RPM_BUILD_DIR}

## Build Section-
%build

cd ./openlsm-0.99-r45/
./configure –prefix=/usr/local/openlsm –with-mysql=/usr/bin/mysql_config –enable-internal-pcre –with-geoip=/usr –with-ldap=/usr –enable-trace
make

## Install Section-
%install

cd ./openlsm-0.99-r45/
make install

## Files Section-
%files

/usr/local/openlsm
/usr/local/openlsm/etc/openlsm/openlsm.conf
/usr/local/openlsm/etc/openlsm/openlsm.conf.perf_sample
/usr/local/openlsm/etc/openlsm/ssl/
/usr/local/openlsm/bin/openlsm-config
….
…..
….. list of files installed by pkg
root@arunsb:~#

* How do you create the File List?

Creating the file list is manual process. What I did is I took the file list from my manual installed prefix directory with find command as shown below…

root@arunsb:~# find /usr/local/openlsm/ -type f -or -type d

Step 2] Starting the Build ~

root@arunsb:~# cd /usr/src/redhat/SPECS
root@arunsb:/usr/src/redhat/SPECS# ls -l openlsm.spec
-rw-r–r– 1 root root 12938 Dec 2 17:21 openlsm.spec
root@arunsb:/usr/src/redhat/SPECS#

root@arunsb:/usr/src/redhat/SPECS# rpmbuild -ba openlsm.spec
…
….
…..

Checking for unpackaged file(s): /usr/lib/rpm/check-files %{buildroot}
Wrote: /usr/src/redhat/SRPMS/openlsm-0.99-r45.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/openlsm-0.99-r45.i386.rpm
root@arunsb:/usr/src/redhat/SPECS# echo $?
0

root@arunsb:/usr/src/redhat/SPECS# ls -l /usr/src/redhat/SRPMS/openlsm-0.99-r45.src.rpm
-rw-r–r– 1 root root 3206 Dec 2 17:50 /usr/src/redhat/SRPMS/openlsm-0.99-r45.src.rpm
root@arunsb:/usr/src/redhat/SPECS# ls -l /usr/src/redhat/RPMS/i386/openlsm-0.99-r45.i386.rpm
-rw-r–r– 1 root root 3052868 Dec 2 17:50 /usr/src/redhat/RPMS/i386/openlsm-0.99-r45.i386.rpm
root@arunsb:/usr/src/redhat/SPECS#

* Source and Binary package created !!

** Let’s see what happened in “/usr/src/redhat/” directory

root@arunsb:/usr/src/redhat# pwd
/usr/src/redhat
root@arunsb:/usr/src/redhat# ls
BUILD RPMS SOURCES SPECS SRPMS
root@arunsb:/usr/src/redhat# ls BUILD/
openlsm-0.99-r45 <== Source extracted here as part of build instructions from specification file ie “openlsm.spec”
root@arunsb:/usr/src/redhat# ls SOURCES/
openlsm-0.99-r45.tar.gz <== original ‘openlsm-0.99-r45.tar.gz’ source file copied by me
root@arunsb:/usr/src/redhat# ls RPMS/
athlon i386 i486 i586 i686 noarch
root@arunsb:/usr/src/redhat# ls RPMS/i386/
openlsm-0.99-r45.i386.rpm <== Binary rpm package created!
root@arunsb:/usr/src/redhat# ls SRPMS/
openlsm-0.99-r45.src.rpm <== Source rpm package created!
root@arunsb:/usr/src/redhat#

Step 3] Now install the package and test it ~

root@arunsb:/usr/src/redhat# cp RPMS/i386/openlsm-0.99-r45.i386.rpm /home/arunsb/

root@arunsb:/usr/src/redhat# cd /home/arunsb/
root@arunsb:~# ls
openlsm-0.99-r45.i386.rpm
root@arunsb:~# rpm -ivh openlsm-0.99-r45.i386.rpm
Preparing… ########################################### [100%]
1:openlsm ########################################### [100%]
root@arunsb:~# ls /usr/local/openlsm/
bin contrib etc include lib sbin scripts share var
root@arunsb:~#

** Starting the openlsm server ~

root@arunsb:~# /usr/local/openlsm/contrib/openlsm-redhat start
* Starting openlsm admin server: openlsm
. [ OK ]
root@arunsb:~#
root@arunsb:~# /usr/local/openlsm/contrib/openlsm-redhat status
openlsm (pid 21607) is running…
root@arunsb:~#

root@arunsb:~# rpm -q openlsm-0.99-r45
openlsm-0.99-r45
root@arunsb:~#

root@arunsb:~# rpm -ql openlsm-0.99-r45
..
…

root@arunsb:~# rpm -qiv openlsm-0.99-r45
Name        : openlsm                      Relocations: (not relocatable)
Version     : 0.99                              Vendor: IndianGNU.org & openlsm
Release     : r45                           Build Date: Wed 02 Dec 2009 05:50:54 PM IST
Install Date: Wed 02 Dec 2009 06:06:23 PM IST      Build Host: alongseveral-dr.eglbp.corp.yahoo.com
Group       : System Environment/Daemons    Source RPM: openlsm-0.99-r45.src.rpm
Size        : 14877918                         License: GPL
Signature   : (none)
Packager    : IndianGNU.org (http://www.indiangnu.org)
URL         : http://openlsm.sourceforge.net/
Summary     : openlsm Admin Server
Description :
openlsm Admin Server is free & open source web based control panel for Linux,Unix systems.
root@arunsb:~#

** NOTE ~ This article does not contain information on how to define micros,how to copy docs,man pages to default location, how to set permision and ownership etc. I will cover this topics in next article on RPM.

Regards,
Arun Bagul

***

|| How to create or build RPM Package ||

Introduction –

* “rpmbuild” tool is used to build both…

1) Binary Package ~ used to install the software and supporting scripts. It contains the files that comprise the application, along with any additional information needed to install and erase it.
2) Source Package ~ contains the original compressed tar file of source code, patches and Specification File.

* What is RPM & RPM package Manager?

The RPM Package Manager (RPM) is a powerful command line package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

RPM package consists of an archive of files and meta-data used to install and erase the archive files. The meta-data includes helper scripts, file
attributes, and descriptive information about the package.

* To build RPM package you need to specify three things ~

1) Source of application – In any case, you should not modify the sources used in the package building process.

2) Patches – RPM gives you the ability to automatically apply patches to them. The patch addresses an issue specific to the target system. This could include changing makefiles to install the application into the appropriate directories, or resolving cross-platform conflicts. Patches create the environment required for proper compilation.

3) Specification File – The specification file is at the heart of RPM package building process. It contains information required by RPM to build the package, as well as instructions telling RPM how to build it. The specification file also dictates exactly what files are a part of the package, and where they should be installed.

** Specification File ~ is divided in to 8 sections as shown below

a) Preamble ~ contains information that will be displayed when users request information about the package. This would include a description of the package’s function, the version number of the software etc.

b) Preparation ~ where the actual work of building a package starts. As the name implies, this section is where the necessary preparations are made prior to the actual building of the software. In general, if anything needs to be done to the sources prior to building the software, it needs to happen in the preparation section. The contents of this section are an ordinary shell script. However, RPM does provide two macros to make life easier. One macro can unpack a compressed tar file and cd into the source directory. The other macro easily applies patches to the unpacked sources.

c) Build ~ This section consists of a shell script. It is used to perform whatever commands are required to actually compile the sources like single make command, or be more complex if the build process requires it. There are no macros available in this section.

d) Install ~ This section also containing a shell script, the install section is used to perform the commands required to actually install the software.

e) Install and Uninstall Scripts ~ It consists of scripts that will be run, on the user’s system, when the package is actually installed or removed. RPM can execute a script pre/post installation/removal of package.

f) Verify Script ~ script that is executed on the user’s system. It is executed when RPM verifies the package’s proper installation.

g) Clean Section ~ script that can clean things up after the build. This script is rarely used, since RPM normally does a good job of clean-up in most build environments.

h) File List ~ consists of a list of files that will comprise the package. Additionally, a number of macros can be used to control file attributes when installed, as well as to denote which files are documentation, and which contain configuration information. The file list is very important.

*** RPM’s requirement for build environment ~

A] RPM requires a set of directories to perform the build. While the directories’ locations and names can be changed. Default layout is shown below –

root@arunsb:~# ls -l /usr/src/redhat/

drwxr-xr-x 2 root root 4096 Aug 25 2007 SOURCES       => Contains the original sources, patches, and icon files
drwxr-xr-x 2 root root 4096 Aug 25 2007 SPECS           => Contains the specification files
drwxr-xr-x 2 root root 4096 Aug 25 2007 BUILD           => Directory in which the sources are unpacked, and the software is built
drwxr-xr-x 8 root root 4096 May 28 2008 RPMS           => Contains the binary package files created by the build process
drwxr-xr-x 2 root root 4096 Aug 25 2007 SRPMS           => Contains the source package files created by the build process

root@arunsb:~#

B] Need to export few global variables used by RPM –

root@arunsb:~# export RPM_BUILD_DIR=/usr/src/redhat/BUILD/
root@arunsb:~# export RPM_SOURCE_DIR=/usr/src/redhat/SOURCES/

Step 1] Create Specification (spec) File ~

root@arunsb:~# head -n 50 /usr/src/redhat/SPECS/openlsm.spec
# Authority: Arun Bagul

#RPM_BUILD_DIR /usr/src/redhat/BUILD/
#RPM_SOURCE_DIR /usr/src/redhat/SOURCES/

%define MY_PREFIX /usr/local/openlsm/

%description
openlsm Admin Server is free & open source web based control panel for Linux,Unix systems.

## Preparation Section-
%prep

rm -rf ${RPM_BUILD_DIR}/openlsm-0.99-r45/
tar xvfz ${RPM_SOURCE_DIR}/openlsm-0.99-r45.tar.gz -C ${RPM_BUILD_DIR}

## Build Section-
%build

cd ./openlsm-0.99-r45/
./configure –prefix=/usr/local/openlsm –with-mysql=/usr/bin/mysql_config –enable-internal-pcre –with-geoip=/usr –with-ldap=/usr –enable-trace
make

## Install Section-
%install

cd ./openlsm-0.99-r45/
make install

## Files Section-
%files

* How do you create the File List?

Creating the file list is manual process. What I did is I took the file list from my manual installed prefix directory with find command as shown below…

root@arunsb:~# find /usr/local/openlsm/ -type f -or -type d

Step 2] Starting the Build ~

root@arunsb:~# cd /usr/src/redhat/SPECS
root@arunsb:/usr/src/redhat/SPECS# ls -l openlsm.spec
-rw-r–r– 1 root root 12938 Dec 2 17:21 openlsm.spec
root@arunsb:/usr/src/redhat/SPECS#

root@arunsb:/usr/src/redhat/SPECS# rpmbuild -ba openlsm.spec
…
….
…..

* Source and Binary package created !!

** Let’s see what happened in “/usr/src/redhat/” directory

root@arunsb:/usr/src/redhat# pwd
/usr/src/redhat
root@arunsb:/usr/src/redhat# ls
BUILD RPMS SOURCES SPECS SRPMS
root@arunsb:/usr/src/redhat# ls BUILD/
openlsm-0.99-r45                                <== Source extracted here as part of build instructions from specification file ie “openlsm.spec”
root@arunsb:/usr/src/redhat# ls SOURCES/
openlsm-0.99-r45.tar.gz                         <== original ‘openlsm-0.99-r45.tar.gz’ source file copied by me
root@arunsb:/usr/src/redhat# ls RPMS/
athlon i386 i486 i586 i686 noarch
root@arunsb:/usr/src/redhat# ls RPMS/i386/
openlsm-0.99-r45.i386.rpm                       <== Binary rpm package created!
root@arunsb:/usr/src/redhat# ls SRPMS/
openlsm-0.99-r45.src.rpm           <== Source rpm package created!
root@arunsb:/usr/src/redhat#

Step 3] Now install the package and test it ~

root@arunsb:/usr/src/redhat# cp RPMS/i386/openlsm-0.99-r45.i386.rpm /home/arunsb/

root@arunsb:/usr/src/redhat# cd /home/arunsb/
root@arunsb:~# ls
openlsm-0.99-r45 openlsm-0.99-r45.i386.rpm openlsm-0.99-r45.tar.gz thttpd-2.25b-3.dag.src.rpm thttpd-2.25b-dag.spec
root@arunsb:~# rpm -ivh openlsm-0.99-r45.i386.rpm
Preparing… ########################################### [100%]
1:openlsm ########################################### [100%]
root@arunsb:~# ls /usr/local/openlsm/
bin contrib etc include lib sbin scripts share var
root@arunsb:~#

** Starting the openlsm server ~

root@arunsb:~# rpm -q openlsm-0.99-r45
openlsm-0.99-r45
root@arunsb:~#

root@arunsb:~# rpm -lq openlsm-0.99-r45
..
…

root@arunsb:~# rpm -qiv openlsm-0.99-r45
Name        : openlsm                      Relocations: (not relocatable)
Version     : 0.99                              Vendor: IndianGNU.org & openlsm
Release     : r45                           Build Date: Wed 02 Dec 2009 05:50:54 PM IST
Install Date: Wed 02 Dec 2009 06:06:23 PM IST      Build Host: alongseveral-dr.eglbp.corp.yahoo.com
Group       : System Environment/Daemons    Source RPM: openlsm-0.99-r45.src.rpm
Size        : 14877918                         License: GPL
Signature   : (none)
Packager    : IndianGNU.org (http://www.indiangnu.org)
URL         : http://openlsm.sourceforge.net/
Summary     : openlsm Admin Server
Description :
openlsm Admin Server is free & open source web based control panel for Linux,Unix systems.
root@arunsb:~#

Regards,
Arun Bagul

How to configure TATA Indicom/BSNL/Reliance Broadband+ Netconnect ( EDVO usb modem ) on Ubuntu Linux

By Arun Bagul | September 27, 2009 | Comments 3 comments

Introduction ~

This article is about how to configure TATA Indicom,BSNL and Reliance Broadband+ Netconnect ( EDVO usb modem ) on Ubuntu Linux.

To configure Reliance,BSNL and Tataindicom epi valley usb modem please refer the following article ~

http://www.indiangnu.org/2008/tata-indicom-usb-modem-epi-valley-on-ubuntu-linux/

To configure Tataindicom,Reliance Huawei datacard refer the following article ~

http://www.indiangnu.org/2008/tata-indicom-datacard-huawei-cdma-on-linuxubuntu/

** EVDO ?

EVolution-Data Optimized (EVDO) is a telecommunications standard for the wireless transmission of data through radio signals, typically for broadband Internet access. It uses multiplexing techniques including code division multiple access (CDMA) as well as time division multiple access (TDMA)
to maximize both individual user’s throughput and the overall system throughput. It is standardized by (3G) 3rd Generation Partnership Project 2 (3GPP2) as part of the CDMA2000 family of standards and has been adopted by many mobile phone service providers around the world – particularly those previously employing CDMA networks.

How to configure Reliance Broadband+ Netconnect –

Step 1] Mount USB file system to “/proc/bus/usb” –

root@laptop:~# ls /proc/bus/usb/
root@laptop:~#

* It shows that usbfs is not mounted on “/proc/bus/usb”. To mount run following command….

root@laptop:/var/src/usb_modeswitch-1.0.5# mount -t usbfs none /proc/bus/usb
root@laptop:/var/src/usb_modeswitch-1.0.5# ls /proc/bus/usb/
001 002 003 004 005 006 007 devices
root@laptop:/var/src/usb_modeswitch-1.0.5#

Step 2] Get the status of Reliance Broadband+ USB device ~

* lsusb list USB devices connected to PC as well as information about USB buses in the system and the devices connected to them.

* Output before connecting Reliance Broadband+ Netconnect usb modem –

root@laptop:~# lsusb
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
…..
root@laptop:~#

* Let’s connect Reliance Broadband+ Netconnect! usb modem –

root@laptop:~# lsusb
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 004: ID 19d2:fff5
Bus 005 Device 003: ID 08ff:2580 AuthenTec, Inc. AES2501 Fingerprint Sensor
…..
root@laptop:~#

* Bus 005 Device 004: ID 19d2:fff5 – This shows that the Reliance (EVDO) usb device is detected with Vendor_id 19d2 and product_id fff5

root@laptop:~# cat /proc/bus/usb/devices

T: Bus=07 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 23 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=19d2 ProdID=fff5 Rev= 0.00
S: Manufacturer=ZTE, Incorporated
S: Product=USB Storage
S: SerialNumber=000000000002
C:* #Ifs= 1 Cfg#= 1 Atr=c0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usbserial_generic
E: Ad=89(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=0a(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms

root@laptop:~# dmesg | tail
[15035.656075] usb 7-2: new full speed USB device using uhci_hcd and address 24
[15035.814188] usb 7-2: configuration #1 chosen from 1 choice
[15035.827708] scsi10 : SCSI emulation for USB Mass Storage devices
[15035.828851] usb-storage: device found at 24
[15035.828856] usb-storage: waiting for device to settle before scanning
[15040.831095] usb-storage: device scan complete
[15040.834105] scsi 10:0:0:0: Direct-Access ZTE USB Storage FFF1 2.31 PQ: 0 ANSI: 2
[15040.839233] sd 10:0:0:0: [sdb] Attached SCSI removable disk
[15040.839378] sd 10:0:0:0: Attached scsi generic sg2 type 0
root@laptop:~#

*** Reliance Broadband+ EVDO USB is detected as “USB storage device” as shown above…

Step 3] How to use Reliance Broadband+ Netconnect as USB Modem –

To use Reliance Broadband+ usb as USB Modem. We need to switch the usb mode of this device with the help of “usb_modeswitch” tool.

Download ~ http://www.draisberghof.de/usb_modeswitch/usb_modeswitch-1.0.5.tar.bz2

Help – http://www.draisberghof.de/usb_modeswitch/

* Download and extract the “usb_modeswitch” –

root@laptop:/var/src# wget -c http://www.draisberghof.de/usb_modeswitch/usb_modeswitch-1.0.5.tar.bz2

root@laptop:/var/src# tar xvfj usb_modeswitch-1.0.5.tar.bz2

* Now compile and install –

root@laptop:/var/src/usb_modeswitch-1.0.5# gcc -l usb -o usb_modeswitch usb_modeswitch.c
root@laptop:/var/src/usb_modeswitch-1.0.5# make install
mkdir -p /usr/sbin
install ./usb_modeswitch /usr/sbin
mkdir -p /etc
install –mode=644 ./usb_modeswitch.conf /etc
root@laptop:/var/src/usb_modeswitch-1.0.5#

**** Now configure USB mode switching –

a) Edit configuration file “/etc/usb_modeswitch.conf” –

Just search for vendor and product id eg (19d2 and fff5) in config “/etc/usb_modeswitch.conf” file….
This file contains most of the details. I choose following setting and that work’s for me

root@laptop:~# cat /etc/usb_modeswitch.conf

###################
# ZTE AC8710
#

DefaultVendor= 0x19d2
DefaultProduct= 0xfff5

TargetVendor= 0x19d2
TargetProduct= 0xfff1

MessageContent=”5553424312345678c00000008000069f030000000000000000000000000000″

root@laptop:~#

b) Now run “usb_modeswitch” command to switch the mode of USB device –

root@laptop:~# usb_modeswitch -c /etc/usb_modeswitch.conf

Step 4] Load “usbserial” module

* Remember in Ubuntu 09.04 the “usbserial” is buildin kernel. To load that module we need to modify “grub.conf” or “menu.lst” GRUB config file

root@laptop:~# cat /boot/grub/menu.lst

title        Ubuntu 9.04, kernel 2.6.28-11-generic
uuid        c98db8a7-0a2e-4cea-b9d5-43a30c892fb0
kernel        /vmlinuz-2.6.28-11-generic root=/dev/sda5 ro quiet splash usbserial.vendor=0x19d2 usbserial.product=0xfff1
initrd        /initrd.img-2.6.28-11-generic
quiet
….
……
root@laptop:~#

**** Reboot the machine and run the following command

* Output before switch….

root@laptop:~# lsusb
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 023: ID 19d2:fff5
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
…..
root@laptop:~#

root@laptop:~# usb_modeswitch -c /etc/usb_modeswitch.conf

* Output after switch….

root@laptop:~# lsusb
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 024: ID 19d2:fff1
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
…..
root@laptop:~#

root@laptop:~# usb_modeswitch -v 19d2 -p fff1

Looking for default devices …
Found default devices (1)
Accessing device 004 on bus 005 …
Using endpoints 0x02 (out) and 0x82 (in)
Not a storage device, skipping SCSI inquiry

Device description data (identification)
————————-
Manufacturer: ZTE, Incorporated
Product: ZTE CDMA Tech
Serial No.: not provided
————————-
Warning: no switching method given.
-> Run lsusb to note any changes. Bye.

root@laptop:~#

root@laptop:~# cat /proc/bus/usb/devices

T: Bus=07 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 24 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=19d2 ProdID=fff1 Rev= 0.00
S: Manufacturer=ZTE, Incorporated
S: Product=ZTE CDMA Tech
C:* #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=128ms

root@laptop:~# dmesg | tail
[   70.985075] usbserial_generic 5-1:1.1: generic converter detected
[   70.985109] usb 5-1: generic converter now attached to ttyUSB1
[   70.987028] usbserial_generic 5-1:1.2: generic converter detected
[   70.987064] usb 5-1: generic converter now attached to ttyUSB2
[   70.989589] usbserial_generic 5-1:1.3: generic converter detected
[   70.989623] usb 5-1: generic converter now attached to ttyUSB3
[   70.991023] usbserial_generic 5-1:1.4: generic converter detected
[   70.991061] usb 5-1: generic converter now attached to ttyUSB4
[   70.993066] usbserial_generic 5-1:1.5: generic converter detected
[   70.993109] usb 5-1: generic converter now attached to ttyUSB5
root@laptop:~#

*** It shows that Reliance Broadband+ EVDO usb is detected as CDMA modem

Step 5] Configure wvdail –

* Run “wvdialconf” to detect and edit “/etc/wvdial.conf” confile

root@laptop:~# wvdialconf
Editing `/etc/wvdial.conf’.
Scanning your serial ports for a modem.
Modem Port Scan<*1>: S0 S1

root@laptop:~# cat /etc/wvdial.conf

[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Password = your_mobile_no
Username = your_mobile_no
Phone = #777
PPPP Path = /usr/sbin/pppd
Modem Type = Analog Modem
Stupid Mode = 1
Tonline = 0
Baud = 9600
New PPPD = 1
Modem = /dev/ttyUSB0
ISDN = 0
root@laptop:~#

* Now it’s time to start surfing…..

root@laptop:~# wvdial &
[1] 21710
root@laptop:~#

root@laptop:~# ifconfig

ppp0 Link encap:Point-to-Point Protocol
inet addr:115.184.XX.BB P-t-P:220.224.CC.DD Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:4310 errors:0 dropped:0 overruns:0 frame:0
TX packets:4347 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2268618 (2.2 MB) TX bytes:445276 (445.2 KB)

Enjoy,
Arun Bagul

How to build RPM of PHP for apache with mpm-worker

By Ravi Bhure | September 14, 2009 | Comments 0 Comment

In my last post, we have seen how we build rpm package for apache with default mpm-worker now it this tutorial we will see how we build rpm of php that can work with apache with mpm-worker.

Download php source rpm from mirror.centos.org

http://mirror.centos.org/centos-5/5.2/os/SRPMS/php-5.1.6-20.el5.src.rpm

To resolve the dependancies to build RPM package for PHP installing the require some lib packages

[root@testbed2:/tmp]# yum install bzip2-devel curl-devel gmp-devel aspell-devel libjpeg-devel libpng-devel pam-devel openssl-devel sqlite-devel pcre-devel krb5-devel libc-client-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel ncurses-devel gd-devel freetype-devel

install source rpm using
[root@testbed2:/tmp]# rpm -i php-5.1.6-20.el5.src.rpm

[root@testbed2:/tmp]# cd /usr/src/redhat/SPECS

vi php.spec and find “%configure” (without quote) where you can put the “–enable-maintainer-zts \” (without quote)

then rebuild rpm using below command

[root@testbed2:/usr/src/redhat/SPECS]# rpmbuild -bb php.spec

after creating rpm you will find all rpm in /usr/src/redhat/RPMS/{your arch folder} folder
in my condition the rpm’s in /usr/src/redhat/RPMS/x86_64

now change the httpd mpm to worker

[root@testbed2:/usr/src/redhat/X86_64]# /etc/init.d/httpd stop

edit file /etc/sysconfig/httpd

just uncomment the HTTPD=/usr/sbin/httpd.worker line

save and exit then start the httpd service

Now install php rpms from /usr/src/redhat/RPMS/{your arch folder}

[root@testbed2:/tmp]# /etc/init.d/httpd start
[root@testbed2:/tmp]# httpd -V
[root@testbed2:/tmp]# php -v

This is the way that I have done this. I know people are many way and good idea’s to do this.

So keep commenting that update that the things.

How to build rpm for http with mpm worker (on x86_64)

By Ravi Bhure | September 14, 2009 | Comments 0 Comment

Guy’s since I started working on apache, I found that apache is most use ful web technology over network.
Everyone knows that (multi-processing module) MPM Prefork is default included in apache rather than MPM Worker.

MPM Prefork = This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries. It is also the best MPM for isolating each request, so that a problem with a single request will not affect any other.
MPM Worker = This Multi-Processing Module (MPM) implements a hybrid multi-process multi-threaded server. By using threads to serve requests, it is able to serve a large number of requests with fewer system resources than a process-based server. However, it retains much of the stability of a process-based server by keeping multiple processes available, each with many threads.

More information is available on apache.org manuals

http://vr-zone.com/manual/en/mod/prefork.html
http://vr-zone.com/manual/en/mod/worker.html

On RPM based OS’s, apache is default with MPM-Prefork so we will build apache RPM (with default MPM-worker) for our own, don’t know this will be useful or now but will have know everyone with this 🙂

Download the source rpm packages from http://mirror.centos.org

[root@testbed2:/tmp]# wget http://mirror.centos.org/centos-5/5.3/os/SRPMS/httpd-2.2.3-22.el5.centos.src.rpm

install http source rpm

[root@testbed2:/tmp]# rpm -ivh httpd-2.2.3-22.el5.centos.src.rpm

[root@testbed2:/tmp]# cd /usr/src/redhat/SPECS

edit httpd.spec with vi editor

[root@testbed2:/usr/src/redhat/SPECS]# vi httpd.spec

find the –with-mpm and enter below config parameter under the –with-mpm

–enable-headers –enable-uniqueid \
–enable-deflate \
–enable-mime-magic \
–enable-so –enable-rewrite \
–enable-http \
–enable-log-config \
–with-libexpat=built-in \

Now find the “mpmbuild prefork” and replace with “mpmbuild worker”

Now find the “mpmbuild worker” and replace with “mpmbuild prefork”
(you may find this, just few line below)

and most important thing is that you have to comment some lines i.e. (./prefork/httpd -l | grep -v prefork > prefork.mods to done)

find and comment from “./prefork/httpd -l | grep -v prefork > prefork.mods” to “Done” (i.e. just total 8 lines)

Now time to build http with mpmworker for that some dependancies are comes that we will resolve using yum

yum install xmlto db4-devel expat-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel

[root@testbed2:/usr/src/redhat/SPECS]# rpmbuild -bb httpd.spec

you have wait for few min and watch whats going on screen ……

your rpm build is created and placed into /usr/src/redhat/RPMS/x86_64

Now install the packages and check with ‘httpd -V’

N’joy

HAProxy Load Balancer

By Ravi Bhure | August 14, 2009 | Comments 2 comments

IT infra going day to day very critical and costly, So for that we need simple IP based load balancing solution that handles ssl traffic. Basically it’s very easy and secure way to manage your server load balancing.
This example will shows you how we use this with easy steps

The Configuration =
* Load Balancer: <10.0.0.77> // will be our haproxy server # This will listen on many ports that we will bind as per requirement
* Web Server 1: <10.0.1.209> // web application server 1    #This will listen on tcp mode
* Web Server 2: <10.0.1.210> // web application server 2   #This will listen on tcp mode
* Web Server 3: <10.0.1.227> // web application server 3   #This will listen on http mode
* Admin Panel Port 8088: <10.0.0.77> // Statistics Panel on port 8080 #This will listen on http mode

Get and Install haproxy
We’ll be using the 1.3.17 src files to install haproxy. You can get them from http://haproxy.1wt.eu/

wget http://haproxy.1wt.eu/download/1.3/src/haproxy-1.3.19.tar.gz

tar xvzf haproxy-1.3.19.tar.gz

cd haproxy-1.3.19

make TARGET=linux26 ARCH=x86_64

make install

Now add user haproxy or what ever need to run config

[root@ravi.com ~]# useradd haproxy

cp /path/to/haproxy-1.3.19/examples/haproxy.init /etc/init.d/haproxy

chmod +x /etc/init.d/haproxy

create the /etc/haproxy folder and create haproxy.cfg config file in it.

mkdir /etc/haproxy

Now Please add your config file haproxy.cfg in /etc/haproxy

Configure /etc/haproxy/haproxy.cfg

#[root@app71 haproxy]# more haproxy.cfg
global
log 127.0.0.1   local0
log 127.0.0.1   local1 notice
#log loghost    local0 info
maxconn 25000    # count about 1 GB per 25000 connections
#debug
#quiet
user ravi
group ravi

defaults
log         global
mode        tcp
option     dontlognull
retries 3
option         redispatch
maxconn     20000
contimeout      5000
clitimeout      50000
srvtimeout      50000

#Configuration for www.ravi.com
listen VIP:www.ravi.com:10.0.0.77:80
bind            10.0.0.77:80    # or any other IP:port combination we listen to.
bind            10.0.0.77:443    # or any other IP:port combination we listen to.
mode            tcp
option          ssl-hello-chk
option          forwardfor    # set the client’s IP in X-Forwarded-For.
balance         roundrobin
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
# you have to set server health check it it’s down it showing you on stat
# Set server weights normally it should be 1 for all
server          app139:10.0.1.209:80 10.0.1.209 weight 1 maxconn 5000 check
server          app140:10.0.1.210:80 10.0.1.210 weight 1 maxconn 5000 check

listen VIP:www.ravi.com:10.0.0.77:8080
bind            10.0.0.77:8080    # or any other IP:port combination we listen to.
mode            http
option          forwardfor    # set the client’s IP in X-Forwarded-For.
balance         roundrobin
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
# you have to set server health check it it’s down it showing you on stat
# Set server weights normally it should be 1 for all
server          app127:10.0.1.227:8080 10.0.1.227 weight 1 maxconn 5000 check

# Enable the stats page on a dedicated port (8088). Monitoring request errors
# on the frontend will tell us how many potential attacks were blocked.
listen ha_stats 10.0.0.77:8088
mode http
stats enable
stats auth user:password ##Auth user pass

edit the /etc/sysctl.conf and add the end of file then run sysctl -p to load the setting

net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65023
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_max_tw_buckets = 400000
net.core.somaxconn = 10000

start haproxy using (/etc/init.d/haproxy start or /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid)

Configuring logging

Edit /etc/sysconfig/syslog

1.SYSLOGD_OPTIONS=”-m 0 -r”

Edit /etc/syslog.conf. Add the following:

1.local0.* /var/log/haproxy/haproxy.log
2.local1.* /var/log/haproxy/haproxy-1.log

Restart Syslog

service syslog restart

Now check with

ps auxwww | grep haproxy

Thanks

Ravi