Month: January 2013

Simple LDAP Caching Unix Daemon

Simple LDAP Caching Unix Daemon

Introduction-

I wrote this simple LDAP Caching unix daemon 2 yrs back when we faced lot of issue with Integrating Apache with LDAP authentication
using Apache ldap auth module. We were able to configure it properly however we faced slowness issue.

Basically We wanted to use Nagios (Check_mk Multisite) with LDAP authentication. So we wrote this unix daemon.
As of now this is very simple (no theading/forking and it is blocking) However it is working perfectly without any issue (for Nagios web interface authentication and few other web based tools, around 300+ users).

Download Perl files-

* ldapcached.pl
http://www.indiangnu.org/wp-content/uploads/2013/ldapcached-pl.txt

* ldapcached-client.pl
http://www.indiangnu.org/wp-content/uploads/2013/ldapcached-client-pl.txt

* Custom Apache Handler – to use this daemon for basic authentication
http://www.indiangnu.org/wp-content/uploads/2013/MyHandler-pm.txt

root@arunb:~# cat /etc/init.d/ldapcached-initd.pl
#!/usr/bin/perl
use strict;
use warnings;
use Proc::Daemon;

no warnings ‘uninitialized’;
if ( $ARGV[0] =~ m/start/ ) {
Proc::Daemon::Init;
my $continue = 1;
$SIG{TERM} = sub { $continue = 0 };
while ($continue) { eval { `/usr/local/ldapcached.pl –daemon`;};}

} else { print ” * Usage: $0 {start}”;}
#end
print “\n”;
root@arunb:~#

Step 1] Run Daemon – (edit LDAP related varibles)

Copy ldapcached.pl perl file at following location on your system /usr/local/ldapcached.pl
OR Change path in “ldapcached-initd.pl” startup file

* Start process-

root@:~# /etc/init.d/ldapcached-initd.pl start
root@:~#

* Make sure only one ldapcached process running?

root@:~# ps aux | grep ldap | grep -v grep
root 19441 0.0 0.0 6212 1408 ? S 15:03 0:00 /usr/bin/perl /etc/init.d/ldapcached-initd.pl start
root 19442 0.0 0.2 8656 4916 ? S 15:03 0:00 ldapcached
root@:~#

Step 2] How to test-

root@:~$ perl ldapcached-client.pl –client ‘my-ldap-user’ ‘my-ldap-pass’
Failed
root@:~$

root@:~$ perl ldapcached-client.pl –client ‘my-ldap-user’ ‘my-ldap-pass’
Pass
root@:~$

Step 3] How I should use/integrate in Application-

Say I want to use this ldapcached unix daemon for Apache/Basic Authentication –

NOTE- Make sure to copy MyHandler.pm module in Perl module directory or Check Apache error log for any error.

ScriptAlias /nagios/cgi-bin “/usr/lib64/nagios/cgi”

<Directory “/usr/lib64/nagios/cgi”>
Order allow,deny
Allow from all
AuthType Basic
AuthName “Nagios GUI”
PerlAuthenHandler Apache::MyHandler
Require valid-user
</Directory>

Thank you,
Arun

Check_mk Multisite and PNP4nagios

Check_mk Multisite and PNP4nagios

Introduction-

Nagios Check_mk Multisite (plugin) allow user to view/manage distributed nagios using single Web based Interface. However by default
it doesn’t support pnp4nagios graphs (hosts/services from remote nagios) access using (single) Multisite URL.

* To access PNP4nagios graphs of hosts/services from remote nagios using (single) Multisite URL, we need to Add Apache Proxy redirect setting.

1] multisite.mk Conf file-

This is my “check_mk/multisite.mk” conf file. (from Primary multisite Server (prod), SITE1 and SITE2 are two remote nagios)

OMD[prod]:~$ cat etc/check_mk/multisite.mk

….
sites = {
#Primary site
“local” : {
“alias” : “PROD”
},
# Remote site
“SITE1”: {
“alias”: “SITE1”,
“socket”: “tcp:192.168.1.10:6557”,
“url_prefix”: “/SITE1/”,
“nagios_url”: “/SITE1/nagios”,
“nagios_cgi_url”: “/SITE1/nagios/cgi-bin”,
“pnp_url”: “/SITE1/pnp4nagios”,
},
# Remote site
“SITE2”: {
“alias”: “SITE2”,
“socket”: “tcp:192.168.2.10:6557”,
“url_prefix”: “/SITE2/”,
“nagios_url”: “/SITE2/nagios”,
“nagios_cgi_url”: “/SITE2/nagios/cgi-bin”,
“pnp_url”: “/SITE2/pnp4nagios”,
},
}
….
…..
OMD[prod]:~$

2] Apache Proxy Redirect for PNP4nagios –

OMD[prod]:~# cat /etc/httpd/conf.d/multisite_proxy.conf
#SITE1
<Location /SITE1/>
RewriteEngine On
RewriteRule ^/.+/SITE1/(.*) http://192.168.1.10/SITE1/$1 [P]
</Location>

#SITE2
<Location /SITE2/>
RewriteEngine On
RewriteRule ^/.+/SITE2/(.*) http://192.168.2.10/SITE2/$1 [P]
</Location>

OMD[prod]:~#

That’s it! Now you can access pnp4nagios graphs form remote nagios hosts/services using single Multisite URL.

Thank you,
Arun Bagul

NetApp and Storage hardware terminology

NetApp and Storage hardware terminology

Introduction-

Storage systems that run Data ONTAP are sometimes referred to as filers, storage appliances, or systems.
Controller or Storage controller refers to the component of a storage system that runs the Data ONTAP.

* FC HBA for Disk or FC HBA refers to the Fibre Channel (HBA) Host Bus Adapter
that connects the node to the switch or to the disks
* Disk shelf is a unit of the disk subsystem component of the storage system. Disk shelves,
which hold disks and associated hardware.
* LRC (Loop Resiliency Circuit) disk shelf module that keeps the Fibre Channel-Arbitrated Loop (FC-AL) intact during the
addition and removal of disks within a disk shelf.
* ESH (Embedded Switching Hub) disk shelf module that provides a means of managing an FC-AL loop in an intelligent manner,
such that a single drive failure does not take down the loop.
* FilerView graphical user interface for NetApp

Regards,
Arun Bagul

Manage/Administer NetApp

Manage/Administer NetApp

Manage/Administer NetApp

Introduction-

– To manage/administer NetApp you can use CLI (telnet,ssh, serial port,SP,RLM or BMC), FilerView, the DataFabric Manager (DFM)
software, or the Manage ONTAP Developer SDK software.
– Mount /vol/vol0 (root volume) of netapp storage locally and change configuration
– If you are entering a command with an element that includes a space, you must quote that element. For example,
arun_netapp> environment status chassis “Power Supply”
– CLI History – Scroll back through commands press – Ctrl-P or Up arrow key.
Scroll Forward through commands press – Ctrl-N or Down arrow key.
-CLI help
arun_netapp> help
arun_netapp> ?
arun_netapp> environment help
Usage: environment status
-CLI man page
arun_netapp> man command_or_file_name

* Remotely access the system console  using SP(Service Processor), RLM or BMC –
Login to the SP, RLM or the BMC ( system responds with the SP,RLM or BMC prompt)
Enter the following command at the RLM or BMC prompt: system console
username – naroot
Return to RLM prompt, press Ctrl-D
Return to the BMC prompt, press Ctrl-G

# ssh  naroot@prod-netapp

* ONTAP commands at different privilege levels –

a)  Administrative level –  enables you to access commands that are suffi cient for managing your storage system.
b)  Advanced level –  provides commands for troubleshooting, in addition to all the commands available at the administrative level.

Thank you,
Arun Bagul