Technical
- Details
- Written by: Alex
- Category: Technical
- Hits: 25476
Monitoring via Twitter - it's something you've always dreamed of!
When setting up your CloudWatch Alarms, you'll notice that there are a number of possible destinations for your SNS Topic. For direct notification to an individual, out of the box, the easiest of these are either SMS (which costs money) or Email (which might be down if the system you're monitoring handles email).
Fortunately, AWS offers other SNS targets too, including Lambda (which we'll use here). So let's use a totally unrelated mechanism for alerting ourselves, via Twitter Direct Message! The big benfit of this is that it will get you push notifications to your phone (assuming you're using a Twitter app) for high priority issues.
The code for this is located here on GitHub, and we will use the Serverless framework to deploy it.
Check the code out, and start with the twitter.json file, we'll need to issue Twitter credentials to fill this out. To generate these visit https://developer.twitter.com/en/apps and "Create an app". Take the API key details and complete the twitter.json file with them.
Edit serverless.yml and set the TWITTER_USERS value to a comma separated (no spaces) list of Twitter users to send the direct message to.
Run setup.sh - this will store your twitter credentials in an encrypted string in SSM Parameter Store so that the Lambda function can retrieve them when it runs. The setup script will also install the python-twitter module into your working directory to be included with your Lambda function.
Deploy your lambda function and SNS topic using serverless deploy
Now, when you create CloudWatch alarms you can choose the SNS topic TwitterNotify to send the alerts to, and they'll be DMed to you via Twitter.
Exciting stuff!
- Details
- Written by: Alex
- Category: Technical
- Hits: 19082
Do you use the popular webmail client Roundcube? Do you also own a smartphone?
Have you ever wished that you could share your contacts between the two? Well now you can!
Using Z-Push (a PHP implementation of the widely supported ActiveSync protocol), this is a backend for Z-Push that connects your phone with your Roundcube address book.
So far, this has been tested with a HTC Wildfire running Android 2.2.1, and Roundcube 0.8.4.
There currently exist a couple of assumptions:
- Your usernames and paswords are available in a MySQL database
- If you log in via ActiveSync before you've ever logged directly into Roundcube, then the backend will create a record in Roundcube's users table for you.
Download from GitHub
- Details
- Written by: Alex
- Category: Technical
- Hits: 304020
This document is designed to give Windows administrators a helping hand getting Bind going. The most recent update was written for Windows 7, other versions of Windows will probably have differences.
Last tested against BIND 9.9.2-P1
Author:
Alex Charrett
Contributors:
Cynthia Haselton for the updates around the BIND 9 installer and Active Directory integration.
It's worth noting that Bind works admirably on many operating systems (I've run it on Linux, Solaris and Irix as well as Windows) and these may be preferable in a security focused environment.
Download and install the Bind 9 Software
- Download the latest version of bind from http://www.isc.org/downloads
- Create a folder on your desktop called bind and extract the downloaded zip to it.
- Open the newly created bind folder and right click on BINDInstall.exe and select "Run as administrator"
- In the Bind 9 Installer window enter:
- Target Directory: c:\named
- Service Account Name: named
- Service Account Password: Enter a secure password to use for the service to use
- Confirm Service Account Password: Enter the password again
- Ensure that Automatic Startup is selected
- Ensure that Keep Config files after uninstall is selected.
- Click Install.
- When the installer reports "BIND Installation completed successfully", click OK.
- Click Exit to close the installer.
Configure Bind
- Create a c:\named\zones folder
- Download named.conf and db.yourdomain.com.txtand save them to:
- c:\named\etc\named.conf
- c:\named\zones\db.yourdomain.com.txt
- Open a command prompt and run:
cd c:\named\bin rndc-confgen -a rndc-confgen > ..\etc\rndc.conf
- Close the command prompt
- Open c:\named\etc\rndc.conf in notepad
- Cut to the clipboard the section belowthe line that says:
- # Use with the following in named.conf, adjusting the allow list as needed:
- Save & close rndc.conf
- Open c:\named\etc\named.conf in notepad
- Paste the contents of the clipboard into the bottom of this file
- Remove the hashes (#) from the beginning of the pasted lines.
- Remove the line that says "End of named.conf"
- Save & close named.conf
Configure your zone
- Open c:\named\etc\named.conf in notepad.
- In the zone definition for yourdomain.com, modify the zone and file lines to reflect the domain you are configuring.
- Save and close named.conf
- Rename c:\named\zones\db.yourdomain.com.txt to reflect your previous change in named.conf
- Open this zone file in notepad.
- Substitute all references to yourdomain.com for the domain you are configuring.
- Substitute namesever-hostname for the hostname of your nameserver.
- Edit the last line so that the A record reflects the IP address of your server.
- Edit the serial line to reflect today's date. The format for this line is YYYYMMDDRR where:
- YYYY = The year (e.g. 2005)
- MM = The month (e.g. 02)
- DD = The day (e.g. 22)
- RR = Today's revision of this file (e.g. 01)
- Save and close the zone file.
Start the Bind service
- Start -> right click on "Computer" and select "Manage" -> Services and Applications -> Services
- Locate the "ISC Bind" service, right click on it and select start.
- If it fails to start, errors can be found in the Event Viewer.
Create a Bind Reload batch file
To make reloading your nameserver easier, I recommend placing a batch file on your desktop to reload the nameserver. Reloading the nameserver enables Bind to re-read all the configuration and zone files (and thus allow implement any changes) without the need to restart the service.
- Create a text file called "reload bind.bat" on the desktop, with the following content
@echo off c:\named\bin\rndc reload pause
If you wish your Bind server to serve recursion
Should you require your Bind server to allow recursive queries, that is that it will need to be able to look up zones other than the ones you are hosting on this server (e.g. if this is to provide DNS service to a local network), you will need to enable recursion.
You will first need to generate a root hints file so your server knows where the root servers are. Ensure your Windows DNS configuration is pointing to a working DNS server (such as that of your ISP), open a command prompt and run:
c:\named\bin\dig NS . @m.root-servers.net > c:\named\zones\db.root.hint.txt
Now add the following lines to your c:\named\etc\named.conf configuration file:
zone "." IN { type hint; file "db.root.hint.txt"; };
Also, in the global "options" section, change "recursion no" to "recursion yes" and, on the follwing line, add the following line to specify the range of IP addresses which you wish to allow recursion for:
allow-recursion { 192.168.1.0/24; };
Reload Bind for these changes to take effect.
Active Directory Integration
Should you wish for BIND to be the authoritative source of information for your Active Directory domain (if you don't know what this is, don't worry about this section) then you will need to delegate some of the special Active Directory subdomains to your Active Directory server.
; The address of my Active Directory server yourdnsdc IN A 192.168.160.54 ; services over tcp
_tcp IN NS yourdnsdc.yourdomain.com.
; services over udp
_udp IN NS yourdnsdc.yourdomain.com.
; domain controllers
_msdcs IN NS yourdnsdc.yourdomain.com.
; subnet locations
_sites IN NS yourdnsdc.yourdomain.com.
- Details
- Written by: Alex
- Category: Technical
- Hits: 73341
Installing Solaris via JumpStart from a Linux server.
Thanks to Jon Still, Tim Gibbons, Scott Mann and Chris Cosby for helping me improve this document.
Any feedback is welcome, problems hints or a simple "that works, hurrah" are helpful. Drop me a line at alex at transposed dot org.
Note: This is only likley to work with Solaris 8 or newer. Something to do with the ip fragementation in the inetboot kernels for 7 and earlier being broken. Possibly.
What you will need
- A Linux system
- A set of Solaris install media for the system you want to install
- rarpd
- bootparamd
- tftpd
- pdksh (if you want to install the second CD)
- tcpdump
- A Kernel with NFSv3 support
Copying the install media to the server
I have heard that you can jumpstart direct by exporting the CDs, but this is faster for the installs.
Pick a location to put the cd images, /home/jumpstart in my case. Then create it and an install and config subdirectory. The config dir is only necessary if you intend to want to do non-interactive jumpstarts.
mkdir -p /home/jumpstart/install
mkdir /home/jumpstart/config
In order to run the setup_install_server script you'll need to create a "/bin/bar" symlink to "/bin/tar" as the scripts calls a tar-a-like to do the copying.
ln -s /bin/tar /bin/bar
For Solaris 10 you also need to create a /bin symlink for sed, adb to gdb, and a copy of the Solaris "mach" script.
ln -s /bin/sed /usr/bin/sed
ln -s /usr/bin/gdb /usr/bin/adb
echo "#!/bin/bash" > /bin/mach
echo "uname -p" >> /bin/mach
chmod +x /bin/mach
Mount Solaris CD 1 / the Solaris DVD, and use the setup_install_server script. Then run the setup_install_server script.
mount /mnt/cdrom
cd /mnt/cdrom/Solaris_8/Tools
./setup_install_server /home/jumpstart/install
cd /
umount /mnt/cdrom
Replace the cd with cd 2 (if you don't have a cd 2, dont worry about it - skip to the next section). Even in Solaris 8 you can get away with just using cd1 if youre not going for one of the bigger installs. The add_to_install_server is written in ksh, so this is what you need pdksh for. It's odd that these scripts are completley different, and it seems this one uses cpio to copy the data. Weird eh? Anyway, most of it works ok apart from the disk space checking thing, so set and export $NOSPACECHK before you run it. I'm sure you can cope with checking how much space you have free.
mount /mnt/cdrom
cd /mnt/cdrom/Solaris_8/Tools
NOSPACECHK="yes"; export NOSPACECHK
./add_to_install_server /home/jumpstart/install
Set up the NFS server
If you've not already done so, install rarpd, bootparamd and tftpd. I'm assuming you're using the kernel nfsd here.
Set up the NFS export. Put the follwing in /etc/exports, but use appropriate values for your site. The config export is optional, depending on wether you want to use non-interactive jumpstart or not.
/home/jumpstart/install 192.168.1.0/24(ro,no_root_squash,async,no_subtree_check)
/home/jumpstart/config 192.168.1.0/24(ro,no_root_squash,async,no_subtree_check)
For newer versions of the linux nfsd, nfsv4 may well be enabled by default. It's probably easier to disable it - add " --no-nfs-version 4" to the nfsd parameters, however your Linux distribution chooses to do that.
Set up the server for the client
This is where it gets a little fiddly, for each install client you need an entry in /etc/hosts, /etc/ethers and /etc/bootparams and a symlink to the appropriate kernel in /tftpboot
/etc/hosts
This one is easy, you need the hostname and its IP address. Put it in /etc/hosts in the following format:
192.168.1.4 jumpstartclient
Also, ensure that your server's hostname is *not* listed against 127.0.0.1. If it is, remove it from that line and give it its own line, so your hosts file looks like this (where jumpstartserver is your server).
127.0.0.1 localhost.localdomain localhost
192.168.1.1 jumpstartserver
192.168.1.4 jumpstartclient
/etc/ethers
This is so that rarpd can respond to the client's request for an IP address. It does this by resolving it's MAC address to a hostname, and uses /etc/hosts to turn that in to an IP. In /etc/ethers:
8:0:20:7a:a3:f2 jumpstartclient
/etc/bootparams
This is the config so the client knows where to access the install image and configurations. In /etc/bootparams, where jumpstartserver is my jumpstart server:
jumpstartclient root=jumpstartserver:/home/jumpstart/install/Solaris_8/Tools/Boot \
install=jumpstartserver:/home/jumpstart/install \
boottype=jumpstartserver:in \
sysid_config=jumpstartserver:/home/jumpstart/install/Solaris_8/Tools/Boot/etc \
install_config=jumpstartserver:/home/jumpstart/config \
rootopts=jumpstartserver:rsize=8192,wsize=8192
/tftpboot
This is the really fiddly bit. Either you calculate the client's IP address in hex format, or you use tcpdump to determine what it's requesting.
This is becase the client will request an inetboot file from the tftp server. It will be named in the format HEXIPADDR.ARCH or just HEXIPADDR (some machines do not request the .ARCH part of the filename). In my case, it is C0A80104.SUN4U. So if, like me you don't fancy calculating this name, start the bootparamd and the rarpd (you may need to start the rarpd with -e as some versions will not respond to rarp queries if there is not a corresponding image in /tftpboot to serve.
According to Jon,
perl -e 'printf "%02x"x4 ."\n",192,168,1,4;'|tr a-z A-Z
will give you the hex address (where the IP is 192.168.1.4).
Similarly, you can do it in shell like this:
printf %02x 192 168 1 4|tr [:lower:] [:upper:]
Once your services are started, get tcpdump on the go (this is best done on a quiet or switched network, and boot net - install your client. tcpdump should produce a line like this:
08:59:24.640821 jumpstartclient.40337 > jumpstartserver.beau.net.tftp: 23 RRQ "C0A80104.SUN4U"
Alternativley, running bootparamd with -d and -s flags should write the filename being requested to the syslog
Once you have this filename, you can copy the appropriate inetboot image from your /home/jumpstart/install hierachy. The example below is appropriate for a sun4m architecture machine, modify it for other systems
cp /home/jumpstart/install/Solaris_8/Tools/Boot/usr/platform/sun4m/lib/fs/nfs/inetboot /tftpboot/inetboot.sun4u
cd /tftpboot
ln -s inetboot.sun4u C0A80104.SUN4U
ln -s inetboot.sun4u C0A80104
Enable your tftpd and you should be ready to go!
Jumpstart the client
Stop-A the client and get it to the openboot prompt. From there type either:
boot net - install
(for a non-interactive install)
or
boot net - text
(for an interactive install)
IMPORTANT. One problem I have had with this is that when it boots, after it configured the network interface (a message like "Configured interface le0" is displayed), the client just sits there. Sending the client a ping should wake it up and it will continue fine. Weird eh?