Install NRPE for Nagios on CentOS 6.2

useradd -m nagios && passwd nagios
mkdir ~/downloads && cd ~/downloads
yum install -y wget openssl-devel xinetd && yum groupinstall -y "Development Tools"
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.15.tar.gz && tar -xzvf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15 && ./configure --enable-command-args && make && make install
chown -R nagios:nagios /usr/local/nagios/
cd ..
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz && tar -xzvf nrpe-2.13.tar.gz
cd nrpe-2.13 && ./configure --enable-command-args && make all && make install-plugin && make install-daemon && make install-daemon-config && make install-xinetd
vi /etc/xinetd.d/nrpe
vi /etc/services
vi /usr/local/nagios/etc/nrpe.cfg
service xinetd start

Resizing LVM Mounts

A common problem for me has been needing to resize an LVM partition. This works fine if you’re dealing with a non-critical mount point like /home that you can afford to take down while the system is online, but what if you need to resize /usr or /var for instance? The easiest method I found is to utilize the CentOS 6.2 LiveCD – it has all of the tools you need out of the box so there’s no need to install extra packages to make it work. Say you wish to steal 1G from /var and add it to your / partition. You’ll need to note the physical location of those mount points (a quick cat of /etc/fstab will yield you that). For me, / was mounted to /dev/mapper/VolGroup00-LogVol00 and /var was mounted to /dev/mapper/VolGroup00-LogVol03. Boot in through the LiveCD and run the following as root:

e2fsck -f /dev/mapper/VolGroup00-LogVol03
resize2fs /dev/mapper/VolGroup00-LogVol03 1G
lvreduce -L -1G /dev/mapper/VolGroup00-LogVol03
lvextend -L +1G /dev/mapper/VolGroup00-LogVol00
e2fsck -f /dev/mapper/VolGroup00-LogVol00
resize2fs /dev/mapper/VolGroup00-LogVol00

Iterate Through Directories and Backup SVN Repositories

I found this useful as I have quite a few SVN repositories that I’m responsible for maintaining. Due to the large number I didn’t want to manually specify each directory in an array as that involved more upkeep that I really wanted to have on my plate. This script will go through a target parent directory and perform an svnadmin dump on each repository to a gzipped file in the target backup directory. So for example if all of your svn repositories reside in /srv/svn and you want your gzip files to end up in /home/backup then create a shell script from the below info and set SVN_PARENT=/srv/svn and SVN_BACKUP=/home/backup. Right now I only care about keeping a day of backups so this script deletes all of the backup files prior to performing the next round of backups. Delete that line if you’re looking to keep a larger backup history.

#/bin/bash

SVN_PARENT=
SVN_BACKUP=
DATE=`date '+%F'`
TEMPFILE=/tmp/svn_backup.tmp

touch $TEMPFILE
ls $SVN_PARENT >> $TEMPFILE
DIR_LIST=( `cat "$TEMPFILE" `)

rm -rf $SVN_BACKUP/*.gz

for i in "${DIR_LIST[@]}"
do
        svnadmin dump $SVN_PARENT/$i | gzip > $SVN_BACKUP/$i.$DATE.svn.gz
done

rm -rf $TEMPFILE

Subversion and LDAP

When I started here, we had 12 SVN repositories (and a valid reason for having all 12). Maintaining the user database was really not doable given that setup as each repository had a distinct user database. I had two goals coming into this – make the management of the user database easier, and make new user setup doable by someone without Linux know-how. To do that I decided to tie things into the AD and make use of that for authentication as well as user setup. Here’s a brief overview of how I made it happen. This assumes a CentOS install but should be easily modified for Debian or other platforms.

  1. Create a connector account in your AD that will be used to query username/password. I granted mine admin rights but you’re probably alright without them, it just needs to query.
  2. Create a user group in the AD that will act as a container for authenticated users and the users than require SVN access into that group
  3. Install Apache, PHP, and the mod_dav and mod_dav_svn modules.
  4. Create your SVN repository (svnadmin create /foo/bar/repo)
  5. On CentOS you should get a subversion.conf file that is already generated for you (not sure on Debian and its ilk) that you’ll need to edit. Here’s a template to use. This assumes your domain name is example.com, the group name you create is “svn,” the connector account is called “SVN CONNECTOR”:
  6. LoadModule dav_svn_module     modules/mod_dav_svn.so
    LoadModule authz_svn_module   modules/mod_authz_svn.so
    
    <VirtualHost *:80>
            DocumentRoot /var/www/html/virtualhosts/svn
            ServerName svn.example.com
            ServerAlias svn
            ErrorLog logs/svn.example.com-error_log
            CustomLog logs/svn.example.com-access_log common
            <Location /repository>
                    DAV svn
                    SVNPath /srv/svn/repository
                    AuthBasicProvider ldap
                    AuthType Basic
                    AuthzLDAPAuthoritative off
                    AuthName "This is your SVN Repository"
                    AuthLDAPURL "ldap://DC.example.com:3268/DC=example,DC=com?sAMAccountName?sub?(&(&(objectClass=user)(objectCategory=person))(memberof=CN=svn,DC=example,DC=com))"
                    AuthLDAPBindDN "CN=SVN CONNECTOR,DC=example,DC=com"
                    AuthLDAPBindPassword "your connector password"
                    Require valid-user
                    Require ldap-group "CN=svn,DC=example,DC=com"
            </Location>

  7. That’s it. Bounce Apache and then test your access to the repository using your domain credentials

Linux Sys Admin Needed

A friend of mine’s company is in need of two experienced Linux sys admins (one specifically with a good solid understanding of sendmail and postfix). You can check the two job postings they have here and here. I’ve been to the company before, they’re on my short list of places I’d seek employment if I found myself no longer working at Merrimack. If you’re looking or have friends looking, put them in touch with me and I’ll get them together with my friend.

Copyright © All Rights Reserved · Green Hope Theme by Sivan & schiy · Proudly powered by WordPress