vendredi 31 janvier 2014

NFS export & error read-only error on client

# For example /etc/export

/mnt/vol01 192.168.1.0/24(ro,sync,no_subtree_check)
/mnt/vol01/dir1 192.168.1.0/24(ro,sync,no_subtree_check)

/mnt/vol01/inet/btorrent 192.168.1.0/24(rw,sync,no_subtree_check,all_squash)
/mnt/vol01/dir1/dir2 torrenthost(rw,sync,no_subtree_check,all_squash)

# mount torrenthost
mount -t nfs nfsserver:/mnt/vol01/inet/btorrent /mnt/share.nfs/btorrent
mount -t nfs nfsserver:/mnt/vol01/dir1/dir2 /mnt/share.nfs/dir2

touch /mnt/share.nfs/dir2/xx --> read-only...;-//

# Change /etc/export
/mnt/vol01 192.168.1.0/24(ro,sync,no_subtree_check,fsid=0)
/mnt/vol01/dir1 192.168.1.0/24(ro,sync,no_subtree_check,fsid=1)

/mnt/vol01/inet/btorrent 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,fsid=2)
/mnt/vol01/dir1/dir2 torrenthost(rw,sync,no_subtree_check,all_squash,fsid=3)

et voilà !!!

mardi 28 janvier 2014

perl CPAN

#cpan prerequis
aptitude install build-essential libterm-readline-gnu-perl

#cpan mini
cpan install Bundle::CPAN

#Install all dependencies

o conf prerequisites_policy follow
o conf commit

mardi 21 janvier 2014

ssh tunneling, rebond, proxytunnel, reverse proxy, rdp tunneling

# ssh over https via proxy see
http://sadar-ssi.blogspot.fr/2014/11/debian-7-apache-2222-patch-proxy-ssh.html

# accès ssh via proxy http sortant proxy https entrant (merci https !! ;-))
ssh access through outcoming http proxy --> incoming https proxy (Thx https !! ;-))

export PrxyServ=name or ip server proxy
export PrxyPort =port server http

ssh user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'

accès RDP via un tunnel ssh par un proxy http sortant et proxy https entrant
# ssh tunnel RDP through outcoming http proxy --> incoming https proxy 

ssh -v -NL 2222:localhost:2222 user@linuxserver -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X' 'ssh -v -fNL 2222:@ip_windows:3389 linuxserver'

# Depuis une ligne de commande windows
mstsc /span /admin /noconsentprompt /v:localhost:2222

# et hop !

X11 forwarding via un tunnel ssh,  proxy http sortant et proxy https entrant 
X11 forwarding through ssh tunneling outcoming http proxy --> incoming https proxy 

# set env

export DISPLAY=localhost:0.0
export PrxyServ=name or ip server proxy
export PrxyPort =port server http

ssh -Y user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'

#
#-------------------------------- VNC ----------------------------------------------------------------
# installer le serveur vnc (celui qui fonctionne hein !)

aptitude install x11vnc

# si le serveur X11vnc n'est pas lancé en tant que deamon, il faudra au préalable se connecter sur le serveur en ssh pour
# 1 - voir les process qui fonctionnent pour récupérer les paramètres derrière le "-auth"

ps wwwwaux | grep -v grep | grep auth

root 1167 0.4 2.2 358532 69440 tty7 Ssl+ août27 6:02 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
loli 2310 0.0 0.4 341996 12764 ? Sl août27 0:00 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1



# 2- puis sur le poste distant, lancer le process x11vnc avec les paramètres suivants

x11vnc -geometry 1024x768 -ncache 10 -localhost -display :0 -auth /var/run/lightdm/root/:0 -o /var/log/x11vnc.log -repeat -norc -forever -shared


# puis établir (si ce n'est fait) via une connexion

ssh -N -C -L 5900:pc-vnc:5900 mysrv

# depuis la vm lancer
vncviewer 127.0.0.1:5900

#-------------------------------- rsync via proxy socks ----------------------------------------------
# 1) établir la connexion vers le serveur distant en montant un port dynamique...

ssh -D*:10998 jessievdsk

# 2)
rsync --ignore-errors --force --human-readable --progress --partial --bwlimit=80 -hav /mnt/share/jessie -e "ssh -o 'ProxyCommand nc -x localhost:10998 rmtsrv 22'" root@rmtsvr:/mnt/vol3To/virtualbox/disk/jessie

#-----------------------------------------------------------------------------------------------------
# Authentification par clef publique / clef privé
# dans /etc/ssh/sshd_config
# vérifier les valeurs suivantes PubkeyAuthentication yes et RSAAuthentication yes
# et changer PasswordAuthentication yes par PasswordAuthentication no

#change hostname
nano /etc/hostname

#change hostname
hostname -F /etc/hostname

# How to generate new host keys on an existing server (duplicate a vm for example)
rm -rf /etc/ssh/ssh_host_*
ssh-keygen -A
dpkg-reconfigure openssh-server
service ssh restart

#To change the passphrase on your default DSA key:
ssh-keygen -p -f /root/olwen/private.04.ppk


#-------------------------------- Flush DNS W7 -------------------------------------------------------

# Flush DNS W7
ipconfig /flushdns

samedi 18 janvier 2014

idle3-tools

aptitude install idle3-tools smartmontools gsmartcontrol

#consultation
idle3ctl -d /dev/sda /dev/sdb

#disable timer
idle3ctl -g /dev/sda /dev/sdb

KVM / libvirt

# verifier si processur compatible...
egrep -c '(vmx|svm)' /proc/cpuinfo

# installer les packages coté serveur
aptitude install kvm qemu-kvm libvirt-bin virtinst colord bridge-utils virt-manager

#---creating bridge https://wiki.debian.org/BridgeNetworkConnections

#First step to creating the bridge network
brctl addbr br0

# The name br0 is totally up to you, this is just an example name that I’ve chosen for the wiki article.
# Anyway, now that you have your bridge device, you have to add the interfaces that are gonna be bridged. You # can cross-check the enumeration of your ethernet devices with (eth0, eth1, etc. is common):

ip addr show

#Add both the interface with the second computer, and the interface that leads to the existing network. Do it #with this command:

brctl addif br0 eth0

# Configuring bridging in /etc/network/interfaces
# The loopback network interface

auto lo
iface lo inet loopback

auto br0
iface br0 inet static

bridge_ports eth0
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.254

dns-nameservers 192.168.1.1
dns-search home.lan

bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

#------------------------------------------------------
# create bridge
#!/bin/bash
#----------

cd /etc/libvirt/qemu/networks

echo '' > /etc/libvirt/qemu/networks/bridge.xml
echo '    bridge' >> /etc/libvirt/qemu/networks/bridge.xml
echo '    ' >> /etc/libvirt/qemu/networks/bridge.xml
echo '    ' >> /etc/libvirt/qemu/networks/bridge.xml
echo '
' >> /etc/libvirt/qemu/networks/bridge.xml

virsh net-define bridge.xml

systemctl restart libvirtd.service; systemctl status libvirtd.service



#pol-edit defaut
nano -w /etc/libvirt/storage/default.xml
service libvirt-bin restart

#Changing the libvirt-guests service parameters to allow for the graceful shutdown of guests
# source https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-gracefully-shut-down-guests-libvirt.html

nano /etc/default/libvirt-guests
# Number of seconds we're willing to wait for a guest to shut down. If parallel
# shutdown is enabled, this timeout applies as a timeout for shutting down all
# guests on a single URI defined in the variable URIS. If this is 0, then there
# is no time out (use with caution, as guests might not respond to a shutdown
# request). The default value is 300 seconds (5 minutes).
SHUTDOWN_TIMEOUT=45

#ou
#howto fix default storage pool location for virt-manager (and libvirt)

virsh

pool-destroy default
pool-undefine default
pool-define-as --name default --type dir --target /storage/local/images
pool-autostart default
pool-build default
pool-start default
pool-destroy local
pool-undefine local
pool-define-as --name local-iso --type dir --target /storage/local/iso
pool-autostart local-iso
pool-build local-iso
pool-start local-iso
quit


#virsh editor (bashrc)
EDITOR=/usr/bin/nano
export EDITOR


http://wiki.deimos.fr/KVM_:_Mise_en_place_de_KVM#System_performances
/etc/rc.local
# KSM
echo 1 > /sys/kernel/mm/ksm/run

/etc/sysctl.conf
# Swapiness
vm.swappiness = 0

#For security and performances issues, you should disable ipv6
#on bridged interfaces by adding those 3 lines :
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

#If you want to always enable VirtIO, to get maximum performances, load those modules :
/etc/modules
virtio_blk
virtio_pci
virtio_net

#provisionner une VM debian
iso=/path-to-iso/debian-7.3.0-amd64-netinst.iso
path=/mnt/vol1To/vm
name=testing
virt-install --ram=256 --name=$name --disk path=$path/$name/$name.img,bus=virtio,size=4 --cdrom=$iso --hvm --vnc --noautoconsole --accelerate --network=bridge:br0,model=virtio

# Detacher l'image ISO


#provisionner W7
iso=/mnt/leonard/vol3To/08000.distrib/zz_os.softs/msw/Microsoft/PlateForms/Windows.7/distrib/W7.Ultimate.64.sp1.iso

virt-install --ram=2024 --name=W7 --disk path=/mnt/vm/kvm/W7/W7.img,bus=virtio,size=4 -cdrom=$iso --hvm --vnc --noautoconsole --os-type windows --os-variant win7 --accelerate

#cloner une VM
virt-clone --original=testing --auto-clone

#voir les VM
virsh list --all

#répertoire contenant les confs
/etc/libvirt/qemu

# problème de perf dans une VM...
ethtool -K [interface] gro off tso off

LVM KVM to Virtualbox
#----------------------------------------------------------------
dd if=/dev/Volume01/Disk of=/tmp/image.raw
qemu-img convert -O vdi /tmp/image.raw test.vdi
rm /tmp/image.raw
#--------------------- 

keyboard

setxkbmap fr

kbdrate -r 30 -d 250