Here is the problem. I have a Linux server. This server has a lot of people who need to log into it through the web server; currently authenticated by LDAP. However, I would like to allow some of the users to be able to log in locally and, more importantly, some of the users in LDAP that belong to the "administrators" LDAP group to be able to log in through ssh and be able to run commands as if they were members of the same local "administrators" group. To be clear here, there is an LDAP group called "administrators" and a local Linux group called "administrators". How do I set up my local LDAP connection so that users who log in who are members of the LDAP administrators group also authenticate as members of the local administrators group so they aren't hobbled as plebs.
I'm constantly having to make SAN changes which means that I am also constantly having to rescan the scsi bus so that my various changes are reflected in the machines I've exported disks to.
I've been plauged for some time by various facets of re-scanning disks in Linux.
Not to give Microsoft Credit, but they have really simplified the process into a single command which does everything and a lot faster than their linux counterparts.
I've been using the rescan-scsi-bus.sh command for quite some time now. However, the rescan-scsi-bus.sh command usually needs to be ran several times depending on what changes were made. IE. If a path was removed, I need to run "rescan-scsi-bus.sh -f -a -r -m". However, this command will not scan the disks for re-mapped disks nor will it scan for resized disks. In order to get the same functionality out of rescan-scsi-bus.sh, I end up having to run the command multiple times in succession which can end up taking lots of time (With lots of disks, 5 minutes or so which is years longer than windows takes.) Example:
# If the disk was removed.. Even though we aren't syncing, rescan can still hang
# unless we remove the disks first.
rescan-scsi-bus.sh --nosync -f -a -r -m
# Next, We scan for new disks.. Don't know why the last command can't do it at the same time..
rescan-scsi-bus.sh -a
# Look for remapped disks.
rescan-scsi-bus.sh --nosync -a -u
# Look for resized disks.. Once again.. We have to go through the entire list which can take a good O'l 1 minute.
rescan-scsi-bus.sh --nosync -a -s
The question is, is there a better policy to re-scanning disks rather than running a gambit of rescan-scsi-bus.sh commands?
The requirement here is a single command which removes disks and disk paths which have been removed, adds disks and paths which are new, updates drives which have been remapped somewhere else, picks up changes in drives that have new sizes and runs in a reasonable amount of time (0-30 seconds) on ANY linux distribution regardless of the amount of disks or level of IO load the system is under.
I could go back to echoing values into sysfs, but that kind of defeats the whole make it simple and have a single command which runs that does it all in a timely fashion.
Here is the problem. I do testing.. I need windows, not by choice, for testing purposes. I need physical hardware to do my testing. To do this, I install windows from PXE. The problem with this is, that I now need to have all of the windows updates installed after windows is done installing. HOWEVER, windows updates take A VERY LONG TIME. Like 6 hours+ to install (Downloading only takes seconds) as well as multiple reboots. Instead of installing the updates every time I finish a PXE install which is very time consuming, is there a way to get windows to install the updates, maybe even from wndows PE to speed up the process of updating? I've already looked into making a generalized sys-prep image, but I haven't been able to figure out how to make the sys-prepped image install like standard windows and I don't want to have to reconfigure my entire pxe configuration to use clone-zilla to mirror the sysprepped image. Is there a way to make a sysprepped image that will work with setup.exe?
I need the uuid of some systems for ipxe booting purposes.. The problem is that these systems are powered off with no OS on them. I could power them on, but it would do me little good since they have no OS installed.
I know that the uuid of a system can be obtained by using the command line.
Example:
cat /sys/class/dmi/id/product_uuid
Is there a way to get the system UUID out of the BMC (using ipmitool mabye)? If so, what is it?
I already have all of the other services setup to take the machine and install everything. I only lack the uuid to identify the machine which needs installing.
NOTE: MAC ADDRESSES ARE NO GOOD FOR THIS PURPOSE! I have way too many nics on these machines and they DO NOT adequately uniquely identify a machine since a machine has multiple mac addresses and there is no way of affirmatively knowing which one to use. Any suggestions to use the mac will be shot down on sight.
I am attempting to get a really simple TFTP server up and running for the purpose of working as an IPXE boot server. However everything I seem to do doesn't seem to work to get the server to be able to communicate with a remote client. I can get the client to communicate across localhost which seems to work great.
tftp $TFTP_SERVER -c get README
While this works great on local host, it defeats the purpose of having a server who can talk remotely. The tftp config file reads as follows:
[root@ipxe tmp]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -vvvvv -c -s /ipxe/
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
NOTE: FOR DEBUGGING PURPOSES I HAVE DONE THE FOLLOWING: I have disabled the firewall:
[root@ipxe ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@ipxe ~]# chkconfig iptables off
I have disabled SELinux because it sucks.
[root@ipxe tmp]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
I have also rebooted a large number of times.
No matter what I seem to try, even changing CentOS version to 7 and repeating the process, the most I can get from tftp is:
Jan 30 22:52:01 ipxe xinetd[2013]: START: tftp pid=2265 from=192.168.10.186
Jan 30 22:52:01 ipxe in.tftpd[2266]: RRQ from 192.168.10.186 filename README
Jan 30 22:52:06 ipxe in.tftpd[2267]: RRQ from 192.168.10.186 filename README
Jan 30 22:52:11 ipxe in.tftpd[2268]: RRQ from 192.168.10.186 filename README
Jan 30 22:52:20 ipxe in.tftpd[2269]: RRQ from 192.168.10.186 filename README
Jan 30 22:52:25 ipxe in.tftpd[2270]: RRQ from 192.168.10.186 filename README
Jan 30 22:52:30 ipxe in.tftpd[2271]: RRQ from 192.168.10.186 filename README
Jan 30 22:52:35 ipxe in.tftpd[2272]: RRQ from 192.168.10.186 filename README
Jan 30 22:52:40 ipxe in.tftpd[2275]: RRQ from 192.168.10.186 filename README
I can obviously ping the system and ssh into it and there seems to be no network issues of any kind that I can see.
What in heaven's name am I missing here? What is the next logical line in diagnosis of the issue? I'm almost ready to file a bug on the issue.
Problem: I need to figure out which volume corresponds to what partition(s) which corresponds to what disk in an extremely efficient script able manor. I know how to correspond which partition corresponds to what disk because the disk id is directly in the results of a simple wmic query. However, the first part of the problem is more difficult. How to correlate which volume belongs to which partitions?
Is there a way, using wmic, PowerShell, cmd prompt, to reverse-engineer which volume maps to which partition(s), that works across all currently supported versions of Windows Server (Windows Server 2008R2 - Windows Server 2016)?
If so how would this query look?
Using diskpart to get information is NOT an option. Although it can be used to script out disk operations, it is terrible to use diskpart as a tool to return information about disk configurations. Diskpart output is NOT parsible.
I have a python script which takes in processes in csv format and decides things based on what's running, it's name, and how much cpu time it's using. I would like to add processes that also use lots of memory to said script. The problem, however, is that the command that I have been using for csv like output does not seem to have a parameter to pretty print the RSS memory usage. I do have access to the VSZ value however... The command I have so far is:
ps -e -o "\"%p\",\"%r\",\"%U\",\"%z\",\"%C\",\"%c\",\"%a\""
" PID"," PGID","USER "," VSZ","%CPU","COMMAND ","COMMAND "
"22418","22418","root "," 4956"," 0.0","my_proc","my_proc arg1 arg2"
"26175","26175","root "," 14020"," 0.0","bash","-bash"
Before any one asks.. Yes I can get the vss value if I do not wish to have the value pretty printed. Example:
ps -o "rss"
RSS
604
2972
However, this doesn't get fed all nice and neatly into my script to stop stupid people from doing stupid stuff. I've tried every letter of the alphabet I know except for the Russian ones to see if one of the values matches the pretty print values of ps. But alas, It is not a single letter. I can't help but feel like there is a better way to output all of the data I want in the format I want.
I have many Windows Servers that need to run headless but I need to add many iscsi targets to each of the Windows hosts.
I already have the iscsi target setup and have access to IP address of where to query targets as well as the IQN's of the targets.
I need to instruct the Windows hosts, and only through cmd or programs native to cmd, to add the target to the initiator.
Is this possible? If so, how would I do this?
Is there a way, using sftp, to copy a file on a remote file system to the same file system?
What this means is
user@hostname:/path/file.txt to user@hostname:/path/copy_of_file.txt from a remote machine? I am doing remote testing and need to copy some large files on the remote system with out mirroring the file to or from the test system.
The situation: I am running psexec.exe from one windows machine to another and would like to run a python script on the remote machine and look at the output of the script without having to pipe it to a file and then read out the file, because the script is actually interactive and needs to have user input and display results back to the user for real time decisions. Running psexec in it's current form does not display anything when a python script is ran.
example:
C:\Users\rweber\Desktop\PSEXEX>PsExec.exe \dcn0 -u administrator -p password C:\Python26\python.exe
gives no stdin,stdout,stderr or access to the python console. It will just sit there until exited.
Can this be fixed? How do you fix it?
Running Cronjob @reboot returns that file on nfs share does not exist.
Example
@reboot python /abs/path/to/script.py
mail from crontab on startup reads "more or less"
/usr/bin/python can't open file "/abs/path/to/script.py": [Error No. 2] No such file or folder.
Script can be run from the command line with no trouble..
Theory is that the cronjob is running before mount has been run.
The questions.
- Is this theory correct?
- Is there a way to force the job to wail until the drive has been mounted? .... Other than just putting in a sleep 60 into the command. ;) I tried that already, but it's hit and miss and I need the script to run 100% of the time quickly.