GregB's questions

I currently use ActiveDirectory for authentication on my Ubuntu 10.04 servers using a tool called Centrify Express. Centrify has a custom .so file that is configured in /etc/pam.d/common-auth.

I'd like to do normal LDAP authentication (bypassing centrify) for just SFTP users (not SSH logins). How would I configure /etc/pam.d/sshd to try LDAP authentication for SFTP logins, but not SSH logins? The idea is that my SFTP OU would allow users to download, and upload files, but they wouldn't be able to get a shell.

I'm giving the question an overhaul to more specifically identify where I need help.

I use two tools to manage a bunch of cloud server: Puppet and Rundeck. Both of these can be configured to use a mysql backend. I'd like to setup an instance of each application in both the U.S., and the U.K., treating the U.K. servers as hot stand-bys in case of failure in the U.S.

I want to use a MySql cluster so that the data is automatically replicated from the U.S. to the U.K. Because these are hot standbys, high performance is not a goal. Redundancy and data integrity are most important.

My question revolves around the setup of the mysql cluster. I want to run three servers, each one running a data node, a sql node, and a management node. Is this a valid configuration for mysql server? If so, could someone point me in the right direction for creating such a setup? I've downloaded the offical tarball, and the official debian, and the documentation for them contradicts many of the online tutorials. I'm installing on Ubuntu 10.04.

I'm working on building a new Cassandra cluster and I'd like to create a DNS record that will hold the IP addresses of all of the nodes. I build all of my servers in the cloud and they automatically create a new A record for themselves when they come online, but I don't know how to add to an existing record without overwriting the existing info.

The DNS server is a Windows 2008 domain controller and my Cassandra nodes are Ubuntu 10.04 servers.

I manage a few apps that depend on specific versions of some packages. To make sure that I always have the correct versions, I created my own Apt repository. Now, I'm concerned that some of the packages I depend on will break because the packages they depend on will be up-revved. Is there an easy way to download a package (say, tomcat6) and all of the packages it depends on so that I can add them to my private repository?

Ubuntu 10.04 Reprepro

EDIT

To clarify a point that was made below, I'm looking to automate this process so that it's easily repeatable.

Right now, I'm manually running "sudo apt-cache depends [package]", then using "sudo apt-get -d install [package package2 package3 package4... package*]". I'm looking to see if there's a streamlined way of doing this before I script my own solution

I have some scripts in SVN that are managed by a few people. Every few weeks, once everyone's changes are in, I tag a revision and then deploy that tag to an Ubuntu server (a very simple svn export on the ubuntu server). I'd like to make it easy for other people to manage these deployments by providing a simple web front-end that will allow a user to select the appropriate tag, select a target directory and then export the tag to that directory. Does something like this already exist? If not, has anyone built a process similar to this?

Thanks.

I just completed a migration from Windows server 2008 R2 to Ubuntu 10.04. I manage a java application (Java 6, Tomcat) that is having some performance issues. I'd like to use JMX to try and troubleshoot, but I can't seem to get jvisualvm to connect.

If I do a ps -ef | grep "java", I see the following parameters.

-Dcom.sun.management.jmxremote.port=8084 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.authenticate=false

Netstat shows that port 8084 is listening on 0.0.0.0. In my config, JMX is setup to bind to the FQDN of the server (we use a private DNS server). My firewall (IPTABLES/UFW) is setup to allow all outgoing traffic, and to allow incoming traffic on port 8084.

The server itself is virtual with two NICs, a public and a private. The public NIC's gateway is disabled so that connections can only come in on the private side.

When I try to connect jvisualvm to my app server using JMX, I get the following error in jvisualvm.

Cannot connect to [FQDN OMITTED]:8084 using server:jmx:rmi:///jndi/rmi://[FQDN OMITTED]:8084/jmxrmi

If I look in the jvisualvm log, I see the following trace.

NFO [com.sun.tools.visualvm.jmx.impl.JmxModelImpl]: connect(service:jmx:rmi:///jndi/rmi://[FQDN OMITTED]:8084/jmxrmi)
java.io.EOFException: SSL peer shut down incorrectly
                at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
Caused: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
                at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
                at java.io.DataOutputStream.flush(DataOutputStream.java:106)
                at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
Caused: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
                javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
                at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:286)
                at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
                at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
                at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
                at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:97)
Caused: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
                javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
                at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:101)
                at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:185)
                at javax.naming.InitialContext.lookup(InitialContext.java:392)
                at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1886)
                at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1856)
                at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:257)
Caused: java.io.IOException: Failed to retrieve RMIServer stub
                at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:338)
                at com.sun.tools.visualvm.jmx.impl.JmxModelImpl$ProxyClient.tryConnect(JmxModelImpl.java:451)
[catch] at com.sun.tools.visualvm.jmx.impl.JmxModelImpl$ProxyClient.connect(JmxModelImpl.java:395)
                at com.sun.tools.visualvm.jmx.impl.JmxModelImpl.connect(JmxModelImpl.java:216)
                at com.sun.tools.visualvm.jmx.impl.JmxModelImpl.<init>(JmxModelImpl.java:205)
                at com.sun.tools.visualvm.jmx.impl.JmxModelProvider.createModelFor(JmxModelProvider.java:61)
                at com.sun.tools.visualvm.jmx.impl.JmxModelProvider.createModelFor(JmxModelProvider.java:42)
                at com.sun.tools.visualvm.core.model.ModelFactory.getModel(ModelFactory.java:111)
                at com.sun.tools.visualvm.tools.jmx.JmxModelFactory.getJmxModelFor(JmxModelFactory.java:69)
                at com.sun.tools.visualvm.jmx.impl.JmxApplicationProvider.addJmxApplication(JmxApplicationProvider.java:267)
                at com.sun.tools.visualvm.jmx.impl.JmxApplicationProvider.createJmxApplication(JmxApplicationProvider.java:185)
                at com.sun.tools.visualvm.jmx.JmxApplicationsSupport.createJmxApplicationImpl(JmxApplicationsSupport.java:283)
                at com.sun.tools.visualvm.jmx.JmxApplicationsSupport.createJmxApplicationInteractive(JmxApplicationsSupport.java:261)
                at com.sun.tools.visualvm.jmx.impl.AddJMXConnectionAction$1.run(AddJMXConnectionAction.java:80)
                at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:577)
                at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:1030)

Does anyone have any ideas?

I just started using Nagios and I like that my team can acknowledge problems, but I haven't yet found a way to log the solutions that are used to correct the problems. Is there a tool that logs Nagios alerts and provides a way to complete post-mortems and log solutions so that when someone encounters similar problems, they can reference the logged data?

I'm working on setting up a new Ubuntu 10.04 (lucid) cluster in the Rackspace cloud environment. I'm using Puppet for the first time to automate as much as I can. I've setup a puppet master and I'm now ready to build an image that will automatically install the puppet agent on first boot. I have a few ideas on how I could script this, but I thought I'd see if anyone had already solved this problem.

In short, I'd like the ability to create a new cloud instance and have it automatically install the puppet agent, connect to the puppet master and register itself as a node. I'm using puppet enterprise. I'm not sure if this differs a great deal from the standard version at this stage, but maybe somebody knows something I don't.

I'm running Ubuntu 10.04 across my entire environment. To make code deploys easier, we are implementing a private apt repository where we can deploy builds of our code.

One of the requirements of this repository will be that our QA department will be able to install any version of our application at any time.

Can I store multiple versions of the same package in an apt-repository (preferably in the same distribution)? If not, what are some possible workarounds that I could use to get the behavior described above?

I run a few application clusters within a cloud-based host. We've grown to the point where I need some sort of internal DNS scheme to keep all of the servers straight. I'd like to run a server with BIND9 installed to solve this problem.

Right now, the internal team members VPN into the cloud and then connect on each respective server's private interface. I'd like to modify the VPN server to use this new BIND DNS server. How do I configure BIND so that I can provide internal entries for my servers, but also allow anyone who is connected via VPN to still access external sites such as google.com or serverfault.com?

All external DNS entries for my load balancers are handled offsite, so there is no need for the BIND server to provide any DNS capabilities to the outside world.

I will be using BIND on Ubuntu 10.04, so answers in the context of Debian are preferred (but I'll take what I can get).

Thanks, Greg