Wednesday, December 15, 2010

VirtualEnv and CherryPy with MySQL-python

Make some directories
$ mkdir -p ~/project/src ~/project/builds && cd ~/project/src

Grab virtualenv
$ wget http://pypi.python.org/packages/source/v/virtualenv/virtualenv-1.5.1.tar.gz#md5=3daa1f449d5d2ee03099484cecb1c2b7

Build virtualenv
$ cd ../builds/

$ tar zxf ../src/virtualenv-1.5.1.tar.gz

$ cd virtualenv-1.5.1/

$ python virtualenv.py ~/project/virtual_python
New python executable in /home/laban/project/virtual_python/bin/python
Installing setuptools.............done.

$ ls ~/project/virtual_python
bin include lib lib64


So let's install CherryPy
$ ~/project/virtual_python/bin/easy_install cherrypy
Searching for cherrypy
Reading http://pypi.python.org/simple/cherrypy/
Reading http://www.cherrypy.org
Reading http://download.cherrypy.org/cherrypy/3.1.0/
Reading http://sourceforge.net/project/showfiles.php?group_id=56099
Reading http://download.cherrypy.org/cherrypy/3.1.0rc1/
Reading http://download.cherrypy.org/cherrypy/3.0.1/
Reading http://download.cherrypy.org/cherrypy/3.1.0beta3/
Reading http://download.cherrypy.org/cherrypy/3.0.3/
Reading http://download.cherrypy.org/cherrypy/3.0.0/
Reading http://download.cherrypy.org/cherrypy/2.2.1/
Reading http://download.cherrypy.org/cherrypy/3.1.2/
Reading http://download.cherrypy.org/cherrypy/3.1.1/
Reading http://download.cherrypy.org/cherrypy/3.0RC1/
Reading http://trac.cherrypy.org/cgi-bin/trac.cgi/wiki/CherryPyDownload
Reading http://download.cherrypy.org/cherrypy/3.1beta/
Reading http://download.cherrypy.org/cherrypy/3.0.2/
Reading http://download.cherrypy.org/cherrypy/2.3.0/
Reading http://download.cherrypy.org/cherrypy/3.0.4/
Best match: CherryPy 3.1.2
Downloading http://download.cherrypy.org/cherrypy/3.1.2/CherryPy-3.1.2.zip
Processing CherryPy-3.1.2.zip
Running CherryPy-3.1.2/setup.py -q bdist_egg --dist-dir /tmp/easy_install-B4VfG0/CherryPy-3.1.2/egg-dist-tmp-EFtfdH
zip_safe flag not set; analyzing archive contents...
cherrypy._cptree: module references __file__
cherrypy._cpmodpy: module references __file__
cherrypy.lib.profiler: module references __file__
cherrypy.lib.covercp: module references __file__
cherrypy.process.plugins: module references __file__
cherrypy.test.test_states: module references __file__
cherrypy.test.test_logging: module references __file__
cherrypy.test.test_core: module references __file__
cherrypy.test.checkerdemo: module references __file__
cherrypy.test.test_misc_tools: module references __file__
cherrypy.test.test_routes: module references __file__
cherrypy.test.modpy: module references __file__
cherrypy.test.benchmark: module references __file__
cherrypy.test.test_config: module references __file__
cherrypy.test.test_tidy: module references __file__
cherrypy.test.test_wsgiapps: module references __file__
cherrypy.test.test: module references __file__
cherrypy.test.test_virtualhost: module references __file__
cherrypy.test.modwsgi: module references __file__
cherrypy.test.test_session: module references __file__
cherrypy.test.modfcgid: module references __file__
cherrypy.test.helper: module references __file__
cherrypy.test.test_caching: module references __file__
cherrypy.test.test_static: module references __file__
cherrypy.scaffold.__init__: module references __file__
cherrypy.tutorial.tut09_files: module references __file__
cherrypy.tutorial.tut06_default_method: module references __file__
cherrypy.tutorial.tut07_sessions: module references __file__
cherrypy.tutorial.tut02_expose_methods: module references __file__
cherrypy.tutorial.tut01_helloworld: module references __file__
cherrypy.tutorial.tut03_get_and_post: module references __file__
cherrypy.tutorial.tut05_derived_objects: module references __file__
cherrypy.tutorial.tut04_complex_site: module references __file__
cherrypy.tutorial.tut10_http_errors: module references __file__
cherrypy.tutorial.tut08_generators_and_yield: module references __file__
Adding CherryPy 3.1.2 to easy-install.pth file
Installing cherryd script to /home/laban/project/virtual_python/bin

Installed /home/laban/project/virtual_python/lib/python2.4/site-packages/CherryPy-3.1.2-py2.4.egg
Processing dependencies for cherrypy
Finished processing dependencies for cherrypy

OK, something a little more complex

$ ~/project/virtual_python/bin/easy_install MySQL-python
Searching for MySQL-python
Reading http://pypi.python.org/simple/MySQL-python/
Reading http://sourceforge.net/projects/mysql-python/
Reading http://sourceforge.net/projects/mysql-python
Best match: MySQL-python 1.2.3
Downloading http://download.sourceforge.net/sourceforge/mysql-python/MySQL-python-1.2.3.tar.gz
Processing MySQL-python-1.2.3.tar.gz
Running MySQL-python-1.2.3/setup.py -q bdist_egg --dist-dir /tmp/easy_install-PvF-1-/MySQL-python-1.2.3/egg-dist-tmp-MOqY_x
warning: no files found matching 'MANIFEST'
warning: no files found matching 'ChangeLog'
warning: no files found matching 'GPL'
In file included from _mysql.c:29:
pymemcompat.h:10:20: error: Python.h: No such file or directory
_mysql.c:30:26: error: structmember.h: No such file or directory
....

Fixed by installing the python-devel rpm
Second try :

$ ~/project/virtual_python/bin/easy_install MySQL-python
Searching for MySQL-python
Reading http://pypi.python.org/simple/MySQL-python/
Reading http://sourceforge.net/projects/mysql-python/
Reading http://sourceforge.net/projects/mysql-python
Best match: MySQL-python 1.2.3
Downloading http://download.sourceforge.net/sourceforge/mysql-python/MySQL-python-1.2.3.tar.gz
Processing MySQL-python-1.2.3.tar.gz
Running MySQL-python-1.2.3/setup.py -q bdist_egg --dist-dir /tmp/easy_install-30_Yax/MySQL-python-1.2.3/egg-dist-tmp-O4DYQW
warning: no files found matching 'MANIFEST'
warning: no files found matching 'ChangeLog'
warning: no files found matching 'GPL'
In file included from /usr/include/python2.4/Python.h:8,
from pymemcompat.h:10,
from _mysql.c:29:
/usr/include/python2.4/pyconfig.h:6:25: error: pyconfig-64.h: No such file or directory
In file included from /usr/include/python2.4/Python.h:55,
from pymemcompat.h:10,
from _mysql.c:29:
/usr/include/python2.4/pyport.h:612:2: error: #error "LONG_BIT definition appears wrong for platform (bad gcc/glibc config?)."
_mysql.c: In function ‘_mysql_ConnectionObject_affected_rows’:
_mysql.c:724: warning: implicit declaration of function ‘PyLong_FromUnsignedLongLong’
_mysql.c:724: warning: return makes pointer from integer without a cast
_mysql.c: In function ‘_mysql_ConnectionObject_insert_id’:
_mysql.c:1704: warning: return makes pointer from integer without a cast
_mysql.c: In function ‘_mysql_ResultObject_num_rows’:
_mysql.c:1774: warning: return makes pointer from integer without a cast
error: Setup script exited with error: command 'gcc' failed with exit status 1


Turns out that I had a 32bit python-devel package instead of the 64 bit.
One more try
$ ~/project/virtual_python/bin/easy_install MySQL-python
Processing MySQL-python-1.2.3.tar.gz
Running MySQL-python-1.2.3/setup.py -q bdist_egg --dist-dir /tmp/easy_install-E9CKk4/MySQL-python-1.2.3/egg-dist-tmp-tO6Qjb
warning: no files found matching 'MANIFEST'
warning: no files found matching 'ChangeLog'
warning: no files found matching 'GPL'
zip_safe flag not set; analyzing archive contents...
Adding MySQL-python 1.2.3 to easy-install.pth file

Installed /home/laban/project/virtual_python/lib/python2.4/site-packages/MySQL_python-1.2.3-py2.4-linux-x86_64.egg
Processing dependencies for MySQL-python==1.2.3
Finished processing dependencies for MySQL-python==1.2.3

Now on to some coding :)
Posted by at No comments:
Labels: , , ,

Tuesday, December 7, 2010

Installing OpenGrok on Debian squeeze

If you have come across lxr, then you might like openGrok. It's a cross referencer for your code. It also highlights as a bonus :) Have a look at the openoffice instance

Pull in the dependencies
  • sudo aptitude install sun-java6-jdk tomcat6 exuberant-ctags

For debian lenny, there default sysctl setting fraks up java. Fix it by setting the vars in /etc/sysctl.d/bindv6only.conf
  • net.ipv6.bindv6only = 0
  • You may restart procps or
  • echo 0 > /proc/sys/net/ipv6/bindv6only
Download the opengrok binary and unzip it
  • wget http://hub.opensolaris.org/bin/download/Project+opengrok/files/opengrok%2D0.9.tar.gz

Make the opengrok directory tree
  • mkdir /opt/opengrok/ && cd /opt/opengrok && mkdir bin data lib source

Copy over files from the unzipped directory to the installation directory
  • cp ~/opengrok-0.9/bin/* bin/
  • cp ~/opengrok-0.9/lib/ lib/

Fix your app
  • mkdir /opt/opengrok/web && cd /opt/opengrok/web && unzip ../lib/source.war
  • Edit your WEB-INF/web.xml to have:
<!-- My configs -->
 <context-param>
         <param-name>DATA_ROOT</param-name>
         <param-value>/opt/opengrok/data</param-value>
         <description>REQUIRED: Full path of the directory where data files generated by OpenGrok are stored</description>
 </context-param>

 <context-param>
         <param-name>SRC_ROOT</param-name>
         <param-value>/opt/opengrok/source</param-value>
         <description>REQUIRED: Full path to source tree</description>
 </context-param>

 <context-param>
         <param-name>SCAN_REPOS</param-name>
         <param-value>false</param-value>
         <description>Set this variable to true if you would like the web application to scan for external repositories (Mercurial)</description>
 </context-param>


  • Save and recreate the war
  • zip -r ../lib/source.war ./

Deploy your app
  • cd /opt/opengrok/bin && ./OpenGrok deploy
  • You should be able to hit the app: http://a.b.c.d:8080/source

Check out your code
  • cd /opt/opengrok/soure && hg clone https://blah.co.ke/app

Index
  • cd /opt/opengrok/bin && ./OpenGrok index /opt/opengrok/source/

Get to work :)

Pretty brilliant!

Thanks to:
Posted by at 4 comments:
Labels: , ,

Wednesday, December 1, 2010

Last few IPV4 Blocks

Looking at the statistics from IANA:

Non legacy allocated blocks are:

$ for RIR in AfriNIC ARIN APNIC RIPE UNALLOCATED ; do echo -e "$RIR:\t `cat ipv4-address-space.txt|grep ALLO |grep $RIR|grep -Ee '8'|wc -l`"; done
AfriNIC: 3
ARIN: 35
APNIC: 42
RIPE: 34
UNALLOCATED: 7

%wise these are:
for RIR in AfriNIC ARIN APNIC RIPE UNALLOCATED ; do echo -e $RIR $(echo "scale=2;100*`cat ipv4-address-space.txt|grep ALLO |grep $RIR|grep -Ee '8'|wc -l`/$TOTAL"|bc); done
AfriNIC 2.47
ARIN 28.92
APNIC 34.71
RIPE 28.09
UNALLOCATED 5.78


UNALLOCATED blocks are:
$ cat ipv4-address-space.txt |grep UNALLO|grep -Ee "8"
039/8 IANA UNALLOCATED
102/8 IANA UNALLOCATED
103/8 IANA UNALLOCATED
104/8 IANA UNALLOCATED
106/8 IANA UNALLOCATED
179/8 IANA UNALLOCATED
185/8 IANA UNALLOCATED

This year allocations:

$for RIR in AfriNIC ARIN APNIC RIPE; do echo -e "`cat ipv4-address-space.txt|grep ALLO |grep $RIR|grep -Ee '2010'`"; done|sort -k2

105/8 AfriNIC 2010-11 whois.afrinic.net ALLOCATED
001/8 APNIC 2010-01 whois.apnic.net ALLOCATED
027/8 APNIC 2010-01 whois.apnic.net ALLOCATED
223/8 APNIC 2010-04 whois.apnic.net ALLOCATED
014/8 APNIC 2010-04 whois.apnic.net ALLOCATED
049/8 APNIC 2010-08 whois.apnic.net ALLOCATED
101/8 APNIC 2010-08 whois.apnic.net ALLOCATED
036/8 APNIC 2010-10 whois.apnic.net ALLOCATED
042/8 APNIC 2010-10 whois.apnic.net ALLOCATED
050/8 ARIN 2010-02 whois.arin.net ALLOCATED
107/8 ARIN 2010-02 whois.arin.net ALLOCATED
023/8 ARIN 2010-11 whois.arin.net ALLOCATED
100/8 ARIN 2010-11 whois.arin.net ALLOCATED
031/8 RIPE NCC 2010-05 whois.ripe.net ALLOCATED
176/8 RIPE NCC 2010-05 whois.ripe.net ALLOCATED
005/8 RIPE NCC 2010-11 whois.ripe.net ALLOCATED
037/8 RIPE NCC 2010-11 whois.ripe.net ALLOCATED

ARIN, AfriNIC and RIPE just got a bunch of /8s each. While APNIC consumes about two /8s each ~3 months. So, we should be down to the last 5 in January or February next year!

Welcome to the age of IPV6
Posted by at No comments:
Labels: ,

Thursday, October 28, 2010

Table Partitions with Postgres

I recently had to import about 400 million log entries into a database for reporting. MongoDB? Some might say, I was there and was dissapointed with the performance. It's true that I don't need ACIDity but I couldn't live with a 5 day long import from the query rates I was getting. Tweaking postgres I managed to do the import overnight. It could have been faster if I didn't have to bunzip, awk and sed then dump each log file into a CSV.

After this, I realised that since I tended to do aggregate my reports on a per month basis, per month partitions might help speed things up. Here's a small pgsql script that inserts a row into the proper partition based on the log's timestamp. If the partition doesn't exist, it's auto created. It's not pretty/optimized but it works pretty well.

CREATE OR REPLACE FUNCTION  logs_insert_func()
RETURNS TRIGGER AS $$
DECLARE
        
        ourTable varchar;
        ourTableExists integer;
        ourFirstOfMonth date;
        ourFirstOfNextMonth date;
        ourInsertSTMT TEXT;
        ourCreateSTMT TEXT;
        ourMasterTable TEXT;


BEGIN
        -- The table we'll inherit from
        ourMasterTable := 'logs';
        
        -- Get the partition table names ~ master_year_month
        SELECT  ourMasterTable|| '_' || EXTRACT(ISOYEAR FROM NEW.log_time) || '_' ||  EXTRACT(MONTH FROM NEW.log_time) into ourTable;
        
        -- Create our insert statement
        ourInsertSTMT := 'INSERT INTO '|| ourTable || ' (status,log_time,svc_time,ip_addr,query) VALUES (';
        ourInsertSTMT := ourInsertSTMT|| NEW.status ||',';
        ourInsertSTMT := ourInsertSTMT|| quote_nullable(NEW.log_time) ||',';
        ourInsertSTMT := ourInsertSTMT|| NEW.svc_time ||',';
        ourInsertSTMT := ourInsertSTMT|| quote_nullable(NEW.ip_addr) ||',';
        ourInsertSTMT := ourInsertSTMT|| quote_nullable(NEW.query);
        ourInsertSTMT := ourInsertSTMT || ')';
        --
        
        --Try execute it
        EXECUTE ourInsertSTMT;
        
        -- Phew! We didn't Except
        RETURN NULL;
EXCEPTION
  WHEN OTHERS THEN
    -- Insert failed. Let's check whether the table exists
        SELECT count(*) into ourTableExists
        FROM pg_catalog.pg_class c
        WHERE c.relname = ourTable;
        
        -- If it doesn't exist, try create it
        IF ourTableExists = 0 THEN
        
                -- First  of this month and next month
                SELECT date_trunc('month', NEW.log_time) into ourFirstOfMonth;
                SELECT (ourFirstOfMonth  + interval '1 month')::date into ourFirstOfNextMonth;

                -- Create partition with range
                ourCreateSTMT := 'CREATE TABLE '|| ourTable || '(';
                ourCreateSTMT := ourCreateSTMT ||' CHECK ( log_time >=' || quote_nullable(ourFirstOfMonth)  ;
                ourCreateSTMT := ourCreateSTMT ||' AND log_time < DATE '|| quote_nullable(ourFirstOfNextMonth) || ')';
                ourCreateSTMT := ourCreateSTMT ||') INHERITS (' || ourMasterTable || ')';
                RAISE NOTICE 'Attempting to create a new table with STMT %',ourCreateSTMT;
                EXECUTE ourCreateSTMT;
                
                -- Retry to insert row
                EXECUTE ourInsertSTMT;
                
                IF NOT found THEN
                        RAISE NOTICE 'Error inserting into created partition % for %',ourTable,ourInsertSTMT;
                END IF;
                
        ELSE
                RAISE NOTICE 'Error inserting into existing partition % for %',ourTable,ourInsertSTMT;
        END IF;
        RETURN NULL;
END;

$$
LANGUAGE plpgsql;


The master table:
CREATE TABLE logs
(
  id bigserial NOT NULL,
  status smallint,
  log_time timestamp without time zone,
  svc_time real,
  ip_addr inet,
  query character varying(2048),
  CONSTRAINT logs_id PRIMARY KEY (id)
)
WITH (
  OIDS=FALSE
);


* Trigger to be called on each insert
CREATE TRIGGER logs_insert_trigger
  BEFORE INSERT
  ON logs
  FOR EACH ROW
  EXECUTE PROCEDURE logs_insert_func();


An example insert auto-creates the relevant partitions:
# insert into logs (status,log_time,svc_time,ip_addr,query)  (select status,log_time,svc_time,ip_addr,query from whois_logs);
NOTICE:  Attempting to create a new table with STMT CREATE TABLE logs_2009_1( CHECK ( log_time >='2010-01-01' AND log_time < DATE '2010-02-01')) INHERITS (logs)
NOTICE:  Attempting to create a new table with STMT CREATE TABLE logs_2009_5( CHECK ( log_time >='2009-05-01' AND log_time < DATE '2009-06-01')) INHERITS (logs)
NOTICE:  Attempting to create a new table with STMT CREATE TABLE logs_2006_9( CHECK ( log_time >='2006-09-01' AND log_time < DATE '2006-10-01')) INHERITS (logs)

Works for me. Yay!
Posted by at No comments:
Labels: , ,

Monday, October 25, 2010

Workaround for Mouse stuck in X windows

I had an issue with my macbook pro 5,5 running debian squeeze where the mouse would get stuck after moving to my second screen. It seems to be a common issue with X.
After messing around with xinput,halm xset etc, I finally got a workaround by using the python script from here.

Using the -n arguement switches you & your pointer out of the jailed screen. You may find it useful to bind it to a shortcut key.

$ tail -n 3 ~/.fluxbox/keys
#Woohooo - Workaround for stupid pointer
Control Shift N :ExecCommand /home/lmwangi/bin/screenswap.py -n

Now pressing ctrl-shift-n just switches me back to the other screen. It might make sense to modify the script so that it monitors your proximity to an edge of your jailing screen and auto-switches you to inaccessible screen.
Posted by at No comments:
Labels: , , ,

Tuesday, August 24, 2010

On garbled manpages

My man pages were garbled especially when opened in a fullscreen aterm.
See the screenshot.


It turns out that it's the "auto-hyphenation at line breaks" that breaks it. Disabling it fixes this. Do this by adding "--no-hyphenation" or "--nh" to your MANOPTS env variable.
Here's my .profile
...
export MANOPT="--no-hyphenation"
...
Posted by at No comments:
Labels: , , ,

Thursday, July 8, 2010

A simple build script for ejbca on debian. It expects you to pull the appropriate jboss and ejbca archives into $SOURCE
It's based mostly on
  • http://projects.arcs.org.au/trac/systems/wiki/HowTo/InstallSLCSServer2/InstallEJBCA
  • http://www.ejbca.org/installation.html


#!/bin/sh

set -e
SOURCE=/home/lmwangi/
export JBOSS_HOME=/opt/jboss
export PATH=$PATH:$JBOSS_HOME/bin
export APPSRV_HOME=$JBOSS_HOME
export ANT_OPTS=-Xmx512m
export JAVA_HOME=/usr/lib/jvm/java-6-sun/jre
export JAVA_OPTS="-server -Xms128m -Xmx512m"
export JAVAC_OPTS="-Dno-xdoc"

echonice() {
echo "==================================================="
echo "$1"
echo "==================================================="
echo
}
cd /opt/
rm -rf jboss/ ejbca/
unzip $SOURCE/jboss-4.2.3.GA-jdk6.zip
unzip $SOURCE/ejbca_3_10_3.zip

mv jboss-4.2* jboss/
mv ejbca_3* ejbca/

cd /opt/ejbca/conf &amp;&amp; for file in `ls *.sample`; do cp $file  `echo $file|sed -e 's/.sample//'`; done

#sed -i -e 's/httpsserver.hostname=localhost/httpsserver.hostname=some.server.com/' web.properties

echonice "Debian testing has a bug that breaks networking in java \n Refer to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560044"

sleep 5;

cd  /opt/ejbca/ &amp;&amp; ant bootstrap

#echo "Please start jboss in another shell using  /opt/jboss/bin/run.sh -b 0.0.0.0"
echonice "Attempting to start jboss in another shell"
/opt/jboss/bin/run.sh -b 0.0.0.0 &amp;
sleep 60;

echonice "Attempting install"
ant install
sleep 20;

echonice "Attempting to kill jboss"
kill `ps aux|grep jboss|grep run.sh|awk '{print $2}'`

sleep 20;

echonice "Starting ant deploy"
ant deploy


echonice "Final Jboss Startup"
/opt/jboss/bin/run.sh -b 0.0.0.0


Debug
If you are trying to get ejbca to work and run into this error on debian, have a look at this debian bug 560044

--
[echo] ca init AdminCA1 "CN=AdminCA1,O=EJBCA Sample,C=SE" soft null 2048 RSA 3650 null SHA1WithRSA conf/catoken.properties
[java] Initializing CA
[java] Generating rootCA keystore:
[java] CA name: AdminCA1
[java] DN: CN=AdminCA1,O=EJBCA Sample,C=SE
[java] CA token type: soft
[java] CA token password: null
[java] Keyspec: 2048
[java] Keytype: RSA
[java] Validity (days): 3650
[java] Policy ID: null
[java] Signature alg: SHA1WithRSA
[java] CA token properties: null
[java] Initalizing Temporary Authorization Module.
[java] javax.naming.CommunicationException: Could not obtain connection to any of these urls: 127.0.0.1:1099 and discovery failed with error: javax.naming.CommunicationException: Network is unreachable [Root exception is java.io.IOException: Network is unreachable] [Root exception is javax.naming.CommunicationException: Failed to connect to server 127.0.0.1:1099 [Root exception is javax.naming.ServiceUnavailableException: Failed to connect to server 127.0.0.1:1099 [Root exception is java.net.SocketException: Network is unreachable]]]
[java] Java Result: -1

--
Posted by at No comments:
Labels: , , , ,

Tuesday, May 4, 2010

Looking for a new home

I hate blogger. Moving this Interlog somewhere else.

>> A month or so later
Hmm, wait! This might work for me. What kills me about blogger is the amount of html editing I have to do to get the look I want.
Posted by at No comments:

Mod_auth_mysql Django Authentication

I needed a way to get mod_auth mysql to work with django password scheme so that I can have a single sign-on between apache and django. Unfortunately, Django uses a salted password scheme (hashtype$salt$Password) while mod_auth_mysql expects unsalted hashes. To take advantage of the salting advantages, it's better to update mod_auth_mysql to understand django's password scheme.
Well since blogger doesn't allow me to upload a patch file, here it goes
Patch for mod-auth-mysql-4.3.9
----
--- mod_auth_mysql.c-pristine   2010-05-04 17:07:43.000000000 +0400
+++ mod_auth_mysql.c    2010-05-04 17:08:01.000000000 +0400
@@ -103,6 +103,8 @@
 #endif
 #define SHA1SUM_ENCRYPTION_FLAG                1<<6
 
+#define DJANGO_ENCRYPTION_FLAG         1<<8
+
 static int check_no_encryption(const char *passwd, char *enc_passwd)
 {
        return (!strcmp(passwd, enc_passwd));
@@ -226,6 +228,86 @@
        return (!strcmp(sha1_hex_hash(passwd), enc_passwd));
 }
 
+static int check_django_encryption(const char *passwd, char *enc_passwd)
+{
+       char *delim = "$";
+        char *hash_type, *cp, *hash, *salt, *salted_passwd, *free_cp;
+       int ret;
+
+        // Since strtok alters the string it is parsing,
+       // we should always copy the string to a temporary buffer
+       cp = strdup (enc_passwd);
+
+       // strdup()  function  returns a pointer to the duplicated string, or
+       // NULL if insufficient memory was available
+       if (cp == NULL){
+               //TODO: Use the proper log for these errors. Not syslog
+               syslog(LOG_DEBUG, "Module_Auth_MySQL: Couldn't allocate memory for %s.\nExiting\n", cp);
+               return 0;
+       }
+       free_cp = cp;
+
+
+       //split the hash_type out
+       hash_type = strtok(cp, delim);
+       if (hash_type == NULL){
+               syslog(LOG_DEBUG, "Module_Auth_MySQL: Couldn't find %s in %s.\nExiting\n",delim, cp);
+               free(free_cp);
+               return 0;
+       }
+
+       //split the salt out
+       salt = strtok(NULL, delim);
+       if (salt == NULL){
+               syslog(LOG_DEBUG, "Module_Auth_MySQL: Couldn't find %s in %s.\nExiting\n",delim, cp);
+               free(free_cp);
+               return 0;
+       }
+
+       //split the salt out
+       hash = strtok(NULL, delim);
+       if (hash == NULL){
+               syslog(LOG_DEBUG, "Module_Auth_MySQL: Couldn't find %s in %s.\nExiting\n",delim, cp);
+               free(free_cp);
+               return 0;
+       }
+
+#ifdef DEBUG
+       syslog(LOG_DEBUG, "MAMDEBUG: DJANGO called: passwd:%s enc_password:%s", passwd, enc_passwd);
+       syslog(LOG_DEBUG, "MAMDEBUG: Hash method: %s\n", hash_type);
+       syslog(LOG_DEBUG, "MAMDEBUG: Salt: %s\n", salt);
+       syslog(LOG_DEBUG, "MAMDEBUG: Hash: %s\n", hash);
+#endif
+
+       // Concat salt and password.
+       salted_passwd = malloc(strlen(salt)+strlen(passwd)+1);
+       if (salted_passwd == NULL){
+               syslog(LOG_DEBUG, "Module_Auth_MySQL: Couldn't allocate memory for %s.\nExiting\n", salted_passwd);
+               free(free_cp);
+               return 0;
+       }
+       strcpy(salted_passwd, salt);
+       strcat(salted_passwd, passwd);
+       
+       if( !strcmp(hash_type, "sha1") ) {
+               ret = (!strcmp(sha1_hex_hash(salted_passwd), hash));
+       }
+       else if( !strcmp(hash_type, "md5") ) {
+               ret = (!strcmp(md5_hex_hash(salted_passwd), hash));
+       }
+       else {
+               syslog(LOG_DEBUG, "Module_Auth_MySQL: Uknown salt type %s.", hash_type);        
+               ret = 0;
+       }
+
+       //Free the strdup resource and the malloc resource
+       free(free_cp);
+       free(salted_passwd);
+
+        return ret;
+}
+
+
 
 static int check_mysql_encryption(const char *passwd, char *enc_passwd)
 {
@@ -254,6 +336,7 @@
        { "PHP_MD5",            check_PHP_MD5_encryption,               PHP_MD5_ENCRYPTION_FLAG },
        { "SHA1Sum",    check_SHA1Sum_encryption, SHA1SUM_ENCRYPTION_FLAG},
        /* add additional encryption types below */
+       { "Django",     check_django_encryption, DJANGO_ENCRYPTION_FLAG},
        { NULL,                 NULL,                                   0 }
 };

----
A dpatch is also available for debian users. Read more about dpatch here. Remember to update your 00list :)
Posted by at No comments:
Labels: , , ,

Monday, April 5, 2010

python-ldap error

I kept running into a
{'desc': 'Bad parameter to an ldap routine'}
error while trying to add a record from django. Turns out that in the form validation, I had a few fields defined as IntegerFields which means i was passing
('uidNumber', 5001)
instead of
('uidNumber', '5001')
to python-ldap. Casting to an ascii string works. Unicode doesn't
Posted by at No comments:
Labels: , , ,

OpenSSL compatible encryption

I wanted to have a Perl program that encrypted a file using perl's Crypt::CBC and be able to decrypt it using the OpenSSL enc application. It took me awhile to figure this one out.

my $cipher = Crypt::CBC->new(
-key => "123",
-cipher => 'Blowfish',
-keysize => 128/8,
-header => 'salt'
);


This works with
openssl enc -bf-cbc -d -in /tmp/staging/passwd.gz.enc -out ah -pass pass:123


The same applies for other ciphers e.g
my $cipher = Crypt::CBC->new(
-key => "123",
-cipher => 'Rijndael',
-keysize => 128/8,
-header => 'salt'
);


This works with
openssl enc -aes-128-cbc -d -in /tmp/staging/passwd.gz.enc -out ah -pass pass:123


Inspiration from stackoverflow
Posted by at No comments:
Labels: , , , , ,

Thursday, March 18, 2010

Monitoring MySQL Replication with mk-heartbeat.

A quick howto on using mk-heartbeat to monitor MySQL Replication and graphing it with zenoss/any other snmp grapher/monitor


 Master End

  • Download Mk-heartbeat 

wget http://www.maatkit.org/get/mk-heartbeat

  • Create a database and grant for maatkit 

create database maatkit;
grant all on maatkit.* to maatkit@localhost identified by 'Whatever';

  • Start the heartbeat and let it auto-create the heartbeat table 

perl mk-heartbeat -u maatkit -pWhatever --database maatkit --table heartbeat --update --create-table

Slave End

  • Verify that the DDL replicated 

mysql> select * from maatkit.heartbeat;
+----+---------------------+
| id | ts                  |
+----+---------------------+
|  1 | 2010-03-02 16:30:32 | 
+----+---------------------+

  • Let mk-heartbeat run 

mk-heartbeat -u maatkit -pWhatever --database maatkit --table heartbeat --monitor  --interval 15 --file /tmp/heartbeat --daemonize

  • Fix file selinux context (I don't think it's the right one but it works ) 

chcon system_u:object_r:snmpd_var_run_t:s0 /tmp/heartbeat

  • Why not look at how far we are lagging by querying (Wow! We are lagging)

mysql> select ts,now() from maatkit.heartbeat;
+---------------------+---------------------+
| ts                  | now()               |
+---------------------+---------------------+
| 2010-03-16 12:52:45 | 2010-03-17 17:59:23 |
+---------------------+---------------------+
1 row in set (0.00 sec)

mysql> select ts,now() from maatkit.heartbeat;
+---------------------+---------------------+
| ts                  | now()               |
+---------------------+---------------------+
| 2010-03-16 12:53:15 | 2010-03-17 17:59:29 |
+---------------------+---------------------+
1 row in set (0.00 sec)

mysql> select ts,now() from maatkit.heartbeat;
+---------------------+---------------------+
| ts                  | now()               |
+---------------------+---------------------+
| 2010-03-16 12:53:30 | 2010-03-17 17:59:32 |
+---------------------+---------------------+

  • Integrate with SNMP using dedicated to this purpose

  • Extend snmpd.conf 

extend .1.3.6.1.4.1.30630.2.2.1 mk-heartbeat-lag /usr/local/bin/repl_lag 1
extend .1.3.6.1.4.1.30630.2.2.2 mk-heartbeat-lag /usr/local/bin/repl_lag 2
extend .1.3.6.1.4.1.30630.2.2.3 mk-heartbeat-lag /usr/local/bin/repl_lag 3
extend .1.3.6.1.4.1.30630.2.2.4 mk-heartbeat-lag /usr/local/bin/repl_lag 4

  • Create repl_lag script 

#!/bin/sh
#Monitor file
LAGFILE=/tmp/heartbeat
case "$1" in 
'1')
     #Current LAG
      cat $LAGFILE|awk '{print $1}'|sed -e "s/s//"
;;
'2')
     #1 minute average
     cat $LAGFILE|awk -F[ '{print $2}'|awk '{print $1}'|sed -e "s/s,//"
;;
'3')
     #5 Minute average
     cat $LAGFILE|awk -F[ '{print $2}'|awk '{print $2}'|sed -e "s/s,//"
;;
'4')
     cat $LAGFILE|awk -F[ '{print $2}'|awk '{print $3}'|sed -e "s/s//"
;;
esac

  • Restart snmpd and test 

snmpwalk -c Community -v2c my.mu.company.net .1.3.6.1.4.1.30630.2.2.4
SNMPv2-SMI::enterprises.30630.2.2.4.1.0 = INTEGER: 1
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.2.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = STRING: "/usr/local/bin/repl_lag"
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.3.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = STRING: "4"
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.4.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = ""
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.5.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = INTEGER: 5
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.6.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = INTEGER: 1
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.7.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = INTEGER: 1
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.20.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = INTEGER: 4
SNMPv2-SMI::enterprises.30630.2.2.4.2.1.21.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = INTEGER: 1
SNMPv2-SMI::enterprises.30630.2.2.4.3.1.1.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = STRING: "0.41"
SNMPv2-SMI::enterprises.30630.2.2.4.3.1.2.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = STRING: "0.41"
SNMPv2-SMI::enterprises.30630.2.2.4.3.1.3.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = INTEGER: 1
SNMPv2-SMI::enterprises.30630.2.2.4.3.1.4.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103 = INTEGER: 0
SNMPv2-SMI::enterprises.30630.2.2.4.4.1.2.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103.1 = STRING: "0.41"

Monitor End

  • Log into zenoss and navigate to Devices->Server->[Linux o r whatever you use]

  • Click on the Templates tab

  • From the Available Perfomance Templates tab, click on add template

  • Type in an in. Mine was MySQL Replication

  • Add a Description and save

  • Under Data sources, Add a new snmp datasource. Example: ID: MySQL Replicationg Lag

  • In the Data Souce add the OID derived from the snmpwalk e.g 1.3.6.1.4.1.30630.2.2.1.4.1.2.16.109.107.45.104.101.97.114.116.98.101.97.116.45.108.97.103.1

  • The type is a gauge (Like a speed-o-meter ) rather than a counter (Which is like the miles covered)

  • Click Save

  • You may add the IP/Hostname of a test device and click on test (One of your MySQL snmpd hosts)

  • Save and iterate for the other counters (1min avg, 5 min avg and 15 min avg)

  • Go back to the Performance Template page

  • Under Thresholds, Add a new threshold say MySQL Lag Warn

  • Click on the datapoints to apply the threshold to. I opted to track the realtime Lag

  • Put the number of seconds on the max field. 120 is 2 minutes of lag. Any more and I will be paged

  • Add a critical threshold

  • Go back to the Performance Template page

  • Add a Graph Definition.

  • Add the datapoints created earlier under Graph points. The relevant associated thresholds should also be auto-added.

  • You may want to resequence the points

  • Click save.

  • Naviagate back to Device List using the menu bar on the left.

  • Click on a MySQL host that you want to add a replication lag graph for

  • On the dropdown menu, select More->Templates

  • Under Perfomance Templates, Select Bind Templates

  • Select all the templates you are interested in (Mine was Device and MySQL Replication)

  • Click OK

  • Click on the perf tab should give you a graph.

Here's mine showing a tunnel break that caused a > 24 hour lag and the subsequent catching up

And the network graph.


Yeah... It's a slow link :)

Posted by at No comments:
Labels: , , ,

Monday, February 8, 2010

Getting FreeBSD installed on the Soekris net5501


The Net5501 is an x86 based computer with decent hardware for your LAN/WAN. In my case, I needed to setup a FreeBSD based OpenVPN server. I had a vanilla net5501 with a SanDisk SDCFH2-004G HDX 4.32 4GB CF Card,.
The general installation plan was to either use PXE booting or writing to a CF card. PXE booting works like a charm with Debian, FreeBSD is another beast though. Googling abit on the Internets, I landed on Barry's page and idea of using a VM with a CF as the install target. Worked like charm.

Aside:
It's a good idea to dd your CF card image and store it for future installations/clones. You can restore this image using a command such as:
dd if=/path/to/freebsd_3919MB_SanDisk-SDCFH2-004G_HDX_4.32.dd.bz2 of=/dev/sdd
Installation:
Download the relevant freeBSD ISO
Download KVM
Configure a VM to boot off the FreeBSD ISO and the storage medium to be your compact flash card (/dev/sdx).
Install FreeBSD as usual
After installation, boot into your brand new FreeBSD
Adjust your /etct/rc.conf for Soekris network cards (sis instead of KVM's ed)
ifconfig_vr0="inet 196.1.0.129 netmask 255.255.255.192 up"
ifconfig_vr1="DHCP"
Enable a console on the serial port in /etc/ttys by editing the ttyu0 line:
ttyu0 "/usr/libexec/getty std.9600" vt100 on secure
Lastly, add the following lines to /boot/loader.conf:
comconsole_speed="9600"
console="comconsole"

Kernel compile
Install Kernel source via NFS. Please refer to the FreeBSD handbook

Create a kernel config directory
mkdir /root/kernels
Start a new kernel by editing a copy of GENERIC
cp /usr/src/sys/i386/conf/GENERIC /root/kernels/SOEKRIS.KERNEL
ln -s /usr/src/sys/i386/conf/SOEKRIS.KERNEL /root/kernels/SOEKRIS.KERNEL
Sample Config (geared for an openvpn box)
cat /root/kernels/SOEKRIS.KERNEL
#
# GENERIC -- Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the config(5) manual page,
# and/or the handbook section on Kernel Configuration Files:
#
# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.519.2.4.2.2 2009/11/09 23:48:01 kensmith Exp $

#cpu I486_CPU
cpu I586_CPU
#cpu I686_CPU
ident SOEKRIS

#Soekris Specific
#From http://wiki.soekris.info/Installing_FreeBSD
options CPU_SOEKRIS

options CPU_ELAN
options CPU_ELAN_PPS
options CPU_ELAN_XTAL=32768000

options CPU_GEODE

#CARP
device carp

# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.

# Use the following to compile in values accessible to the kernel
# through getenv() (or kenv(1) in userland). The format of the file
# is 'variable=value', see kenv(1)
#
# env "GENERIC.env"

makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols

options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
#options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
#options NFSSERVER # Network Filesystem Server
options NFSLOCKD # Network Lock Manager
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
#options MSDOSFS # MSDOS Filesystem
#options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
#options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty)
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
#options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
options FLOWTABLE # per-cpu routing cache
#options KDTRACE_HOOKS # Kernel DTrace hooks

# To make an SMP kernel, the next two lines are needed
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC

# CPU frequency control
device cpufreq

# Bus support.
device acpi
device eisa
device pci

# Floppy drives
#device fdc

# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
#device ataraid # ATA RAID drives
#device atapicd # ATAPI CDROM drives
#device atapifd # ATAPI floppy drives
#device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering

# SCSI Controllers
#device ahb # EISA AHA1742 family
#device ahc # AHA2940 and onboard AIC7xxx devices
#options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
#device ahd # AHA39320/29320 and onboard AIC79xx devices
#options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
#device amd # AMD 53C974 (Tekram DC-390(T))
#device hptiop # Highpoint RocketRaid 3xxx series
#device isp # Qlogic family
#device ispfw # Firmware for QLogic HBAs- normally a module
#device mpt # LSI-Logic MPT-Fusion
#device ncr # NCR/Symbios Logic
#device sym # NCR/Symbios Logic (newer chipsets + those of `ncr')
#device trm # Tekram DC395U/UW/F DC315U adapters

#device adv # Advansys SCSI adapters
#device adw # Advansys wide SCSI adapters
#device aha # Adaptec 154x SCSI adapters
#device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
#device bt # Buslogic/Mylex MultiMaster SCSI adapters

#device ncv # NCR 53C500
#device nsp # Workbit Ninja SCSI-3
#device stg # TMC 18C30/18C50

# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
#device ch # SCSI media changers
device da # Direct Access (disks)
#device sa # Sequential Access (tape etc)
#device cd # CD
#device pass # Passthrough device (direct SCSI access)
#device ses # SCSI Environmental Services (and SAF-TE)

# RAID controllers interfaced to the SCSI subsystem
#device amr # AMI MegaRAID
#device arcmsr # Areca SATA II RAID
#device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
#device ciss # Compaq Smart RAID 5*
#device dpt # DPT Smartcache III, IV - See NOTES for options
#device hptmv # Highpoint RocketRAID 182x
#device hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx
#device iir # Intel Integrated RAID
#device ips # IBM (Adaptec) ServeRAID
#device mly # Mylex AcceleRAID/eXtremeRAID
#device twa # 3ware 9000 series PATA/SATA RAID

# RAID controllers
#device aac # Adaptec FSA RAID
#device aacp # SCSI passthrough for aac (requires CAM)
#device ida # Compaq Smart RAID
#device mfi # LSI MegaRAID SAS
#device mlx # Mylex DAC960 family
#device pst # Promise Supertrak SX6000
#device twe # 3ware ATA RAID

# atkbdc0 controls both the keyboard and the PS/2 mouse
#device atkbdc # AT keyboard controller
#device atkbd # AT keyboard
#device psm # PS/2 mouse

#device kbdmux # keyboard multiplexer

#device vga # VGA video card driver

#device splash # Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
#device sc

#device agp # support several AGP chipsets

# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer

# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
#device cbb # cardbus (yenta) bridge
#device pccard # PC Card (16-bit) bus
#device cardbus # CardBus (32-bit) bus

# Serial (COM) ports
device uart # Generic UART driver

# Parallel port
#device ppc
#device ppbus # Parallel port bus (required)
#device lpt # Printer
#device plip # TCP/IP over parallel
#device ppi # Parallel port interface device
#device vpo # Requires scbus and da

# If you've got a "dumb" serial or parallel PCI card that is
# supported by the puc(4) glue driver, uncomment the following
# line to enable it (connects to sio, uart and/or ppc drivers):
#device puc

# PCI Ethernet NICs.
#device de # DEC/Intel DC21x4x (``Tulip'')
#device em # Intel PRO/1000 Gigabit Ethernet Family
#device igb # Intel PRO/1000 PCIE Server Gigabit Family
#device ixgb # Intel PRO/10GbE Ethernet Card
#device le # AMD Am7900 LANCE and Am79C9xx PCnet
#device ti # Alteon Networks Tigon I/II gigabit Ethernet
#device txp # 3Com 3cR990 (``Typhoon'')
#device vx # 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
#device ae # Attansic/Atheros L2 FastEthernet
#device age # Attansic/Atheros L1 Gigabit Ethernet
#device alc # Atheros AR8131/AR8132 Ethernet
#device ale # Atheros AR8121/AR8113/AR8114 Ethernet
#device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet
#device bfe # Broadcom BCM440x 10/100 Ethernet
#device bge # Broadcom BCM570xx Gigabit Ethernet
#device dc # DEC/Intel 21143 and various workalikes
#device et # Agere ET1310 10/100/Gigabit Ethernet
#device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet
#device lge # Level 1 LXT1001 gigabit Ethernet
#device msk # Marvell/SysKonnect Yukon II Gigabit Ethernet
#device nfe # nVidia nForce MCP on-board Ethernet
#device nge # NatSemi DP83820 gigabit Ethernet
#device nve # nVidia nForce MCP on-board Ethernet Networking
#device pcn # AMD Am79C97x PCI 10/100 (precedence over 'le')
#device re # RealTek 8139C+/8169/8169S/8110S
#device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (``Starfire'')
#device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device stge # Sundance/Tamarack TC9021 gigabit Ethernet
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 ``EPIC'')
#device vge # VIA VT612x gigabit Ethernet
device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')

# ISA Ethernet NICs. pccard NICs included.
device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
#device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
#device ex # Intel EtherExpress Pro/10 and Pro/10+
#device ep # Etherlink III based cards
#device fe # Fujitsu MB8696x based cards
#device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
#device sn # SMC's 9000 series of Ethernet chips
#device xe # Xircom pccard Ethernet

# Wireless NIC cards
#device wlan # 802.11 support
#options IEEE80211_DEBUG # enable debug msgs
#options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's
#options IEEE80211_SUPPORT_MESH # enable 802.11s draft support
#device wlan_wep # 802.11 WEP support
#device wlan_ccmp # 802.11 CCMP support
#device wlan_tkip # 802.11 TKIP support
#device wlan_amrr # AMRR transmit rate control algorithm
#device an # Aironet 4500/4800 802.11 wireless NICs.
#device ath # Atheros pci/cardbus NIC's
#device ath_hal # pci/cardbus chip support
#options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors
#device ath_rate_sample # SampleRate tx rate control for ath
#device ral # Ralink Technology RT2500 wireless NICs.
#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
##device wl # Older non 802.11 Wavelan wireless NIC.

# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device tun # Packet tunnel.
device pty # BSD-style compatibility pseudo ttys
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter

# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
#device udbp # USB Double Bulk Pipe devices
#device uhid # "Human Interface Devices"
#device ukbd # Keyboard
#device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
#device ums # Mouse
#device rum # Ralink Technology RT2501USB wireless NICs
#device ural # Ralink Technology RT2500USB wireless NICs
#device uath # Atheros AR5523 wireless NICs
#device zyd # ZyDAS zb1211/zb1211b wireless NICs
#device urio # Diamond Rio 500 MP3 player
# USB Serial devices
#device u3g # USB-based 3G modems (Option, Huawei, Sierra)
#device uark # Technologies ARK3116 based serial adapters
#device ubsa # Belkin F5U103 and compatible serial adapters
#device uftdi # For FTDI usb serial adapters
#device uipaq # Some WinCE based devices
#device uplcom # Prolific PL-2303 serial adapters
#device uslcom # SI Labs CP2101/CP2102 serial adapters
#device uvisor # Visor and Palm devices
#device uvscom # USB serial support for DDI pocket's PHS
# USB Ethernet, requires miibus
#device aue # ADMtek USB Ethernet
#device axe # ASIX Electronics USB Ethernet
#device cdce # Generic USB over Ethernet
#device cue # CATC USB Ethernet
#device kue # Kawasaki LSI USB Ethernet
#device rue # RealTek RTL8150 USB Ethernet
#device udav # Davicom DM9601E USB

# FireWire support
#device firewire # FireWire bus code
#device sbp # SCSI over FireWire (Requires scbus and da)
#device fwe # Ethernet over FireWire (non-standard!)
#device fwip # IP over FireWire (RFC 2734,3146)
#device dcons # Dumb console driver
#device dcons_crom # Configuration ROM for dcons

Compile
mkdir -p /usr/src/sys/compile/SOEKRIS.KERNEL
/usr/sbin/config SOEKRIS.KERNEL
cd ../compile/SOEKRIS.KERNEL/
make depend && make
make install
reboot
Remember to put some decent variables into rc.conf
# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Fri Feb 5 12:47:29 2010
# Created: Fri Feb 5 12:47:29 2010
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname=vpn.example.net
gateway_enable="YES"
inetd_enable="NO"
keymap="us.iso"
moused_enable="YES"
sshd_enable="YES"
ipv6_enable="YES"
ifconfig_vr0="inet 1.2.3.129 netmask 255.255.255.192 up"
ifconfig_vr1="DHCP"

#Add ons
fsck_y_enable="YES"
background_fsck="NO"

#Added manually to enable firewalling
#Be aware that this allows the subnet to access the box
#firewall_enable="YES"
#firewall_type="client"
#firewall_logging="YES"


#Start SNMPD
#
#snmpd_enable="YES"
#snmpd_flags="-a"
#snmpd_conffile="/etc/snmp/snmpd.conf"
#snmptrapd_enable="YES"
#snmptrapd_flags=" -u snmp -a -p /var/run/snmptrapd.pid"

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)