Lotus Domino

Inventory tracking with the Sun Inventory Application

Sun has a unique application on their web site called Sun Inventory that will track hardware, software and operating systems. It is unique in that it is, more or less, a cloud application. You can access your inventory anywhere that you have internet access.

The Sun Inventory application tracks these items by installing a small application on the machine that you want to inventory. Initially it will report back the hardware and operating system. As qualified applications are installed the agent will report these back to the Sun Inventory application without any interaction on your part.

Getting started is simple. Go here to get started. If you don’t have a Sun account go ahead and sign up. Once you are signed in it is a 3 step process to get started.

Step one is to download what are known as service tags. This is the application that you will install to “tag” your inventory so that it can be put into the application. Tags are available for Red Hat Enterprise Linux, Suse Enterprise Linux, Solaris and Windows. Download the appropriate tag for your operating system and install it on the machine on which you want to inventory. The tagging also works on Virtualized Machines from Red Hat Virtualization and from VMs using Virtual Box. I didn’t check any other virtualization applications.

Steps two and three are discovering and registering your “gear” as Sun calls it. This downloads a small java program onto your machine to help in finding and registering tag ready machines. With this application you can find your machines in various ways such as hostname, subnet and ip address. Below is a screen shot of the information that you can use to find your tagged your machines.

Once you have done this a screen will pop up showing the gear that the registration client found. You will then login to your Sun Account and choose which products that you want to register. Once they are registered what you will see is like the following screen shot.

As you can see I have my 1u server tagged along with the host and virtual operatings systems. The OpenSolaris machine is running on Virtual Box. The OpenOffice application was installed after I tagged and registered the machine. Since the tag runs as a service it picked up the OpenOffice application and registered it as part of the OpenSolaris machine.

This is a great way to get your machines and related software inventoried and get control of it.

-j

Logging for BIND in a chroot environment

Today while setting up a new BIND server I decided that it might be a good time to start using the chroot-bind package in a chroot environment. This presented a set of challenges that I wasn’t quite expecting. While they weren’t difficult to sort out I thought that i might help you save some time.

The first question that popped up was where do I put the configuration and log files. Since we are in a chrooted environment they go under the var and etc files below the chroot. For CentOS this is /var/named/chroot/{var,named}. Don’t let this get you confused when you put in the path in the files in the named.conf. In the named.conf it will start as normal in the var and etc directories. Just remember that it is referring to those directories under /var/named/chroot and not under /etc/ and /var/named. Those are the places that you would expect to see them in a non chroot environment.

options {
directory “/var/named/pz”; ##This path starts under /var named/chroot/


After sorting this out and getting my server running I noticed that I was not getting any logging for my BIND server. BIND, when installed in a typical environment, places it’s logs in /var/log/messages by default. Setting up logs in the chroot environment requires a stanza for logging be set up in named.conf. You will also need to specify what you want to log as well as the severity level. There is a default variable that will give you all logging except for query. You will need to set up logging for queries separately in a separate stanza.

Following is an example of what my finished logging stanza’s are in named.conf:

# Logging Configuration
#
logging {
#
# Define channels for the two log files
#
channel query_log {
severity info;
print-time yes;
file “/var/log/query.log” versions 3 size 100M;
};
category query {
query_log;
};
channel default_log {
severity info;
print-time yes;
print-category yes;
print-severity yes;
file “/var/log/activity.log” versions 3 size 100M;
};
category default {
default_log;
};
};


Notice that you have a primary logging stanza. Under this you enter whatever you want to call your channel stanza. This is where you enter the severity to log along with various other options. Under this is place the category log which defines whatever is it that your logging. In mine I am logging the default and queries. Also notice the “file” paths in the channel stanza. Again this is the var that starts under /var/named/chroot and not the typical /var/log. The logs are created whenever you start BIND.

You can read more about the logging syntax and available entries by reading the file /usr/share/doc/bind-9.3.4/arm/Bv9ARM.ch06.html. Scroll down until you find the section titled “logging Statement Grammar” and start reading from there. The quickest and easiest way to read this is with a text only browser such as elinks.

Enjoy your new secure BIND server!

-j

Red Hat and the IBM Open Collaboration Client Solution

Have you heard about the Red Hat and IBM Open Client Collaboration Solution (OCCS)? This is a collaboration solution put together by Red Hat and IBM utilizing the Notes Domino collaboration suite running on Red Hat.

Normally I try to stay away from proprietary solutions of this magnitude because there are plenty of open source solutions that can accomplish the same thing. But IBM is a staunch supporter of open source. At Lotusphere they go so far as to push the Notes Domino platform running on Linux as opposed to Windows.

Using Red Hat to host the Notes Domino platform provides the stability of Red Hat using a very strong collaboration suite that should meet any company’s needs. The suite can provide email, team rooms, document storage and very much more. Starting with version 8 it comes with Symphony, a free office suite built by IBM using the OpenOffice core code.

IBM’s Notes Domino platform provides the ability to build custom databases to fit your users needs. They can pull data from at least MySQL and Microsoft’s SQL server. You can then build that into a Notes database or an HTML page. The HTML can be rendered on Apache or the Notes Domino Web Server.

Along with the typical security provided by the Red Hat platform Notes Domino provides group and individual ACLs. The platform allows for customized security for individuals that are in the same group.

Red Hat and IBM have released a worksheet that will help you estimate your cost savings by migrating from Windows to Red Hat. It even includes the cost of the Domino servers and the Notes clients. You can find this work sheet www.compariv.com

Migrating from Windows to Red Hat allows you to migrate at your own pace. The Notes Domino platform allows for a smooth migration by having the ability to mix the Red Hat and Windows environments. This allows you a smooth migration without any loss of production.

If you’re looking for a strong collaboration suite that can provide all of your collaboration needs at a cost effective price using the Notes Domino platform along Red Hat Linux is the one to consider.

-j

Why use Linux?

I hear this question occasionally. I hear the usual because it’s free or because it’s secure. While all of this is true and certainly plays a part in the decision to use Linux it is not my primary reason for using Linux.

In a nutshell it comes down to a substantially better price:performance ratio. Take for example Red Hat’s virtualization product. For starters Red Hat integrates their virtualization product into the operating system at no additional cost. The real kicker though is the performance when compared to VMWare.

Red Hat and Intel worked together to produce a tightly integrated virtualization package with the Caneland processor. Having completed the project they asked independent laboratory Principled Technologies to perform some industry-standard benchmarks on these new capabilities. The results can be found here

In their tests they used a Red Hat 3 stand alone server, a Red Hat 5 server and another Red Hat 3 server virtualized on the RH5 machine. The results are as follows:

* A Xeon system running Red Hat Enterprise Linux 3 achieved approximately 210,000 operations/second (4 socket, hyperthreaded, dual core allowing for 16 compute threads).
* A Caneland system running Red Hat Enterprise Linux 5 achieved approximately 380,000 operations/second (4 socket, quad core also allowing for 16 compute threads).
* A Red Hat Enterprise Linux 3 virtualized guest running on a Red Hat Enterprise Linux 5 host achieved approximately 340,000 operations/second. So Red Hat Enterprise Linux 3 delivered a performance increase of over 50 percent when running virtualized on the new Caneland system.

Regarding virtualization on VMWare there are some points to consider. The first is quite simply the added cost of VMWare regardless of what operation system is your choice. Regarding virtualization Red Hat Enterprise Linux guests can utilize all the underlying hardware - so a full quad-core, 4-socket system can be virtualized and presented to Red Hat Enterprise Linux 3. VMWare does not support guests with more than 4 executable threads. What that means is that VMware cannot provide a virtual machine guest larger than 1/4 of the new Caneland capacity.

Although I discussed only one technology there are many examples to be found. And when I hear of places such as Indiana University with almost 200,000 faculty and staff, Amerada Hess Corporation - Oil Exploration Supercomputing, Burlington Coat Factory - Entire Systems, Conoco - Oil Exploration Supercomputing I have to believe that these folks have some very smart engineers and CTOs on their IT staff that would decide that Linux is the best platform on which to be running. The complete list can be found here.

-j

Two Linux utilities you should always have

Those two utilities are aria2 and screen.

Quite often as administrators we have to download large files. We may start this work from a workstation at work or over the VPN to a server at work. The best way that I’ve found to handle this task is using aria2.

The aria2 utility is command line driven. It supports downloads via bittorrent, http(s), ftp and metalink. It can download one file or multiple files from multiple sources or protocols simultaneously. In handling multiple downloads it attempts to utilize all of your available download bandwidth.

Downloading via a local bittorrent file is as simple as

aria2c file1.torrent file2.torrent

or from an http site
.
aria2c http://site/file.torrent

If you want to download multiple torrents use this command:

aria2c -s2 http://host/image.iso http://mirror1/image.iso http://mirror2/image.iso

If you want to download the same file from two different locations use:

aria2c -s2 http://host/image.iso http://mirror1/image.iso http://mirror2/image.iso

The -s2 indicates that you want to download from two site. If one of the sites fail aria2 will attempt to use the 3rd listed sitte.

I’ll leave you to visit aria2’s site and explore the many options that they have to offer.

The next utility is screen. In many case you will find that it works very well to use aria2 and screen together.

Screen is a utility that, when logged into a remote machine via ssh, you can start a screen session and begin your work. If you lose your ssh connection screen will still have the job that you started earlier when you again log in. You can also detach the screen session from you current ssh session, go home or move to another work station, log in again and reattach to your screen.

This is a fantastic utility that becomes a real life saver when running long jobs, downloading large files such and iso’s and having documents open via ssh using an editor such as VIM. Imagine that you just started compiling a kernel and were called away from your office. Over the standard ssh session you have no way to check the progress. With screen though you can log in to the remote machine, attach to the screen session and check on the progress of your compile.

I say that it can work hand in hand with aria2 because of downloading large files such as iso’s. Start your screen session and your aria2 job, detach from your screen session and go home or wherever you need to go. Once at your destination login to the remote machine and reattach to your screen session. If the iso is downloaded mount it via a loop device and do whatever you need with it.

Both of these utilities are command line driven, very powerful and helpful, and very easy to use. You can probably find them in your rpm or deb repositories. Give them a spin and you just might find a whole new way of computing or at the very least to really great utilities to put in your tool box.

-j

Script Word and OpenOffice documents to pdf

I ran into a situation a couple of weeks ago where it would be convenient to script Word and OpenOffice documents into pdf format. One of my jobs here is to create the network and email login documentation for newly hired people. I have the document creation automated through an AutoIT script. I previously posted about AutoIT here.

The next step after creating the Word document is to copy it to my Linux workstation where my Lotus Notes client resides. Once there I want to convert it to pdf and attach it to an email for sending to the new hire’s manager.

I copy the newly created Word document using Putty’s pscp application. This script is called from the AutoIT script that creates the documents. The pscp script is written as follows:

pscp -pw mypassword -r c:\userdocs jslittl@centos5-xvm:/home/jslittl/Documents/Notes-Domino/users2convert

You can place this script at the end of your AutoIT script so that it copies your document to wherever you want. So this is where I am in the process: AutoIT script to create the document => scp the document to my Linux workstation.

I followed the instructions here to setup OpenOffice for scripting the documents to pdf. My script to do so is setup like this:

[jslittl@centos5-xvm userdocs]$ cat convertDir2PDF.sh
#!/bin/sh
for i in *.doc; do echo $i; doc2pdf “$i”; sleep 5; done #this will convert all documents in the directory
# zip newusers *.pdf # this is for when there are a large number documents going to the same place-easier to attach 1 zip file
mv *.doc `pwd`/finished-doc # I created the next 3 directories to hold the finished documents
mv *.pdf `pwd`/finished-pdf
mv *.zip `pwd`/finished
[jslittl@centos5-xvm userdocs]$


That’s it! Just attach them to the email and send them on.

Single signon with Clipperz

Clipperz provides single signon capabilities using a web browser for all of your web based sites. Clipperz is an open source project started in 2005 by Marco and Giulio Cesare. I have been using Clipperz now for about six months on a daily basis.

From an end user perspective the process is quite simple. Go to Clipperz and register. After registering you can then start adding the sites that you visit that require a password.

Once you are on the logged into Clipperz click on the Tools link on the orange tool bar on the right hand side. Once on that page scroll down and drag and drop the Add to Clipperz widget to you book marks bar.

Now browse to a web site that requires that you login. While at the login page click on the Add to Clipperz link in the bookmarks toolbar. A small pop-up window will open with some code inside. Copy this code and click on the tab (you are using tabbed browsing aren’t you?) where you are logged into Clipperz. Scroll down to the bottom of the page and click the radio button next to Direct login. Now paste the copied code from the pop-up window into the box title Direct login configuration and then click the create button.

After clicking the create button a new text box will show. This is where you put in your login and password information for the web site that you are adding to Clipperz. After you put this in and create it the web site will show on the middle and left hand side of your screen.

Click on the web site link listed on the left hand side of your screen. This will open up a new tab and automatically log you into the site. If you want to edit the title or change the pasword (or if you got it wrong when creating the link) click on the link in the middle of the page. This will allow you to edit your login information. It even has a facility to decrypt your password if you want to see what it is or just make sure that your are typing it correctly.

For the more technical or paranoid among us Clipperz uses Ajax and JavaScript technologies built into your browser to encrypt your passwords. The encryption takes place locally on your computer before being sent to the Clipperz servers. Thus the only thing sent over the internet or stored on their servers are the scrambled bits of your password.

With the advent of SaaS and Cloud Computing you need a secure single signon solution for your web based sites where you store photos, financial data and other electronic data. Clippez fills this need as well as working as a password manager and a vault for confidential data. Give it a spin today!

Full disclosure: I have no affiliation with Clipperz other than being a satisfied user.

-j

Script repetitious tasks in a GUI with AutoIT

Do you find yourself wanting to script repetitious tasks in a GUI? Wish there was a way to automate it? There is now.

Unlike shell scripting where many tasks can be automated this is generally more difficult in a GUI. You have mouse clicks and keyboard entries to make in a GUI. AutoIT is the answer to your problem. AutoIT is designed to script repetitious tasks in a GUI, specifically the Windows GUI and Windows applications.

AutoIT is freeware - not open source - designed to automate the Windows GUI and perform other general scripting tasks. I use it at work for setting up users in Active Directory and Lotus Notes. The Active Directory part I send to the Windows command line. The Notes part is done inside the Notes client. I even have it send the New User documentation over to my Linux workstation via SCP. There I have a Bash script convert the documents to PDF to be sent to HR. Pretty cool. It saves me hours of work every Friday. Which is why I can write this post and tell you about it

The AutoIT download comes with a lite version of the SciTe IDE. You can download a full blown version customized to work with AutoIT here. With the IDE you get syntax highlighting, script tidying, debug, the ability to compile the script to an .exe file and more. AutoIT even integrates into the right click text menu so that right clicking on the script gives you the ability to run, compile or edit the script.

If you need to send your scripts out to users, for instance to have them perform some task or installation on their machine, the compile function is a real life saver. We use it to compile the script that installs and sets up the VPN and then send it to remote users. Just burn it to a CD along with the necessary files so that it will autorun and Voila!..no more trying to do it over the phone. Or you could just send all of the files zipped up in an email and have them put it in a folder for running..but that does require relying on the user to do something.

AutoIT also provides AU3Info. AU3Info is a tool that will help you find window titles, mouse coordinates and much more window information that will help in writing your script. You need the active window titles and mouse coordinates so that AutoIT knows when a certain window is active. Once the window is active you tell the script where to place the mouse, left or right click if necessary and what keystrokes to send.

AutoIT comes with a full complement of everything required to write any sort of script whether you need to manipulate a GUI or something that you need to run from the command line. These include datatypes, functions, macros and many others.

The documentation is excellent and very easy to understand. The forums are active and friendly to new users. So if you’re tired of doing that repetitious Windows task why not give AutoIT a spin! It’s a great tool for any administrator.

Full disclosure: I am in no way associated with AutoIT other than being a satisfied user.