Cron Job Prevent the sending of errors and output

6 juin 2011 informatique No comments

By default the output of a command or a script (if any produced), will be email to your local email account. To stop receiving email output from crontab you need to append following string:

Cron Job Prevent the sending of errors and output

To prevent the sending of errors and output, add any one of the following at the end of the line for each cron job to redirect output to /dev/null.
>/dev/null 2>&1.
OR
&> /dev/null

Cron Job Example

Edit/Open your cron jobs, enter:
$ crontab -e
Append string >/dev/null 2>&1 to stop mail alert:
0 1 5 10 * /path/to/script.sh >/dev/null 2>&1
OR
0 1 5 10 * /path/to/script.sh &> /dev/null
Save and close the file. Restart the crond:
# /etc/init.d/crond restart

MAILTO variable

As pointed out by Anand Sharma, you can set MAILTO= » » variable at the start of your crontab file. This will also disable email. Edit/Open your cron jobs
$ crontab -e
At the top of the file, enter:
MAILTO=""
Save and close the file.

Utiliser l’outil de préparation du système (Sysprep.exe) pour effectuer une duplication de disque

5 juin 2011 informatique No comments

http://support.microsoft.com/kb/298491/fr

Installation de sysprep pour initialiser le sid du pc (à cloner)avec windows 2000(possible avec xp et 7)

  1. Installez Windows 2000 sur un ordinateur test. Vous pouvez installer Windows interactivement ou utiliser un fichier de réponses pour automatiser le processus.
  2. Redémarrez l’ordinateur, puis ouvrez une session en tant qu’administrateur.
  3. Installez et personnalisez tous les programmes que vous souhaitez déployer avec Windows 2000.
  4. Ajoutez des comptes d’utilisateurs locaux, joignez un domaine ou les deux.
  5. Examinez la configuration pour vérifier que l’ordinateur contient tous les composants, paramètres et données requis.
  6. Cliquez sur Démarrer, sur Exécuter, tapez cmd dans la zone Ouvrir, puis appuyez sur ENTRÉE.
  7. À l’invite de commandes, tapez cd \, appuyez sur ENTRÉE, tapez md sysprep, puis réappuyez sur ENTRÉE.
  8. Insérez le CD-ROM de Windows 2000 Professionnel dans le lecteur de CD ou de DVD, tapez expand lettre_lecteur_CD:\support\tools\deploy.cab –f:* c:\sysprep, puis appuyez sur ENTRÉE. Notez que cette commande suppose que vous avez créé le dossier Sysprep sur le lecteur C à l’étape 7. Si vous mettez le dossier sur un autre lecteur, modifiez la commande.
  9. À l’invite de commandes, tapez cd \sysprep, puis appuyez sur ENTRÉE.
  10. Pour exécuter Sysprep.exe, tapez Sysprep /paramètres, puis appuyez sur ENTRÉE. Pour obtenir une liste des paramètres, reportez-vous à la section « Paramètres Sysprep.exe » de cet article.
  11. Arrêtez l’ordinateur, ôtez le disque dur de l’ordinateur, puis clonez-le en utilisant un processus tiers de création d’images du disque. Notez que vous arrêtez l’ordinateur automatiquement lorsque vous exécutez Sysprep.exe à l’aide du commutateur –reboot

…..

Lien pour capturer une image Windows 7 avec imagex

http://danstoncloud.com/blogs/yannick/archive/2010/09/10/capturer-une-image-windows-7-avec-imagex.aspx

Microsoft Windows User Profiles

29 mai 2011 informatique No comments

Microsoft Windows User Profiles
Both Unix and Windows allow users to configure their computer to their individual taste. A user’s configuration may apply to one particular computer or to any networked computer on which they log in.
The Unix/Linux world provides a « home directory » for each user. This stores all of the user’s program settings, documents and other files. It is easy to offer network-wide home directories for all of your users using NFS (Network File System). When properly implemented, this system is transparent to the user and provides a nice way to centralize data storage and allow any user to log into any workstation using their own preferences and settings and have all of their data readily available.
Microsoft Windows supports « user profiles » for all users settings. These store all the Registry settings, program settings, documents and other files for each user. Unfortunately, sometimes it is not trivial to offer network-wide user profiles for all of your users.
To help maintain your sanity (and keep your job), these wikis will focus on the wonderful world of Microsoft’s user profiles. They will cover how profiles work, the different options you have in implementing profiles, how to configure Samba for network-wide (« roaming ») profiles or « local profiles », and various tips and tricks to get the most out of user profiles.
Windows Profile Basics
With the release of Windows NT, Microsoft made a conscious effort to create a multi-user system with separate settings for each user. To do this, user profiles were implemented. User profiles are simply a set of folders and files for each individual user. These folders are located in different places depending upon the version of Windows NT you are running. In Windows NT 4, these profiles are stored by default in C:\WinNT\Profiles\ – in Windows 2000 and XP, they were moved to C:\Documents and Settings\. If you browse these folders you will find a few directories contained within: a folder for each individual user that has logged onto the workstation – an « All Users » folder and a « Default User » folder.
The user’s folders contain the users Registry Hive (NTUSER.DAT), as well as various other folders, such as Desktop, Personal (My Documents), Start Menu, Favorites, Application Data, etc. Depending upon what applications are installed and how many documents a user has, the user profile can range from a few a few megabytes in size to well over a gigabyte in size (especially when running Microsoft Outlook without an Exchange Server).
The « All Users » folder contains settings that are in effect for every user that uses the workstation. Mainly this folder is used to place application shortcuts within the Start Menu and Desktop so locally installed applications are available to all users of the workstation. The « All Users » folder does not contain any registry settings since Windows is only capable of loading one User Registry Hive at a time.
The « Default User » folder contains settings the settings that are used when a user does not already have a profile folder on the machine. This folder is copied to a new directory named using the username of the user logging in (or a variant of the username). You can control the default appearance and settings of a new user by changing the contents of this directory, more on this later.
When Microsoft designed profiles they provided options for the administrator to use depending upon the network setup and needs. These options are implemented with either Local Profiles, Server-Side (Roaming) Profiles and Mandatory Profiles.
Local Profiles
Local Profiles are simply profiles that are stored on the local machine, these, of course, are the default profiles used when not on a network. The downfall of this type of profile is that there is no way to have the user’s settings « follow » them from one workstation to another, also there is no feasible way to ensure all of the user’s settings on your network is backed up properly – this is especially important if your user’s store all of their documents within their profile directories (the default functionality).
Roaming Profiles
Roaming Profiles are profiles that are stored on a server and are downloaded to the workstation whenever a user logs into the machine. The profiles are then uploaded back to the central server when the user logs out.
In theory these types of profiles would be perfect in an environment where users jump from machine to machine, except for the fact that they are downloaded (copied) every time a user logs into a machine. Whenever you have multiple copies of a file you run the risk of losing data during the re-syncing of the data over a network. An offset hardware clock, corrupt sectors on a disk or faulty network wiring could cause data corruption.
Another drawback of Roaming Profiles is the fact that, by default, the user’s documents and other application data are stored in the profile folder so the profile can grow to be huge. A profile of several hundred megabytes is common. Imagine if 50 users are logging into workstations at the same time, your network would quickly slow to a crawl. To make matters worse, when these users log out, this same data (slightly modified) is then copied back to the server.
Mandatory Profiles
Mandatory Profiles are pretty much the exact same thing as Roaming (Server-Side) Profiles, except for the fact that the profile is deleted instead of copied back to the server when a user logs out. This has the benefit of keeping the profile small (since no changes are propagated back to the server), and the fact that you only really need to maintain one profile for your entire network is also nice.
The drawback, of course, is that the profile is never updated – no user settings are retained, if you install certain applications your users would continuously be bugged with different registration wizards (until you update the mandatory profile of course), etc. Using Mandatory Profiles, although in theory would be wonderful (especially in a controlled environment), are not very feasible to implement on a production network.
Folder Redirection
When you bring up the topic of folder redirection with any Windows Administrator you will get a reaction indicating extreme frustration or one that is peaceful, nearly Zen like. The frustration reaction is a result of either not implementing redirection properly, or implementing them on a faulty or overloaded network. This section will hopefully allow you to have the Zen-like reaction when this issue comes up.
Folder redirection allows you to redirect a folder that is usually located within the user profile to an external source, such as a network share. The frustration occurs because not all folders can or should be redirected and if the network share that you are redirecting to becomes unavailable you have issues as well, such as disappearing icons on the desktop, etc.
Fortunately, this wiki is about Samba Servers, which are known to be available for months, if not years at a time. However, a word of caution, before you implement any type of services on your network, it is best to ensure all of the hardware is thoroughly tested, especially check or certify all network cables, including patch cables.
Folders within a Profile
To be able to redirect any folder, you really need to know what folders are actually in the profile, and what folders really work well with redirection and which folders will give you headaches if you try to redirect them. The following table should give you a good idea of what folders are in the profile (by default) and what these folders contain.
Default Folders within a User’s Profile Folder Name     Description
Application Data     Apps should store extra data here (similar to « dot files » in Linux, a.k.a. « hidden files » in Windows)
Cookies     Microsoft Internet Explorer stores user’s cookies here
Desktop     User’s Desktop Folder (icons, etc.)
Favorites     Microsoft’s IE stores user’s favorites here (url shortcuts)
Local Settings     Extra Data for local computer should be stored here (Temp, etc)
My Documents (2k & XP)     User’s Document folder on Windows 2000 & XP
NetHood     Any Extra Network Neighborhood Shortcuts are stored here
Personal (NT4)     User’s Document folder on Windows NT
PrintHood     Any Network Printers the user adds are stored here
Recent     List of Recently opened files (files that are opened within Explorer)
SendTo     Any locations to add to the send-to list are stored here
Start Menu     The user’s Start Menu is stored here
Templates     Links to create new files with the New -> submenu
Ntuser.dat (file)     Actual File that holds the User Hive of the Windows Registry
NOTE: Some Windows Programs do not store all of it’s data in the proper place, as a result profiles may contain more folders than what is listed here.
When redirecting folders you should look at two different things; how much data is stored within the directory and how important the data is. If the folder stores quite a bit of data it would be optimal to redirect that folder outside the profile so the data is not continuously copied from/to the server when the user logs in/out. Also, if the data is important, such as documents, then it is very important to redirect that data out of the volatile profile – otherwise updated documents could be lost when the network is either congested or times out.
With that in mind, there are a few directories that should usually be re-directed, these include Application Data, Desktop and My Documents or Personal when using NT4. (In reality, the My Documents folder should be redirected even when using Local Profiles.) Some Administrators also redirect the Favorites folder (mostly for backups and if using different profiles for each architecture which is covered later).
Some folders are not prone to work well when redirected (you will eventually encounter errors). These folders include nearly any folder used with Internet Explorer (except Favorites) as well as NetHood and PrintHood. I am not sure why these folders do not work well with redirection, but you will eventually get different errors, it may take a week or two but you will get various errors.
The Local Settings folder is a special case. This folder contains files specific to the local machine and should not be propagated to the profile. For this to happen you must either set a registry key on each workstation or utilize a system policy on your network.
Finally, there are folders that are stored within other folders that can also be redirected. A good example of this is the introduction of the « My Music » folder that is usually stored within the « My Documents » folder. These folders include « My Music », « My Pictures » and « My Videos », all of these folders work well with redirection.
How to Redirect Folders
Now that you know what folders you can redirect, how exactly do you redirect these folders ? Well, it is extremely easy as there is a registry setting for every folder within the profile. These registry keys are located in « Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders » in the User Hive of the Windows Registry.
To redirect these folders, you must either set a local policy on each of the workstations connected to the domain, or utilize a Network-wide System Policy which is covered in another wiki. Also, if you redirect folders on a Windows XP based machine you must also ensure that the « offline files » feature is either disabled or that Windows is set to not sync redirected folders (this can also be set within a System Policy).
Implementing Local Profiles with Samba
The easiest type of profile to implement with Samba is the Local Profile. Local Profiles are stored on each individual computer and are not centrally located on a server. To utilize Local Profiles simply set the following directives to nothing:
* logon path =
* logon home =
NOTE: When using Local Profiles, Samba’s « logon drive » directive has no meaning. If you still want the user’s home directory on a Samba server set to a drive letter, you must set it with a Logon Script.
Even though local profiles are stored on the User’s computer, it is still a good idea to redirect certain folders within their profile to a Samba Share, such as the « Documents » folder. To do this see the wiki article on implementing Windows Policies.
Implementing Roaming Profiles with Samba
To implement Roaming Profiles with Samba a few things must happen. First you must create a share to store these profiles, then you must set a few Samba directives to enable roaming profiles.
NOTE: You can theoretically store profiles within the users home directory, unfortunately Windows does not release a share immediately after logging out. So if you do store user’s profiles within the home directories and another user logs into a machine immediately after another user logs out, the newly logged in user could invariably use the other users profile resulting in a possible security issue, as well as other issues. It is best to simply store all of the user profiles within a separate Samba share.
Creating the Profile Share
To create a Samba share to use for your user’s profiles simply add something similar to your share section of the smb.conf file:
* [profiles]
* comment = Network Profiles Share
* path = /srv/samba/profiles
* read only = No
* store dos attributes = Yes
* create mask = 0600
* directory mask = 0700
* browseable = no
* guest ok = no
* printable = no
* hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
Then ensure that everyone has write access to the directory listed as the path:
* chmod o+rw /srv/samba/profiles
Setting relevant directives for Roaming Profiles
The smb.conf settings required to use Roaming Profiles by default are:
* logon path = \\%L\profiles\%U
* logon home = \\%L\%U\.9xprofile
* logon drive = P:
The logon home directive is only used if you have any Windows 9x based machines on your Domain, otherwise it does not need to be set. The logon drive specifies the Drive Letter Windows will assign your home directory, this alleviates the need to create a logon script that essentially would do the same thing.
The logon path directive is where you actually setup roaming profiles. This directive should contain a Windows Network path to the location of the profile for each user. If the user’s profile directory does not exist, one will be created at that location (as long as the user has write access to that directory).
You can also take full advantage of Samba’s Variable Substitutions and further separate User’s profiles, such as by architecture. Using the directive:
* logon path = \\%L\profiles\%U\%a
will separate the user’s profiles relating to each version of Windows, such as WinXP, WinNT, etc. This is extremely helpful if you have users that jump from computer to computer that have different versions of Windows on them. This can solve a whole slew of problems relating to the registry on different versions of Windows, especially when running different version of Internet Explorer. Separating profiles in this way can be a very powerful feature, especially when you include Folder Redirection into the mix.

Failover/load balance isc dhcpd(primary/secondary)

26 mai 2011 informatique No comments

Introduction

Small- and medium-sized networks often have a single DHCP server, which can become a single point of failure for a large number of hosts on the network. When the DHCP server goes off-line, DHCP client hosts lose their addresses and ability to communicate with the rest of the network. Since most desktop computers, and even some servers, get their networking configuration via DHCP, such an outage can result in a lot of downtime.

If the network has a Unix infrastructure, there’s a good chance that it’s using the Internet Systems Consortium (ISC) DHCP server, which is widely available on Linux and BSD systems.

Starting with version 3.0, the ISC DHCP server offered failover capabilities that allow network administrators to offer a more robust DHCP service. A failover setup requires a little care, but it’s fairly straightforward to implement.

A simple starting point

Before getting to the failover setup, let’s establish a simple baseline DHCP configuration with no frills.

#
# /etc/dhcpd.conf for simple network
#

authoritative;
ddns-update-style none;

subnet 192.168.200.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.200.255;
  option routers 192.168.200.1;
  option domain-name-servers 192.168.200.1;
  pool {
    max-lease-time 1800; # 30 minutes
    range 192.168.200.100 192.168.200.254;
  }
}

With this configuration, our server will act as the authoritative DHCP server on the 192.168.200.0 subnet, handing out addresses from 192.168.200.100 to 192.168.200.254 to any host that asks for one.

The problem

Our configuration will work fine until the DHCP server goes off-line. The cause of its demise might be a hardware failure, a power outage, or even an OS upgrade; it doesn’t matter. Once it’s gone, all DHCP client hosts will lose their network configurations within 30 minutes (our maximum lease time).

We could just bring another DHCP server online in its place, but the information about leases will be lost, possibly forcing clients to acquire new addresses. In that situation, clients would have to break any existing network connections. In some cases, local X sessions would also break. (If you’re bored sometime, try changing the hostname of your machine when running a live X desktop. The recovery process can be amusing.)

Alternatively, we could plan for a downtime by increasing lease times from 30 minutes to the better part of a day. That would reduce—but not completely remove—the risk of any given client having its lease expire while the server is off-line, but any newly arriving client won’t get an address.

Configuring the primary

Once you identify the machine that will act as the secondary DHCP server (or the new primary, if you’re going to demote the old server), you’ll want to make sure the clocks on the two machines are in sync. Timestamps are very important to dhcpd! After that, it’s time to configure it. Using the simple configuration above, we’ll add the bits necessary to upgrade it to serve as the primary in a failover situation:

  • The failover peer section that identifies the primary and secondary servers; in the example below, it’s called “dhcp-failover,” but it can be any string that works for you. The example identifies the two DHCP servers by address, but you can use DNS names as well. In the past couple years, TCP ports 647 (primary) and 847 (peer) have emerged as the standard bindings for DHCP failover. It’s worth noting that as recently as 2005, the dhcpd.conf(5) man page used ports 519 and 520 in its failover example, but 647 and 847 look like good choices as of 2008.The dhcpd.conf(5) man page says that the primary port and the peer port may be the same number. That’s the configuration I deploy, using the port 647 for both the primary and the peer.
  • The pool sections for which the failover pair is active; in our example, we have only one pool section, so we add a reference to our failover peer set.
#
# /etc/dhcpd.conf for primary DHCP server
#

authoritative;
ddns-update-style none;

failover peer "dhcp-failover" {
  primary; # declare this to be the primary server
  address 192.168.200.2;
  port 647;
  peer address 192.168.200.3;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

subnet 192.168.200.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.200.255;
  option routers 192.168.200.1;
  option domain-name-servers 192.168.200.1;
  pool {
    failover peer "dhcp-failover";
    max-lease-time 1800; # 30 minutes
    range 192.168.200.100 192.168.200.254;
  }
}

Configuring the secondary

For our simple network, the configuration for the secondary is quite similar to that of the primary. The only significant differences are in the failover peer definition: there’s a secondary declaration, the mclt and split declarations are omitted, and the local and peer addresses are switched.

#
# /etc/dhcpd.conf for secondary DHCP server
#

authoritative;
ddns-update-style none;

failover peer "dhcp-failover" {
  secondary; # declare this to be the secondary server
  address 192.168.200.3;
  port 647;
  peer address 192.168.200.2;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
}

subnet 192.168.200.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.200.255;
  option routers 192.168.200.1;
  option domain-name-servers 192.168.200.1;
  pool {
    failover peer "dhcp-failover";
    max-lease-time 1800; # 30 minutes
    range 192.168.200.100 192.168.200.254;
  }
}

The folks at ISC note that the DHCP failover protocol is still under development, which makes it sort of a moving target. As a result, they strongly suggest that the primary and secondary servers both be running the same version of dhcpd.

SELinux notes

As noted, running dhcpd in failover mode involves opening a TCP port for communication with the peer server. The SELinux policy distributed with CentOS 4 and 5 allows dhcpd to send packets over ports 647 and 847, but you’ll need to tweak the policy if you want to use different ports.

The instructions below apply specifically to CentOS 4 (and, by extension, to Red Hat Enterprise Linux 4), though I suspect that they would also work on Fedora Core 3 and 4.

  1. Install the selinux-policy-targeted-sources rpm, if it’s not already on your system.
  2. Open a command prompt in the /etc/selinux/targeted/src/policy directory.
  3. Create or edit domains/misc/local.te using your editor of choice. Add a single line: 
    allow dhcpd_t port_t:tcp_socket name_bind;
  4. Run make reload to install your modified policy.

What the logs will show

Once both servers are configured and working, the system logs will show when one goes offline. Here’s what shows up when the primary goes down:

Nov  6 19:50:51 secondary dhcpd: failover peer dhcp-failover: I move
from normal to communications-interrupted

When the primary comes back, the log will say (among other things)

Nov  6 19:51:37 secondary dhcpd: failover peer dhcp-failover: I move
from communications-interrupted to normal

The other main difference in the logs will be the presence of pool reports. In failover mode, dhcpd will try to ensure that the primary and secondary servers each have a similar number of free dynamic leases for each pool declared in the configuration file. As the servers work to keep that balance, they’ll occasionally log their status.

Nov  6 20:27:09 secondary dhcpd: pool 98e82b8 192.168.200.0/24
total 155  free 38  backup 37  lts 0

In this case, 75 of the 155 of the addresses we declared eligible for dynamic assignment are still available. The primary holds 38 in reserve, the secondary 37. As long as the values for free and backup differ by no more than one, things are good. Should they vary by two or more (with a resulting non-zero lts), the pool addresses will be juggled until balance is restored.

Now, the single point of failure is gone. So go hog wild: install those security patches on your DHCP server that you’d put off because you didn’t want to lose leases!

===

ex de conf:https://www.artduweb.com/linux/dhcp

dhcp primaire:

# FAILOVER DHCP #

failover peer "MONPOOL" {
        primary;
        address 172.16.1.1;
        port 647;
        peer address 172.16.1.2;
        peer port 847;
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 3600;
        split 128;
        load balance max seconds 3;
}

# Définition de la plage adressable #
subnet 172.16.1.0 netmask 255.255.255.0 {
        option domain-name-servers 172.16.1.151, 172.16.1.152;
        option domain-name "domaine.fr";
        option routers 172.16.1.254;
        option broadcast-address 172.16.1.255;
        default-lease-time 7200;
        max-lease-time 14400;
        pool {
                failover peer "MONPOOL";
                range 172.16.1.10 172.16.1.20;
           }
        }

dhcp secondaire:

#### FAILOVER DHCP

failover peer "MONPOOL" {
        secondary;
        address 172.16.1.2;
        port 847;
        peer address 172.16.1.1;
        peer port 647;
        max-response-delay 60;
        max-unacked-updates 10;
        load balance max seconds 3;
}

# Définition de la plage adressable #
subnet 172.16.1.0 netmask 255.255.255.0 {
        option domain-name-servers 172.16.1.151, 172.16.1.152;
        option domain-name "domaine.fr";
        option routers 172.16.1.254;
        option broadcast-address 172.16.1.255;
        default-lease-time 7200;
        max-lease-time 14400;
        pool {
                failover peer "MONPOOL";
                range 172.16.1.10 172.16.1.20;
           }
        }

exemple de bail  ip dhcp:

default-lease-time                      86400;   # 24 hours
max-lease-time                          172800;  # 48 hours

dhcpd.lease contient le log des baux ip dhcp

Mysql sauvegarde et restauration

23 mai 2011 informatique No comments

Sauvegarder:

-toutes les bases:

#mysqldump -u utilisateur -p mot_de_passe –all-databases > dump.sql gzip dump.sql

-une base:

#mysqldump base_de_donnees -u utilisateur -p mot_de_passe > dump.sql gzip dump.sql

Restaurer la base base_de_donnees:

#mysql -u utilisateur -p mot_de_passe base_de_donnees < dump.sql

« Older Entries Recent Entries »