2011年12月29日 星期四

using mod_wsgi deploy django project

1. install httpd-devel, python-devel
# yum install htppd-devel, python-devel

2. install mod_wsgi
  a. Download mod_wsgi source code. modwsgi
  b. untar & using ./configure; make; make install

3. edit /etc/httpd/conf/httpd.conf
LoadModule wsgi_module modules/mod_wsgi.so
WSGIScriptAlias /mysite /usr/local/www/mysite/apache/django.wsgi

4. Create django project
#cd /usr/local/www
#django-admin.py startproject mysite

5. create apache folder
# cd /usr/loca/www/mysite
# mkdir apache

6. Create django.wsgi file in apache folder, the content is:
import os
import sys
path = '/usr/local/www'
if path not in sys.path:
    sys.path.append(path)

os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

7. restart httpd

8. open brower and open link: http://localhost/mysite

Reference:
http://code.google.com/p/modwsgi/wiki/QuickInstallationGuide
http://code.google.com/p/modwsgi/wiki/QuickConfigurationGuide
https://docs.djangoproject.com/en/1.3/howto/deployment/modwsgi/

2011年12月22日 星期四

python with statement

python 2.5支援with statement,用法像這樣,以open file為例:

printf("xxxx");
with open("x.txt") as f:
  data = f.read()
  do something with data
  因為file object已經有了__enter__()和__exit__()這兩個method,利用with statement就能自動達到像是try-except-finally的程式流程

  若自定class implement __enter__(self)和__exit__(self, type, value, traceback)也能利用with statement來簡化

參考資料:
http://effbot.org/zone/python-with-statement.htm
http://effbot.org/pyref/with.htm

2011年12月21日 星期三

解決yum update perl conflict問題

若yum update perl發生
conflicts with file from package perl.x.x.x
用rpm -e移除perl.i386 (若妳的CentOS是x64)
rpm -e perl.i386
在執行yum update perl應該就不會發生conflicts了

參考資料:
http://slash4.de/tutorials/CentOS_5.4_perl_update_problem

2011年11月30日 星期三

vsftpd ipv6 setup

讓vsftpd service 可用ipv6 address連線 (環境: CentOS 5.X)

1. 編輯 /etc/vsftpd/vsftpd.conf
listen=NO #關掉ipv4-only sockets
listen_ipv6=YES #打開ipv4 ipv6相容的模式

2. restart vsftpd
# service vsftpd restart

2011年11月2日 星期三

linux bash getopt


getopt 是 shell 裡抓參數的好工具
例: getopt abc:d: 容許參數 -a -b -c -d, -c and -d 後面要接參數

#!/bin/sh
set - `getopt abc:d: $*`
while true; do
  case $1 in
    -a) echo option -a
      shift ;; 
    -b) echo option -b
      shift ;; 
    -c) echo option -c=$2
      shift 2 ;; 
    -d) echo option -d=$2
      shift 2 ;; 
    --) shift
      break ;; 
    *) echo "error!"
      exit 1 ;; 
  esac
done

執行結果 
# ./go -a
option a
# ./go -c jack
option -c=jack
# ./go -b -c jack
option -b
option -c=jack
# ./go -b -c test -d
getopt: option requires an argument -- d
option -b
option -c=test
(使用後面要加參數的 option 會提示)
# ./go -b -c test -f
getopt: invalid option -- f
option -b
option -c=test
(使用未支援的參數會提示)

 http://pank.org/blog/2004/05/getopt-example.html

python join

把string的list join成一個string

tmp = ["a", "b", "c", "d"]
" ".join(tmp)
a b c d

http://stackoverflow.com/questions/3627270/python-how-exactly-can-you-take-a-string-split-it-reverse-it-and-join-it-back

set - 的用法

#set - -a a -b b c d e f g
#echo $1
-a
#echo $*
-a a -b b c d e f g
#echo $0
bash
link

2011年9月16日 星期五

gitosis

Install gitosis (server side)
>git clone git://eagain.net/gitosis.git
>cd gitosis >sudo python setup.py install

add user 'git' (server side)
>sudo adduser git
>sudo passwd git

generate a admin public key (from client side) and put on server side
the key is put on /home/git/id_rsa.pub

Initialize gitosis (server side)
>su git
>cd /home/git
>gitosis-init < id_rsa.pub
>rm id_rsa.pub


Now we must set some directory and file permissions to let sshd see the new authorized_keys file.

>chmod 755 /home/git
>chmod 700 /home/git/.ssh
>chmod 644 /home/git/.ssh/authorized_keys


Make sure post-update is executeable
Cole on November 19, 2009 03:53 PM
I was still getting the ERROR:gitosis.serve.main:Repository read access denied problem after rechecking everything that was said here. I finally found the answer on stackoverflow. Make sure your repositories/gitosis-admin.git/hooks/post-update is executable. Enjoy

prevent "ERROR:gitosis.serve.main:Repository read access denied"

clone gitosis from server (client side)
>git clone git@server.com:gitosis-admin.git

edit gitosis.conf
>cd gitosis-admin
>vim gitosis.conf
(refer following link to modify conf file)

http://nfocipher.com/index.php?op=ViewArticle&articleId=12&blogId=1
http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way
http://theswarmintelligence.blogspot.com/2009/11/creating-gitosis-repository-and-adding.html

Ready to git hosting on remote!

2011年8月17日 星期三

install mysql and phpmyadmin via yum

1. install mysql and mysql-server
# yum install mysql mysql-server

2. start mysql server
# service mysqld start

3. change mysql root password
# mysqladmin ping -u root -p'' password 'newpassword'
Enter password: your-root-mysql-adminpasswd-here
mysqld is alive

4. install rpmforge
refer to: http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

5.  yum install phpmyadmin

6. modify config.inc.php
# vim /usr/share/phpmyadmin/config.inc.php
$cfg['blowfish_secret'] = 'any-string-you wants for encryption';

7. modify phpmyadmin.conf
# vim /etc/httpd/conf.d/phpmyadmin.conf
replace "Allow from 127.0.0.1" to "Allow from all"
(Note: It allow any client login to your phpmyadmin)

8. restart Apache
# service httpd restart

9. open browser "http://server/phpmyadmin
login with root/your-root-mysql-adminpasswd-here

reference:
http://www.linuxforums.org/forum/red-hat-fedora-linux/57941-how-install-phpmyadmin-via-yum.html
http://www.shocr.com/yum-install-phpmyadmin/
http://www.cyberciti.biz/faq/mysql-change-root-password/

2011年8月10日 星期三

install lxml

1. yum install libxml2-devel libxslt-devel python-devel

2. easy_install --allow-host=lxml.de,*python.org lxml

reference:
http://lxml.de/installation.html

2011年8月6日 星期六

install webmin on Amazon linux

1. wget http://www.webmin.com/download/rpm/webmin-current.rpm

2. sudo rpm -ivh webmin-xxxx

3. sudo vim /etc/webmin/miniserv.users
>refer the first line, add line:
ec2-user:x:0
4. sudo vim /etc/webmin/webmin.acl
>refer the first line, add line:
ec2-user: xxxxxxxxxxxxxxxxxxxx

5. sudo /usr/libexec/webmin/changepass.pl /etc/webmin ec2-user password
("password" is YOUR password)

6. service webmin start

7. open port 10000 on AWS Security Group

8. try to login with ec2-user/password on http://your_server:10000/

reference:
http://www.pc-freak.net/blog/how-to-add-a-new-user-to-webmin-from-shell-via-bashsh/

2011年8月4日 星期四

subversion

1. # yum install mod_dav_svn subversion

2. # cd /etc/httpd/conf.d/
# vim subversion.conf

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /repos>
DAV svn
SVNPath /var/www/svn/repos
AuthType Basic
AuthName "Subversion repos"
AuthUserFile /etc/svn-auth-conf
Require valid-user
</Location>

3. htpasswd -cm /etc/svn-auth-conf yourusername
New password:
Re-type new password:
Adding password for user yourusername

reference:
http://wiki.centos.org/HowTos/Subversion

2011年7月26日 星期二

python getopt



import getopt, sys

def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "ho:v", ["help", "output="])
except getopt.GetoptError, err:
# print help information and exit:
print str(err) # will print something like "option -a not recognized"
usage()
sys.exit(2)
output = None
verbose = False
for o, a in opts:
if o == "-v":
verbose = True
elif o in ("-h", "--help"):
usage()
sys.exit()
elif o in ("-o", "--output"):
output = a
else:
assert False, "unhandled option"
# ...

if __name__ == "__main__":
main()


"ho:v" 允許-h -o -v, 其中-o需要參數(後面多:)
["help", "output="] 允許--help --output, 其中--output需要參數(後面多=)

http://docs.python.org/library/getopt.html

python subprocess


#!/usr/bin/python
from subprocess import *
from shlex import *

command = "ls -l"
print command
output = Popen(split(command), stdout=PIPE, stderr=PIPE)
outputData = output.communicate()[0]
returncode = output.returncode





http://docs.python.org/library/subprocess.html

2011年7月13日 星期三

Disable Apache folder listing for each folder

1. enable .htaccess file override
edit file /etc/httpd/conf/httpd.conf
search "htaccess", changed below setting to
AllowOverride All

2. go to folder that will disable folder listing
create file .htaccess
add this content:
IndexIgnore *

3. Restart Apache
service httpd restart

Reference:
http://www.cyberciti.biz/faq/apache-web-server-prevent-directory-folder-listing/
http://www.cyberciti.biz/faq/apache-htaccess/

2011年7月4日 星期一

Manipulating Strings

bash下字串的操作

chars="12345678"
echo ${chars:2:3} #234
format: ${string:position:length}
position index從1開始
echo ${chars:2} #345678
從0開始算

reference:
http://tldp.org/LDP/abs/html/string-manipulation.html

2011年3月29日 星期二

ip route add

指令:
ip route add 10.6.0.0/16 via 10.3.23.254 dev eth0

若要每次interface起來就自動設定好:
在/etc/sysconfig/network-scripts/ 新增檔案 route-eth0
內容:
10.6.0.0/16 via 10.3.23.254 dev eth0

2011年3月22日 星期二

vnc-ltsp-config

這套件會自動設定Xvnc在5900~5905, 相關設定檔在
/etc/sysconfig/vncts (不用改)
/etc/xinetd.d/vncts
把wait=no改成wait=yes可保留session(關掉remote client viewer下次再登入還是一樣)
可改-geometry和-depth
/etc/services (最後幾行,可改對應的port,名稱對應就是/etc/xinetd.d/vncts列的)
/etc/gdm/custom.conf (要改設定, 不然只會看到一片黑和一個白色X)
參考http://wiki.centos.org/HowTos/VNC-Server更改
chkconfig vncts on (下了馬上就有作用)
記得再把firewall相對應的port打開
port5902在連vnc時用[server ip]:2就可以了

注意:這service可能不夠安全,因為任何遠端在timeout前都可以不用密碼就進入桌面

=== update for CentOS 6 ===
rpm download: ftp://ftp.pbone.net/mirror/archive.fedoraproject.org/fedora/linux/releases/12/Everything/x86_64/os/Packages/vnc-ltsp-config-4.0-7.fc12.noarch.rpm

**port number對應 不用改/etc/services而是改/etc/xinetd.d/vncts裡的port=5900**

來源: http://www.centos.org/modules/newbb/viewtopic.php?topic_id=35501&forum=55

參考資料:
http://wiki.centos.org/HowTos/VNC-Server
http://linuxcommand.org/man_pages/Xvnc1.html

Samba設定

預設SELinux會擋Samba, 要用system-config-selinux把Samba相關的Boolean打開來才能正常使用

參考資料:
http://babyface.com.tw/NetAdmin/24200801SELinux/

2011年3月4日 星期五

Install TestLink

1. yum install mysql
yum install mysql-server

2. Add CentOS-Testing repo
cd /etc/yum.repos.d/
wget http://dev.centos.org/centos/5/CentOS-Testing.repo
( edit .repo file, enabled=1)

3. yum install php php-mysql php-gd php-ldap

4. service mysqld start
chkconfig mysqld on
$ mysqladmin -u root password NEWPASSWORD

5. service httpd start
chkconfig httpd on

6. cp testlink-1.9.1.tar.gz /var/www/html/
cd /var/www/html/
tar zxvf testlink-1.9.1.tar.gz
mv testlink-1.9.1 testlink
rm testlink-1.9.1.ta.gz
chown -R apache:apache testlink
mkdir  /var/testlink
mkdir /var/testlink/logs
mkdir /var/testlink/upload_area
chown apache:apache /var/testlink/logs
chown apache:apache /var/testlink/upload_area

7. edit /etc/php.ini
session.gc_maxlifetime = 2400
max_execution_time = 120
memory_limit = 64M

8. service httpd restart

9. go to "http://localhost/testlink/

10. step by step install

11.To have a fully functional installation You need to configure mail server settings, following this steps

  • copy from config.inc.php, [SMTP] Section into custom_config.inc.php.
  • complete correct data regarding email addresses and mail server.


12. after installation, remove /install directory

Reference:
http://www.cyberciti.biz/faq/mysql-change-root-password/

2011年3月1日 星期二

CentOS tftp setup

1. yum install xinetd

2. chkconfig xinetd on

3. yum install tftp-server

4. chkconfig tftp on

5. edit /etc/xinetd.d/tftp
disable = no

6. service xinetd restart

http://www.syntaxtechnology.com/2010/06/setting-up-a-pxe-boot-server-on-centos-5-5/
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch16_:_Telnet,_TFTP,_and_xinetd

2011年2月24日 星期四

eth0連線Internet, eth1連線內部網路

1. install DHCP
yum install dhcp

2. edit /etc/dhcpd.conf
option domain-name-servers x.x.x.x, x.x.x.x #domain name server of ISP
option routers x.x.x.x #ip address of this dhcp server

3.設定iptables (注意:會把iptables設定改掉)
iptables-save > iptables_original
iptables -F (清除規則)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save

4. edit /etc/sysctl.conf
net.ipv4.ip_forward = 1
apply /etc/sysctl.conf
# sysctl -p /etc/sysctl.conf

4. restart dhcpd service
#service dhcpd restart

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-fw.html#s1-firewall-ipt-fwd

autofs自動mount nfs

1. 編輯 /etc/auto.misc
2. 加上
nfs -fstype=nfs 10.3.23.111:/root/Desktop/XXX

3. service autofs restart

4. 進入資料夾 (要進入資料夾才會真的mount)
/misc/nfs

參考資料:
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-nfs-client-config-autofs.html
http://www.centos.org/docs/4/4.5/System_Administration_Guide/Mounting_NFS_File_Systems-Mounting_NFS_File_Systems_using_autofs.html
http://blog.lefthander.tw/2010/03/blog-post.html

2011年2月22日 星期二

安裝DHCP Server

1. 安裝dhcpd
yum dhcp install

2. 更改設定檔 /etc/dhcpd.conf

3. 更改設定檔 /etc/sysconfig/dhcpd
DHCPDAGRS=eth0 #在哪個interface提供dhcpd service

/etc/init.d/functions

裡面有echo_passed, echo_success, echo_failure, echo_warning
可以輸出有顏色的[ OK ], [PASSED]等等
但是若output到文字檔會有顏色控制碼 (cat輸出還是有顏色)

http://bash.cyberciti.biz/guide//etc/init.d/functions

CentOS /etc/sysconfig/network-script/ifcfg-ethx

PERSISTENT_DHCLIENT=yes|no
預設no, 若yes會一直發DHCPDESCOVER (dhclient無-1參數)
但是若在interface initail時網路線沒接, 也不會執行dhclient

DHCPRELEASE=yes|no
預設no, 若yes則當interface down時會發DHCPRELEASE給DHCP server

2011年2月21日 星期一

ssh without password setup

http://linuxproblem.org/art_9.html

SSH login without password

Your aim

You want to use Linux and OpenSSH to automate your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.

How to do it

First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa): 
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh
b@B's password: 
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password: 
From now on you can log into B as b from A as a without password:
a@A:~> ssh b@B
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:
  • Put the public key in .ssh/authorized_keys2
  • Change the permissions of .ssh to 700
  • Change the permissions of .ssh/authorized_keys2 to 640

2011年2月18日 星期五

CentOS Testing repo

http://dev.centos.org/centos/5/CentOS-Testing.repo
這可以用yum來升級一些套件, 例如PHP 5.2 (yum update php)
[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing

強化 yum 的功能

yum install yum-protectbase
yum install yum-fastestmirror yum-priorities

備份原有的 CentOS-Base.repo
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak

修改 CentOS-Base.repo 設定 Priority
vim /etc/yum.repos.d/CentOS-Base.repo
在 [base]、[addons]、[updates]、[extras] 項目下新增 priority=1
在 [centosplus]、[contrib] 項目下新增 priority=2

重開 yum 的服務
/etc/rc.d/init.d/yum-updatesd restart

接著安裝 rpmforge
先匯入 rpmforge 的 Key
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

接著下載並安裝
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm


other:
http://wiki.centos.org/AdditionalResources/Repositories

2011年2月10日 星期四

webmin

linux的管理工具 web GUI
可以設定非常多東西
http://www.webmin.com/
裝好會開在port10000
http://localhost:10000/

http://www.webmin.com/rpm.html

DNS

DNS就是hostname + domain 對應到IP的轉換
透過DNS的查找, 就能知道host.domain所對應到的IP位置

要在Internet上有合法的domain,必須要到相關單位申請, 並擁有一個domain, 必須告訴該單位你所要掌管的domain的server IP, 或是domain託管

一個domain有一筆domain record是放在上層的DNS server上(google.com這個domain的domain record放在.com的DNS server上, google.com是.com的一個host), www.google.com是google.com的一個host

A record : host與IP address對應
MX record: 指定mail server的位置
CNAME record: Alias設定

http://www.aboutdebian.com/dns.htm

2011年1月20日 星期四

CentOS下vnc與local畫面同步 & xrdp (可用Windows遠端桌面連線)

1. 確認vnc-server已安裝

2. 用vncpasswd產生/root/.vnc/passwd

3. 編輯/etc/X11/xorg.conf
增加Section "Module"
Section "Module"
Load "vnc"
EndSection

在Section "Screen"增加此行
Option "passwordFile" "/root/.vnc/passwd"

4. 把port 5900打開

==================
xrdp安裝設定 (可用Windows遠端桌面連線)

1. 安裝EPEL repositories (以下link search EPEL)
http://wiki.centos.org/AdditionalResources/Repositories
a. download rpm
>wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
b. install rpm
> rpm -ivh epel-release-5-4.noarch.rpm

2. install xrdp
>yum install xrdp

3. 設定/etc/xrdp/xrdp.ini, 新增此session
[xrdp2]
name=Desktop
lib=libvnc.so
ip=127.0.0.1
port=5900
username=
password=ask

4. 把Firewall port 3389打開

5. restart xrdp & vncserver
>service vncserver restart
>service xrdp restart

6. 在Remote windows測試
開啟"Winodws遠端桌面連線" mstsc.exe
IP:remtoe端的IP

7.連進去後Module欄, 下拉選"Desktop"
keyin密碼就OK了!

參考資料:
1. http://it-specialists.org/pages/posts/howto-installation-of-xrdp-under-centos-5.5-10.php
2. http://blog.yam.com/linkatzelda/article/27398655
3. http://www.vixual.net/blog/archives/tag/xrdp

2011年1月13日 星期四