Month: August 2010

Posted on

IPMI on dedibox server

Check if your hardware is compatible

Most middle and all high-end models are IPMI compatible. To check if your server is, log into the dedibox website then: Quick access -> Server selection -> Hardware -> IPMI information and configuration. If the hardware is compatible an IP is already assigned to the IPMI controller.

Into the Access list -> Add IP address you can modify the IPs authorized to connect to the IPMI controller. The modification isn’t taken into account immediately, so maybe you have to wait a couple of hours.

Dedibox configuration

Under Debian the ipmitools package provide the appropriate modules and tools to send and receive IPMI orders. But before using it you have to load two kernel modules:

# modprobe ipmi_si
# modprobe ipmi_devintf

Don’t forget to add them into the /etc/modules file.

Then you must create an IPMI user:

# ipmitool -U root user set name 8 foobar
# ipmitool -U root user set password 8 foofoo
# ipmitool -U root user enable 8

Test your setup

You can check your setup using a simple status command:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis status

Serial Over Lan

SOL is a useful feature that give you access to the server’s serial port over its IPMI network address. If you configure the server OS to have a tty on this physical interface, then you can do a lot of interesting stuff, like gathering data for troubleshoot a crashed server or live-checking the server boot process.

First modify the grub setting file /boot/grub/menu.lst and add BEFORE the “AUTOMAGIC KERNELS LIST” section this line:

serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --timeout=15 serial console

Then replace the line

# defoptions=quiet

by

# defoptions=quiet console=tty0 console=ttyS0,9600n8

Don’t forget to make an update-grub to apply the modifications.
Then modify the /etc/inittab file to add the serial interface to the getty entries:

T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100

Reboot the server. Now that you have a working tty on the serial port you can enable SOL like this:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX sol activate

Usefull IPMI commands

Here a short list of some of the most useful IPMI commands:

– Do a complete electrical reset (stop, wait the start):

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis power cycle

– Do an hardware power reset:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis power reset

– Do an ACPI reset:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis  power soft

– Shutdown the server:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis  power off

– Start the server:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis  power on

– Get the server status:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis status

– Make an hardware self-check:

# ipmitool -I lanplus -U foobar -P foofoo -H XX.XX.XX.XX chassis selftest

Further Reading and sources

Posted on

[Postgres] Pg8.3 – Warm stand-by replication

Unlike Mysql, Postgres doesn’t have a native replication process. Nevertheless it’s possible to built a warm stand-by replicate using asynchronous log transfer.

Prerequisites

  • SSH access between your master and slave nodes
  • rsync
  • pg_standby

Enable archive log and log shipping

First create a directory for shipped log on the slave node :

mkdir /var/lib/postgresql/alog/

Then enable archive log and log shipping into the master setting file :

master:~# vi /etc/postgresql/8.3/main/postgresql.conf
archive_mode = on
archive_command = 'rsync -a %p slave:/var/lib/postgresql/alog/%f'
archive_timeout = 60
master:~# /etc/init.d/postgresql-8.3 restart

The archive_command will be executed each time the archive_timeout is reached or after the log file grow by 16Mo. After setting these parameters and restarting the postgresql service you can watch the archive directory and you should start seeing WAL files being transmitted on your slave node.

Enable replication

Now you need to configure your stand-by server for “continous recovery mode” using archive log has data source. The ‘pg_standby’ tool will be usefull for that.

slave:~$ vi /var/lib/postgresql/8.3/main/recovery.conf
restore_command = '/usr/lib/postgresql/8.3/bin/pg_standby -d /var/lib/postgresql/alog/%f %p %r >> /var/log/postgresql/pg_standby.log 2>&1'
slave:~$ /etc/init.d/postgresql-8.3 start

Ta-dah your warm stand-by replicate should be ready. You can check the /var/log/postgresql/pg_standby.log for more info. Note that you can’t connect to the slave postgres anymore, this behaviour is perfectly normal.

Further Reading and sources

Posted on

Memory scanner and editor

If you know the Windows program ‘ArtMoney’ you already have an idea what a memory scanner/editor like Scanmem could be used for.

For other people, basically this kind of tools allow you to search for variables in memory of a running process, generally using one initial value and then a second. When you have the precise offset, you can set the value as you wish (and then have a toon of money, lives or ammo).

This kind of tool could also be used to analyze an hostile process on a compromised machine but cheating in games is way more cool ^^