Let's say you need some quick and easy Server 2008 virts - maybe for testing or training. What's the fastest way to get them rolling without a prior image ready? This may not be the fastest, but it's faster than the alternative.
Go to:
http://www.microsoft.com/windowsserver2008/en/us/trial-software.aspx?pf=true
Click "get VHD image" and download the full 2GB version. Extract this out into the full 6.5GB file and now you have a VHD. I've read that you can boot VHD's in KVM, but I've not been able to do that with the brief attempts I made, so run this command next:
kvm-img convert -O raw server2008R2ENT.vhd /var/lib/libvirt/images/server01.raw
Now just create the virts and go on your way.
Monday, April 18, 2011
Thursday, April 14, 2011
Windows Server 2008 from the command line
Here are a few useful commands to use in the windows command line. Occasionally you may find these can save you some time.
Change computer name:
netdom renamecomputer %COMPUTERNAME% /newname:server_name /force /reboot:5
This will rename the machine and then reboot. You throw in the %COMPUTERNAME% variable so that you don't need to know the computer generated name windows gave it upon installation. netdom is used to manage a few things in windows, but primarily I think you'll find it being used for this sort of thing.
Enroll in a domain:
netdom /join /d:domain.local server_name /ud:administrator /pd:password /force /reboot:5
Once again netdom is used here. server_name needs to be the same name you set in the previous command. Some notes; /ud sets the username - don't prepend the domain name, it gets this from the domain you define in /d. You must also set the /pd - password - if you don't it appears to just send a blank password. Considering the fact that you must actually type the password in cleartext (and more likely put this into a script) you will probably want to create a temporary account used to enroll all of your PC's and then disable/delete the account.
Change computer name:
netdom renamecomputer %COMPUTERNAME% /newname:server_name /force /reboot:5
This will rename the machine and then reboot. You throw in the %COMPUTERNAME% variable so that you don't need to know the computer generated name windows gave it upon installation. netdom is used to manage a few things in windows, but primarily I think you'll find it being used for this sort of thing.
Enroll in a domain:
netdom /join /d:domain.local server_name /ud:administrator /pd:password /force /reboot:5
Once again netdom is used here. server_name needs to be the same name you set in the previous command. Some notes; /ud sets the username - don't prepend the domain name, it gets this from the domain you define in /d. You must also set the /pd - password - if you don't it appears to just send a blank password. Considering the fact that you must actually type the password in cleartext (and more likely put this into a script) you will probably want to create a temporary account used to enroll all of your PC's and then disable/delete the account.
Saturday, April 9, 2011
Spam Assassin
An internal sender who was being smart hosted from exchange into a centralized sendmail machine running spam assassin was having their mail rejected as spam. They had upgraded their internet connection about 3-4 months ago and as such acquired a new set of IP addresses. In the spam assassin config file, local.cf contains either trusted_networks or internal_networks. You have to remember to modify these any time one of your relays changes their IP address. These config lines tell spam assassin who is internal or trusted and who is not. If you don't add them then clients run the risk of having false positives when trying to send mail.
You will already be on the server anyway to modify sendmail's configs so just make this part of your mental checklist. Syntax below:
trusted_networks single.ip.address or ip.address.range/CIDR
A less used feature would be the exclusion, so trusted_networks !10.10.10.1 10.10.10.0/24 would trust that entire class C expept for 10.1
You will already be on the server anyway to modify sendmail's configs so just make this part of your mental checklist. Syntax below:
trusted_networks single.ip.address or ip.address.range/CIDR
A less used feature would be the exclusion, so trusted_networks !10.10.10.1 10.10.10.0/24 would trust that entire class C expept for 10.1
Friday, April 1, 2011
Using htop
While top is great, htop is better - if not more time tested. I wanted to go over a few useful things htop can do.
For starters htop has mouse support, which while not amazing - it's also not something that is very well known.
Hitting F5 will set you up with process trees, or you can alternatively enable this by default using F2 to enter setup and setting it there. In your root folder you will find .htoprc which contains any of these changes.
'M' sorts by memory usage, which is a bit simpler than the ways to do it via top.
Finally killing processes is improved. In top you had to type the pid in, which was less than useful - in htop you can just hit k and kill the selected process, and then select the signal like -9 or -1 You can also nice tasks similarly with the + and - keys. If I'm not mistaken in top you had to once again provide a pid.
For starters htop has mouse support, which while not amazing - it's also not something that is very well known.
Hitting F5 will set you up with process trees, or you can alternatively enable this by default using F2 to enter setup and setting it there. In your root folder you will find .htoprc which contains any of these changes.
'M' sorts by memory usage, which is a bit simpler than the ways to do it via top.
Finally killing processes is improved. In top you had to type the pid in, which was less than useful - in htop you can just hit k and kill the selected process, and then select the signal like -9 or -1 You can also nice tasks similarly with the + and - keys. If I'm not mistaken in top you had to once again provide a pid.
Thursday, March 31, 2011
OpenSSL commands
Some useful commands for use with OpenSSL.
View a certificate:
View a request:
Generate a self signed cert:
View a certificate:
openssl x509 -noout -text -in certificate.crt View a request:
openssl req -noout -text -in request.csrGenerate a self signed cert:
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
Subscribe to:
Posts (Atom)