Installing Solaris Software with CSW

unset http_proxy
unset HTTP_PROXY
pkgadd -d http://get.opencsw.org/now
pkgadd -u -y gzip coreutils wget gnulinks

Put /opt/csw in your path.

Then from time to time run /opt/csw/bin/pkgutil -U; /opt/csw/bin/pkgutil -u

Building perl using icc

 PERL5OPT= perlbrew --force install perl-5.16.2 -Acc=icc -Accflags="$CFLAGS"

Sendmail configuration for Verizon FIOS

The pointer is at http://www.dawoodfall.net/index.php/relaying-sendmail-a-ssl which shows where Virgin Media pulled the same stunt as Verizon.  It doesn't quite work as mentioned, you need to put the relay domain in square brackets to avoid MX resolution, however apart from that it's sweet.  I didn't set up relay-domain as mentioned.

Briefly, to enable using sendmail to deliver mail on FiOS:

1) install stunnel
2) Create /etc/stunnel/smtp.verizon.net.conf with:

sslVersion = SSLv3

[ req ]
client = yes
accept = 2525
connect = smtp.verizon.net:465

3) /etc/init.d/stunnel restart
4) Add sendmail.mc:

define(`SMART_HOST', `[localhost]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 2525')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 2525')dnl

5) Add to authinfo:
  
AuthInfo:fqdn.of.your.localhost "U:name" "P:password" "M:PLAIN" 
AuthInfo:fqdn.of.your.localhost:2525 "U:name" "P:password" "M:PLAIN"

6) cd /etc/mail && make && /etc/init.d/sendmail reload

7)  Add to /etc/monit/conf.d/njh:

check process stunnel_verizon with pidfile "/var/run/stunnel4/smtp.verizon.pid"
        start program = "/usr/sbin/service stunnel4 start"
        stop program = "/usr/sbin/service stunnel4 stop"
        if failed host 127.0.0.1 port 2525 type TCP protocol SMTP then restart
        group stunnel4

Publishing a new git respositary

On the server (if not already done)

mkdir /git
chown root:root /git
chmod 1777 /git

Say you have a source tree on your client in bar to be published as foo.git

git init --bare foo.git
scp -Cr foo.git server:/git/foo.git
rm -rf foo.git
git clone server:/git/foo.git
cd foo
cp -R ../bar/* .
git add .
git commit -m "Initialisation"
git push origin master


All done.  On a third machine "git clone server:/git/foo.git" should now work and you can git pull, add, commit and push to your heart's delight.

Fixing perl floor build problems

Some older Perls fail to build with something like:


pp_pack.o: In function `S_pack_rec':
pp_pack.c:(.text+0x519b): undefined reference to `floor'
pp_pack.c:(.text+0x51be): undefined reference to `floor'
pp_pack.c:(.text+0x51e3): undefined reference to `floor'
opmini.o: In function `Perl_load_module_nocontext':
opmini.c:(.text+0xe53f): undefined reference to `pthread_getspecific'

To fix this add -lpthread -lm to the run-time libraries, e.g.:

perlbrew install perl-5.10.1 -Accflags="$CFLAGS" -Aldflags="-lpthread -lm" -Duseithreads -Dusemultiplicity 

It may still fail with "cc: error: lib/auto/IO/Compress/Compress.a: No such file or directory" which I'm still investigating.

Basic puppet installation on each client

I can have autosign on for self signed certificates.  On the server edit /etc/puppet/autosign.conf putting in the one line:

*.example.com

Where example.com is the domain running Puppet.

On the client:

Linux: apt-get install puppet
OpenBSD: pkg_add ruby-facter && pkg_add ruby-puppet
OpenBSD5.5: pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64/facter
        pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64/puppet
Solaris: pkgadd -d http://get.opencsw.org/now (turn off http_proxy), /opt/csw/bin/pkgutil -i -y puppet3 - puppet goes into /opt/csw/bin/puppet

edit /etc/puppet/puppet.conf, adding:

[main]
server=server.fqdn

[master]
certname=server.fqdn

On the server:

[optional] amend /etc/puppet/manifests/nodes.pp

On the client:

Ensure the client.fqdn is listed as the first entry in the /etc/hosts in the 127.0.0.1 entry.

puppet agent --enable
puppet agent --server=server.fqdn --no-daemonize --verbose

On the server:

puppet cert --list
puppet cert --sign client.fqdn

On the client: wait for two minutes, or interrupt and run the puppet agent command again.

You will then most likely see an error message such as this, even though you've done nothing wrong:

err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key

On the client:

cd /var/lib/puppet/ssl (/var/puppet/ssl on FreeBSD; /etc/puppet/ssl on OpenBSD; /var/opt/csw/puppet/ssl on Solaris)
find . -type f | xargs rm -f

On the server:

puppet cert --clean client.fqdn

Repeat the above puppet agent call and subsequent steps a few times.  Eventually it will work.

On the client:

Amend /etc/default/puppet: START=yes
Add puppet agent --test to /etc/rc.local and ensure it's started in /etc/init.d.
On Solaris 11 run "/usr/sbin/svcadm enable puppet:agent"

Solaris - check  http://projects.puppetlabs.com/projects/1/wiki/Puppet_Solaris looking for CSW

Older Linux clients when talking to a new server may fail with WEBrick::HTTPStatus::RequestURITooLarge.  If that fails, find webrick/httprequest.rb on the server and change:

MAX_URI_LENGTH = 2083 # :nodoc:

to

MAX_URI_LENGTH = 4096 # :nodoc: 

Then restart the puppetmaster. 

On Darwin you may need to set LANG=en_US.UTF-8

To test the manifest:

cd /etc/puppet/manifests; puppet apply nodes.pp 

If the server complains with 404 errors loading the puppet stuff run:

passenger-install-apache2-module 

If you delete the certificates on the server by mistake, run this on the server to regenerate its certificate:

  puppet cert generate server.fqdn