07 June, 2009

Crypted disks with remote key placed on http server

This page contains few information how to create crypted disk using dm_crypt, lvm, gpg with remote key stored on http server.
The advantage is to have key, used for unlocking crypted disk(s), somewhere on the server instead have it on USB.

* You can easily delete this key if your disks are stolen and nobody can access them any longer...
* If you use USB stick to save key then you need to have it connected to the machine with the cyphered disks every reboot - usually it will be plugged all the time to the server which destroy all security.
* Keys are downloaded automatically every reboot from remote HTTP server (if not your disks will remain locked).

All commands were tested on Debian and should be also applicable on other distributions.

06 June, 2009

Cobbler and yum in RHEL 4.6

Look at small how-to install cobbler with yum on RHEL 4.6 from scratch.

Install the most RHEL 4.6 or CentOS 4.6 with default partitioning and custom installation (unselect all possible packages during installation procedure). Diable firewall and SELinux.
  • Enable DVD repository by changing the line in /etc/yum.repos.d/CentOS-Media.repo
  • enabled=1
  • Install yum
  • mount /media/cdrom
  • Download packages and install them:
  • mkdir /var/tmp/cobbler-4.6
    cd /var/tmp/cobbler-4.6
    rpm -i 
    ./python-elementtree-1.2.6-5.el4.centos.x86_64.rpm \
    ./python-urlgrabber-2.9.8-2.noarch.rpm ./sqlite-3.3.6-2.x86_64.rpm \
    ./python-sqlite-1.1.7-1.2.1.x86_64.rpm \
    ./yum-metadata-parser-1.0-8.el4.centos.x86_64.rpm \
    ./centos-yumconf-4-4.5.noarch.rpm \
    ./yum-2.4.3-4.el4.centos.noarch.rpm \
    yum clean all
    mkdir /var/tmp/rhel4_repo/
    ln -s /media/cdrom/RedHat/RPMS/ /var/tmp/rhel4_repo/RPMS 
    createrepo /var/tmp/rhel4_repo/
    cat >/etc/yum.repos.d/RHEL-4.6-Media.repo <<+
    name=RHEL4 - Media
    createrepo /var/tmp/cobbler-4.6/
    cat >>/etc/yum.repos.d/my.repo <<+
    name=My Repository
  • Install necessary software from DVD
  • mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.orig
    yum -y install wget mc
    yum -y install httpd tftp-server mod_python python-devel createrepo rsync mkisofs
    yum -y install perl-Digest-SHA1 perl-Digest-HMAC perl-Socket6 perl-Time-HiRes sysstat perl-libwww-perl
    yum -y install libart_lgpl freetype libpng
    yum -y install logrotate perl-DateManip
    yum -y install cman
    yum -y install dhcp bind
    yum -y install memtest86+
    yum -y install cobbler
    yum -y install munin munin-node php-ldap
    chkconfig munin-node on
    yum -y install yum-utils
    yum -y install syslinux
  • Disable firewall (just for sure):
  • chkconfig --level 2345 iptables off
    service iptables stop
  • Change line in /etc/cobbler/settings to match the IP of the server:
  • default_password_crypted: "$1$pH3........0B2HB/"
    default_name_servers: []
    manage_dhcp: 1
    manage_dns: 1
    manage_forward_zones: [my.domain.cz]
    manage_reverse_zones: [192.168.0]
    pxe_just_once: 1
    register_new_installs: 0
    xmlrpc_rw_enable: 1
  • Start cobbler and apache daemon:
  • /etc/init.d/cobblerd start
    /etc/init.d/httpd start
    chkconfig httpd on
  • Change 'disable' to 'no' in /etc/xinetd.d/tftp
  • disable                 = yes

    Cobbler/DHCPd/bind configuration

  • Change listening interface for dhcpd in /etc/sysconfig/dhcpd:
  • DHCPDARGS=eth0;
  • Modify file /etc/cobbler/dhcp.template according your needs:
  • subnet netmask {
         option routers   ;
         option domain-name         "my.domain.cz";
         option domain-name-servers;
         option subnet-mask;
         range dynamic-bootp;
         filename                   "/pxelinux.0";
         default-lease-time         21600;
         max-lease-time             43200;
         next-server                $next_server;
  • Modify /etc/cobbler/named.template like:
  • options {
    #          listen-on port 53 {; };
    #          allow-query     { localhost; };
               forwarders {; };
    cobbler sync
    service xinetd restart
    chkconfig dhcpd on
    chkconfig named on
    Now you should run
    cobbler check
    and see something like that:
    $ cobbler check
    No setup problems found
    Manual review and editing of /var/lib/cobbler/settings is recommended to tailor cobbler to your particular configuration.

    Cobbler repository+ installation

    cobbler import --name=RHEL4.6-x86_64-AS --mirror=/media/cdrom/
    cobbler repo add --mirror=/var/tmp/cobbler-4.6/ --name=my-repo
    cobbler reposync
    cobbler image add --name=Memtest86+-1.26 --file=/tftpboot/memtest86+-1.26 --image-type=direct
    cobbler profile copy --name=RHEL4.6-AS-x86_64 --newname=NGP_RHEL4.6-AS-x86_64
    cobbler profile copy --name=rescue-RHEL4.6-AS-x86_64 --newname=NGP_rescue-RHEL4.6-AS-x86_64
    cobbler profile edit --name=NGP_RHEL4.6-AS-x86_64 --repos="my-repo"
    cobbler profile edit --name=NGP_rescue-RHEL4.6-AS-x86_64 --repos="my-repo"
    cobbler sync
  • Edit /etc/yum.repos.d/RHEL-4.6-Media.repo and change one line like:
  • baseurl=file:///var/www/cobbler/ks_mirror/RHEL4.6-x86_64-AS/RedHat
  • Then run:
  • yum clean all

    PXE configuration

  • Make this the first line of /etc/cobbler/pxe/pxedefault.template,pxeprofile.template,pxesystem.template to enable serial connection:
  • SERIAL 0 115200

    Cobbler WebUI

  • Set root password for web access:
  • htdigest /etc/cobbler/users.digest "Cobbler" root
  • Change line in /etc/cobbler/modules.conf:
  • module = authn_configfile
    service cobblerd restart
    service httpd restart

    Cobbler host specification

    cobbler system add --comment="c3virt01ce01 machine" --name=c3virt01ce01 --hostname=c3virt01ce01 --netboot-enabled=1 --profile=NGP_RHEL4.6-AS-x86_64 --name-servers= --static=0 --kickstart=/var/lib/cobbler/kickstarts/legacy.ks
    cobbler system edit --name c3virt01ce01 --interface=eth0 --mac=00:0c:29:68:78:96 --ip= --netmask=  --static=1 --dns-name=c3virt01ce01.my.domain.cz
    cobbler system edit --name c3virt01ce01 --interface=eth1 --mac=00:0c:29:68:78:b4 --ip= --netmask= --static=1
    cobbler system edit --name c3virt01ce01 --interface=eth2 --mac=00:0c:29:68:78:aa --ip= --netmask= --static=1
    cobbler system edit --name c3virt01ce01 --interface=eth3 --mac=00:0c:29:68:78:be --static=0
    cobbler sync
    Hope it will be possible to use PXE boot to install machines.

02 June, 2009

Trim margins from PDF document

It's happened to me one time, that I want to trim margins from PDF document.

It was a Czech manual for Panasonic G1 camera. You can see huge margins there, because it was officially written for A5 paper and they create manual for A4 paper size.

See the picture:
One page from Czech Panasonic DMC-G1 manual
One page from Czech Panasonic DMC-G1 manual

I used pdfcrop script from Heiko Oberdiek, which can easily trim margins.
pdfcrop.pl --margins 10 panasonic_g1.pdf panasonic_g1-2.pdf

Here is the result:
Trimmed page from Czech Panasonic DMC-G1 manual
Trimmed page from Czech Panasonic DMC-G1 manual

I hope this can be useful for somebody who needs this...
KDE pdf viewer Okular, has the function "Trim Margins", which works very well, but you can not save the PDF...