Wednesday, November 21, 2007

FUSE+SSHFS

在Linux中要去mount遠端的Server某個分享資料夾,大部份是透過NFS或是Samba的方法來實做,在此帽客提供另一種方法來做,那便是利用SSH來mount。

OS: CentOS5 kernel version: 2.6.18-8.1.14.el5

透過sshfs便可以達到這樣的需求,但由於使用sshfs之前,必需安裝FUSE module,所以請先至rpm.pbone.net抓取以下的RPM並安裝:
fuse-2.7.0-1.el5.rf.i386.rpm
fuse-devel-2.7.0-3_7.el5.i386.rpm
fuse-kmdl-2.6.18-8.1.14.el5-2.7.0-3_7.el5.i686.rpm
fuse-libs-2.7.0-3_7.el5.i386.rpm

在抓取fuse-sshfs-1.8-1.el5.rf.i386.rpm安裝完後將機器重新開機或是執行modprove fuse

由於sshfs在mount遠端時都會要求輸入密碼,如同使用ssh一樣,所以我利用了免密碼就可登入到對方主機來做。(在此server2代表client要mount server1的root家目錄)

server2: 產生金鑰並scp到server1
[root@server2 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.

Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
97:49:77:78:b0:82:13:59:fa:0b:70:ad:cd:7d:31:f1 root@server2.example.com
[root@server2 ~]# scp .ssh/id_dsa.pub root@10.4.1.33:~/server2.key.pub
Password:
id_dsa.pub
100% 614 0.6KB/s 00:00
server1: 將server2的金鑰copy到~/.ssh/authorized_keys
server1:~/.ssh # touch authorized_keys
server1:~/.ssh # cat ../server2.key.pub > authorized_keys

server2: 使用sshfs mount server1的root家目錄至/mnt/server1
[root@server2 ~]# sshfs root@10.4.1.33:/root /mnt/server1/
[root@server2 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda5 13G 3.6G 8.8G 29% /
/dev/hda1 99M 14M 80M 15% /boot
tmpfs 506M 0 506M 0% /dev/shm
/dev/hda2 4.8G 138M 4.4G 4% /home
sshfs#root@10.4.1.33:/root
1000G 0 1000G 0% /mnt/server1

完成。

Monday, November 19, 2007

[Vsftp] Allow anonymous rewrite files

今天發現到在RHEL/SLES的vsftp中,即使我開放讓anonymous有上傳與建立目錄的權限,但當要上傳並覆蓋原本的檔案時會發生權限不足的問題,原來還要多加一個設定anon_other_write_enable=YES
在此總結允許anonymous所有權限的參數:

anonymous_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
write_enable=YES

Friday, November 16, 2007

[Shell Script] 執行結果變指令!

#!/bin/bash
## A=100
## ls -l
## free -m
eval "`grep "^## " $0 | sed 's/^## //'`"
echo "A=$A"

短短的幾行,卻內含許多觀念!

Friday, November 02, 2007

Top 10 Reasons Not to Use Ubuntu

http://blog.linuxtoday.com/blog/archives/071031-103438.html

這應該是反諷MS吧,雖然我不太prefer MS ,但青菜蘿菠各有所好囉~
當我把compiz特效展現給同事看時,沒有一個不心動的,已經有人安裝Ubuntu了,不過帽客也當起了免費的技術支援。

Thursday, November 01, 2007

DNS cache issue

一般來說,DNS cache的值是以TTL來決定,而TTL也只對於DNS Server與Server之間才有用!如果對DNS Client來說它是不會去做DNS cache的,每查詢一次就update一次RR,但帽客今天發現到了一個非常有趣的現象,當你在DNS Client透過 host / nslookup /dig 來做名稱解析時,每問一次就update一次,這不難理解,合乎常規,但當你用ping時,此時就很怪異了,你會發現!被cache住了!比如我設定 server.example.com 對映到192.168.0.254 / 253, 當你用host查尋時,會每問一次就改變一次對映的IP,但ping確沒有唷!主要的原因是被nscd這隻daemon cache住囉!

nscd daemon就是用來設定DNS Client要cache住Name Server cache查尋的結果多久,這個跟TTL值一點關係也沒有,它也可以應用在LDAP,ypserver等等,以下是它的example config file:

enable-cache passwd yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd yes
shared passwd yes

enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group yes
shared group yes

enable-cache hosts yes
positive-time-to-live hosts 5
negative-time-to-live hosts 0
suggested-size hosts 211
check-files hosts yes
persistent hosts no
shared hosts yes

hosts -> 就是針對DNS cache用的。 :)