1. LinuxDeepin – Ubuntu 9.12

$ sudo apt-get install snmpd mrtg
$ sudo vi /etc/snmp/snmpd.conf

# sec.name source community
#com2sec paranoid default public #注释掉这行
com2sec readonly default public #再把这行打开
#com2sec readwrite default private

$ sudo /etc/init.d/snmpd restart

生成配置文件：
$ cfgmaker –global “WorkDir: /home/mrtg” public@localhost | sudo tee /etc/mrtg.cfg

生成HTML文件，修改配置文件后需要重新生成一次：
$ sudo indexmaker /etc/mrtg.cfg | sudo tee /home/mrtg/index.html

注：需要通过HTTP服务器进行查看，可以安装使用LNMP。

Refer to:
ubuntu下，给现有网站加个简单的流量监控的方法
用MRTG監控服務器的CPU和Memory
CentOS5.4 安装mrtg

安装那些软件
# Nginx
# MySQL
# PHP
# PHPMyAdmin
# Zend Optimizer
# eAccelerator
# Nginx-RRD
# vsFTPD

2. 由Licess开发维护。
Homepage: http://licess.cn/

3. 安装步骤
系统为Linux Deepin，基于Ubuntu 9.12
$ uname -a
Linux xxx 2.6.31-19-generic #56-Ubuntu SMP Thu Jan 28 01:26:53 UTC 2010 i686 GNU/Linux
$ sudo su
# wget http://soft.vpser.net/lnmp/lnmp0.3.tar.gz
# tar zxvf lnmp0.3.tar.gz
# cd lnmp0.3
# ./debian.sh
注：需手工设置MySQL root用户的密码。

注：机器在防火墙中，所以使用代理安装成功：
# proxychains ./debian.sh

第一步：注册插件开发的账号
http://wordpress.org/extend/plugins/register.php
注：该账号可以开发和提交插件和主题。

第二步：提交插件申请
http://wordpress.org/extend/plugins/add/
注：因为是人工审批，一般提交后1到2天才能完成。

第三步：提交插件

任务1：提交新的插件
# 创建插件目录
$ mkdir my-local-dir
# Check out 版本
$ svn co http://svn.wp-plugins.org/your-plugin-name my-local-dir
# 复制插件文件
$ cd my-local-dir/
my-local-dir/$ cp ~/my-plugin.php trunk/my-plugin.php
my-local-dir/$ cp ~/readme.txt trunk/readme.txt
# 添加文件到版本
my-local-dir/$ svn add trunk/*
> A trunk/my-plugin.php
> A trunk/readme.txt
# Check in 版本
my-local-dir/$ svn ci -m ‘Adding first version of my plugin’
> Adding trunk/my-plugin.php
> Adding trunk/readme.txt
> Transmitting file data .
> Committed revision 11326.

任务2：修改插件
# 更新本地版本
$ cd my-local-dir/
my-local-dir/$ svn up
> At revision 11326.
# 修改本地插件
my-local-dir/$ vi trunk/my-plugin.php
# 检查哪些文件修改过
my-local-dir/$ svn stat
> M trunk/my-plugin.php
# 检查文件修改的内容
my-local-dir/$ svn diff
> * What comes out is essentially the result of a
* standard `diff -u` between your local copy and the
* original copy you downloaded.
# Check in 版本
my-local-dir/$ svn ci -m “fancy new feature: now you can foo *and* bar at the same time”
> Sending trunk/my-plugin.php
> Transmitting file data .
> Committed revision 11327.

任务3：标记新版本
# 复制最新的文件到到新版本目录
my-local-dir/$ svn cp trunk tags/2.0
> A tags/2.0
# Check in 新版本目录
my-local-dir/$ svn ci -m “tagging version 2.0″
> Adding tags/2.0
> Adding tags/2.0/my-plugin.php
> Adding tags/2.0/readme.txt
> Committed revision 11328.
注：如果只需要保存最新版本，可以省略这个步骤。

SVN链接和具体操作步骤：
Wordpress plugin SVN Link: http://plugins.svn.wordpress.org/XXX/
Wordpress plugin SVN Howto: http://wordpress.org/extend/plugins/about/svn/

插件的说明文件需要符合标准：
FAQ: http://wordpress.org/extend/plugins/about/faq/
readme.txt standard: http://wordpress.org/extend/plugins/about/readme.txt
readme.txt validator:: http://wordpress.org/extend/plugins/about/validator/
注：XXX就是提交的插件名称；官网上提供插件说明文件的验证。

Note: It is easy to install and config OpenVPN server on Windows XP. We should remember add the bridge (桥接) between the local network interface and the virtual network interface.

Official document:
OpenVPN 2.0 HOWTO
Ethernet Bridging

Useful document:
OpenVPN—-桥接
常见问题
1.拨通vpn后ping不通vpn server的内网ip
原因：server.conf中dev 配置有问题
解决方案：将dev tap设置为dev tap0
2.各个vpn客户端之间不能互通
原因：server.conf中client-to-client配置没有打开
解决方案：将此项加入到server.conf中

Required package:
bridge-utils rpm build for : Fedora 10
Content of RPM :
/usr/sbin/brctl
/usr/share/doc/bridge-utils-1.2
/usr/share/doc/bridge-utils-1.2/AUTHORS
/usr/share/doc/bridge-utils-1.2/COPYING
/usr/share/doc/bridge-utils-1.2/FAQ
/usr/share/doc/bridge-utils-1.2/HOWTO
/usr/share/man/man8/brctl.8.gz

System environment:

#> uname -a
Linux frontend 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686 i386 GNU/Linux

#> ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:51999 errors:0 dropped:0 overruns:0 frame:0
TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80
inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5747 errors:0 dropped:0 overruns:0 frame:0
TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:491 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

#> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth0
0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 eth1

Installed configuration:

#> cat /etc/rc.d/rc.local
# Start OpenVPN service
/etc/openvpn/bridge-start
/sbin/service openvpn start
# Add route
route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.100.254 eth1
#route add default gw 10.4.3.1 eth0
route add default gw 10.4.3.1 br0
Note 1:
We should add the default gateway after we started the OpenVPN server, the bridge-start script will clear the default gateway.
Note2:
The default route should changed to br0 not eth0 – the bridged interface.

#> ifconfig -a
br0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48639 errors:0 dropped:0 overruns:0 frame:0
TX packets:15365 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4152487 (3.9 MiB) TX bytes:1727401 (1.6 MiB)

eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:51999 errors:0 dropped:0 overruns:0 frame:0
TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80
inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5747 errors:0 dropped:0 overruns:0 frame:0
TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:491 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

tap0 Link encap:Ethernet HWaddr AE:11:02:37:F7:88
inet6 addr: fe80::ac11:2ff:fe37:f788/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:301 errors:0 dropped:0 overruns:0 frame:0
TX packets:34402 errors:0 dropped:17 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:30484 (29.7 KiB) TX bytes:3010000 (2.8 MiB)

#> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth1
0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 br0

#> ls /etc/openvpn
bridge-start sample-keys
bridge-stop server.conf

#> cat /etc/openvpn/bridge-start
#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br=”br0″

# Define list of TAP interfaces to be bridged,
# for example tap=”tap0 tap1 tap2″.
tap=”tap0″

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth=”eth0″
eth_ip=”10.4.3.17″
eth_netmask=”255.255.255.0″
eth_broadcast=”10.4.3.255″

for t in $tap; do
openvpn –mktun –dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

#> cat /etc/openvpn/bridge-stop
#!/bin/bash

####################################
# Tear Down Ethernet bridge on Linux
####################################

# Define Bridge Interface
br=”br0″

# Define list of TAP interfaces to be bridged together
tap=”tap0″

ifconfig $br down
brctl delbr $br

for t in $tap; do
openvpn –rmtun –dev $t
done

#> cat /etc/openvpn/server.conf
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# “C:\\Program Files\\OpenVPN\\config\\foo.key” #
# #
# Comments are preceded with ‘#’ or ‘;’ #
#################################################

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
;port 5000

# TCP or UDP server?
;proto tcp
proto udp

# “dev tun” will create a routed IP tunnel,
# “dev tap” will create an ethernet tunnel.
# Use “dev tap0″ if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use “dev-node” for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap0
;dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don’t need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the “easy-rsa” directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see “pkcs12″ directive in man page).
ca sample-keys/tmp-ca.crt
cert sample-keys/server.crt
key sample-keys/server.key # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh sample-keys/dh1024.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
;ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS’s bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
server-bridge 10.4.3.17 255.255.0.0 10.4.3.221 10.4.3.230

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push “route 192.168.10.0 255.255.255.0″
;push “route 192.168.20.0 255.255.255.0″
push “route 10.4.0.0 255.255.0.0 10.4.3.1″

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory “ccd” for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name “Thelonious”
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious’ private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using “dev tun” and “server” directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client’s network config if
# client’s local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client’s local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push “redirect-gateway”

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
;push “dhcp-option DNS 10.8.0.1″
;push “dhcp-option WINS 10.8.0.1″

# Uncomment this directive to allow different
# clients to be able to “see” each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server’s TUN/TAP interface.
;client-to-client
client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE “COMMON NAME”,
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an “HMAC firewall”
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn –genkey –secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be ’0′
# on the server and ’1′ on the clients.
;tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It’s a good idea to reduce the OpenVPN
# daemon’s privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the “\Program Files\OpenVPN\log” directory).
# Use log or log-append to override this default.
# “log” will truncate the log file on OpenVPN startup,
# while “log-append” will append to it. Use one
# or the other (but not both).
;log openvpn.log
;log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

Sun installation document:
820-5239
<<Solaris 10 10/08 Installation Guide: CustomJumpStart and Advanced Installations>>
820-5237
<<Solaris 10 10/08 Installation Guide:Network-Based Installations>>

Create installation directory:
CD 1
#> /cdrom/s0/Solaris_10/Tools/setup_install_server /export/install10
CD 2-5
#> /cdrom/Solaris_10/Tools/add_to_install_server /export/install10
Solaris 10 patch
#> unzip /export/install10/patchdb/5.10/sparc/10_Recommended.zip

Update /etc/hosts
192.168.1.45 autotest

Update /etc/ethers
0:17:4f:0f:42:b0 autotest

Update /etc/dfs/dfstab
share -F nfs -o ro,anon=0 /jstart
share -F nfs -o ro,anon=0 /export/install10
#> shareall
#> /etc/init.d/nfs.server stop|start

Update Jumpstart config file
cp –pr /export/install10/Solaris_10/Misc/jumpstart_sample /jstart

Update /jstart/sysidcfg
keyboard=English
system_locale=en_US
timezone=US/Central
terminal=vt100
timeserver=localhost
name_service=none
nfs4_domain=dynamic
root_password=IbIPT4W6ebNWc
network_interface=primary
{
default_route=10.4.3.1
netmask=255.255.255.0
protocol_ipv6=no
}
security_policy=none
service_profile=open

Update /jstart/rules
hostname cbtmsu1 – any_machine.280 10recommended

Update /jstart/any_machine.280
install_type initial_install
system_type server
partitioning explicit
filesys c1t0d0s0 2048 swap
filesys c1t0d0s1 free /

Check the Jumpstart config
#> /jstart/check

Update /jstart/10recommended
LUPATCHHOST=10.4.3.250
LUPATCHPATHROOT=/export/install10/patchdb

Update client
#> /export/install10/Solaris_10/Tools/add_install_client -s 10.4.3.250:/export/install10 -c 10.4.3.250:/jstart -p 10.4.3.250:/jstart autotest sun4u
/etc/bootparams will be updated
autotest root=vgtui_1:/export/install10/Solaris_10/Tools/Boot install=10.4.3.250:/export/install10 boottype=:in sysid_config=10.4.3.250:/jstart install_config=10.4.3.250:/jstart rootopts=:rsize=8192

Install client
ok boot net – install

　　== 准备jumpstart ==
　　开始jumpstart之前，需要做以下准备：
　　# 了解jumpstart基本知识，请google一下 <br>
　　# 我们实验室已经建好了jumpstart server，通过frontend可以直接访问，hostname/usr/password: jstart/root/voip <br>
　　# 了解jumpstart目标机器（也就是待安装机器），通过ifconfig -a获得其一个网卡物理地址并记录下来，安装时网线必须连接此网口，暂时称此网口为jumpstart网口 <br>
　　# 将jstart的第一个网口（已经配置好专用于jumpstart）和目标机器的jumpstart网口连接到一个独立的hub上去，这样它们将位于一个独立的网络，jumpstart安装时目标机器需要通过广播包从jstart获得其IP地址然后进行下一步操作 <br>

　　== 配置jumpstart server ==
　　=== 设置hosts和ethers ===
　　# hosts中为目标机器选择一个IP地址和机器名称 <br>
　　# ethers中则是指定目标地址的网卡物理地址，也就是上面记录的jumpstart网口对应的网卡物理地址 <br>

　　=== jumpstart专用配置 ===
　　jstart上有一个jumpstart专用目录：/jstart <br>
　　需要设置以下3个jumpstart配置文件： <br>
　　# rules。注意：设置完此文件后需要运行一下./check <br>
　　# any_machine.xxx。你会发现/jstart目录下有很多any_machine.大头的文件，文件的后缀名则是服务器种类，这类文件都是用来设置安装时目标机器分区用的，一般来说对于已有的服务器种类不需要再修改其any_machine文件，只需要在后面引用即可 <br>
　　# client_dev.sh。这个shell脚本的主要作用是设置tftp，tftp是jumpstart安装时目标机器从jumpstart server下载文件用的，配置完后运行一下./client_dev.sh。 <br>

　　注意： <br>
　　以上配置完成之后，需要检查以下几个地方： <br>
　　# /etc/ethers <br>
　　# /etc/inet/hosts <br>
　　# /tftpboot（目录），检查rm.xxx中有没有对应目标机器的配置文件 <br>
　　# /etc/inet/inetd.conf （见案例2） <br>
　　# /etc/bootparams （见案例1） <br>
　　# /etc/dfs/dfstab <br>

　　== 开始安装 ==
　　步骤如下： <br>
　　# 串口连接目标机器，运行init 0进入standalone无网络ok状态 <br>
　　# 在ok提示状态下运行boot net – install <br>
　　之后所有的安装将自动进行 <br>

FAQ:

=== 案例1 ===
某次jumpstart solaris 10时下载完安装包后便报以下错误： <br>
Completed software installation

Solaris 9 software installation succeeded

Customizing system files
– Mount points table (/etc/vfstab)
– Network host addresses (/etc/hosts)
– Network host addresses (/etc/hosts)
WARNING: Could not set file attributes (/a/var/svc/profile/name_service.xml)

ERROR: Unable to copy a temporary file to it’s final location

ERROR: System installation failed
Solaris installation program exited.
检查/etc/bootparams文件后发现是client_dev.sh中的安装包路径搞错了 <br>

=== 案例2 ===
某次jumpstart时下载不了安装包，注：可以在jstart上snoop -v监控jumpstart安装过程的IP包 <br>
最后检查/etc/inetd.conf配置发现tftp中启用了udp6所致，应该为如下配置： <br>
tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot

=== 案例3 ===
某次jumpstart时发现，目标地址第一步动作——从jumpstart获取IP地址——失败，而snoop -v能够抓到目标机器的广播包。 <br>
检查/etc/ethers文件发现有重复的物理地址，去掉之后就正常了。<br>
<br>
也有几次get IP地址失败竟然是因为插在hub上的网线松了。<br>

=== 案例4 ===
有台机器的首个网口坏掉了，可以用以下方法jumpstart：<br>
ok devalias
此命令能够列出所有设备，可以发现有多个网络设备，它们的命名方式一般是net, net1, net2, net3 <br>
ok boot net1 – install
从net1（也就是第二个网口）启动并开始jumpstart

=== 案例5 ===
ok boot net – install
Boot device: /pci@1f,0/pci@1,1/network@c,1 File and args: – install
SunOS Release 5.10 Version Generic_118833-17 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
SUNW,eri0 : 100 Mbps full duplex link up
whoami: no domain name
Configuring devices.
Using RPC Bootparams for network configuration information.
Attempting to configure interface eri1…
Skipped interface eri1
Attempting to configure interface eri0…
Configured interface eri0
Beginning system identification…
Searching for configuration file(s)…
Using sysid configuration file 10.4.3.250:/jumpstart/sysidcfg
Search complete.
Discovering additional network configuration…
Completing system identification…
Starting remote procedure call (RPC) services: done.
System identification complete.
Starting Solaris installation program…
Searching for JumpStart directory…
not found
Warning: Could not find matching rule in rules.ok
Press the return key for an interactive Solaris install program…
已解决：
修改/etc/netmasks，使所有的netmask保持一致。
a. /etc/netmasks；
b. sysidcfg中网络接口的配置；
c. /export/install10/Solaris_10/Tools/Boot/netmask
d. #ifconfig -a； —- 你的目标网卡设置的掩码是255.0.0.0，而其他几个的设置为255.255.255.0
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 10.4.3.250 netmask ff000000 broadcast 10.255.255.255
ether 0:3:ba:9f:f7:d6

Netra-T1 AC200 LOM Usage (SunSolve Document ID 40507, Date 17 Oct 2001)
http://www.aaven.com/UNIX/Solaris/lom_commands.asp

lom => ok
lom> bootmode reset_nvram
lom> power / reset

ok => #
ok boot net – install

# => lom
#> #.

There are three prompts available on the Netra-t1.
ok> ——————– (normal prompt when the OS is not running)
lom> ——————– (available whether OS is running or not)
# ——————– (the OS prompt)

To move between the “ok>” prompt and the “lom>” prompt, type:
ok> #. There must be less than 1 second between the “#” and “.”
lom> ——> This is the prompt you get

Root can change this character sequence:
# lomctl <new first character>

Only the first character (“#”) can be changed. You don’t need
to know the previous character to do this.

To find out the current sequence do an “init 5″:
# init 5
This shuts down the system and gives you the “lom>” prompt

Then to show the current two-character sequence type:
lom> show escape

To move between the “lom>” prompt and the “ok>” prompt type:
lom> console

See Infodoc 27372 for a flow chart of how to jump around between the “lom>”,
“ok>” and “OS” prompts.

Some useful lom> commands are:

lom> poweron ————- (powers on the netra)
lom> poweroff ———— (powers off the netra)
lom> reset ————— (the same as the ok> reset command)
lom> reset -x ———— (resets the CPU only- externally initiated
reset XIR)
lom> break ————— (goes to the ok> prompt from the OS- “Stop-a”)
lom> environment ——— (current status of all components in system)
lom> check ————— (updates component status after repairing it-
run “lom> environment” again)
lom> show eventlog ——- (show last 10 events on the system)
lom> set faulton ——— (turns on the fault LED)
lom> set faultoff ——– (turns off the fault LED)
lom> set alarmon [1-3] — (sets 1 of 3 alarms on)
lom> set alarmoff [1-3] — (sets 1 of 3 alarms off)
lom> show model ———- (show the server model)
lom> show hostname ——- (same as uname -n)
lom> show —————- (help for the “show” command)
lom> help —————- (list of LOM commands)

You can set the boot mode of a netra using the below “lom>” command:

lom> bootmode [-u][normal|forth|reset_nvram|diag|skip_diag]

-u allows sharing of the console and LOM device

normal server boots using the OBP environment settings
-must reset server to take effect

forth server stops at the “ok>” prompt- same as “Stop-f”
-must reset server to take effect

reset_nvram -”ok> set-defaults” or “Stop-n”
-must reset server to take effect

diag runs full POST- “ok> diag-switch? true” or “Stop-d”
-must power off server and back on within 10 minutes

skip_diag – ok> setenv diag-switch? false”
-must power off server and back on within 10 minutes

Also see related Infodocs:

27372 How do I jump to LOM prompt on the the Netra T?
26009 Installing the Netra T1 Model AC200 or DC200 from cdrom using
Solaris 8 Update 2 (10/00) or Solaris 8 Update 3 (01/01)
26310 Reinstalling Solaris 8 on the Netra X1 including LOM (Lights
out Management) packages
26667 Connecting a serial cable from a Netra T1 AC/DC200 server to
a laptop

——————————————————————————–
Complete List of Commands
Command Effect
alarmoff n Set alarm n off.
(Where n is 1, 2, or 3.) These three alarms are software flags. They are associated with no specific conditions but are available to be set by your own processes.
alarmon n Set alarm n on.
(Where n is 1, 2, or 3.) These three alarms are software flags. They are associated with no specific conditions but are available to be set by your own processes.
break Takes the server down to the OK prompt.
bootmode mode Determines the behavior of the server during the boot process.
check Resets monitoring to report all failures.
If a monitored component has failed, the LOMlite2 device will not continue to report the same failure. To check the status of the component, for example, after attempting to fix it, issue the check command. This updates the status of all monitored components.
console The command takes you out of the LOMlite2 shell and back to the Solaris prompt. It returns control of the serial connection to the console.
environment Displays the temperature of the server and the status of the fans, the power supply, the over-temperature monitors, the supply rails and circuit breakers, the alarms, and the fault LED.
faulton Sets the Fault LED to On.
faultoff Sets the Fault LED to Off.
help Displays the list of LOM commands.
loghistory Displays all the events in the LOMlite2 device’s Event Log.
logout This command is for use by named users you have set up with password access to the LOMlite2 device. It returns them to the LOM user login prompt.
poweron Powers the server On.
poweroff Powers the server Off.
reset Resets the Netra T1 server.
show model Displays the server model.
show hostname Displays the server name (this command is equivalent to the Solaris uname -n command.
show eventlog Displays the LOMlite2 device’s event log.
The event log is the list of the last 10 events to have been stored in the LOMlite2 device. The most recent event is the one at the bottom of the list.
show escape Displays the current LOMlite2 escape sequence.
show Displays all the information available with the show command.
useradd Adds a user to the LOMlite2 device’s list of permitted users.
userdel Deletes a user to the LOMlite2 device’s list of permitted users.
usershow user Displays the details for the LOMlite2 account user.
userpassword Sets or changes a user’s password
userperm Sets the permission levels for a named user.
version Displays the version number of the LOMlite2 device.

Note:
[Sparc] 任何时候通过Stop+a(SUN键盘)或者ctrl+break(PC键盘)进入到OBP提示符下
ok

if (window.showTocToggle) { var tocShowText = “显示”; var tocHideText = “隐藏”; showTocToggle(); }

生成密钥

在Frontend机器上生成密钥

# cd ~/.ssh/
# ssh-keygen
# ls -l
total 32
-rw------- 1 root root  1671 Jul 31 11:27 id_rsa
-rw------- 1 root root   395 Jul 31 11:27 id_rsa.pub
-rw-r--r-- 1 root root 10323 Jul 31 16:07 known_hosts

复制密钥

将公共密钥复制到需要同步的服务器上：

Fedora linux & Solaris 9

# scp id_rsa.pub root@ondosrv:/root/.ssh/authorized_keys2

Redhad linux

# scp id_rsa.pub root@ondosrv:/root/.ssh/authorized_keys

测试ssh

在Frontend机器上测试

# ssh root@ondosrv

注释：应该不需要输入密码。

编写同步程序

在Frontend机器上编写同步程序

# cd /backup
# vi sync.sh
# chmod 700 sync.sh
----------------------------
Linux:
rsync -avlR --delete -e ssh root@192.168.100.1:/usr/share/tomcat5/ /backup/ondo/
rsync -avlR --delete /home/utstar/ /backup/frontend/
rsync -avlR --delete /var/named/ /backup/frontend/
rsync -avlR --delete /etc/ /backup/frontend/
----------------------------

在Windows机器上编写同步程序

rsync -avlR --delete -e ssh '/cygdrive/d/html/PCMS_document/design_document' root@frontend:/backup/hz_3g_filesrv/

参数意义如下

-a, --archive
It is a quick way of saying you want recursion and want to preserve almost everything.
-v, --verbose
This option increases the amount of information you are given during the transfer.
-l, --links
When symlinks are encountered, recreate the symlink on the destination.
-R, --relative
Use relative paths. 保留相对路径...才不让子目录跟 parent 挤在同一层...
--delete
是指如果服务器端删除了这一文件，那么客户端也相应把文件删除，保持真正的一致。
-e ssh
建立起加密的连接。

rsync命令的使用请参照：http://hi.baidu.com/finet/blog/item/e43dd8f2df3fb412b07ec5ca.html

备份目录规则

备份根目录：

/backup

按机器名称建立子目录：

/backup/ondosrv
/backup/frontend
/backup/mailsrv
......

定时执行备份程序

# crontab -e
0 2 * * * /backup/sync.sh

注释：每天凌晨2点运行进行同步。

FAQ

如何备份 Solaris 9 上的文件

Q1: rsync运行出错，e.g. Solaris machine?

[root@frontend backup]# rsync -avlR --delete -e ssh root@jstart:/jstart/ /backup/vgmsu2/
ksh: rsync:  not found
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(434)

A: 目的机器上的rsync路径不对，无法找到rsync

root@vgmsu2:/usr/bin>which rsync
/usr/local/bin/rsync
root@vgmsu2:/usr/bin>ln /usr/local/bin/rsync /usr/bin/rsync
root@vgmsu2:/usr/bin>which rsync
/usr/bin/rsync

如何备份 Windows 上的文件

Q2: 使用 ssh 登录 Windows 服务器总是需要输入口令，如何避免口令的输入？

sshd配置

Refer to ‘quickstart.txt’

$> cd c:\Program Files\OpenSSH\bin
$> mkgroup -l >> ..\etc\group      (local groups)
   mkgroup -d >> ..\etc\group      (domain groups)
$> mkpasswd -l [-u <username>] >> ..\etc\passwd      (local users)
   mkpasswd -d [-u <username>] >> ..\etc\passwd      (domain users)
$> net start opensshd

现在可以从别的机器用 ssh 登录到 Windows

修复用户 home 配置

修改 c:\Program Files\OpenSSH\etc\passwd

root:unused_by_nt/2000/xp:1012:513:root,U-HZ_3G_FILESRV\root,S-1-5-21-448539723-1450960922-725345543-1012:/cygdrive/c/documents and settings/root:/cygdrive/c/program files/openssh/bin/switch

使用 /cygdrive/c/documents and settings/root 代替 /home/root/

避免输入口令

Refer to ‘key_authentication.txt’

复制客户机上的公共密钥到服务器上
$> mkdir C:\Documents and Settings\root\.ssh
$> copy id_rsa.pub C:\Documents and Settings\root\.ssh\authorized_keys
   copy id_rsa.pub C:\Documents and Settings\root\.ssh\authorized_keys2

如果还是需要输入口令，则需要修改 sshd 配置文件 sshd.conf / sshd_config

原来的配置：
StrictModes yes
修改后的配置：
StrictModes no

重启 sshd 服务，就大功告成了。

rsync -avlR --delete -e ssh administrator@hz_3g_filesrv:'/cygdrive/d/html/PCMS_document/design_document/' /backup/hz_3g_filesrv/
rsync -avlR --delete -e ssh administrator@hz_3g_filesrv:'/cygdrive/f/share1/PCMS_document/8250/design_document/' /backup/hz_3g_filesrv/
rsync -avlR --delete -e ssh administrator@hz_3g_filesrv:'/cygdrive/f/share1/PCMS_document/8260/design_document/' /backup/hz_3g_filesrv/