2013年3月13日水曜日

Installing Munin on gentoo and CentOS

Munin, which is a software to monitor the servers requires less effort to setup than MRTG.
I setup Munin server on gentoo box and munin-node on centos boxes.
Munin server collects status from munin-nodes and generates charts.

Setup Munin server on gentoo

Article in gentoo wiki is helpful.
Before installing munin, it is better to serup httpd like apache, lighttpd.
If you have already installed httpd, simple emerge it, but you cannot use -minimal flag.
# emerge -v munin
# emerge --config net-analyzer/munin
If you also want to monitor this box, it should also be munin-node.
# rc-update add munin-node default
# /etc/init.d/munin-node



Then edit the /etc/munin/munin.conf and add following entry if not exists.
[yourserver.example.com]
        address 127.0.0.1
        use_node_name yes
emerge --config commands installs crontab, so you will find newly generated charts within 5 minutes at /var/www/localhost/htdocs/munin/.

Setup Munin-node on centos

Enable EPEL

Because munin is not hosted in the default repository, you have to enable EPEL (Extra Packages for Enterprise Linux).
On CentOS 5.x x86_64 
# rpm -ivh http://ftp-srv2.kddilabs.jp/Linux/distributions/fedora/epel/5/x86_64/epel-release-5-4.noarch.rpm
 On CentOS 6.x x86_64
# rpn -ivh http://ftp-srv2.kddilabs.jp/Linux/distributions/fedora/epel/6/x86_64/epel-release-6-5.noarch.rpm
Then edit/etc/yum.repos.d/epel-testing.repo and set enable of [epel-testing].
enabled=1

Install munin-node

Just yum it.
# yum install munin-node
Edit /etc/munin/munin-node.conf and  add allow entry for Munin server. Note that the IP address must be described as a regular expression.
allow ^192\.168\.0\.\d+$
Then boot munin-node and make it executed automatically.
# /etc/init.d/munin-node start
# chkconfig --add munin-node
# chkconfig munin-node on

Add munin-node to be monitored

Edit /etc/munin/munin.conf on gentoo box and add an entry of centos box.
 [centos.example.com]
        address 192.168.0.2
        use_node_name yes
Now you can check the status at http://gentoobox.example.com/munin/.

2013年3月7日木曜日

802.1X PEAP-md5 authentification with freeradius

A few wireless access point supports WPA2-EAP, each user can have different password to connect wifi with it.
Some model of corega supports WPA2-EAP, you have to check the datasheet before you buy.

RADIUS server, which manages accounts is necessary for EAP auth.
I realized WPA2-EAP wifi access point with freeradius on gentoo linux.
Following is the procedure of it.

Install freeradius

Simply emerge it.
# emerge freeradius -v

Setup the config files

Edit /etc/raddb/clients.conf to allow clients(access point) to query the account.
Add an entry like following.
client 192.168.0.0/24 {
        secret = secretphrase
        shortname = yourservername
}

Make account

Edit /etc/raddb/users to add accounts.
The following 3 lines are required for each account.

account_name Cleartext-Password := "password"
        Service-Type = Framed-User,
        Framed-Protocol = PPP

Setup access point 

Setup the access point to use WPA2-EAP auth.
You have to specify at least 2 information below.
  1. IP address or hostname of radius server
  2. secret key specified in clients.conf




Start daemon with debug mode

# radiusd -X
If you try to connect the access point, access point queries the radius server and radiusd will show the debug messages.
You will have to enter the account name and password as in /etc/radvd/users.

I tested with 4 clients, windows8 pro, android 2.3, android 4.0 and android 4.2. Only android 2.3 failed to connect. I am not sure the reason.

Let radiusd starts at boot time

# rc-update add radiusd default

What is TLMu?

TLMu, which is originaly written by Edgar Iglesias  is a software based on QEMU.

QEMU is a emulator which supports various kinds of architectures like x86, arm, ppc, mips, xtensa and so on.
TLMu lets you connect CPU core in QEMU to SystemC models.
TLMu hooks memory access from CPU core and redirect to TLM-2.0 access.
CPU core in QEMU can access SystemC world and vice versa.

Edgar seemed to focus on cris and I found several problems on arm and mips.
I had fixed them and Edgar accepted my patches.
After the modifications, I managed to boot the latest Linux kernel (3.4) on TLMu + SystemC peripheral environment. Whole environment is available at here.

Edgar's original TLMu is based on relatively older QEMU (maybe around 1.0).
I wanted to catch up with the mainline QEMU release, so I forked and rebased onto the QEMU-1.2.0.
The internal of QEMU has greatly changed between 1.0 and 1.2, so I had to rewrite the most part of memory access hooks. As a byproduct of the rewrite, I add turbo mode, in which Linux boot time is 7x accelerated.

My TLMu branch keeps up with the mainline QEMU  and has original features like OpenRISC support, turbo mode now.

I will explain the memory access hooks and turbo mode in the next post.