Setting up LAMP on Centos 6.3 with SuExec and FastCGI for performance

Use this script to help create a LAMP server with FastCGI, SuExec and a simple script to setup WordPress Virtual hosts.

# TNWebServer Updated for CentOS 6.3

# SETUP
# ~~~~~
echo $'#\x21/bin/sh' > /etc/profile.d/x.sh
echo "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" >> /etc/profile.d/x.sh
chmod 755 /etc/profile.d/x.sh

# Install EPEL
rpm -Uvh http://mirror.pnl.gov/epel/6/i386/epel-release-6-7.noarch.rpm

# Install prereqs
yum install httpd httpd-devel php-mysql mysql-server php gcc php-mbstring 

cd
mkdir build
cd build

# FastCGI
# ~~~~~~~
wget http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz
tar -zxvf mod_fastcgi-current.tar.gz
cd mod_fastcgi*

cp Makefile.AP2 Makefile

make top_dir=/usr/lib64/httpd
make install top_dir=/usr/lib64/httpd

echo "LoadModule fastcgi_module modules/mod_fastcgi.so" > /etc/httpd/conf.d/00-FastCGI.conf
echo "DirectoryIndex index.php default.php" >> /etc/httpd/conf.d/00-FastCGI.conf
echo "" >> /etc/httpd/conf.d/00-FastCGI.conf
echo "" >> /etc/httpd/conf.d/00-FastCGI.conf
echo "  AddHandler fastcgi-script .fcgi" >> /etc/httpd/conf.d/00-FastCGI.conf
echo "  FastCgiWrapper /usr/sbin/suexec" >> /etc/httpd/conf.d/00-FastCGI.conf
echo "  FastCgiIpcDir fcgi/" >> /etc/httpd/conf.d/00-FastCGI.conf
echo "  FastCgiConfig -singleThreshold 1 -autoUpdate -idle-timeout 240 -pass-header HTTP_AUTHORIZATION" >> /etc/httpd/conf.d/00-FastCGI.conf
echo "" >> /etc/httpd/conf.d/00-FastCGI.conf

echo "#Disabled" > /etc/httpd/conf.d/php.conf

# turn on vhosting
echo "NameVirtualHost *:80" > /etc/httpd/conf.d/01-EnableVirtualHost.conf
echo "Include conf.d/hosts/*" >> /etc/httpd/conf.d/01-EnableVirtualHost.conf

chmod 755 /usr/sbin/suexec
chmod +s /usr/sbin/suexec

mkdir /etc/httpd/fcgi
mkdir /etc/httpd/fcgi/dynamic
mkdir /etc/httpd/conf.d/hosts
chmod 777 /etc/httpd/fcgi -R

# Switch to worker mode
echo "HTTPD=/usr/sbin/httpd.worker" >> /etc/sysconfig/httpd


# Create the skeleton
cd /opt
mkdir skel
mkdir skel/logs
mkdir skel/homepage
mkdir skel/cgi-bin
echo $'#\x21/bin/sh' > skel/cgi-bin/php.fcgi
echo "PHP_CGI=/usr/bin/php-cgi" >> skel/cgi-bin/php.fcgi
echo "PHP_FCGI_CHILDREN=2" >> skel/cgi-bin/php.fcgi
echo "PHP_FCGI_MAX_REQUESTS=1000" >> skel/cgi-bin/php.fcgi
echo "### no editing below ###" >> skel/cgi-bin/php.fcgi
echo "export PHP_FCGI_CHILDREN" >> skel/cgi-bin/php.fcgi
echo "export PHP_FCGI_MAX_REQUESTS" >> skel/cgi-bin/php.fcgi
echo "exec \$PHP_CGI" >> skel/cgi-bin/php.fcgi

chmod 755 skel/cgi-bin/php.fcgi


# Vhost template
echo "" > /etc/httpd/conf.d/template
echo "        ServerAdmin webmaster@DOMAIN" >> /etc/httpd/conf.d/template
echo "        ServerName DOMAIN" >> /etc/httpd/conf.d/template
echo "        ServerAlias *.DOMAIN" >> /etc/httpd/conf.d/template
echo "        DocumentRoot /var/www/USER/homepage" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        SuexecUserGroup USER USER" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        " >> /etc/httpd/conf.d/template
echo "                Options FollowSymLinks" >> /etc/httpd/conf.d/template
echo "                AllowOverride None" >> /etc/httpd/conf.d/template
echo "        " >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        " >> /etc/httpd/conf.d/template
echo "                Options -Indexes FollowSymLinks -MultiViews" >> /etc/httpd/conf.d/template
echo "                AllowOverride all" >> /etc/httpd/conf.d/template
echo "                Order allow,deny" >> /etc/httpd/conf.d/template
echo "                Allow from all" >> /etc/httpd/conf.d/template
echo "        " >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        ScriptAlias /cgi-bin/ /var/www/USER/cgi-bin/" >> /etc/httpd/conf.d/template
echo "        " >> /etc/httpd/conf.d/template
echo "                AllowOverride None" >> /etc/httpd/conf.d/template
echo "                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch" >> /etc/httpd/conf.d/template
echo "                Order allow,deny" >> /etc/httpd/conf.d/template
echo "                Allow from all" >> /etc/httpd/conf.d/template
echo "        " >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        AddHandler php-fastcgi .php" >> /etc/httpd/conf.d/template
echo "        AddType application/x-httpd-php .php" >> /etc/httpd/conf.d/template
echo "        DirectoryIndex index.html index.php" >> /etc/httpd/conf.d/template
echo "        Action php-fastcgi /cgi-bin/php.fcgi" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        ServerSignature On" >> /etc/httpd/conf.d/template
echo "        ErrorLog logs/USER/error.log" >> /etc/httpd/conf.d/template
echo "        CustomLog logs/USER/access.log combined" >> /etc/httpd/conf.d/template
echo "        # Uncomment for Dedicated server" >> /etc/httpd/conf.d/template
echo "        # FastCgiServer /var/www/USER/cgi-bin/php.fcgi -user USER -group USER" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template

# create a shortcut script to create webs
# usage: createweb username domainname.tld
echo $'#\x21/bin/sh' > /usr/sbin/createweb
echo "if [ \$# -ne 3 ]" >> /usr/sbin/createweb
echo "then" >> /usr/sbin/createweb
echo "  echo Usage: createweb {username} {websitedomainname} {password}" >> /usr/sbin/createweb
echo "  echo Example: createweb somedomainuser somedomain.com password" >> /usr/sbin/createweb
echo "  exit 1" >> /usr/sbin/createweb
echo "fi" >> /usr/sbin/createweb
echo "useradd -b /var/www -d /var/www/\$1 -m -k /opt/skel -s /bin/false \$1" >> /usr/sbin/createweb
echo "chmod 755 /var/www/\$1" >> /usr/sbin/createweb
echo "chmod 755 /var/www/\$1/cgi-bin/php.fcgi" >> /usr/sbin/createweb
echo "ln -s /var/www/\$1/logs /var/log/httpd/\$1" >> /usr/sbin/createweb
echo "cp /etc/httpd/conf.d/template /etc/httpd/conf.d/hosts/\$2" >> /usr/sbin/createweb
echo "replace DOMAIN \$2 -- /etc/httpd/conf.d/hosts/\$2" >> /usr/sbin/createweb
echo "replace USER \$1 -- /etc/httpd/conf.d/hosts/\$2" >> /usr/sbin/createweb
echo "echo \"\$3\" | passwd --stdin \$1" >> /usr/sbin/createweb
echo "chown root.root /var/www/\$1" >> /usr/sbin/createweb
echo "echo \"CREATE DATABASE \$1;\" | mysql" >> /usr/sbin/createweb
echo "echo \"GRANT ALL PRIVILEGES ON \$1.* to \$1@localhost identified by '\$3';\" | mysql" >> /usr/sbin/createweb
chmod 700 /usr/sbin/createweb

# chroot jail ssh
cd /etc/ssh

echo "Port 24" > sshd_config24
echo "Protocol 2" >> sshd_config24
echo "SyslogFacility AUTHPRIV" >> sshd_config24
echo "PermitRootLogin no" >> sshd_config24
echo "PasswordAuthentication yes" >> sshd_config24
echo "GSSAPIAuthentication yes" >> sshd_config24
echo "GSSAPICleanupCredentials yes" >> sshd_config24
echo "UsePAM yes" >> sshd_config24
echo "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES" >> sshd_config24
echo "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT" >> sshd_config24
echo "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE" >> sshd_config24
echo "AcceptEnv XMODIFIERS" >> sshd_config24
echo "X11Forwarding yes" >> sshd_config24
echo "ChrootDirectory /var/www/%u" >> sshd_config24
echo "Subsystem       sftp    internal-sftp" >> sshd_config24

# Startup on reboot
echo "/usr/sbin/sshd -f /etc/ssh/sshd_config24" >> /etc/rc.d/rc.local

# Start Now
/usr/sbin/sshd -f /etc/ssh/sshd_config24

chkconfig httpd on

# MYSQL
# ~~~~~
chkconfig mysqld on
/etc/init.d/mysqld start
/usr/bin/mysql_secure_installation

# store the root password into a my.cnf file
echo "[client]" > ~/.my.cnf
echo "password=MYSQLPASSWORD" > ~/.my.cnf
chmod 600 ~/.my.cnf

# Script to auto install Word Press
# ~~~~~
echo $'#\x21/bin/sh' > /usr/sbin/installwp
echo "if [ \$# -ne 2 ]" >> /usr/sbin/installwp
echo "then" >> /usr/sbin/installwp
echo "  echo Usage: installwp {username} {version}" >> /usr/sbin/installwp
echo "  echo Example: installwp test 3.4.2" >> /usr/sbin/installwp
echo "  exit 1" >> /usr/sbin/installwp
echo "fi" >> /usr/sbin/installwp
echo "" >> /usr/sbin/installwp
echo "cd /var/www/\$1/homepage" >> /usr/sbin/installwp
echo "svn co http://core.svn.wordpress.org/tags/\$2 ." >> /usr/sbin/installwp
echo "chown \$1.\$1 /var/www/\$1/homepage -R" >> /usr/sbin/installwp

chmod 700 /usr/sbin/installwp

Lync 2010 with WildCard Certificates

Lync 2010, is a terrific piece of software that allows for simple, effective collaboration for all sizes of businesses. Unfortunately,the architecture of the application is kludged together in a half baked form. What this also means that is that the Lync team decided to support “SAN” or “UCC” certificates so they can secure multiple domains with one certificate. However, they neglected to support wildcard certificates completely. This has been somewhat resolved with the latest Cumulative Update 6 (CU6), but still a nightmare to get going.

Even with this blog post, you may find it a nightmare to get it to work. Here are the steps that worked for me. This is for a 3 server setup, two front ends, and one edge.

1) Get a good wildcard cert. The EssentialSSL Wildcard from Comodo worked for me. The PositiveSSL did NOT.

2) Get the thumbprint of the SSL.

3) Install the certificate on all the machines. Make sure its in the My Computer sectionof the Certificate Manager

4) Open the Lync Powershell.

5) For the front end pools, enter the following command
Set-CSCertificate -Type Default,WebServicesInternal,WebServicesExternal -Thumbprint <thumbprint> -Verbose -Confirm:$false -Report c:\temp\test.html

6) For the edge pools, enter the following command
Set-CSCertificate -Type AccessEdgeExternal,DataEdgeExternal,AudioVideoAuthentication -Thumbprint <thumbprint> -Verbose -Confirm:$false -Report "c:\temp\test.html"

7) On all machines, create the reg dword key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"Sendtrustedissuerlist"=dword:00000000

Reboot. Check your event logs to see if it took. When I used the PositiveSSL Wildcard, it did not work -the system simply didn’t trust it. The EssentialSSL worked fine.

Lync 2010 Hanging up after call connected

Hello, a quick post. Over the past few weeks, I noticed that Lync calls were hanging up on me for no apparent reason. After it hung up on me with a client that needed help right away, I got frustrated and tried to figure out what the problem was.

After looking around, I found the issue to be multiple ip’s on my workstation that were un-routable. I had added static IP’s to my workstation to configure some routers and switches, and didn’t remove them after I was done.

Apparently, Lync tries the other IP’s if they think its going to work better – in the process, it hangs up the call when it tries to connect to one of the non routable ip’s.

So, if you have having an issue with Lync which causes a call to connect, and then get disconnected after 5-10 seconds – look at your ip configuration.

Possibly related to Call Admission Control and Media Bypass.

How to – Emergency P2V from a external hard disk to Hyper-V

Hello, this is more of a reminder to myself but I hope others can use this. This works with Hyper-V but could work with any virtualization platform.

The reason for this post. A customer laptop wouldn’t power on, and the customer needed files from the hard drive which was in tact. So here is what I did t get it up and running under my Lab Hyper-V.

  1. Take out the disk, and run disk2vhd on the drive. Ensure you get all partitions, including any extra manufacturer partitions (yuck)
  2. Copy the vhd to your HV host, create a simple VM with ample ram, and select the vhd just created, also mount a windows 7 iso
  3. Start the machine, boot from the iso
  4. At the first windows setup screen, press Shift-F10
    image
    image
  5. Load up regedit, and navigate to HKLM
    image
  6. Click file, load hive
    image
  7. Navigate to the windows\system32\config folder of the attached drive, and load up the SYSTEM hive
    image
    image
    image
  8. Use any name for the load hive key name, I used “test”
    image
  9. Navigate to HKLM\test\ControlSet001\services\intelide
    image
  10. Set the Start DWARD to “0”
    image
  11. Navigate back to HKLM\test, and click File, unload hive
    image
    Click Yes
    image
  12. Close all windows, and reboot
    image
  13. Done.

Basically, what we’re doing is turning on the Intel IDE driver which might be disabled on computer with AHCI and other SATA drivers. Since we use Hyper-V’s IDE driver to attach the disk, the driver doesn’t load at startup and this allows the driver to load so that the rest of windows can boot up!

Thanks to Jeffrey Goines.

Hyper-V : Mounting ISO’s from a Network Share

To mount an ISO to a VM running under Hyper-V requires a few tweaks to the domain account to let this happen. I don’t recall where I found this tip, but I had to do it again and it took me a while to find the settings I had made.

In essence, here are the steps required

  1. Make sure the share is accessible by the computer account hyper-v is running on. In my case, it was adding TNVS2 to the network share*. You can use “everyone” but this is better I think. Just read is enough
  2. On the domain computer account, edit the delegation properties. We need to add the network storage server to this account for delegation. Select “Trust the computer for delegation to specified services only”, and then click “Add”. Enter the server name where the shares reside. It will now show you a list of services from the server, select “cifs”.
  3. Set the protocol to “Use any authentication protocol”

That’s it.

* For ease, I created a Security Group in AD called “Hyper-V Servers” and then added all the hyper-v servers computer accounts to it, to make security assigning easier when adding new servers to the farm.

Enable MPIO on Hyper-V R2

Hello, this is more a post to remind myself on how to install MPIO on Hyper-V R2. I’ve been experimenting with MPIO and my WSS server’s to make a more robust cluster, and need to use MPIO to have proper failover when maintaining the iSCSI /SAN network.

By default Hyper-V R2 does not habe the MPIO feature installed, so this needs to be enabled by issuing the command

Dism /online /enable-feature:MultipathIo

Copy and paste the above, as it is case sensitive. It doesn’t end here however, we still need to register the iSCSI initiator to use MPIO. Start up the MPIO control panel

mpiocpl

Check the box “Add support for iSCSI devices”

image

Then click “Add”

image

Reboot when ready. Once rebooted, simply add a new session to your iSCSI target, and you can then use the MCS/MPIO to verify and set the MPIO configuration (round robin or failover only). Using this, I have verified I can get double the throughput when using two interfaces on an WSS target.

Centos 6.1 LAMP Server with Fast CGI and SuExec

Here are my notes on creating a LAMP server with FastCGI/SuExec on the latest CentOS 6.1. I prefer to use CentOS since it is fully Hyper-V happy, and quiet well supported.

This assumes the “Basic Server” installation on CentOS 6.1. MySQL is installed, but not configured – but that’s an easy one to do. This also includes a bit at the end to run SSH for SFTP on port 24 so that you can allow external users in without them messing around with other users data.

# Centos 6.1 LAMP Server with Fast CGI and SuExec

# Install prereqs
yum install httpd httpd-devel php-mysql mysql-server php gcc

# Fast CGI
cd /opt
wget http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz
tar -zxvf mod_fastcgi-current.tar.gz
cd mod_fastcgi*

cp Makefile.AP2 Makefile

make top_dir=/usr/lib64/httpd
make install top_dir=/usr/lib64/httpd

echo "LoadModule fastcgi_module modules/mod_fastcgi.so" > /etc/httpd/conf.d/mod_fastcgi.conf
echo "DirectoryIndex index.php default.php" >> /etc/httpd/conf.d/mod_fastcgi.conf
echo "" >> /etc/httpd/conf.d/mod_fastcgi.conf
echo "<IfModule mod_fastcgi.c>" >> /etc/httpd/conf.d/mod_fastcgi.conf
echo "  AddHandler fastcgi-script .fcgi" >> /etc/httpd/conf.d/mod_fastcgi.conf
echo "  FastCgiWrapper /usr/sbin/suexec" >> /etc/httpd/conf.d/mod_fastcgi.conf
echo "  FastCgiIpcDir fcgi/" >> /etc/httpd/conf.d/mod_fastcgi.conf
echo "  FastCgiConfig -singleThreshold 1 -autoUpdate -idle-timeout 240 -pass-header HTTP_AUTHORIZATION" >> /etc/httpd/conf.d/mod_fastcgi.conf
echo "</IfModule>" >> /etc/httpd/conf.d/mod_fastcgi.conf

chmod 755 /usr/sbin/suexec
chmod +s /usr/sbin/suexec

mkdir /etc/httpd/fcgi
mkdir /etc/httpd/fcgi/dynamic
chmod 777 /etc/httpd/fcgi -R

# Switch to worker mode
echo "HTTPD=/usr/sbin/httpd.worker" >> /etc/sysconfig/httpd

# Create the skeleton
cd /opt
mkdir skel
mkdir skel/logs
mkdir skel/homepage
mkdir skel/cgi-bin
echo $’#\x21/bin/sh’ > skel/cgi-bin/php.fcgi
echo "PHP_CGI=/usr/bin/php-cgi" >> skel/cgi-bin/php.fcgi
echo "PHP_FCGI_CHILDREN=2" >> skel/cgi-bin/php.fcgi
echo "PHP_FCGI_MAX_REQUESTS=1000" >> skel/cgi-bin/php.fcgi
echo "### no editing below ###" >> skel/cgi-bin/php.fcgi
echo "export PHP_FCGI_CHILDREN" >> skel/cgi-bin/php.fcgi
echo "export PHP_FCGI_MAX_REQUESTS" >> skel/cgi-bin/php.fcgi
echo "exec \$PHP_CGI" >> skel/cgi-bin/php.fcgi

chmod 755 skel/cgi-bin/php.fcgi

# Vhost template
mkdir /etc/httpd/conf.d/hosts
echo "<VirtualHost *:80>" > /etc/httpd/conf.d/template
echo "        ServerAdmin webmaster@DOMAIN" >> /etc/httpd/conf.d/template
echo "        ServerName DOMAIN" >> /etc/httpd/conf.d/template
echo "        ServerAlias *.DOMAIN" >> /etc/httpd/conf.d/template
echo "        DocumentRoot /var/www/USER/homepage" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        SuexecUserGroup USER USER" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        <Directory />" >> /etc/httpd/conf.d/template
echo "                Options FollowSymLinks" >> /etc/httpd/conf.d/template
echo "                AllowOverride None" >> /etc/httpd/conf.d/template
echo "        </Directory>" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        <Directory /var/www/USER/homepage/>" >> /etc/httpd/conf.d/template
echo "                Options -Indexes FollowSymLinks -MultiViews" >> /etc/httpd/conf.d/template
echo "                AllowOverride all" >> /etc/httpd/conf.d/template
echo "                Order allow,deny" >> /etc/httpd/conf.d/template
echo "                Allow from all" >> /etc/httpd/conf.d/template
echo "        </Directory>" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        ScriptAlias /cgi-bin/ /var/www/USER/cgi-bin/" >> /etc/httpd/conf.d/template
echo "        <Directory "/var/www/USER/cgi-bin/">" >> /etc/httpd/conf.d/template
echo "                AllowOverride None" >> /etc/httpd/conf.d/template
echo "                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch" >> /etc/httpd/conf.d/template
echo "                Order allow,deny" >> /etc/httpd/conf.d/template
echo "                Allow from all" >> /etc/httpd/conf.d/template
echo "        </Directory>" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        AddHandler php-fastcgi .php" >> /etc/httpd/conf.d/template
echo "        AddType application/x-httpd-php .php" >> /etc/httpd/conf.d/template
echo "        DirectoryIndex index.html index.php" >> /etc/httpd/conf.d/template
echo "        Action php-fastcgi /cgi-bin/php.fcgi" >> /etc/httpd/conf.d/template
echo "" >> /etc/httpd/conf.d/template
echo "        ServerSignature On" >> /etc/httpd/conf.d/template
echo "        ErrorLog logs/USER/error.log" >> /etc/httpd/conf.d/template
echo "        CustomLog logs/USER/access.log combined" >> /etc/httpd/conf.d/template
echo "</VirtualHost>" >> /etc/httpd/conf.d/template

# turn on vhosting
echo "NameVirtualHost *:80" > /etc/httpd/conf.d/00-EnableVirtualHost.conf
echo "Include conf.d/hosts/*" >> /etc/httpd/conf.d/00-EnableVirtualHost.conf

# create a shortcut script to create webs
# usage: createweb username domainname.tld
echo $’#\x21/bin/sh’ > /usr/sbin/createweb
echo "useradd -b /var/www -d /var/www/\$1 -m -k /opt/skel -s /bin/false \$1" >> /usr/sbin/createweb
echo "chmod 755 /var/www/\$1" >> /usr/sbin/createweb
echo "chmod 755 /var/www/\$1/cgi-bin/php.fcgi" >> /usr/sbin/createweb
echo "ln -s /var/www/\$1/logs /var/log/httpd/\$1" >> /usr/sbin/createweb
echo "cp /etc/httpd/conf.d/template /etc/httpd/conf.d/hosts/\$2" >> /usr/sbin/createweb
echo "replace DOMAIN \$2 — /etc/httpd/conf.d/hosts/\$2" >> /usr/sbin/createweb
echo "replace USER \$1 — /etc/httpd/conf.d/hosts/\$2" >> /usr/sbin/createweb
echo "passwd \$1" >> /usr/sbin/createweb
echo "chown root.root /var/www/$1" >> /usr/sbin/createweb
chmod 700 /usr/sbin/createweb

# chroot jail ssh.
cd /etc/ssh

cp sshd_config sshd_config24
nano sshd_config24

# Change the following
Port 24
PermitRootLogin no
ChrootDirectory /var/www/%u
Subsystem       sftp    internal-sftp

# Startup on reboot
echo "/usr/sbin/sshd -f /etc/ssh/sshd_config24" >> /etc/rc.d/rc.local

#Start Now
/usr/sbin/sshd -f /etc/ssh/sshd_config24

Quick Guide to installing Asterisk 1.8 on Centos 6.0

Quick notes on installing asterisk 1.8 on Centos 6.0 x64. I used this to connect Microsoft Lync to my SIP providers.

yum install wget
yum install kernel-devel gcc make gcc-c++ libxml2-devel
yum install perl ncurses-devel

wget http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-1.8.5.0.tar.gz
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/releases/dahdi-linux-complete-2.5.0+2.5.0.tar.gz
tar -xvzf asterisk-1.8*
tar -xvzf dahdi-linux-complete-*
cd  dahdi-linux-complete*
make all

make install
make config
chkconfig dahdi on
service dahdi start
cd ..
cd asterisk-*
make clean
./configure
make menuselect
make
make install
make samples
make config
chkconfig asterisk on

Lync Application Sharing and Software Firewalls

Quick post on a discovery I made. I setup a complete infrastructure on an Hyper-V host for a customer (co-located at a datacenter), and one of the components of this infrastructure was Lync 2010. Lync is a phenomenal piece of software that allows for full collaboration for an enterprise without using third party services.

After the complete setup, we noticed that external users were not getting a great experience using desktop sharing / application sharing features from within Lync. Upon further investigation, it turned out the firewall was getting slammed (a virtual instance of pfSense on the hyper-v host). It appears that Lync floods the servers with as much udp traffic as configured to allow, and this causes a problem for the pfSense install which uses emulated network cards. My theory is that the software interrupts that are getting triggered for the emulated network card eats up all the cpu time on the guest OS giving it little time to do the routing/natting it needs to accomplish.

We solved this by using a very simple Linux firewall, although I could have easily just moved the pfSense install to a real machine and would have accomplished the same result. I also wonder if using a CentOS based firewall on the Hyper-V host would have solved the problem since it is supported using Hyper-V’s synthetic nics.

Hyper-V : Upgrading kernel on an CentOS guest OS

CentOS works pretty well under Hyper-V once you install the Linux IC from Microsoft. I see significantly improved disk i/o performance, along with network performance. However, there is a glitch with the Microsoft supported solution. There is no official explanation or steps on how to upgrade your CentOS kernel to the latest, after you have he IC installed on a earlier version. If you attempted to upgrade the kernel, you’ll be stuck with a dead system (well, you can manually revert back to the old kernel).

So, I needed to install Asterisk 1.8 on a CentOS guest. I had a pre created template of a CentOS 5.4 system that I’ve been using a while, and started my process on that. After installing the Asterisk repositories, and installing Asterisk 1.8, I did notice that yum had upgraded my Kernel. I knew this would be a problem, so what we need to do is upgrade the Linux IC to run on this new kernel. Unfortunately, running “setup.pl drivers” from the linux IC source doesn’t do much, since it’ll just upgrade the current running kernel, which is not the one that’s been installed.

To upgrade the Linux IC, you need to fake the output of uname with the latest version of the kernel so that the setup and make scripts know what to build on.

What I ended up doing, was writing a simple c program to fake the uname output so that uname would give the names of the newest kernel, not the current one. If you are stuck in this situation, simple make a new file with the following source (change the kernel versions as required), and compile and replace the system uname with our “fake” uname.

#include <stdio.h>

int main(int argc, char* argv[])
{
        if (argc > 1)
        {
                if (strcmp(argv[1], "-r") == 0)
                {
                        printf("2.6.18-194.32.1.el5\n");
                }
                else if (strcmp(argv[1], "-p") == 0)
                {
                        printf("x86_64\n");
                }
                else if (strcmp(argv[1], "-m") == 0)
                {
                        printf("x86_64\n");
                }
        }

        return 0;
}

That’s it. Save it, and compile it with “cc uname.c”. Make a backup of the current uname (in /bin/uname), and then copy this file over to “/bin/uname” and then run setup.pl drivers

 

Done