Today we recieved a new system to enroll our Linux operating system on. It comes with two six core Intel Xeon processors with hyperthreading enabled. When the installation was finished I fired up top and switched to SMP view, which didn’t worked. It displayed the following message (have a look at the picture). I had to enlarge the terminal to have all 24 cpu’s displayed. Too funny!
Do we get ahead of Moore’s law?
Today my recently acquired MacBook Pro was feeling unresponsive and acting much slower than it used to be and not consuming any noteworthy CPU cycles. Doing some searches on the web it appears to be a common problem with the System Management Controller (SMC). After resetting the SMC it’s performing as expected. Those were the steps I carried out.
Have a look at knowledge base article ht3964 for more information.
After reading this article http://xbmc.org/davilla/2009/12/29/broadcom-crystal-hd-its-magic I decided to give my older Mac Mini used as HTPC a second life.
The Broadcom Crystal HD is available now in a mini-PCIE card with ExpressCard and 1X PCIE form factors to follow. This means that the AppleTV and all those lovely new netbooks, Eee Boxes and older Intel Mac Minis have exciting new potential.
That said I began my search for this Broadcom HD Video Decoder. It appeared there are two models, the older BCM70012 and the newer one BCM70015. I chose the last one because it’s smaller, more energy efficitent and handles MPEG-4 ASP (XviD/DivX) where the BCM70012 does not. I ordered the device at Logic Supply for USD 49. It took two weeks (international shipment) before I received the card, as seen on the picture.
The next step was to disassemble the Mac Mini. Since I had done this some time ago to upgrade the memory, it was a walk in the park. There are a lot of good quality youtube movies which will guide you step by step in the process to take it apart. Once opened you’ll notice that the mini-PCIe slot is already taken by the wireless Airport card. So replace the wireless with the BCM70015. I don’t mind loosing the wireless functionality because I’m not using it anyway for the Mac Mini.
Needless to say, but walk through the steps in reverse order to assemble the Mini. Before the newly added hardware can be used you’ll need to install the driver manually. I followed the steps explained on http://code.google.com/p/crystalhd-for-osx. I am using the precompiled crystalhd-for-osx-3.6.0.zip driver. Support for BMC70015 is available since 3.6.0. To utilize the magic I’m using XBMC. There’s support for the Broadcom Crystal HD card since XBMC 10.0 (Dharma).
My retro Mac Mini is now doing full HD (1920 x 1080) movies without any frame drops or stutter.
Today I have spend half a day on fixing my totally wasted looking first generation iPhone. Have a look at the picture for what remains of the LCD and digitizer I took out. Since it is such a robust device I thought let’s give it a try to repair the heavily damaged glass screen, so I ordered a ‘iPhone 2G Complete Replacement Screen – Includes LCD & Digitizer’ at DirectFix.
Once finished the repair, my iPhone 2g was alive and with a shiny new LCD. Only the bezel is still heavily scratched and remembers me of the accident. It adds some unique industrial look and feel *lol*. The guys at pdaparts who created the tutorial and rated the LCD replacement as very difficult were very right. It took me quite some time to dis- and reassemble.
So, after all I am mobile again..
The setup of a SCOM agent without having to enter the root password in the SCOM management console is actually very simple. At first I thought it would be necessary to export the key by which the client certificates are signed to do the signing on the system used to roll out new Linux systems.
I have described the the process below in a few steps.
1. Install the agent.
You can find the manual installation instructions on this site.
2. Create a new user on the Linux client, in my case ‘scom’.
This user and password must match the action account credentials you have entered somewhere in the SCOM administration section.
# useradd scom # passwd scom
3. Change ownership and permissions on /etc/opt/microsoft/scx/ssl/scx-host-[hostname].pem
# chown scom: /etc/opt/microsoft/scx/ssl/scx-host-[hostname].pem # chmod 644 /etc/opt/microsoft/scx/ssl/scx-host-[hostname].pem
4. Start the discovery wizard, add your host and uncheck ‘Enable SSH based discovery’.
Under the host information enter the scom user and the corresponding password. Check the ‘This is a superuser account’ check box.
Make sure the SCOM server can communicate on port 1270/tcp, otherwise discovery will fail.
5. Discovery will report the current (self-signed) certificate is invalid and will suggest to sign the certificate with the SCOM CA key.
Once this step is finished it will report no results, but the certificate is signed. You can verify this with OpenSSL.
6. Restart the scx daemon on the Linux system.
# /opt/microsoft/scx/bin/tools/scxadmin -restart
This will initialize the modified certificate.
7. Re-issue a discovery of the same host (press the previous button two times).
In this final step the host is discovered successfully without having entered the root password.
I have created a Puppet recipe for the above to automate the roll-out of SCOM on Linux:
class scom {
package { scx:
ensure => installed
}
service { scx-cimd:
ensure => true,
enable => true,
hasrestart => true,
hasstatus => true,
subscribe => [ File["/etc/init.d/scx-cimd"], Package[scx] ]
}
file { "/etc/init.d/scx-cimd":
owner => root,
group => root,
mode => 744,
require => Package["scx"],
}
file { "/etc/opt/microsoft/scx/ssl/scx-host-$hostname.pem":
owner => scom,
group => scom,
mode => 644,
checksum => md5,
notify => service[scx-cimd],
require => [ Package["scx"], User["scom"] ]
}
user { "scom":
ensure => present,
name => "scom",
uid => "6004",
comment => "SCOM monitoring agent",
shell => "/bin/bash",
home => "/var/opt/microsoft/scx",
managehome => "true",
password => '$1$vS1boUVQ$vMmabY1rt4FQokoweKvXw/',
require => [ Class["users"], Package["scx"] ]
}
}
The SCOM Linux agent (scx) uses a SSL certificate to trust communication between the SCOM server and Linux agents. The SCOM server communicates with the agent running on port 1270/tcp.
Normally you will deploy the agent by using the discovery wizard. The SCOM server initially makes a SSH connection to the agent and tries to detect which Linux distribution and version it’s dealing with. Then it will push (sftp) and install the scx package. At the end of the installation it will create a certificate. This certificate needs to be signed by the SCOM server, so the server will fetch the certificate, signs it and delivers it back to the client. At the end the agent will restart to initialize the newly created certificate and agent communication over port 1270/tcp is trusted. The above described actions are executed using the privileged account.
It is also possible to manually sign the certificate created during manual installation of the scx package. This process is described below.
1. Copy the output of the following command including ‘—–BEGIN CERTIFICATE—–’ and ‘—–END CERTIFICATE—–’ to your paste buffer.
$ cat /etc/opt/microsoft/scx/ssl/scx-host-[hostname].pem
By using the following command you can view the contents of the certificate:
$ openssl x509 -noout -text \ -in /etc/opt/microsoft/scx/ssl/scx-host-[hostname].pem
2. Create a new file on the SCOM server ‘scx-host-[hostname].pem’, paste the certificate data into it and save this file.
3. Open a windows console and execute the following:
scxcertconfig -sign scx-host-[hostname].pem scx_signed.pem
This command will sign your certificate (scx-host-[hostname].pem) and save it to a new file.
4. Copy the contents of the signed certificate to the paste buffer.
5. Open the ‘/etc/opt/microsoft/scx/ssl/scx-host-[hostname].pem’ on the Linux server, delete it’s contents and paste the newly created certificate data from the paste buffer.
6. Restart the agent by running the following command.
# /opt/microsoft/scx/bin/tools/scxadmin -restart
This will initialize the new certificate.
The last step is open the SCOM management console and walk through the discovery wizard to register the agent. A super-user account is probably not required anymore.
After the installation of the scx package you need to create a action account user. The SCOM agent will be run under this user.
Related article: install-scom-agent-on-red-hat-linux
The steps below describe how to install the SCOM agent on Red Hat Linux 5 x64. We don’t like to enroll the agent by using the SCOM Discovery wizard, as you need to enter the super-user (root)credentials and we’re not sure where the application stores those credentials and it’s used for. So we’re still searching for the minimal permissions for the agent to be installed.
It is possile to install the agent, copy the unsigned client-side generated certificate to the SCOM server, sign the certificate on the SCOM server and copy the signed certificate back to the client. Once you have restarted the scx daemon you can use the discovery wizard on the SCOM server to add the server without using super-user credentials in SCOM.
Once you have installed the Cross Platform Cumulative Update 2 for System Center Operations Manager 2007 R2, a newer version of the agent becomes available on the SCOM server in Program Files\System Center Operations Manager 2007\AgentManagement\UnixAgents.
# rpm -ivh scx-1.0.4-258.rhel.5.x64.rpm Preparing... ########################################### [100%] 1:scx ########################################### [100%] Generating certificate with hostname="host001", domainname="example.local" WARNING! Could not read 256 bytes of random data from /dev/random. Will revert to less secure /dev/urandom. See the security guide for how to regenerate certificates at a later time when more random data might be available. /var/tmp/rpm-tmp.63356: line 163: /usr/lib/lsb/install_initd: No such file or directory Starting Microsoft SCX CIM Server: [ OK ] #
To fix the above problem you can use the following work-around.
rm /dev/random rm: remove character special file `/dev/random'? y # mknod -m 644 /dev/random c 1 9 # chown root:root /dev/random # cd # rpm -ivh scx-1.0.4-258.rhel.5.x64.rpm Preparing... ########################################### [100%] 1:scx ########################################### [100%] Generating certificate with hostname="host001", domainname="example.local" /var/tmp/rpm-tmp.10879: line 163: /usr/lib/lsb/install_initd: No such file or directory Starting Microsoft SCX CIM Server: [ OK ] # rm /dev/random # mknod -m 644 /dev/random c 1 8 # chown root:root /dev/random
Last week I setup a server in a cloud based on Xen virtualization technology. After some hours research I decided to go for the Rackspace cloud. I chose the minimal setup to start with, which is a 256MB memory configuration that comes with 10GB disk space. As stated in the specs, the 256MB plan will get you 1/64 of the CPU allocation. Which is fine to start with for a standard LAMP setup.
For now they only offer a large variety of Linux distributions. I chose Debian 5.0 Lenny, because it makes migration easier as the site is running on Debian 5.0 already. The registration process and setup of the minimal Debian install went very smoothly. In under two hours I had successfully migrated a website. So for the setup part I am totally satisfied, let’s see how the availability part will develop.
Recent Comments