Group Managed Service Accounts alias gMSA

This article will show the process I did to get my managed service account registered for using services like SQL and Task Scheduler.

Managed service accounts have been around for a while but was limited and only worked in the local security context of the windows server. Which meant that you couldn’t use the same account in a cluster of servers.

Usually only limited to Task Scheduler or simple applications.

Please read the following for a quick view on how the old technology worked for Managed service accounts:

http://technet.microsoft.com/en-us/library/dd560633(v=ws.10).aspx

Windows 2012 introduced Group Managed Service Accounts which meant, that it could be shared between servers this is great news and shows potential for other applications Like SQL 2012.

I used the following TechNet article to setup my first Group Managed Service Account which I’m going to use for SQL 2012: (Please look for my next blog post on how I installed SQL 2012 with my group managed service account.)

http://technet.microsoft.com/en-us/library/hh831782.aspx

http://technet.microsoft.com/en-us/library/jj128431.aspx

Ok let’s start

Requirements

Please read the requirements from the article above. I’m only going to highlight the high level requirements.

To enable Group Managed Service Accounts Windows PowerShell is used and it requires to be run from a 64bit instance. I had a Windows 2012 Domain controller in my test environment so using the PowerShell from that server was sufficient. You also require the powershell AD Tools to be installed on the machine you are using.

Before you start

Before you start creating the group managed service account you need to know if the following:

  • Does the application service support gMSAs
  • Does the service require inbound or outbound authentication
  • The computer account names for the member hosts for the service using the gMSA
  • The NetBIOS name for the service
  • The DNS host name for the service
  • The Service Principal Names (SPNs) for the service
  • The password change interval (default is 30 days).

Step 1: Provisioning of group Managed Service Accounts

You can create a gMSA only if the forest schema has been updated to Windows Server 2012, the master root key for Active Directory has been deployed, and there is at least one Windows Server 2012 DC in the domain in which the gMSA will be created.

Important: Master root key is the tricky part. You can force the creation but when the master root key is created you’ll need to wait for AD Replication to complete. Will take up to 10 hours to complete just enable it and leave it for the next day.

 
 

Steps:

  1. Check if a KDS root key exists “Get-kdsrootkey”
  2. If none exist create a new one “Add-KdsRootKey –EffectiveImmediately”
  3. Wait 10 hours or more (Enable it and leave it for a day)
  4. Test the KDS Root Key “Test-kdsrootkey –keyid <GUID from above>”
  5. Create a Security Group in AD which the computer accounts will be a member of to have access to retrieve the managed password. Important: Remember to reboot the computers once you have made them a member of a group.

  6. Add computer accounts as members to new group



    1. Reboot the server/s
  7. Create the gMSA “New-ADServiceAccount SQL2012Managed -DNSHostName SQL2012.company.co.za -PrincipalsAllowedToRetrieveManagedPassword Allowed-SQL2012ManagedServiceAccount-Access -ServicePrincipalNames MSSQLSvc/SQL2012:1433,MSSQLSvc/SQL2012.company.co.za:1433”

  8. Success now you can start using the Managed Service Account for other installations.
  9. Open “Active Directory Administrative Center” to confirm Managed Service account creation

 
 

Step 2: Add the new service account to the required machines

 
 

Once you have created the Managed Service Account you need to assign it to all the required machines.

  1. Open Windows Powershell on the Server in my exsample I’ll open it on the SQL2012 Server that I’m going to use.
  2. Run the following command “Install-ADServiceAccount SQL2012Managed”

  3. To Confirm the account try to change a service to run under the newly created account

  4. Please see my next blog post on how to install SQL 2012 using managed service Accounts.

How to join a Debian 6 to a Windows Active Directory Domain

Windows Active Directory, is one of the greatest products Microsoft has created so far in my opinion. You can join your Windows clients into a domain in 8 steps.

  1. Press Start
  2. Right mouse click on computer
  3. Choose properties
  4. Choose the tab Computer Name
  5. Choose Change
  6. Fill in the Domain
  7. Fill in the Domain Administrator user name and password, click OK
  8. Reboot

and done. Well, wouldn’t it be nice to integrate your Linux servers / desktops with this LDAP Directory? The biggest advantage is the central authentication and authorization, you can create users, lock users, change passwords, etc. in one place. At least for the Linux machines, for Windows computers you can do a lot more with a domain then this.

Without Active Directory all your users need to be created and maintained locally on the servers. When you have 10 servers this is perfectly doable. But what if you have 50 servers and 500 clients? Are you still willing to manage each server and desktop locally?

IT-er nightmare…. right? Yes… ! I thought so. So how to add your Debian server to the Windows Active Directory. I know there are other directories, like openLDAP etc. The reason that I choose for the Windows Active Directory solution is because of my Windows Clients. Getting a Windows Computer into an LDAP directory isn’t easy.

Perhaps I should say here that Linux currently has no stable alternative to the WindowsActive Directory, the other directories miss things like the group policy settings. However, since a couple of years people have been working on Samba4. This software is the upgraded version of the current stable Samba3. It will be possible to create a domain with Samba 4, your server can act as a Domain Controller, even in the RODC (Read Only Domain Controller) mode. As stated before, this solution is currently unstable and not supported in any way.

For this tutorial I’m using a

  • Debian 6.0.4
    root@server06-debian6:~# cat /etc/debian_version
    6.0.4
  • Latest updates
  • 256 MB Ram
  • 10 GB Disk space

My Domain:

  • Domain: EXAMPLE
  • Domain Controller:DomainController10.13.37.10
  • Server name:Debian: 10.13.37.115

Install the software that we require:

apt-get install libkrb5-3 krb5-config krb5-user samba winbind ntpdate ntp

I will explain to you why we need these packages throughout the tutorial. The packages will use about 66.4 MB  extra disk space. Just press enter at all the questions the krb5 packages may ask, we will configure these manually later.

Next, we are going to stop all the services we just installed and configure them

/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/ntp stop

Installing the NTP Service:

Windows Active Directory is very, I mean VERY sensitive to time. A time difference of 15 min may stop you from logging in. It will give you an error and you will be denied access to your server. (small hint, if you ever have this, disconnect your server / desktop from the LAN and try to logon again, your desktop / server will use the cached credentials to authenticate you) . Luckily there is a solution. This solution is called NTP (Network Time Protocol). Every Windows Domain Controller becomes an NTP server. We are going to synchronize the time from the Debian server with the Domain Controller.

 vim /etc/ntp.conf

Search for

server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst

Change it into the IP or DNS name of your domain controller

server 10.13.37.10
server 10.13.37.11

Next, start the service again.

 /etc/init.d/ntp start

Ensure that your DNS service is working and your domain controllers are resolvable.

nslookup domaincontroller.example.com

That command should return an IP address, if not configure your /etc/resolv.conf with the correct DNS servers. If you installed your domain the Microsoft way, your DNS (Domain Name System) servers will be AD integrated. So you might want to set your Domain Controllers as DNS server on the Debian server.

Configure the Kerberos

The Windows Active Directory uses the Kerberos protocol. This means we’ll have to configure the Kerberos at our server correct to interact with the Microsoft Server. We have to modify the  /etc/krb5.conf configuration file

[libdefaults]
    default_realm = EXAMPLE.COM

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
dns_lookup_realm = false
dns_lookup_kdc = false

[domain_realm]
    .example.com = EXAMPLE.COM
    example.com = EXAMPLE.COM
[login]
krb4_convert = true
krb4_get_tickets = false

That’s it for the Kerberos part. You can find more information on Kerberos here.

Step 4 Configure Winbind

Samba is the service that allows us to join a Windows Active Directory Domain. This is the reason that we need to configure the “/etc/samba/smb.conf” configuration file. This file includes all the settings that are required to join the domain and let users from the domain authenticate against our server. Remember, this is just the authentication. To actually login on the server we need to do a few more steps and configure the pam modules.

[global]
workgroup = EXAMPLE.COM #this is our domain, I noticed this is case sensitive
netbios name = DEBIAN #this is our server name, we will join the domain with this name
security = ADS
preferred master = no
# printcap name = cups
disable spoolss = Yes
show add printer wizard = No
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
winbind use default domain = Yes
template shell = /bin/bash
use sendfile = Yes
# printing = cups
realm = example.com
winbind offline logon = yes #VERY IMPORTANT, this setting lets you login, even if the domain controller is unavailable. (remember the hint with the time problems?)
winbind refresh tickets = yes

Save this file. Now we are almost ready to join the Windows Active Directory Domain.

Step 5 edit the /etc/nsswitch.conf file

Debian uses /etc/nsswitch.conf to determine where it should look to resolve various types of lookups. To resolve users and groups from Active Directory, add a reference to the Winbind name service module in the passwd and group lines.

passwd:         compat winbind
group:          compat winbind
shadow:         compat

Edit the file to look like this and run the ldconfig.

Step 6 joining the domain

net ads join -U Administrator

That’s it. Just enter this command, enter your Administrator password and you should join the domain. Normally you will get feedback. You might get the following output:

root@server06-debian6:~# net ads join -U Administrator
Enter Administrator’s password:
Using short domain name — EXAMPLE.COM
Joined ‘DEBIAN’ to realm ‘example.com’
No DNS domain configured for debian. Unable to perform DNS Update.
DNS update failed!

don’t worry about the error message, just create a DNS record for this machine and all will be fine.

Edit the PAM settings

To be able to logon onto the server with your Active Directory accounts, edit the following settings.

vim /etc/pam.d/common-account
# should contain the following lines:
account sufficient pam_winbind.so
account required pam_unix.so

vim /etc/pam.d/common-auth
# should contain the following lines:
auth    sufficient      pam_unix.so
auth    required        pam_winbind.so  use_first_pass

vim /etc/pam.d/common-password
# should be similar to the one shown below:
password   required   pam_unix.so nullok obscure min=4 max=50 md5

vim /etc/pam.d/common-session
# file contains the following line:
session     required    pam_mkhomedir.so umask=0022 skel=/etc/skel

Next, restart all the services.

/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start
/etc/init.d/ssh restart

Verify that you are into the domain

wbinfo -u and wbinfo -g

these commands should give you information about the users and groups that are currently configured.

Tips and tricks

Give your administrators sudo rights

apt-get install sudo
visudo

add the following:

# User privilege specification
root    ALL=(ALL) ALL
%(domain)\\(admin’s group)     ALL =(ALL)       ALL

All the users that logon to the server that are in the administrators group will have the sudo rights.

Leave the domain

net ads leave -U Administrator

I hope you enjoyed reading this tutorial and that it helped you, if you have any questions feel free to comment.

Testing Web Applications in Multiple Browsers

On my current project we are looking to test our enhancements to a web application on a variety of browsers, which is quite a common need. Normally, on a developer’s sandbox, it seems the solution is always to install the browsers we want to test on our physical (or virtual) machines, but of course some issues can arise if we want to test multiple versions of the same browser.

Talking with one of my coworkers (thanks Ben!) I was directed to a web site (http://spoon.net/browsers) that allows you to test multiple browsers without having to install the browsers themselves on your sandbox.


Spoon.net launches applications in an isolated virtual machine using a small browser plugin. Settings and state synchronize to your Spoon.net account. Thus, if you want to add say the Firebug Add-In and save some bookmarks in the Bookmark Toolbar of Firefox 7, then when you launch Spoon.net and run Firefox 7 from any another machine, you will see your saved settings and bookmarks re-appear. This also makes it very easy to loop in other team members (ex. – testers or business users) who also have a Spoon.net account so they can quickly test the web applications using the same browser versions as the developers are using. Very cool!

The only caveat I saw is that the free version of any Spoon.net account is sometimes limited to 5 minutes of browser use time. There are paid plans though that are relatively inexpensive, and depending on your needs, maybe like many other helpful development or testing tools out there, it may be worth it to you and your team.

Single Image Management for Virtual Desktop Collections in Windows Server 2012

Master (Gold) VM in Managed Virtual Desktop Collections

A Master or Gold VM is formally referred to as “virtual desktop template” in the WS2012 Server Manager UI console and the cmdlets in Remote Desktop Services module for Windows PowerShell. It is an input to the managed virtual desktop collection creation process that allows an admin to manage a virtual desktop collection. The Master VM is created and managed by the admin and it specifies the hardware properties and software contents of all the automatically created VMs in that managed virtual desktop collection. For example, if the master VM is assigned 2GB of RAM, then each of the automatically created VMs in the managed virtual desktop collection will be assigned 2GB RAM.

In this section, I will describe the various supported options and requirements for the Master VM.

  1. Virtual Hard Disk
    1. The Master VM can only have one virtual hard disk (VHD) attached to it; more than one VHD attached to the Master VM is not supported.
    2. The VHD attached to the Master VM must have either a Windows 7 SP1 or Windows 8 image in sysprep generalized state.
    3. A diff disk chain attached to the Master VM as its VHD is supported.
    4. Although the VHD can have more than one logical partition defined in it, it can have only one Windows OS image installed in it.
  2. Memory: If the Master VM is configured with static memory, it must have at least 1024 MB as startup RAM. If the Master VM is configured with dynamic memory, the maximum RAM must be at least 1024 MB.
  3. Network: The Master VM must have a network adapter connected to a virtual switch on the hyper-V server.
  4. Snapshots on Master VM: A Master VM can have one or more snapshots. If there are multiple snapshots created on the Master VM, the current (“Now”) state of the VM will be used to automatically create the VMs in a managed collection. This allows admins to manage the Master VM more efficiently. For example, an admin can take snapshot on the Master just before running sysprep generalize command and after the sysprep is complete, the Master VM can be used for creating a managed virtual desktop collection.
  5. Domain connectivity: Since the VMs in a managed collection are automatically joined to the specified domain, admins must ensure that the domain controller is reachable through the virtual switches on all the hyper-V servers.
  6. Export: During the managed virtual desktop collection creation process, the first step that Remote Desktop Services takes is to export the Master VM. This export process creates a copy of the Master VM’s current h/w settings and the VHD attached to the Master VM at the admin specified storage location. The automatically created VMs and the VHDs attached to these VMs are based upon this copy of the Master VM. The original Master VM is never modified by Remote Desktop Services. Once the export process is complete, admin can continue using it.
  7. Two or more collections can share a Master VM. Each time a new collection is created or updated, the Master VM is exported again. So each managed collection has its own copy of a Master VM.

Rolling Out Updates to a Pooled Virtual Desktop Collection

To automatically update all the VMs in a pooled virtual desktop collection, the admin has to first apply the desired changes to the Master VM manually (for example, increase RAM from 1GB to 2GB or apply a software patch). Once the Master VM has been updated the admin can use either WS2012 Server Manager console or Windows PowerShell to push the updates to all the VMs in a pooled managed collection.

To update the VMs in a pooled virtual desktop collection using the WS2012 Server Manager console please follow these steps:

  1. Log on to the connection broker server as a domain user account which is also an admin on the connection broker server. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.
  2. In the left pane, click Remote Desktop Services, and then click Collections.
  3. Select the collection node to which you wish to roll out the update
  4. Click Tasks on Virtual Desktops list view, and then click Recreate All Virtual Desktops. This will launch the Recreate All Virtual Desktops wizard.
  5. Select the updated Master VM that you want to use to roll out the updates and click Next.
  6. Specify the User Logoff Policy and click Next.
  7. On the Confirmation page, click Create.

Here is an example of the Update-RDVirtualDesktopCollection cmdlet which can also be used to push updates to the VMs in a managed pooled virtual desktop collection:

PS C:\> import-module RemoteDesktop 
PS C:\> $time = Get-Date  
PS C:\> Update-RDVirtualDesktopCollection -CollectionName MyPooledCollection -VirtualDesktopTemplateName masterVm -VirtualDesktopTemplateHostServer Host1.contoso.com -StartTime$time.AddDays(1-ForceLogoffTime $time.AddDays(2)

During the update process, The Master VM is exported again and a new Master VM copy is created on the collection storage. All the VMs in the managed pooled virtual desktop collection are recreated by the Remote Desktop Services using the newer copy of the Master VM. Once the update process is complete and all the VMs in the collections have been successfully recreated, the Remote Desktop Services delete the old copy of the Master VM from the storage.

I would like to clarify that although a Master VM can be used to automatically create VMs in both types of collections (pooled and personal virtual desktop collections) but it can be used to update only the pooled virtual desktop collection VMs. Master VM cannot be used to push updates to existing VMs in a personal virtual desktop collection.

User Session Aware Update

The update process for managed pooled virtual desktop collection provides three options to the admin to decide when\how the updates will be applied to a managed pooled virtual desktop collection:

  1. Apply update gracefully in a time period
  2. Apply update forcefully now
  3. Apply update forcefully at a schedule time

If an admin selects the option a) and provides a time period, the update process for pooled virtual desktop becomes aware of the active user sessions on the VMs in the pooled virtual desktop collection. Only the unused VMs are updated during this time period. If a user logs off on his own before the end of the admin specified time period, the VM will be automatically queued up for the update process. At the end of the time period the users, which are still active on non-updated VMs, are forcefully logged off from the non-updated VMs and the update process for these remaining VMs will start.

All the VMs (updated\non-updated) in the collection are available for the user connections during this time period, except for the VMs on which update is in-progress.

In the previous section I have already given a PowerShell example for the option a). Here is a PowerShell example for the option b), which starts updating the VMs in the collection forcefully as soon as the Update-RDVirtualDesktopCollection cmdlet is executed:

PS C:\> import-module RemoteDesktop  
PS C:\> Update-RDVirtualDesktopCollection -CollectionName MyPooledCollection -VirtualDesktopTemplateName masterVm -VirtualDesktopTemplateHostServer Host1.contoso.com

Here is a PowerShell example for the option c), which starts updating the VMs in the collection forcefully at the specified time:

PS C:\> import-module RemoteDesktop  
PS C:\> $time = Get-Date  
PS C:\> Update-RDVirtualDesktopCollection -CollectionName MyPooledCollection -VirtualDesktopTemplateName masterVm -VirtualDesktopTemplateHostServer Host1.contoso.com -ForceLogoffTime $time.AddDays(2)

In all of the three examples above, the input values of cmdlet parameters -CollectionName, -VirtualDesktopTemplateName and –VirtualDesktopTemplateHostServer represent the variables that are specific to a deployment.

  • “MyCollectionName” is the name of the virtual desktop collection to which updates will be applied.
  • “masterVm” is the name of the Master VM which contains the updates.
  • “Host1.contoso.com” is the name of the hyper-V server that is hosting the Master VM named “masterVm”.

While trying these example cmdlets, please replace these names with the appropriate values in your deployment.

Summary

To summarize, the managed virtual desktop collections in WS2012 make it really easy for the admin to create and manage hundreds of VMs using a single Master VM as the template. In this blog post I have tried to describe the role of a Master VM in a managed virtual desktop collection and the supported options for a Master VM. I have also described how an admin can use Master VM to roll out updates to managed pooled virtual desktop collections. I hope you will find it useful while creating and updating VMs in your managed virtual desktop collections.

Looking forward to your questions and feedback,

Windows Server 2012 – Configure RADIUS for Cisco ASA 5500 Authentication

Step 1 Configure the ASA for AAA RADIUS Authentication

1. Connect to your ASDM, > Configuration.


2. Remote Access VPN.


3. AAA Local Users > AAA Server Groups.


4. In the Server group section > Add.


5. Give the group a name and accept the defaults > OK.


6. Now (with the group selected) > In the bottom (Server) section > Add.


7. Specify the IP address, and a shared secret that the ASA will use with the 2012 Server performing RADIUS > OK.


8. Apply.


Configure AAA RADIUS from command line;

aaa-server PNL-RADIUS protocol radius

aaa-server PNL-RADIUS (inside) host 172.16.254.223

key 123456

radius-common-pw 123456

exit

Top of Form

Bottom of Form

 
 

Step 2 Configure Windows 2012 Server to allow RADIUS

9. On the Windows 2012 Server > Launch Server Manager > Local Server.


10. Manage > Add Roles and Features.


11. If you get an initial welcome page, tick the box to ‘skip’ > Next > Accept the ‘Role based or feature based installation’ > Next.


12. We are installing locally > Next.


13. Add ‘Network Policy and Access Server’ > Next.


14. Add Features.


15. Next.


16. Next.


17. Next.


18. Next.


19. When complete > Close.


20. Select NAP.


21. Right click the server > Network Policy Server.


22. Right click NPS > Register server in Active Directory.


23. Expand RADIUS > right click RADIUS clients > New.


24. Give the firewall a friendly name, (take note of what this is, you will need it again) > Specify its IP > Enter the shared secret you setup above (number 7) > OK.


25. Expand policies > right click ‘Connection Request Policies’ > New.


26. Give the policy a name > Next.


27. Add a condition > Set the condition to ‘Client Friendly Name’ > Add.


28. Specify the name you set up above (number 24) > OK > Next.


29. Next.


30. Next.


31. Change the attribute to ‘User-Name’ > Next.


32. Finish.


33. Now right click ‘Network Policies’ > New.


34. Give the policy a name> Next.


35. Add a condition > User Groups.


36. Add in the AD security group you want to allow access to > OK > Next.


37. Next.


38. Access Granted > Next.


39. Select ‘Unencrypted Authentication PAP SPAP” > Next.


40. Select No.


41. Next.


42. Next.


43. Finish.


Step 3 Test RADIUS Authentication

44. Back at the ASDM, in the same page you were in previously, select your server and then click ‘Test’.


45. Change the selection to Authentication > Enter your domain credentials > OK.


46. You are looking for a successful outcome.

Note: if it fails check there is physical connectivity between the two devices, the shared secrets match. Also ensure UDP ports 1645 and 1646 are not being blocked.


To Test AAA RADIUS Authentication from Command Line

test aaa-server authentication PNL-RADIUS host 172.16.254.223 username petelong password password123

Top of Form

Bottom of Form

 
 

47. Finally, save the firewall changes > File > Save running configuration to flash.

WordPress from MS Word to WordPress Automatically

Using MS Word (version 2010 on a Windows computer – I think Word 2007 also has this capability), you can now write a blog post and then automatically upload the final post directly to your blog!

The good news about this is that prior to learning about this, I had to write my posts like I always did. My preference was to fire-up my Dashboard and write it all online. This has the peril of losing all my work if I lost the connection, or, I simply would save early and often. The problem with frequent saving is that multiple revisions get saved, which in turn, takes up extra database storage (granted it is not much, but it is extra an unnecessary).

Well, I discovered that Word 2010 (again, the PC version, not on the Mac – boo!), you can link MS Word directly to your blog and create a new post!

Why would you want to write a blog post in MS Word?

I admit, I am not a HUGE MS fan, however, my word processor of choice is, MS Word. I am familiar with it, and I use it every day. I am ‘fluent’ in a lot of the capabilities it has and I can produce a document quickly.

Another nice benefit is that Word provides you with some nice Clip Art (and photos) that you can use royalty free! There is an entire library of images that you have at your disposal – something that bloggers are always looking to use!

Those 2 things are reason enough to start using MS Word as my editor for blogging!

Here is what you need to do (again, this is only available MS Word 2010 (maybe MS Word 2007), so make sure you are up to date with that version):

  1. The first step is to ensure that your blog is ready to accept a remote publish method. This is only needed to be done once. This is also (or was) required if you ever publish via your smartphone. To enable your blog for remote publishing, log into your Dashboard and navigate to Settings > Writing > Remote Publishing and check the XML-RPC and click “Save Changes.”

     
     


  1. Launch MS Word and go to File / New / Blog Post (have you noticed that this option was there before?) and then click on the Create Button.

     
     


     
     

  2. Each blog post needs to ultimately end up on a blog! So, one of the first things that Word asks for is a blog name and log in credentials. You will be presented with a pop-up window that looks like this:

    Click on the Register Now button.

  3. The next window that pops up will be the following:

    In the Blog dropdown, select the option WordPress and click on the Next button.
  4. Step 3 told MS Word what kind of blog it is, now you need to let MS Word know WHERE the blog is and how to log in.


    In the area for Blog Post URL, enter YOUR blog address and replace the text <Enter your blog URL here> with your blog address. For me, I had the full link say, http://site.WordPress.com/xmlrpc.php. If you have your blog in a subdirectory like, “/blog” make sure you include that in the URL (as if it was http://site.WordPress.com/blog/xmlrpc.php.

     
     

    Next, add your User Name and Password that are used to log into your blog and click the OK button. When you do that, you will see the warning:


     You can take this warning at face value. If you think someone may be tracking your internet connection, say, No, and stop this process now. You will not be able to use MS Word to write your post and immediately upload it directly. If you say, Yes, you can continue and you acknowledge the risk. If you are on a private network at home (as opposed to sitting in your favorite coffee shop with free WiFi), I feel safer doing this. You can decide your level of concern.

     
     

  5. Since you are still reading, I assume you clicked on Yes. The last message you will see is your confirmation message that reads:


     Click on the OK button. You are now all registered and ready to go!

  6. Now it is time to do what you do best… Write your post, insert your images, your clip art, your Charts, your screen shots, etc.

     
     

  7. When you are ready to publish to your blog, simply click on the Publish Toolbar:


  8. There you go! You are all done and your content has been published to your blog!

     
     

  9. Want to see the fruits of your labors? Click on the Home Page toolbar and you will have your home page of your site opened up for you!

     
     

  10. If you want to add an existing Category to your post? Click on the Insert Category icon and the categories on your blog will become available for selection!

     
     

With all of this cool publishing stuff, there are some disadvantages, but I feel the advantages outweigh the disadvantages. This is only my second post straight from MS Word – I will continue using it and getting more experience. Look for an upcoming post with my results and feelings!

In the meantime, leave a comment if you have ever used this, or will plan on using it! Thanks.

UDEV rules for device persistency and permissions/ownerships in OEL6/REDHAT 6 for ASM

ASMlib is used to ensure device persistency after a reboot and makes sure that devices retain their access permissions and ownership that are established during ASMib configuration. UDEV is another alternative to ASMlib to achieve device persistency and to set permissions/ownership (OS chown user:group / chmod ) on devices. The article outlines the steps that are required to establish device persistency and setup new device names with desired permissions and ownership in OEL6/REDHAT6 using udev.

  1. Add the following line to /etc/scsi_id.config file.

    [root@oel1 dev]# cat /etc/scsi_id.config

    options=–whitelisted –replace-whitespace

    [root@oel1 dev]#

    This sets the default options for scsi_id, making sure that returned UUIDs contains no spaces. The target otherwise returns spaces in UUIDs, which can cause problems.

  2. To display the UUID for a given device run the scsi_id –whitelisted –replace-whitespace –device=/dev/sd*command. For example:

    [root@oel1 dev]# scsi_id –whitelisted –replace-whitespace –device=/dev/sdb1

    1ATA_VBOX_HARDDISK_VB86a7d306-686f04a8

    [root@oel1 dev]# scsi_id –whitelisted –replace-whitespace –device=/dev/sdc1

    1ATA_VBOX_HARDDISK_VB021b64b5-d0167900

    [root@oel1 dev]# scsi_id –whitelisted –replace-whitespace –device=/dev/sdd1

    1ATA_VBOX_HARDDISK_VBfa5180c4-766a235a

    [root@oel1 dev]# scsi_id –whitelisted –replace-whitespace –device=/dev/sde1

    1ATA_VBOX_HARDDISK_VB57da3b54-56bfbb23

    [root@oel1 dev]# scsi_id –whitelisted –replace-whitespace –device=/dev/sdf1

    1ATA_VBOX_HARDDISK_VB006b6d5b-4cc25a0e

    [root@oel1 dev]#

    The output in these examples displays the UUID of the device /dev/sdb1. /dev/sdc1, /dev/sdd1, /dev/sde1 and /dev/sdf1.
    Check if the output is correct and as expected.

  3. Create a rule to set the permissions and ownership for the device. This rule will also set a name for the device. For each of the devices we will create one rule. For OEL6/REDHAT6 create a file /etc/udev/rules.d/99-oracle-asmdevices.rules containing the rules for each device. The rule will be as follows:

    KERNEL==”sd*1″ SUBSYSTEM==”block”, PROGRAM=”/sbin/scsi_id –whitelisted –replace-whitespace /dev/$name”, RESULT==””, NAME=””, OWNER=””, GROUP=”,OS group>”, MODE=”0660″

    1. Here I substitute the UUID with the value returned from step 1.
    2. NAME points to a new name that the device will be known. That is the. device will be accessed using the name specified with NAME parameter.
    3. OWNER is used to set the OS user.
    4. GROUP is used to set the OS group.
    5. MODE set the permissions.

    For /dev/sdb1 the rule will be as follows where NAME is asmsdb1, owner is OS grid user, group is OS asmadmin group and permission is 0660. UUID is ==”1ATA_VBOX_HARDDISK_VB86a7d306-686f04a8″ as extracted from step 1.

    KERNEL==”sd*1″ SUBSYSTEM==”block”, PROGRAM=”/sbin/scsi_id –whitelisted –replace-whitespace /dev/$name”, RESULT==”1ATA_VBOX_HARDDISK_VB86a7d306-686f04a8″, NAME=”asmsdb1″, OWNER=”grid”, GROUP=”asmadmin”, MODE=”0660″

    The content of/etc/udev/rules.d/99-oracle-asmdevices.rules file is as follows.

    [root@oel2 rules.d]# cat 99-oracle-asmdevices.rules

    KERNEL==”sd*1″ SUBSYSTEM==”block”, PROGRAM=”/sbin/scsi_id –whitelisted –replace-whitespace /dev/$name”, RESULT==”1ATA_VBOX_HARDDISK_VB86a7d306-686f04a8″, NAME=”asmsdb1″, OWNER=”grid”, GROUP=”asmadmin”, MODE=”0660″

    KERNEL==”sd*1″ SUBSYSTEM==”block”, PROGRAM=”/sbin/scsi_id –whitelisted –replace-whitespace /dev/$name”, RESULT==”1ATA_VBOX_HARDDISK_VB021b64b5-d0167900″, NAME=”asmsdc1″, OWNER=”grid”, GROUP=”asmadmin”, MODE=”0660″

    KERNEL==”sd*1″ SUBSYSTEM==”block”, PROGRAM=”/sbin/scsi_id –whitelisted –replace-whitespace /dev/$name”, RESULT==”1ATA_VBOX_HARDDISK_VBfa5180c4-766a235a”, NAME=”asmsdd1″, OWNER=”grid”, GROUP=”asmadmin”, MODE=”0660″

    KERNEL==”sd*1″ SUBSYSTEM==”block”, PROGRAM=”/sbin/scsi_id –whitelisted –replace-whitespace /dev/$name”, RESULT==”1ATA_VBOX_HARDDISK_VB57da3b54-56bfbb23″, NAME=”asmsde1″, OWNER=”grid”, GROUP=”asmadmin”, MODE=”0660″

    KERNEL==”sd*1″ SUBSYSTEM==”block”, PROGRAM=”/sbin/scsi_id –whitelisted –replace-whitespace /dev/$name”, RESULT==”1ATA_VBOX_HARDDISK_VB006b6d5b-4cc25a0e”, NAME=”asmsdf1″, OWNER=”grid”, GROUP=”asmadmin”, MODE=”0660″

    [root@oel2 rules.d]#

  4. Load the device partition tables

    /sbin/partprobe /dev/sdb1

    /sbin/partprobe /dev/sdc1

    /sbin/partprobe /dev/sdd1

    /sbin/partprobe /dev/sde1

    /sbin/partprobe /dev/sde1

  5. Test that the rules are correct

    udevadm test /dev/sdb1

    udevadm test /dev/sdc1

    udevadm test /dev/sdd1

    udevadm test /dev/sde1

    udevadm test /dev/sdf1

  6. The output will be similar the output I got

[root@oel1 dev]# udevadm test /block/sdc

run_command: calling: test

udevadm_test: version 147

This program is for debugging only, it does not run any program,

specified by a RUN key. It may show incorrect results, because

some values may be different, or not available at a simulation run.

parse_file: reading ‘/lib/udev/rules.d/10-console.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/10-dm.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/11-dm-lvm.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/13-dm-disk.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/20-names.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/40-hplip.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/40-isdn.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/40-libgphoto2.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/40-multipath.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/40-redhat.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/40-usb-media-players.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/50-firmware.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/50-udev-default.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/51-dlm.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/56-hpmud_support.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-cdrom_id.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/60-fprint-autosuspend.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-libmtp.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-net.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/60-pcmcia.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-persistent-alsa.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-persistent-input.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-persistent-serial.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-persistent-storage-tape.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-persistent-storage.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/60-persistent-v4l.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/60-raw.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/60-vboxadd.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/61-gnome-bluetooth-rfkill.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/61-mobile-action.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/61-option-modem-modeswitch.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/61-persistent-storage-edd.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/64-device-mapper.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/64-md-raid.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/65-libsane.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/65-md-incremental.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/69-pilot-link.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/70-acl.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/70-anaconda.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/70-cups-libusb.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/70-hid2hci.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/70-persistent-cd.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/70-persistent-net.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/70-printers.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/75-cd-aliases-generator.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/75-net-description.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/75-persistent-net-generator.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/75-tty-description.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-mm-ericsson-mbm.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-mm-longcheer-port-types.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-mm-pcmcia-device-blacklist.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-mm-platform-serial-whitelist.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-mm-simtech-port-types.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-mm-usb-device-blacklist.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-mm-zte-port-types.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/77-nm-olpc-mesh.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/78-sound-card.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/79-fstab_import.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/80-drivers.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/80-kvm.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/80-udisks.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/85-pcscd_ccid.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/85-regulatory.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/85-usbmuxd.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/88-clock.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/90-alsa.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/90-hal.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/90-pulseaudio.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/90-rdma.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/91-drm-modeset.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-battery-recall-dell.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-battery-recall-fujitsu.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-battery-recall-gateway.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-battery-recall-ibm.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-battery-recall-lenovo.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-battery-recall-toshiba.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-csr.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-hid.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-devkit-power-wup.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-dm-notify.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-keymap.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/95-udev-late.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/97-bluetooth-serial.rules’ as rules file

parse_file: reading ‘/lib/udev/rules.d/97-bluetooth.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/98-kexec.rules’ as rules file

parse_file: reading ‘/etc/udev/rules.d/99-fuse.rules’ as rules file

parse_file: reading ‘/dev/.udev/rules.d/99-root.rules’ as rules file

udev_rules_new: rules use 183972 bytes tokens (15331 * 12 bytes), 34902 bytes buffer

udev_rules_new: temporary index used 57900 bytes (2895 * 20 bytes)

udev_device_new_from_syspath: device 0x13c9140 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’

udev_device_new_from_syspath: device 0x13d8bd0 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’

udev_device_read_db: device 0x13d8bd0 filled with db file data

udev_rules_apply_to_event: PROGRAM ‘/sbin/scsi_id –whitelisted –replace-whitespace /dev/sdc’ /etc/udev/rules.d/20-names.rules:3

util_run_program: ‘/sbin/scsi_id –whitelisted –replace-whitespace /dev/sdc’ started

util_run_program: ‘/sbin/scsi_id’ (stdout) ‘1ATA_VBOX_HARDDISK_VB021b64b5-d0167900′

util_run_program: ‘/sbin/scsi_id –whitelisted –replace-whitespace /dev/sdc’ returned with exitcode 0

udev_rules_apply_to_event: OWNER 1100 /etc/udev/rules.d/20-names.rules:3

udev_rules_apply_to_event: GROUP 1020 /etc/udev/rules.d/20-names.rules:3

udev_rules_apply_to_event: MODE 0660 /etc/udev/rules.d/20-names.rules:3

udev_rules_apply_to_event: NAME ‘asmsdc1′ /etc/udev/rules.d/20-names.rules:3

udev_rules_apply_to_event: PROGRAM ‘/sbin/multipath -c /dev/sdc’ /lib/udev/rules.d/40-multipath.rules:11

util_run_program: ‘/sbin/multipath -c /dev/sdc’ started

util_run_program: ‘/sbin/multipath’ (stdout) ‘May 08 10:45:22 | /etc/multipath.conf does not exist, blacklisting all devices.’

util_run_program: ‘/sbin/multipath’ (stdout) ‘May 08 10:45:22 | A sample multipath.conf file is located at’

util_run_program: ‘/sbin/multipath’ (stdout) ‘May 08 10:45:22 | /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf’

util_run_program: ‘/sbin/multipath’ (stdout) ‘May 08 10:45:22 | You can run /sbin/mpathconf to create or modify /etc/multipath.conf’

util_run_program: ‘/sbin/multipath’ (stdout) ‘May 08 10:45:22 | DM multipath kernel driver not loaded’

util_run_program: ‘/sbin/multipath -c /dev/sdc’ returned with exitcode 1

udev_rules_apply_to_event: RUN ‘socket:/org/kernel/dm/multipath_event’ /lib/udev/rules.d/40-multipath.rules:16

udev_device_new_from_syspath: device 0x13db6d0 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0′

udev_device_new_from_syspath: device 0x13dba00 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0′

udev_device_new_from_syspath: device 0x13dbd10 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4′

udev_device_new_from_syspath: device 0x13dc010 has devpath ‘/devices/pci0000:00/0000:00:0d.0′

udev_device_new_from_syspath: device 0x13dc300 has devpath ‘/devices/pci0000:00′

udev_rules_apply_to_event: LINK ‘block/8:32′ /lib/udev/rules.d/50-udev-default.rules:3

udev_rules_apply_to_event: GROUP 6 /lib/udev/rules.d/50-udev-default.rules:76

udev_rules_apply_to_event: IMPORT ‘ata_id –export /dev/sdc’ /lib/udev/rules.d/60-persistent-storage.rules:39

util_run_program: ‘ata_id –export /dev/sdc’ started

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_ATA=1′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_TYPE=disk’

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_BUS=ata’

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_MODEL=VBOX_HARDDISK’

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_MODEL_ENC=VBOX\x20HARDDISK\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_REVISION=1.0′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_SERIAL=VBOX_HARDDISK_VB021b64b5-d0167900′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_SERIAL_SHORT=VB021b64b5-d0167900′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_ATA_WRITE_CACHE=1′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_ATA_WRITE_CACHE_ENABLED=1′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_ATA_FEATURE_SET_PM=1′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_ATA_FEATURE_SET_PM_ENABLED=1′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_ATA_SATA=1′

util_run_program: ‘/lib/udev/ata_id’ (stdout) ‘ID_ATA_SATA_SIGNAL_RATE_GEN2=1′

util_run_program: ‘ata_id –export /dev/sdc’ returned with exitcode 0

udev_rules_apply_to_event: LINK ‘disk/by-id/ata-VBOX_HARDDISK_VB021b64b5-d0167900′ /lib/udev/rules.d/60-persistent-storage.rules:43

udev_rules_apply_to_event: PROGRAM ‘scsi_id –whitelisted –replace-whitespace -p0x80 -d/dev/sdc’ /lib/udev/rules.d/60-persistent-storage.rules:51

util_run_program: ‘scsi_id –whitelisted –replace-whitespace -p0x80 -d/dev/sdc’ started

util_run_program: ‘/lib/udev/scsi_id’ (stdout) ‘SATA_VBOX_HARDDISK_VB021b64b5-d0167900′

util_run_program: ‘scsi_id –whitelisted –replace-whitespace -p0x80 -d/dev/sdc’ returned with exitcode 0

udev_rules_apply_to_event: LINK ‘disk/by-id/scsi-SATA_VBOX_HARDDISK_VB021b64b5-d0167900′ /lib/udev/rules.d/60-persistent-storage.rules:51

udev_rules_apply_to_event: IMPORT ‘path_id /devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’ /lib/udev/rules.d/60-persistent-storage.rules:60

util_run_program: ‘path_id /devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’ started

util_run_program: ‘/lib/udev/path_id’ (stdout) ‘ID_PATH=pci-0000:00:0d.0-scsi-2:0:0:0′

util_run_program: ‘path_id /devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’ returned with exitcode 0

udev_rules_apply_to_event: LINK ‘disk/by-path/pci-0000:00:0d.0-scsi-2:0:0:0′ /lib/udev/rules.d/60-persistent-storage.rules:61

udev_rules_apply_to_event: IMPORT ‘/sbin/blkid -o udev -p /dev/sdc’ /lib/udev/rules.d/60-persistent-storage.rules:73

util_run_program: ‘/sbin/blkid -o udev -p /dev/sdc’ started

util_run_program: ‘/sbin/blkid’ (stdout) ‘ID_PART_TABLE_TYPE=dos’

util_run_program: ‘/sbin/blkid -o udev -p /dev/sdc’ returned with exitcode 0

udev_rules_apply_to_event: IMPORT ‘edd_id –export /dev/sdc’ /lib/udev/rules.d/61-persistent-storage-edd.rules:8

util_run_program: ‘edd_id –export /dev/sdc’ started

util_run_program: ‘/lib/udev/edd_id’ (stderr) ‘no kernel EDD support’

util_run_program: ‘edd_id –export /dev/sdc’ returned with exitcode 2

udev_rules_apply_to_event: IMPORT ‘udisks-part-id /dev/sdc’ /lib/udev/rules.d/80-udisks.rules:85

util_run_program: ‘udisks-part-id /dev/sdc’ started

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘libudev: udev_device_new_from_syspath: ‘

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘device 0xec1270 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc”

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘libudev: udev_device_read_db: ‘

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘device 0xec1270 filled with db file data’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘using device_file=/dev/sdc syspath=/sys/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc, offset=0 ao=0 and number=0 for /dev/sdc’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘Entering MS-DOS parser (offset=0, size=10737418240)’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ”

util_run_program: ‘/lib/udev/udisks-part-id’ (stdout) ‘UDISKS_PARTITION_TABLE=1′

util_run_program: ‘/lib/udev/udisks-part-id’ (stdout) ‘UDISKS_PARTITION_TABLE_SCHEME=mbr’

util_run_program: ‘/lib/udev/udisks-part-id’ (stdout) ‘UDISKS_PARTITION_TABLE_COUNT=1′

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘MSDOS_MAGIC found’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘looking at part 0 (offset 32256, size 10733958144, type 0×83)’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘new part entry’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘looking at part 1 (offset 0, size 0, type 0×00)’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘new part entry’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘looking at part 2 (offset 0, size 0, type 0×00)’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘new part entry’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘looking at part 3 (offset 0, size 0, type 0×00)’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘new part entry’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘Exiting MS-DOS parser’

util_run_program: ‘/lib/udev/udisks-part-id’ (stderr) ‘MSDOS partition table detected’

util_run_program: ‘udisks-part-id /dev/sdc’ returned with exitcode 0

udev_rules_apply_to_event: IMPORT ‘udisks-probe-ata-smart /dev/sdc’ /lib/udev/rules.d/80-udisks.rules:129

util_run_program: ‘udisks-probe-ata-smart /dev/sdc’ started

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘libudev: udev_device_new_from_syspath: ‘

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘device 0x149a770 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc”

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘libudev: udev_device_read_db: ‘

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘device 0x149a770 filled with db file data’

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘libudev: udev_device_new_from_syspath: ‘

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘device 0x149b020 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0″

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘libudev: udev_device_new_from_syspath: ‘

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘device 0x149c070 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0″

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘libudev: udev_device_new_from_syspath: ‘

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘device 0x149c380 has devpath ‘/devices/pci0000:00/0000:00:0d.0/host4″

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘libudev: udev_device_new_from_syspath: ‘

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘device 0x149c680 has devpath ‘/devices/pci0000:00/0000:00:0d.0″

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘libudev: udev_device_new_from_syspath: ‘

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stderr) ‘device 0x149c970 has devpath ‘/devices/pci0000:00″

util_run_program: ‘/lib/udev/udisks-probe-ata-smart’ (stdout) ‘UDISKS_ATA_SMART_IS_AVAILABLE=0′

util_run_program: ‘udisks-probe-ata-smart /dev/sdc’ returned with exitcode 0

udev_rules_apply_to_event: RUN ‘socket:@/org/freedesktop/hal/udev_event’ /etc/udev/rules.d/90-hal.rules:2

udev_device_update_db: created db file for ‘/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’ in ‘/dev/.udev/db/block:sdc’

udev_node_add: creating device node ‘/dev/asmsdc1′, devnum=8:32, mode=0660, uid=1100, gid=6

udev_node_mknod: mknod(/dev/asmsdc1, 060660, (8,32))

udev_node_mknod: set permissions /dev/asmsdc1, 060660, uid=1100, gid=6

node_symlink: atomically replace ‘/dev/block/8:32′

link_find_prioritized: found ‘/sys/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’ claiming ‘/dev/.udev/links/disk\x2fby-id\x2fata-VBOX_HARDDISK_VB021b64b5-d0167900′

link_update: creating link ‘/dev/disk/by-id/ata-VBOX_HARDDISK_VB021b64b5-d0167900′ to ‘/dev/asmsdc1′

node_symlink: atomically replace ‘/dev/disk/by-id/ata-VBOX_HARDDISK_VB021b64b5-d0167900′

link_find_prioritized: found ‘/sys/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’ claiming ‘/dev/.udev/links/disk\x2fby-id\x2fscsi-SATA_VBOX_HARDDISK_VB021b64b5-d0167900′

link_update: creating link ‘/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VB021b64b5-d0167900′ to ‘/dev/asmsdc1′

node_symlink: atomically replace ‘/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VB021b64b5-d0167900′

link_find_prioritized: found ‘/sys/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc’ claiming ‘/dev/.udev/links/disk\x2fby-path\x2fpci-0000:00:0d.0-scsi-2:0:0:0′

link_update: creating link ‘/dev/disk/by-path/pci-0000:00:0d.0-scsi-2:0:0:0′ to ‘/dev/asmsdc1′

node_symlink: atomically replace ‘/dev/disk/by-path/pci-0000:00:0d.0-scsi-2:0:0:0′

udev_event_execute_rules: removed kernel created node ‘/dev/sdc’

udevadm_test: UDEV_LOG=6

udevadm_test: DEVPATH=/devices/pci0000:00/0000:00:0d.0/host4/target4:0:0/4:0:0:0/block/sdc

udevadm_test: MAJOR=8

udevadm_test: MINOR=32

udevadm_test: DEVNAME=/dev/asmsdc1

udevadm_test: DEVTYPE=disk

udevadm_test: ACTION=add

udevadm_test: SUBSYSTEM=block

udevadm_test: MPATH_SBIN_PATH=/sbin

udevadm_test: DEVLINKS=/dev/block/8:32 /dev/disk/by-id/ata-VBOX_HARDDISK_VB021b64b5-d0167900 /dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VB021b64b5-d0167900 /dev/disk/by-path/pci-0000:00:0d.0-scsi-2:0:0:0

udevadm_test: ID_ATA=1

udevadm_test: ID_TYPE=disk

udevadm_test: ID_BUS=ata

udevadm_test: ID_MODEL=VBOX_HARDDISK

udevadm_test: ID_MODEL_ENC=VBOX\x20HARDDISK\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20

udevadm_test: ID_REVISION=1.0

udevadm_test: ID_SERIAL=VBOX_HARDDISK_VB021b64b5-d0167900

udevadm_test: ID_SERIAL_SHORT=VB021b64b5-d0167900

udevadm_test: ID_ATA_WRITE_CACHE=1

udevadm_test: ID_ATA_WRITE_CACHE_ENABLED=1

udevadm_test: ID_ATA_FEATURE_SET_PM=1

udevadm_test: ID_ATA_FEATURE_SET_PM_ENABLED=1

udevadm_test: ID_ATA_SATA=1

udevadm_test: ID_ATA_SATA_SIGNAL_RATE_GEN2=1

udevadm_test: ID_SCSI_COMPAT=SATA_VBOX_HARDDISK_VB021b64b5-d0167900

udevadm_test: ID_PATH=pci-0000:00:0d.0-scsi-2:0:0:0

udevadm_test: ID_PART_TABLE_TYPE=dos

udevadm_test: UDISKS_PRESENTATION_NOPOLICY=0

udevadm_test: UDISKS_PARTITION_TABLE=1

udevadm_test: UDISKS_PARTITION_TABLE_SCHEME=mbr

udevadm_test: UDISKS_PARTITION_TABLE_COUNT=1

udevadm_test: UDISKS_ATA_SMART_IS_AVAILABLE=0

udevadm_test: run: ‘socket:/org/kernel/dm/multipath_event’

udevadm_test: run: ‘socket:@/org/freedesktop/hal/udev_event’

[root@oel1 dev]#

  1. Reload the rules and restart udev.

    [root@oel1 dev]# udevadm control –reload-rules

    [root@oel1 dev]# start_udev

    Starting udev: [ OK ]

    [root@oel1 dev]#

  2. Check the names, ownerships and permissions of the devices.

    [root@oel1 ~]# ls -la /dev/asm*

    brw-rw—- 1 grid asmadmin 8, 16 May 8 11:01 /dev/asmsdb1

    brw-rw—- 1 grid asmadmin 8, 32 May 8 11:01 /dev/asmsdc1

    brw-rw—- 1 grid asmadmin 8, 48 May 8 11:01 /dev/asmsdd1

    brw-rw—- 1 grid asmadmin 8, 64 May 8 11:01 /dev/asmsde1

    brw-rw—- 1 grid asmadmin 8, 80 May 8 11:01 /dev/asmsdf1

    [root@oel1 ~]#

  3. Thos new devices are referring to old /dev/sd* devices and have appropriate ownership and permissions and can be used for Oracle installations


Windows Server Backup Powershell Script

 

 

This is a small Powershell script that will use the command line version of Windows Server Backup (wbadmin). It has the ability to email you upon failure or success. It will also include the log as an attachment to the script.

The variables that needs to be edited should be obvious.

I’ve found parts of this script while googling, but I’ve added a small logic that will create the backup location if it does not exist already.

#—————————————–Start script—————————————————-

function SendEmail($To, $From, $Subject, $Body, $attachment, $smtpServer)
{
        Send-MailMessage -To $To -Subject $Subject -From $From -Body $Body -Attachment $attachment -SmtpServer $smtpServer
}
$emailto=”email@address.com”
$emailfrom=”email@address.com”
$day=(get-date -f dd-MM-yyyy)
$hname="HOSTNAME"
$backuplocation="\\BACKUP-SERVER\SHARE\$hname\$day\"
$backuplog="$backuplocation"+(get-date -f dd-MM-yyyy)+"-backup-$hname.log"
$emailserver="EMAIL-SERVER" 

function Out-FileForce {
PARAM($backuplocation)
PROCESS
{
    if(Test-Path $backuplocation)
    {
        Out-File -inputObject $_ -append -filepath $backuplocation
    }
    else
    {
        new-item -force -path $backuplocation -value $_ -type file
    }
}
}

Write-Output ("———————– Backup started on – $(Get-Date –f o) ————————-") | Out-FileForce "$backuplog"
$Error.Clear()
wbadmin start backup -backupTarget:$backuplocation -include:c: -systemstate -allcritical -vsscopy -quiet | Out-FileForce "$backuplog"
if(!$?)
    {
        Write-Output ("———————– An error has occurred! Check it please!. – $(Get-Date –f o) ————————-") | Out-File "$backuplog" -Append
        SendEmail -To "$emailto" -From "$emailfrom" -Subject "backup failed" -Body "The backup has failed! Please check attached log." -attachment "$backuplog" -smtpServer "$emailserver"
        break 

    }

Write-Output ("———————– Everything is OK! – $(Get-Date –f o) ————————-") | Out-File "$backuplog" -Append
SendEmail -To "$emailto" -From "$emailfrom" -Subject "backup $hname ok" -Body "The backup has succeeded!" -attachment "$backuplog" -smtpServer "$emailserver" .

#——————————————–End script——————————————————

PowerShell for Windows Server Backup

Windows Server Backup is the Windows 2008 replacement for NTBackup.  It enables the creation of backups of whole volumes only.  It is not intended as an Enterprise level backup system being targeted more at single server scenarios

It uses VSS and does backup system state.  It is an optional feature installed through Server Manager.  When installing there is an option to install the command line tools which includes a PowerShell snapin.  The command line tools install insists on the presence of PowerShell V1 installed through the Windows 2008 features.  It will not install if PowerShell V2 is installed.

The snapin has to be enabled by

Add-Pssnapin Windows.serverbackup

This adds a number of cmdlets

Name
—-
Add-WBBackupTarget
Add-WBVolume
Get-WBBackupTarget
Get-WBDisk
Get-WBPolicy
Get-WBSchedule
Get-WBSummary
Get-WBVolume
New-WBBackupTarget
New-WBPolicy
Remove-WBBackupTarget
Remove-WBPolicy
Remove-WBVolume
Set-WBPolicy
Set-WBSchedule

A backup schedule seems to be referred to as a policy.  Sadly apart from the cmdlet help files I couldn’t find any documentation so I created a policy using the GUI and then investigated what had been created.

PS C:Scripts> get-wbpolicy | fl

Schedule        : {11/01/2008 22:00:00}
BackupTargets   : {Microsoft.Windows.ServerBackup.Commands.WBBackupTarget}
VolumesToBackup : {Microsoft.Windows.ServerBackup.Commands.WBVolume}

PS C:Scripts> (get-wbpolicy).schedule

11 January 2008 22:00:00

 

PS C:Scripts> (get-wbpolicy).backuptargets | fl

Label      : SQLTest 2008_01_11 19:01 DISK_01
WBDisk     :
Path       : \?Volume{dae9090c-c06f-11dc-a79a-0003ff69ad11}
TargetType : Volume

 

PS C:Scripts> (get-wbpolicy).volumestobackup | fl

VolumeLabel :
MountPath   : C:
MountPoint  : \?Volume{cb6fae01-a330-11dc-8e93-806e6f6e6963}
FileSystem  : NTFS
Property    : Critical, ValidSource
FreeSpace   : 58093953024
TotalSpace  : 68716331008

So we need to start by creating a new backup policy

PS C:Scripts> $newpol = New-WBPolicy
New-WBPolicy : Can’t create a new policy before removing the old one
At line:1 char:22
+ $newpol = New-WBPolicy <<<<

OK so if we can only have one policy — there can only be one – where have we heard that before?

PS C:Scripts> Remove-WBPolicy -Policy ( Get-WBPolicy ) -WhatIf
What if: Performing operation “You are about to remove your scheduled backup.” on Target “Windows Server Backup”.

Try it without the -whatif  and we don’t seem to be able to remove the current policy so need to do that in the GUI

To create new policy

PS C:Scripts> $pol = New-WBPolicy
PS C:Scripts> $pol

Schedule                                BackupTargets                           VolumesToBackup
——–                                ————-                           —————

We need to populate the policy.  First we create a backup target which means telling it which disk – the backup system takes the whole disk.

PS C:Scripts> get-wbdisk

DiskName   : Virtual HD ATA Device
DiskNumber : 0
DiskId     : ad0076a7-0000-0000-0000-000000000000
TotalSpace : 68718428160
FreeSpace  : 58094235648
Volumes    : {Microsoft.Windows.ServerBackup.Commands.WBVolume}
Properties : None

DiskName   : Virtual HD ATA Device
DiskNumber : 1
DiskId     : d9983a3d-0000-0000-0000-000000000000
TotalSpace : 17179803648
FreeSpace  : 17084346368
Volumes    : {Microsoft.Windows.ServerBackup.Commands.WBVolume}
Properties : ValidTarget

Create a backup disk

PS C:Scripts> $disk = Get-WBDisk | Where{$_.DiskNumber -eq 1}
PS C:Scripts> $disk

DiskName   : Virtual HD ATA Device
DiskNumber : 1
DiskId     : d9983a3d-0000-0000-0000-000000000000
TotalSpace : 17179803648
FreeSpace  : 17084346368
Volumes    : {Microsoft.Windows.ServerBackup.Commands.WBVolume}
Properties : ValidTarget

create a backup target

PS C:Scripts> $tgt = New-WBBackupTarget -Disk $disk -Label “NewBackup”
PS C:Scripts> $tgt

Label                         WBDisk                        Path                                             TargetType
—–                         ——                        —-                                             ———-
NewBackup                     Microsoft.Windows.ServerBa…                                                      Volume

PS C:Scripts> $tgt | fl

Label      : NewBackup
WBDisk     : Microsoft.Windows.ServerBackup.Commands.WBDisk
Path       :
TargetType : Volume

Add it to the policy

PS C:Scripts> Add-WBBackupTarget -Policy $pol -Target $tgt

Label                         WBDisk                        Path                                             TargetType
—–                         ——                        —-                                             ———-
NewBackup                     Microsoft.Windows.ServerBa…                                                      Volume

get the volumes to backup

PS C:Scripts> Get-WBVolume -AllVolumes

VolumeLabel :
MountPath   : C:
MountPoint  : \?Volume{cb6fae01-a330-11dc-8e93-806e6f6e6963}
FileSystem  : NTFS
Property    : Critical, ValidSource
FreeSpace   : 58092306432
TotalSpace  : 68716331008

VolumeLabel : Backup
MountPath   : E:
MountPoint  : \?Volume{dae9090c-c06f-11dc-a79a-0003ff69ad11}
FileSystem  : NTFS
Property    : ValidSource
FreeSpace   : 17064423424
TotalSpace  : 17158832128

Add the source volume to the policy

PS C:Scripts> $vol = Get-WBVolume -AllVolumes | Where {$_.Mountpath -eq “C:”}
PS C:Scripts> Add-WBVolume -Policy $pol -Volume $vol

VolumeLabel :
MountPath   : C:
MountPoint  : \?Volume{cb6fae01-a330-11dc-8e93-806e6f6e6963}
FileSystem  : NTFS
Property    : Critical, ValidSource
FreeSpace   : 58092261376
TotalSpace  : 68716331008

set the backup schedule ie when it runs.  Remember that  PowerShell expects dates in US format

PS C:Scripts> $sched = [datetime]”01/11/2008 21:30:00″
PS C:Scripts> $sched

11 January 2008 21:30:00

PS C:Scripts> Set-WBSchedule -Policy $pol -Schedule $sched

11 January 2008 21:30:00

PS C:Scripts> $pol | fl

Schedule        : {11/01/2008 21:30:00}
BackupTargets   : {Microsoft.Windows.ServerBackup.Commands.WBBackupTarget}
VolumesToBackup : {Microsoft.Windows.ServerBackup.Commands.WBVolume}

make the policy active

PS C:Scripts> Set-WBPolicy -Policy $pol

Warning!
Do you want to format your target disk(s)?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is “Y”): y

Note that use of -Force will override the warning

The commands I have used here could be put into a script rather than being run as separate commands.

It works.  The backup starts as scheduled

PS C:Scripts> Get-WBSummary

NextBackupTime                  : 12/01/2008 21:30:00
NumberOfVersions                : 0
LastSuccessfulBackupTime        : 01/01/0001 00:00:00
LastSuccessfulBackupTargetPath  :
LastSuccessfulBackupTargetLabel :
LastBackupTime                  : 01/01/0001 00:00:00
LastBackupTarget                :
LastBackupResultHR              : 0
LastBackupResultDetailedHR      : 0
CurrentOperationStatus          : BackupInProgress

And when it is complete

PS C:Scripts> Get-WBSummary

NextBackupTime                  : 12/01/2008 21:30:00
NumberOfVersions                : 1
LastSuccessfulBackupTime        : 11/01/2008 21:30:04
LastSuccessfulBackupTargetPath  : \?Volume{dae90928-c06f-11dc-a79a-0003ff69ad11}
LastSuccessfulBackupTargetLabel : NewBackup
LastBackupTime                  : 11/01/2008 21:30:04
LastBackupTarget                : NewBackup
LastBackupResultHR              : 0
LastBackupResultDetailedHR      : 0
CurrentOperationStatus          : NoOperationInProgress

Sadly there doesn’t seem to be any way to start a backup from PowerShell.  It can be done from the GUI and wbadmin..  After the first backup only differentials are taken.  Backups are stored in vhd files.  It is not possible to use this to backup to tape.

Another possible use for this is to provide for a bare metal recovery system for servers using the Windows Recovery environment.

Good to see an additional piece of PowerShell functionality.  Pity it is so hidden and isn’t quite fully featured.

OpenVPN on a Jailbroken Iphone

OpenVPN support is one of the things sorely missing from the iphone.

And there is very little information about how one could go about getting OpenVPN working even on a jailbroken iphone.

This post is my attempt to fill this gap with step-by-step instructions on how to get openvpn working for free. Before we get started, here are some of the pre-requisites:

Step-by-Step instructions (Please run these as root by doing su root and entering your password)

  • In Cydia: Install Openvpn toggle for SBSettings
  • In your windows/mac assemble your certificate, .ovpn files etc into a local directory. You can see my guide to this address.
  • You can use your configuration filer adding the following two lines to the end of the file or you can use this sample ovpn file. You need to change the remote host, cert details to yours.

up /var/mobile/Library/OpenVPN/update-resolv-conf
down /var/mobile/Library/OpenVPN/update-resolv-conf

  • download the update-resolv-conf
  • Open a WinSCP session and copy all the files you assembled locally to /var/mobile/Library/OpenVPN
  • You can try if your VPN work /var/mobile/Library/SBSettings/Commands/net.openvpn.up and change as follows:

#!/bin/sh
cd /private/var/mobile/Library/OpenVPN
/usr/sbin/openvpn –config /private/var/mobile/Library/OpenVPN/client.ovpn –script-security 2 &

  • Open Putty and login to your iphone as root.

cd /var/mobile/Library
chown -R mobile.mobile OpenVPN
cd OpenVPN
chmod +x update-resolv-conf
#### If you have a key with password.
#### Remove the password with the command below.
#### You will be asked for the password one last time
#### Important: Leaving your certificate without a key is a security risk.
#### Please turn on passcode lock in your settings
#### This will ensure that if your phone does fall into
#### the wrong hands they cant get into your network.

cp my.key my.key.orig
openssl rsa -in my.key.orig -out my.key

#### Now test your vpn setup by doing the following:
openvpn-iphone –script-security 2 –config conf.ovpn

#### You should see it connecting to your vpn server and setting up routes.
#### Try to use Safari to look at something
#### behind the openvpn server.

  • Reboot your phone for the sbsettings toggle changes to take effect
  • After reboot, open SBSettings and turn on OpenVpn

Note: For trouble shooting install top from cydia and run top to see if the toggle spawns the openvpn-ip process.