在Ubuntu下安装OpenIPMP服务器

1. 如果你用JDK 1.5以上的版本,编译osms过程中会出错,问题在${openipmp_server_src}/osms/src/com/mutable/io/OlLogger.java这个文件中,enum这个变量名跟关键字冲突了,改个名字就好了。
2. 修改${openipmp_server_src}/OMADRMWS/admin_OMADRM.sh,将里面所有的"$CURR_DIR/../../Demo/data/"改为 "/tmp/",然后把证书文件复制到/tmp目录下。

cp ${openipmp_server_src}/../Demo/data/* /tmp

这样可避免安装过程中证书无法存入数据库的问题。
3. 修改 ${openipmp_server_src}/ejbca/deployJBoss4x.sh的第16行,

if (( $1 == keystore ))

改为

if [ "$1" = "keystore" ]

不然这个脚本复制p12文件时会出错。
4. 运行install.sh脚本安装,如果之前运行过了,先运行uninstall.sh
5. 安装正常结束后,记得一定要在bin目录下执行run.sh来启动JBoss服务器,不然会报错 (“找不到 openIPMP 目录” 、“找不到../conf/server.p12”等等)

一个Python脚本,让OpenVPN使用postfix邮箱帐号进行身份认证

这几天配置OpenVPN,使用了用户名密码的身份认证方式,借助已有的postfix邮箱帐号,省去了再为每个人设置用户名密码的麻烦。

原理很简单,OpenVPN服务器配置里有这样一句:

auth-user-pass-verify /etc/openvpn/auth-postfix-mailbox.py via-env

就是说要用/etc/openvpn/auth-postfix-mailbox.py这个脚本来验证用户名和密码。用户名和密码如何传递给它呢?via-env,环境变量。

脚本如下:

#!/usr/bin/env python

import os
import sys
from MySQLdb import *
import md5crypt

def auth(username, password):
conn = connect (host = 'localhost',
user = 'dbuser',
passwd = 'dbpasswd',
db = 'postfix')
cursor = conn.cursor()
cursor.execute("""
select password from mailbox
where username=%s
and active=1
""", (username))
row = cursor.fetchone()
if row == None:
return 1
crypt = md5crypt.md5crypt(password, row[0])
cursor.execute("""
select * from mailbox
where username=%s
and password=%s
and active=1
""", (username,crypt))
row = cursor.fetchone()
cursor.close()
conn.close()
if row == None:
return 1
return 0

def main():
status = 0
try:
username = os.environ['username']
password = os.environ['password']
status = auth(username, password)
except:
sys.exit(1)

sys.exit(status)

if __name__ == "__main__":
main()

由于postfix使用md5认证,所以需要用md5crypt这个模块,从这里可以下载到。

postfix和postgrey问题

公司的邮件服务器收不到外来邮件了,日志里有这样的错误:

554 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using relays.ordb.org; ordb.org was shut down on December 18, 2006. Please remove from your mailserver.;

对应main.cf里的配置是这样的:

smtpd_client_restrictions = permit_mynetworks, warn_if_reject reject_rbl_client sbl.spamhaus.org, warn_if_reject reject_rbl_client relays.ordb.org, warn_if_reject reject_rbl_client blackholes.easynet.nl, warn_if_reject reject_rbl_client dnsbl.njabl.org

改成只保留smtpd_client_restrictions = permit_mynetworks, 又有新信息出现:

postfix/smtpd[16212]: warning: problem talking to server 127.0.0.1:60000: Connection timed out

127.0.0.1:60000是postgrey工作的端口,用ps和netstat 发现postgrey进程还在,但top命令发现它占用了99%的CPU,而且用/etc/init.d/postgrey stop停不掉,只好kill掉,并改postfix里相应的设置,去掉postgrey检查:

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,permit_sasl_authenticated, reject_non_fqdn_recipient,reject_unauth_destination, check_policy_service inet:127.0.0.1:60000,permit

重启postfix,邮件可以收到了。再恢复smtpd_client_restrictions的配置,去掉relays.ordb.org检查,邮件可以收到。顺便搞清楚了warn_if_reject的含义:有它在时并不真正的拒绝邮件。

postgrey的问题还没找到解决办法,不知道为什么会hang在那里,暂时不用它了。

==== 2008-05-14 ====
补充: 将Berkeley DB由原来的4.3升级到4.4以后,postgrey正常了。
搜索到的相关信息:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441069
https://bugs.edge.launchpad.net/ubuntu/gutsy/+source/db4.4/+bug/153996

同时运行两个mysql实例

运行环境: Ubuntu 6.06 server

1. 修改/etc/mysql/my.cnf

加入

[mysqld_multi]
mysqld = /usr/bin/mysqld_safe
mysqladmin = /usr/bin/mysqladmin
user = multi_admin
password = multipass

把原来的[mysqld]改成[mysqld001],并加入[mysqld002],分别配置两个实例,主要是下面这些设置要不同:

  • pid-file
  • socket
  • port
  • datadir

2. 设置用户

$ mysql -u root -S /var/run/mysqld/mysqld.sock -p
> GRANT SHUTDOWN ON *.* TO 'multi_admin'@'localhost' IDENTIFIED BY 'multipass';
$ mysql -u root -S /var/run/mysqld/mysqld2.sock -p
> GRANT SHUTDOWN ON *.* TO 'multi_admin'@'localhost' IDENTIFIED BY 'multipass';

3. 测试启动停止命令

$ mysqld_multi --no-log --config-file=/etc/mysql/my.cnf start 001,002
$ mysqld_multi --no-log --config-file=/etc/mysql/my.cnf stop 001,002
$ mysqld_multi --no-log --config-file=/etc/mysql/my.cnf report 001,002

4. 新建启动脚本 /etc/init.d/mysql-multi替换原来的启动脚本/etc/init.d/mysql

5. 修改/etc/phpmyadmin/config.inc.php,配置如何连接这两个服务器

$i = 0;
$i++;
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['socket'] = '/var/run/mysqld/mysqld.sock';
$cfg['Servers'][$i]['connect_type'] = 'socket';
$cfg['Servers'][$i]['verbose'] = 'localhost:3306';
$i++;
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['socket'] = '/var/run/mysqld/mysqld2.sock';
$cfg['Servers'][$i]['connect_type'] = 'socket';
$cfg['Servers'][$i]['verbose'] = 'localhost:3307';