Friday, 12 August 2016

Perl code for sending messages via Gmail - authentication error

Here's a comprehensive blog post to do this! http://robertmaldon.blogspot.co.uk/2006/10/sending-email-through-google-smtp-from.html Here's the chunk I used (after using CPAN to install Net::SMTP::SSL*) - gmail3.pl: 
#!/usr/bin/perl -w

use Net::SMTP::SSL;

sub send_mail {
my $to = $_[0];
my $subject = $_[1];
my $body = $_[2];

my $from = 'johnny@gmail.com';
my $password = 'MySecretGmailPassword';

my $smtp;

if (not $smtp = Net::SMTP::SSL->new('smtp.gmail.com',
                            Port => 465,
                            Debug => 1)) {
   die "Could not connect to server\n";
}

$smtp->auth($from, $password)
   || die "Authentication failed!\n";

$smtp->mail($from . "\n");
my @recepients = split(/,/, $to);
foreach my $recp (@recepients) {
    $smtp->to($recp . "\n");
}
$smtp->data();
$smtp->datasend("From: " . $from . "\n");
$smtp->datasend("To: " . $to . "\n");
$smtp->datasend("Subject: " . $subject . "\n");
$smtp->datasend("\n");
$smtp->datasend($body . "\n");
$smtp->dataend();
$smtp->quit;
}

# Send away!
&send_mail('johnny@mywork.com', 'Server just blew up', 'Some more detail');
On execution, you might get this authentication error: 
*******************************************************************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
  at ./gmail3.pl line 15.
Net::SMTP::SSL>>> Net::SMTP::SSL(1.03)
Net::SMTP::SSL>>>   IO::Socket::SSL(1.94)
Net::SMTP::SSL>>>     IO::Socket::IP(0.21)
Net::SMTP::SSL>>>       IO::Socket(1.34)
Net::SMTP::SSL>>>         IO::Handle(1.33)
Net::SMTP::SSL>>>           Exporter(5.68)
Net::SMTP::SSL>>>   Net::Cmd(3.10)
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 220 smtp.gmail.com ESMTP gg10sm6569316wjd.4 - gsmtp
Net::SMTP::SSL=GLOB(0x17f7a78)>>> EHLO localhost.localdomain
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250-smtp.gmail.com at your service, [2001:630:e4:8102:21d:d8ff:feb7:1dee]
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250-SIZE 35882577
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250-8BITMIME
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250-ENHANCEDSTATUSCODES
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250-PIPELINING
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250-CHUNKING
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 250 SMTPUTF8
Net::SMTP::SSL=GLOB(0x17f7a78)>>> AUTH LOGIN
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 334 VXNlcm5hbWU6
Net::SMTP::SSL=GLOB(0x17f7a78)<<< (decoded) Username:
Net::SMTP::SSL=GLOB(0x17f7a78)>>> (decoded) johnny@gmail.com
Net::SMTP::SSL=GLOB(0x17f7a78)>>> Y2xlYXJkZWZAZ21haWwuY29t
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 334 UGFzc3dvcmQ6
Net::SMTP::SSL=GLOB(0x17f7a78)<<< (decoded) Password:
Net::SMTP::SSL=GLOB(0x17f7a78)>>> (decoded) MySecretGmailPassword
Net::SMTP::SSL=GLOB(0x17f7a78)>>> YXBwbGVncmVlbg==
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 534-5.7.14  Please log in via your web browser and
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 534-5.7.14 then try again.
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 534-5.7.14  Learn more at
Net::SMTP::SSL=GLOB(0x17f7a78)<<< 534 5.7.14  https://support.google.com/mail/answer/78754 gg10sm6569316wjd.4 - gsmtp
Authentication failed!
This is simply solved by login on to the Gmail account (via a browser) and changing the password. Remember to insert the new password into the script and away we go: 
*******************************************************************
 Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
 is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
 together with SSL_ca_file|SSL_ca_path for verification.
 If you really don't want to verify the certificate and keep the
 connection open to Man-In-The-Middle attacks please set
 SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
*******************************************************************
  at ./gmail3.pl line 15.
Net::SMTP::SSL>>> Net::SMTP::SSL(1.03)
Net::SMTP::SSL>>>   IO::Socket::SSL(1.94)
Net::SMTP::SSL>>>     IO::Socket::IP(0.21)
Net::SMTP::SSL>>>       IO::Socket(1.34)
Net::SMTP::SSL>>>         IO::Handle(1.33)
Net::SMTP::SSL>>>           Exporter(5.68)
Net::SMTP::SSL>>>   Net::Cmd(3.10)
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 220 smtp.gmail.com ESMTP uo4sm6542414wjc.36 - gsmtp
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> EHLO localhost.localdomain
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250-smtp.gmail.com at your service, [2001:630:e4:8102:21d:d8ff:feb7:1dee]
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250-SIZE 35882577
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250-8BITMIME
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250-ENHANCEDSTATUSCODES
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250-PIPELINING
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250-CHUNKING
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250 SMTPUTF8
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> AUTH LOGIN
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 334 VXNlcm5hbWU6
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< (decoded) Username:
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> (decoded) johnny@gmail.com
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> Y2xlYXJkZWZAZ21haWwuY29t
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 334 UGFzc3dvcmQ6
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< (decoded) Password:
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> (decoded) myNewSecretPassword
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> QXBwbGVHcjMzbg==
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 235 2.7.0 Accepted
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> MAIL FROM:
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250 2.1.0 OK uo4sm6542414wjc.36 - gsmtp
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> RCPT TO:
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250 2.1.5 OK uo4sm6542414wjc.36 - gsmtp
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> DATA
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 354  Go ahead uo4sm6542414wjc.36 - gsmtp
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> From: johnny@gmail.com
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> To: johnny@mywork.com
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> Subject: Server just blew up
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> Some more detail
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> .
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 250 2.0.0 OK 1470992894 uo4sm6542414wjc.36 - gsmtp
Net::SMTP::SSL=GLOB(0x2ac9a78)>>> QUIT
Net::SMTP::SSL=GLOB(0x2ac9a78)<<< 221 2.0.0 closing connection uo4sm6542414wjc.36 - gsmtp
Installing Perl Modules with CPAN: 
# perl -MCPAN -e 'shell'
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]> install Net::SMTP::SSL
Reading '/root/.cpan/Metadata'
  Database was generated on Thu, 11 Aug 2016 00:53:43 GMT
Running install for module 'Net::SMTP::SSL'
Running make for R/RJ/RJBS/Net-SMTP-SSL-1.03.tar.gz
Fetching with HTTP::Tiny:
http://cpan.netbet.org/authors/id/R/RJ/RJBS/Net-SMTP-SSL-1.03.tar.gz
Checksum for /root/.cpan/sources/authors/id/R/RJ/RJBS/Net-SMTP-SSL-1.03.tar.gz ok
Scanning cache /root/.cpan/build for sizes
............................................................................DONE

  CPAN.pm: Building R/RJ/RJBS/Net-SMTP-SSL-1.03.tar.gz

Checking if your kit is complete...
Looks good
Writing Makefile for Net::SMTP::SSL
Writing MYMETA.yml and MYMETA.json
cp lib/Net/SMTP/SSL.pm blib/lib/Net/SMTP/SSL.pm
Manifying blib/man3/Net::SMTP::SSL.3pm
  RJBS/Net-SMTP-SSL-1.03.tar.gz
  /bin/make -- OK
'YAML' not installed, will not store persistent state
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/test.t .. ok
All tests successful.
Files=1, Tests=1,  0 wallclock secs ( 0.01 usr  0.00 sys +  0.07 cusr  0.00 csys =  0.08 CPU)
Result: PASS
  RJBS/Net-SMTP-SSL-1.03.tar.gz
  /bin/make test -- OK
Running make install
Manifying blib/man3/Net::SMTP::SSL.3pm
Installing /usr/local/share/perl5/Net/SMTP/SSL.pm
Installing /usr/local/share/man/man3/Net::SMTP::SSL.3pm
Appending installation info to /usr/lib64/perl5/perllocal.pod
  RJBS/Net-SMTP-SSL-1.03.tar.gz
  /bin/make install  -- OK

cpan[2]> Terminal does not support GetHistory.
Lockfile removed.
Posted by at No comments:

Thursday, 4 August 2016

Move files within all subdirectories - Windows CMD

So you are in a directory which have subdirectories contain files you want to move into the parent. Problem with the CMD on Windows (DOS) is that it can not do * globs for directories. This command will do: 
F:\RICKRI~1>forfiles /s /m *.epub /c "cmd /c move @path %CD%"
Posted by at No comments:

Friday, 22 July 2016

Rsyslog and SELinux issue - CentOS 7

So you've configured rsyslog (server) to put logs in a certain directory but nothing is getting logged. Well looking at the logs there's permissions issues with error messages such as: 
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:56 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/stockwood.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:22:00 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/woodstock.pink.priv/common.log' [state -3000] - discarding message
And even with the SELinux commands, there are still errors: 
# semanage fcontext -a -t syslogd_var_lib_t "/var/log/remote(/.*)?"
# restorecon -R -v /var/log/remote

[root@pmoney remote]# tail /var/log/messages
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:56 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/stockwood.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:22:00 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/woodstock.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:22:28 pmoney dbus-daemon: dbus[1149]: avc:  received policyload notice (seqno=5)
Jul 18 14:22:28 pmoney dbus[1149]: avc:  received policyload notice (seqno=5)

Jul 18 14:40:54 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac151/helo.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:41:07 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac151/helo.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:41:18 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac151/helo.pink.priv/common.log' [state -3000] - discarding message
Then perform the following on the individual directories themselves: 
# restorecon -v /var/log/remote/idrac155
# semanage fcontext -a -t var_log_t "/var/log/remote/idrac155"
# restorecon -v /var/log/remote/idrac155
restorecon reset /var/log/remote/idrac155 context system_u:object_r:syslogd_var_lib_t:s0->system_u:object_r:var_log_t:s0

# semanage fcontext -a -t var_log_t "/var/log/remote/idrac151"
# restorecon -v /var/log/remote/idrac151
restorecon reset /var/log/remote/idrac151 context system_u:object_r:syslogd_var_lib_t:s0->system_u:object_r:var_log_t:s0
Posted by at 1 comment:

Wednesday, 13 July 2016

W: There is no public key available for the following key IDs error - Debian 7

When using apt-get update, you get this error: 
# apt-get update
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release.gpg
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib Translation-en_GB
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main Translation-en_GB
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://security.debian.org wheezy/updates/main Sources
Hit http://security.debian.org wheezy/updates/contrib Sources
Hit http://security.debian.org wheezy/updates/main i386 Packages
Hit http://security.debian.org wheezy/updates/contrib i386 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Reading package lists... Done 
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
Pull down the missing key, using: 
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9D6D8F6BC857C906
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.bzDMKZFH54 --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-wheezy-stable.gpg --keyserver keyserver.ubuntu.com --recv-keys 9D6D8F6BC857C906
gpg: requesting key C857C906 from hkp server keyserver.ubuntu.com
gpg: key C857C906: public key "Debian Security Archive Automatic Signing Key (8/jessie) " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
root@sonts-Mac-mini:~# apt-get update
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release.gpg
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib Translation-en_GB
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main Translation-en_GB
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://security.debian.org wheezy/updates Release   
Hit http://security.debian.org wheezy/updates/main Sources
Hit http://security.debian.org wheezy/updates/contrib Sources
Hit http://security.debian.org wheezy/updates/main i386 Packages
Hit http://security.debian.org wheezy/updates/contrib i386 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Reading package lists... Done
Posted by at No comments:

Wednesday, 29 June 2016

SELinux issue with Apache certificates

So you are setting up Apache SSL (mod_ssl) and installing the certificates in /etc/pki/tls/certs and have configured your ssl.conf file to point at them. Starting or restarting Apache then give you these errors: 
# tail /var/log/httpd/error_log
[Wed Jun 29 16:07:55.097464 2016] [auth_digest:notice] [pid 6159] AH01757: generating secret for digest authentication ...
[Wed Jun 29 16:07:55.098146 2016] [lbmethod_heartbeat:notice] [pid 6159] AH02282: No slotmem from mod_heartmonitor
[Wed Jun 29 16:07:55.098646 2016] [ssl:emerg] [pid 6159] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
[Wed Jun 29 16:08:26.608731 2016] [core:notice] [pid 16249] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Jun 29 16:08:26.609618 2016] [suexec:notice] [pid 16249] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jun 29 16:08:26.610045 2016] [ssl:emerg] [pid 16249] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information

# tail /var/log/httpd/ssl_error_log
[Wed Jun 29 16:07:55.098595 2016] [ssl:emerg] [pid 6159] AH01895: Unable to configure verify locations for client authentication
[Wed Jun 29 16:07:55.098617 2016] [ssl:emerg] [pid 6159] SSL Library Error: error:0200100D:system library:fopen:Permission denied (fopen('/etc/pki/tls/certs/QuoVadisEVRootCertificate.crt','r'))
[Wed Jun 29 16:07:55.098626 2016] [ssl:emerg] [pid 6159] SSL Library Error: error:2006D002:BIO routines:BIO_new_file:system lib
[Wed Jun 29 16:07:55.098634 2016] [ssl:emerg] [pid 6159] SSL Library Error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
[Wed Jun 29 16:08:26.610008 2016] [ssl:emerg] [pid 16249] AH01895: Unable to configure verify locations for client authentication
[Wed Jun 29 16:08:26.610024 2016] [ssl:emerg] [pid 16249] SSL Library Error: error:0200100D:system library:fopen:Permission denied (fopen('/etc/pki/tls/certs/QuoVadisEVRootCertificate.crt','r'))
[Wed Jun 29 16:08:26.610032 2016] [ssl:emerg] [pid 16249] SSL Library Error: error:2006D002:BIO routines:BIO_new_file:system lib
[Wed Jun 29 16:08:26.610041 2016] [ssl:emerg] [pid 16249] SSL Library Error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
Then running this command will fix the problem: 
# restorecon -RvF /etc/ssl/certs/
restorecon reset /etc/pki/tls/certs/QuoVadisEVIntermediateCertificate.crt context unconfined_u:object_r:user_home_t:s0->system_u:object_r:cert_t:s0
restorecon reset /etc/pki/tls/certs/localhost.crt context unconfined_u:object_r:cert_t:s0->system_u:object_r:cert_t:s0
restorecon reset /etc/pki/tls/certs/QuoVadisEVRootCertificate.crt context unconfined_u:object_r:user_home_t:s0->system_u:object_r:cert_t:s0
restorecon reset /etc/pki/tls/certs/redcapbrtc.crt context unconfined_u:object_r:cert_t:s0->system_u:object_r:cert_t:s0
Posted by at No comments:

Friday, 24 June 2016

GitLab CE update broke service!

A recent GitLab CE update left the service down. A restart of the service resulted in this error when trying to login: 
Could not authenticate you from Ldapmain because "Pg::undefinedtable: error: relation "u2f registrations" does not exist line 5: where a.attrelid = '"u2f registrations"'::reg... ^ : select a.attname, format type(a.atttypid, a.atttypmod), pg get expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod from pg attribute a left join pg attrdef d on a.attrelid = d.adrelid and a.attnum = d.adnum where a.attrelid = '"u2f registrations"'::regclass and a.attnum > 0 and not a.attisdropped order by a.attnum ".
A bit strange and worrying that maybe the database was corrupted and/or missing. But after an initial google for "gitlab u2f registrations" revealed that is was 2 factor authentication - which we are not using here. So first thing was to find out how to disable this system-wide - apparently this was the command: gitlab-rake gitlab:two_factor:disable_for_all_users, but running it resulted in the following: 
[root@gitlab gitlab]# gitlab-rake gitlab:two_factor:disable_for_all_users
rake aborted!
ActiveRecord::StatementInvalid: PG::UndefinedTable: ERROR:  relation "u2f_registrations" does not exist
LINE 1: ...STINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_regist...
                                                             ^
: SELECT DISTINCT COUNT(DISTINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_registrations AS u2f ON u2f.user_id = users.id WHERE (u2f.id IS NOT NULL OR otp_required_for_login = 't')
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `async_exec'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `block in exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:472:in `block in log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activesupport-4.2.6/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:466:in `log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:584:in `execute_and_clear'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql/database_statements.rb:160:in `exec_query'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:356:in `select'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:32:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/query_cache.rb:70:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:264:in `execute_simple_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:221:in `perform_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:127:in `calculate'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:42:in `count'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/two_factor.rake:6:in `block (3 levels) in '
PG::UndefinedTable: ERROR:  relation "u2f_registrations" does not exist
LINE 1: ...STINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_regist...
                                                             ^
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `async_exec'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `block in exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:472:in `block in log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activesupport-4.2.6/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:466:in `log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:584:in `execute_and_clear'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql/database_statements.rb:160:in `exec_query'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:356:in `select'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:32:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/query_cache.rb:70:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:264:in `execute_simple_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:221:in `perform_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:127:in `calculate'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:42:in `count'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/two_factor.rake:6:in `block (3 levels) in '
Tasks: TOP => gitlab:two_factor:disable_for_all_users
(See full trace by running task with --trace)
So obviously that was not the problem. So let's take a snapshot of this gitlab VM and run a reconfigure: 
[root@gitlab gitlab]# gitlab-ctl reconfigure
Starting Chef Client, version 12.6.0
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - package (0.0.0)
  - gitlab (0.0.1)
  - runit (0.14.2)
Compiling Cookbooks...
Recipe: gitlab::default
  * directory[/etc/gitlab] action create (up to date)
/sbin/init: unrecognized option '--version'
-.mount                                                                                                         loaded active mounted   /
  Converging 282 resources
  * directory[/etc/gitlab] action nothing (skipped due to action :nothing)
  * directory[/var/opt/gitlab] action create (up to date)
  * directory[/opt/gitlab/embedded/etc] action create (up to date)
  * template[/opt/gitlab/embedded/etc/gitconfig] action create (up to date)
Recipe: gitlab::web-server
  * group[gitlab-www] action create (up to date)
  * user[gitlab-www] action create (up to date)
Recipe: gitlab::users
  * directory[/var/opt/gitlab] action create (up to date)
  * group[git] action create (up to date)
  * user[git] action create (up to date)
  * template[/var/opt/gitlab/.gitconfig] action create (up to date)
Recipe: gitlab::gitlab-shell
  * directory[/var/opt/gitlab/git-data/repositories] action create (up to date)
  * directory[/var/opt/gitlab/git-data] action create (up to date)
  * directory[/var/opt/gitlab/.ssh] action create (up to date)
  * file[/var/opt/gitlab/.ssh/authorized_keys] action create (up to date)
  * directory[/opt/gitlab/embedded/service/gitlab-shell/hooks/] action create (up to date)
  * file[/opt/gitlab/embedded/service/gitlab-shell/authorized_keys.lock] action create (up to date)
  * execute[chcon --recursive --type ssh_home_t /var/opt/gitlab/.ssh] action runid: --context (-Z) works only on an SELinux-enabled kernel
 (skipped due to only_if)
  * directory[/var/log/gitlab/gitlab-shell/] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-shell] action create (up to date)
  * template[/var/opt/gitlab/gitlab-shell/config.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-shell/config.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-shell/gitlab_shell_secret] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret] action create (up to date)
Recipe: gitlab::gitlab-rails
  * directory[/var/log/gitlab] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/artifacts] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/lfs-objects] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/uploads] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-ci/builds] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/pages] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/etc] action create (up to date)
  * directory[/opt/gitlab/etc/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/working] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/tmp] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/upgrade-status] action create (up to date)
  * directory[/var/log/gitlab/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/backups] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-ci] action create (up to date)
  * template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/secret] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/.secret] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/database.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/database.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/resque.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/resque.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/aws.yml] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/aws.yml] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/relative_url.rb] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/relative_url.rb] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/gitlab.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/rack_attack.rb] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/rack_attack.rb] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret] action create (up to date)
  * directory[/opt/gitlab/etc/gitlab-rails/env] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/HOME] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/RAILS_ENV] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/SIDEKIQ_MEMORY_KILLER_MAX_RSS] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/BUNDLE_GEMFILE] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/PATH] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/tmp] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/public/uploads] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/log] action create (up to date)
  * link[/var/log/gitlab/gitlab-rails/sidekiq.log] action create (skipped due to not_if)
  * file[/opt/gitlab/embedded/service/gitlab-rails/db/schema.rb] action create (up to date)
  * remote_file[/var/opt/gitlab/gitlab-rails/VERSION] action create (up to date)
  * remote_file[/var/opt/gitlab/gitlab-rails/REVISION] action create (up to date)
  * file[/var/opt/gitlab/gitlab-rails/RUBY_VERSION] action create (up to date)
  * execute[chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public] action run
    - execute chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public
  * execute[clear the gitlab-rails cache] action nothing (skipped due to action :nothing)
  * bash[generate assets] action nothing (skipped due to action :nothing)
  * file[/var/opt/gitlab/gitlab-rails/config.ru] action delete (up to date)
Recipe: gitlab::gitlab-ci-proxying
  * template[/var/opt/gitlab/nginx/conf/gitlab-ci-http.conf] action delete (up to date)
Recipe: gitlab::selinux
  * execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] action runDisabled
 (skipped due to not_if)
Recipe: gitlab::add_trusted_certs
  * directory[/etc/gitlab/ssl/trusted-certs] action create (up to date)
  * directory[/opt/gitlab/embedded/ssl/certs] action create (up to date)
  * file[/opt/gitlab/embedded/ssl/certs/README] action create (up to date)
  * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run

  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs
ERROR: /opt/gitlab/embedded/ssl/certs/pecacert.pem: OpenSSL error: nested asn1 error!


    ================================================================================
    Error executing action `run` on resource 'ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs]'
    ================================================================================

    RuntimeError
    ------------
    ERROR: Not a certificate: /opt/gitlab/embedded/ssl/certs/pecacert.pem / /opt/gitlab/embedded/ssl/certs/pecacert.pem

    Cookbook Trace:
    ---------------
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:514:in `raise_msg'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:460:in `block in move_existing_certificates'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:453:in `glob'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:453:in `move_existing_certificates'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb:31:in `block (2 levels) in from_file'

    Resource Declaration:
    ---------------------
    # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb

     28: ruby_block "Move existing certs and link to #{ssl_certs_dir}" do
     29:   block do
     30:     puts "\n\n  * Moving existing certificates found in #{ssl_certs_dir}\n"
     31:     cert_helper.move_existing_certificates
     32:     puts "\n  * Symlinking existing certificates found in #{trusted_certs_dir}\n"
     33:     cert_helper.link_certificates
     34:   end
     35:   only_if { cert_helper.new_certificate_added? }
     36:   notifies :restart, "service[unicorn]"
     37: end

    Compiled Resource:
    ------------------
    # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb:28:in `from_file'

    ruby_block("Move existing certs and link to /opt/gitlab/embedded/ssl/certs") do
      action [:run]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      block_name "Move existing certs and link to /opt/gitlab/embedded/ssl/certs"
      declared_type :ruby_block
      cookbook_name "gitlab"
      recipe_name "add_trusted_certs"
      block #
      only_if { #code block }
    end


Running handlers:
Running handlers complete
Chef Client failed. 1 resources updated in 16 seconds
So the problem is that re-configure (an upgrade performs a reconfigure) failed leaving the gitlab service down... So the problem was moving the certificates. GitLab was now fixed by copying the certificates by hand into the required location and (re)moving the source directory: 
[root@gitlab ~]# cd /opt/gitlab/embedded/ssl/certs/
[root@gitlab certs]# ls -la
total 256
drwxr-xr-x. 2 root root     55 Jun 24 10:03 .
drwxr-xr-x. 5 root root     76 Jun 23 03:45 ..
-rw-r--r--  1 root root 252499 Jun 22 11:05 cacert.pem
-rw-r--r--  1 root root    800 Apr  4 19:47 pecacert.pem
-rw-r--r--  1 root root    151 Jun 23 03:46 README
[root@gitlab certs]# cat README
This directory is managed by omnibus-gitlab.
 Any file placed in this directory will be ignored
. Place certificates in /etc/gitlab/ssl/trusted-certs.

[root@gitlab certs]# cp /opt/gitlab/embedded/ssl/certs/* /etc/gitlab/ssl/trusted-certs

[root@gitlab ssl]# mv certs certs.son
[root@gitlab ssl]# gitlab-ctl reconfigure
Starting Chef Client, version 12.6.0
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - runit (0.14.2)
  - package (0.0.0)
  - gitlab (0.0.1)
Compiling Cookbooks...
Recipe: gitlab::default
  * directory[/etc/gitlab] action create (up to date)
/sbin/init: unrecognized option '--version'


[successful reconfigure detail snipped]


Recipe: gitlab::add_trusted_certs
  * directory[/etc/gitlab/ssl/trusted-certs] action create (up to date)
  * directory[/opt/gitlab/embedded/ssl/certs] action create
    - create new directory /opt/gitlab/embedded/ssl/certs
    - change mode from '' to '0755'
  * file[/opt/gitlab/embedded/ssl/certs/README] action create
    - create new file /opt/gitlab/embedded/ssl/certs/README
    - update content in file /opt/gitlab/embedded/ssl/certs/README from none to e09a2d
    --- /opt/gitlab/embedded/ssl/certs/README   2016-06-24 10:14:17.275761125 +0100
    +++ /opt/gitlab/embedded/ssl/certs/.README20160624-29376-1q3bw7j    2016-06-24 10:14:17.275761125 +0100
    @@ -1 +1,4 @@
    +This directory is managed by omnibus-gitlab.
    + Any file placed in this directory will be ignored
    +. Place certificates in /etc/gitlab/ssl/trusted-certs.
    - change mode from '' to '0644'
  * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run

  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs

  * Symlinking existing certificates found in /etc/gitlab/ssl/trusted-certs

 Skipping /etc/gitlab/ssl/trusted-certs/cacert.pem.

 Skipping /etc/gitlab/ssl/trusted-certs/pecacert.pem.

 Skipping /etc/gitlab/ssl/trusted-certs/README.


[successful reconfigure detail snipped]


    - execute "bash"  "/tmp/chef-script20160624-29376-v5yl6q"
Recipe: gitlab::gitlab-rails
  * execute[clear the gitlab-rails cache] action run
    - execute /opt/gitlab/bin/gitlab-rake cache:clear
Recipe: gitlab::unicorn
  * service[unicorn] action restart
    - restart service service[unicorn]
Recipe: gitlab::sidekiq
  * service[sidekiq] action restart
    - restart service service[sidekiq]
Recipe: gitlab::unicorn
  * service[unicorn] action restart
    - restart service service[unicorn]
Recipe: gitlab::gitlab-workhorse
  * service[gitlab-workhorse] action restart
    - restart service service[gitlab-workhorse]
Recipe: gitlab::nginx
  * service[nginx] action restart
    - restart service service[nginx]

Running handlers:
Running handlers complete
Chef Client finished, 22/294 resources updated in 43 seconds
gitlab Reconfigured!
Service is up and running and login is just fine!
Posted by at 1 comment:

Friday, 13 May 2016

Shrinking filesystems with LVM - CentOS

So you have run out of space on one of your LVM volumes, but there's another volume with too much space that's not being used. You need to shrink one and grow the other! First thing first! DO NOT SHRINK A (LVM) VOLUME WITHOUT resizing the FILESYSTEM first! Your data (filesystem) will be screwed! So let's have a go. Here will have a full volume /filetek/sth/sthdbs, and we have a volume being used as a mount point with too much space /filetek. We need to shrink /filetek and expand /filetek/sth/sthdbs. 
root@server /
$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root
                      969M  526M  394M  58% /
/dev/sda1             190M   85M   96M  47% /boot
/dev/mapper/volg0-home
                      4.7G  173M  4.3G   4% /home
/dev/mapper/volg0-usr
                      3.8G 1018M  2.6G  28% /usr
/dev/mapper/volg0-var
                      3.8G  470M  3.2G  13% /var
/dev/mapper/volg1-filetek
                      197G  9.4G  178G   6% /filetek
/dev/mapper/volg1-filetek--tmp
                       50G   52M   47G   1% /filetek/tmp
/dev/mapper/volg1-filetek--jrnl1
                       50G  885M   46G   2% /filetek/jrnl1
/dev/mapper/volg1-filetek--sthdbs
                      1.0T  970G  1.7G 100% /filetek/sth/sthdbs
/dev/mapper/volg1-filetek2
                      197G  1.6G  186G   1% /filetek2
/dev/mapper/volg1-filetek2--tmp2
                       50G   52M   47G   1% /filetek2/tmp2
/dev/mapper/volg1-filetek--jrnl2
                       50G  885M   46G   2% /filetek2/jrnl2
Let's umount all the volumes involved: 
root@server ~
$ umount /filetek/tmp /filetek/jrnl1 /filetek/sth/sthdbs
root@server ~
$ umount /filetek
Let's resize (shrink) /filetek to 32GB by fsck'ing it first: 
root@server ~
$ fsck -f /dev/mapper/volg1-filetek
fsck from util-linux-ng 2.17.2
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
filetek: 2119/13107200 files (2.1% non-contiguous), 3307507/52428800 blocks
Using resize2fs: 
root@server ~
$ resize2fs /dev/mapper/volg1-filetek 32G
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/mapper/volg1-filetek to 8388608 (4k) blocks.
The filesystem on /dev/mapper/volg1-filetek is now 8388608 blocks long.
Now we can safely reduce the LVM volume size with the lvreduce command: 
root@server ~
$ lvreduce -L 40G /dev/mapper/volg1-filetek
  WARNING: Reducing active logical volume to 40.00 GiB
  THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce filetek? [y/n]: y
  Size of logical volume volg1/filetek changed from 200.00 GiB (51200 extents) to 40.00 GiB (10240 extents).
  Logical volume filetek successfully resized
All, very good so let's expand our volume that has run out of space: 
root@server ~
$ lvextend --size +200G /dev/mapper/volg1-filetek--sthdbs
  Size of logical volume volg1/filetek-sthdbs changed from 1.02 TiB (266240 extents) to 1.21 TiB (317440 extents).
  Logical volume filetek-sthdbs successfully resized
Now we need to grow the filesystem, but first let's fsck (e2fsck) it: 
root@server ~
$ e2fsck -f /dev/mapper/volg1-filetek--sthdbs
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
filetek-sthdbs: 1170/68157440 files (21.9% non-contiguous), 258555686/272629760 blocks

root@server ~
$ resize2fs /dev/mapper/volg1-filetek--sthdbs
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/mapper/volg1-filetek--sthdbs to 325058560 (4k) blocks.
The filesystem on /dev/mapper/volg1-filetek--sthdbs is now 325058560 blocks long.
Let's re-mount both filesystems to file all is good! 
root@server ~
$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root
                      969M  526M  394M  58% /
/dev/sda1             190M   85M   96M  47% /boot
/dev/mapper/volg0-home
                      4.7G  173M  4.3G   4% /home
/dev/mapper/volg0-usr
                      3.8G 1018M  2.6G  28% /usr
/dev/mapper/volg0-var
                      3.8G  470M  3.2G  13% /var
/dev/mapper/volg1-filetek2
                       32G  1.6G   29G   6% /filetek2
/dev/mapper/volg1-filetek--tmp
                       50G   52M   47G   1% /filetek/tmp
/dev/mapper/volg1-filetek--jrnl1
                       50G  885M   46G   2% /filetek/jrnl1
/dev/mapper/volg1-filetek2--tmp2
                       50G   52M   47G   1% /filetek2/tmp2
/dev/mapper/volg1-filetek--jrnl2
                       50G  885M   46G   2% /filetek2/jrnl2
/dev/mapper/volg1-filetek
                       32G  9.4G   21G  32% /filetek
/dev/mapper/volg1-filetek--sthdbs
                      1.2T  970G  189G  84% /filetek/sth/sthdbs
Posted by at No comments:
Subscribe to: Posts (Atom)