Notes of a Systems Administrator

Tuesday, 3 March 2015

Extract text string in brackets

grep -oP '\(\K[^\)]+' file

\K means that use look around regex advanced feature. More precisely, it's a positive look-behind assertion, you can do it like this too :

grep -oP '(?<=\()[^\)]+' file

if you lack the -P option, you can do this with perl :

perl -lne '/\(\K[^\)]+/ and print $&' file

Another simpler approach using awk

awk -F'[()]' '{print $2}' file

Monday, 23 February 2015

LVM Metadatasize too small

Too small:

# vgs --units k -o vg_mda_count,vg_mda_free,vg_mda_size,vg_name
  #VMda VMdaFree  VMdaSize  VG
      1    91.50k   188.00k volg0
      2    73.50k   188.00k volg1

OK:

#  vgs --units k -o vg_mda_count,vg_mda_free,vg_mda_size,vg_name
  #VMda VMdaFree  VMdaSize  VG
      1    91.50k   188.00k volg0
      4  8091.00k 16384.00k volg1

Friday, 20 February 2015

Starting a Ganeti VM to reset root password

# gnt-instance start -H kernel_args="rw init=/bin/sh" INSTANCE
Waiting for job 1333533 for INSTANCE ...
# gnt-instance console INSTANCE
Initializing cgroup subsys cpuset
Initializing cgroup subsys cpu
Linux version 2.6.32-358.23.2.el6.x86_64 (mockbuild@c6b9.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Wed Oct 16 18:37:12 UTC 2013
Command line: ro root=LABEL=root rhgb noquiet root=/dev/xvda rw init=/bin/sh

[cut]

sh: cannot set terminal process group (-1): Inappropriate ioctl for device
sh: no job control in this shell
sh-4.1# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.1# exit

# gnt-instance reboot INSTANCE

Tuesday, 17 February 2015

Oracle Apache PL/SQL Gateway Module - OWA - mod_owa

The mod_owa Apache module allows you to access an Oracle Database using a webfront end. Download and install Oracle Instant Client for your system from here: http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html On CentOS edit /etc/sysconfig/httpd, or /etc/apache2/envvars on Debian:

export TNS_ADMIN=/etc/oracle
export ORACLE_HOME=/usr/lib/oracle/11.2/client64
export PATH=$PATH:$ORACLE_HOME/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib

Create and put you tnsname.ora in the /etc/oracle directory. Download and install mod_owa from here: https://oss.oracle.com/projects/mod_owa/dist/documentation/modowa.htm Create an Apache configuration file as such:

LoadModule owa_module /etc/httpd/modules/mod_owa.so

    SetHandler     owa_handler
    OwaUserid      username/password@ORACLEDBNAME
    OwaDiag        COMMAND ARGS CGIENV POOL SQL MEMORY ERROR THREADS HEADER RESPONSE
    OwaLog         "/var/log/httpd/mod_owa.log"
    OwaAdmin       127.0.0.1 255.255.255.255
    OwaPool        10
    OwaStart       "login"
    OwaDocProc     "doc_pkg.readfile"
    OwaDocPath     docs
    OwaUploadMax   10M
    OwaCharsize    2
    OwaCharset     "utf-8"
    #OwaCharset     "UTF-8"
    #OwaBindset     "UTF-8"
    #OwaUnicode     "FULL"
    order          deny,allow
    allow          from all
    OwaDocTable    ndrd_file_objects BLOB_CONTENT

Monday, 16 February 2015

Create a self-signed Certificate (non-trusted) - enable https

Generate keys, CA, and signed certificate:

# openssl genrsa -out ca.key 2048
# openssl req -new -key ca.key -out ca.csr
# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# cp ca.crt /etc/pki/tls/certs
# cp ca.key /etc/pki/tls/private/ca.key
# cp ca.csr /etc/pki/tls/private/ca.csr

Install mod_ssl and create ssl.conf file:

# yum install mod_ssl
# cat /etc/httpd/conf.d/ssl

LoadModule ssl_module modules/mod_ssl.so

Listen 443

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLCryptoDevice builtin
#SSLCryptoDevice ubsec



DocumentRoot "/var/www/html"
ServerName webtest.isys.bris.ac.uk

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/pki/tls/certs/ca.crt

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

#SSLVerifyClient require
#SSLVerifyDepth  10

#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

    SSLOptions +StdEnvVars


    SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Tuesday, 10 February 2015

Basic mcollective commands

# mco ping
# mco find

Service

# mco rpc service status service=httpd
# mco rpc service stop service=httpd
# mco rpc service start service=httpd

Use the -I filter to target a specific machine, eg:

# mco rpc service status service=httpd -I node01.domain.net

RPC

# mco rpc rpcutil get_fact fact=operatingsystem

Monday, 9 February 2015

Basic Ganeti Commands

Show nodes and instances:

# gnt-node list
# gnt-instance list

List instances and there primary and secondary disks:

# gnt-instance list --no-headers -o name,pnode,snodes

Move secondary disks to another node:

# gnt-instance replace-disks -n

Migrate instance to secondary node:

# gnt-instance migrate

View storage & volumes

# gnt-node list-storage

# gnt-node volumes