Thursday, 4 August 2016

Move files within all subdirectories - Windows CMD

So you are in a directory which have subdirectories contain files you want to move into the parent. Problem with the CMD on Windows (DOS) is that it can not do * globs for directories. This command will do: 
F:\RICKRI~1>forfiles /s /m *.epub /c "cmd /c move @path %CD%"
Posted by at No comments:

Friday, 22 July 2016

Rsyslog and SELinux issue - CentOS 7

So you've configured rsyslog (server) to put logs in a certain directory but nothing is getting logged. Well looking at the logs there's permissions issues with error messages such as: 
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:56 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/stockwood.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:22:00 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/woodstock.pink.priv/common.log' [state -3000] - discarding message
And even with the SELinux commands, there are still errors: 
# semanage fcontext -a -t syslogd_var_lib_t "/var/log/remote(/.*)?"
# restorecon -R -v /var/log/remote

[root@pmoney remote]# tail /var/log/messages
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: avc:  received policyload notice (seqno=4)
Jul 18 14:21:31 pmoney dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:31 pmoney dbus-daemon: dbus[1149]: [system] Reloaded configuration
Jul 18 14:21:56 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/stockwood.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:22:00 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac155/woodstock.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:22:28 pmoney dbus-daemon: dbus[1149]: avc:  received policyload notice (seqno=5)
Jul 18 14:22:28 pmoney dbus[1149]: avc:  received policyload notice (seqno=5)

Jul 18 14:40:54 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac151/helo.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:41:07 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac151/helo.pink.priv/common.log' [state -3000] - discarding message
Jul 18 14:41:18 pmoney rsyslogd-3000: Could not open dynamic file '/var/log/remote/idrac151/helo.pink.priv/common.log' [state -3000] - discarding message
Then perform the following on the individual directories themselves: 
# restorecon -v /var/log/remote/idrac155
# semanage fcontext -a -t var_log_t "/var/log/remote/idrac155"
# restorecon -v /var/log/remote/idrac155
restorecon reset /var/log/remote/idrac155 context system_u:object_r:syslogd_var_lib_t:s0->system_u:object_r:var_log_t:s0

# semanage fcontext -a -t var_log_t "/var/log/remote/idrac151"
# restorecon -v /var/log/remote/idrac151
restorecon reset /var/log/remote/idrac151 context system_u:object_r:syslogd_var_lib_t:s0->system_u:object_r:var_log_t:s0
Posted by at 1 comment:

Wednesday, 13 July 2016

W: There is no public key available for the following key IDs error - Debian 7

When using apt-get update, you get this error: 
# apt-get update
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release.gpg
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib Translation-en_GB
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main Translation-en_GB
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://security.debian.org wheezy/updates/main Sources
Hit http://security.debian.org wheezy/updates/contrib Sources
Hit http://security.debian.org wheezy/updates/main i386 Packages
Hit http://security.debian.org wheezy/updates/contrib i386 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Reading package lists... Done 
W: There is no public key available for the following key IDs:
9D6D8F6BC857C906
Pull down the missing key, using: 
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9D6D8F6BC857C906
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.bzDMKZFH54 --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d//debian-archive-wheezy-stable.gpg --keyserver keyserver.ubuntu.com --recv-keys 9D6D8F6BC857C906
gpg: requesting key C857C906 from hkp server keyserver.ubuntu.com
gpg: key C857C906: public key "Debian Security Archive Automatic Signing Key (8/jessie) " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
root@sonts-Mac-mini:~# apt-get update
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release.gpg
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy Release
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main i386 Packages/DiffIndex
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/contrib Translation-en_GB
Ign cdrom://[Debian GNU/Linux 7.6.0 _Wheezy_ - Official i386 DVD Binary-1 20140712-13:02] wheezy/main Translation-en_GB
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://security.debian.org wheezy/updates Release   
Hit http://security.debian.org wheezy/updates/main Sources
Hit http://security.debian.org wheezy/updates/contrib Sources
Hit http://security.debian.org wheezy/updates/main i386 Packages
Hit http://security.debian.org wheezy/updates/contrib i386 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Reading package lists... Done
Posted by at No comments:

Wednesday, 29 June 2016

SELinux issue with Apache certificates

So you are setting up Apache SSL (mod_ssl) and installing the certificates in /etc/pki/tls/certs and have configured your ssl.conf file to point at them. Starting or restarting Apache then give you these errors: 
# tail /var/log/httpd/error_log
[Wed Jun 29 16:07:55.097464 2016] [auth_digest:notice] [pid 6159] AH01757: generating secret for digest authentication ...
[Wed Jun 29 16:07:55.098146 2016] [lbmethod_heartbeat:notice] [pid 6159] AH02282: No slotmem from mod_heartmonitor
[Wed Jun 29 16:07:55.098646 2016] [ssl:emerg] [pid 6159] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
[Wed Jun 29 16:08:26.608731 2016] [core:notice] [pid 16249] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Jun 29 16:08:26.609618 2016] [suexec:notice] [pid 16249] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jun 29 16:08:26.610045 2016] [ssl:emerg] [pid 16249] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information

# tail /var/log/httpd/ssl_error_log
[Wed Jun 29 16:07:55.098595 2016] [ssl:emerg] [pid 6159] AH01895: Unable to configure verify locations for client authentication
[Wed Jun 29 16:07:55.098617 2016] [ssl:emerg] [pid 6159] SSL Library Error: error:0200100D:system library:fopen:Permission denied (fopen('/etc/pki/tls/certs/QuoVadisEVRootCertificate.crt','r'))
[Wed Jun 29 16:07:55.098626 2016] [ssl:emerg] [pid 6159] SSL Library Error: error:2006D002:BIO routines:BIO_new_file:system lib
[Wed Jun 29 16:07:55.098634 2016] [ssl:emerg] [pid 6159] SSL Library Error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
[Wed Jun 29 16:08:26.610008 2016] [ssl:emerg] [pid 16249] AH01895: Unable to configure verify locations for client authentication
[Wed Jun 29 16:08:26.610024 2016] [ssl:emerg] [pid 16249] SSL Library Error: error:0200100D:system library:fopen:Permission denied (fopen('/etc/pki/tls/certs/QuoVadisEVRootCertificate.crt','r'))
[Wed Jun 29 16:08:26.610032 2016] [ssl:emerg] [pid 16249] SSL Library Error: error:2006D002:BIO routines:BIO_new_file:system lib
[Wed Jun 29 16:08:26.610041 2016] [ssl:emerg] [pid 16249] SSL Library Error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
Then running this command will fix the problem: 
# restorecon -RvF /etc/ssl/certs/
restorecon reset /etc/pki/tls/certs/QuoVadisEVIntermediateCertificate.crt context unconfined_u:object_r:user_home_t:s0->system_u:object_r:cert_t:s0
restorecon reset /etc/pki/tls/certs/localhost.crt context unconfined_u:object_r:cert_t:s0->system_u:object_r:cert_t:s0
restorecon reset /etc/pki/tls/certs/QuoVadisEVRootCertificate.crt context unconfined_u:object_r:user_home_t:s0->system_u:object_r:cert_t:s0
restorecon reset /etc/pki/tls/certs/redcapbrtc.crt context unconfined_u:object_r:cert_t:s0->system_u:object_r:cert_t:s0
Posted by at No comments:

Friday, 24 June 2016

GitLab CE update broke service!

A recent GitLab CE update left the service down. A restart of the service resulted in this error when trying to login: 
Could not authenticate you from Ldapmain because "Pg::undefinedtable: error: relation "u2f registrations" does not exist line 5: where a.attrelid = '"u2f registrations"'::reg... ^ : select a.attname, format type(a.atttypid, a.atttypmod), pg get expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod from pg attribute a left join pg attrdef d on a.attrelid = d.adrelid and a.attnum = d.adnum where a.attrelid = '"u2f registrations"'::regclass and a.attnum > 0 and not a.attisdropped order by a.attnum ".
A bit strange and worrying that maybe the database was corrupted and/or missing. But after an initial google for "gitlab u2f registrations" revealed that is was 2 factor authentication - which we are not using here. So first thing was to find out how to disable this system-wide - apparently this was the command: gitlab-rake gitlab:two_factor:disable_for_all_users, but running it resulted in the following: 
[root@gitlab gitlab]# gitlab-rake gitlab:two_factor:disable_for_all_users
rake aborted!
ActiveRecord::StatementInvalid: PG::UndefinedTable: ERROR:  relation "u2f_registrations" does not exist
LINE 1: ...STINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_regist...
                                                             ^
: SELECT DISTINCT COUNT(DISTINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_registrations AS u2f ON u2f.user_id = users.id WHERE (u2f.id IS NOT NULL OR otp_required_for_login = 't')
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `async_exec'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `block in exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:472:in `block in log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activesupport-4.2.6/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:466:in `log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:584:in `execute_and_clear'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql/database_statements.rb:160:in `exec_query'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:356:in `select'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:32:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/query_cache.rb:70:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:264:in `execute_simple_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:221:in `perform_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:127:in `calculate'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:42:in `count'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/two_factor.rake:6:in `block (3 levels) in '
PG::UndefinedTable: ERROR:  relation "u2f_registrations" does not exist
LINE 1: ...STINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_regist...
                                                             ^
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `async_exec'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `block in exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:472:in `block in log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activesupport-4.2.6/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:466:in `log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:584:in `execute_and_clear'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql/database_statements.rb:160:in `exec_query'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:356:in `select'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:32:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/query_cache.rb:70:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:264:in `execute_simple_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:221:in `perform_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:127:in `calculate'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:42:in `count'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/two_factor.rake:6:in `block (3 levels) in '
Tasks: TOP => gitlab:two_factor:disable_for_all_users
(See full trace by running task with --trace)
So obviously that was not the problem. So let's take a snapshot of this gitlab VM and run a reconfigure: 
[root@gitlab gitlab]# gitlab-ctl reconfigure
Starting Chef Client, version 12.6.0
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - package (0.0.0)
  - gitlab (0.0.1)
  - runit (0.14.2)
Compiling Cookbooks...
Recipe: gitlab::default
  * directory[/etc/gitlab] action create (up to date)
/sbin/init: unrecognized option '--version'
-.mount                                                                                                         loaded active mounted   /
  Converging 282 resources
  * directory[/etc/gitlab] action nothing (skipped due to action :nothing)
  * directory[/var/opt/gitlab] action create (up to date)
  * directory[/opt/gitlab/embedded/etc] action create (up to date)
  * template[/opt/gitlab/embedded/etc/gitconfig] action create (up to date)
Recipe: gitlab::web-server
  * group[gitlab-www] action create (up to date)
  * user[gitlab-www] action create (up to date)
Recipe: gitlab::users
  * directory[/var/opt/gitlab] action create (up to date)
  * group[git] action create (up to date)
  * user[git] action create (up to date)
  * template[/var/opt/gitlab/.gitconfig] action create (up to date)
Recipe: gitlab::gitlab-shell
  * directory[/var/opt/gitlab/git-data/repositories] action create (up to date)
  * directory[/var/opt/gitlab/git-data] action create (up to date)
  * directory[/var/opt/gitlab/.ssh] action create (up to date)
  * file[/var/opt/gitlab/.ssh/authorized_keys] action create (up to date)
  * directory[/opt/gitlab/embedded/service/gitlab-shell/hooks/] action create (up to date)
  * file[/opt/gitlab/embedded/service/gitlab-shell/authorized_keys.lock] action create (up to date)
  * execute[chcon --recursive --type ssh_home_t /var/opt/gitlab/.ssh] action runid: --context (-Z) works only on an SELinux-enabled kernel
 (skipped due to only_if)
  * directory[/var/log/gitlab/gitlab-shell/] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-shell] action create (up to date)
  * template[/var/opt/gitlab/gitlab-shell/config.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-shell/config.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-shell/gitlab_shell_secret] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret] action create (up to date)
Recipe: gitlab::gitlab-rails
  * directory[/var/log/gitlab] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/artifacts] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/lfs-objects] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/uploads] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-ci/builds] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/pages] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/etc] action create (up to date)
  * directory[/opt/gitlab/etc/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/working] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/tmp] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/upgrade-status] action create (up to date)
  * directory[/var/log/gitlab/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/backups] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-ci] action create (up to date)
  * template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/secret] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/.secret] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/database.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/database.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/resque.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/resque.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/aws.yml] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/aws.yml] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/relative_url.rb] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/relative_url.rb] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/gitlab.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/rack_attack.rb] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/rack_attack.rb] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret] action create (up to date)
  * directory[/opt/gitlab/etc/gitlab-rails/env] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/HOME] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/RAILS_ENV] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/SIDEKIQ_MEMORY_KILLER_MAX_RSS] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/BUNDLE_GEMFILE] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/PATH] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/tmp] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/public/uploads] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/log] action create (up to date)
  * link[/var/log/gitlab/gitlab-rails/sidekiq.log] action create (skipped due to not_if)
  * file[/opt/gitlab/embedded/service/gitlab-rails/db/schema.rb] action create (up to date)
  * remote_file[/var/opt/gitlab/gitlab-rails/VERSION] action create (up to date)
  * remote_file[/var/opt/gitlab/gitlab-rails/REVISION] action create (up to date)
  * file[/var/opt/gitlab/gitlab-rails/RUBY_VERSION] action create (up to date)
  * execute[chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public] action run
    - execute chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public
  * execute[clear the gitlab-rails cache] action nothing (skipped due to action :nothing)
  * bash[generate assets] action nothing (skipped due to action :nothing)
  * file[/var/opt/gitlab/gitlab-rails/config.ru] action delete (up to date)
Recipe: gitlab::gitlab-ci-proxying
  * template[/var/opt/gitlab/nginx/conf/gitlab-ci-http.conf] action delete (up to date)
Recipe: gitlab::selinux
  * execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] action runDisabled
 (skipped due to not_if)
Recipe: gitlab::add_trusted_certs
  * directory[/etc/gitlab/ssl/trusted-certs] action create (up to date)
  * directory[/opt/gitlab/embedded/ssl/certs] action create (up to date)
  * file[/opt/gitlab/embedded/ssl/certs/README] action create (up to date)
  * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run

  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs
ERROR: /opt/gitlab/embedded/ssl/certs/pecacert.pem: OpenSSL error: nested asn1 error!


    ================================================================================
    Error executing action `run` on resource 'ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs]'
    ================================================================================

    RuntimeError
    ------------
    ERROR: Not a certificate: /opt/gitlab/embedded/ssl/certs/pecacert.pem / /opt/gitlab/embedded/ssl/certs/pecacert.pem

    Cookbook Trace:
    ---------------
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:514:in `raise_msg'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:460:in `block in move_existing_certificates'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:453:in `glob'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:453:in `move_existing_certificates'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb:31:in `block (2 levels) in from_file'

    Resource Declaration:
    ---------------------
    # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb

     28: ruby_block "Move existing certs and link to #{ssl_certs_dir}" do
     29:   block do
     30:     puts "\n\n  * Moving existing certificates found in #{ssl_certs_dir}\n"
     31:     cert_helper.move_existing_certificates
     32:     puts "\n  * Symlinking existing certificates found in #{trusted_certs_dir}\n"
     33:     cert_helper.link_certificates
     34:   end
     35:   only_if { cert_helper.new_certificate_added? }
     36:   notifies :restart, "service[unicorn]"
     37: end

    Compiled Resource:
    ------------------
    # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb:28:in `from_file'

    ruby_block("Move existing certs and link to /opt/gitlab/embedded/ssl/certs") do
      action [:run]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      block_name "Move existing certs and link to /opt/gitlab/embedded/ssl/certs"
      declared_type :ruby_block
      cookbook_name "gitlab"
      recipe_name "add_trusted_certs"
      block #
      only_if { #code block }
    end


Running handlers:
Running handlers complete
Chef Client failed. 1 resources updated in 16 seconds
So the problem is that re-configure (an upgrade performs a reconfigure) failed leaving the gitlab service down... So the problem was moving the certificates. GitLab was now fixed by copying the certificates by hand into the required location and (re)moving the source directory: 
[root@gitlab ~]# cd /opt/gitlab/embedded/ssl/certs/
[root@gitlab certs]# ls -la
total 256
drwxr-xr-x. 2 root root     55 Jun 24 10:03 .
drwxr-xr-x. 5 root root     76 Jun 23 03:45 ..
-rw-r--r--  1 root root 252499 Jun 22 11:05 cacert.pem
-rw-r--r--  1 root root    800 Apr  4 19:47 pecacert.pem
-rw-r--r--  1 root root    151 Jun 23 03:46 README
[root@gitlab certs]# cat README
This directory is managed by omnibus-gitlab.
 Any file placed in this directory will be ignored
. Place certificates in /etc/gitlab/ssl/trusted-certs.

[root@gitlab certs]# cp /opt/gitlab/embedded/ssl/certs/* /etc/gitlab/ssl/trusted-certs

[root@gitlab ssl]# mv certs certs.son
[root@gitlab ssl]# gitlab-ctl reconfigure
Starting Chef Client, version 12.6.0
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - runit (0.14.2)
  - package (0.0.0)
  - gitlab (0.0.1)
Compiling Cookbooks...
Recipe: gitlab::default
  * directory[/etc/gitlab] action create (up to date)
/sbin/init: unrecognized option '--version'


[successful reconfigure detail snipped]


Recipe: gitlab::add_trusted_certs
  * directory[/etc/gitlab/ssl/trusted-certs] action create (up to date)
  * directory[/opt/gitlab/embedded/ssl/certs] action create
    - create new directory /opt/gitlab/embedded/ssl/certs
    - change mode from '' to '0755'
  * file[/opt/gitlab/embedded/ssl/certs/README] action create
    - create new file /opt/gitlab/embedded/ssl/certs/README
    - update content in file /opt/gitlab/embedded/ssl/certs/README from none to e09a2d
    --- /opt/gitlab/embedded/ssl/certs/README   2016-06-24 10:14:17.275761125 +0100
    +++ /opt/gitlab/embedded/ssl/certs/.README20160624-29376-1q3bw7j    2016-06-24 10:14:17.275761125 +0100
    @@ -1 +1,4 @@
    +This directory is managed by omnibus-gitlab.
    + Any file placed in this directory will be ignored
    +. Place certificates in /etc/gitlab/ssl/trusted-certs.
    - change mode from '' to '0644'
  * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run

  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs

  * Symlinking existing certificates found in /etc/gitlab/ssl/trusted-certs

 Skipping /etc/gitlab/ssl/trusted-certs/cacert.pem.

 Skipping /etc/gitlab/ssl/trusted-certs/pecacert.pem.

 Skipping /etc/gitlab/ssl/trusted-certs/README.


[successful reconfigure detail snipped]


    - execute "bash"  "/tmp/chef-script20160624-29376-v5yl6q"
Recipe: gitlab::gitlab-rails
  * execute[clear the gitlab-rails cache] action run
    - execute /opt/gitlab/bin/gitlab-rake cache:clear
Recipe: gitlab::unicorn
  * service[unicorn] action restart
    - restart service service[unicorn]
Recipe: gitlab::sidekiq
  * service[sidekiq] action restart
    - restart service service[sidekiq]
Recipe: gitlab::unicorn
  * service[unicorn] action restart
    - restart service service[unicorn]
Recipe: gitlab::gitlab-workhorse
  * service[gitlab-workhorse] action restart
    - restart service service[gitlab-workhorse]
Recipe: gitlab::nginx
  * service[nginx] action restart
    - restart service service[nginx]

Running handlers:
Running handlers complete
Chef Client finished, 22/294 resources updated in 43 seconds
gitlab Reconfigured!
Service is up and running and login is just fine!
Posted by at 1 comment:

Friday, 13 May 2016

Shrinking filesystems with LVM - CentOS

So you have run out of space on one of your LVM volumes, but there's another volume with too much space that's not being used. You need to shrink one and grow the other! First thing first! DO NOT SHRINK A (LVM) VOLUME WITHOUT resizing the FILESYSTEM first! Your data (filesystem) will be screwed! So let's have a go. Here will have a full volume /filetek/sth/sthdbs, and we have a volume being used as a mount point with too much space /filetek. We need to shrink /filetek and expand /filetek/sth/sthdbs. 
root@server /
$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root
                      969M  526M  394M  58% /
/dev/sda1             190M   85M   96M  47% /boot
/dev/mapper/volg0-home
                      4.7G  173M  4.3G   4% /home
/dev/mapper/volg0-usr
                      3.8G 1018M  2.6G  28% /usr
/dev/mapper/volg0-var
                      3.8G  470M  3.2G  13% /var
/dev/mapper/volg1-filetek
                      197G  9.4G  178G   6% /filetek
/dev/mapper/volg1-filetek--tmp
                       50G   52M   47G   1% /filetek/tmp
/dev/mapper/volg1-filetek--jrnl1
                       50G  885M   46G   2% /filetek/jrnl1
/dev/mapper/volg1-filetek--sthdbs
                      1.0T  970G  1.7G 100% /filetek/sth/sthdbs
/dev/mapper/volg1-filetek2
                      197G  1.6G  186G   1% /filetek2
/dev/mapper/volg1-filetek2--tmp2
                       50G   52M   47G   1% /filetek2/tmp2
/dev/mapper/volg1-filetek--jrnl2
                       50G  885M   46G   2% /filetek2/jrnl2
Let's umount all the volumes involved: 
root@server ~
$ umount /filetek/tmp /filetek/jrnl1 /filetek/sth/sthdbs
root@server ~
$ umount /filetek
Let's resize (shrink) /filetek to 32GB by fsck'ing it first: 
root@server ~
$ fsck -f /dev/mapper/volg1-filetek
fsck from util-linux-ng 2.17.2
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
filetek: 2119/13107200 files (2.1% non-contiguous), 3307507/52428800 blocks
Using resize2fs: 
root@server ~
$ resize2fs /dev/mapper/volg1-filetek 32G
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/mapper/volg1-filetek to 8388608 (4k) blocks.
The filesystem on /dev/mapper/volg1-filetek is now 8388608 blocks long.
Now we can safely reduce the LVM volume size with the lvreduce command: 
root@server ~
$ lvreduce -L 40G /dev/mapper/volg1-filetek
  WARNING: Reducing active logical volume to 40.00 GiB
  THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce filetek? [y/n]: y
  Size of logical volume volg1/filetek changed from 200.00 GiB (51200 extents) to 40.00 GiB (10240 extents).
  Logical volume filetek successfully resized
All, very good so let's expand our volume that has run out of space: 
root@server ~
$ lvextend --size +200G /dev/mapper/volg1-filetek--sthdbs
  Size of logical volume volg1/filetek-sthdbs changed from 1.02 TiB (266240 extents) to 1.21 TiB (317440 extents).
  Logical volume filetek-sthdbs successfully resized
Now we need to grow the filesystem, but first let's fsck (e2fsck) it: 
root@server ~
$ e2fsck -f /dev/mapper/volg1-filetek--sthdbs
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
filetek-sthdbs: 1170/68157440 files (21.9% non-contiguous), 258555686/272629760 blocks

root@server ~
$ resize2fs /dev/mapper/volg1-filetek--sthdbs
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/mapper/volg1-filetek--sthdbs to 325058560 (4k) blocks.
The filesystem on /dev/mapper/volg1-filetek--sthdbs is now 325058560 blocks long.
Let's re-mount both filesystems to file all is good! 
root@server ~
$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root
                      969M  526M  394M  58% /
/dev/sda1             190M   85M   96M  47% /boot
/dev/mapper/volg0-home
                      4.7G  173M  4.3G   4% /home
/dev/mapper/volg0-usr
                      3.8G 1018M  2.6G  28% /usr
/dev/mapper/volg0-var
                      3.8G  470M  3.2G  13% /var
/dev/mapper/volg1-filetek2
                       32G  1.6G   29G   6% /filetek2
/dev/mapper/volg1-filetek--tmp
                       50G   52M   47G   1% /filetek/tmp
/dev/mapper/volg1-filetek--jrnl1
                       50G  885M   46G   2% /filetek/jrnl1
/dev/mapper/volg1-filetek2--tmp2
                       50G   52M   47G   1% /filetek2/tmp2
/dev/mapper/volg1-filetek--jrnl2
                       50G  885M   46G   2% /filetek2/jrnl2
/dev/mapper/volg1-filetek
                       32G  9.4G   21G  32% /filetek
/dev/mapper/volg1-filetek--sthdbs
                      1.2T  970G  189G  84% /filetek/sth/sthdbs
Posted by at No comments:

Tuesday, 10 May 2016

Resizing Filesystems with LVM - CentOS 7

See how much space is available on physical disk: 
[root@centos ~]# pvs
  PV         VG    Fmt  Attr PSize   PFree
  /dev/sda2  volg0 lvm2 a--  199.00g 21.00g

See what sizes your logical volumes are:
[root@centos ~]# lvs
  LV   VG    Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home volg0 -wi-ao---- 16.00g
  opt  volg0 -wi-ao---- 32.00g
  root volg0 -wi-ao---- 32.00g
  swap volg0 -wi-ao---- 66.00g
  var  volg0 -wi-ao---- 32.00g
See what size your filesystems are: 
[root@centos ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root   32G  1.2G   29G   4% /
devtmpfs                 32G     0   32G   0% /dev
tmpfs                    32G     0   32G   0% /dev/shm
tmpfs                    32G  9.0M   32G   1% /run
tmpfs                    32G     0   32G   0% /sys/fs/cgroup
/dev/sda1               976M  129M  796M  14% /boot
/dev/mapper/volg0-home   16G   45M   15G   1% /home
/dev/mapper/volg0-var    32G  172M   30G   1% /var
/dev/mapper/volg0-opt    32G   49M   30G   1% /opt
tmpfs                   6.3G     0  6.3G   0% /run/user/0
Resize your logical volume - in this case /var adding 10G to current 32G = 42G: 
[root@centos ~]# lvresize -L 42G /dev/mapper/volg0-var
  Size of logical volume volg0/var changed from 32.00 GiB (8192 extents) to 42.00 GiB (10752 extents).
  Logical volume var successfully resized.
Underlining volume is expanded, but not filesystem on top: 
[root@centos ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root   32G  1.2G   29G   4% /
devtmpfs                 32G     0   32G   0% /dev
tmpfs                    32G     0   32G   0% /dev/shm
tmpfs                    32G  9.0M   32G   1% /run
tmpfs                    32G     0   32G   0% /sys/fs/cgroup
/dev/sda1               976M  129M  796M  14% /boot
/dev/mapper/volg0-home   16G   45M   15G   1% /home
/dev/mapper/volg0-var    32G  172M   30G   1% /var
/dev/mapper/volg0-opt    32G   49M   30G   1% /opt
tmpfs                   6.3G     0  6.3G   0% /run/user/0
So resize filesystem on top: 
[root@centos ~]# resize2fs /dev/mapper/volg0-var
resize2fs 1.42.9 (28-Dec-2013)
Filesystem at /dev/mapper/volg0-var is mounted on /var; on-line resizing required
old_desc_blocks = 4, new_desc_blocks = 6
The filesystem on /dev/mapper/volg0-var is now 11010048 blocks long.
See now filesystem is 42GB in size: 
[root@centos ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root   32G  1.2G   29G   4% /
devtmpfs                 32G     0   32G   0% /dev
tmpfs                    32G     0   32G   0% /dev/shm
tmpfs                    32G  9.0M   32G   1% /run
tmpfs                    32G     0   32G   0% /sys/fs/cgroup
/dev/sda1               976M  129M  796M  14% /boot
/dev/mapper/volg0-home   16G   45M   15G   1% /home
/dev/mapper/volg0-var    42G  172M   40G   1% /var
/dev/mapper/volg0-opt    32G   49M   30G   1% /opt
tmpfs                   6.3G     0  6.3G   0% /run/user/0
Job done: 
[root@centos ~]#
Posted by at No comments:
Subscribe to: Posts (Atom)