Friday, December 13, 2013

CentOS CentALT repo

vim /etc/yum.repos.d/centalt.repo
[CentALT]
name=CentALT Packages for Enterprise Linux 6 - $basearch
baseurl=http://centos.alt.ru/repository/centos/6/$basearch/
enabled=0
gpgcheck=0

Posted by at No comments:

Wednesday, December 11, 2013

Format TCPdump file

tcpick -t -C -yP -r tcp.dump
Posted by at No comments:

Thursday, June 20, 2013

SSH Socks Proxy

On the remote side, edit sshd_config and allow:
AllowTcpForwarding yes
TCPKeepAlive yes

On client run:

ssh -D 12345 user@remote-server

Now you adjust browser to use localhost socks proxy on port 12345
Posted by at No comments:

Thursday, May 23, 2013

PostgreSQL 9.2 CentOS 6 Repository

rpm -Uvh http://yum.pgrpms.org/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-6.noarch.rpm

 yum search postgres
After installation, include the postgres bin directory in your PATH

 vim ~/.bash_profile

 (append this do PATH)

 :/usr/pgsql-9.2/bin

 and source it
Posted by at No comments:

Monday, March 25, 2013

SSL strong ciphers

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

List strong ssl ciphers
#openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT'

specific strong cipher
#openssl ciphers -v 'RC4-SHA:AES256-SHA:AES128-SHA'

test
# openssl s_client -connect SERVERNAME:443 -cipher LOW:EXP


Apache sample
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

Posted by at No comments:
Labels: ,

Wednesday, March 20, 2013

DRBD | MySQL optimization

/etc/drbd.d/global.conf
global {
usage-count yes;
# minor-count dialog-refresh disable-ip-verification
}

 common {
protocol               C;
syncer {
rate 50m;
al-extents 3389;
verify-alg sha1;
}
handlers {
pri-on-incon-degr "/usr/lib/drbd/notify-pri-on-incon-degr.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
pri-lost-after-sb "/usr/lib/drbd/notify-pri-lost-after-sb.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
local-io-error "/usr/lib/drbd/notify-io-error.sh; /usr/lib/drbd/notify-emergency-shutdown.sh; echo o > /proc/sysrq-trigger ; halt -f";
# fence-peer "/usr/lib/drbd/crm-fence-peer.sh";
# split-brain "/usr/lib/drbd/notify-split-brain.sh root";
# out-of-sync "/usr/lib/drbd/notify-out-of-sync.sh root";
# before-resync-target "/usr/lib/drbd/snapshot-resync-target-lvm.sh -p 15 -- -c 16k";
# after-resync-target /usr/lib/drbd/unsnapshot-resync-target-lvm.sh;
}

 startup {
# wfc-timeout degr-wfc-timeout outdated-wfc-timeout wait-after-sb
become-primary-on both;
wfc-timeout 300;
degr-wfc-timeout 120;
}

 options {
# cpu-mask on-no-data-accessible
}

 disk {
# size max-bio-bvecs on-io-error fencing disk-barrier disk-flushes
# disk-drain md-flushes resync-rate resync-after al-extents
                # c-plan-ahead c-delay-target c-fill-target c-max-rate
                # c-min-rate disk-timeout
on-io-error detach;
fencing resource-only;
no-disk-barrier;
no-disk-flushes;
}

 net {
# protocol timeout max-epoch-size max-buffers unplug-watermark
# connect-int ping-int sndbuf-size rcvbuf-size ko-count
# allow-two-primaries cram-hmac-alg shared-secret after-sb-0pri
# after-sb-1pri after-sb-2pri always-asbp rr-conflict
# ping-timeout data-integrity-alg tcp-cork on-congestion
# congestion-fill congestion-extents csums-alg verify-alg
# use-rle
allow-two-primaries;
after-sb-0pri discard-zero-changes;
after-sb-1pri discard-secondary;
after-sb-2pri disconnect;
max-buffers 8000;
max-epoch-size 8000;
sndbuf-size 512k;

 }
}
mysql.res
resource mysql {
# This is the block device path.
device /dev/drbd0;

 # We'll use the normal internal metadisk (takes about 32MB/TB)
meta-disk internal;

 # This is the `uname -n` of the first node
on db01 {
# The 'address' has to be the IP, not a hostname. This is the
# node's SN (bond1) IP. The port number must be unique amoung
# resources.
address 10.1.2.23:7788;

 # This is the block device backing this resource on this node.
disk /dev/vda3;
}
# Now the same information again for the second node.
on db02 {
address 10.1.2.33:7788;
disk /dev/vda3;
}
}

Posted by at No comments:

Monday, March 11, 2013

Apache | http authentication

//create passwd file with users
# htpasswd -c /usr/local/etc/users someuser

//to update user
#htpasswd /usr/loca/etc/users someuser

//add this in vhost


                Order deny,allow
                Deny from all
                AuthType Basic
                AuthUserFile /usr/local/etc/users
                AuthName "Login to test environment"
                require valid-user
                Allow from 10.1.1.1
                Satisfy Any

Posted by at No comments:

Monday, January 28, 2013

Search and replace Sed, Vim

Sed

sed -i 's/foo/bar/g' filename

Vim

:%s/foo/bar/g
Posted by at No comments:

Friday, January 25, 2013

Xen - Moving Virtual Disk Images (VDIs) between SRs

Copying all of a VM's VDIs to a different SR

The XenCenter Copy VM function will create copies of all VDIs for a selected VM on the same or a different SR. The source VM and VDIs are not affected by default. To move the VM to the selected SR rather than creating a copy, select the "Remove original VM" option in the Copy Virtual Machine dialog box.
  1. Shutdown the VM.
  2. Within XenCenter select the VM and then select the VM ... Copy VM menu option.
  3. Select the desired target SR.

Copying individual VDIs to a different SR

A combination of the xe CLI and XenCenter can be used to copy individual VDIs between SRs.
  1. Shutdown the VM.
  2. Use the xe CLI to identify the VDI UUIDs for the VDIs to be moved. If the VM has a DVD drive it's vdi-uuid will be listed as <not in database> and can be ignored.
    xe vbd-list vm-uuid=<VALID_VM_UUID>

    Note

    The vbd-list command will display both the VBD and VDI UUIDs. Be sure to record the VDI UUIDs rather than the VBD UUIDs.
  3. Within XenCenter select the VM's storage tab. For each VDI to be moved, select the VDI and click on the Detach button. This step can also be done using the vbd-destroy CLI command.
  4. Use the vdi-copy command to copy each of the VM's VDIs to be moved to the desired SR.
    xe vdi-copy uuid=<VALID_VDI_UUID> sr-uuid=<VALID_SR_UUID>
  5. Within XenCenter select the VM's storage tab. Use the Attach button and select the VDIs from the new SR. This step can also be done use the vbd-create CLI command.
  6. To delete the original VDIs, within XenCenter select the storage tab of the original SR. The original VDIs will be listed with an empty value for the VM field and can be deleted with the Delete button.
Example:

# xe sr-create host-uuid=8e50bb6e-6848-4314-aa8b-177ec9895d8c content-type=user type=lvm device-config:device=/dev/dm-1 name-label=xen01_vm_stor
# xe vm-list
# xe vbd-list vm-uuid=
#xe vdi-copy uuid=vdi-uuid  sr-uuid=uuid_of_the_storage_where_will_be_copied
Posted by at No comments:

Thursday, January 24, 2013

Postfix masquerading

vim /etc/postfix/main.cf

Append:
smtp_generic_maps = hash:/etc/postfix/generic

vim /etc/postfix/generic

Append:

apache@localhost.localdomain no-reply@something.com
root@localhost.localdomain no-reply@something.com


postmap /etc/postfix/generic

service postfix restart
Posted by at No comments:

Wednesday, January 9, 2013

Multipathing on Xen


remove the existing multipath.conf file and add this
# modprobe dm-multipath
# modprobe dm-round-robin

# service multipathd start
# xe sr-probe type=lvmohba host-uuid=183c6963-44ad-45b0-967e-e92c2b4603cc
# multipath -v2
# multipath -ll

# xe sr-create host-uuid=183c6963-44ad-45b0-967e-e92c2b4603cc content-type=user type=lvm device-config:device=/dev/dm-1 name-label=db01_stor

Posted by at No comments:

multipath config



# This is a basic configuration file with some examples, for device mapper
# multipath.
# For a complete list of the default configuration values, see
# /usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.defaults
# For a list of configuration options with descriptions, see
# /usr/share/doc/device-mapper-multipath-0.4.7/multipath.conf.annotated


# Blacklist all devices by default. Remove this to enable multipathing
# on the default devices.
#blacklist {
#        devnode "*"
#}

#blacklist {
 #      devnode "sdc"
#}



## By default, devices with vendor = "IBM" and product = "S/390.*" are
## blacklisted. To enable mulitpathing on these devies, uncomment the
## following lines.
#blacklist_exceptions {
#       device {
#               vendor  "IBM"
#               product "S/390.*"
#       }
#}

## Use user friendly names, instead of using WWIDs as names.
defaults {
        user_friendly_names yes
}
##
## Here is an example of how to configure some standard options.
##
#
#defaults {
#       multipath_tool  "/sbin/multipath -v0"
#       udev_dir        /dev
#       polling_interval 10
#       default_selector        "round-robin 0"
#       default_path_grouping_policy    failover
#       default_getuid_callout  "/sbin/scsi_id -g -u -s /block/%n"
#       default_prio_callout    "/bin/true"
#       default_features        "0"
#       rr_min_io              100
#       failback                immediate
#}
defaults {
       udev_dir                /dev
       polling_interval        10
       selector                "round-robin 0"
       path_grouping_policy    multibus
       getuid_callout          "/sbin/scsi_id -g -u -s /block/%n"
       prio_callout            /bin/true
       path_checker            readsector0
       rr_min_io               100
       max_fds                 8192
       rr_weight               priorities
       failback                immediate
       no_path_retry           fail
}

Posted by at No comments:
Subscribe to: Comments (Atom)