switch> show version | include uptime
switch uptime is 1 year, 46 weeks, 5 days, 4 hours, 51 minutesget uptime from Cisco switch or router
Reply
Monthly Archives: July 2013
hot reconfigure haproxy without restart
If you don’t want to loose all of your current connections, you need to get haproxy to reload the new configuration without stopping and starting.
# haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)The -sf flag is for a soft reset.
NetApp access NTFS CIFS share from Unix host via NFS
NTFS vs. Unix style volume settings have nothing to do with which hosts can mount the volume, they have to do with permissions. To access a NTFS volume via NFS, first allow rw or root mounting in /etc/exports (you do have your root vol mounted on your admin boxes right?):
# sed -i '/cifsshare/d' /mnt/toaster/vol0/etc/exports
# echo '/vol/cifsshare -sec=sys,rw,root=someadminhost:anotherlinuxbox,anon=0,nosuid' >> /mnt/toaster/vol0/etc/exports
# ssh toaster
toaster> exportfs -a
toaster> Connection to toaster closed by remote host.
Connection to toaster closed.
#Mount the volume on your administration host and list the directory:
# mkdir -p /mnt/toaster/cifsshare
# mount toaster:/vol/cifsshare /mnt/toaster/cifsshare
# cd /mnt/toaster/cifsshare
# ls
ls: .: Permission denied
#
# whoami
root
#So even though we are able to mount this share via NFS, the NTFS permissions do not let us see what’s there. Check the filer to see what permissions context it has for ‘root’.
toaster> wcc -u root
Tue Jul 16 09:11:57 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Lookup of account "DOMAINNAME\root" failed: STATUS_NONE_MAPPED (0xc0000073).
(NT - UNIX) account name(s): (DOMAINNAME\guest - root)
***************
UNIX uid = 0
user is a member of group daemon (1)
user is a member of group daemon (1)
NT membership
DOMAINNAME\Guest
DOMAINNAME\Domain Guests
DOMAINNAME\Domain Users
BUILTIN\Guests
BUILTIN\Users
User is also a member of Everyone, Network Users,
Authenticated Users
***************
toaster> Looks like the filer doesn’t recognize the user ‘root’ and sees it as a guest. This explains why we might not have permissions in the ‘cifsshare’ mount. The solution is to add a user mapping so that user ‘root’ is recognized as ‘administrator’ for the domain ‘DOMAINNAME’. Make an entry in usermap.cfg (you do have your root vol mounted on your admin boxes right?):
echo 'DOMAINNAME\administrator == root' >>/mnt/toaster/vol0/etc/usermap.cfgNow let’s see what user ‘root’ is seen as from the view of the filer:
toaster> wcc -u root
Tue Jul 16 09:12:30 PDT [toaster: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "DOMAINNAME\administrator" in domain "DOMAINNAME"..
(NT - UNIX) account name(s): (DOMAINNAME\administrator - root)
***************
UNIX uid = 0
user is a member of group daemon (1)
user is a member of group daemon (1)
NT membership
DOMAINNAME\administrator
DOMAINNAME\Enterprise Admins
DOMAINNAME\Exchange Recovery Administrators
DOMAINNAME\Schema Admins
<a ton of other stuff here>
BUILTIN\Administrators
BUILTIN\Users
User is also a member of Everyone, Network Users,
Authenticated Users
***************
toaster>
Now we have all the privileges that the domain administrator has, and we can view, list, and alter files that the domain administrator has permissions for. In a production environment, you could just map a Linux admin jdoe to DOMAINNAME\jdoe assuming they had domain admin permissions.
change mysql password
Here’s one way to change a mysql password:
mysql> use mysql;
mysql> update user set password=PASSWORD("NEWsecretPASSWORD123") where User='ForDoDone';authorized ssh keys for ESXi 5.1
They go here:
# ls -l /etc/ssh/keys-root/authorized_keys
-rw------T 1 root root 1572 Jul 9 22:24 /etc/ssh/keys-root/authorized_keysYou can put them on the kickstart server and get them during install using this line in the ks.cfg file:
# install ssh keys
wget http://10.101.40.41/preseed/ESXi/5.1/authorized_keys -O /etc/ssh/keys-root/authorized_keys
increase max number NFS mounts in ESXi 5.1
# esxcli system settings advanced set -o /NFS/MaxVolumes -i 256get directory mtime in unix time
In scripts when you need to compare last modification date of directories, you can get the date using stat in a unix timestamp or seconds from the Epoch:
# stat -c '%Z' /usr/local/sbin
1373673278
Using date you can get the same format like this:
# date +%s
1373673486You could use this in a script to do something if a directory is older or newer than some amount of time:
#!/bin/bash # FILE: sync_usr_local_sbin.sh # AUTHOR: ForDoDone <fordodone at email.com> # DATE: 2013-07-12 # NOTES: syncs /usr/local/sbin to hostxyz if it's been modified in the last 5 minutes # now=`date +%s` uls_lastmtime=`stat -c '%Z' /usr/local/sbin` uls_diff=$(echo $now - $uls_lastmtime |bc) if [ $uls_diff -lt 300 ] then rsync -a /usr/local/sbin/ hostxyz:/usr/local/sbin fi
Of course rsync has a bunch of options to check whether it needs to do an update of files, this is just an example.
SCP files from one host to another
Everyone knows how to copy files around using SCP, but it can be a pain if you have to enter passwords for every copy. If you have an administration host with shared ssh keys to every other host, you can just use a quick little one liner to drag files from hostA, through the admin box, over to hostB:
adminbox # ssh hostA "tar cf - /usr/local/sbin/myscript.sh 2>/dev/null" | ssh hostB "cd / && tar xvf - 1>/dev/null"Using tar, the file is output to STDOUT and piped over ssh, then read from STDIN. It copies /usr/local/sbin/myscript.sh from hostA to hostB. Because the admin box has ssh keys to both hostA and hostB, the process is automatic and does not require password authentication. This means you can use this method in scripts for batch copies, etc. Also, you won’t have to create a temporary copy on the admin host.
Drop it into a simple shell script and it will be even easier:
#!/bin/bash # FILE: file_dragger.sh # AUTHOR: fordodone <fordodone at email.com> # DATE: 2013/07/11 # NOTES: drags a file from one host to another # if [ $# -ne 3 ] then echo "" echo "usage: </full/path/to/file> <src> <dst>" echo "" exit fi ssh $2 "tar cf - $1 2>/dev/null" | ssh $3 "cd / && tar xvf - 1>/dev/null"
To use it for the original copy example do this:
# file_dragger.sh /usr/local/sbin/myscript.sh hostA hostB
#set NetApp administration hosts
When creating a volume on a NetApp system, if NFS is licensed an entry in /etc/exports will be created for the new volume. It adds the administration hosts (configured at setup) to have root access to the new volume. If you change admin hosts, or add new ones, you need to update /etc/exports to reflect the change, however, any subsequent volume creations will still be using the old admin hosts list. Use the hidden option ‘admin.hosts’ to see the current admin hosts:
toaster> options admin.hosts
admin.hosts 10.14.33.141,10.14.22.141 Update the list:
toaster> options admin.hosts 10.14.33.141,172.16.11.23,192.168.1.3
toaster>
toaster> options admin.hosts
admin.hosts 10.14.33.141,172.16.11.23,192.168.1.3
toaster>delete files with unrecognized characters
For whatever reason you may find some files with unrecognized or missencoded characters that need to be removed. Because the terminal doesn’t recognize the characters it’s difficult to do anything with them.
# ls -l
-rw-r--r-- 1 www-data www-data 14828193 Nov 26 2008 ?¡?ú?©?ç?}?¤?I?@á�????�?ï?i?r?g?j?j [51] 2008.10.02 ?w?¼?e?Ɋm?F?µ?Ă݂܂·?I?x - HirataTalk +AB Quiz.wma
-rw-r--r-- 1 www-data www-data 14568695 Nov 26 2008 ?V?g?ƈ«???̎·???J?t?F?ւ悤?±?» [01] 2007.08.31 - ?ò?é?݂䂫.wma
-rw-r--r-- 1 www-data www-data 11898139 Nov 26 2008 ?V?g?ƈ«???̎·???J?t?F?ւ悤?±?» [02] 2007.09.07 - kukui.wma
-rw-r--r-- 1 www-data www-data 11642799 Nov 26 2008 ?V?g?ƈ«???̎·???J?t?F?ւ悤?±?» [03] 2007.09.14 - ?ێu???ê?N.wma
#Use the -i flag with ls to obtain the inode number of the files:
# ls -li
6886578 -rw-r--r-- 1 www-data www-data 14828193 Nov 26 2008 ?¡?ú?©?ç?}?¤?I?@á�????�?ï?i?r?g?j?j [51] 2008.10.02 ?w?¼?e?Ɋm?F?µ?Ă݂܂·?I?x - HirataTalk +AB Quiz.wma
6886580 -rw-r--r-- 1 www-data www-data 14568695 Nov 26 2008 ?V?g?ƈ«???̎·???J?t?F?ւ悤?±?» [01] 2007.08.31 - ?ò?é?݂䂫.wma
6886581 -rw-r--r-- 1 www-data www-data 11898139 Nov 26 2008 ?V?g?ƈ«???̎·???J?t?F?ւ悤?±?» [02] 2007.09.07 - kukui.wma
6886582 -rw-r--r-- 1 www-data www-data 11642799 Nov 26 2008 ?V?g?ƈ«???̎·???J?t?F?ւ悤?±?» [03] 2007.09.14 - ?ێu???ê?N.wma
#Now use find with the -inum flag to find only the file with a specific inode number. Then delete it:
# find . -inum 6886578 -delete
#