2017-09-05

On uvcon - keyboard combination

Got a helping hand from my colleague today as I was having a hard time for the correct keyboard combination to release and/or steal RMC console of MC990X.

$ ssh 10.0.35.18 -l root
root@10.0.35.18's password:
HPE Integrity MC990 X RMC, Rev. 1.1.99   [Bootloader 1.1.4]
Copyright 2012-2016, SGI.   All rights reserved.
hana01-rmc RMC:r001i05c> uvcon
uvcon: tty mode disabled, use 'CTRL-C' to exit
uvcon: attempting connection to localhost...
uvcon: connection to SMN/CMC (localhost) established.
uvcon: requesting baseio console access at r001i06b...
uvcon: console access established (OWNER)
uvcon: CMC <--> BASEIO connection active
************************************************
*******  START OF CACHED CONSOLE OUTPUT  *******
************************************************
uvcon: escape codes:                           
uvcon:    ctrl-] s    steal console
uvcon:    ctrl-] r    release console
uvcon:    ctrl-] b    send break                  

uvcon:    ctrl-] c    connection status           

uvcon:    ctrl-] q    quit (if active console)    

uvcon:    ctrl-] ?|h  this help
      

So these are the following key codes:

From nxclient you can use: CTRL+ ALTGr + 9 and then <letter of your choice>
From putty you can use: CTRL + ~~ and then <letter of your choice>

Note: I am using Dansk keyboard though.

2017-08-18

AIX: New password requires a minimum of 1 elapsed week between changes.

Got an error message when I tried changing root's password subsequently.

New password requires a minimum of 1 elapsed week between changes.
Only the system administrator can change this password.

Solution is to use the NOCHECK of pwdadm command.

AIX xxxndsap01 1 7 00EA1A4B6C00
$ sudo pwdadm -f NOCHECK root; sudo chpasswd < .2017R4_root.pwd

2017-08-11

Adding "HP Repo" in Linux

To be able to install few missing drivers/tools for HP Proliant, did some research on how to do it and here in my post that by adding "HP repo" this can be real quick and easy.

$ wget https://downloads.linux.hpe.com/SDR/add_repo.sh
--2017-07-25 16:39:13--  https://downloads.linux.hpe.com/SDR/add_repo.sh
Resolving downloads.linux.hpe.com... 16.248.64.116
Connecting to downloads.linux.hpe.com|16.248.64.116|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 22183 (22K) [application/x-sh]
Saving to: “add_repo.sh”
100%[======================================================================================================================>] 22,183      --.-K/s   in 0.1s 
2017-07-25 16:39:14 (161 KB/s) - “add_repo.sh” saved [22183/22183]

$ sudo sh add_repo.sh spp
$ sudo yum repolist
Loaded plugins: product-id, refresh-packagekit, search-disabled-repos, security, subscription-manager, versionlock
HP-spp                                                                                                                                   | 2.5 kB     00:00   
HP-spp/primary_db                                                                                                                        | 1.7 MB     00:04   
repo id                                                           repo name                                                                               status
HP-spp                                                            HP Software Delivery Repository for spp                                                  1,361
rhel-6-server-rpms                                                Red Hat Enterprise Linux 6 Server (RPMs)                                                19,615
repolist: 20,976

$ sudo yum install hp-health hpssacli hpssa hpssacli
Loaded plugins: product-id, refresh-packagekit, search-disabled-repos, security, subscription-manager, versionlock
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package hp-health.x86_64 0:10.50-1826.38.rhel6 will be updated
---> Package hp-health.x86_64 0:10.60-1833.33.rhel6 will be an update
---> Package hpssa.x86_64 0:2.40-13.0 will be installed
---> Package hpssacli.x86_64 0:2.40-13.0 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================
 Package                              Arch                              Version                                         Repository                         Size
================================================================================================================================================================
Installing:
 hpssa                                x86_64                            2.40-13.0                                       HP-spp                            9.1 M
 hpssacli                             x86_64                            2.40-13.0                                       HP-spp                             11 M
Updating:
 hp-health                            x86_64                            10.60-1833.33.rhel6                             HP-spp                            324 k
Transaction Summary
================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)
Total download size: 21 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): hp-health-10.60-1833.33.rhel6.x86_64.rpm                                                                                          | 324 kB     00:00   
(2/3): hpssa-2.40-13.0.x86_64.rpm                                                                                                        | 9.1 MB     00:22   
(3/3): hpssacli-2.40-13.0.x86_64.rpm                                                                                                     |  11 MB     00:26   
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                           392 kB/s |  21 MB     00:53   
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Upgrade
  Using Proliant Standard
        IPMI based System Health Monitor
 
  Shutting down NIC Agent Daemon (cmanicd): [  OK  ]

  Shutting down Storage Event Logger (cmaeventd): [  OK  ]
  Shutting down FCA agent (cmafcad): [  OK  ]
  Shutting down SAS agent (cmasasd): [  OK  ]
  Shutting down IDA agent (cmaidad): [  OK  ]
  Shutting down IDE agent (cmaided): [  OK  ]
  Shutting down SCSI agent (cmascsid): [  OK  ]
  Shutting down Health agent (cmahealthd): [  OK  ]
  Shutting down Standard Equipment agent (cmastdeqd): [  OK  ]
  Shutting down Host agent (cmahostd): [  OK  ]
  Shutting down Threshold agent (cmathreshd): [  OK  ]
  Shutting down RIB agent (cmasm2d): [  OK  ]
  Shutting down Performance agent (cmaperfd): [  OK  ]
  Shutting down SNMP Peer (cmapeerd): [  OK  ]
  Shutting down Proliant Standard
        IPMI based System Health Monitor (hpasmlited): [  OK  ]
Waiting for hp-asrd[6119 6118] to terminate
HP Advanced Server Recovery Daemon Terminated[  OK  ]
  Updating   : hp-health-10.60-1833.33.rhel6.x86_64                                                                                                         1/4
Please read the Licence Agreement for this software at
         /opt/hp/hp-health/hp-health.license
By not removing this package, you are accepting the terms
of the "HPE Proliant Essentials Software End User License Agreement".
  Using Proliant Standard
        IPMI based System Health Monitor
  Starting Proliant Standard
        IPMI based System Health Monitor (hpasmlited):
   OK  ]
Starting HP Advanced Server Recovery Daemon[  OK  ]
The hp-health RPM has installed successfully.
  Installing : hpssa-2.40-13.0.x86_64                                                                                                                       2/4
  Installing : hpssacli-2.40-13.0.x86_64                                                                                                                    3/4
  Cleanup    : hp-health-10.50-1826.38.rhel6.x86_64                                                                                                         4/4
  Verifying  : hpssacli-2.40-13.0.x86_64                                                                                                                    1/4
  Verifying  : hpssa-2.40-13.0.x86_64                                                                                                                       2/4
  Verifying  : hp-health-10.60-1833.33.rhel6.x86_64                                                                                                         3/4
  Verifying  : hp-health-10.50-1826.38.rhel6.x86_64                                                                                                         4/4
Installed:
  hpssa.x86_64 0:2.40-13.0                                                      hpssacli.x86_64 0:2.40-13.0                                                   
Updated:
  hp-health.x86_64 0:10.60-1833.33.rhel6                                                                                                                     
Complete!

$ whereis hpssacli
hpssacli: /usr/sbin/hpssacli /usr/man/man8/hpssacli.8.gz

2017-08-04

Using CDPR to check information about network switch and port

I have posted in the past on my previous blog about how to discover this network information and this is using tcpdump.  Now I needed to post about the use of CDPR - Cisco Discovery Protocol Reporter so as not to forget this, after all this is quite useful tool.

$ hostname
benue

$ sudo rpm -ivh ftp://195.220.108.108/linux/epel/6/x86_64/cdpr-2.4-1.el6.x86_64.rpm
Retrieving ftp://195.220.108.108/linux/epel/6/x86_64/cdpr-2.4-1.el6.x86_64.rpm
warning: /var/tmp/rpm-tmp.8ET6wR: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:cdpr                   ########################################### [100%]

$ sudo cdpr -d bond0
cdpr - Cisco Discovery Protocol Reporter
Version 2.4
Copyright (c) 2002-2010 - MonkeyMental.com

Using Device: bond0
Waiting for CDP advertisement:
(default config is to transmit CDP packets every 60 seconds)
Device ID
  value:  sdkbn2p01nn053(SSI160209PE)
Addresses
  value:  10.200.190.130
Port ID
  value:  Ethernet100/1/8

2017-07-20

/usr/bin/which: no qaucli

One of my colleague from Backup team requested to check why our media servers don't have the utility qaucli installed.  So I did some research and found out how to install it.

Source download:  http://driverdownloads.qlogic.com/ and choose the QConvergeConsole CLI for Linux under Management Tools.  And how I am able to get the information, I just did the following:

I went to one of our media servers who has this utility installed.

# qaucli -v
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /root
QConvergeConsole
CLI - Version 1.1.4 (Build 65)
Copyright (C) 2015 QLogic Corporation
Build Type: Release
Build Date: Sep 23 2015 12:47:50 
# which qaucli
/usr/local/bin/qaucli 
# yum whatprovides '*qaucli*'
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
rhel-x86_64-server-6                                                                                                                     | 1.8 kB     00:00  
https://mirrors.dotsrc.org/fedora-epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
http://mirror.vutbr.cz/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Trying other mirror.
http://mirror.nl.leaseweb.net/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Trying other mirror.
https://anorien.csc.warwick.ac.uk/mirrors/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
https://mirrors.nic.cz/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
epel/filelists_db                                                                                                                        | 7.7 MB     00:03  
rhel-x86_64-server-6/filelists                                                                                                           |  33 MB     00:04  
QConvergeConsoleCLI-1.1.04-65.x86_64 : QConvergeConsole Command Line Interface
Repo        : installed
Matched from:
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli_contents.dat
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/libiscsi-qaucli-preun.sh
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/libiscsi-qaucli-post.sh
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli

So that's how I figured it out.  So I simply downloaded it (can't do it directly as there's an agreement box so I just copied over from my Windows machine to our NFS server).  Three media servers don't have this utility so I installed them as well via SSH thru for-do loop (of course I ensured that I can logon to these servers using my SSH keys to skip the password prompt).

$ for i in koios leto zefyr; do ssh -q $i.bck.corp.nnit.org -t "hostname; sudo yum install /depot/linux/sw_store/drivers_utils/utils/qlogic/QConvergeConsoleCLI-2.1.00-11.x86_64.rpm -y"; done

And to verify that it's working, I tried running the tool.

$ for i in dione koios leto zefyr; do ssh -q $i.bck.corp.nnit.org -t "sudo qaucli -iport"; echo -e "***********\r\n"; done                  
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106E Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FC-CD
               WWPN: 51-40-2E-C0-00-F3-FC-CC
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FC-CF
               WWPN: 51-40-2E-C0-00-F3-FC-CE
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106T Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-85
               WWPN: 51-40-2E-C0-00-F3-57-84
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-87
               WWPN: 51-40-2E-C0-00-F3-57-86
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717102M Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FA-D9
               WWPN: 51-40-2E-C0-00-F3-FA-D8
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FA-DB
               WWPN: 51-40-2E-C0-00-F3-FA-DA
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717102X Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FA-FD
               WWPN: 51-40-2E-C0-00-F3-FA-FC
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FA-FF
               WWPN: 51-40-2E-C0-00-F3-FA-FE
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106U Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-89
               WWPN: 51-40-2E-C0-00-F3-57-88
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-8B
               WWPN: 51-40-2E-C0-00-F3-57-8A
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106V Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-8D
               WWPN: 51-40-2E-C0-00-F3-57-8C
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-8F
               WWPN: 51-40-2E-C0-00-F3-57-8E
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C971710MW Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-5F-4D
               WWPN: 51-40-2E-C0-00-F3-5F-4C
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-5F-4F
               WWPN: 51-40-2E-C0-00-F3-5F-4E
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C971710N0 Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-5F-5D
               WWPN: 51-40-2E-C0-00-F3-5F-5C
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-5F-5F
               WWPN: 51-40-2E-C0-00-F3-5F-5E
***********


Using NetBackup's BPRESTORE command for File Restoration

Got a request today to restore files on /opt/oracle/diag/rdbms/pasx06p/PASX06P/trace and placing them to /data/ora_fra01/diag and since I am a bit lazy and lots of work to do, I did not do it on the GUI.

I used this reference as guide: How to run bprestore

On the destination server I prepared the following files (I am doing the restore on same source and target machine).

$ cat restorefiles.in
change /opt/oracle/diag/rdbms/pasx06p/PASX06P/trace/* to /data/ora_fra01/diag

$ cat filelist.in
/opt/oracle/diag/rdbms/pasx06p/PASX06P/trace

$ sudo /usr/openv/netbackup/bin/bprestore -s 05/19/2017 00:00:00 -e 05/27/2017 00:00:00 -L /tmp/restore-170719.log -R /tmp/restorefiles.in -f /tmp/filelist.in 

Now I am checking on the NetBackup Master Server the status of the job.

# bpdbjobs | grep uxmach01 | head -1
232661         Backup  Done      0                       BRMC_ORACLE_ARCHIVE_SILVER    pasx06tp_archive      uxmach01.np.lan       nbubkmast01      28589      No        

Done!  Files have been restored.

$ ls -l /data/ora_fra01/diag | wc -l
1076


2017-07-17

Connecting to PostgreSQL via command line

Got an alarm that this server has high CPU and memory usage.  So I am posting this as it's been quite a while since I used PostgreSQL.

$ cat /etc/redhat-release; uname -r
Red Hat Enterprise Linux Server release 5.7 (Tikanga)
2.6.18-274.12.1.el5

$ free -g | awk '/Mem:/ {print "Physical Memory: " $2 "GB."} /cache:/ {print "Resident: " $3 "GB."}'
Physical Memory: 15GB.
Resident: 4GB.

# su - postgres
-bash-3.2$ psql
Welcome to psql 8.2.13, the PostgreSQL interactive terminal.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

postgres=# \list
        List of databases
   Name    |  Owner   | Encoding
-----------+----------+-----------
 dmon2     | postgres | SQL_ASCII
 postgres  | postgres | SQL_ASCII
 template0 | postgres | SQL_ASCII
 template1 | postgres | SQL_ASCII
(4 rows)

postgres=# \connect postgres
You are now connected to database "postgres".

postgres-# \dt *.
                        List of relations
       Schema       |          Name           | Type  |  Owner
--------------------+-------------------------+-------+----------
 information_schema | sql_features            | table | postgres
 information_schema | sql_implementation_info | table | postgres
 information_schema | sql_languages           | table | postgres
 information_schema | sql_packages            | table | postgres
 information_schema | sql_parts               | table | postgres
 information_schema | sql_sizing              | table | postgres
 information_schema | sql_sizing_profiles     | table | postgres
(7 rows)

postgres=# SELECT procpid, datname, usename, query_start, current_query FROM pg_stat_activity ORDER BY backend_start DESC;
 procpid | datname  | usename  |          query_start          |                                                  current_query                                                
---------+----------+----------+-------------------------------+-----------------------------------------------------------------------------------------------------------------
   18523 | postgres | postgres | 2017-07-17 11:32:50.468531+02 | SELECT procpid, datname, usename, query_start, current_query FROM pg_stat_activity ORDER BY backend_start DESC;
   26119 | dmon2    | postgres | 2017-07-17 11:31:28.19822+02  | <IDLE>
   29143 | dmon2    | postgres | 2017-07-17 11:32:38.642829+02 | <IDLE>
    3436 | dmon2    | postgres | 2017-05-07 14:40:08.272183+02 | <IDLE>
   11059 | dmon2    | postgres | 2017-07-17 11:32:45.481078+02 | <IDLE>
   11006 | dmon2    | postgres | 2017-07-17 11:31:17.727868+02 | <IDLE>
   10977 | dmon2    | postgres | 2017-07-17 11:31:24.22136+02  | <IDLE>
   10974 | dmon2    | postgres | 2017-07-17 11:30:54.889548+02 | <IDLE>
   10966 | dmon2    | postgres | 2017-07-17 11:32:49.523143+02 | <IDLE>
   10963 | dmon2    | postgres | 2017-07-17 11:32:47.432331+02 | <IDLE>
   10960 | dmon2    | postgres | 2017-07-17 11:31:57.597219+02 | <IDLE>
   10957 | dmon2    | postgres | 2017-07-17 11:32:50.064883+02 | SELECT *, to_unixtime(schedtime) as uschedtime FROM v_rt_backend_checkqueue ORDER BY random()+1 LIMIT 300 ;
(12 rows)

postgres-# \q

Checking max_connections and shared_buffers seems fine.  And the kernel.shmmax seems OK too.

$ sudo cat /etc/sysctl.conf | grep shmmax
kernel.shmmax = 68719476736

$ sudo cat /var/lib/pgsql/data/postgresql.conf | egrep -i 'max_connections|shared_buffers' | grep -v '^#'
max_connections = 100                   # (change requires restart)
shared_buffers = 512MB                  # min 128kB or max_connections*16kB

Funny thing was, after I increased the /opt and /data3, seems that processes for postmaster went down.

$ sudo top -b -n 1 | head -n 24
top - 13:12:36 up 81 days, 22:23,  2 users,  load average: 1.54, 1.27, 1.23
Tasks: 250 total,   1 running, 249 sleeping,   0 stopped,   0 zombie
Cpu(s): 21.9%us,  4.0%sy,  0.0%ni, 72.1%id,  1.6%wa,  0.1%hi,  0.4%si,  0.0%st
Mem:  16436100k total, 16297896k used,   138204k free,  1285472k buffers
Swap: 12582904k total,      124k used, 12582780k free, 10205132k cached
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                          
11910 root      15   0 54636  14m 1884 S 10.9  0.1   3812:57 isdn30                                                                                          
11052 root      15   0 72076  16m 2560 S  3.6  0.1   9547:11 ciscoenv                                                                                        
10954 root      15   0 69496  32m 1248 S  1.8  0.2   6168:40 checkd                                                                                          
11050 root      15   0  102m  42m 2756 S  1.8  0.3   2456:42 cisconx-env                                                                                      
22844 root      15   0 31676 3336 1980 R  1.8  0.0   0:00.06 top                                                                                              
    1 root      15   0 10368  692  580 S  0.0  0.0   0:02.19 init                                                                                            
    2 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/0                                                                                      
    3 root      34  19     0    0    0 S  0.0  0.0   0:09.30 ksoftirqd/0                                                                                      
    4 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/1                                                                                      
    5 root      34  19     0    0    0 S  0.0  0.0   0:00.20 ksoftirqd/1                                                                                      
    6 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/2                                                                                      
    7 root      34  19     0    0    0 S  0.0  0.0   0:00.20 ksoftirqd/2                                                                                      
    8 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/3                                                                                      
    9 root      34  19     0    0    0 S  0.0  0.0   0:00.19 ksoftirqd/3                                                                                      
   10 root      10  -5     0    0    0 S  0.0  0.0   0:01.57 events/0                                                                                        
   11 root      10  -5     0    0    0 S  0.0  0.0   0:00.26 events/1                                                                                        
   12 root      10  -5     0    0    0 S  0.0  0.0   0:00.24 events/2

2017-07-14

Scheduling a user's job using command 'at'

I just thought of creating a schedule job using the Linux command 'at'.  Here's what I did.

$ at -t 1707141900
at> sudo yum install kernel-2.6.32-642.13.2.el6 kernel-devel-2.6.32-642.13.2.el6 kernel-headers-2.6.32-642.13.2.el6 kernel-firmware-2.6.32-642.13.2.el6 redhat-release-server-6Server-6.8*.el6 -y
at> sudo yum -x kernel*,redhat-release* update -y --nogpgcheck
at> sudo reboot
at> <EOT>
job 2 at 2017-07-14 19:00

$ atq
2       2017-07-14 19:00 a mmond

There have been some instances that you want to run the job on a different schedule, so it's in man pages and lots of examples from the web. But below are the ones I used which are pretty much straight-forward.

at 7 pm Tuesday
at now +5 minutes

Now I played around and see if I can patch the test server and reboot it afterwards.  And to display the content of my job id #2, I use "at -c 2".

$ at -c 2
#!/bin/sh
# atrun uid=8811 gid=804
# mail mmond 0
umask 22
HOSTNAME=dksvrlog01.a.globalhosting.net; export HOSTNAME
SHELL=/usr/bin/ksh; export SHELL
HISTSIZE=1000; export HISTSIZE
SSH_CLIENT=10.16.120.18\ 11986\ 22; export SSH_CLIENT
QTDIR=/usr/lib64/qt-3.3; export QTDIR
QTINC=/usr/lib64/qt-3.3/include; export QTINC
SSH_TTY=/dev/pts/1; export SSH_TTY
USER=mmond; export USER
LS_COLORS=rs=0:di=01\;34:ln=01\;36:mh=00:pi=40\;33:so=01\;35:do=01\;35:bd=40\;33\;01:cd=40\;33\;01:or=40\;31\;01:mi=01\;05\;37\;41:su=37\;41:sg=30\;43:ca=30\;41:tw=30\;42:ow=34\;42:st=37\;44:ex=01\;32:\*.tar=01\;31:\*.tgz=01\;31:\*.arj=01\;31:\*.taz=01\;31:\*.lzh=01\;31:\*.lzma=01\;31:\*.tlz=01\;31:\*.txz=01\;31:\*.zip=01\;31:\*.z=01\;31:\*.Z=01\;31:\*.dz=01\;31:\*.gz=01\;31:\*.lz=01\;31:\*.xz=01\;31:\*.bz2=01\;31:\*.tbz=01\;31:\*.tbz2=01\;31:\*.bz=01\;31:\*.tz=01\;31:\*.deb=01\;31:\*.rpm=01\;31:\*.jar=01\;31:\*.rar=01\;31:\*.ace=01\;31:\*.zoo=01\;31:\*.cpio=01\;31:\*.7z=01\;31:\*.rz=01\;31:\*.jpg=01\;35:\*.jpeg=01\;35:\*.gif=01\;35:\*.bmp=01\;35:\*.pbm=01\;35:\*.pgm=01\;35:\*.ppm=01\;35:\*.tga=01\;35:\*.xbm=01\;35:\*.xpm=01\;35:\*.tif=01\;35:\*.tiff=01\;35:\*.png=01\;35:\*.svg=01\;35:\*.svgz=01\;35:\*.mng=01\;35:\*.pcx=01\;35:\*.mov=01\;35:\*.mpg=01\;35:\*.mpeg=01\;35:\*.m2v=01\;35:\*.mkv=01\;35:\*.ogm=01\;35:\*.mp4=01\;35:\*.m4v=01\;35:\*.mp4v=01\;35:\*.vob=01\;35:\*.qt=01\;35:\*.nuv=01\;35:\*.wmv=01\;35:\*.asf=01\;35:\*.rm=01\;35:\*.rmvb=01\;35:\*.flc=01\;35:\*.avi=01\;35:\*.fli=01\;35:\*.flv=01\;35:\*.gl=01\;35:\*.dl=01\;35:\*.xcf=01\;35:\*.xwd=01\;35:\*.yuv=01\;35:\*.cgm=01\;35:\*.emf=01\;35:\*.axv=01\;35:\*.anx=01\;35:\*.ogv=01\;35:\*.ogx=01\;35:\*.aac=01\;36:\*.au=01\;36:\*.flac=01\;36:\*.mid=01\;36:\*.midi=01\;36:\*.mka=01\;36:\*.mp3=01\;36:\*.mpc=01\;36:\*.ogg=01\;36:\*.ra=01\;36:\*.wav=01\;36:\*.axa=01\;36:\*.oga=01\;36:\*.spx=01\;36:\*.xspf=01\;36:; export LS_COLORS
A__z=\"\*SHLVL; export A__z
PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin; export PATH
MAIL=/var/spool/mail/mmond; export MAIL
PWD=/home/mmond; export PWD
LANG=en_US.UTF-8; export LANG
MODULEPATH=/usr/share/Modules/modulefiles:/etc/modulefiles; export MODULEPATH
LOADEDMODULES=; export LOADEDMODULES
HISTCONTROL=ignoredups; export HISTCONTROL
SHLVL=2; export SHLVL
HOME=/home/mmond; export HOME
LOGNAME=mmond; export LOGNAME
QTLIB=/usr/lib64/qt-3.3/lib; export QTLIB
CVS_RSH=ssh; export CVS_RSH
SSH_CONNECTION=10.16.120.18\ 11986\ 10.225.34.32\ 22; export SSH_CONNECTION
MODULESHOME=/usr/share/Modules; export MODULESHOME
LESSOPEN=\|\|/usr/bin/lesspipe.sh\ %s; export LESSOPEN
G_BROKEN_FILENAMES=1; export G_BROKEN_FILENAMES
cd /home/mmond || {
         echo 'Execution directory inaccessible' >&2
         exit 1
}
${SHELL:-/bin/sh} << 'marcinDELIMITER48cb17a0'
sudo yum install kernel-2.6.32-642.13.2.el6 kernel-devel-2.6.32-642.13.2.el6 kernel-headers-2.6.32-642.13.2.el6 kernel-firmware-2.6.32-642.13.2.el6 redhat-release-server-6Server-6.8*.el6 -y
sudo yum -x kernel*,redhat-release* update -y --nogpgcheck
sudo reboot
marcinDELIMITER48cb17a0


And I received a mail stating each commands executed.  Awesome!

2017-07-13

Problem moving (and copying) files with wildcard

Today I was approached by my colleague to help him rename files that have a starting character of hyphen "-".  I tried double quotes and single quote but it is not working.  Odd that I haven't encountered this for my last 3 years in Unix/Linux.

mv: invalid option -- 2
Try `mv --help' for more information.

Good thing I have searched around and find about the use of "./".  So I am posting it here.

# ls
-13:36:37.tgz  -13:36:56.tgz  -13:37:02.tgz
-13:36:53.tgz  -13:36:59.tgz  -13:37:05.tgz

Files have been generated via script, I just wonder what went wrong with that.  So I needed to rename it with hostname as its prefix.

# ls | while read i; do echo $i; mv ./$i `hostname`-`date +%Y%j%N`.tar.gz; done; ls -l
-13:36:37.tgz
-13:36:53.tgz
-13:36:56.tgz
-13:36:59.tgz
-13:37:02.tgz
-13:37:05.tgz
total 312
-rw-r--r-- 1 root root 17988 Jul 13 13:30 bucmes001.global.hosting.net-2017194000141000.tar.gz
-rw-r--r-- 1 root root 55112 Jul 13 13:30 bucmes001.global.hosting.net-2017194002990000.tar.gz
-rw-r--r-- 1 root root 59228 Jul 13 13:30 bucmes001.global.hosting.net-2017194005274000.tar.gz
-rw-r--r-- 1 root root 58821 Jul 13 13:30 bucmes001.global.hosting.net-2017194007552000.tar.gz
-rw-r--r-- 1 root root 59889 Jul 13 13:30 bucmes001.global.hosting.net-2017194010266000.tar.gz
-rw-r--r-- 1 root root 38151 Jul 13 13:30 bucmes001.global.hosting.net-2017194996296000.tar.gz

So everything works now!

2017-07-07

Using shpass and ssh-copy-id

I am about to do some little automation on getting information for 200+ Linux servers (and few Solaris boxes too), basically checking if the server has Samba installed and if it is vulnerable to CVE-2017-7494 so I used the script I got.  But of course this can be easily done with any vulnerability scanner like Qualys or Rapid7 (this article seems cool as Metasploit module has been released since 25th of May).

  • Most servers are authenticated via LDAP.
  • Few servers are restricted to country where I reside, and it seems to have a local account only (so I need to manually keep track on them).
  • I will use SSH for key-less login.

mmond@nx05[42]:~> ls -l ~/.ssh/
total 280
-rw------- 1 mmond domain users    407 Jan 30 10:01 authorized_keys
-r-------- 1 mmond domain users     25 Jul  6 23:33 config
-rwx------ 1 mmond domain users   1679 Jan 12 09:48 id_rsa
-rwx------ 1 mmond domain users    407 Jan 12 09:48 id_rsa.pub
-rwx------ 1 mmond domain users 269770 Jul  6 23:37 known_hosts
mmond@nx05[42]:~> chmod 0400 ~/.ssh/id_rsa*
mmond@nx05[42]:~> ls -l ~/.ssh/id_rsa.pub
-r-------- 1 mzmo domain users 407 Jan 12 09:48 /home/AD/mmond/.ssh/id_rsa.pub
mmond@nx05[42]:~> echo "$Jr80UizAC3" > Notes/cust/net/mit_pwd
mmond@nx05[42]:~> chmod 0400 Notes/cust/net/mit_pwd
mmond@nx05[42]:~> for i in $(cat Notes/cust/net/servers.list); do sshpass -f Notes/cust/net/mit_pwd ssh-copy-id -i /home/ADNOC/mmond/.ssh/id_rsa.pub -o StrictHostKeyChecking=no nnit-mmond@$i; done
....
....
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh -o 'StrictHostKeyChecking=no' 'nnit-mmond@taipei.net.hosted-global.local'"
and check to make sure that only the key(s) you wanted were added.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
mmond@nx05[42]:~> rm -rf Notes/cust/net/mit_pwd

All set. =)  I have removed my password since I won't be needing it.  So now, I will check if these Solaris boxes have Samba installed using the svcs command.  But I hope I can come up with another approach.

mmond@nx05[42]:~> for i in $(cat Notes/cust/net/temp.out)
> do
> ssh -q nnit-mmond@$i -t 'hostname; if (("$(sudo svcs | grep -i samba | wc -l)" <= 0)) ; then echo "Samba is not installed"; fi';
> done  

And from the above, all Solaris boxes do not have Samba installed which is good!

In addition, Oracle Support supplemented me with the following information (and they are  not providing any vulnerability script check just as what I got from Red hat):

Doc ID 1448883.1 (asks for Oracle login credentials) lists the fixes for this and other security alerts.

In short, in Solaris 11.3 the fix has been incorporated into sru20.6, so if you are running an sru with a higher(or equal to)  number than that you have our fix for the issue.

For Solaris 10, the following patches are available

sparc: 119757-40
x86: 119758-40

We will not be supplying a script to test for vulnerability.