pátek 25. dubna 2014

hardware testing

1. memory

Use either
  • standalone memtest86+, running from USB or CD, or a free version of Memtest 5.
  • user space program memtester (available as RPM): 
    memtester 1024

    This command tests 1G of ram. Run as root.

2. CPU

use Mprime under torture test mode
./mprime -d -t

3. disk

use Bonnie++ package, perhaps several times concurrently
bonnie++ -p 3
bonnie++ -y 1 -s $((512*1024)) > out1 &
bonnie++ -y 1 -s $((512*1024)) > out2 &
bonnie++ -y 1 -s $((512*1024)) > out3 &

The first command creates semaphores for three synchronous tests. Use "-p -1" to clear the semaphores.

4. LAN 

ssh connection between two machines 
dd if=/dev/zero |ssh  -c blowfish remote "dd=/dev/null"
Choice of encryption depends on capabilities of CPUs. This can generate higher throughput on certain CPU (e.g. without AES_NI)
dd if=/dev/zero bs=16M |ssh -c arcfour  remote "cat > /dev/null "

To test the raw connection: 
nc -l  4671 >/dev/null & ssh  remote_comp "dd if=/dev/zero | nc  local_comp 4671 "; fg

or using iperf: 
server:~> iperf -s  -p 4671
client:~> iperf -c server -p 4671 -d -L 4672 -t $((10*60*60)) -i 5
(connect to port 4671, listen on port 4672, run test  for 10 hours, each 5 seconds show the bandwidth report)
Vystavil v Žádné komentáře:
Štítky: , , , , , , , , ,

grub2 repair

1. boot rescue

2. mount root (and boot) partition

3.
mount --bind /proc /mnt/sda2/proc
mount --bind /sys /mnt/sda2/sys
mount --bind /dev /mnt/sda2/dev

4.
chroot /mnt

5. Then, inside 'chroot'ed  environment (not necessary if grub.cfg exists)
grub2-mkconfig -o /boot/grub2/grub.cfg

6.
grub2-install /dev/sda
(resp. grub2-install --force --debug /dev/sda )

7. exit, reboot
Vystavil v Žádné komentáře:
Štítky: , ,

čtvrtek 17. dubna 2014

rsync backup command

spravne reseni:
viz http://stackoverflow.com/questions/21148145/rsync-command-with-filter-in-a-bash-variable

 RSYNCCMD=rsync
RSYNCOPTS=(-aHx --delete            \
 --exclude '*/.beagle*'          \
 --exclude '*/.gvfs/*'          \
 --exclude '*/.google/*'          \
 --exclude '*.gconf*'           \
 --exclude '*/[Cc]ache/*'       \
 --exclude '*/.[Cc]ache/*'       \
 --exclude '*/sysel*/*'       \
 --exclude '*/[Tt]rash/*'       \
 --exclude 'cyril/tmp/*'       \
 --exclude 'cyril/.thumbnails/*'       \
 --exclude 'cyril/.opera/images/*'  \
 --exclude 'cyril/.opera/opcache/*'  \
 --exclude 'cyril/.nautilus/metafiles/*')


  $RSYNCCMD "${RSYNCOPTS[@]}" /home/cyril "$TGT"


problem s .gvfs:


reseni 1 :

RSYNCCMD="rsync -aHP --delete --max-size=4G \
 --exclude 'tmp/*'          \
 --exclude 'var/tmp/*'          \
 --exclude 'var/lock/*'          \
 --exclude 'var/lib/ntp/proc*'          \
 --exclude 'var/crash/*'          \
 --exclude '*/[Cc]ache/*'       \
 --exclude '*/.opera/opcache/*'       \
 --exclude '*/.[Cc]ache/*'       \
 --exclude '.[Cc]ache/*'       \
 --exclude '*/.gvfs' \
 --exclude '.gvfs' \
 --exclude '*/.opera/icons/*'       \
 --exclude '*/.thumbnails/*'       \
 --exclude '.thumbnails/*'       \
 --exclude '*.beagle*'          \
 --one-file-system "


eval $RSYNCCMD / "$TGT" && tgt1="ok"
 eval $RSYNCCMD /opt/ "$TGT"/opt && tgt2="ok"


 for i in `ls /home` ; do 
    if  grep -q $i /etc/passwd ;
     then # echo $i je uzivatel ;
       sudo -u $i $RSYNCCMD /home/$i/ "$TGT"/home/$i &&  tgt3="$tgt3 + $i ok" && echo zaloha $i provedena `date`
     else #echo $i neni ;
       eval $RSYNCCMD /home/$i/ "$TGT"/home/$i && tgt3="$tgt3 + $i ok" && echo zaloha $i provedena `date`
    fi ;
  done

ale proste v RSYNCCMD se --exclude=*/.gvfs   neprovede.


Resni 2:
(sysel 10.3. 2014)
 $RSYNCCMD --exclude='*/.gvfs'  / "$TGT" && STATUS1=OK


Nicmene,  RSYNCCMD je podle me definovan spatne.

========================

skript /root/rsync-zaloha.sh , kde v root jsou externi filesystemy namountovane /maiboxes a /data:

#!/bin/bash
LOCKF=/var/lock/rsync-zaloha.lock
TGT="sever.cz::modul"


# Create empty lock file if none exists
touch $LOCKF
# Read the content of the lockfile into a variable
read lastPID < $LOCKF
# If lastPID is not null and a process with that pid exists, exit the script
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && { echo 'Locked: Another process is running' ; exit 1; }
# Write the PID of the current running script to the lock file

echo $$ > $LOCKF
echo :::: `date` start ::::::::::::::::::::::::::::::::::::::::::::::::

OPTS="-aHx --delete"
EXCL=(--exclude '/tmp/' --exclude '/var/tmp/' --exclude '/mailboxes/' --exclude '/data/')

 echo `date`" rsync $OPTS "${EXCL[@]}" / ${TGT}/"
nice /usr/bin/rsync $OPTS "${EXCL[@]}" / ${TGT}/

 echo `date`" rsync $OPTS /mailboxes/ ${TGT}/mailboxes/"
nice /usr/bin/rsync $OPTS /mailboxes/ ${TGT}/mailboxes/

 echo `date`" rsync $OPTS /data/ ${TGT}/data/"
nice /usr/bin/rsync $OPTS /data/ ${TGT}/data/


rm -f $LOCKF
echo :::: `date` stop ::::::::::::::::::::::::::::::::::::::::::::::::


Vystavil v Žádné komentáře:

středa 16. dubna 2014

system-wide $PATH change (CentOS)

Thanks to this source.

create /etc/profile.d/custompath.sh with:

pathmunge () {
        eval dOPATH="\$${1}"
        if ! echo ${dOPATH} | /bin/egrep -q "(^|:)$2($|:)" ; then
           if [ "$3" = "after" ] ; then
              export ${1}=${dOPATH}:$2
           else
              export ${1}=$2:${dOPATH}
           fi
        fi
}
if [ "$LOGNAME" != "root" ]
then
  pathmunge PATH . # for those who like it
  pathmunge PATH /usr/local/texlive/2013/bin/x86_64-linux append
fi

remarks
  • custompath.sh does not need to be executable
  • definice of pathmunge has to be present, it does not propagate from /etc/profile
Vystavil v Žádné komentáře:
Štítky: , ,

sobota 5. dubna 2014

CentOS + Apache + Self signed ssl certificate

Various guides are available, e.g. a short one or an official HowTo. 

#Generate private key 
openssl genrsa -out ca.key 2048 

# Generate CSR 
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

Original version: this creates CA certificate (?)

yum install mod_ssl
 
mkdir -p /etc/httpd/ssl/ && cd /etc/httpd/ssl/
 
openssl req -x509 -nodes -days $((20*365)) -newkey rsa:2048 -keyout /etc/httpd/ssl/server.key -out /etc/httpd/ssl/server.crt 

Generating a 2048 bit RSA private key
..........................................+++
...........................................................+++
writing new private key to '/etc/httpd/ssl/server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:xx
State or Province Name (full name) []:City
Locality Name (eg, city) [Default City]:City
Organization Name (eg, company) [Default Company Ltd]:XYZ, Ltd.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:domain.name.org
Email Address []:my@emajl.com
The most important is to specify "Common name" as the fully qualified hostname (resovable by DNS), or, at least, IP address.
then add to:

vim /etc/httpd/conf.d/ssl.conf 

SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
To make SELinux happy, restore context:

restorecon -RvF /etc/httpd/ssl

Finally,

service httpd restart

and check your success:  
https://www.ssllabs.com/ssltest/
Vystavil v Žádné komentáře:
Štítky: , ,

pátek 4. dubna 2014

Centos autofs - automatic mount of samba share

A very useful feature. 

yum install autofs

vim /etc/auto.master
the only active (uncommented line) should be: 
/mnt/auto /etc/auto.samba --timeout=600 --ghost

create new file:
vim /etc/auto.samba
ID -fstype=cifs,username=USR,password=PSW,uid=NAME,gid=users ://server.xy/share

target mount will be:
/mnt/auto/ID
Vystavil v Žádné komentáře:
Štítky: , ,

non-standard SSL port for apache (on CentOs) and owncloud

The procedure is not limited to owncloud installation, of course.

Install SElinux tools: 

# yum install setools-gui setroubleshoot checkpolicy

check available (i.e. already allowed) http port 

# semanage port -l | grep http

http_port_t          tcp   80, 81, 443, 488, 8008, 8009, 8443, 9000

For custom ports, see RedHat docs. In short, the  correct command for port 12345 is

# semanage port -a -t http_port_t -p tcp 12345

then change port in conf.d/ssl.conf, or add a "virtual host: for owncoud:

vim /etc/httpd/conf.d/owncloud.conf:
 <Directory /var/www/html/owncloud>
  AllowOverride All
</Directory>

Listen 12345
and include the Virtual host part from the ssl.conf 
<VirtualHost *:12345>
DocumentRoot "/var/www/html/owncloud"

ErrorLog logs/ssl_oc_error_log
TransferLog logs/ssl_oc_access_log
LogLevel warn

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
CustomLog logs/ssl_oc_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Vystavil v Žádné komentáře:
Štítky: , , ,
Přihlásit se k odběru: Příspěvky (Atom)