2017-07-20

/usr/bin/which: no qaucli

One of my colleague from Backup team requested to check why our media servers don't have the utility qaucli installed.  So I did some research and found out how to install it.

Source download:  http://driverdownloads.qlogic.com/ and choose the QConvergeConsole CLI for Linux under Management Tools.  And how I am able to get the information, I just did the following:

I went to one of our media servers who has this utility installed.

# qaucli -v
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /root
QConvergeConsole
CLI - Version 1.1.4 (Build 65)
Copyright (C) 2015 QLogic Corporation
Build Type: Release
Build Date: Sep 23 2015 12:47:50 
# which qaucli
/usr/local/bin/qaucli 
# yum whatprovides '*qaucli*'
Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager
This system is receiving updates from RHN Classic or RHN Satellite.
rhel-x86_64-server-6                                                                                                                     | 1.8 kB     00:00  
https://mirrors.dotsrc.org/fedora-epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
http://mirror.vutbr.cz/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Trying other mirror.
http://mirror.nl.leaseweb.net/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Trying other mirror.
https://anorien.csc.warwick.ac.uk/mirrors/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
https://mirrors.nic.cz/epel/6/x86_64/repodata/79e4f94bc0037f2dce184b518b08157c11cf3e1f7f1d48be9ee355dbbe55917f-filelists.sqlite.bz2: [Errno 14] Peer cert cannot be verified or peer cert invalid
Trying other mirror.
epel/filelists_db                                                                                                                        | 7.7 MB     00:03  
rhel-x86_64-server-6/filelists                                                                                                           |  33 MB     00:04  
QConvergeConsoleCLI-1.1.04-65.x86_64 : QConvergeConsole Command Line Interface
Repo        : installed
Matched from:
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli_contents.dat
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/libiscsi-qaucli-preun.sh
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/libiscsi-qaucli-post.sh
Filename    : /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli

So that's how I figured it out.  So I simply downloaded it (can't do it directly as there's an agreement box so I just copied over from my Windows machine to our NFS server).  Three media servers don't have this utility so I installed them as well via SSH thru for-do loop (of course I ensured that I can logon to these servers using my SSH keys to skip the password prompt).

$ for i in koios leto zefyr; do ssh -q $i.bck.corp.nnit.org -t "hostname; sudo yum install /depot/linux/sw_store/drivers_utils/utils/qlogic/QConvergeConsoleCLI-2.1.00-11.x86_64.rpm -y"; done

And to verify that it's working, I tried running the tool.

$ for i in dione koios leto zefyr; do ssh -q $i.bck.corp.nnit.org -t "sudo qaucli -iport"; echo -e "***********\r\n"; done                  
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106E Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FC-CD
               WWPN: 51-40-2E-C0-00-F3-FC-CC
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FC-CF
               WWPN: 51-40-2E-C0-00-F3-FC-CE
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106T Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-85
               WWPN: 51-40-2E-C0-00-F3-57-84
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-87
               WWPN: 51-40-2E-C0-00-F3-57-86
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717102M Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FA-D9
               WWPN: 51-40-2E-C0-00-F3-FA-D8
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FA-DB
               WWPN: 51-40-2E-C0-00-F3-FA-DA
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717102X Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-FA-FD
               WWPN: 51-40-2E-C0-00-F3-FA-FC
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-FA-FF
               WWPN: 51-40-2E-C0-00-F3-FA-FE
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106U Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-89
               WWPN: 51-40-2E-C0-00-F3-57-88
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-8B
               WWPN: 51-40-2E-C0-00-F3-57-8A
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C9717106V Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-57-8D
               WWPN: 51-40-2E-C0-00-F3-57-8C
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-57-8F
               WWPN: 51-40-2E-C0-00-F3-57-8E
***********
Using config file: /opt/QLogic_Corporation/QConvergeConsoleCLI/qaucli.cfg
Installation directory: /opt/QLogic_Corporation/QConvergeConsoleCLI
Working dir: /home/mmond


 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C971710MW Model: SN1000Q Chip Revision: B0 Alias:
      1. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-5F-4D
               WWPN: 51-40-2E-C0-00-F3-5F-4C
      2. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-5F-4F
               WWPN: 51-40-2E-C0-00-F3-5F-4E
 ---------------------------------------------------------------------------------------
 Adapter Serial Number: 8C971710N0 Model: SN1000Q Chip Revision: B0 Alias:
      3. Port: Protocol: FCoE
               Physical Port: 1 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 0
               WWNN: 51-40-2E-C0-00-F3-5F-5D
               WWPN: 51-40-2E-C0-00-F3-5F-5C
      4. Port: Protocol: FCoE
               Physical Port: 2 ISP: 27 Port Alias:
               Physical MAC: 00-00-00-00-00-00
               Vendor ID: 103c SubVendor ID: 103c Device ID: 2031 SubDevice ID: 17e8
               Function ID: 1
               WWNN: 51-40-2E-C0-00-F3-5F-5F
               WWPN: 51-40-2E-C0-00-F3-5F-5E
***********


Using NetBackup's BPRESTORE command for File Restoration

Got a request today to restore files on /opt/oracle/diag/rdbms/pasx06p/PASX06P/trace and placing them to /data/ora_fra01/diag and since I am a bit lazy and lots of work to do, I did not do it on the GUI.

I used this reference as guide: How to run bprestore

On the destination server I prepared the following files (I am doing the restore on same source and target machine).

$ cat restorefiles.in
change /opt/oracle/diag/rdbms/pasx06p/PASX06P/trace/* to /data/ora_fra01/diag

$ cat filelist.in
/opt/oracle/diag/rdbms/pasx06p/PASX06P/trace

$ sudo /usr/openv/netbackup/bin/bprestore -s 05/19/2017 00:00:00 -e 05/27/2017 00:00:00 -L /tmp/restore-170719.log -R /tmp/restorefiles.in -f /tmp/filelist.in 

Now I am checking on the NetBackup Master Server the status of the job.

# bpdbjobs | grep uxmach01 | head -1
232661         Backup  Done      0                       BRMC_ORACLE_ARCHIVE_SILVER    pasx06tp_archive      uxmach01.np.lan       nbubkmast01      28589      No        

Done!  Files have been restored.

$ ls -l /data/ora_fra01/diag | wc -l
1076


2017-07-17

Connecting to PostgreSQL via command line

Got an alarm that this server has high CPU and memory usage.  So I am posting this as it's been quite a while since I used PostgreSQL.

$ cat /etc/redhat-release; uname -r
Red Hat Enterprise Linux Server release 5.7 (Tikanga)
2.6.18-274.12.1.el5

$ free -g | awk '/Mem:/ {print "Physical Memory: " $2 "GB."} /cache:/ {print "Resident: " $3 "GB."}'
Physical Memory: 15GB.
Resident: 4GB.

# su - postgres
-bash-3.2$ psql
Welcome to psql 8.2.13, the PostgreSQL interactive terminal.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

postgres=# \list
        List of databases
   Name    |  Owner   | Encoding
-----------+----------+-----------
 dmon2     | postgres | SQL_ASCII
 postgres  | postgres | SQL_ASCII
 template0 | postgres | SQL_ASCII
 template1 | postgres | SQL_ASCII
(4 rows)

postgres=# \connect postgres
You are now connected to database "postgres".

postgres-# \dt *.
                        List of relations
       Schema       |          Name           | Type  |  Owner
--------------------+-------------------------+-------+----------
 information_schema | sql_features            | table | postgres
 information_schema | sql_implementation_info | table | postgres
 information_schema | sql_languages           | table | postgres
 information_schema | sql_packages            | table | postgres
 information_schema | sql_parts               | table | postgres
 information_schema | sql_sizing              | table | postgres
 information_schema | sql_sizing_profiles     | table | postgres
(7 rows)

postgres=# SELECT procpid, datname, usename, query_start, current_query FROM pg_stat_activity ORDER BY backend_start DESC;
 procpid | datname  | usename  |          query_start          |                                                  current_query                                                
---------+----------+----------+-------------------------------+-----------------------------------------------------------------------------------------------------------------
   18523 | postgres | postgres | 2017-07-17 11:32:50.468531+02 | SELECT procpid, datname, usename, query_start, current_query FROM pg_stat_activity ORDER BY backend_start DESC;
   26119 | dmon2    | postgres | 2017-07-17 11:31:28.19822+02  | <IDLE>
   29143 | dmon2    | postgres | 2017-07-17 11:32:38.642829+02 | <IDLE>
    3436 | dmon2    | postgres | 2017-05-07 14:40:08.272183+02 | <IDLE>
   11059 | dmon2    | postgres | 2017-07-17 11:32:45.481078+02 | <IDLE>
   11006 | dmon2    | postgres | 2017-07-17 11:31:17.727868+02 | <IDLE>
   10977 | dmon2    | postgres | 2017-07-17 11:31:24.22136+02  | <IDLE>
   10974 | dmon2    | postgres | 2017-07-17 11:30:54.889548+02 | <IDLE>
   10966 | dmon2    | postgres | 2017-07-17 11:32:49.523143+02 | <IDLE>
   10963 | dmon2    | postgres | 2017-07-17 11:32:47.432331+02 | <IDLE>
   10960 | dmon2    | postgres | 2017-07-17 11:31:57.597219+02 | <IDLE>
   10957 | dmon2    | postgres | 2017-07-17 11:32:50.064883+02 | SELECT *, to_unixtime(schedtime) as uschedtime FROM v_rt_backend_checkqueue ORDER BY random()+1 LIMIT 300 ;
(12 rows)

postgres-# \q

Checking max_connections and shared_buffers seems fine.  And the kernel.shmmax seems OK too.

$ sudo cat /etc/sysctl.conf | grep shmmax
kernel.shmmax = 68719476736

$ sudo cat /var/lib/pgsql/data/postgresql.conf | egrep -i 'max_connections|shared_buffers' | grep -v '^#'
max_connections = 100                   # (change requires restart)
shared_buffers = 512MB                  # min 128kB or max_connections*16kB

Funny thing was, after I increased the /opt and /data3, seems that processes for postmaster went down.

$ sudo top -b -n 1 | head -n 24
top - 13:12:36 up 81 days, 22:23,  2 users,  load average: 1.54, 1.27, 1.23
Tasks: 250 total,   1 running, 249 sleeping,   0 stopped,   0 zombie
Cpu(s): 21.9%us,  4.0%sy,  0.0%ni, 72.1%id,  1.6%wa,  0.1%hi,  0.4%si,  0.0%st
Mem:  16436100k total, 16297896k used,   138204k free,  1285472k buffers
Swap: 12582904k total,      124k used, 12582780k free, 10205132k cached
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                          
11910 root      15   0 54636  14m 1884 S 10.9  0.1   3812:57 isdn30                                                                                          
11052 root      15   0 72076  16m 2560 S  3.6  0.1   9547:11 ciscoenv                                                                                        
10954 root      15   0 69496  32m 1248 S  1.8  0.2   6168:40 checkd                                                                                          
11050 root      15   0  102m  42m 2756 S  1.8  0.3   2456:42 cisconx-env                                                                                      
22844 root      15   0 31676 3336 1980 R  1.8  0.0   0:00.06 top                                                                                              
    1 root      15   0 10368  692  580 S  0.0  0.0   0:02.19 init                                                                                            
    2 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/0                                                                                      
    3 root      34  19     0    0    0 S  0.0  0.0   0:09.30 ksoftirqd/0                                                                                      
    4 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/1                                                                                      
    5 root      34  19     0    0    0 S  0.0  0.0   0:00.20 ksoftirqd/1                                                                                      
    6 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/2                                                                                      
    7 root      34  19     0    0    0 S  0.0  0.0   0:00.20 ksoftirqd/2                                                                                      
    8 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/3                                                                                      
    9 root      34  19     0    0    0 S  0.0  0.0   0:00.19 ksoftirqd/3                                                                                      
   10 root      10  -5     0    0    0 S  0.0  0.0   0:01.57 events/0                                                                                        
   11 root      10  -5     0    0    0 S  0.0  0.0   0:00.26 events/1                                                                                        
   12 root      10  -5     0    0    0 S  0.0  0.0   0:00.24 events/2

2017-07-14

Scheduling a user's job using command 'at'

I just thought of creating a schedule job using the Linux command 'at'.  Here's what I did.

$ at -t 1707141900
at> sudo yum install kernel-2.6.32-642.13.2.el6 kernel-devel-2.6.32-642.13.2.el6 kernel-headers-2.6.32-642.13.2.el6 kernel-firmware-2.6.32-642.13.2.el6 redhat-release-server-6Server-6.8*.el6 -y
at> sudo yum -x kernel*,redhat-release* update -y --nogpgcheck
at> sudo reboot
at> <EOT>
job 2 at 2017-07-14 19:00

$ atq
2       2017-07-14 19:00 a mmond

There have been some instances that you want to run the job on a different schedule, so it's in man pages and lots of examples from the web. But below are the ones I used which are pretty much straight-forward.

at 7 pm Tuesday
at now +5 minutes

Now I played around and see if I can patch the test server and reboot it afterwards.  And to display the content of my job id #2, I use "at -c 2".

$ at -c 2
#!/bin/sh
# atrun uid=8811 gid=804
# mail mmond 0
umask 22
HOSTNAME=dksvrlog01.a.globalhosting.net; export HOSTNAME
SHELL=/usr/bin/ksh; export SHELL
HISTSIZE=1000; export HISTSIZE
SSH_CLIENT=10.16.120.18\ 11986\ 22; export SSH_CLIENT
QTDIR=/usr/lib64/qt-3.3; export QTDIR
QTINC=/usr/lib64/qt-3.3/include; export QTINC
SSH_TTY=/dev/pts/1; export SSH_TTY
USER=mmond; export USER
LS_COLORS=rs=0:di=01\;34:ln=01\;36:mh=00:pi=40\;33:so=01\;35:do=01\;35:bd=40\;33\;01:cd=40\;33\;01:or=40\;31\;01:mi=01\;05\;37\;41:su=37\;41:sg=30\;43:ca=30\;41:tw=30\;42:ow=34\;42:st=37\;44:ex=01\;32:\*.tar=01\;31:\*.tgz=01\;31:\*.arj=01\;31:\*.taz=01\;31:\*.lzh=01\;31:\*.lzma=01\;31:\*.tlz=01\;31:\*.txz=01\;31:\*.zip=01\;31:\*.z=01\;31:\*.Z=01\;31:\*.dz=01\;31:\*.gz=01\;31:\*.lz=01\;31:\*.xz=01\;31:\*.bz2=01\;31:\*.tbz=01\;31:\*.tbz2=01\;31:\*.bz=01\;31:\*.tz=01\;31:\*.deb=01\;31:\*.rpm=01\;31:\*.jar=01\;31:\*.rar=01\;31:\*.ace=01\;31:\*.zoo=01\;31:\*.cpio=01\;31:\*.7z=01\;31:\*.rz=01\;31:\*.jpg=01\;35:\*.jpeg=01\;35:\*.gif=01\;35:\*.bmp=01\;35:\*.pbm=01\;35:\*.pgm=01\;35:\*.ppm=01\;35:\*.tga=01\;35:\*.xbm=01\;35:\*.xpm=01\;35:\*.tif=01\;35:\*.tiff=01\;35:\*.png=01\;35:\*.svg=01\;35:\*.svgz=01\;35:\*.mng=01\;35:\*.pcx=01\;35:\*.mov=01\;35:\*.mpg=01\;35:\*.mpeg=01\;35:\*.m2v=01\;35:\*.mkv=01\;35:\*.ogm=01\;35:\*.mp4=01\;35:\*.m4v=01\;35:\*.mp4v=01\;35:\*.vob=01\;35:\*.qt=01\;35:\*.nuv=01\;35:\*.wmv=01\;35:\*.asf=01\;35:\*.rm=01\;35:\*.rmvb=01\;35:\*.flc=01\;35:\*.avi=01\;35:\*.fli=01\;35:\*.flv=01\;35:\*.gl=01\;35:\*.dl=01\;35:\*.xcf=01\;35:\*.xwd=01\;35:\*.yuv=01\;35:\*.cgm=01\;35:\*.emf=01\;35:\*.axv=01\;35:\*.anx=01\;35:\*.ogv=01\;35:\*.ogx=01\;35:\*.aac=01\;36:\*.au=01\;36:\*.flac=01\;36:\*.mid=01\;36:\*.midi=01\;36:\*.mka=01\;36:\*.mp3=01\;36:\*.mpc=01\;36:\*.ogg=01\;36:\*.ra=01\;36:\*.wav=01\;36:\*.axa=01\;36:\*.oga=01\;36:\*.spx=01\;36:\*.xspf=01\;36:; export LS_COLORS
A__z=\"\*SHLVL; export A__z
PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin; export PATH
MAIL=/var/spool/mail/mmond; export MAIL
PWD=/home/mmond; export PWD
LANG=en_US.UTF-8; export LANG
MODULEPATH=/usr/share/Modules/modulefiles:/etc/modulefiles; export MODULEPATH
LOADEDMODULES=; export LOADEDMODULES
HISTCONTROL=ignoredups; export HISTCONTROL
SHLVL=2; export SHLVL
HOME=/home/mmond; export HOME
LOGNAME=mmond; export LOGNAME
QTLIB=/usr/lib64/qt-3.3/lib; export QTLIB
CVS_RSH=ssh; export CVS_RSH
SSH_CONNECTION=10.16.120.18\ 11986\ 10.225.34.32\ 22; export SSH_CONNECTION
MODULESHOME=/usr/share/Modules; export MODULESHOME
LESSOPEN=\|\|/usr/bin/lesspipe.sh\ %s; export LESSOPEN
G_BROKEN_FILENAMES=1; export G_BROKEN_FILENAMES
cd /home/mmond || {
         echo 'Execution directory inaccessible' >&2
         exit 1
}
${SHELL:-/bin/sh} << 'marcinDELIMITER48cb17a0'
sudo yum install kernel-2.6.32-642.13.2.el6 kernel-devel-2.6.32-642.13.2.el6 kernel-headers-2.6.32-642.13.2.el6 kernel-firmware-2.6.32-642.13.2.el6 redhat-release-server-6Server-6.8*.el6 -y
sudo yum -x kernel*,redhat-release* update -y --nogpgcheck
sudo reboot
marcinDELIMITER48cb17a0


And I received a mail stating each commands executed.  Awesome!

2017-07-13

Problem moving (and copying) files with wildcard

Today I was approached by my colleague to help him rename files that have a starting character of hyphen "-".  I tried double quotes and single quote but it is not working.  Odd that I haven't encountered this for my last 3 years in Unix/Linux.

mv: invalid option -- 2
Try `mv --help' for more information.

Good thing I have searched around and find about the use of "./".  So I am posting it here.

# ls
-13:36:37.tgz  -13:36:56.tgz  -13:37:02.tgz
-13:36:53.tgz  -13:36:59.tgz  -13:37:05.tgz

Files have been generated via script, I just wonder what went wrong with that.  So I needed to rename it with hostname as its prefix.

# ls | while read i; do echo $i; mv ./$i `hostname`-`date +%Y%j%N`.tar.gz; done; ls -l
-13:36:37.tgz
-13:36:53.tgz
-13:36:56.tgz
-13:36:59.tgz
-13:37:02.tgz
-13:37:05.tgz
total 312
-rw-r--r-- 1 root root 17988 Jul 13 13:30 bucmes001.global.hosting.net-2017194000141000.tar.gz
-rw-r--r-- 1 root root 55112 Jul 13 13:30 bucmes001.global.hosting.net-2017194002990000.tar.gz
-rw-r--r-- 1 root root 59228 Jul 13 13:30 bucmes001.global.hosting.net-2017194005274000.tar.gz
-rw-r--r-- 1 root root 58821 Jul 13 13:30 bucmes001.global.hosting.net-2017194007552000.tar.gz
-rw-r--r-- 1 root root 59889 Jul 13 13:30 bucmes001.global.hosting.net-2017194010266000.tar.gz
-rw-r--r-- 1 root root 38151 Jul 13 13:30 bucmes001.global.hosting.net-2017194996296000.tar.gz

So everything works now!

2017-07-07

Using sshpass and ssh-copy-id

I am about to do some little automation on getting information for 200+ Linux servers (and few Solaris boxes too), basically checking if the server has Samba installed and if it is vulnerable to CVE-2017-7494 so I used the script I got.  But of course this can be easily done with any vulnerability scanner like Qualys or Rapid7 (this article seems cool as Metasploit module has been released since 25th of May).

  • Most servers are authenticated via LDAP.
  • Few servers are restricted to country where I reside, and it seems to have a local account only (so I need to manually keep track on them).
  • I will use SSH for key-less login.

mmond@nx05[42]:~> ls -l ~/.ssh/
total 280
-rw------- 1 mmond domain users    407 Jan 30 10:01 authorized_keys
-r-------- 1 mmond domain users     25 Jul  6 23:33 config
-rwx------ 1 mmond domain users   1679 Jan 12 09:48 id_rsa
-rwx------ 1 mmond domain users    407 Jan 12 09:48 id_rsa.pub
-rwx------ 1 mmond domain users 269770 Jul  6 23:37 known_hosts
mmond@nx05[42]:~> chmod 0400 ~/.ssh/id_rsa*
mmond@nx05[42]:~> ls -l ~/.ssh/id_rsa.pub
-r-------- 1 mzmo domain users 407 Jan 12 09:48 /home/AD/mmond/.ssh/id_rsa.pub
mmond@nx05[42]:~> echo "$Jr80UizAC3" > Notes/cust/net/mit_pwd
mmond@nx05[42]:~> chmod 0400 Notes/cust/net/mit_pwd
mmond@nx05[42]:~> for i in $(cat Notes/cust/net/servers.list); do sshpass -f Notes/cust/net/mit_pwd ssh-copy-id -i /home/ADNOC/mmond/.ssh/id_rsa.pub -o StrictHostKeyChecking=no nnit-mmond@$i; done
....
....
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh -o 'StrictHostKeyChecking=no' 'nnit-mmond@taipei.net.hosted-global.local'"
and check to make sure that only the key(s) you wanted were added.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
mmond@nx05[42]:~> rm -rf Notes/cust/net/mit_pwd

All set. =)  I have removed my password since I won't be needing it.  So now, I will check if these Solaris boxes have Samba installed using the svcs command.  But I hope I can come up with another approach.

mmond@nx05[42]:~> for i in $(cat Notes/cust/net/temp.out)
> do
> ssh -q nnit-mmond@$i -t 'hostname; if (("$(sudo svcs | grep -i samba | wc -l)" <= 0)) ; then echo "Samba is not installed"; fi';
> done  

And from the above, all Solaris boxes do not have Samba installed which is good!

In addition, Oracle Support supplemented me with the following information (and they are  not providing any vulnerability script check just as what I got from Red hat):

Doc ID 1448883.1 (asks for Oracle login credentials) lists the fixes for this and other security alerts.

In short, in Solaris 11.3 the fix has been incorporated into sru20.6, so if you are running an sru with a higher(or equal to)  number than that you have our fix for the issue.

For Solaris 10, the following patches are available

sparc: 119757-40
x86: 119758-40

We will not be supplying a script to test for vulnerability.