Category: Howtos

Test if memcache is installed in php from bash line

Posted on by admin

php -i | grep -i memcache

Short and sweet
sample output :

memcache
memcache support => enabled
memcache.allow_failover => 1 => 1
memcache.chunk_size => 8192 => 8192
memcache.default_port => 11211 => 11211
memcache.default_timeout_ms => 1000 => 1000
memcache.hash_function => crc32 => crc32
memcache.hash_strategy => standard => standard
memcache.max_failover_attempts => 20 => 20
memcached
memcached support => enabled
libmemcached version => 0.50
Registered save handlers => files user memcache memcached

Njoy šŸ™‚

Using Expect to automate an scp filetransfer

Posted on by admin

Sometimes you know passwords but are not ion a position to use shared keys. Solution is using expect to pass the password from a script read or a comman line parameter.

** NOTE Passwords in command lines are a really bad idea since you can see them in the history / ps -ef so best is to read from stdio and pass as a parameter.

 

 

#!/usr/bin/expect
spawn scp [lindex $argv 0] root@192.168.8.117:/vmfs/volumes/datastore1/
######################
expect {
-re "Password:" {
exp_send "[lindex $argv 1]\r"
}
}
interact



        

        


	






    


        
		
ESXi 5.1 : Fixing ā€˜Failed to deploy OVF package: The task was canceled by a user.

        

            Posted on  by admin        

    


    
    

                

                        
Where I work, we love using OVA templates to speed up our deployment of virtual machines. I recently upgraded one of my servers to ESXi 5.1 (which also required an update to vSphere). ESXi 5.1 provides support for Windows 8 and Server 2012, which is incredibly useful. However, whilst building OVA templates for these operating systems, I stumbled across an issue.


I ran through the ā€˜New Virtual Machineā€™ wizard, selecting Windows 8 (or Server 2012), leaving all settings default. Installed my operating system, and made the required customisations, shutdown the machine and exported an OVA template through vSphere ā€“ excellent, how easy!


However, whilst trying to re-deploy the OVA to the ESXi 5.1 host, through the ā€˜Deploy OVA templateā€™ wizard, it failed immediately after completing the wizard (right before it shows the deployment progress bar). Now, I have a particular hate for misleading error messages, and this one seems to fall right in-to thatĀ category –


Failed to deploy OVF package: The task was canceled by a user.


How misleading. I, or any other user, certainly didnā€™t cancel the task. So what happened? I took a look through the (horrendous) hostd.log on the ESXi box and found absolutely nothing of any value.


Frustrated by the inability to redeploy a template I spent so long preparing, I broke open the OVA template and took a look inside. There were three files with different extensions,


    

  • .ovaĀ –Ā OVF descriptor, written in XML, which describes the hardware requirements
    • 

  • .mfĀ ā€“ contains SHA1 checksums of the .OVA and .VMDK
    • 

  • .vmdkĀ ā€“ the virtual hard disk for the virtual machine.
    • 



I immediately discarded (renaming to .mfx will do the trick) theĀ .mf. If you modify theĀ .ovaĀ and donā€™t update theĀ .mf, itā€™ll complain that the checksum is invalid. Removing this file seems to prevent vSphere from checking the checksums, which is useful, seeing as we want to poke around theĀ .ova. After fiddling around inside theĀ .ova, I stumbled across the following lineā€¦




<rasd:ResourceSubType>vmware.cdrom.iso</rasd:ResourceSubType>


Changing the above line, to readā€¦


<rasd:ResourceSubType>vmware.cdrom.atapi</rasd:ResourceSubType>


ā€¦appears to have fixed my deployment issues. Perhaps changing the ā€˜CD Drive Device typeā€™ in the virtual machineā€™s settings wouldā€™ve fixed it. But by that point, I had already exported the OVA and deleted the source virtual machine.


Hopefully someone will stumble across this one day, and itā€™ll save them a few hours!

        

        


	






    


        
		
SVN checkout fails to authenticate

        

            Posted on  by admin        

    


    
    

                

                        
When running:


svn checkout https://mysvn.mydomain.com:8443/svn/Linux/trunk/scripts/ –username *** –password ‘****’


I got :


WARNING: gnome-keyring:: couldn’t connect to: /tmp/keyring-fTq763/pkcs11: No such file or directory

Password for ‘default’ GNOME keyring: *****

svn: OPTIONS of ‘https://mysvn.mydomain.com:8443/svn/Linux/trunk/scripts’: authorization failed: Could not authenticate to server: rejected Basic challenge (mysvn.mydomain.com:8443)


Problem could be damaged keyring or wrong keyring password.


To fix quickly :


pkill keyring


re-run the checkout.


Voila ! you get a new keyring and the process works. Checkout goes through.


Njoy šŸ™‚


p.s.


As a desparate measure :


mv /usr/bin/mate-keyring-daemon /usr/bin/mate-keyring-daemon.rubbish

        

        


	






    


        
		
SSH through HTTP proxy

        

            Posted on  by admin        

    


    
    

                

                        


This article explains how to connect to a ssh server located on the internet from a local network protected by a firewall through a HTTPS proxy.


Requirement are :


    

  • 

    Your firewall has to allow HTTPS connections through a proxy
    

    • 

  • 

    You need to have root access to the server where ssh is listening
    

    • 





Configure the ssh server




The ssh daemon need to listen on 443 port. To accomplish this, just edit this file (on debian system)Ā /etc/ssh/sshd_configĀ and add this line :


Port 443


Then restart the daemon :


sudo /etc/init.d/ssh restart




Configure the client




I suppose you are on a Linux system (debian for example). First you have to compile theĀ connect binaryĀ which will help your ssh client to use proxies (HTTPS in our case). Then you have to configure your ssh client to tell him to use HTTPS proxy when he tries to connect to your ssh server.


    

  1. 

    Install theĀ connectĀ software :
    

      

    • 

      On debian system, just install theĀ connect-proxyĀ package :
      

      sudo apt-get install connect-proxy
      

      

      • 

    • 

      On other Linux systems, you have to compile it :
      

      cd /tmp/
wget http://www.meadowy.org/~gotoh/ssh/connect.c
gcc connect.c -o connect
sudo cp connect /usr/local/bin/ ; chmod +x /usr/local/bin/connect
      

      

      • 

    

    2. 

  2. 

    Configure your ssh client. Open or create yourĀ ~/.ssh/configĀ file and add these lines :
    

    ## Outside of the firewall, with HTTPS proxy
Host my-ssh-server-host.net
  ProxyCommand connect -H proxy.free.fr:3128 %h 443
## Inside the firewall (do not use proxy)
Host *
   ProxyCommand connect %h %p
    

    

    3. 

  3. 

    Then pray and test the connection :
    

    ssh my-ssh-server-host.net
    

    

    4. 





SSH to another server through the tunnel




For example to connect to in sshĀ github.comĀ :


Host github.com
  ProxyCommand=ssh my-ssh-server-host.net "/bin/nc -w1 %h %p"





        

        


	








    


        
		
List VMs in ESX 5.1

        

            Posted on  by admin        

    


    
    

                

                        
To get a description of all the vms on an ESX 5.1 box use the following:


~ # vim-cmd vmsvc/getallvms | grep vmx | awk '{ print $2 }'

        

        


	






    


        
		
Moving a machine from one VM or physical box to another

        

            Posted on  by admin        

    


    
    

                

                        
This is the simple case where all we have is one disk that needs cloning.


Assumptions for the following example


    

  1. Tools including backtrack distro available and permissible by company policy ( some c**ts get all agitated when sysadmins use a ‘knife’ to cut the ‘bread’ so be warned)
    2. 

  2. Networking in place for the transfer preferable pre-organized IPs, gatway , Ā DNS for resolving the updates like ssh etc.. , also verify the level of traffic your network guys are willing toĀ tolerateĀ for a long time this should be yourĀ –rate-limit value (remember this value is in Mega bytes so 9-10x the Megabit bandwidth.
    3. 

  3. Cloning one disk is enough for the volumes to move. Compex LVM / software raids and concats or stripes need further steps.
    4. 

  4. For the sake of example i assume this is a P2V but it’s just as good an approach in a V2V.
    5. 



 


Points to perform :


    

  1. Download / Burn Backtrack or Knoppix
    2. 

  2. Create a VM with large enough a disk and closely supported disk subsystem and NICs eg. SCSI and e1000
    3. 

  3. Boot the two machines e.g. physical (source) and VM (target) with BT
    4. 

  4. Enable ssh on both machines for a third person point of view even for monitoring the transfer
    5. 

  5. Connect to the receiving VM booting into the live CD.
    6. 

  6. Setup a screen session to avoid your disconnection from the session affecting the transit. Using screen -S transfer.
    7. 

  7. run nc -l -p 19000 | bzip2 -d | dd bs=16M of =/dev/sdaĀ  replacing the 19000 with the port you want to use and /dev/sda with the disk you want to clone.
    8. 

  8. Connect to the transmitting side.
    9. 

  9. Setup a screen session to avoid your disconnection from the session affecting the transit. UsingĀ screen -S transfer.
    10. 

  10. runĀ dd bs=16M if=/dev/sda | pv –rate-limit 1M | bzip2 -c | nc 192.168.1.24 19000
    
 replacing the ip with the ip of the listener Ā connected in point 5, and you can skip the rate limit thingy (–rate-limit 1M) if you want full throttle..
    11. 

  11. Once finished you can boot the target VM and reconfigure it as you please.
    12. 



 


An extra help might be connecting to the target box in a target session and run iftop to see the transfers.


Njoy.


 

        

        


	






    


        
		
MySQL: Grant **all** privileges on database

        

            Posted on  by admin        

    


    
    

                

                        
At mysql prompt as root user:


Ā GRANT ALL privileges ON *.* TO ‘user’@’machine.lan’ IDENTIFIED BY ‘password’ WITH GRANT OPTION;


Ā FLUSH PRIVILEGES;


 


That’s all

        

        


	






    


        
		
How to install MySQL on CentOS

        

            Posted on  by admin        

    


    
    

                

                        




Here are the steps of what you need to do in order to install and setup MySQL on a new server.


Weā€™ll prepare a fresh CentOS 6 system (64 bit) for use as a database server. All you need is access to an SSH client and your server root credentials.


 


Preparing the System


The first thing Iā€™d like to do is make sure I have all available updates. So once I log in I run


yum update


This can take some time so grab a coffee while you wait. Once yum has finished, letā€™s check if MySQL is already installed on your system:


mysql


If you get ā€œcommand not foundā€ then you know you need to install MySQL.


Installing MySQL and MySQL Server


MySQL consists of two parts: the client and the server. In order for our system to run the daemon which will process external requests we need both on our system. Hereā€™s how we get those:


yum install mysql mysql-server


This will take a minute or two. No need to restart your server, all you need to to is start MySQL with


service mysql start


and it will be available for use. Youā€™ll see the following message:


To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h yourdomain.com password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.Ā  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!


Securing the installation


Looks like we need to do two things: set a root password and secure the installation. You can do these steps manually, but MySQL is rather nice in that it provides a script which you can use to secure your installation. Note that this path may be different on your system:


/usr/bin/mysql_secure_installation


The script will ask you the following questions:


    

  • current root password (in our case itā€™s not set so hit enter)
    • 

  • remove anonymous users (say yes)
    • 

  • disallow remote login (in our case we want remote login active so we say no here, but if youā€™re using MySQL on a system which will not need this then say yes here)
    • 

  • remove test database and access to it (say yes)
    • 

  • reload all privieleges (say yes)
    • 



Now you can access MySQL with the following command:


mysql -p


Starting MySQL at boot time


You will likely need to make sure MySQL is running when you reboot the server, itā€™s cumbersome to start it manually every time you do that. This will take care of it:


chkconfig --levels 235 mysqld on


Weā€™re done ā€“ MySQL is now running on your server and yours to populate.


Have funĀ ;-)