Posts

Showing posts from May, 2013

Direct ssh to a server via proxy using putty/plink on Windows

Make sure seamless ssh keys are setup to your bastion server for your usernameNot covered hereSee: http://www.ualberta.ca/CNS/RESEARCH/LinuxClusters/pka-putty.htmlSession -> Host Name -> mytargetserver.mydomain.comConnection -> ProxyProxy Type -> LocalTelnet command, or local proxy command c:/program files (x86)/putty/plink.exe myproxy.mydomain.com -l myusername -agent -nc %host:%portadjust this path to plink.exe to match your local setuphint: install the complete putty install package, not just puttyTunnels  L8081 mytargetserver.mydomain.com:8081 Hint: always hit "Save", no matter what you do, or however inconvenient it was designed to be.

Taken: http://mikelococo.com/2008/01/multihop-ssh/

Show progress during dd copy

kill -USR1  <pid of dd>

In-memory page states and kscand

kscand taskperiodically sweeps through all the pages in memorynotes "last access time"was accessed?increments page's age counterwasn't accessed?decrements page's age counterage counter at zeromove page to inactive dirty state In-memory page states
freebegin in this statenot being usedavailable for allocation, i.e. made activeactiveallocatedactively in useinactive dirtyhas fallen into disusecandidate for removal from main memoryinactive launderedinterim statecontents are being moved to diskwhen disk I/O operation completemoved to the inactive clean stateif, during the disk operation, the page is accessedmoved back into the active stateinactive cleanlaundering succeeded, i.e. contents in sync with copy on diskmay be deallocatedoverwritten Taken: http://www.redhat.com/magazine/001nov04/features/vm/

LVM crypt disks on Linux/AWS

dd if=/dev/urandom of=/keys/xvdm.key bs=1024 count=4dd if=/dev/urandom of=/keys/xvdn.key bs=1024 count=4cryptsetup --verbose -y luksFormat /dev/xvdm /keys/xvdm.keycryptsetup --verbose -y luksFormat /dev/xvdn /keys/xvdn.keycryptsetup luksOpen /dev/xvdm cryptm --key-file /etc/xvdm.keycryptsetup luksOpen /dev/xvdn cryptn --key-file /etc/xvdn.keypvcreate /dev/mapper/cryptm /dev/mapper/cryptnAdd entries to /etc/crypttab for reboots and test somehowcryptm /dev/xvdm /etc/xvdm.key lukscryptn /dev/xvdn /etc/xvdn.key luks Complete LVM setup and add entries to /etc/fstab.
Hint: don't make one, single typo...ever.

Double looping with bash

Neat:
for ITEM in $(find /cassandra/data -type d -name snapshots)do for DIR in $(find ${ITEM} -maxdepth 1 -mindepth 1 -type d -mtime -1)do echo $ITEM $DIRdonedone

Confluence: Lock wait timeout exceeded; try restarting transaction

WARNING! Atlassian themselves recommend STRONGLY against this procedure. If any action, take the action that shows you which table is locking, DO NOT DELETE anything unless you are 100% confident you can reverse your deletions. DO NOT DELETE, DO NOT DELETE!

Seeing this?

2013-05-14 16:39:55,581 ERROR [QuartzScheduler_Worker-1] [sf.hibernate.util.JDBCExceptionReporter] logExceptions Lock wait timeout exceeded; try restarting transaction
2013-05-14 16:39:55,581 ERROR [QuartzScheduler_Worker-1] [sf.hibernate.impl.SessionImpl] execute Could not synchronize database state with session


The first is actually reported from MySQL itself, the second from Hibernate, which wraps databases for Java apps.


If you are desperate, try deleting all rows from mysql's crowd.cwd_membership table after backing it up, worked for me, syncs started working again in under 16ms.
mysqldump crowd | bzip2 -c > /mnt/dump_crowd_`date +%Y%m%d`.sql.bz2mysql crowd -e 'delete from cwd_membership' If that doe…

Put stuff on your Nexus 4

apt-get install gmtpMake sure your "Storage" is in MTP mode P.S. Or, if you have access to a Mac: "Android File Transfer"

Check if a UDP port is open through a firewall

nmap -sU -p4569 remotehost

EC2 server to VPC private instance via VPC NAT instance

iptables -t nat -A PREROUTING -s 23.23.23.23/32 -d 10.0.0.254/32 -i eth0 -p tcp -m tcp --sport 1024:65535 --dport 3306 -j DNAT --to-destination 10.0.12.10:330623.23.23.23 is your external server's public IP address10.0.0.254 is your VPC NAT instance's IP address in the public subnet10.0.12.10 is the VPC IP address of your server in a private subnet3306 is the port your service is listening on

ec2-create-image: attached EBS volumes are snapshot and mapped

"ec2-create-image does snapshot the attached EBS volumes and add a block device mapping for those snapshots in the created AMI"
Taken: https://forums.aws.amazon.com/message.jspa?messageID=211674

Nicer settings for cssh: terminal_font, terminal_size, terminal_args

.clusterssh/config

terminal_font=5x8terminal_size=140x48terminal_args=-fg greenauto_close=1

Slow SSH: one possible solution, set "useDNS" to "no"

In sshd_config on the targer server, set "useDNS" to "no", and restart sshd Details: http://www.turnkeylinux.org/blog/slow-ssh

mysqldump between two servers over ssh

set up ssh keys so server1 user can ssh to a server2set $HOME/.my.cnf so both users can get into respective mysql cli without passwordssee below for sample filecreate the new, empty database on server2, receiving serverfrom server1mysqldump mydatabase | ssh server2 mysql mydatabase Taken: http://www.cyberciti.biz/tips/howto-copy-mysql-database-remote-server.html
# $HOME/.my.cnf [client] password=myusersmysqlpassword

Openfire: use your 3rd-party, signed SSL cert

PLEASE LET ME KNOW IF YOU HAVE FIXES FOR THIS WITH LATEST VERSIONS
default keytool password is "changeit"use it for all password promptsworks 99%if it doesn't work, ask around, poke aroundGet keytool command in your PATHUse Openfire's web interface to "generate self-signed certificates"NOTE: "import a signed certificate and its private key"brokensays certs were loaded in green, but shows no result in "Server Certificates" listwhole reason for this postfind existing keystores on your chat servernice updatedblocate keystorelocate truststorehere, we'll assume /opt/openfire/resources/securitylist the "domain" Openfire used for the "generate self-signed certificates" action abovekeytool -list -v -keystore /opt/openfire/resources/security/keystore | grep rsae.g.: Alias name: my.domain.com_rsaremember this for a later stepload your CAs root cert into the truststorefirst, see if it is therekeytool -list -v -keystore /opt…