Link to download IBM DS4000 Storage Manager:
To download page
nuffnang
Wednesday, 3 August 2011
Thursday, 28 July 2011
openSuSe 11.3 to 11.4 distribution upgrade
First you need to upgrade all distribution update on 11.3 :
linux-kvyv:~ # zypper ref
Repository 'openSUSE-11.3 Non-OSS' is up to date.
Retrieving repository 'openSUSE-11.3 OSS' metadata [done]
Building repository 'openSUSE-11.3 OSS' cache [done]
Retrieving repository 'openSUSE-11.3 Updates' metadata [done]
Building repository 'openSUSE-11.3 Updates' cache [done]
then update :
linux-kvyv:~ # zypper dup
then disable 11.3 repos:
linux-kvyv:~ #zypper modifyrepo --all --disable
insert new 11.4 repos in zypper repos:
linux-kvyv:~ # cat /etc/SuSE-release
openSUSE 11.4 (i586)
VERSION = 11.4
Enjoy SuSe 11.4
linux-kvyv:~ # zypper ref
Repository 'openSUSE-11.3 Non-OSS' is up to date.
Retrieving repository 'openSUSE-11.3 OSS' metadata [done]
Building repository 'openSUSE-11.3 OSS' cache [done]
Retrieving repository 'openSUSE-11.3 Updates' metadata [done]
Building repository 'openSUSE-11.3 Updates' cache [done]
then update :
linux-kvyv:~ # zypper dup
then disable 11.3 repos:
linux-kvyv:~ #zypper modifyrepo --all --disable
insert new 11.4 repos in zypper repos:
linux-kvyv:~ #zypper addrepo --name "openSUSE-11.4 OSS" http://download.opensuse.org/distribution/11.4/repo/oss/ repo-11.4-oss
linux-kvyv:~ #zypper addrepo --name "openSUSE-11.4 Non-OSS" http://download.opensuse.org/distribution/11.4/repo/non-oss/ repo-11.4-non-oss
linux-kvyv:~ #zypper addrepo --refresh --name "openSUSE-11.4 Updates" http://download.opensuse.org/update/11.4/ repo-11.4-update
then update zypper repos metadata;
linux-kvyv:~ #zypper ref
after refreshing finished, do the upgrade:
linux-kvyv:~ #zypper dup
after upgrading completed check distribution version :
openSUSE 11.4 (i586)
VERSION = 11.4
Enjoy SuSe 11.4
OpenSuSe 11.3 slow connection
Recently, i have issues with connection to the internet using openSuSe 11.3. Connection are difficult to established to the server and very slow. Even pinging will take some time to resolve name to IP. What happened is in /etc/resolve.conf there is nameserver that inactive anymore, so it try to connect to unavailable nameserver. What i have is just put comment mark # to disable the unavailable nameserver.
Saturday, 4 June 2011
Jboss Application server simple tutorial
This tutorial on linux machine:
First you`ll need Java JDK.
You can found JDK installation at below link.
Java JDK
if using binary just run ./java_SDK_version.bin installation directory depends on your current working directory.
Next you need to define JDK path in your linux profile.
Simply add below line at linux profile.
JAVA_HOME=/"path of you installation directory"
export JAVA_HOME
save this setting.
reactivate your profile by:
[root@localhost]etc# . ./profile
test the configuration by type "echo JAVA_HOME" without quotes, this should return same as your configuration inside profile.
Next we came to Jboss.
You can found Jboss at jboss which latest version is Jboss AS 7.
After finished download transfer your jboss to any preferred directory in your linux machine( can use ftp or etc to transfer files).
Try to run Jboss after finished transferring:
you can find bootstrap at /jboss_version/bin/startup.sh
you can check log at /jboss_version/server/default/log/server.log
this server.log refresh after each restart for that particular day.
try to connect from your browser localhost should return jboss console page. if not successfull try localhost:8080.
Happy jbossing.....
First you`ll need Java JDK.
You can found JDK installation at below link.
Java JDK
if using binary just run ./java_SDK_version.bin installation directory depends on your current working directory.
Next you need to define JDK path in your linux profile.
Simply add below line at linux profile.
JAVA_HOME=/"path of you installation directory"
export JAVA_HOME
save this setting.
reactivate your profile by:
[root@localhost]etc# . ./profile
test the configuration by type "echo JAVA_HOME" without quotes, this should return same as your configuration inside profile.
Next we came to Jboss.
You can found Jboss at jboss which latest version is Jboss AS 7.
After finished download transfer your jboss to any preferred directory in your linux machine( can use ftp or etc to transfer files).
Try to run Jboss after finished transferring:
you can find bootstrap at /jboss_version/bin/startup.sh
you can check log at /jboss_version/server/default/log/server.log
this server.log refresh after each restart for that particular day.
try to connect from your browser localhost should return jboss console page. if not successfull try localhost:8080.
Happy jbossing.....
How to check services running in RHEL
from command line console you can type:
[root@localhost ]# service --status-all
this will list all services in init.d status....
[root@localhost ]# service --status-all
this will list all services in init.d status....
Friday, 27 May 2011
Red Hat Package Manager (RPM)
Credit to about.com
NAME
rpm - RPM Package ManagerSYNOPSIS
QUERYING AND VERIFYING PACKAGES:
rpm {-q|--query} [select-options] [query-options]
rpm {-V|--verify} [select-options] [verify-options]
rpm --import PUBKEY ...
rpm {-K|--checksig} [--nosignature] [--nodigest]
PACKAGE_FILE ...
INSTALLING, UPGRADING, AND REMOVING PACKAGES:
rpm {-i|--install} [install-options] PACKAGE_FILE ...
rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...
rpm {-F|--freshen} [install-options] PACKAGE_FILE ...
rpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts]
[--notriggers] [--repackage] [--test] PACKAGE_NAME ...
MISCELLANEOUS:
rpm {--initdb|--rebuilddb}
rpm {--addsign|--resign} PACKAGE_FILE ...
rpm {--querytags|--showrc}
rpm {--setperms|--setugids} PACKAGE_NAME ...
select-options
[PACKAGE_NAME] [-a,--all] [-f,--file FILE]
[-g,--group GROUP] {-p,--package PACKAGE_FILE]
[--fileid MD5] [--hdrid SHA1] [--pkgid MD5] [--tid TID]
[--querybynumber HDRNUM] [--triggeredby PACKAGE_NAME]
[--whatprovides CAPABILITY] [--whatrequires CAPABILITY]
query-options
[--changelog] [-c,--configfiles] [-d,--docfiles] [--dump]
[--filesbypkg] [-i,--info] [--last] [-l,--list]
[--provides] [--qf,--queryformat QUERYFMT]
[-R,--requires] [--scripts] [-s,--state]
[--triggers,--triggerscripts]
verify-options
[--nodeps] [--nofiles] [--noscripts]
[--nodigest] [--nosignature]
[--nolinkto] [--nomd5] [--nosize] [--nouser]
[--nogroup] [--nomtime] [--nomode] [--nordev]
install-options
[--aid] [--allfiles] [--badreloc] [--excludepath OLDPATH]
[--excludedocs] [--force] [-h,--hash]
[--ignoresize] [--ignorearch] [--ignoreos]
[--includedocs] [--justdb] [--nodeps]
[--nodigest] [--nosignature] [--nosuggest]
[--noorder] [--noscripts] [--notriggers]
[--oldpackage] [--percent] [--prefix NEWPATH]
[--relocate OLDPATH=NEWPATH]
[--repackage] [--replacefiles] [--replacepkgs]
[--test]
DESCRIPTION
rpm is a powerful Package Manager, which can be used to build, install, query, verify, update, and erase individual software packages. A package consists of an archive of files and meta-data used to install and erase the archive files. The meta-data includes helper scripts, file attributes, and descriptive information about the package. Packages come in two varieties: binary packages, used to encapsulate software to be installed, and source packages, containing the source code and recipe necessary to produce binary packages.One of the following basic modes must be selected: Query, Verify, Signature Check, Install/Upgrade/Freshen, Uninstall, Initialize Database, Rebuild Database, Resign, Add Signature, Set Owners/Groups, Show Querytags, and Show Configuration.
GENERAL OPTIONS
These options can be used in all the different modes.- -?, --help
- Print a longer usage message then normal.
- --version
- Print a single line containing the version number of rpm being used.
- --quiet
- Print as little as possible - normally only error messages will be displayed.
- -v
- Print verbose information - normally routine progress messages will be displayed.
- -vv
- Print lots of ugly debugging information.
- --rcfile FILELIST
- Each of the files in the colon separated FILELIST is read sequentially by rpm for configuration information. Only the first file in the list must exist, and tildes will be expanded to the value of $HOME. The default FILELIST is /usr/lib/rpm/rpmrc:/usr/lib/rpm/redhat/rpmrc:~/.rpmrc.
- --pipe CMD
- Pipes the output of rpm to the command CMD.
- --dbpath DIRECTORY
- Use the database in DIRECTORY rathen than the default path /var/lib/rpm
- --root DIRECTORY
- Use the file system tree rooted at DIRECTORY for all operations. Note that this means the database within DIRECTORY will be used for dependency checks and any scriptlet(s) (e.g. %post if installing, or %prep if building, a package) will be run after a chroot(2) to DIRECTORY.
INSTALL AND UPGRADE OPTIONS
The general form of an rpm install command isrpm {-i|--install} [install-options] PACKAGE_FILE ...
This installs a new package.
The general form of an rpm upgrade command is
rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...
This upgrades or installs the package currently installed to a newer version. This is the same as install, except all other version(s) of the package are removed after the new package is installed.
rpm {-F|--freshen} [install-options] PACKAGE_FILE ...
This will upgrade packages, but only if an earlier version currently exists. The PACKAGE_FILE may be specified as an ftp or http URL, in which case the package will be downloaded before being installed. See FTP/HTTP OPTIONS for information on rpm's internal ftp and http client support.
- --aid
- Add suggested packages to the transaction set when needed.
- --allfiles
- Installs or upgrades all the missingok files in the package, regardless if they exist.
- --badreloc
- Used with --relocate, permit relocations on all file paths, not just those OLDPATH's included in the binary package relocation hint(s).
- --excludepath OLDPATH
- Don't install files whose name begins with OLDPATH.
- --excludedocs
- Don't install any files which are marked as documentation (which includes man pages and texinfo documents).
- --force
- Same as using --replacepkgs, --replacefiles, and --oldpackage.
- -h, --hash
- Print 50 hash marks as the package archive is unpacked. Use with -v|--verbose for a nicer display.
- --ignoresize
- Don't check mount file systems for sufficient disk space before installing this package.
- --ignorearch
- Allow installation or upgrading even if the architectures of the binary package and host don't match.
- --ignoreos
- Allow installation or upgrading even if the operating systems of the binary package and host don't match.
- --includedocs
- Install documentation files. This is the default behavior.
- --justdb
- Update only the database, not the filesystem.
- --nodigest
- Don't verify package or header digests when reading.
- --nosignature
- Don't verify package or header signatures when reading.
- --nodeps
- Don't do a dependency check before installing or upgrading a package.
- --nosuggest
- Don't suggest package(s) that provide a missing dependency.
- --noorder
- Don't reorder the packages for an install. The list of packages would normally be reordered to satisfy dependancies.
- --noscripts
- --nopre
- --nopost
- --nopreun
- --nopostun
- Don't execute the scriptlet of the same name. The --noscripts option is equivalent to --nopre --nopost --nopreun --nopostun and turns off the execution of the corresponding %pre, %post, %preun, and %postun scriptlet(s).
- --notriggers
- --notriggerin
- --notriggerun
- --notriggerpostun
- Don't execute any trigger scriptlet of the named type. The --notriggers option is equivalent to --notriggerin --notriggerun --notriggerpostun and turns off execution of the corresponding %triggerin, %triggerun, and %triggerpostun scriptlet(s).
- --oldpackage
- Allow an upgrade to replace a newer package with an older one.
- --percent
- Print percentages as files are unpacked from the package archive. This is intended to make rpm easy to run from other tools.
- --prefix NEWPATH
- For relocateable binary packages, translate all file paths that start with the installation prefix in the package relocation hint(s) to NEWPATH.
- --relocate OLDPATH=NEWPATH
- For relocatable binary packages, translate all file paths that start with OLDPATH in the package relocation hint(s) to NEWPATH. This option can be used repeatedly if several OLDPATH's in the package are to be relocated.
- --repackage
- Re-package the files before erasing. The previously installed package will be named according to the macro %_repackage_name_fmt and will be created in the directory named by the macro %_repackage_dir (default value is /var/tmp).
- --replacefiles
- Install the packages even if they replace files from other, already installed, packages.
- --replacepkgs
- Install the packages even if some of them are already installed on this system.
- --test
- Do not install the package, simply check for and report potential conflicts.
ERASE OPTIONS
The general form of an rpm erase command isrpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts] [--notriggers] [--repackage] [--test] PACKAGE_NAME ...
The following options may also be used:
- --allmatches
- Remove all versions of the package which match PACKAGE_NAME. Normally an error is issued if PACKAGE_NAME matches multiple packages.
- --nodeps
- Don't check dependencies before uninstalling the packages.
- --noscripts
- --nopreun
- --nopostun
- Don't execute the scriptlet of the same name. The --noscripts option during package erase is equivalent to --nopreun --nopostun and turns off the execution of the corresponding %preun, and %postun scriptlet(s).
- --notriggers
- --notriggerun
- --notriggerpostun
- Don't execute any trigger scriptlet of the named type. The --notriggers option is equivalent to --notriggerun --notriggerpostun and turns off execution of the corresponding %triggerun, and %triggerpostun scriptlet(s).
- --repackage
- Re-package the files before erasing. The previously installed package will be named according to the macro %_repackage_name_fmt and will be created in the directory named by the macro %_repackage_dir (default value is /var/tmp).
- --test
- Don't really uninstall anything, just go through the motions. Useful in conjunction with the -vv option for debugging.
QUERY OPTIONS
The general form of an rpm query command isrpm {-q|--query} [select-options] [query-options]
You may specify the format that package information should be printed in. To do this, you use the
--qf|--queryformat QUERYFMT
option, followed by the QUERYFMT format string. Query formats are modifed versions of the standard printf(3) formatting. The format is made up of static strings (which may include standard C character escapes for newlines, tabs, and other special characters) and printf(3) type formatters. As rpm already knows the type to print, the type specifier must be omitted however, and replaced by the name of the header tag to be printed, enclosed by {} characters. Tag names are case insesitive, and the leading RPMTAG_ portion of the tag name may be omitted as well.
Alternate output formats may be requested by following the tag with :typetag. Currently, the following types are supported:
- :armor
- Wrap a public key in ASCII armor.
- :base64
- Encode binary data using base64.
- :date
- Use strftime(3) "%c" format.
- :day
- Use strftime(3) "%a %b %d %Y" format.
- :depflags
- Format dependency flags.
- :fflags
- Format file flags.
- :hex
- Format in hexadecimal.
- :octal
- Format in octal.
- :perms
- Format file permissions.
- :shescape
- Escape single quotes for use in a script.
- :triggertype
- Display trigger suffix.
There are two subsets of options for querying: package selection, and information selection.
PACKAGE SELECTION OPTIONS:
- PACKAGE_NAME
- Query installed package named PACKAGE_NAME.
- -a, --all
- Query all installed packages.
- -f, --file FILE
- Query package owning FILE.
- --fileid MD5
- Query package that contains a given file identifier, i.e. the MD5 digest of the file contents.
- -g, --group GROUP
- Query packages with the group of GROUP.
- --hdrid SHA1
- Query package that contains a given header identifier, i.e. the SHA1 digest of the immutable header region.
- -p, --package PACKAGE_FILE
- Query an (uninstalled) package PACKAGE_FILE. The PACKAGE_FILE may be specified as an ftp or http style URL, in which case the package header will be downloaded and queried. See FTP/HTTP OPTIONS for information on rpm's internal ftp and http client support. The PACKAGE_FILE argument(s), if not a binary package, will be interpreted as an ASCII package manifest. Comments are permitted, starting with a '#', and each line of a package manifest file may include white space seperated glob expressions, including URL's with remote glob expressions, that will be expanded to paths that are substituted in place of the package manifest as additional PACKAGE_FILE arguments to the query.
- --pkgid MD5
- Query package that contains a given package identifier, i.e. the MD5 digest of the combined header and payload contents.
- --querybynumber HDRNUM
- Query the HDRNUMth database entry directly; this is useful only for debugging.
- --specfile SPECFILE
- Parse and query SPECFILE as if it were a package. Although not all the information (e.g. file lists) is available, this type of query permits rpm to be used to extract information from spec files without having to write a specfile parser.
- --tid TID
- Query package(s) that have a given TID transaction identifier. A unix time stamp is currently used as a transaction identifier. All package(s) installed or erased within a single transaction have a common identifier.
- --triggeredby PACKAGE_NAME
- Query packages that are triggered by package(s) PACKAGE_NAME.
- --whatprovides CAPABILITY
- Query all packages that provide the CAPABILITY capability.
- --whatrequires CAPABILITY
- Query all packages that requires CAPABILITY for proper functioning.
PACKAGE QUERY OPTIONS:
- --changelog
- Display change information for the package.
- -c, --configfiles
- List only configuration files (implies -l).
- -d, --docfiles
- List only documentation files (implies -l).
- --dump
- Dump file information as follows:
-
path size mtime md5sum mode owner group isconfig isdoc rdev symlink
- --filesbypkg
- List all the files in each selected package.
- -i, --info
- Display package information, including name, version, and description. This uses the --queryformat if one was specified.
- --last
- Orders the package listing by install time such that the latest packages are at the top.
- -l, --list
- List files in package.
- --provides
- List capabilities this package provides.
- -R, --requires
- List packages on which this package depends.
- --scripts
- List the package specific scriptlet(s) that are used as part of the installation and uninstallation processes.
- -s, --state
- Display the states of files in the package (implies -l). The state of each file is one of normal, not installed, or replaced.
- --triggers, --triggerscripts
- Display the trigger scripts, if any, which are contained in the package.
VERIFY OPTIONS
The general form of an rpm verify command isrpm {-V|--verify} [select-options] [verify-options]
Verifying a package compares information about the installed files in the package with information about the files taken from the package metadata stored in the rpm database. Among other things, verifying compares the size, MD5 sum, permissions, type, owner and group of each file. Any discrepencies are displayed. Files that were not installed from the package, for example, documentation files excluded on installation using the "--excludedocs" option, will be silently ignored.
The package selection options are the same as for package querying (including package manifest files as arguments). Other options unique to verify mode are:
- --nodeps
- Don't verify dependencies of packages.
- --nodigest
- Don't verify package or header digests when reading.
- --nofiles
- Don't verify any attributes of package files.
- --noscripts
- Don't execute the %verifyscript scriptlet (if any).
- --nosignature
- Don't verify package or header signatures when reading.
- --nolinkto
- --nomd5
- --nosize
- --nouser
- --nogroup
- --nomtime
- --nomode
- --nordev
- Don't verify the corresponding file attribute.
c %config configuration file. d %doc documentation file. g %ghost file (i.e. the file contents are not included in the package payload). l %license license file. r %readme readme file.from the package header, followed by the file name. Each of the 8 characters denotes the result of a comparison of attribute(s) of the file to the value of those attribute(s) recorded in the database. A single "." (period) means the test passed, while a single "?" (question mark) indicates the test could not be performed (e.g. file permissions prevent reading). Otherwise, the (mnemonically emBoldened) character denotes failure of the corresponding --verify test:
S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mis-match L readLink(2) path mis-match U User ownership differs G Group ownership differs T mTime differs
DIGITAL SIGNATURE AND DIGEST VERIFICATION
The general forms of rpm digital signature commands arerpm --import PUBKEY ...
rpm {--checksig} [--nosignature] [--nodigest]
PACKAGE_FILE ...
The --checksig option checks all the digests and signatures contained in PACKAGE_FILE to ensure the integrity and origin of the package. Note that signatures are now verified whenever a package is read, and --checksig is useful to verify all of the digests and signatures associated with a package.
Digital signatures cannot be verified without a public key. An ascii armored public key can be added to the rpm database using --import. An imported public key is carried in a header, and key ring management is performed exactly like package management. For example, all currently imported public keys can be displayed by:
rpm -qa gpg-pubkey*
Details about a specific public key, when imported, can be displayed by querying. Here's information about the Red Hat GPG/DSA key:
rpm -qi gpg-pubkey-db42a60e
Finally, public keys can be erased after importing just like packages. Here's how to remove the Red Hat GPG/DSA key
rpm -e gpg-pubkey-db42a60e
SIGNING A PACKAGE
rpm --addsign|--resign PACKAGE_FILE ...
Both of the --addsign and --resign options generate and insert new signatures for each package PACKAGE_FILE given, replacing any existing signatures. There are two options for historical reasons, there is no difference in behavior currently.
USING GPG TO SIGN PACKAGES
In order to sign packages using GPG, rpm must be configured to run GPG and be able to find a key ring with the appropriate keys. By default, rpm uses the same conventions as GPG to find key rings, namely the $GNUPGHOME environment variable. If your key rings are not located where GPG expects them to be, you will need to configure the macro %_gpg_path to be the location of the GPG key rings to use.For compatibility with older versions of GPG, PGP, and rpm, only V3 OpenPGP signature packets should be configured. Either DSA or RSA verification algorithms can be used, but DSA is preferred.
If you want to be able to sign packages you create yourself, you also need to create your own public and secret key pair (see the GPG manual). You will also need to configure the rpm macros
- %_signature
- The signature type. Right now only gpg and pgp are supported.
- %_gpg_name
- The name of the "user" whose key you wish to use to sign your packages.
%_signature gpg %_gpg_path /etc/rpm/.gpg %_gpg_name John Doe <jdoe@foo.com> %_gpgbin /usr/bin/gpgin a macro configuration file. Use /etc/rpm/macros for per-system configuration and ~/.rpmmacros for per-user configuration.
REBUILD DATABASE OPTIONS
The general form of an rpm rebuild database command isrpm {--initdb|--rebuilddb} [-v] [--dbpath DIRECTORY] [--root DIRECTORY]
Use --initdb to create a new database, use --rebuilddb to rebuild the database indices from the installed package headers.
SHOWRC
The commandrpm --showrc
shows the values rpm will use for all of the options are currently set in rpmrc and macros configuration file(s).
FTP/HTTP OPTIONS
rpm can act as an FTP and/or HTTP client so that packages can be queried or installed from the internet. Package files for install, upgrade, and query operations may be specified as an ftp or http style URL:ftp://USER:PASSWORD@HOST:PORT/path/to/package.rpm
If the :PASSWORD portion is omitted, the password will be prompted for (once per user/hostname pair). If both the user and password are omitted, anonymous ftp is used. In all cases, passive (PASV) ftp transfers are performed.
rpm allows the following options to be used with ftp URLs:
- --ftpproxy HOST
- The host HOST will be used as a proxy server for all ftp transfers, which allows users to ftp through firewall machines which use proxy systems. This option may also be specified by configuring the macro %_ftpproxy.
- --ftpport HOST
- The TCP PORT number to use for the ftp connection on the proxy ftp server instead of the default port. This option may also be specified by configuring the macro %_ftpport.
- --httpproxy HOST
- The host HOST will be used as a proxy server for all http transfers. This option may also be specified by configuring the macro %_httpproxy.
- --httpport PORT
- The TCP PORT number to use for the http connection on the proxy http server instead of the default port. This option may also be specified by configuring the macro %_httpport.
LEGACY ISSUES
Executing rpmbuild
The build modes of rpm are now resident in the /usr/bin/rpmbuild executable. Although legacy compatibility provided by the popt aliases below has been adequate, the compatibility is not perfect; hence build mode compatibility through popt aliases is being removed from rpm. Install the rpmbuild package, and see rpmbuild(8) for documentation of all the rpm build modes previously documented here in rpm(8).Add the following lines to /etc/popt if you wish to continue invoking rpmbuild from the rpm command line:
rpm exec --bp rpmb -bp rpm exec --bc rpmb -bc rpm exec --bi rpmb -bi rpm exec --bl rpmb -bl rpm exec --ba rpmb -ba rpm exec --bb rpmb -bb rpm exec --bs rpmb -bs rpm exec --tp rpmb -tp rpm exec --tc rpmb -tc rpm exec --ti rpmb -ti rpm exec --tl rpmb -tl rpm exec --ta rpmb -ta rpm exec --tb rpmb -tb rpm exec --ts rpmb -ts rpm exec --rebuild rpmb --rebuild rpm exec --recompile rpmb --recompile rpm exec --clean rpmb --clean rpm exec --rmsource rpmb --rmsource rpm exec --rmspec rpmb --rmspec rpm exec --target rpmb --target rpm exec --short-circuit rpmb --short-circuit
SEE ALSO
popt(3), rpm2cpio(8), rpmbuild(8),http://www.rpm.org/ http://www.rpm.org/>
How to create CSR using openSSL
To generate CSR using openSSL simply follow below steps:
(1) Go to your intend working directory
(2)Enter below command:-
Replace <hostname> with your hostname. (check your hostname (# uname -n))
# /usr/sfw/bin/openssl req -newkey rsa:1024 -nodes -out <hostname>.csr -keyout
<hostname>.key
(3) There is interactive text will come out. Fill in the blank as per below (see
"<<<"):-
********************************************************************************
Generating a 1024 bit RSA private key
........++++++
..................++++++
writing new private key to 'blessappdev.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:my <<<
State or Province Name (full name) [Some-State]:selangor <<<
Locality Name (eg, city) []:petaling jaya
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:example <<<
Organizational Unit Name (eg, section) []:testing <<<
Common Name (eg, YOUR name) []:unknown <<<
Email Address []:unknown@example.com <<<
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:admin123 <<<
An optional company name []:example<<<
********************************************************************************
(4) You can check back your file using below command:-
# /usr/sfw/bin/openssl req -text -noout -in <hostname>.csr
(5) Check generated file using below command & email the file to your CA if you are using CA sign certificate.
# ls
# done.
Linux simple maintenance command
[root@localhost ]# dmesg -->system error output
[root@localhost ]# cat /var/log/message -->system message output
[root@localhost ]# df -h -->list filesystems details
[root@localhost ]# top -->realtime system statistics
[root@localhost ]# uname -a -->check system details
[root@localhost ]# ifconfig -a -->check communication interface details
[root@localhost ]# init 0 -->command for shutdown now
[root@localhost ]# init 6 --> command for restart now
[root@localhost ]# cat /var/log/message -->system message output
[root@localhost ]# df -h -->list filesystems details
[root@localhost ]# top -->realtime system statistics
[root@localhost ]# uname -a -->check system details
[root@localhost ]# ifconfig -a -->check communication interface details
[root@localhost ]# init 0 -->command for shutdown now
[root@localhost ]# init 6 --> command for restart now
Distributed Replicated Device Block (DRBD)
What do you need before starting DRBD installation:
(1) Make sure your server can resolve both node name (/etc/hosts)
(2)Minimum for DRBD is RHEL 5/CentOS 5
(3) Files needed: kmod-drbd82-8.2.6-2.i686.rpm
drbd82-8.2.6-1.el5.centos.i386.rpm
(4) Firewall: open port 7788
Current situation :
• node1.yourdomain.org 172.29.156.20/24 , source disc /dev/sdc that will be replicated
• node2.yourdomain.org 172.29.156.21/24 , target disc /dev/sdc
1.install kmod and follow by drbd.
2.check configuration at /etc/drbd.conf, should look like this:
#
# please have a a look at the example configuration file in
# /usr/share/doc/drbd/drbd.conf
#
global { usage-count no; }
resource repdata {
protocol C;
syncer { rate 10M; }
on node1.yourdomain.org {
device /dev/drbd0;
disk /dev/sdc;
address 172.29.156.20:7788;
meta-disk internal;
}
on node2.yourdomain.org {
device /dev/drbd0;
disk /dev/sdc;
address 172.29.156.21:7788;
meta-disk internal;
}
}
Replicate drbd.conf to second node at /etc/drbd.conf
3.create disk metadata:
[root@node1 etc]# drbdadm create-md repdata
v08 Magic number not found
v07 Magic number not found
About to create a new drbd meta data block on /dev/sdc.
. ==> This might destroy existing data! <==
Do you want to proceed? [need to type 'yes' to confirm] yes
Creating meta data... initialising activity log NOT initialized bitmap (256 KB) New
drbd meta data block sucessfully created
4. start drbd at both nodes
[root@node1 etc]# service drbd start
Starting DRBD resources: [ d0 n0 ]. ......
[root@node1 etc]# cat /proc/drbd
version: 8.0.4 (api:86/proto:86) SVN Revision: 2947 build by buildsvn@c5-i386-
build, 2007-07-31 19:17:18
. 0: cs:Connected st:Secondary/Secondary ds:Inconsistent/Inconsistent C r---
. ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0
. resync: used:0/31 hits:0 misses:0 starving:0 dirty:0 changed:0 act_log:
used:0/257 hits:0 misses:0 starving:0 dirty:0 changed:0
5.start full sync of drbd disks
[root@node1 etc]# drbdadm -- --overwrite-data-of-peer primary repdata
[root@node1 etc]# watch -n 1 cat /proc/drbd version: 8.0.4 (api:86/proto:86) SVN
Revision: 2947 build by buildsvn@c5-i386-build, 2007-07-31 19:17:18
. 0: cs:SyncTarget st:Primary/Secondary ds:Inconsistent/Inconsistent C r---
. ns:0 nr:68608 dw:68608 dr:0 al:0 bm:4 lo:0 pe:0 ua:0 ap:0
. [>...................] sync'ed: 0.9% (8124/8191)M finish: 0:12:05 speed:
11,432 (11,432) K/sec resync: used:0/31 hits:4283 misses:5 starving:0 dirty:0
changed:5 act_log: used:0/257 hits:0 misses:0 starving:0 dirty:0 changed:0
Check for sync progress
6.Now we can format the disks and mount the fs as we wanted.
[root@node1 ]mkfs.ext3 /dev/drbd0 ; mkdir /repdata ; mount /dev/drbd0 /repdata
7. we can test by creating fake data:
[root@node1 etc]# for i in {1..5};do dd if=/dev/zero of=/repdat
a/file$i bs=1M count=100;done
8.Check for replicated data
[root@node1 /]# umount /repdata ; drbdadm secondary repdata
[root@node2 /]# mkdir /repdata ; drbdadm primary repdata ; mount /dev/drbd0
/repdata
[root@node2 /]# ls /repdata/
file1 file2 file3 file4 file5 lost+found
Now DRBD are go....
(1) Make sure your server can resolve both node name (/etc/hosts)
(2)Minimum for DRBD is RHEL 5/CentOS 5
(3) Files needed: kmod-drbd82-8.2.6-2.i686.rpm
drbd82-8.2.6-1.el5.centos.i386.rpm
(4) Firewall: open port 7788
Current situation :
• node1.yourdomain.org 172.29.156.20/24 , source disc /dev/sdc that will be replicated
• node2.yourdomain.org 172.29.156.21/24 , target disc /dev/sdc
1.install kmod and follow by drbd.
2.check configuration at /etc/drbd.conf, should look like this:
#
# please have a a look at the example configuration file in
# /usr/share/doc/drbd/drbd.conf
#
global { usage-count no; }
resource repdata {
protocol C;
syncer { rate 10M; }
on node1.yourdomain.org {
device /dev/drbd0;
disk /dev/sdc;
address 172.29.156.20:7788;
meta-disk internal;
}
on node2.yourdomain.org {
device /dev/drbd0;
disk /dev/sdc;
address 172.29.156.21:7788;
meta-disk internal;
}
}
Replicate drbd.conf to second node at /etc/drbd.conf
3.create disk metadata:
[root@node1 etc]# drbdadm create-md repdata
v08 Magic number not found
v07 Magic number not found
About to create a new drbd meta data block on /dev/sdc.
. ==> This might destroy existing data! <==
Do you want to proceed? [need to type 'yes' to confirm] yes
Creating meta data... initialising activity log NOT initialized bitmap (256 KB) New
drbd meta data block sucessfully created
4. start drbd at both nodes
[root@node1 etc]# service drbd start
Starting DRBD resources: [ d0 n0 ]. ......
[root@node1 etc]# cat /proc/drbd
version: 8.0.4 (api:86/proto:86) SVN Revision: 2947 build by buildsvn@c5-i386-
build, 2007-07-31 19:17:18
. 0: cs:Connected st:Secondary/Secondary ds:Inconsistent/Inconsistent C r---
. ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0
. resync: used:0/31 hits:0 misses:0 starving:0 dirty:0 changed:0 act_log:
used:0/257 hits:0 misses:0 starving:0 dirty:0 changed:0
5.start full sync of drbd disks
[root@node1 etc]# drbdadm -- --overwrite-data-of-peer primary repdata
[root@node1 etc]# watch -n 1 cat /proc/drbd version: 8.0.4 (api:86/proto:86) SVN
Revision: 2947 build by buildsvn@c5-i386-build, 2007-07-31 19:17:18
. 0: cs:SyncTarget st:Primary/Secondary ds:Inconsistent/Inconsistent C r---
. ns:0 nr:68608 dw:68608 dr:0 al:0 bm:4 lo:0 pe:0 ua:0 ap:0
. [>...................] sync'ed: 0.9% (8124/8191)M finish: 0:12:05 speed:
11,432 (11,432) K/sec resync: used:0/31 hits:4283 misses:5 starving:0 dirty:0
changed:5 act_log: used:0/257 hits:0 misses:0 starving:0 dirty:0 changed:0
Check for sync progress
6.Now we can format the disks and mount the fs as we wanted.
[root@node1 ]mkfs.ext3 /dev/drbd0 ; mkdir /repdata ; mount /dev/drbd0 /repdata
7. we can test by creating fake data:
[root@node1 etc]# for i in {1..5};do dd if=/dev/zero of=/repdat
a/file$i bs=1M count=100;done
8.Check for replicated data
[root@node1 /]# umount /repdata ; drbdadm secondary repdata
[root@node2 /]# mkdir /repdata ; drbdadm primary repdata ; mount /dev/drbd0
/repdata
[root@node2 /]# ls /repdata/
file1 file2 file3 file4 file5 lost+found
Now DRBD are go....
Thursday, 26 May 2011
Linux HA (High Availability)
What is High Availabilty??
from wikipedia-->High availability is a system design approach and associated service implementation that ensures a prearranged level of operational performance will be met during a contractual measurement period.
from me --> to ensure server uptime and availability to 99.9999% or in other words 30 seconds down time per year! How to achieve that availabilty? yes, using HA.
HA using failover mechanism to ensure availabilty. Refer diagram belows (credit to Alan Robertson HA Linux Projects):
Diagram shows physical failover mechanism with Disaster Recovery Center (DRC) and using replication method to mirroring storage. I will show how to use DRBD (Distributed Replicated Block Device) that we can understood by network raid level 1 later on.
First thing what we need is rpm installer, although somebody will use compiling from source code method, but im tired of compiling dependencies issues so just use rpm.
For RHEL you can use centos rpm found here:Centos i386 RPM repos,
Get
1.heartbeat-2.1.3-3.el5.centos.i386.rpm
2.heartbeat-pils-2.1.3-3.el5.centos.i386.rpm
3.heartbeat-stonith-2.1.3-3.el5.centos.i386.rpm
Installation(both servers):
1.put those three files in your RHEL folder (any folder that you comfort with).
2. run heartbeat pils follow by stonith and heartbeat 2.1.3
root@localhost#rpm -ivf heartbeat-pils-2.1.3-3.el5.centos.i386.rpm
root@localhost#rpm -ivf heartbeat-stonith-2.1.3-3.el5.centos.i386.rpm
root@localhost#rpm -ivf heartbeat-2.1.3-3.el5.centos.i386.rpm
Configuring HA:
There are 3 files needed for HA to run:
1.authkeys
2.ha.cf
3.haresources
These 3 files should located at /etc/ha.d
in authkeys files:
auth 2
2 sha1 yourpassword
in ha.cf:
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01(your server hostname)
node node02 (your backup hostname)
in haresources (this is what to be failover):
hostname ipaddress httpd(depends on your failover service requirement)
both server must have same configuration files.
try to start your heartbeat:
root@localhost#service heartbeat start
Stay tune for DRBD!
any enquiries please put comments...
Handshake Failed. SSL0234W Error from WebSphere v5/6
SSL0234W: SSL Handshake Failed, The certificate sent by the peer has expired or is invalid.
First symptom of this issue is user cant access with secure connection
(port 443, SSL).
Try to check error log from apache , usually by default(IBM HTTP) :
root@localhost# cd /opt/IBMHTTPServer/logs/dailylogs
Let consider below situation:
OS=AIX 5.3
Apps=IBM WebSphere v5
HTTP=IBM HTTPServer 1.3
CA=DigiCert Malaysia
CA Root=Malaysia Premier CA 1024(MPCA1024)
On 1st May 2011, CA root will expired and has to be replace by new CA Root
MPCA1024.
After replaced new CA Root user no longer can access the system and
re-bounce error SSL0234W. This is high possibility on new CA Root
having error, even you can view the certificate correctly using cert viewer.
When this problem happens you have to consult the CA to check the CA Root.
As we know creating a new CA Root will be a lot of works to be done.
This issue just happened to my system, and the issue is the CA Root itself.
Welcome
Finally I have time to write this blog and sharing any knowledge on IT system engineering and maintenance. Hopefully this blog can gather us together to share knowledge together.
Subscribe to:
Posts (Atom)