dok documentation - read the docs documentation, release 1.0 2.5.3test a 10x 300mb be comp real...
TRANSCRIPT
dok DocumentationRelease 1.0
Ignas
September 07, 2015
Contents
1 Android 31.1 adb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.2 cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3 encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.4 root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Linux 52.1 ansible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.2 avamar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3 awesant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.4 beaver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.5 btrfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.6 clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.7 elasticsearch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.8 freeipa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.9 gollum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.10 ipmitool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.11 iscsi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.12 java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.13 kernel panic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.14 kvm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.15 logstash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.16 luks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.17 lumberjack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.18 metasploit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.19 multiboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142.20 multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162.21 mysql . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.22 nfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.23 opennebulla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202.24 openssl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.25 pandoc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.26 partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.27 postgresql . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.28 puppet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.29 rbenv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.30 ruby-build . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.31 rpm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
i
2.32 rsyslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242.33 salt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242.34 SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252.35 sqlite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.36 sssd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.37 sysloggen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.38 tcpdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.39 ubuntu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.40 varnish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.41 vim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.42 vmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3 Networking 333.1 h3c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333.2 junos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343.3 mikrotik . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4 Programming 354.1 bash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.2 bash snippets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.3 c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364.4 git . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364.5 gitlab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374.6 ruby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384.7 symfony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384.8 valgrind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
5 Solaris 415.1 SmartOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415.2 zfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6 Hardware 436.1 storcli . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
7 Other 457.1 virtualbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
ii
dok Documentation, Release 1.0
Contents:
Contents 1
dok Documentation, Release 1.0
2 Contents
CHAPTER 1
Android
1.1 adb
1.1.1 connecting
1.1.2 installing recovery
Installing modified TWRP:
adb sideload TWRP-2.8.5.0-F2FS.zip
1.1.3 getting logs
1.2 cm
Installing video: https://www.youtube.com/watch?v=SpHZ2n9lTcs
1.3 encryption
Change crypt pw: http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html
1.3.1 encrypting
1. unrooted
2. encrypt
3. root
4. vdc cryptfs changepw YOURBOOTPASSWORD (will not be able to unlock! don not use this!)
1.3.2 apps
Chats:
• threema
3
dok Documentation, Release 1.0
• myenigma
1.4 root
saferoot: http://forum.xda-developers.com/showthread.php?t=2565758
4 Chapter 1. Android
CHAPTER 2
Linux
2.1 ansible
2.1.1 Configuring hosts
File /etc/ansible/hosts
ansible vu-prod -m ping ansible “~(host1|host2)” -m ping
2.1.2 ssh-agent
ssh-agent bash ssh-add -t 8h ~/.ssh/id_my
List all current keys:
ssh-add -l
Delete all current keys:
ssh-add -D
2.1.3 Commands
Safe, one cmd, uses command module:
ansible all -a “/bin/echo hello”
Multiple cmds, uses shell module. Attention to quoting:
ansible all -m shell -a ‘/usr/sbin/sestatus | grep status’
Sudo command:
ansible vu -a ‘find /etc/sudoers.d -type f’ –sudo
2.2 avamar
2.2.1 users
root (ava), admin, dpn.
5
dok Documentation, Release 1.0
2.2.2 cli tools
Capacity planning and info:
admin@testgrid01:~/ija/>: ./capacity.sh
2.2.3 mccli
2.2.4 avtar
avtar --backups --noinformationals --id=${AVUSER}@/${AVDOMAIN} --password=${AVPASS} --path=/${AVDOMAIN}/${HOST} --count=3
2.3 awesant
git: https://github.com/bloonix/awesant
2.4 beaver
Log shipper.
git: https://github.com/josegonzalez/beaver
Docs: http://beaver.readthedocs.org/en/latest/user/usage.html
Latest v docs: http://beaver.readthedocs.org/en/latest/
2.5 btrfs
Use ZFS on Linux instead!
http://www.funtoo.org/BTRFS_Fun
2.5.1 Install
# yum install btrfs-progs
Jeigu kuriam is vieno disko:
# mkfs.btrfs -m single /dev/sdb# mount -o compress=zlib
compress=zlib - Better compression ratio. It is the default and safe for olders kernels. compress=lzo - Faster compres-sions, newer kernels.
2.5.2 Info
# btrfs filesystem show# btrfs filesystem df
6 Chapter 2. Linux
dok Documentation, Release 1.0
2.5.3 Test A
10x 300mb
be comp
real 1m57.278suser 0m0.044ssys 0m5.639s
Jei testuojame su loop, ir norime daryti masyva is keliu failu, reikia daryti kitaip:
Create and mount a filesystem made of several disk images
# mkfs.btrfs img0 img1 img2# losetup /dev/loop0 img0# losetup /dev/loop1 img1# losetup /dev/loop2 img2# mount /dev/loop0 /mnt/btrfs
2.6 clustering
Cluster is split into two components; cluster communication managed by cman and resource management provided byrgmanager.
2.6.1 tools
cman_tool nodesccs_config_validatecman_tool versioncman_tool version -rclustat
List DLM lockspaces:
dlm_tool ls
Fence status tikrinimas, kai cman veikia:
fence_check
2.6.2 managing a cluster
clusvcadm -e <service> -m <node>clusvcadm -d <service>clusvcadm -e vm:vm01-win2008 -m an-c05n01.alteeve.ca :: start (enable) a vmclusvcadm -d vm:vm01-win2008 :: shutdown (disable) a vmclusvcadm -M vm:vm01-win2008 -m an-c05n02.alteeve.ca :: live migrate a vm
2.6.3 Rebooting a cluster node
• Stop rgmanager, cman on every node that is to be restarted (mind the quorum).
• Reboot.
2.6. clustering 7
dok Documentation, Release 1.0
• Start cman, rgmanager.
2.6.4 clvm
Start only when cman is running and cluster is healthy.
2.6.5 links
https://alteeve.ca/w/AN!Cluster_Tutorial_2
2.7 elasticsearch
2.7.1 status
curl -XGET 'http://127.0.0.1:9200/_cat/shards'curl -XGET 'http://127.0.0.1:9200/_cluster/health?pretty'curl -XGET 'http://127.0.0.1:9200/_status?pretty'curl -XGET 'http://127.0.0.1:9200/_stats?pretty'curl -XGET 'http://127.0.0.1:9200/_aliases?pretty'curl -XGET 'http://127.0.0.1:9200/_nodes/plugins?pretty'
2.8 freeipa
2.8.1 administration
klist show active tickets.
kinit admin get admin ticket. Needed for freeipa administration.
2.8.2 installation
http://sgros.blogspot.com/2012/06/installing-freeipa-on-minimal-centos.html
2.9 gollum
Gollum repo ir instaliavimas: https://github.com/gollum/gollum
How to install: http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/
Tools: http://www.nomachetejuggling.com/2012/05/15/personal-wiki-using-github-and-gollum-on-os-x/
Jeigu OS naudojamas ruby >= 2, reikia instaliuotis ruby 1.9.3 (gollum patarimas). Instaliuojam rbenv (redaguotibashrc). cd i git repo ir
$ rbenv local paskutine_ruby_versija
# sudo yum install ruby-devel# sudo gem install gollum
8 Chapter 2. Linux
dok Documentation, Release 1.0
# sudo yum install ruby-devel# sudo gem install gollum
2.10 ipmitool
$ ipmitool -I lanplus -U fencing -P pw -H an-c05n02.ipmi chassis power status$ ipmitool -I lanplus -U fencing -P pw -H an-c05n02.ipmi chassis power on
2.11 iscsi
2.11.1 discovery
iscsiadm -m discovery -t sendtargets -p 10.10.20.3 show LUNs on target
2.11.2 creating targets
/etc/tgt/targets.conf
service tgtd restart
2.11.3 updating targets
tgt-admin --update ALL --force to update your all your targets, incl. active ones (—force)tgt-admin --update --tid=1 --force For updating Target ID 1
initiator side
iscsiadm -m session -r $SID --rescan
you get the SID from iscsiadm -m session (it is the value in the []) or if you do iscsiadm -m session -P 3 you can seewhich session lines with with which lun. Or
iscsiadm -m node -T target --rescan
or you can just take the lazy way and do
iscsiadm -m session --rescan
iscsiadm -m node -R only adds, does not delete
2.11.4 info
tgt-admin --show
tgt-admin --dump dump konfig
2.10. ipmitool 9
dok Documentation, Release 1.0
2.12 java
2.12.1 debug
the hard way with visualvm
Debugging a remote java process.
Req localhost: visualvm Req remote: java-devel
Target host.
Create file jstatd.all.policy:
grant codebase "file:${java.home}/../lib/tools.jar" {permission java.security.AllPermission;
};
Run:
jstatd -p 8888 -J-Djava.security.policy=jstatd.all.policy
Local host.
Localhost tunnels through jump_server to target_host.
ssh -NL 9998:target_server:22 jump_server &ssh -ND 9696 -p 9998 localhost &jvisualvm -J-Dnetbeans.system_socks_proxy=localhost:9696 -J-Djava.net.useSystemProxies=true
In visualvm add statsd connection with port 8888.
No cpu stats etc. Use JMX connection for that.
2.13 kernel panic
Causing a kernel panic on CentOS6:
# echo c > /proc/sysrq-trigger
May be needed:
echo 1 > /proc/sys/kernel/sysrq
2.13.1 configuring kdump on CentOS6
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-kdump.html
# yum install kexec-tools
Add to ‘/boot/grub/grub.conf’ kernel line:
crashkernel=auto
if host has more than 2GB RAM, or
10 Chapter 2. Linux
dok Documentation, Release 1.0
crashkernel=128M
if host has less than that.
Saving place is configurable, default is ‘/var/crash/’.
# chkconfig kdump on# reboot
2.13.2 analyzing crash dump with crash
2.13.3 installing kernel-debuginfo
http://serverfault.com/questions/527525/centos-server-rebooted-unexpectedly-and-im-unable-to-process-crash-file-what-a/527553#527553
# yum clean all# yum install crash# versija=`uname -r`
Pries ‘y’ patikrinam ar ta versija ir ar ne koks nors centos-plus paketas:
# yum --enablerepo=debug install kernel-debuginfo-$versija
2.13.4 using crash
Kernel cersions must be the same:
# crash /var/crash/timestamp/vmcore /usr/lib/debug/lib/modules/kernel/vmlinux
> help [cmd]> log> bt> ps> vm [pid]> files [pid]
kdump.conf(5) — a manual page for the /etc/kdump.conf configuration file containing the full documentation ofavailable options.
makedumpfile(8) — a manual page for the makedumpfile core collector.
kexec(8) — a manual page for kexec.
crash(8) — a manual page for the crash utility.
/usr/share/doc/kexec-tools-version/kexec-kdump-howto.txt — an overview of the kdump and kexec installation andusage.
2.14 kvm
2.14.1 solaris
2.14. kvm 11
dok Documentation, Release 1.0
WARNING: /pci@0,0/pci1af4,1100@1,2 (uhci0): No SOF interrupts have been received, this USB UHCI host controller is unusable
This is harmless and can be safely ignored. Once the install is complete, we will disabled uhci by running rem_drvuhci in the server.
2.15 logstash
2.15.1 Links
Transport performance: https://docs.google.com/spreadsheet/ccc?key=0Aq9liCTsAyzRdDFEcUp2bjJPMTQzU1ZVTndTVzFwV3c#gid=0
2.16 luks
2.16.1 installing
# yum install cryptsetup-luks
Removes all data:
# cryptsetup -y -v luksFormat /dev/xvdc
# cryptsetup luksOpen /dev/xvdc backup2# ls -l /dev/mapper/backup2# cryptsetup -v status
LUKS headers:
# cryptsetup luksDump /dev/xvdc
2.16.2 formatting
Zero to hide usage patterns:
# pv -tpreb /dev/zero | dd of=/dev/mapper/backup2 bs=128M# kill -USR1 PID
# mkfs.ext4 /dev/mapper/backup2
# mkdir /backup2# mount /dev/mapper/backup2 /backup2
2.16.3 using
Umount:
# umount /backup2# cryptsetup luksClose backup2
Mount:
12 Chapter 2. Linux
dok Documentation, Release 1.0
# cryptsetup luksOpen /dev/xvdc backup2# mount /dev/mapper/backup2 /backup2
2.16.4 sources
http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/
2.17 lumberjack
git: https://github.com/elasticsearch/logstash-forwarder
2.18 metasploit
2.18.1 install
Install rbenv (linux/rbenv.md) to /root and the latest ruby 1.9.
$ mkdir /opt/metasploit$ cd /opt/metasploit <- set local rbenv$ git clone https://github.com/rapid7/metasploit-framework.git msf
Then http://www.phocean.net/2014/02/23/metasploit-on-fedora-20.html
2.18.2 run
# ./msfconsole
2.18.3 commands
global
searchsearch name:mysqlsearch path:scadasearch platform:aixsearch type:postsearch cve:2011 author:jduck platform:linuxsetgsaveshowshow auxiliary
plugin
2.17. lumberjack 13
dok Documentation, Release 1.0
infoshow optionsrunjobs
2.18.4 scans
ssdp
use auxiliary/scanner/upnp/ssdp_amp :: amp?use auxiliary/scanner/upnp/ssdp_msearch :: info
set RHOSTS 192.168.0.0/24run
2.19 multiboot
# grub2# =====## search --file SysRescCD# sudo grub2-install --force --no-floppy --boot-directory=/run/media/ignas/MULTIBOOT/boot /dev/sdb## qemu-kvm# ========## sudo qemu-kvm -m 512 /dev/sdb## web# ===## http://www.circuidipity.com/multi-boot-usb.html# https://help.ubuntu.com/community/Grub2/ISOBoot/Examples# https://wiki.archlinux.de/title/Multiboot_USB_Stick### clonezilla# ==========## http://clonezilla.org/livehd.php
# Fedora# ======## https://github.com/thias/glim/blob/master/grub2/inc-fedora.cfg
# Timeout for menuset timeout=30
# Default boot entryset default=0
# Menu Coloursset menu_color_normal=white/black
14 Chapter 2. Linux
dok Documentation, Release 1.0
set menu_color_highlight=white/green
# Boot ISOsmenuentry "Clonezilla" {
set isofile="/iso/clonezilla-live-2.2.4-12-i686-pae.iso"set gfxpayload=800x600x16echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/live/vmlinuz boot=live live-config noswap nolocales edd=on nomodeset ocs_live_run=\"ocs-live-general\" ocs_live_extra_param=\"\" keyboard-layouts=\"\" ocs_live_batch=\"no\" locales=\"\" ip=frommedia nosplash toram=filesystem.squashfs findiso=$isofile i915.blacklist=yes radeonhd.blacklist=yes nouveau.blacklist=yes vmwgfx.enable_fbdev=1initrd (loop)/live/initrd.img
}
menuentry "KAV neveikia" {loopback loop /iso/kav_rescue_10.isoset gfxpayload=800x600x16set root=(loop)linux /boot/rescue root=live:/dev/well/this/is/nonsense rootfstype=auto init=/init initrd=rescue.igz kav_lang=${kav_lang} udev liveimg splash quiet doscsi nomodesetinitrd /boot/rescue.igz
}
menuentry "DBAN ISO" {set isofile="/iso/dban-2.2.8_i586.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/DBAN.BZI nuke="dwipe" iso-scan/filename=${isofile} silent --
}
menuentry "SystemRescueCD 64bit" {set isofile="/iso/systemrescuecd-x86-4.3.0.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/isolinux/rescue64 isoloop=${isofile} setkmap=usinitrd (loop)/isolinux/initram.igz
}
menuentry "SystemRescueCD 64bit to RAM" {set isofile="/iso/systemrescuecd-x86-4.3.0.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/isolinux/rescue64 isoloop=${isofile} setkmap=us docacheinitrd (loop)/isolinux/initram.igz
}
menuentry "SystemRescueCD 32bit" {set isofile="/iso/systemrescuecd-x86-4.3.0.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/isolinux/rescue32 isoloop=${isofile} setkmap=eninitrd (loop)/isolinux/initram.igz
}
menuentry "Fedora 20 64bit Live Gnome" {set isoname="Fedora-Live-Desktop-x86_64-20-1.iso"set isofile="/iso/$isoname"echo "Using ${isoname}..."loopback loop $isofilelinux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=Fedora-Live-Desktop-x86_64-20-1 rootfstype=auto ro rd.live.image quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 iso-scan/filename=${isofile}initrd (loop)/isolinux/initrd0.img
2.19. multiboot 15
dok Documentation, Release 1.0
}
menuentry "Fedora 20 64bit Live Xfce" {set isoname="Fedora-Live-Xfce-x86_64-20-1.iso"set isofile="/iso/$isoname"echo "Using ${isoname}..."loopback loop $isofilelinux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=Fedora-Live-Xfce-x86_64-20-1 rootfstype=auto ro rd.live.image quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 iso-scan/filename=${isofile}initrd (loop)/isolinux/initrd0.img
}
menuentry "Debian 7.6 - 64bit netinst" {set isofile="/iso/debian-7.6.0-amd64-netinst.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/install.amd/vmlinuz boot=live findiso=${isofile} config quiet splashinitrd (loop)/install.amd/initrd.gz
}
menuentry "Debian 7.6 - 64bit CD1" {set isofile="/iso/debian-7.6.0-amd64-CD-1.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/install.amd/vmlinuz boot=live findiso=${isofile} config quiet splashinitrd (loop)/install.amd/initrd.gz
}
menuentry "Ubuntu 14.04 LTS - 64bit Mini-Installer" {set isofile="/iso/ubuntu-14.04-amd64-mini.iso"echo "Using ${isofile}..."loopback loop $isofilelinux (loop)/linux boot=casper iso-scan/filename=$isofile noprompt noejectinitrd (loop)/initrd.gz
}
2.20 multicast
2.20.1 bridge config
There are bugs in kernel when forwarding non 224.0.0.* multicast traffic through bridges, so disable snooping:
host# echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping
http://troglobit.com/blog/2013/07/09/multicast-howto/
Then to make it persistent... /etc/sysconfig/network-scripts/ifup-post calls /sbin/ifup-local ${DEVICE} so add there
#!/bin/sh#/sbin/ifup-local ${DEVICE}
if [[ "$1" == "br0" ]]then
if [[ -e "/sys/devices/virtual/net/$1/bridge/multicast_snooping" ]]thenecho "Setting /sys/devices/virtual/net/$1/bridge/multicast_snooping."echo 0 > /sys/devices/virtual/net/$1/bridge/multicast_snooping
16 Chapter 2. Linux
dok Documentation, Release 1.0
elseecho "Warning: can not find /sys/devices/virtual/net/$1/bridge/multicast_snooping"
fi#else
#DO_NOTHINGfi
2.20.2 iptables
# multicast (igmp; Internet group management protocol)iptables -I INPUT -p igmp -j ACCEPT
# Service configiptables -I INPUT -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport -p udp -s 10.20.0.0/16 --dports 5404,5405 -j ACCEPT
# iperf def portiptables -I INPUT -m addrtype --dst-type MULTICAST -p udp --dport 5001 -j ACCEPT
2.20.3 test with iperf
Server:
# iperf -s -u -B 224.1.1.1 -i 1
Client:
# iperf -c 224.1.1.1 -u -T 32 -t 3
Problems: - Things to watch out for. Apparently iperf has issues if the ‘server’ is running on a computer with multipleinterfaces. But aside from that, this worked. - Another thing to be careful of; the iperf test client will work correctlyeven if /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is set (to 1). In this case, running iperf as a server and tryingto ping the multicast address will NOT work. Whether this matters is dependent on your multicast needs.
2.20.4 netstat
Show joined groups:
# netstat -g# cat /proc/net/igmp# ip maddress list
2.20.5 tcpdump
Capture multicast traffic:
# tcpdump -n -vv net 224.0.0.0/4
2.20.6 ping
# ping 224.1.1.1 Ping specific IP# ping 224.0.0.1 All hosts configured for multicast will respond with their IP addresses
2.20. multicast 17
dok Documentation, Release 1.0
2.21 mysql
2.21.1 information
# mysqladmin status# mysqladmin processlist> show status like '%onn%';> show processlist;
Table info:
describe mysql.user;
Table sizes:
# SELECT table_schema AS "Database name", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema;
User info:
SELECT User, Host, Password FROM mysql.user;SELECT CONCAT(QUOTE(user),'@',QUOTE(host)) UserAccount FROM mysql.user;SHOW GRANTS;SHOW GRANTS FOR CURRENT_USER;SHOW GRANTS FOR 'root'@'localhost';
Replication:
reset master;
2.21.2 Dumping and restoring
grep a table from full dump:
time sed -n -e '/DROP TABLE.*`mytable`/,/UNLOCK TABLES/p' mydump.sql > tabledump.sql
2.22 nfs
2.22.1 configuring nfs server on centos6
yum install nfs-utils
vim /etc/sysconfig/nfs (PAPILDYTI)---> MOUNTD_NFS_V2="no"> RQUOTAD_PORT=875> LOCKD_TCPPORT=32803> LOCKD_UDPPORT=32769> MOUNTD_PORT=892> STATD_PORT=662> STATD_OUTGOING_PORT=2020---
mkdir -p /export/public
18 Chapter 2. Linux
dok Documentation, Release 1.0
vim /etc/exports---/export/public *(rw,no_subtree_check,insecure,no_root_squash,no_all_squash)---
vim /etc/sysconfig/iptables----A INPUT -m multiport -p tcp --dport 111,662,875,892,2049,32803 -j ACCEPT-A INPUT -m multiport -p udp --dport 111,662,875,892,2049,32769 -j ACCEPT---
service iptables restartchkconfig nfs onservice rpcbind startservice nfslock startservice nfs start
Jei reikia reeksportuoti:
# exportfs -rv
Klientas:
# yum install nfs-utils## showmount -e 10.10.40.210## mkdir /mnt/public## vim /etc/fstab# ---# 10.10.40.210:/export/public /mnt/public nfs defaults 0 0# 10.10.40.210:/export/store /mnt/store nfs vers=3,nolock,rw,acl,tcp,hard,intr,rsize=32768,wsize=32768 0 0# ---## mount -a
Useriai NFS serveryje ir kliente turi buti vienodu vardu bei UID GID. Todel userius pirmiausia kurti severyje.
Apie GID/UID problemas http://dfusion.com.au/wiki/tiki-index.php?page=Why+NFSv4+UID+mapping+breaks+with+AUTH_UNIX
2.22.2 troubleshooting
Clear idmapd cache
# nfsidmap -c
Remove stale handles
Login as root. Issue the commands:
# service netfs stop# service network restart# service netfs start
2.22. nfs 19
dok Documentation, Release 1.0
2.23 opennebulla
2.23.1 Nauodjimas
onevnet
# onevnet list
sunstone
http://opennebula.org/documentation:archives:rel4.0:sunstone
The default password for the oneadmin user (which can be changed by doing oneuser passwd oneadmin<new_password>), can be found in ~/.one/one_auth which is generated randomly on every installation.
one market
# onemarket list --server http://marketplace.c12g.com
2.23.2 Instaliavimas
Irasius servisus, juos isjungti.
Tinklas
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces_network-bridge.html
ifcfg-eth0:DEVICE="eth0"TYPE="Ethernet"BOOTPROTO="none"ONBOOT="yes"NM_CONTROLLED="no"BRIDGE=onebr0gali reikti HWADDR
ifcfg-onebr0:DEVICE="onebr0"TYPE="Bridge"IPADDR="10.4.1.108"NETMASK="255.255.255.0"ONBOOT="yes"BOOTPROTO="none"GATEWAY="10.4.1.1"IPV6INIT="no"NM_CONTROLLED="no"
20 Chapter 2. Linux
dok Documentation, Release 1.0
add host
Hostas turi galeti useriu oneadmin prisijungti ir prie saves ir prie kitu.
Gali tekti pataisyti eilute oned.conf:
SCRIPTS_REMOTE_DIR=/var/lib/one/remotes
onehost create localhost -i im_kvm -v vmm_kvm -n fw
2.24 openssl
2.24.1 debug
openssl s_client -connect git.phd.msu.edu:443
2.25 pandoc
2.25.1 pdf
Norint naudoti lietuviskas raides, reikia –latex-engine
pandoc gollum2.md -o g2.pdf --latex-engine=xelatex
2.26 partitioning
Using parted -a opt automaticaly aligns partitions. If possible, use it always instead of fdisk.
# parted -a optimal /dev/sda ["print free"]# print free# mkpart extended 47.8G 898G# mkpart logical 47.8G 590G
Check alignment with partition index, no output if OK:
# align-check opt 5
2.27 postgresql
2.27.1 info
psql postgrespsql db_name
\l :: list databases\l+\d :: show all tables, views, and sequences\d+
2.24. openssl 21
dok Documentation, Release 1.0
\dt :: tables\dv :: views
\c db_name :: change db
\timing :: timing on/off
select version();
\e :: use an editor to type the command\q :: quit
2.27.2 help
\?\h CREATE\h CREATE INDEX
2.27.3 users
ALTER USER postgres WITH PASSWORD 'tmppassword'; :: change root pwALTER USER username WITH PASSWORD 'tmppassword'; :: change user pw
2.27.4 databases
CREATE DATABASE mydb WITH OWNER ramesh;DROP DATABASE mydb;SELECT pg_size_pretty(pg_database_size('mydatabasename')) As fulldbsize;
2.28 puppet
2.28.1 erb
Syntax check:
erb -P -x -T '-' mytemplate.erb | ruby -c
2.29 rbenv
https://github.com/sstephenson/rbenv
2.29.1 info
rbenv version parodyti dabartine nustatyta versija.
rbenv versions parodyti instaliuotas versijas.
22 Chapter 2. Linux
dok Documentation, Release 1.0
rbenv global parodyti globalia versija.
rbenv local parodyti lokalia versija.
2.29.2 upgrade
$ cd ~/.rbenv$ git pull
To use a specific release of rbenv, check out the corresponding tag:
$ cd ~/.rbenv$ git fetch$ git checkout v0.3.0
2.29.3 install
Verisiju saraso atnaujinimui reikia ruby-build upgrade (zemiau).
Perziurime esamas ruby versijas:
$ rbenv install --list
Instaliuojame reikalinga ruby versija (raikalingas ruby-build pluginas):
$ rbenv install 1.9.3-p448$ rbenv global 1.9.3-p448$ rbenv rehash
2.30 ruby-build
2.30.1 upgrade
$ cd .rbenv/plugins/ruby-build/$ git pull
2.31 rpm
2.31.1 tools
yum install rpmdevtools rpmlintrpmdev-setuptree# Install dependencies of the spec fileyum-builddep -y collectd-5.4.1/contrib/redhat/collectd.spec
rpm --eval "%{_datarootdir}"rpm --showrc | grep topdir
Installing dependencies:
2.30. ruby-build 23
dok Documentation, Release 1.0
yum-builddep [package]
2.31.2 srpm
rpm -qpi some.src.rpmrpm2cpio some.src.rpm | cpio -idmv
2.32 rsyslog
2.32.1 debug
Debug template:
*.* /var/log/all.log;RSYSLOG_DebugFormat
Send a message with netcat:
echo '<166>Jan 13 13:26:07 srv1.test nginx: resize1.ef.lan 172.14.10.18 - - ' | nc -v -u -w 0 127.0.0.1 514
2.33 salt
2.33.1 cmd
salt-key -Lsalt-key -a s.vagrant.localdomainsalt-key -A
salt '<target>' <function> [arguments]salt '*' test.pingsalt '*' cmd.run 'uname -a'salt -G 'os:Ubuntu' test.pingsalt -E 'virtmach[0-9]' test.pingsalt -L 'foo,bar,baz,quo' test.pingsalt -C 'G@os:Ubuntu and webser* or E@database.*' test.ping# List all available functionssalt '*' sys.docsalt '*' cmd.exec_code python 'import sys; print sys.version'salt '*' pip.install salt timeout=5 upgrade=True
salt-call -l debug state.highstatesalt '*' test.ping --out txtsalt '*' test.ping --out yamlsalt '*' test.ping --out rawsalt '*' test.ping --static --out json
salt '*' test.versionsalt-run manage.versionssalt '*' pkg.install salt-minion refresh=True
salt '*' pkg.install nginxsalt '*' service.start nginx
24 Chapter 2. Linux
dok Documentation, Release 1.0
salt '*' disk.usagesalt '*' network.interfacessalt '*' sys.doc | lesssalt '*' grains.items
2.33.2 installing
yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmcd /etc/yum.repos.d/#overrides 2 epel pkgs.wget http://copr.fedoraproject.org/coprs/saltstack/zeromq4/repo/epel-6/saltstack-zeromq4-epel-6.repo
installing minion
yum install salt-minionsed -ie 's/#master: salt/master: s/' /etc/salt/minionchkconfig salt-minion onservice salt-minion start
installing master
yum install salt-masterlokkit -p 4505:tcp -p 4506:tcpchkconfig salt-master onservice salt-master start
2.33.3 links
https://github.com/saltstack-formulas http://www.willdurness.com/post/101277984950/salt-pillar-driven-design-pattern
2.34 SELinux
semodule -DB : enable full loggingsemanage fcontext -a -t virt_etc_t '/shared(/.*)?'restorecon -r /shared
2.34.1 starting auditd (selaert)
# yum install setroubleshoot-server# service messagebus start# service auditd restart
More: auditd http://blog.esmnetworks.com/
2.34. SELinux 25
dok Documentation, Release 1.0
2.34.2 actions with files
Defaults:
$ matchpathcon /var/spool/rsyslog
Set context to default:
# restorecon -F /katalogas# restorecon -v /var/www/html/index.html
File se types:
# file_context somewhere /etc/selinux
Change:
# chcon -R --reference=/etc/kazkas /target/dir# chcon -R -u system_u -t public_content_t /ftp# chcon -u system_u -r object_r -t tmp_t /tmppt
fcontext
# matchpathcon /exports/foobar# semanage fcontext -a -t httpd_sys_content_t "/html(/.*)?"
-a :: add-u :: user-r :: role-t :: type
# semanage permissive -a httpd_t# restorecon -Rv /var/www/html
-n :: noop
2.34.3 actions with users
unconfined_uguest_uxguest_uuser_ustaff_u
List selinux users:
# semanage user -l
Change existing user se type:
# semanage login -a [-s user_u] michael-a add-s user role
or:
# usermod -Z user_u USERNAME
Change default se type (all default users will be changed also):
26 Chapter 2. Linux
dok Documentation, Release 1.0
# semanage login -m -S targeted -s “user_u” -r s0 __default__
Hmm... something:
# semanage user -m -R"unconfined_r webadm_r staff_r" staff_u
2.34.4 actions with ports
List:
# semanage port -l| grep syslog
Add:
# sudo semanage port -a -t syslogd_port_t -p tcp 7514
2.34.5 actions with processes
Check if httpd is protected with SELinux:
# ps -ZC httpd
List all:
# ps -eZ
SE status:
# sestatus
2.34.6 bools
# sudo setsebool -P httpd_setrlimit 1# sudo setsebool -P allow_ypbind 1 - kad servisai laisvai galetu jungtis prie portu
# getsebool -a# /usr/sbin/getsebool -a | grep samba
2.34.7 analyzing the logs
Aureport:
# aureport -a# aureport --start today --event --summary -i
http://dgz.dyndns.org/mediawiki/index.php/(RHEL)_HOWTO_configure_the_auditing_of_the_system_(auditd)
Logs can be in messages, user and /var/log/audit/audit.log
# sealert -l bf5c9ba8-3e2b-4780-b6aa-62861de64e7e
Generate sealert messeges from audit.log:
2.34. SELinux 27
dok Documentation, Release 1.0
# grep AVC /var/log/audit/audit.log | sedispatch
# ausearch -m avc# ausearch -m avc -ts today# ausearch -m avc -if ./audit.log# ausearch -m avc -c sudo# ausearch -m avc -x nginx --start recent# ausearch -m avc --event 10085951 | audit2allow -w
-c search in executables name
# sealert -a /var/log/audit/audit.log
2.34.8 seasearch
# sesearch --allow -s cvs_t -c dir -p search
What can user_t do:
# sesearch -A -s user_t# sesearch -A -s user_t | grep var_log
# sesearch -A -s passenger_t -t passenger_t -c capability -p sys_resource# sesearch -t passenger_t
-A :: search for allow rules
Log all (disable DontAudit):
(13:00:23) siXy: r2bit: dontaudit rules can be disabled for testing(13:00:55) siXy: semodule -DB (then -B to reenable them after)
2.34.9 working with modules
List:: # semodule -l
Compile:
# audit2allow -a -m dansguardian > dansguardian.te# checkmodule -M -m dansguardian.te# checkmodule -M -m dansguardian.te -o dansguardian.mod# semodule_package -o dansguardian.pp -m dansguardian.mod
Install:
# semodule -i dansguardian.pp
2.34.10 Files
/etc/selinux/etc/selinux/targeted/contexts/files
./file_contexts - baseline file contexts for the entire system
./file_contexts.homedirs - for /home and subdirs
./media - for removable media
28 Chapter 2. Linux
dok Documentation, Release 1.0
2.34.11 module config-history
(3:58:05 PM) grift: yes some stupid bug(3:58:08 PM) grift: try this:(3:58:24 PM) grift: cat > mytest.te <<EOF(3:58:37 PM) grift: policy_module(mytest, 1.0)(3:58:41 PM) grift: EOF(3:58:47 PM) grift: cat > mytest.fc <<EOF(3:59:06 PM) grift: /root/mydir/.* <<none>>(3:59:08 PM) grift: EOF(3:59:24 PM) grift: make -f /usr/share/selinux/devel/Makefile mytest.pp(3:59:30 PM) grift: semodule -i mytest.pp(3:59:37 PM) grift: matchpathon /root/mydir/test
cat > mytest.te <<EOFpolicy_module(mytest, 1.0)EOFcat > mytest.fc <<EOF/root/mydir/.* <<none>>EOF
make -f /usr/share/selinux/devel/Makefile mytest.ppsemodule -i mytest.ppmatchpathon /root/mydir/test
2.34.12 building a module 2
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=5
Iskarpos:allow unconfined_t ext_gateway_t : process transition;allow unconfined_t secure_services_exec_t : file { execute read getattr };allow ext_gateway_t in_file_t : file { write create getattr };allow httpd_sys_script_t net_conf_t:file { open read getattr };allow ext_gateway_t in_queue_t : dir { write search add_name };
module mysasl 1.0;require {
type var_spool_t;type postfix_spool_t;type saslauthd_t;type saslauthd_var_run_t;class dir search;}
#============= saslauthd_t ==============allow saslauthd_t var_spool_t:dir search;allow saslauthd_t postfix_spool_t:dir search;
module myawstats 1.0;require {
type httpd_awstats_script_t;type httpd_sys_script_exec_t;class dir { search getattr }; }
#============= httpd_awstats_script_t ==============allow httpd_awstats_script_t httpd_sys_script_exec_t:dir search;
require {
2.34. SELinux 29
dok Documentation, Release 1.0
type var_lib_t;class file { append getattr read open };}
2.34.13 macro list
(23:15:15) sauleta: is there a way to list available macros? I tried semanage interface -l, but had no luck(23:20:47) grift: install selinux-policy-docs(23:22:00) grift: selinux-policy-doc(23:22:56) grift: then firefox /usr/share/doc/selinux-policy-3.10.0/html/index.html(23:23:10) grift: not all macros but quite a few(23:24:07) grift: you can also cat all the .if files in the various dirs in /usr/share/selinu/devel/include(23:24:34) grift: and the files in the support dir thats also in there
2.34.14 links
SELinux intro: http://beginlinux.com/server_training/web-server/976-apache-and-selinux and:http://wiki.centos.org/HowTos/SELinux reference policy: http://oss.tresys.com/projects/refpolicyBooleans: http://wiki.centos.org/TipsAndTricks/SelinuxBooleans Issamus fedoros FAQ:http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621954,http://selinuxproject.org/ http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xmlhttps://www.wzdftpd.net/docs/selinux/references.html Confining a process: http://www.adelton.com/docs/spacewalk/selinux-how-we-confined-spacewalk
2.35 sqlite
2.35.1 info
SELECT name FROM sqlite_master WHERE type='table';.schema table_name
2.36 sssd
2.36.1 host authorisation
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/config-sssd-domain-access.html
3 Possiblilities: - Simple Access Provider - LDAP Access Filter - authorizedService or host attribute in an entry
access filter and groups
http://thornelabs.net/2013/01/28/linux-restrict-server-login-via-ldap-groups.html
access_provider = ldapldap_access_filter = memberOf=cn=Group Name,ou=Groups,dc=thornelabs,dc=net
30 Chapter 2. Linux
dok Documentation, Release 1.0
2.37 sysloggen
syslog log generator.
https://subversion.assembla.com/svn/logzilla/scripts/contrib/sysloggen/
./sysloggen -h
./sysloggen -d 127.0.0.1:5001 -f sample.log -n 1000000 -S -l
./sysloggen -d 127.0.0.1:5000 -f sample.log -n 1000000 -D -l -v
2.38 tcpdump
2.38.1 links
Advanced filters: http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt
2.39 ubuntu
2.39.1 Disable a service
$ sudo invoke-rc.d apparmor stop$ sudo invoke-rc.d apparmor teardown$ sudo update-rc.d -f apparmor remove
2.40 varnish
2.40.1 varnishadm
Reload a VCL file:
vcl.load reload01 /usr/local/etc/varnish/default.vclvcl.use reload01
2.41 vim
2.41.1 Using tabs
:n and :prev navigate.
:args see which file are open.
:n test.pl to add a file.
2.37. sysloggen 31
dok Documentation, Release 1.0
2.41.2 Using windows
Ctrl-W s and Ctrl-W v to split the current window horizontally and vertically.
Ctrl-W w to swhitch between open windows, and Ctrl-W h (or j or k or l) to navigate through open windows.
Ctrl-W c to close the current window, and Ctrl-W o to close all windows except the current one.
:e file to add a file.
:ls see the current state of buffers.
2.42 vmware
2.42.1 tools
centos 6
Note: ESXi will show a grey sign “Tools installed (managed by guest)”.
Install correct vmware-tools-repo version from https://packages.vmware.com/tools/index.html esx.
rpm --import https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pubyum install vmware-tools-esx-kmods vmware-tools-esx-nox
32 Chapter 2. Linux
CHAPTER 3
Networking
3.1 h3c
3.1.1 information
interfaces
display interface briefdisplay interface GigabitEthernet 1/0/11display interface Vlan-interface briefdisplay interface Vlan-interface 100display vlan 100
3.1.2 configuration
configuration management
display current-configurationdisplay saved-configurationdisplay thisdisplay startupreset saved-configurationsavestartup saved-configuration
create a trunk
interface GigabitEthernet 1/0/10port link-type trunkport trunk permit vlan 807 808
change password
password [ simple | cipher ] passwordundo password
33
dok Documentation, Release 1.0
<H3C> system-viewSystem View: return to User View with Ctrl+Z.[H3C] local-user test[H3C-luser-test] passwordPassword:**********confirm:**********Updating the password file, please wait...
3.2 junos
## root cliroot% cli## junos cli, op modeuser@host>> show | compare> configure## conf mode# run show configuration# exit
show security policies from-zone z_1 to-zone z_2show configuration | display setcommit
Common conf commands:
setdeleteshowcommitcopyrename
set security zones security-zone z_1 address-book address a_1 10.0.0.2set security policies from-zone z_1 to-zone z_2 policy pol_1 match source-address [ n_1 n_2 ] destination-address as_1 application [ junos-http junos-https ]set security policies from-zone z_1 to-zone z_2 policy pol_1 then permit
3.2.1 links
SRX getting started: http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694
3.3 mikrotik
Hairping NAT: http://wiki.mikrotik.com/wiki/Hairpin_NAT
34 Chapter 3. Networking
CHAPTER 4
Programming
4.1 bash
4.1.1 links
BashFAQ: http://mywiki.wooledge.org/BashFAQ
4.2 bash snippets
4.2.1 100% Load 4 CPU cores
for i in 1 2 3 4; do while : ; do : ; done & done
4.2.2 show my ip
$ dig +short myip.opendns.com @resolver1.opendns.com
4.2.3 remove old files
Find and clean files in a directory and its subdirectories:
/usr/bin/find /dir -maxdepth 2 \( -name "access*.gz" -o -name "error*.gz" \) -a -mtime +178 -print0 | xargs -0 rm -vf 2>&1 | logger
4.2.4 template
#!/bin/bash
# ./script [-t DAYS] -a AGE -d DIR# -t today date# ex: ./script -a 366 -d /srv/log
DAY_ZERO=0LOG_DIR="/usr/local/empty"SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
35
dok Documentation, Release 1.0
# Logging tagLTAG="$(basename $0)[$$]"
do_log() {logger -t $LTAG "$*"
}
do_log "Started with params $*"
# Script paramswhile [ "$#" -ge "2" ] ; do
case $1 in-t)
DAY_ZERO=$2shift 2 ;;
-a)AGE=$2shift 2 ;;
-d)LOG_DIR=$2shift 2 ;;
*) shift 1 ;;esac
done
find_in_dir() {}
find_in_dir $LOG_DIR $AGE
do_log "Finished."
exit 0
4.3 c
Quickguide: http://www.tutorialspoint.com/cprogramming/c_quick_guide.htm
Baigta ties C - Input & Output
4.4 git
4.4.1 rename a local branch
git branch -m <oldname> <newname>
If you want to rename the current branch, you can simply do:
git branch -m <newname>
4.4.2 commit squashing
http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html
36 Chapter 4. Programming
dok Documentation, Release 1.0
Commits must not be pushed. This will do interactive squashing of 4 last commits:
git rebase -i HEAD~4
4.4.3 log
git log --author=bobgit log --pretty=onelinegit log --graph --oneline --decorate --allgit log --name-status
Show not pushed commits:
git log --branches --not --remotes
4.4.4 show
View (possibly redirect) a file from a specific point in commit history.
git show <treeish>:<file>git show HEAD~4:index.html
4.4.5 gitk
Show all branches:
gitk --all
4.5 gitlab
4.5.1 Create Repository (gitlab)
mkdir aliasescd aliasesgit inittouch READMEgit add READMEgit commit -m 'first commit'git remote add origin gitlab@fqdn:puppet2/aliases.gitgit push -u origin master
4.5.2 Existing Git Repo? (gitlab)
cd existing_git_repogit remote add origin gitlab@fqdn:puppet2/aliases.gitgit push -u origin master
4.5. gitlab 37
dok Documentation, Release 1.0
4.6 ruby
Style guide: https://github.com/bbatsov/ruby-style-guide
4.7 symfony
4.7.1 default bundle tree
$ tree src/Acme/StoreBundle/src/Acme/StoreBundle/|-- AcmeStoreBundle.php|-- Controller| `-- DefaultController.php|-- DependencyInjection| |-- AcmeStoreExtension.php| `-- Configuration.php|-- Resources| |-- config| | |-- routing.yml| | `-- services.yml| |-- doc| | `-- index.rst| |-- public| | |-- css| | |-- images| | `-- js| |-- translations| | `-- messages.fr.xlf| `-- views| `-- Default| `-- index.html.twig`-- Tests
`-- Controller`-- DefaultControllerTest.php
4.7.2 console
Create an AcmeStoreBundle:
php app/console generate:bundle --namespace=Acme/StoreBundle
Create a doctine db:
php app/console doctrine:database:create
Create an entity with doctrine:
php app/console doctrine:generate:entity
4.8 valgrind
gcc -g -o0 prog.c -o prog
38 Chapter 4. Programming
dok Documentation, Release 1.0
-g provide debugging information.
-o0 Valgrind suggestion. With -o1 code runs faster, line numbers may be inacurate.
valgrind code
4.8. valgrind 39
dok Documentation, Release 1.0
40 Chapter 4. Programming
CHAPTER 5
Solaris
5.1 SmartOS
Files: https://download.joyent.com/pub/iso/
KVM -> SmartOS http://www.the-mesh.org/content/building-smartos-home-data-center Blog:http://blog.smartcore.net.au/posts/ VRRP: http://www.c0t0d0s0.org/archives/7549-Less-known-Solaris-Features-Highly-available-loadbalancing..html
5.1.1 vmware
Disk controller: LSI Logic Parallel
5.1.2 Info
Cheat sheept: http://wiki.joyent.com/wiki/display/jpc2/The+Joyent+Linux-to-SmartOS+Cheat+Sheet
prstat -Z
5.1.3 Configuring
Changing the hostname
http://wiki.smartos.org/display/DOC/Administering+the+Global+Zone
Changin def vnc port
vmadm update dece98e8-29d7-4394-8cf1-d0185e2258b7 vnc_port=35351
5.2 zfs
dkms status
41
dok Documentation, Release 1.0
5.2.1 links
Naudingi patarimai is Arch: https://wiki.archlinux.org/index.php/ZFS
5.2.2 cheat sheets
http://www.datadisk.co.uk/html_docs/sun/sun_zfs_cs.htm
5.2.3 zfs on linux
zfs set sharenfs="rw=192.168.1.1/24,ro=192.168.2.1/24,no_root_squash"
Does not work with different option for different hosts:
zfs set sharenfs="rw=192.168.1.1/24,async,ro=192.168.2.1/24,sync" rpool/exports
42 Chapter 5. Solaris
CHAPTER 6
Hardware
6.1 storcli
Full info:
storcli /c0 show
Physical drives:
storcli /c0/eall/sall showstorcli /c0/e64/s4,5,6,7 show
Drive groups:
storcli /c0/dall show all
Virtual drives:
storcli /c0/vall show
6.1.1 Creating RAID10
List new drives:
storcli /c0/e64/s4,5,6,7 show
Change status of all drives to good, use force if status is JBOD:
storcli /c0/e64/s4 set good
Show drive groups:
storcli /c0/dall show all
If drive group is marked as foreign, and it shouldn’t be, init it:
storcli /c0/e64/s5 start initializationstorcli /c0/e64/s5 show initialization
Create raid10 vd:
storcli /c0 add vd r10 drives=64:4,64:5,64:6,64:7 pdperarray=2
If the new vd is not consistent, init it:
43
dok Documentation, Release 1.0
storcli /c0/v1 showstorcli /c0/v1 start init [full]storcli /c0/v1 show init
44 Chapter 6. Hardware
CHAPTER 7
Other
7.1 virtualbox
7.1.1 VBoxManage
VBoxManage list dhcpserversVBoxManage dhcpserver modify --netname nat_10_1_2 --ip 10.1.2.3 --netmask 255.255.255.0 --lowerip 10.1.2.100 --upperip 10.1.2.254
45