Thursday, March 30, 2017
Authenticate Mongodb Connection with Selfsigned Certificates
Create a selfsigned SSL Certificate
Reference: http://www.akadia.com/services/ssh_test_certificate.html
# cat mongodb.conf
logpath = /opt/sysAdmin/logs/mongodb.log
dbpath = /opt/sysAdmin
port = 27017
sslMode = requireSSL
sslPEMKeyFile = /home/mongodb/ssl/mongodb.pem
sslPEMKeyPassword = test
sslCAFile = /home/mongodb/ssl/client.pem
Step 1:
http://demarcsek92.blogspot.ca/2014/05/mongodb-ssl-setup.html
Create Certificate for Server
$ openssl req -new -x509 -days 365 -out mongodb-cert.crt -keyout mongodb-cert.key
or
$ openssl req -new -x509 -days 3650 -out server.crt -keyout encrypted-server.key -subj '/C=CA/ST=ON/L=TORONTO/O=GOWEEKEND/OU=FINANCE/CN=127.0.0.1'
You can remove passphrase from key, but make sure limit the permission of the key file
$ cp mongodb-cert.key mongodb-cert.key.encrypted
$ openssl rsa -in mongodb-cert.key.encrypted -out mongodb-cert.key
$ cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
Create Certificate for Client
$ openssl req -new -x509 -days 365 -out client-cert.crt -keyout client-cert.key
OR
$ openssl req -new -x509 -days 3650 -out client.crt -keyout encrypted-client.key -subj '/C=CA/ST=ON/L=Toronto/O=GOWEEKEND/OU=IT/CN=127.0.0.1'
You can remove passphrase from key, but make sure limit the permission of the key file
$ cp client-cert.key client-cert.key.encrypted
$ openssl rsa -in client-cert.key.encrypted -out client-cert.key
$
$ cat client-cert.key client-cert.crt > client.pem
Startup Server
mongod -f /etc/mongodb.conf
Connect to Database with mongodb
mongo --ssl --sslCAFile ./mongodb.pem --sslPEMKeyFile ./client.pem
Step 2:
https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/
Problem:
Within PHP, below error popped up:
UserNotFound: Could not find user CN=127.0.0.1,OU=FINANCE,O=GOWEEKEND,L=TORONTO,ST=ON,C=CA@$external
$ openssl x509 -in client.pem -inform PEM -subject -nameopt RFC2253
subject= CN=127.0.0.1,OU=WS,O=GOWEEKEND,L=TORONTO,ST=ON,C=CA
Connect to Database
db.getSiblingDB("$external").runCommand(
{
createUser: "CN=127.0.0.1,OU=WS,O=GOWEEKEND,L=TORONTO,ST=ON,C=CA",
roles: [
{ role: 'readWrite', db: 'mydb' },
{ role: 'userAdminAnyDatabase', db: 'admin' }
],
writeConcern: { w: "majority" , wtimeout: 5000 }
}
)
Use Certificate to connect to mongodb server
http://demarcsek92.blogspot.ca/2014/05/mongodb-ssl-setup.html
SVN: pre-commit hook in svn: could not be translated from the native locale to UTF-8
Append below line to httpd.conf
SVNUseUTF8 on
SVNUseUTF8 on
Thursday, March 23, 2017
WebSphere 8.5 and 9.0 Silent Installation
1. Record Response File
# Windows = imcl.exe -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
# Linux, UNIX, IBM i and z/OS = ./imcl -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
# For example:
# Windows = IBMIM.exe -record c:\temp\responsefiles\WASv85.install.Win32.xml
# -skipInstall c:\temp\skipInstall\WebSphere_Temp_Registry
# Linux or UNIX = ./IBMIM -record /home/user/responsefiles/WASv85.install.RHEL64.xml
# -skipInstall c:\temp\skipInstall\WebSphere_Temp_Registry
2. Install
#
# Windows = imcl.exe -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
# Linux, UNIX, IBM i and z/OS = ./imcl -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
#
# For example:
# Windows = imcl.exe -acceptLicense -showProgress
# input c:\temp\responsefile\WASv85.install.Win32.xml
# Linux, UNIX, IBM i and z/OS = ./imcl -acceptLicense -showProgress
# input /home/user/responsefile/WASv85.install.RHEL64.xml
# Windows = imcl.exe -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
# Linux, UNIX, IBM i and z/OS = ./imcl -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
# For example:
# Windows = IBMIM.exe -record c:\temp\responsefiles\WASv85.install.Win32.xml
# -skipInstall c:\temp\skipInstall\WebSphere_Temp_Registry
# Linux or UNIX = ./IBMIM -record /home/user/responsefiles/WASv85.install.RHEL64.xml
# -skipInstall c:\temp\skipInstall\WebSphere_Temp_Registry
2. Install
#
# Windows = imcl.exe -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
# Linux, UNIX, IBM i and z/OS = ./imcl -acceptLicense -showProgress
# input <response_file_path_and_name> -log <log_file_path_and_name>
#
# For example:
# Windows = imcl.exe -acceptLicense -showProgress
# input c:\temp\responsefile\WASv85.install.Win32.xml
# Linux, UNIX, IBM i and z/OS = ./imcl -acceptLicense -showProgress
# input /home/user/responsefile/WASv85.install.RHEL64.xml
Tuesday, March 21, 2017
Disable PrivateTmp for Apache in REDHAT
https://www.reddit.com/r/Fedora/comments/35bsym/how_do_i_disable_privatetmp_for_apache/
/usr/lib/systemd/system/httpd.service.PrivateTmp = false
Tuesday, March 14, 2017
Install Microsoft Driver for unixODBC
Problem:
[unixODBC][Driver Manager]Data source name not found, and no default driver specified (SQL-IM002)
No DBI connect:[unixODBC][Driver Manager]Data source name not found, and no default driver specified (SQL-IM002) at xxxxxxx line 17.
Solution:
http://www.perlmonks.org/?node_id=1033737
perl -MDBI -e 'DBI->installed_versions'
[root@goweek01 tds]# perl -MDBI -e 'DBI->installed_versions'
Perl : 5.024001 (x86_64-linux-thread-multi)
OS : linux (4.10.0-0.rc4.git0.2.fc26.x86_64)
DBI : 1.636
DBD::Sponge : 12.010003
DBD::Pg : 3.5.3
DBD::PO : install_driver(PO) failed: Global symbol "@A" requires explicit package name (did you forget to declare "my @A"?) at /usr/local/share/perl5/DBD/PO/Locale/PO.pm line 291, <DATA> line 755.
Compilation failed in require at /usr/local/share/perl5/DBD/PO/Text/PO.pm line 11, <DATA> line 755.
BEGIN failed--compilation aborted at /usr/local/share/perl5/DBD/PO/Text/PO.pm line 11, <DATA> line 755.
Compilation failed in require at /usr/local/share/perl5/DBD/PO/dr.pm line 10, <DATA> line 755.
BEGIN failed--compilation aborted at /usr/local/share/perl5/DBD/PO/dr.pm line 10, <DATA> line 755.
Compilation failed in require at /usr/local/share/perl5/DBD/PO.pm line 12, <DATA> line 755.
BEGIN failed--compilation aborted at /usr/local/share/perl5/DBD/PO.pm line 12, <DATA> line 755.
Compilation failed in require at (eval 53) line 3, <DATA> line 755.
at -e line 1.
DBD::Oracle : 1.74
DBD::ODBC : 1.56
DBD::Multi : 0.18
DBD::Mock : 1.45
DBD::Log : DBD::Log initialisation failed: Can't call method "driver" without a package or object reference at /usr/local/share/perl5/DBD/Log.pm line 219, <DATA> line 755.
at -e line 1.
DBD::LDAP : 0.22
DBD::Gofer : 0.015327
DBD::File : 0.44
DBD::ExampleP : 12.014311
DBD::DBM : 0.08
[root@goweek01 tds]# odbcinst -j
unixODBC 2.3.4
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /root/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8
[root@goweek01 etc]# odbcinst -q -s
[SQLdev]
[classdata]
[mssqldev]
-bash-4.3$ odbcinst -j
unixODBC 2.3.4
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /home/goweekendweb/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8
[MSSQLprod]
Driver = SQLServer
Description = goweekendWeb production
Server = classdata.toronto.ca
TDS_Version = 7.0
Database = goweekendWeb
-bash-4.3$ odbcinst -q -s
[MSSQLprod]
[SQLdev]
[classdata]
[mssqldev]
[root@goweek01 parks]# cat /etc/odbc.ini
[SQLdev]
Driver = SQLServer
Description = goweekendWeb Dev
Server = mssds152q.goweekend.ca
Database = goweekendWeb
Trace = Yes
TraceFile = /var/tmp/sqlserver.log
[root@goweek01 parks]# cat /etc/odbcinst.ini
[PostgreSQL]
Description=ODBC for PostgreSQL
Driver=/usr/lib/psqlodbcw.so
Setup=/usr/lib/libodbcpsqlS.so
Driver64=/usr/lib64/psqlodbcw.so
Setup64=/usr/lib64/libodbcpsqlS.so
FileUsage=1
[MySQL]
Description=ODBC for MySQL
Driver=/usr/lib/libmyodbc5.so
Setup=/usr/lib/libodbcmyS.so
Driver64=/usr/lib64/libmyodbc5.so
Setup64=/usr/lib64/libodbcmyS.so
FileUsage=1
[SQLServer]
Description=Microsoft ODBC Driver 13 for SQL Server
Driver=/opt/microsoft/msodbcsql/lib64/libmsodbcsql-13.1.so.4.0
UsageCount=1
[unixODBC][Driver Manager]Data source name not found, and no default driver specified (SQL-IM002)
No DBI connect:[unixODBC][Driver Manager]Data source name not found, and no default driver specified (SQL-IM002) at xxxxxxx line 17.
Solution:
http://www.perlmonks.org/?node_id=1033737
perl -MDBI -e 'DBI->installed_versions'
[root@goweek01 tds]# perl -MDBI -e 'DBI->installed_versions'
Perl : 5.024001 (x86_64-linux-thread-multi)
OS : linux (4.10.0-0.rc4.git0.2.fc26.x86_64)
DBI : 1.636
DBD::Sponge : 12.010003
DBD::Pg : 3.5.3
DBD::PO : install_driver(PO) failed: Global symbol "@A" requires explicit package name (did you forget to declare "my @A"?) at /usr/local/share/perl5/DBD/PO/Locale/PO.pm line 291, <DATA> line 755.
Compilation failed in require at /usr/local/share/perl5/DBD/PO/Text/PO.pm line 11, <DATA> line 755.
BEGIN failed--compilation aborted at /usr/local/share/perl5/DBD/PO/Text/PO.pm line 11, <DATA> line 755.
Compilation failed in require at /usr/local/share/perl5/DBD/PO/dr.pm line 10, <DATA> line 755.
BEGIN failed--compilation aborted at /usr/local/share/perl5/DBD/PO/dr.pm line 10, <DATA> line 755.
Compilation failed in require at /usr/local/share/perl5/DBD/PO.pm line 12, <DATA> line 755.
BEGIN failed--compilation aborted at /usr/local/share/perl5/DBD/PO.pm line 12, <DATA> line 755.
Compilation failed in require at (eval 53) line 3, <DATA> line 755.
at -e line 1.
DBD::Oracle : 1.74
DBD::ODBC : 1.56
DBD::Multi : 0.18
DBD::Mock : 1.45
DBD::Log : DBD::Log initialisation failed: Can't call method "driver" without a package or object reference at /usr/local/share/perl5/DBD/Log.pm line 219, <DATA> line 755.
at -e line 1.
DBD::LDAP : 0.22
DBD::Gofer : 0.015327
DBD::File : 0.44
DBD::ExampleP : 12.014311
DBD::DBM : 0.08
[root@goweek01 tds]# odbcinst -j
unixODBC 2.3.4
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /root/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8
[root@goweek01 etc]# odbcinst -q -s
[SQLdev]
[classdata]
[mssqldev]
-bash-4.3$ odbcinst -j
unixODBC 2.3.4
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /home/goweekendweb/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8
[MSSQLprod]
Driver = SQLServer
Description = goweekendWeb production
Server = classdata.toronto.ca
TDS_Version = 7.0
Database = goweekendWeb
-bash-4.3$ odbcinst -q -s
[MSSQLprod]
[SQLdev]
[classdata]
[mssqldev]
[root@goweek01 parks]# cat /etc/odbc.ini
[SQLdev]
Driver = SQLServer
Description = goweekendWeb Dev
Server = mssds152q.goweekend.ca
Database = goweekendWeb
Trace = Yes
TraceFile = /var/tmp/sqlserver.log
[root@goweek01 parks]# cat /etc/odbcinst.ini
[PostgreSQL]
Description=ODBC for PostgreSQL
Driver=/usr/lib/psqlodbcw.so
Setup=/usr/lib/libodbcpsqlS.so
Driver64=/usr/lib64/psqlodbcw.so
Setup64=/usr/lib64/libodbcpsqlS.so
FileUsage=1
[MySQL]
Description=ODBC for MySQL
Driver=/usr/lib/libmyodbc5.so
Setup=/usr/lib/libodbcmyS.so
Driver64=/usr/lib64/libmyodbc5.so
Setup64=/usr/lib64/libodbcmyS.so
FileUsage=1
[SQLServer]
Description=Microsoft ODBC Driver 13 for SQL Server
Driver=/opt/microsoft/msodbcsql/lib64/libmsodbcsql-13.1.so.4.0
UsageCount=1
Monday, March 13, 2017
Thursday, March 2, 2017
IBM HTTP Server: Startup FAQ and mustgather
http://publib.boulder.ibm.com/httpserv/ihsdiag/gather_startup_doc.html#SOLGSKIT2
On some Solaris/SPARC systems manufactured by Fujitsu, GSKit can hang during startup. To resolve the issue, take the following two steps:
- Upgrade GSKit to 8.0.50.61 or later (8.5.5.10, 8.0.0.13, or older fixpacks with PI60207)
- Specify
SSLAttributeSet 4007 1to prevent the FIPS certified ICC 8.4 from being loaded. Note: If usingSSLFIPSEnable, you must also opt-in to using a non-certified cryptograhic module with environment variableICC_IGNORE_FIPS=YES
Some other instructions may refer to removing a "C/" directory from the GSKit lib directory. This should have the same result asSSLAttributeSet 4007 1-- disabling the initialization of the FIPS certified cryptographic module inside of GSKit. There is always a 2nd, non-certified cryptographic module that can be used.
Append below line at the end of httpd.conf
SSLAttributeSet 4007 1
You may need reboot the server.
I tried " SSLAttributeSet 4007 1", it doesn't fix the problem, then I deleted
"C/" directory from the GSKit lib directory, and it works.
I tried " SSLAttributeSet 4007 1", it doesn't fix the problem, then I deleted
"C/" directory from the GSKit lib directory, and it works.
Subscribe to:
Posts (Atom)