Monday, November 12, 2018

Enable SSL debug in WebSphere

Append parameters into Generic JVM arguments

 -Djavax.net.debug=ssl,handshake,verbose 


keytool -import -trustcacerts -file /root/certs/goweekend.cert -alias cot_intra_qa -keystore csis_../jre/lib/security/cacerts


keytool -delete -alias ca_corp_qa -keystore ../jre/lib/security/cacerts
keytool -list -v -keystore ../jre/lib/security/cacerts

Wednesday, November 7, 2018

Configure Fedora 28/29 Authentication with sssd

https://www.server-world.info/en/note?os=Fedora_28&p=openldap&f=3

[root@www ~]#
dnf -y install openldap-clients sssd sssd-ldap oddjob-mkhomedir
# swicth authentication provider to sssd

[root@www ~]#
authselect select sssd with-mkhomedir
[root@www ~]#
vi /etc/openldap/ldap.conf
# add to the end: your LDAP server's URL and Suffix

URI ldap://dlp.srv.world/
BASE dc=srv,dc=world
[root@www ~]#
vi /etc/sssd/sssd.conf
# create new

# replace [ldap_uri], [ldap_search_base] to your own environment value

[domain/default]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://dlp.srv.world/
ldap_search_base = dc=srv,dc=world
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = True
ldap_tls_reqcert = allow

[sssd]
services = nss, pam, autofs
domains = default

[nss]
homedir_substring = /home

[root@www ~]#
chmod 600 /etc/sssd/sssd.conf

[root@www ~]#
systemctl restart sssd oddjobd

[root@www ~]#
systemctl enable sssd oddjobd

[root@www ~]#
logout
Fedora 28 (Server Edition)
Kernel 4.16.6-302.fc28.x86_64 on an x86_64 (ttyS0)

Admin Console: https://10.0.0.31:9090/ or https://[fe80::5054:ff:fe01:3710]:9090/

www login: redhat      # LDAP user
Password:              # password
Creating home directory for redhat.
Last login: Tue May 28 19:54:04 on ttyS0
[redhat@www ~]$        # just logined

# changing LDAP password is common way with passwd

[redhat@www ~]$
Changing password for user redhat.
Current Password:      # current one
New password:          # new one
Retype new password:
passwd: all authentication tokens updated successfully.

Tuesday, October 16, 2018

Recursively Replace String in Base Folder

#!/bin/bash

if [ $# -lt 2 ]; then
  echo "Usage: $0 < Base folder> <depth>"
  exit $LINENO
fi

baseFolder=$1
depth=$2

cd ${baseFolder}

i=1
searchPath="*"
while [ $i -lt $depth ]; do
for fileToFix in `egrep -l "mykeyword" ${searchPath}`
do
echo "Processing $fileToFix"
echo "
1,$ s/mykeyword/myKeyWord/g
.
w
q" | ed ${fileToFix}
done
   i=$(($i + 1))
   searchPath="*/${searchPath}"
done

Thursday, October 11, 2018

Oracle: RDA

Login as Oracle User
1. Create configuration file

$ rda -S

2. Generate Reports
$ rda
or
$ rda -fv

3. Optional, put the output on web server, i.e. Apache httpd.

http://www.goweekend.ca/output/RDA__start.htm




Saturday, October 6, 2018

Create Cacti-SNMP Plugin

1. SNMP Agent
2. SNMP xml
3. Data Queries
4. Data Template
5. Associate Graph Template in Data Queries

Monday, June 11, 2018

rsync

Remove the files deleted in source and ignore the existing files
time rsync -arv --delete --ignore-existing /src /dest

Wednesday, May 30, 2018

Docker on Oracle Linux

https://blogs.oracle.com/virtualization/install-docker-on-oracle-linux-7-v2

https://docs.docker.com/install/linux/docker-ce/centos/#install-docker-ce-1

Docker behind proxy
https://docs.docker.com/config/daemon/systemd/

Docker DNS
https://development.robinwinslow.uk/2016/06/23/fix-docker-networking-dns/



Friday, May 25, 2018

debug3: sign_and_send_pubkey: RSA SHA256:UlFZdH9rhOy9uNXoVv5JhSIej+B5xSMRLmocrICkDBk sign_and_send_pubkey: signing failed: agent refused operation

debug3: sign_and_send_pubkey: RSA SHA256:UlFZdH9rhOy9uNXoVv5JhSIej+B5xSMRLmocrICkDBk sign_and_send_pubkey: signing failed: agent refused operation

Solution:

# ssh-add -l
# ssh-add
# ssh-add -l

Thursday, May 24, 2018

Solaris ZFS Share NFS root control prefers to host name other than IP address

Solaris ZFS Share NFS root control prefers to host name other than IP address

Goal is to mount nfs share as root on client machine

Case 1:
drwx------+ 14 testuser    users         18 May 15 11:57 weekend
              user:testuser:rwxpdDaARWcC-s:fd-----:allow

With below command, on client, after mounted, root doesn't have any permission on weekend.
zfs set share=name=uatlogs,path=/uatlogs,prot=nfs,sec=sys,root=192.168.1.15,prot=smb,csc=auto  nfsserver/uatlogs

Solution:
use server name instead, root on client gets right permission as root.
zfs set share=name=uatlogs,path=/uatlogs,prot=nfs,sec=sys,root=uat01.goweekend.ca,prot=smb,csc=auto  nfsserver/uatlogs


Tuesday, May 15, 2018

dump WebSphere Heap

https://plumbr.io/outofmemoryerror/gc-overhead-limit-exceeded

cd <WebSphere Home>/java/bin
./jmap -dump:format=b,file=heap_dump.hprof <WebSphere Application Process ID>
./jmap -dump:format=b,file=heap_dump.hprof 15252

./jvisualvm --openpid 8471

Thursday, May 3, 2018

monitoredDeployableApps: Install application with customized properties

https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/trun_app_install_dragdrop_prop.html#trun_app_install_dragdrop_prop__enh

Trouble shooting wsadmin: http://www-01.ibm.com/support/docview.wss?uid=swg21140940

Step 1
Extract application properties to a file that uses the old application output format.

wsadmin> AdminTask.extractConfigProperties('[-propertiesFileName myApp.props -configData Deployment=MyApplication -options [[SimpleOutputFormat true]]]')


Step 2

Use the Global deployment settings page of an administrative console to set monitored directory values.
  1. Click Applications > Global deployment settings.
  2. To enable monitored directory deployment, select Monitor directory to automatically deploy applications.
    To disable monitored directory deployment, clear Monitor directory to automatically deploy applications.
  3. To change the monitored directory path, specify a new value for Monitored directory.
    Ensure that the directory that you specified for Monitored directory exists. The product does not create the directory for you.
  4. To change the polling interval, specify the number of seconds for Polling interval.
  5. Click Apply.
  6. If you are using an administrative console for a base (stand-alone) application server to change monitored directory values, restart the application server.
    If you are using an administrative console for a deployment manager to change monitored directory values, restart the deployment manager.

Step 3
Customize Property file as below

# Header MapModulesToServers#ResourceType=ApplicationImplementingResourceType=ApplicationResourceId=Deployment=!{applicationName}##Properties# Below can be copied from properties file genereated in step 1taskName=MapModulesToServersrow1={ module=WeekendDataEJB.jar  #readonly       uri=WeekendDataEJB.jar,META-INF/ejb-jar.xml  #readonly       server=WebSphere:cell=!{cellName},node=!{nodeName},server=!{serverName} }row0={ module=CommDataEJB.jar  #readonly       uri=CommDataEJB.jar,META-INF/ejb-jar.xml  #readonly       server=WebSphere:cell=!{cellName},node=!{nodeName},server=!{serverName} }
# Properties## Header CtxRootForWebMod#ResourceType=ApplicationImplementingResourceType=ApplicationResourceId=Cell=!{cellName}:Deployment=!{applicationName}## Below can be copied from properties file genereated in step 1
taskName=CtxRootForWebModrow1={ webModule=myWebW  #readonly       uri=myWebW.war,WEB-INF/web.xml  #readonly       web.contextroot=weekend }row0={ webModule=myWebGrant  #readonly       uri=myWebG.war,WEB-INF/web.xml  #readonly       web.contextroot=weekend/grant }
EnvironmentVariablesSection## Environment Variables#applicationName=myAppcellName=TestCell01nodeName=TestNode01serverName=server1
Step 4
Copy the property file into monitoredDeployableApps folder accordingly. If managed node, copy it into deployment manager domain; if it is standard application server, copy it to application server domain.

Verify the SystemOut.log if the process is initiated and finished. 

Thursday, April 26, 2018

NFS Share Folder and sub Folder Separately


/nfsshare *.goweekend.ca(ro,sync,subtree_check,fsid=0,no_root_squash)
/nfsshare/hr *.goweekend.ca(rw,fsid=1,no_root_squash)

Friday, April 13, 2018

Enable LDAP Authentication in Cent OS/RedHat/Oracle Linux

https://www.lisenet.com/2016/setup-ldap-authentication-on-centos-7/

# yum install -y nss-pam-ldapd nscd
# authconfig-tui

Monday, March 26, 2018

Virtualbox expands virtual disk

# vboxmanage modifyhd "/virtual/github-01/github.vdi" --resize 512000
#  lvdisplay
#  lvextend -l 100%FREE /dev/fedora/root
# xfs_growfs /

Tuesday, February 27, 2018

WebSphere Session Management and Database Connection Management

https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/tprs_cnfs.html

Thursday, February 22, 2018

ELK: TIMELION Syntax

.es(index=bi-experiment*,q='affiliateData.website:xyz.com',metric='sum:commission')

Tuesday, February 6, 2018

Problem: gst-core-error-quark

https://ask.fedoraproject.org/en/question/80825/gst-resource-error-quark/

# dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
#  dnf -y install gstreamer1-plugins-ugly gstreamer1-libav gstreamer-plugins-ugly

CentOS, RedHat 7 install nux-dextop

  268  rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

  270  rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
  271  yum repolist

  273  wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  274  rpm -ivh epel-release-latest-7.noarch.rpm
  275  yum install nux-dextop*

OPatch Auto Apply in RAC

$ /grid/11.2.0.4/OPatch/ocm/bin/emocmrsp -no_banner -output ~/ocm.rsp
$ time opatch auto /apps/newPSU/26635745 -ocmrf ~/ocm.rsp -oh /grid/11.2.0.4 

Thursday, February 1, 2018

X11Forward

Remote: myremote
Local: mylocal

Make sure X11Forwarding is enabled on remote server.

/etc/ssh/sshd_config
X11Forwarding yes
Step 1:
# ssh -X user@myremote
# xclock
# xauth list
myremote/unix:10  MIT-MAGIC-COOKIE-1  0c86bbc660cf37a8b3c843b190071835
# exit

Step 2:
# xauth list
# xauth add myremote/unix:10  MIT-MAGIC-COOKIE-1  0c86bbc660cf37a8b3c843b190071835
# xauth list

Step 3:

# ssh user@myremote
# xclock

You should be able to see xclock running on your local machine.

Wednesday, January 17, 2018

Solaris 11: CVE Management

Solaris 11 Critical Patch Update package to make it easier for you to install and track fixes for Criticial Vulnerabilities and Exposures (CVE).
Once you've installed the package (pkg install solaris-11-cpu), applying all available Solaris fixes for CVE is now as simple as:
# pkg update solaris-11-cpu

Solaris 11: pkg command

https://docs.oracle.com/cd/E53394_01/html/E54817/cvepkg.html

# pkg search CVE-2014-7187:

Verifying That the Latest CPU Is Installed
To determine the status of the latest solaris-11-cpu package, use the pkg list command.
$ pkg list -af solaris-11-cpu@latest
NAME (PUBLISHER)                                  VERSION                    IFO
support/critical-patch-update/solaris-11-cpu      2015.8-1                   ---
 
 Verifying That a Fix for a CVE ID Is Installed
      
To verify that you installed a fix for a specific CVE ID, search your installed packages for the CVE ID. If it is not installed, no output displays. The pkg search -l command searches the local disk only.
# pkg search -l CVE-2014-7187 INDEX ACTION VALUE PACKAGE info.cve set CVE-2014-7187 pkg:/support/critical-patch-update/solaris-11-cpu@2014.10-1


 
 # pkg list -af entire