Nelson's Corner: May 2012

Wednesday, May 16, 2012

VxVM not mounting on boot up

I notice that the Volume I have created under Veritas doesn't mount on boot even though it was on /etc/fstab. I'm using CentOS 6. Below is my entry on /etc/fstab

/dev/vx/dsk/datadg/datavol /file ext4 defaults,_netdev 0 0

I found out that it requires netfs so I add it on boot and it was now mounting after the reboot

[root@centosprod1 ~]# chkconfig --list | grep 3:on | grep netfs
netfs           0:off   1:off   2:on    3:on    4:on    5:on    6:off

Monday, May 14, 2012

How to add device in LVM

My current setup is Raid5 with 2 Device. I decided to add a new disk so I need to configure Raid5 with 3 device. Below are the procedures that I did.

Record first your existing setup

[root@centosprod1 ~]# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4]
md0 : active raid5 sdf1[2] sdg1[3]
      1043968 blocks super 1.2 level 5, 512k chunk, algorithm 2 [2/2] [UU]

unused devices:

[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
        Version : 1.2
  Creation Time : Mon May  7 14:35:19 2012
     Raid Level : raid5
     Array Size : 1043968 (1019.67 MiB 1069.02 MB)
  Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
   Raid Devices : 2
  Total Devices : 2
    Persistence : Superblock is persistent

    Update Time : Mon May 14 12:52:21 2012
          State : clean
 Active Devices : 2
Working Devices : 2
 Failed Devices : 0
  Spare Devices : 0

         Layout : left-symmetric
     Chunk Size : 512K

           Name : centosprod1:0  (local to host centosprod1)
           UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
         Events : 104

    Number   Major   Minor   RaidDevice State
       3       8       97        0      active sync   /dev/sdg1
       2       8       81        1      active sync   /dev/sdf1

We will now add the new device /dev/sde1

[root@centosprod1 ~]# mdadm --add /dev/md0 /dev/sde1
mdadm: added /dev/sde1

[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
        Version : 1.2
  Creation Time : Mon May  7 14:35:19 2012
     Raid Level : raid5
     Array Size : 1043968 (1019.67 MiB 1069.02 MB)
  Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
   Raid Devices : 2
  Total Devices : 3
    Persistence : Superblock is persistent

    Update Time : Mon May 14 13:02:13 2012
          State : clean
 Active Devices : 2
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 1

         Layout : left-symmetric
     Chunk Size : 512K

           Name : centosprod1:0  (local to host centosprod1)
           UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
         Events : 105

    Number   Major   Minor   RaidDevice State
       3       8       97        0      active sync   /dev/sdg1
       2       8       81        1      active sync   /dev/sdf1

       4       8       65        -      spare   /dev/sde1

The disk has been added but you would notice that it is still spare. We will now set our raid array to have 3 devices

[root@centosprod1 ~]# mdadm --grow /dev/md0 --raid-devices=3
mdadm: Need to backup 1024K of critical section..

[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
        Version : 1.2
  Creation Time : Mon May  7 14:35:19 2012
     Raid Level : raid5
     Array Size : 1043968 (1019.67 MiB 1069.02 MB)
  Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
   Raid Devices : 3
  Total Devices : 3
    Persistence : Superblock is persistent

    Update Time : Mon May 14 13:03:28 2012
          State : clean, reshaping
 Active Devices : 3
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 0

         Layout : left-symmetric
     Chunk Size : 512K

 Reshape Status : 8% complete
  Delta Devices : 1, (2->3)

           Name : centosprod1:0  (local to host centosprod1)
           UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
         Events : 120

    Number   Major   Minor   RaidDevice State
       3       8       97        0      active sync   /dev/sdg1
       2       8       81        1      active sync   /dev/sdf1
       4       8       65        2      active sync   /dev/sde1

The new disk has successfully added.

[root@centosprod1 ~]# mdadm --detail /dev/md0
/dev/md0:
        Version : 1.2
  Creation Time : Mon May  7 14:35:19 2012
     Raid Level : raid5
     Array Size : 1043968 (1019.67 MiB 1069.02 MB)
  Used Dev Size : 1043968 (1019.67 MiB 1069.02 MB)
   Raid Devices : 3
  Total Devices : 3
    Persistence : Superblock is persistent

    Update Time : Mon May 14 13:10:00 2012
          State : clean, reshaping
 Active Devices : 3
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 0

         Layout : left-symmetric
     Chunk Size : 512K

 Reshape Status : 63% complete
  Delta Devices : 1, (2->3)

           Name : centosprod1:0  (local to host centosprod1)
           UUID : f443db62:a4ff36fd:ab0706e4:d9e299cc
         Events : 157

    Number   Major   Minor   RaidDevice State
       3       8       97        0      active sync   /dev/sdg1
       2       8       81        1      active sync   /dev/sdf1
       4       8       65        2      active sync   /dev/sde1

Saturday, May 5, 2012

How to convert Putty's ppk to be compatible with SecureCRT

I'm using Putty to connect to my server. However, it is much comfortable to use SecureCRT. I have .ppk use in my Putty to connect to some of our server. Since I'll be using SecureCRT, I have to convert into a format SecureCRT will understand.

To convert .ppk to .pub, do the ff:

1. Run "puttygen.exe". The "PuTTY Key Generator" dialog will appear.

2. Use the "Load" button to load the .ppk file that contains your private key. If your private key file is protected with a passphrase, you will be prompted to supply the passphrase in order to complete the loading of the private key.

3. Once the private key has been loaded properly, choose "Export OpenSSH key" from the main "Conversions" pull-down menu that is part of the "PuTTY Key Generator" window.

4. When the "Save private key as:" window appears, specify a filename for the private key file such as "Identity" and choose "Save".

NOTE: The private key file name should not have any extension associated with it. For example, if SecureCRT is configured to use a public key named "Identity.pub", it expects to find the private key in the same folder as the public key file, with the name of "Identity".

Similarly, if SecureCRT is confgured to use a private key named "Identity", it expects to find a the public key in a file named "Identity.pub" located in the same folder as the private key file.

Now you will need to export the public key to a file format that follows the IETF SecSH internet-draft.

5. Choose "Save public key". When the "Save public key as:" window appears, specify a filename for the public key file, such as "Identity.pub", and choose "Save".

NOTE: It is important for use with VanDyke Software products that the public and private key files both share the same basename. For example, if you named your private key file "Identity" as suggested in step 4 above, the public key file should be saved as "Identity.pub".

Once you have completed the steps outlined above, you will be able to use your Identity and Identity.pub files with VanDyke Software products.

How to convert .crt to .pem

If you'll be converting .crt to .pem, you may use the ff commands

openssl x509 -in server.crt -out server.der -outform DER
openssl x509 -in server.der -inform DER -out server.pem -outform PEM

Verify first if your key is in PEM format. Mostly, they begin in --BEGIN and can read with a text editor. If you'll be converting .key to .pem, just replace openssl x509 with openssl rsa. Normally, server.key is your private key and server.crt is your signed or returned certificate.

How to verify Solaris if its 32 or 64 bit

How to determine if the running solaris OS has a 32bit or 64bit architerture? Use the isainfo command

$ isainfo -v
64-bit sparcv9 applications
        vis2 vis
32-bit sparc applications
        vis2 vis v8plus div32 mul32

If you only see 32-bit sparc applications, this means that you are only running 32bit but if you also see the 64-bit sparcv9 applications, then you're running 64bit.

Turn off service on Solaris 10

I usually install Linux as minimal as I could. I don't like services running on my box that I will not use. It's just a security hole. However, in Solaris, if I use Core Support as my Software Distribution, it is minimal but there are lot of packages that I need and as you would know, it's a pain installing package in Solaris unlike RHEL and Ubuntu wherein there is yum and apt-get to take care of dependencies. So what I did is install Solaris Entire Distribution and just turn off those default service and boot the server with GUI turn off. I only want ssh as the only service running on my box. Below are the services that I turn off after it boots from the installation.

svcadm disable svc:/system/webconsole:console
svcadm disable svc:/application/management/wbem:default
svcadm disable svc:/network/rpc/bind:default
svcadm disable svc:/network/sendmail-client:default
svcadm disable svc:/network/smtp:sendmail

Below are the open ports before I turn off those services.

# netstat -an | grep -i listen
      *.111                *.*                0      0 49152      0 LISTEN
127.0.0.1.5987             *.*                0      0 49152      0 LISTEN
127.0.0.1.898              *.*                0      0 49152      0 LISTEN
127.0.0.1.32771            *.*                0      0 49152      0 LISTEN
127.0.0.1.5988             *.*                0      0 49152      0 LISTEN
127.0.0.1.32772            *.*                0      0 49152      0 LISTEN
      *.22                 *.*                0      0 49152      0 LISTEN
127.0.0.1.6788             *.*                0      0 49152      0 LISTEN
127.0.0.1.6789             *.*                0      0 49152      0 LISTEN
127.0.0.1.32780            *.*                0      0 49152      0 LISTEN
      *.22                              *.*                             0      0 49152      0 LISTEN

Here is now the output of netstat after turning off those services.

# netstat -an | grep -i listen
      *.22                 *.*                0      0 49152      0 LISTEN
      *.22                              *.*                             0      0 49152      0 LISTEN

How to mount cdrom on Solaris

We will not gonna use vold in mounting/unmounting media devices in this post. You need to determine first your cdrom by doing iostat -En. I'm using Virtualbox as my test machine on this post.

# iostat -En
c0t0d0           Soft Errors: 0 Hard Errors: 0 Transport Errors: 0
Vendor: ATA      Product: VBOX HARDDISK    Revision: 1.0  Serial No:
Size: 21.47GB <21474835968 bytes>
Media Error: 0 Device Not Ready: 0 No Device: 0 Recoverable: 0
Illegal Request: 24 Predictive Failure Analysis: 0
c0t1d0           Soft Errors: 0 Hard Errors: 0 Transport Errors: 0
Vendor: VBOX     Product: CD-ROM           Revision: 1.0  Serial No:
Size: 0.00GB <0 bytes>
Media Error: 0 Device Not Ready: 0 No Device: 0 Recoverable: 0
Illegal Request: 7 Predictive Failure Analysis: 0

In our posts above, the logical device name of our cdrom is c0t1d0. So basically, our cdrom is in /dev/dsk/c0t1d0s0. We gonna mount now the cdrom on /cdrom. Make sure /cdrom directory exist.

# ls -ld /cdrom
drwxr-xr-x   2 root     root         512 Oct  1 11:44 /cdrom
# df -k /cdrom
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t0d0s0    16913063 1303986 15439947     8%    /
# mount -F hsfs -o ro /dev/dsk/c0t1d0s0 /cdrom
# df -k /cdrom
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t1d0s0    2096480 2096480       0   100%    /cdrom

You would notice that there is now /cdrom when you do df.

ssh breaks the while loop ssh breaks the while loop

I created a script that will execute command on the remote server using a ssh. Basically, you will command ssh user@server "command". However, ssh keeps on breaking the loop and it only takes action on the first line of the output. I discovered that it needs to stop reading from stdin. So I put -n on my ssh command and while loop is now ok.

ssh -n user@server "command"

Daemontools as upstart

I need to install daemontools as it is one of the requirements of qmail. I'll be installing it on CentOS 6. After installing all the source package, I check running process and I could not see any readproctitle service errors. It seems that svscan is not running. I should see it after the qmail installation. I just figured it out that I need to create svscan.conf on /etc/init. It is now using upstart. Below are the procedures I did:

echo "start on runlevel [12345]" > svscan.conf
echo "respawn" >> svscan.conf
echo "exec /command/svscanboot" >> svscan.conf
initctl reload-configuration
initctl start svscan

After this, I've checked the processes on my machine and I could see now the readproctitle service errors. BTW, I'm not doing this procedure on CentOS 5.6.

Note: You may need to command /command/svscanboot &

Enable History on HPUX

To enable history in hpux

echo $SHELL
/sbin/sh
sh -o vi

To recall the previous commands, just do Esc + K

Compile Error: DBA Could not find necessary header file

Error when compiling php

checking for cURL support... no
checking if we should use cURL for url streams... no
checking for QDBM support... no
configure: error: DBA: Could not find necessary header file(s).

To resolve, install gdbm-devel

Compile Error: Cannot find libmysqlclient

I'm compiling php via source under a 64bit CentOS 5.6. Encountered the ff while compiling:

checking for working const... yes
checking whether time.h and sys/time.h may both be included... yes
checking for working alloca.h... (cached) yes
checking for alloca... (cached) yes
checking for 8-bit clean memcmp... yes
checking for stdarg.h... (cached) yes
checking for mcrypt support... no
checking for MSSQL support via FreeTDS... no
checking for MySQL support... yes
checking for specified location of the MySQL UNIX socket... no
configure: error: Cannot find libmysqlclient under /usr.
Note that the MySQL client library is not bundled anymore!

To resolve, just put --with-libdir=lib64 in your ./configure options when compiling php.

Update: If this didn't work, try to install mysql-devel and compile again.

Compile Error: trouble compiling Net-SSLeay

I'm having a trouble compiling Net-SSLeay. Got an error when doing make

rm -f blib/arch/auto/Net/SSLeay/SSLeay.so
LD_RUN_PATH="/usr/lib" cc  -shared -O2 -L/usr/local/lib -fstack-protector SSLeay.o  -o blib/arch/auto/Net/SSLeay/SSLeay.so      \
           -L/usr/local/ssl -L/usr/local/ssl/lib -lssl -lcrypto -lz     \

/usr/bin/ld: /usr/local/ssl/lib/libcrypto.a(x86_64cpuid.o): relocation R_X86_64_PC32 against `OPENSSL_cpuid_setup' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: ld returned 1 exit status
make: *** [blib/arch/auto/Net/SSLeay/SSLeay.so] Error 1

I found that I need to recompile openssl with shared attributes (./config shared). After recompiling openssl with shared attributes, I was able to compile perl module Net-SSLeay successfully. BTW, I'm using 64bit CentOS 5.6

Compile Error: no recognized SSL/TLS toolkit detected

Encounter the ff error when installing apache2 with openssl support

no SSL-C headers found
configure error:...no recognized SSL/TLS toolkit detected

To resolve, install package openssl-devel.

Compile Error: ICU headers and libraries not found

Encounter the ff when compiling php5

checking for location of ICU headers and libraries... not found
configure: error: Unable to detect ICU prefix or no failed. Please verify ICU install prefix and make sure icu-config works.

To resolve, install package libicu and libicu-devel.

Compile Error: cannot find -lltdl

Error after doing make in php5.

/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status

To resolve, install package libtool-ltdl-devel

Compile Error: BerkeleyDB not available

I'm compiling openldap when suddenly compiling stops

checking db.h usability... no
checking db.h presence... no
checking for db.h... no
configure: error: BDB/HDB: BerkeleyDB not available

To resolve, you need to install db-5. If you still encounter the issue despite having db-5 installed on the system, try to export the ff:

CPPFLAGS="-I/usr/local/BerkeleyDB.5.3/include"
export CPPFLAGS
LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.5.3/lib -R/usr/local/BerkeleyDB.5.3/lib"
export LDFLAGS
LD_LIBRARY_PATH="/usr/local/BerkeleyDB.5.3/lib"
export LD_LIBRARY_PATH

Then compile again.

Reset password Cisco Router 2600 Series

I need to recover or at least reset all password of our Cisco Routers. Some of the Cisco Routers are 2500 Series and 2600 Series. Kinda old huh? This are the procedures I used to reset the password on Cisco Router 2600.

1. Connect your router to a pc. I'm using a Putty to access the router and use usb-to-serial cable because my laptop has no serial port. Below is the terminal settings on my putty. This is also applicable to Hyperterminal application on your Windows Machine

9600 baud rate
No parity
8 data bits
1 stop bit
No flow control

2. Boot up your router. Press Ctrl+Break immediately upon power on of the router.

3. Type o and press Enter at the > prompt, and record the current value of the configuration register (usually 0x2102, or 0x102)

4. Type o/r 0x2142 and press Enter at the > prompt to boot from Flash without loading the configuration

5. Type i at the > prompt and press Enter

6. Type no after each setup question or press Ctrl-C to skip the initial setup procedure

7. Type enable at the Router> prompt. You'll be in enable mode and see the Router# prompt

8. Type configure memory or copy startup-config running-config to copy the NVRAM into memory. Do not type write memory or copy running startup-config

9. Type write terminal or show running-config

The show running-config and write terminal commands show the configuration of the router. In this configuration you see under all the interfaces the shutdown command, which means all interfaces are currently shutdown. Also, you can see the passwords either in encrypted or unencrypted format.

10. Type configure terminal and make the changes.

11. Type enable secret

12. Issue the no shutdown command on every interface that is used. If you issue a show ip interface brief command after you exit configuration mode, every interface that you want to use should be "up up"

13. Type config-register 0x2102, or the value you recorded in step 4.

This causes the router to load the Cisco IOS software from the Flash with the configuration from NVRAM at the next reload.

14. Press Ctrl+Z to leave the configuration mode.

15. Type write memory or copy running-config startup-config to commit the changes.

16. Type Reload to restart the router with the Cisco IOS software booting from the Flash.

17. Finish. You should be able to login using your new password.

Compile Error: libssl not found when compiling dovecot

I'm compiling dovecot with ssl support when I got an error.

Checking for SSL_read in -lssl... no
configure: error: Can't build with OpenSSL: libssl not found

To resolve, install package openssl-devel.

readproctitle service errors: ...ut of disk space?multilog: warning: unable to write

If you got an error in readproctitle.

readproctitle service errors: ...ut of disk space?multilog: warning: unable to write

Try to command killall readproctitle and killall svscan. I encountered this issue in my qmail. Someone mess up my qmail box.

Compile Error: Cannot find ldap.h Cannot find ldap.h

I'm compiling php with ldap support but I encountered an error.

checking for ANSI C header files... (cached) yes
checking for LDAP support... yes
checking for LDAP Cyrus SASL support... no
configure: error: Cannot find ldap.h

To resolve, install package openldap-devel

Disable GUI on Solaris

After installing Solaris 10 on my Virtualbox, I would like to turn off the Graphical User Interface aka GUI since I won't be using it. To turn off the GUI, I use smf.

# svcadm disable cde-login

After doing it, I rebooted solaris and I don't see anymore GUI.

# svcs cde-login
STATE          STIME    FMRI
disabled       16:17:51 svc:/application/graphical-login/cde-login:default

Friday, May 4, 2012

Compile Error: xml-2 config not found

I'm compiling php 5.3.10 when I got this error.

checking whether to enable LIBXML support... yes 
checking libxml2 install dir... no 
checking for xml2-config path... configure: error: xml2-config not found. Please check your libxml2 installation.

To resolve, install package libxml-devel.

Nelson's Corner