Script to Move Database Location – mySQL

Don’t run this script.  It’s a concept that I haven’t tested and running it is pretty well guaranteed to crash your mysql server.  It’s designed to make the relocation of data faster, but I don’t have time to finish it today.

You should probably use this fellow link because it works… it’s just slower and manual.  Oh, and if you do get a scripting urge, please make this script work properly for me and post it in a comment.  Thanks.

 

USER=root
PASSWORD=yourpassword
DBS="$(mysql --user=$USER --password=$PASSWORD -Bse 'show databases')"
OLDDATA_DIR="/var/lib/mysql"
NEWDATA_DIR="/database/lib/mysql"

mkdir -pv $NEWDATA_DIR

for FILE in ${DBS[@]}; do
        DATABASE=`basename $FILE`
        echo cp -R $OLDDATA_DIR/$DATABASE $NEWDATA_DIR/$DATABASE
done

# Set permissions
chown -R mysql:mysql $NEWDATA_DIR

# Archive the old & link it to the new
mv $OLDDATA_DIR OLDDATA_DIR-old
ln -s $NEWDATA_DIR/$DATABASE $OLDDATA_DIR/$DATABASE

#get_mysql_option mysqld datadir "/database/lib/mysql"
sed -i  's|$OLDDATA_DIR|$NEWDATA_DIR|' /etc/init.d/mysqld
sed -i  's|$OLDDATA_DIR|$NEWDATA_DIR|' /etc/my.cnf

Call Routing – Cheatsheet for Cisco’s Unified Call Manager (CUCM)

having recently taken over a couple of call manager clusters I’ve found is useful to take some notes about what I see under the hood to give myself a quick cheatsheet.  I really think Cisco did everything they could to make the CUCM as easy as possible…. if you understand the fundamental components, and the most fundamental component of the unified communications system is the call routing database used to perform digit analysis and direct traffic to the intended destination.

CUCM call routing use the following components:

  • Route Pattern (RP)
  • Route List (RL)
  • Route Group (RG)
  • Gateway/Trunk (GW/ICT)

When calling, Cisco phones send their digits to the CUCM where the routing DB is used to direct the call.  Once analysis is complete the call will be routed to the called party.

Routing Patterns make use of wild cards, but it should be noted that the more specific the pattern the higher preference given to that particular entry.  These are fairly similar to Unix wildcards.  Entries can look like this:

  • 1208 – An exact number match used for directory numbers that are assigned to a partition and route to a specific Cisco IP phone (SEP001894F90E0A)
  • 120X – 1200 to 1209 plus 120* and 120#
  • 120[5-9] – 1205 to 1209. Translation patterns used to route unassigned calls to the operator.
  • 120[^0-4] – 1205 to 1209 (exclude 0-4).  I don’t think we use these.
  • . – Digit stripping and manipulation
  • 9.@ – Route pattern used at most companies for outgoing calls where you dial 9
  • # – timing out for International calls

In the CUCM take a look at “Call Routing | Route Plan Report” and you will see your current  plan.  They are listed in 5 columns. The first is a graphic representation of  the 4th (Type).  The others are Pattern, Partition and Route Detail.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Short Notice Move of DIDs with Cisco Call Manager 5

I ran into a situation where we have to move an office quickly; meaning we will be removing the voice gateway at that office, dropping the circuits and starting fresh in another office.  This isn’t easy.  What do you do to get the DID’s forwarded to a new location.  This is an howto of the process, but first a discussion of my resources.

The central problem is how long it takes to port DID’s to a a new PRI or port a PRI to a new voice gateway.  It’s much faster to individually forward the individual DIDs to a new set of DIDs.

IMPORTANT NOTE – US Telcos are likely not going to allow you to forward individual DIDs to other DIDs unless you have an emergency, like a fire or flood.  In the event of a disaster they will temporarily forward lines in this fashion and I presume quickly ports the DIDs of the PRI/ISDN.  But, without a disaster it’s a 30-45 day process.   If, however, you are porting what the FCC calls a ‘simple’ phone number which is defined as not a part of a PRI/ISDN and only a single number the LNP laws specify that this has to take place in one day.

Continue reading

Updating your ESX or ESXi Server

Patching a server is important not just for the security but for the features that you will be missing.  this is particulary true of ESX where the VMware folks have to keep updating the supported operating systems for the guest systems.   Updating is pretty easy too.

A COUPLE OF NOTES

  • Patching typically requires maintenance mode and often a reboot.  The bottom line here is that it’s an outage for your systems.
  • Some patches will require you to load a new client for the vSphere before you can get access.

GET READY

  1. Locate the the appropriate patches http://www.vmware.com/patchmgr/download.portal if you don’t know what version your are running then take a look in you vSphere client under “About”
  2. See what’s needed with the CLI command “esxupdate query” This is going to show you what is already installed  For instance it may say “VMware ESXi 4.0 Update 3″  Let’s consider installing update 4.
  3. Place your ESX in Maintenence mode using one of these two commands:ESXi: # vim-cmd hostsvc/maintenance_mode_enter
    ESX: # vimsh -n -e /hostsvc/maintenance_mode_enter
  4. Copy the link for update 4 from step #1 and setup the download process.esxupdate –bundle=https://hostupdate.vmware.com/software/VUM/OFFLINE/release-322-20111116-059770/update-from-esxi4.0-4.0_update04.zip update
  5. Wait for it to complete.  If you get a message about “it is installed or obsoleted” those are two possible problems, but consider that your link from #1 could be for the wrong ESX version as well.
  6. Once installed Get out of maintenance mode:ESXi: # vim-cmd /hostsvc/maintenance_mode_exit
    ESX: # vimsh -n -e /hostsvc/maintenance_mode_exit

    ESXi: # vim-cmd /hostsvc/hostsummary | grep inMaintenanceMode
    ESX: # vimsh -n -e /hostsvc/hostsummary | grep inMaintenanceMode

  7. Reboot as necessary.
  8. Reload your vSphere client.

QED -

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Setting up Apache Log File Rotation

This how-to walks users through setting up proper log file rotation for a multil-site Apache installation where the log file are broken out by site. I built all this on my own, but forgot about logfile rotation so now the log files just keep growing and growing.  Time to institute a log rotation algorithm.

For the most part when you are working with Unix you will find that the syslog daemon handles how messages are logged in you system, but Apache handles it’s own logs and the details are typically kept in the httpd.conf file.

sudo grep -i 'log' /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*
# Custom log file locations
LogLevel warn
ErrorLog  /var/www/html/site1.com/log/error.log
CustomLog /var/www/html/site1.com/log/access.log combined
# Custom log file locations
LogLevel warn
ErrorLog  /var/www/html/site2.com/log/error.log
CustomLog /var/www/html/site2.com/log/access.log combined
# Custom log file locations
LogLevel warn
ErrorLog  /var/www/html/site3.com/log/error.log
CustomLog /var/www/html/site3.com/log/access.log combined

So, grepping gives me a listing of logfile locations for each of the sites and as you can see they are all located in different directories.  You probably also noticed that there are logfiles in the con.d directory that I grepped for.  A lot of stuff will want to install there, like phpMyAdmin or webalizer or ssl.conf.  One other note, some installations will have their config files in an apache2 directory. Continue reading

Summary of Google’s Privacy Policy – March 2012

Disclaimer: I am not a lawyer and my views are simply my interpretation of information posted publicly by Google.  However, I think I put together a pretty good and easy to read intepretation of the new policy.

Google announced a new privacy policy the other day and characterized it as very user friendly because it combines more than 60 policies into a single policy.  I have to agree with that characterization.  One of the most important features of a privacy policy should be it’s transparency and having 60-some overlapping policies is not very transparent and pretty well impossible to read through.

One other significant change is that while you may have created accounts with special aliases to hide your identity, these are not necessarily anonymous anymore.  Google has be transitioned to a unified Google account where a single profile is attached to multiple services. Some or all Google services may replace your pseudonym  with your Google Profile account name and picture and make that information available publicly.  This has become part of the ‘Information you volunteered to Google’ [see below].

WHAT THEY COLLECT

  1. Information you volunteer to Google – Information you give Google when you sign up for a service like your name, email address, telephone number or credit card and possibly a publicly visible Google Profile, which may include your name and photo.
  2. Information Google learns while you use their services
    1. Device Information – such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google is able to associate your device identifiers or phone number with your Google Account.
    2. Log information – Details of how you used a Google service, such as your search queries, IP Address, cookies, browser type, browser language, the date.  Some applications may log, device event information such as crashes, system activity, hardware settings.
    3. Log information – Details of how you used a Google service, such as your search queries, IP Address, cookies, browser type, browser language, the date.  Some applications may log, device event information such as crashes, system activity, hardware settings.
    4. Unique application number – Tracks Google application versions for automatic updates.
    5. Cookies – limited data is collected through cookies and shared with advertisers (opt-in consent for personal info)

WHO HAS THE ACCESS TO THE INFO

  • Google Employees – They say the information is distributed on a ‘need-to-know’ basis, but there are certainly some Google employees who have access to all of the information, sensitive and otherwise.
  • Companies Outside Google – may purchase information, but personal (confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality) information is not shared without your consent (opt-in)
  • External Processing Companies – companies that process the data for Google in accordance with Google privacy policies.
  • Law Enforcement/Govt. – Any enforceable governmental request or if are believed to have violated the Terms of Service.

TRANSPARENCY
In the interest of transparency Google offers these links to assist you to understanding the scope of the information stored and to control that information, in a limited way.

  1. Review Your Accounthttps://www.google.com/dashboard/?hl=en
  2. Advertising Managementhttps://www.google.com/settings/u/0/ads/preferences/?hl=en
  3. Edit Your Profilehttp://support.google.com/accounts/bin/answer.py?hl=en&answer=97706
  4. Control Your Circle of Friendshttp://support.google.com/plus/bin/static.py?hl=en&page=guide.cs&guide=1257347
  5. I want outhttp://www.dataliberation.org/

References:
ACLU Article hammering home the danger of targeted ads.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Mounting a ‘Foreign’ LVM Volume

First, what do I mean by foreign?  Foreign means mounting the logical volume with an OS that it wasn’t originally installed on.  This could be because you are using KNOPPIX to repair something on the volume, or because you’ve moved the disk to a new location.

The process itself if quite simple, but it would help if you understood how logical volumes work first.  Click here for some nice background

Mounting an LVM Volume

  1. First Identify it with the fdisk command
  2. And find the VolGroup with the pvs command
  3. lvdisplay will show you the Logical Volume
  4. Finally mount it

# fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes255 heads, 63 sectors/track, 60801 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytes
Device Boot      Start         End      Blocks   Id  System/dev/sda1   *           1          13      104391   83 Linux/dev/sda2              14       60801   488279610   8e  Linux LVM

# pvs  PV         VG         Fmt  Attr PSize   PFree
/dev/sda2  VolGroup00 lvm2 a-   465.66G    0

lvdisplay

Okay, this isn’t finished yet, but I published it so that next time I’m working on this task I’ll complete it.  If you have any suggestions or want to complete this list. let me know.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Common Email Error Codes

Please help me add to these. If you have more add a comment and I’ll extend the list.  Thanks.

ERROR : “Remote host said: 476 – connection from your host are denied “
REASON : If sending client originates too many requests of the server in too short a time this will result in a lockout of that account for a period of time.  I have seen this happen when I open a huge IMAP account on a new machine.  You can either adjust one or more of the parameters or whitelist the IP Address.

ERROR : “Remote host said: 550 Requested action not taken: mailbox unavailable Giving up on “
REASON : If sending address is invalid,then you will get this message

ERROR : Sorry, I couldn’t find any host named
REASON : Problem with the recipient domain. i.e , The domain name specified is unknown. Either you typed it incorrectly or that domain no longer exists.

ERROR : “Remote host said: 550 abc [at] example [dot] com: Recipient address rejected:” unknown user
REASON : The email address specified by you was incorrect. kindly check the recipient email address.

ERROR : Remote host said: 554 Message type not allowed. UP Email not accepted for policy reasons
REASON : Please add SPF records for your DNS and send the mail.

ERROR : Remote host said:553: Relay access denied
REASON : This error means that the person sending the email was not authorized to use the email server (SMTP) server. In your email-client please enable this option —> my server requires Authentication(In out going server settings)

ERROR : Remote host said 554: Sender address rejected: Access denied
REASON :This error means that the sender address is blacklisted in one of the spam filter lists .

ERROR : 554 #5.5.4 Relaying denied. IP name lookup failed for
REASON : Your IP address does not have a reverse DNS record.

ERROR :Remote host said: 553 sorry, that domain isn’t in my list of allowed rcpthosts
REASON :This error means that the local user ( who is allowed to send mails locally, not to outside domains) is sending mail to the outside world.

ERROR : “Sorry, no mailbox here by that name”
REASON : This is due to invalid email address.please check the email-address and try again.

ERROR : Connected to but greeting failed
REASON : This sometimes occurs when your servers Ip is blacklisted.

ERROR : Connected to but connection died. (#4.4.2) I’m not going to try again; this message has been in the queue too long.
REASON : Recipient server was facing some problem at that time.try to resend the mail again.

ERROR :This message is looping: it already has my Delivered-To line
REASON : problem with the aliases.please check the aliases

ERROR : Sorry, I wasn’t able to establish an SMTP connection. (#4.4.1) I’m not going to try again; this message has been in the queue too long
REASON : If the recipient domain does not have valid mx record, you will get this error.so please contact them and get it rectified.

ERROR : Connected to 192.121.XX.XXX but authentication was rejected (password).“Remote host said: 535 authorization failed”
REASON : This is due to wrong password.please check the password.

ERROR :user [at] example [dot] com:qmail-group: fatal: get ldap group entry: no such object I’m not going to try again; this message has been in the queue too long
REASON :

ERROR : Sorry, user@domain.com is over their allocated Quota
REASON : The recipient’s mailbox is full. Contact them to delete some emails.

ERROR : Remote host said:552 sorry, that message size exceeds my databytes limit
REASON : The size of the attachment is too large.please try to reduce the size of attachment and try to send the mail.

ERROR : Connected to 45.54.XXX.XXX but sender was rejected. Remote host said: 550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems. For sender troubleshooting information, please go to http://postmaster.msn.com. Please note: if you are an end-user please contact your E-mail/Internet Service Provider for assistance.
REASON : Please add SPF record for your DNS.This will solve the problem.