SSL Certificate – Renewing a Certificate for ApacheSSL

This doc was written to assist with the next time I have to update the SSL cert on an ApacheSSL server. The specific examples here are from an RHEL5 server with Apache2.x

Here are the steps.

  1. Locate the Relevant Files - These files are the CRT and CSR. The CRT is issued by Thawte or Verisign, and the CSR is the request that you send to them. To find these locate your httpd.conf file or possibly the httpd-ssl.conf file in ./extras/. This stuff should typically be in /etc/httpd/conf, but idiots will place it in other locations because they don’t understand the UNIX conventions. Specifically you are looking for a line that says something line this. SSLCertificateKeyFile /usr/local/apache2/conf/server.key. That will take you to server.key as the file. You need to find the CSR associated with the key and copy that.
  2. Login to the Certificate Authority’s Web Site - For Thawte, we have an account itsupport/Thawt3SSL and fill out the information. If you get stuck, the reference the current ‘live’ certificate with your browser. You will need to paste the… sadly my notes just trail off here.
  3. Certificate Authority will Call You - So you need to be able to answer, or have someone fwd the Cert. Authority to your phone. The just want to verify things.
  4. Apply the Certificate - This will need to go in the file that is listed in your config files… see #1 above, but, SSLCertificateFile /usr/local/apache2/conf/server.crt it’s the .crt file not the key.
  5. Restart Apache - service httpd restart
  6. Check the Cert - for the new expiration date.

NB: if you need to make a change to any information, then the certificate authority will need to talk with company executives, have some faxes sent and generally draw the whole thing out. Also you will need to generate a new key. You will need to start with key generation:

Code:

/usr/bin/openssl genrsa -rand /dev/urandom -out /usr/local/apache2/conf/server_new.key 1024
/usr/bin/openssl req -new -key /usr/local/apache2/conf/server.key -out /usr/local/apache2/conf/server.csr

Create the .key and then the request .csr. This is where you make the changes to the information and the CSR is what you will submit to the authority.

Installing Oracle with an RPM

Recently I took on the task of finding a way to install oracle 11gR2 on CentOS x64. This process seems to not be talked about on the Internet, or maybe I just don’t know how to search.

So, what makes it so difficult? It’s larger than the maximum allowed RPM size of 2GB, but that shouldn’t stop you from breaking it up into two RPMS where the second one calls the installer in silent mode.

I have it working, but I just wondered why the Internet is so silent about this subject.

ANSWER:

A couple of weeks later and it looks like a matter of too much oracle documentation.  Oracle owns the SEO on these terms and penetrating them isn’t going to a simple matter of setting up an teaser article with a few terms filled out.  I’m going to try a few keywords and see how that goes for me.

keywords: rpmbuild

 

PostgreSQL Replication to a Warm-Standby Using WAL Files

THEORY

Like a good relational database, PostgreSQL maintains a set of transactional log file known as write-ahead-logs (WAL) in the pg_xlog directory.  These logs are written to for every change in the database files and are used to recovery from a crash condition.  If you crash, replay all the WAL files since the last backup and you will be back in business right at the point of failure.

Well, if you have this capability, what about keeping a warm-standby system and feeding it all the WAL files.  If you teach it how to continuously process the incoming write ahead logs from the live system you will have a system ready to go at a moments notice.  When you read about this setup in other places on line the primary server is known as ‘master’ and the secondary the ‘slave’.

NOTE BENE: Both your primary and your secondary need to be running the same major version of the postgreSQL database. Continue reading

Restoring Files From RackSpace Cloud Files

If you are like me and have a cloud server on rackspace you probably have a backup of your server that runs weekly or daily but may have never found a nice way to access these files.  In fact, i was on chat with a Fanatical Support guy the other day shortly after I had deleted my httpd.conf file.  I asked him if I could restore a file using my cloud file backups and he said “No”.

That bothered me, but I don’t expect support the guys to be all knowing, even if it is a top-notch organization like Rackspace.  The real answer is yes.  Here is how it’s done.

If you are familiar with the API calls for interacting with RackSpace programmatically, you should probably skip this article, it’s going to be really basic.  If you want to learn these calls, then I found a nice article here that describes pulling and extracting the files for a Windows image and getting a .vhd file

ANATOMY OF A BACKUP

So logging in to the RackSpace Cloud interface and you should see a new(ish) addition to the Hosting Menu.  Choose “Cloud Servers” under the Open Cloud and then you’ll enter a new interface.  Once there click on “Files”  At this point you see your files.  Yes, you can see them in the old interface, but you cannot download them.

What I found was a set of files with a timestamp in them and a site ID.  One meta file that ends and .yml and describes all of the other compressed tarballs that contain the actual data.  You probably noticed that the tarballs are incremented (0, 1, 2, etc)

---
name: daily_20120827_111111_cloudserver1111111.yml
 format: tarball
 image_type: full
 files:
 - daily_20120827_111111_cloudserver111111.tar.gz.0
 - daily_20120827_111111_cloudserver111111.tar.gz.1
 - daily_20120827_111111_cloudserver111111.tar.gz.2

WHAT TO DO WITH THEM

If you have all the files in one directory you should be able to address them line this.  Remember, I’m trying to find my httpd.conf.  Well, this is going to find any and all httpd.conf file in the tar.gz files available.

for tarball in `ls -1 *cloudserver111111.tar.gz.*`
do
    recoveryfile=`tar -tzf $tarball | grep httpd.conf`
    tar -zxvf $tarball $recoveryfile
done

You will want to change the file you are looking for (httpd.conf) and the first line which defines the files you want to look through.  I’d use the find * command at the end to expose the directory structure that was created.

Viewing Your Linux Hardware with DMIDECODE

I never like opening a running system when I can simply query that system with a simply command for the information needed.  dmidecode is a great tool for polling hardware information in human-readable format.

In its simplest form you will dump all the information to the screen

dmidecode

but that’s a bit much so try running with the -t argument which lets you narrow down the search to the components (bios, system, baseboard, chassis, processor, memory, cache, connector, slot)  So, for instance, if need to learn how much RAM you system can handle:

# dmidecode -t memory
# dmidecode 2.10
SMBIOS 2.7 present.
# SMBIOS implementations newer than version 2.6 are not
# fully supported by this version of dmidecode.

Handle 0x0027, DMI type 16, 23 bytes
Physical Memory Array
    Location: System Board Or Motherboard
    Use: System Memory
    Error Correction Type: Single-bit ECC
    Maximum Capacity: 32 GB
    Error Information Handle: No Error
    Number Of Devices: 4

Enjoy and let me know you you end up using this command.

 

Tuning mySQL – Because by default it’s not even close to tuned.

Basic tuning of the mySQL is accomplished in the /etc/my.cnf file. If you want to get all geeky and into this reference the seminal document over on the mysql dev site. This should result in a speed increase in your system.  It certainly has in my system running mySQL 5.x.

The information below is expressed as a set of ratios that begins with your system RAM and then works from there.

innodb_buffer_pool_size = $SYSTEMRAM/2
innodb_additional_mem_pool_size = $innodb_buffer_pool_size/20
innodb_log_file_size = $innodb_buffer_pool_size/4
innodb_log_buffer_size = $innodb_buffer_pool_size/50 or a minimum value of 8MB

Note bene: Changing your log file size can results in a mySQL refusing to start.  Simply remove these files from you mysql data directory and they will be created on the next startup.

Script to Move Database Location – mySQL

Don’t run this script.  It’s a concept that I haven’t tested and running it is pretty well guaranteed to crash your mysql server.  It’s designed to make the relocation of data faster, but I don’t have time to finish it today.

You should probably use this fellow link because it works… it’s just slower and manual.  Oh, and if you do get a scripting urge, please make this script work properly for me and post it in a comment.  Thanks.

 

USER=root
PASSWORD=yourpassword
DBS="$(mysql --user=$USER --password=$PASSWORD -Bse 'show databases')"
OLDDATA_DIR="/var/lib/mysql"
NEWDATA_DIR="/database/lib/mysql"

mkdir -pv $NEWDATA_DIR

for FILE in ${DBS[@]}; do
        DATABASE=`basename $FILE`
        echo cp -R $OLDDATA_DIR/$DATABASE $NEWDATA_DIR/$DATABASE
done

# Set permissions
chown -R mysql:mysql $NEWDATA_DIR

# Archive the old & link it to the new
mv $OLDDATA_DIR OLDDATA_DIR-old
ln -s $NEWDATA_DIR/$DATABASE $OLDDATA_DIR/$DATABASE

#get_mysql_option mysqld datadir "/database/lib/mysql"
sed -i  's|$OLDDATA_DIR|$NEWDATA_DIR|' /etc/init.d/mysqld
sed -i  's|$OLDDATA_DIR|$NEWDATA_DIR|' /etc/my.cnf

Mounting a ‘Foreign’ LVM Volume

First, what do I mean by foreign?  Foreign means mounting the logical volume with an OS that it wasn’t originally installed on.  This could be because you are using KNOPPIX to repair something on the volume, or because you’ve moved the disk to a new location.

The process itself if quite simple, but it would help if you understood how logical volumes work first.  Click here for some nice background

Mounting an LVM Volume

  1. First Identify it with the fdisk command
  2. And find the VolGroup with the pvs command
  3. lvdisplay will show you the Logical Volume
  4. Finally mount it

# fdisk -l
Disk /dev/sda: 500.1 GB, 500107862016 bytes255 heads, 63 sectors/track, 60801 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytes
Device Boot      Start         End      Blocks   Id  System/dev/sda1   *           1          13      104391   83 Linux/dev/sda2              14       60801   488279610   8e  Linux LVM

# pvs  PV         VG         Fmt  Attr PSize   PFree
/dev/sda2  VolGroup00 lvm2 a-   465.66G    0

lvdisplay

Okay, this isn’t finished yet, but I published it so that next time I’m working on this task I’ll complete it.  If you have any suggestions or want to complete this list. let me know.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Installing Subversion Edge 2.2.0 on CentOS 6

Should be easy, right?  It is, but I spent a good bit of time discovering how things really work.  Don’t get me wrong, the installation instructions are a good start, but things don’t working the way they should with Subversion Edge 2.2.0.

IN A NUTSHELL

  1. Install CentOS 6
  2. Prep CentOS 6 for Subversion Edge
  3. Install Subversion Edge
  4. Configure Subversion Edge in the GUI

Continue reading

Integrating JIRA and MS Project

A couple of weeks ago I was tasked with setting up an environment where our Project Manager, working with MS Project is able to setup all of the software development tasks and then sync that data with JIRA, the tools used by the development, technical services and QA teams to track their work.  On top of that the executive team wants the ability to monitor progress using MS Project.  They’d like it to work on iPads, Windows, Macs, Androids.  Pretty much everywhere.  Oh, and it should be too costly.

You can do this with MS Project Server and Sharepoint, but as soon as you start down that road there are all kinds of problems not the least of which is the cost which will be well into 5 figures.  So didn’t didn’t go there.

THE PARTS

  • R/W JIRA Users – Using JIRA, Dev, QA and TS log progress and time spent with a browser connection.
  • JIRA Server – We are adding The Connector to the JIRA server to enable synchronization of data between a MS Project and JIRA.
  • R/W Project Manager – A virtual workstation with MS Project 2010 loaded with a JIRA connector.  This system is the only system allowed to write to the .MPP files on Mercury (the file server) and synchronize those files to the JIRA server.
  • File/HTTP Server – The location of the project files.  We will be loading a .NET framework Project Viewer by Housatonic that allows 5 concurrent users read-only access the active files.  The project viewer works just like project, but runs on Mac, Windows, iPhone, iPad, etc.  That data is updated by the PM who pulls progress updates from JIRA.
  • R/O Executive – Management with read-only access to the project plan as served up on Mercury.  These user may also access JIRA directly
THE PROCESS
This outlines the workflow.
  1. Project Creation – The PM creates projects in MS Project 2010 on a single workstation and updates JIRA which replicates all of the components of the project onto the JIRA Server.  The project files live on Mercury and are now visible to the executive team through a web browser.
  2. Working on the Project – As users work on the project they use JIRA to log their time and tasks completed sharing notes with other users as needed.
  3. JIRA / Project Synchronization - The data on Mercury does not automatically reflect the data in JIRA. Periodically, the PM will open MS Project and sync up the data.  This will pull the task completed and time worked from JIRA into MS Project.
  4. Reporting – The PM will periodically create reports that include links to the project.  The hyperlinks will cause a project viewer to open allowing management to drill down into details as necessary.
THE COSTS
  • JIRA Connector ($500) – Licence for a single user.
  • JIRA Runs on a CentOS server which we already own.
  • Project Viewer ($400) 5 concurrent licenses.
  • Runs on a Windows Server that we already own. ($0)

OPINION

I love this setup.  I’ll enumerate my thoughts:

  1. I don’t like MS Project, but I understand that Project Managers feel comfortable with it and over time executives have grown up using it.  So I see the need.  I just don’t like paying for multiple copies of MS Project when I don’t have to.
  2. The Project Viewer looks very much like MS Project, but it runs through the web on OSX, Windows, iOS etc.  So, when the executive team are being cool, they can work on iPads.
  3. The JIRA Connector works surprising well.  There are some procedural things you need to keep in mind when working with it due to fact that we have read-write users in both JIRA and MS Project.  These sorts of things are common sense to sysadmins, but need to be discussed with your team.
  4. JIRA is a great tool for software development.  Period.

One other aspect was added to this project now.  Basically, pretty PowerPoint’s are created and converted to PDFs for distribution to those who will be using the ‘Project Viewer’.  Embedded hyperlinks in the .PDF work great when the user needs additional detail.  Just one problem though, If you are using an older MS Office like 2003 it cannot save links in PDFs.  You’ll need 2007 or above and I don’t believe any version of Mac Office can save a hyperlink.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.