Monday, May 16, 2011

Recover MySQL root Password

You can recover MySQL database server password with following five easy steps.

Step # 1: Stop the MySQL server process.

Step # 2: Start the MySQL (mysqld) server/daemon process with the --skip-grant-tables option so that it will not prompt for password.

Step # 3: Connect to mysql server as the root user.

Step # 4: Setup new mysql root account password i.e. reset mysql password.

Step # 5: Exit and restart the MySQL server.

Here are commands you need to type for each step (login as the root user):
Step # 1 : Stop mysql service
# /etc/init.d/mysql stop
Output:
Stopping MySQL database server: mysqld.Step # 2: Start to MySQL server w/o password:
# mysqld_safe --skip-grant-tables &
Output:
[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: startedStep # 3: Connect to mysql server using mysql client:
# mysql -u root
Output:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>Step # 4: Setup new MySQL root user password
mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit
Step # 5: Stop MySQL Server:
# /etc/init.d/mysql stop
Output:
Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended
[1]+  Done                    mysqld_safe --skip-grant-tablesStep # 6: Start MySQL server and test it
# /etc/init.d/mysql start
# mysql -u root -p

Thursday, March 3, 2011

Oracle 10g Pre-installation steps for RHEL 5


Following are the steps required to configure Linux for Oracle Database 10g Release 2.
Verifying System Requirements
To verify that your system meets the minimum requirements for an Oracle Database 10g Release 2 database, log in as root and run the commands below.
To check the amount of RAM and swap space available, run this:
grep MemTotal /proc/meminfo
grep SwapTotal /proc/meminfo
Ex:
  1. grep MemTotal /proc/meminfo
    MemTotal: 1034680 kB
  2. grep SwapTotal /proc/meminfo
    SwapTotal: 1534196 kB
The minimum RAM required is 8GB, and the minimum required swap space is 10 GB. Allocating the Swap space will be based on the DBA team requirement, but the minimum space should be 10 GB.
Memory depends upon the application we are running. For example ,iHotlier database will be having more memory compared to Databridge.
Adding swap space
This option of adding swap space is required only if the server is not configured with the required amount of swap space at the time of installation.
Swapon and SwapOff are two command provided with Linux to enable/disable devices and files for paging and swapping.
1)Create Swap File using DD command
dd if=/dev/zero of=/extraswap bs=1M count=12048
2)Setup Linux swap area using MKSWAP command
# mkswap -c /extraswap
# swapon /extraswap
3)run "swapon -s" and view the addition made. or free -m" command to verify addition of your new swap space.
4) Make swap upgrade permanently available to OS through fstab file.
/extraswap        none     swap    sw        0 0 
Create the Oracle Groups and User Account
Next, create the Linux groups and user account that will be used to install and maintain the Oracle Database 10g Release 2 software.
Example:
Groupname Group ID Group ID 
 Production Pre-Prod 
dba 1500 1601 
oinstall 1501 1602 
orasegp  1604 
Username User ID User IDPrimary Group Secondary Group Default shell 
 Production Pre-Prod    
oracle 1500 1600 Dba oinstall /bin/bash 
gridagnt 1502 1605 Dba oinstall /bin/bash 
gguser 1501  Dba oinstall /bin/bash 
orase  1603 Dba orasegp /bin/bash 
       
Set the password for all the user accounts.
Example for Pre-prod:
/usr/sbin/groupadd -g 1602  oinstall
/usr/sbin/groupadd -g 1601  dba
/usr/sbin/groupadd -g  1604    orasegp
/usr/sbin/useradd -m -u 1600 -g oinstall -G dba -s /bin/bash oracle
/usr/sbin/useradd -m -u 1605 -g oinstall -G dba -s /bin/bash gridagnt
# id oracle
uid=1600(oracle) gid=1602(oinstall) groups=1602(oinstall),1602(dba)
Following directories are being created in the root filesystem.
Production Pre-prod 
/u00  should be a partition of minimum size 15GB, but as a standard follow 30GB of local partition. 
In production environment ./u01 is a separate partition mounted with external lun. 
chown -R oracle:oinstall /u01 
chown -R oracle:oinstall /u00 
mkdir /u01 
mkdir -p /u01/app/oracle 
chown -R oracle:oinstall /u01/app/ 
chmod -R 775 /u01/app/ 
/data  is a separate partition mounted with external lun 
ln -s /data /u01 

chown -R oracle:oinstall /u01 
chown -R oracle:oinstall /u00 
mkdir -p /u01/app/oracle 
chown -R oracle:oinstall /u01/app/oracle 
chmod -R 775 /u01/app/oracle 


  

Configuring Linux Kernel Parameters
The Linux kernel is a wonderful thing. Unlike most other *NIX systems, Linux allows modification of most kernel parameters while the system is up and running. There's no need to reboot the system after making kernel parameter changes. Oracle Database 10g Release 2 requires the kernel parameter settings shown below. The values given are minimums, so if your system uses a larger value, don't change it.
/etc/sysctl.conf
kernel.shmmax = 68719476736  (for pre-prod kernel.shmmax = 4180148224)
kernel.shmall = 4294967296
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=262144
net.core.wmem_default=262144
net.core.rmem_max=262144
net.core.wmem_max=262144
To change the modified Kernel parameters while runtime, execute the below command.
# sysctl  -p
Setting Shell Limits for the oracle User
Oracle recommends setting limits on the number of processes and open files each Linux account may use. To make these changes, cut and paste the following commands as root:
/etc/security/limits.conf
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
If necessary Stack and MaxLockMem, make these changes, cut and paste the following commands as root
/etc/security/limits.conf
oracle soft memlock 3145728
oracle hard memlock 4145728
oracle soft stack 32768
oracle hard stack 43768
/etc/pam.d/login
session required pam_limits.so
Follow the same steps for given below packages installation
yum update *
yum install binutils*
yum install lib-Xp*
yum install libXp*
yum install compat-*
yum install control-center-*
yum install gcc-*
yum install glibc-*
yum install libstdc++*
yum install make*
yum install sysstat*
yum install xorg-x11-libs*
yum install libaio*
yum install compat-libstdc++*
yum install xorg-x11-*
yum install openmotif*
yum instal glibc-devel*
# rpm -qa --queryformat "%{NAME}-%{VERSION}-%{RELEASE} (%{ARCH})\n" | grep glibc
Enable direct login to oracle and provide sudo to root access for DBA Group to complete the installation. Revoke root access and direct login for oracle from DBA once installation is completed *

Wednesday, March 2, 2011

FUNC - Fedora Unified Network Controller


INTRODUCTION

FUNC is an open source automation tool developed by using Python programming language. We can use this tool for automating system admin tasks such as status check, configuration tweak, file transfer, rebooting the systems etc in multiple Linux-based systems. It uses the typical Client-Server model, where the server is called by the term "overlord" and the clients which are binded to the server are called as "minions".
INSTALLATION PROCEDURE
The installation procedure for Server and Clients are same but the configuration makes the difference to run as a Server or Client. 
Following are the required packages which have to be installed. 
smolt
python-ctypes
python-paste
python-simplejson
pyOpenSSL 
certmaster
func

The main configuration file for Server is "/etc/certmaster/certmaster.conf" and for client is "/etc/certmaster/minion.conf"
For a Server to run it requires a service by name "certmaster" and it listens to port 51235.
For a Client to run it requires a service by name "funcd" and it listens to port 51234.
FUNC Client installation on 32bit OS
scp the following file to local system and install the RPM in same order as mentioned.
pyOpenSSL-0.6-2.el5.i386.rpm
certmaster-0.27-1.el5.noarch.rpm
python-ctypes-1.0.2-2.el5.i386.rpm
python-paste-1.7.4-1.el5.noarch.rpm
python-simplejson-2.0.9-8.el5.i386.rpm
smolt-1.4-2.3.el5.noarch.rpm
func-0.27-1.el5.noarch.rpm

Configuration
#edit /etc/certmaster/minion.conf file with following content

# configuration for minions
[main]
certmaster = <FUNC Server IP>
certmaster_port = 51235
log_level = DEBUG
cert_dir = /etc/pki/certmaster

start the services
#service funcd start
#chkconfig funcd on 


Note: We should ensure the Network team allows TCP traffic through on these ports.   
HOW IT WORKS  
Func uses an X.509 public key infrastructure (PKI) to authenticate the minions to the overlord daemon (Master). These SSL certificates are also used to encrypt and verify all communications.
The certmaster daemon running on the overlord creates a Certificate Authority (CA) when it is first started. This serves as the root of the PKI. As each minion starts it will generate a key pair and a Certificate Signing Request (CSR) which contains its public key. The CSR is uploaded to the Master. After the minion has its certificate signed by the overlord's CA you can start issuing commands to that host.
Keys are stored in /etc/pki/func for both sides. Certmaster stores certs and csrs in /var/lib/func (and do not need to be protected against unauthorized read access).
Note: Despite the fact that we have a SSL communication established between Server and clients, we still can't login to client server (from Master) without a password. We can issue commands to client machines only using Func module. Hence this prevents the security risk like we have in establishing SSH connection using empty phase phrase.
HOW TO USE
The command-line syntax for Func is as follows: 
# func "hostnames" module method [arg1] [arg2] 
Every command should start with the keyword 'func' followed by 'hostnames' within double quotes, module name, method name and the arguments. 
In Detail: 
"Hostname" - Hostnames within double quotes can be a single servername or a servernames separated by semicolons or we can use wildcard characters to specified a set of servers. 
"Module" - In a simple term, we can say a module is a high-level description of an entity and it contains number of useful functions or a set of commands. In OOPS term, we can call it as a Class which contains number of methods. 
"Methods" - These are functions or a set of command set available under a particular Module 
"Arguments" - Parameters which are passed to methods. 
Note: In Func, we have an option of creating Python API which does the same as we do in command-line and include it in a Python script. But I haven't covered it in this document. 
EXAMPLES 
To list the minions connected to the Master server:

[root@bkpllm01 ~]# func "" list_minions*
 
dbsllm01-d1
webllm04-t1
webllm04-t2
webllm04-t3

To obtain the list of all the remote modules we can use on a particular client server (here it is 'applsb01')
[root@sysllm01 ~]# func "applsb01" call system list_modules
{'applsb01': ['bridge',
              'certmastermod',
              'command',
              'copyfile',
              'delegation',
              'djangoctl',
              'echo',
              'filetracker',
              'func_getargs',
              'func_module',
              'hardware',
              'iptables',
              'iptables.port',
              'jboss',
              'jobs',
              'meta',
              'mount',
              'nagios-check',
              'netapp.options',
              'netapp.snap',
              'netapp.vol',
              'netapp.vol.clone',
              'networktest',
              'overlord',
              'process',
              'reboot',
              'rpms',
              'service',
              'smart',
              'snmp',
              'sysctl',
              'test',
              'vlan',
              'yumcmd']}
Here is the example for how the Method in each module can be used listed and used in real time
To obtain the list of methods offered by a particular module (say jboss), the syntax would be:
[root@sysllm01 ~]#  func "applsb01" call jboss list_methods
{'applsb01': ['status',
              'save_config',
              'search_by_port',
              'search_by_address',
              'search_by_instance',
              'check',
              'module_description',
              'module_version',
              'get_method_args',
              'module_api_version',
              'list_methods']}

[root@sysllm01 ~]#  func "applsb01" call jboss status
{'applsb01': [[31253, 'ihcore', 'applsb01', []]]}

To run the 'uptime' command in all the minions
[root@sysllm01 ~]# func "appls*" call command run uptime
('applsb01',
 [0,
  ' 11:20:24 up 120 days, 20:10,  2 users,  load average: 0.00, 0.00, 0.00\n',
  ''])
('applsb02',
 [0,
  ' 11:20:25 up 120 days, 12:08,  1 user,  load average: 0.01, 0.05, 0.01\n',
  ''])
('applsb03',
 [0,
  ' 11:20:24 up 179 days, 13:04,  1 user,  load average: 0.03, 0.01, 0.00\n',
  ''])
('applsb04',
 [0,
  ' 11:20:25 up 120 days,  4:03,  2 users,  load average: 0.14, 0.05, 0.01\n',
  ''])
Here is an another example of using command module to execute remote commands
[root@sysllm01 ~]# func "appls*" call command run "uname -a"
('applsb01',
 [0,
  'Linux applsb01 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux\n',
  ''])
('applsb02',
 [0,
  'Linux applsb02 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux\n',
  ''])
('applsb03',
 [0,
  'Linux applsb03 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86_64 x86_64 GNU/Linux\n',
  ''])
('applsb04',
 [0,
  'Linux applsb04 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux\n',
  ''])

More on JBoss module
This module allow you to monitor and control your jboss instances; it permit to get status of instances (listening port, pid, instance name and bind address), simple search by address, by port and by instance name, and check instances problems (example when a jboss instance is up but don't listen on any ports).
Command Line Usage
func "*" call jboss status
func "*" call jboss check
func "*" call jboss search_by_instance "default"
func "*" call jboss search_by_address "127.0.0.1"
func "*" call jboss search_by_port 8080
func "*" call jboss start
func "*" call jboss stop
Details start(), stop() need a proper configuration. The default values are
jboss_home=/var/lib/jboss
jboss_instance=default
jboss_address=127.0.0.1
If you have different settings, you must create and edit a configuration module file. Your file is /etc/func/modules/JBoss.conf and should be configure (for example) as below:
[main]
jboss_home=/usr/local/jboss-4.2.2.GA/
jboss_address=127.0.0.1
jboss_instance=default
status() return, for each host a list with pid, instance name, bind address and a list of listening ports:
[root@sysllm01 ~]#  func "applsb01" call jboss status
{'applsb01': [[31253, 'ihcore', 'applsb01', []]]}

Service Module
It starts, stops, and checks the status of services.
Command line usage:
[root@sysllm01 ~]# func applsb01 call service status vsftpd
{'applsb01': 0}
0--Success

[root@sysllm01 ~]# func applsb04 call service status vsftpd
{'applsb04': 3}

3-- Other than 0 in the output meant for Failure or the service doesn't exist on remote system

SUMMARY

Func is a great automation tool, invented exclusively for performing system admin tasks more effective than before on Linux platform. It totally eliminates the difficulties in login to multiple servers without compromising the security and it's pretty faster in executing the commands in remote clients. In addition to taking care of client login issue, it makes our work easier by capturing the result of command execution on remote machines and displaying it locally on Server's terminal. As we know, capturing the output of remote execution is indeed a major challenge and Func comes as a handy tool by eliminating it. Having said all this, Func does have some limitations. First is, the Func output is somewhat chaotic and we can't expect a formatted output. Next is, we can't do every system admin tasks using Func and it's not meant to replace the scripting languages such as Perl, Bash, Expect etc. Instead we can use the Func as a component in our scripting and derive some logic out of it. All we have to do is to learn the functionalities of Func modules/methods and see how we can use in our environment.
  
Information Source https://fedorahosted.org/func/

About Me

My photo
The intent of this blog is to share my work experience and spread some smart solutions on Linux to System Administrators. I'm hoping the solutions shared in this Blog would be helpful and come as a handy for Viewers. Brief about me: I have 18+ years work experience in System and Cloud Administration domain, primarily works on VMware Cloud Products (vSphere, vCloud Director, vRealize Automation, NSX Adv. Load Balancer, vROps).