Wednesday 30 January 2013

Jboss: Installation and Configuration Steps in Cent OS 6.3

*******************************************************************************
 
Step1: Firstly, we will need to install Java.


JBoss 7.1.1 will work with JDK 6 or JDK 7.


[root@CSSW2013NOC3 ~]#cd /home/sankar/Downloads/

[root@CSSW2013NOC3 ~]#mkdir  -p /usr/java

[root@CSSW2013NOC3 ~]#mv jdk-7u11-linux-i586.tar.gz  /usr/java/

[root@CSSW2013NOC3 ~]#cd /usr/java

#ls
jdk-7u11-linux-i586.tar.gz


Step 2:Extract it:

[root@CSSW2013NOC3 ~]#tar -xvzf jdk-7u11-linux-i586.tar.gz

[root@CSSW2013NOC3 ~]#cd jdk1.7.0_11/

[root@CSSW2013NOC3 ~]#pwd

/usr/java/jdk1.7.0_11

Step 3: Download and Install JBoss 7.1.1 Application Server

[root@CSSW2013NOC3 ~]#cd /usr/share/

[root@CSSW2013NOC3 ~]#wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip

[root@CSSW2013NOC3 ~]#unzip -q jboss-as-7.1.1.Final.zip

[root@CSSW2013NOC3 ~]#mv jboss-as-7.1.1.Final jboss-as

[root@CSSW2013NOC3 ~]#cd jboss-as


Step 4: Create the user jboss, who will own and run JBoss

[root@CSSW2013NOC3 ~]#groupadd jboss

[root@CSSW2013NOC3 ~]#useradd -s /bin/bash -g jboss jboss

[root@CSSW2013NOC3 ~]#chown -Rf jboss.jboss /usr/share/jboss-as


Step 5: Put Java into the path of jboss and root

[root@CSSW2013NOC3 ~]#cd /home/jboss/

[root@CSSW2013NOC3 ~]#vim .bash_profile

JAVA_HOME=/usr/java/jdk1.7.0_11
export JAVA_HOME 
PATH=$JAVA_HOME/bin:$PATH
export PATH          

As root, issue '. ~/.bash_profile' as below to put JAVA into the path of root immediately.

[root@CSSW2013NOC3 ~]#vim .bash_profile

JAVA_HOME=/usr/java/jdk1.7.0_11
export JAVA_HOME 
PATH=$JAVA_HOME/bin:$PATH
export PATH         

 
[root@CSSW2013NOC3 ~]#su - jboss

[jboss@CSSW2013NOC3 ~]$ java -version
java version "1.7.0_11"
Java(TM) SE Runtime Environment (build 1.7.0_11-b21)
Java HotSpot(TM) Server VM (build 23.6-b04, mixed mode)

Step 6: Create a start/stop/restart script for JBoss.

[root@CSSW2013NOC3 ~]#cd /usr/share/jboss-as/bin/init.d

[root@CSSW2013NOC3 ~]#cp jboss-as-standalone.sh /etc/init.d/jboss

[root@CSSW2013NOC3 ~]#cat jboss-as-standalone.sh


 Step 7: To set the JBOSS_USER, add the following lines to script:

JBOSS_USER=jboss
export JBOSS_USER

You can add the lines just under 'export JAVA_HOME' on line 18 or so below. 

[root@CSSW2013NOC3 ~]#nano jboss-as-standalone.sh

export JAVA_HOME
JBOSS_USER=jboss
export JBOSS_USER

Step 8: Run JBoss as a Service.

[root@CSSW2013NOC3 ~]#chmod 755 jboss

[root@CSSW2013NOC3 ~]# chkconfig --add jboss

[root@CSSW2013NOC3 ~]#chkconfig --level 234 jboss on 

[root@CSSW2013NOC3 ~]#service jboss start

[root@CSSW2013NOC3 ~]#service httpd status

[root@CSSW2013NOC3 ~]#service jboss status


Step 9:Let's start with adding a Management user as shown on the error page:

As root, navigate to /usr/share/jboss-as/bin

[root@CSSW2013NOC3 ~]#cd /usr/share/jboss-as/bin

[root@CSSW2013NOC3 ~]#./add-user.sh
  1. What type of user do you wish to add?  
  2.  a) Management User (mgmt-users.properties)  
  3.  b) Application User (application-users.properties)  
  4. (a):  
  5.   
  6. Enter the details of the new user to add.  
  7. Realm (ManagementRealm) :  
  8. Username : sankar
  9. Password :  *********
  10. Re-enter Password :  ******
  11. About to add user 'david' for realm 'ManagementRealm'  
  12. Is this correct yes/no? yes  
  13. Added user 'david' to file '/usr/share/jboss-as/standalone/configuration/mgmt-users.properties'  
  14. Added user 'david' to file '/usr/share/jboss-as/domain/configuration/mgmt-users.properties'  

 Step 10: Retstart JBoss to reload the the change to standalone:

[root@CSSW2013NOC3 ~]# service jboss stop

 stopping jboss-as: *** JBossAS process (25794) received TERM signal ***

[root@CSSW2013NOC3 ~]#service jboss start 

Starting jboss-as:                                         [  OK  ] 

***************************************************************************

Now, navigate back to http://YourIP:9990 and you should be prompted for the Management user credentials you just created:  

[root@CSSW2013NOC3 ~]#firefox http://localhost:9990 &

login uname
Password:

===========Jboss Management Console =============

Tuesday 29 January 2013

How To Linux Random Password Generator in Command Line:

 i.

1. [sankar@CSSW2013NOC3 ~]$ pwd

/home/sankar

2. [sankar@CSSW2013NOC3 ~]$ vim .bashrc

Note:Append the bellow code:
 
genpasswd() {
 local l=$1
        [ "$l" == "" ] && l=16
       tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}
 

3. [sankar@CSSW2013NOC3 ~]$ source ~/.bashrc


4. To generate random password, enter:

[sankar@CSSW2013NOC3 ~]$  genpasswd
dZJgIfIY60KB4lNo


[sankar@CSSW2013NOC3 ~]$ genpasswd 8
P_UlFer_
 
[sankar@CSSW2013NOC3 ~]$ genpasswd 9
_FxwL4h2D

[sankar@CSSW2013NOC3 ~]$ genpasswd 10
qW9CGfhRYw
 

ii.



1. [sankar@CSSW2013NOC3 ~]$ which mkpasswd

/usr/bin/which: no mkpasswd in (/usr/lib/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/sankar/bin)

2. [root@CSSW2013NOC3 sankar]# yum install expect
 

Installed:
  expect.i686 0:5.44.1.15-4.el6                                                

Dependency Installed:
  tcl.i686 1:8.5.7-6.el6                                                       

Complete!

3. [root@CSSW2013NOC3 sankar]# yum whatprovides */mkpasswd

expect-5.44.1.15-4.el6.i686 : A program-script interaction and testing utility
Repo        : installed
Matched from:
Filename    : /usr/bin/mkpasswd

4. [sankar@CSSW2013NOC3 ~]$ mkpasswd
Is>91Hqat

MongoDB Installation and Configuration on Centos6.3

What is MongoDB?

MongoDB (from “humongous”) is a scalable, high-performance, open source, schema-free, document-oriented database. Written in C++. MongoDB bridges the gap between key-value stores (which are fast and highly scalable) and traditional RDBMS systems (which provide structured schemas and powerful queries).

MongoDB is very interesting document-oriented database, because it has really awesome features:
  •     Document-oriented storage (the simplicity and power of JSON-like data     schemas)
  •     Dynamic queries
  •     Full index support, extending to inner-objects and embedded arrays
  •     Query profiling
  •     Fast, in-place updates
  •     Efficient storage of binary data large objects (e.g. photos and videos)
  •     Replication and fail-over support
  •     Auto-sharding for cloud-level scalability
  •     MapReduce for complex aggregation
  •     Commercial Support, Training, and Consulting

Installing MongoDB

1.Configure Package Management System (YUM)

[root@shankar1 ~]#nano /etc/yum.repos.d/10gen.repo

[10gen]  
name=10gen Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686
gpgcheck=0  
enabled=1

Ctrl +x ----y

2. Install mongo server and mongo client packages

[root@shankar1 ~]#yum install mongo-10gen mongo-10gen-server
 Installed:
 mongo-10gen.i686 0:2.2.2-mongodb_1       mongo-10gen-server.i686 0:2.2.2-  mongodb_1        
3. Configure MongoDB Database Server

 [root@shankar1 ~]#nano -w /etc/mongod.conf

logpath=/var/log/mongo/mongod.log
port=27017
dbpath=/var/lib/mongo

4. Start MongoDB Server

[root@shankar1 ~]#service mongod start 

5.Start MongoDB on boot

 [root@CSSW2013NOC3 ~]# mongo
MongoDB shell version: 2.2.2
connecting to: test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
    http://docs.mongodb.org/
Questions? Try the support group
    http://groups.google.com/group/mongodb-user
> use test
switched to db test
> db.foo.find()
> db.foo.save({a:1})
> db.foo.find()
{ "_id" : ObjectId("5107a0b2ba0599c2355f3d3e"), "a" : 1 }
> db.foo.update({a: 1},{a: 5})
> db.foo.find()
{ "_id" : ObjectId("5107a0b2ba0599c2355f3d3e"), "a" : 5 }


Note:
SELinux Considerations
You must SELinux to allow MongoDB to start on Fedora systems. Administrators have two options:
  • enable access to the relevant ports (e.g. 27017) for SELinux. See Interfaces and Port Numbers for more information on MongoDB’s default ports.
  • disable SELinux entirely. This requires a system reboot and may have larger implications for your deployment.
   

Thursday 10 January 2013

Commands to Check SSL cert’s validity and other details


ssl-cert-check:

All digital certificates contain an expiration date which most client and server applications will check before using the certificates contents. ssl-cert-check is provided free of charge.

$ ssl-cert-check -h
Usage: ssl-cert-check [ -e email ] [ -x expir_days ] [ -q ] [ -a ] [ -h ] [-i]
      {[ -s common_name ] && [ -p port]} || {-f cert_file} || {-c certificate file}

  -a                        : Send a warning message through email
  -c cert file          : Print the expiration date for a PEM formatted
                                        certificate passed as an option
  -e email address    : Email address to send expiration notices
  -f cert file               : File with a list of FQDNs and ports
  -h                            : Print this screen
  -i                             : Print the issuer of the certificate
  -p port                   : Port to connect to (interactive mode)
  -s commmon name  : Server to connect to (interactive mode)
  -q                                : Don't print anything on the console
  -x days                       : Certificate expiration interval (eg. if cert_date < days)

1. To view the date when a certificate stored in the file cacert.pem will expire, ssl-cert-check can be executed with the “-c” (certificate file to process) option and the certificate to process: 

$ ssl-cert-check -c /etc/ca/cacert.pem
Host                                            Status       Expires      Days Left
----------------------------------------------- ------------ ------------ ----------
FILE:/etc/ca/cacert.pem                         Valid        Jan 2 2008   807 

2. To check when the certificate used by the prefetch.net web server will 
expire, the server name or IP address and a port number can be passed to
 ssl-cert-check's "-s" (server name) and "-p" (tcp port) options:
 
 $ ssl-cert-check -s mail.prefetch.net -p 443
 Host                                            Status       Expires      Days Left
----------------------------------------------- ------------ ------------ ----------
prefetch.net:443                                Valid        Jun 20 2006  246
 
3. If you manage dozens of SSL-enabled servers, you can place the server 
names and port numbers in a file, and run ssl-cert-check against that 
file: 

$ cat ssldomains
www.prefetch.com 443 
mail.prefetch.net 443
mail.google.com 443 
www.sun.com 443 
www.spotch.com 443

$ ssl-cert-check -f ssldomains
Host                                            Status       Expires      Days Left
----------------------------------------------- ------------ ------------ ----------
www.prefetch.com:443                            Valid        May 23 2006  218
mail.prefetch.net:993                           Valid        Jun 20 2006  246
gmail.google.com:443                            Valid        Jun 7 2006   233
www.sun.com:443                                 Valid        May 11 2009  1302
www.spotch.com:443                              Connection refused Unknown Unknown

4. When ssl-cert-check is executed with the "-i" (print issuer) option, 
the issuer is printed along with the certificate expiration date:
 
$ ssl-cert-check -i -f ssldomains
Host                                Issuer            Status   Expires     Days Left
----------------------------------- ----------------- -------- ----------- ---------
www.prefetch.com:443                Comodo Limited    Valid    May 23 2006 218
mail.prefetch.net:993               Equifax Secure In Valid    Jun 20 2006 246
gmail.google.com:443                Thawte Consulting Valid    Jun 7 2006  233
www.sun.com:443                     Sun Microsystems  Valid    May 11 2009 1302
www.spotch.com:443                  Unknown           Connection refused Unknown Unknown

5. The expiration interval can be controlled with ssl-cert-check's "-x" 
(expiration interval) option, and the e-mail address to send notifications can be 
passed as an argument to the "-e" (e-mail address to send alerts) option.
 
The following example uses both options to send an e-mail notification if one of
more of the hosts listed in the file ssldomains contains a certificate that will 
expire within the next 60-days:

$ ssl-cert-check -a -f ssldomains -q -x 60 -e admin@prefetch.net
 
=================Another Way=========================== 
1. Get complete available details of an SSL certificate

openssl x509 -text -in ssl.cert 
 
2. Who issued the certificate?

openssl x509 -noout -in ssl.cert -issuer

3. To whom the certificate was issued?

openssl x509 -noout -in ssl.cert -subject

4. To check the expiry date of SSL certificate

openssl x509 -noout -in ssl.cert -dates

5. To get SSL cert’s hash value

openssl x509 -noout -in ssl.cert -hash

6. To get SSL cert’s MD5 fingerprint

openssl x509 -noout -in ssl.cert -fingerprint

To check CSR: openssl req -noout -text -in new.csr 

To check key: openssl rsa -noout -text -in new.key 

Tuesday 8 January 2013

How to create LVM Snapshot and Take a backup of mysql dir ?


Some preliminary information is needed.

  1. Where are the MySQL data files stored?

# mysqladmin -u root -p12345 variables | grep datadir
 
| datadir                         | /var/lib/mysql/    
         |

This shows that the data files are located at /var/lib/mysql.

  1. Which logical volume hosts this location?

# df /var/lib/mysql
 
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/vg0-var  209698268  45532856 164165412  22% /var


This shows that the volume group is vg0, and the logical volume name is var. So, the full block device path that the LVM tools will understand is /dev/vg0/var. This can be confirmed with the following


# lvscan
 
  ACTIVE            '/dev/vg0/var' [200.00 GB] inherit

  1. How much unallocated space is available for the snapshot in the vg0 volume group?

# vgdisplay vg0 | grep Free
 
  Free  PE / Size       9551 / 37.31 GB


This shows that there are 37.31GB of free space on the vg0 volume group. This is important to note, because this free space is where changes to the live database are tracked while the snapshot is present.

Create an LVM Snapshot


  1. Connect to MySQL, flush the tables to disk, and lock them. Do not do this with mysqladmin, and be sure to leave the database session open. As soon as a client (such as mysqladmin) disconnects, this lock is lifted. In order to guarantee data integrity, the database must remained locked until the LVM snapshot is created. The amount of time that this operation takes will vary based on how much data needs to be flushed to disk, but it is generally very quick.

FLUSH TABLES WITH READ LOCK

  1. In another terminal session, create the LVM snapshot. This snapshot needs to be large enough to accommodate the changes that will be made to the database while the snapshot is present. Because this snapshot will be short lived, the shortcut "100%FREE" can be used, which will use all 37.31GB of unallocated space in this case. This process is nearly instantaneous because LVM uses a copy-on-write (COW) snapshot method.

lvcreate -l100%FREE -s -n mysql-backup /dev/vg0/var

  1. Back at the original MySQL session, release the read lock so that normal database operation can resume.

UNLOCK TABLES

At this point, there is a consistent, point-in-time snapshot of the MySQL file structure stored in the LVM snapshot. The database can now go on with its business, and the only locking required was to flush any data from memory to disk.

Snapshot Magic

Using lvscan again, the new snapshot can be seen.


# lvscan
 
  ACTIVE   Original '/dev/vg0/var' [200.00 GB] inherit
  ACTIVE   Snapshot '/dev/vg0/mysql-backup' [37.31 GB] inherit

The snapshot can now be mounted at an arbitrary location (If /dev/vg0/var is an XFS volume, add "-o nouuid -t xfs" to the mount command).


mkdir -p /mnt/snapshot
 
mount /dev/vg0/mysql-backup /mnt/snapshot

Any standard filesystem backup method can be used to store a copy of /var/lib/mysql as mounted under /mnt/snapshot. 

How to creating LVM mirroring ?


How to creating LVM mirroring ?

Example 1: Checking the free space to create partition.



[root@localhost ~]# fdisk -l

Disk /dev/sda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 765 6144831 83 Linux
/dev/sda2 766 892 1020127+ 82 Linux swap / Solaris

Above command shows total cylinders 1305 and used cylinders are 892. It means still you have free cylinders, hence we can create partition.

Example: 2 Creating new 3 partition using fdisk.

[root@localhost ~]# fdisk /dev/sda
Press n
Press p
Press “Enter” for default starting cylinder”
Enter 100MB+
Now Change the partition type to 83 and finally reboot the system.
Similarly create one more partition of 100MB.
Note: Make sure that partition ID must be 8e, while creating partitions.

Step 2. Create Physical Volumes

Example: 3

[root@localhost ~]# pvcreate /dev/sda[5,6,7]
Physical volume “/dev/sda5″ successfully created
Physical volume “/dev/sda6″ successfully created
Physical volume “/dev/sda7″ successfully created

Above command will initialize partition as lvm partition. Note: Here LVM will assign PV UUID to the partition only.

Step 3. Create Volume Group

Example: 4

[root@localhost ~]# vgcreate datavg /dev/sda[5,6,7]
Volume group “datavg” successfully created

Above command will crate volume group by name datavg. LVM create VGDA(Volume Group Descriptor Area. The VGDA Contains information about Volume Group. LVM Create PE (Physical Extent)

Step 4. Creating Mirrored Logical Volumes.

[root@localhost ~]# lvcreate -L 50M -m1 -n mirrorlv datavg
Rounding up size to full physical extent 52.00 MB
Logical volume “mirrorlv” created

While creating mirrored volumes in particular volume group, you have to specify the number of copies of the data required, –m argument of the lvcreate command. For creating 1 mirror copy of data, you have to specify the –m1

In above command, we have created 50MB of size logical volume with 1 copy of data to be maintained.

Step 5. Creating File system.

[root@localhost ~]# mkfs /dev/datavg/mirrorlv
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
13328 inodes, 53248 blocks
2662 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=54525952
7 block groups
8192 blocks per group, 8192 fragments per group
1904 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@localhost ~]#

Step 6. Mounting Filesystem.

Most commonly used method for mounting filesystem is either manually using mount command or by adding entries in /etd/fstab, so that filesystem mount during boot time.
Syntax:
Mount [option]

Example

[root@localhost ~]# mount /dev/datavg/mirrorlv /database

In above example, we have mounted /dev/datavg/mirrorlv logical volumes to /database directory. You can verify by executing following command.