Blogs

removing rpm imported gpg-key

While install the puppet dashboard, I noticed puppetlabs yum repo changed from using "http://yum.puppetlabs.com/RPM-GPG-KEY-reductive" to "http://yum.puppetlabs.com/RPM-GPG-KEY-puppet" causing yum to fail on the key import. I had run the key import manually couple times before I realized, yum was complaining about a different key.

Below is how I got around to removing all of the imported gpgkeys:

Find GPG keys and owners:

rpm -qa gpg-pubkey\* --qf "%{version}-%{release} %{summary}\n"

Remove corresponding GPG Key.

rpm -e gpg-pubkey-8347a27f-4afe0f12 --allmatches

Replacing sysklogd with rsyslog

If you need to replace old sysklogd with recent rsyslog on centos, `rpm -e --nodeps sysklogd` is rather kludgy as yum will remove initscripts, upon which most of the system is dependent on. However, it is possible to install and remove via the yum shell in one go, which resolves the dependency issues.

# yum shell
> install rsyslog
> remove sysklogd
> run
> quit

Linux cpu processor cores and threads

/proc/cpuinfo has the info you need to identify the number of processors, cores and threads.

To get the total number of processors/cpu cores:

grep -c processor /proc/cpuinfo

Total number of physical cpus:

grep "physical id" /proc/cpuinfo | sort -u | wc -l

Number of cores per cpu:

grep "cores" /proc/cpuinfo | sort -u

To check if hyperthreading is enabled:

grep "cores\|siblings" /proc/cpuinfo | sort -u

If siblings is a multiple of cores then hyperthreading is enabled.

Trac redirect loop upon password reset

Recently, I have come across the mentioned bug during a password reset of Trac:

Reference bug trac-hacks.org/ticket/3233

This looks like an issue when set to "Force users to change passwords after a password reset?". I changed the config to not force the password change.

Also removed the session attribute in reference from the trac database:

sqlite3 yourtrac/db/trac.db \ 'DELETE FROM "session_attribute" WHERE "name" = "force__change_passwd";'

Probing if Varnish is Alive

If you probe on varnish service status to check if it is alive, this can be setup as below. Put it in "vcl_recv" block:

  # Check if Varnish is alive
  if (req.url == "/varnish_status") {
    error 200 "OK";
  }

Then check for http "200 OK" in the response code.

List threads with ps and top

The "H" option in both ps and top lists the threads:

Examples:

ps auxwH

top H

Redirect ports inside OpenVZ containers

For port redirection to work inside OpenVZ containers, ipt_REDIRECT kernel module needs to be loaded in the host. Edit "/etc/sysconfig/vz" and add it to the IPTABLES list.

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_owner ipt_length ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_REDIRECT"

This should then allow to redirect ports. So if you need to proxy existing apache via nginx or lighttpd and you do not want to switch apaches' default port 80, then the below rules will do the appropriate redirection to port 81 where nginx/lighttpd server is listening, serving static content and proxying to apache for dynamic content:

# Redirect external web traffic to port 81
iptables -t nat -A PREROUTING -s ! 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 81

# Redirect internal port 80 to 81
iptables -t nat -A OUTPUT -s 0/0 -d 192.168.10.2 -p tcp --dport 80 -j REDIRECT --to-ports 81

Where 192.168.10.2 is the internal IP resolver of domain/host.

clear out nginx cache

If you are switching out static content that have gotten cached in nginx, the head of the cached files usually stores the file path that can be greped for and the file removed. One you hit the url again, it will recreate the new cached file at the same location.

find /var/cache/nginx -type f -exec grep -l /path/to/oldfile.css {} \;

Clean up config files

Below are one liners to clean out all comment and blank lines with grep and sed, usually in config files.

grep -v "^#\|^$" <conf_file>

or

grep -v "^\#" <conf_file> | sed '/^$/d'

Enabling md5 shadow password with authconfig

If you notice that /etc/shadow file password is using DES encryption, MD5 encryption can be enabled via:

authconfig --enablemd5 --enableshadow --update

If authconfig is not present edit, "/etc/pam.d/system-auth" and add "md5 shadow" to line starting with "password sufficient pam_unix.so" so it looks like below:

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok

Syndicate content
Comment