Tuesday, November 20, 2012

VSFTPD logging incorrect timestamp

Bumped into wrong time stamp in xferlog today.
 for some reason vsftpd has timezone of it's own & does not follow OS timezone... This is in RHEL 5.8 & vsftpd-2.0.5-24.el5_8.1

fix:
 To change the logging to use the local server time, set the following in /etc/vsftpd.conf and restart VSFTPD.
use_localtime=YES

service vsftpd restart

Monday, November 12, 2012

Luns policy round robin esxi


This article describes how to set policy for path selection to Round Robin ( default is Fixed) via command line. Doing it via Vsphere GUI could be quite time consumiung :)

  tested on Esxi 4.1.0 #1 SMP Release build-348481


1.       To generate the luns file in /tmp
1a. create file esxihosts with host names e.g.
Host1
Host2
Host3


for x in `cat esxihosts `; do echo --------------$x------------; ssh $x "esxcfg-mpath -b | grep ^naa | awk '{print $1}' > /tmp/luns "; done

2.       Copy script to all hosts in the cluster:
for x in `cat esxihosts `; do scp setroundrobin  $x:/tmp/; done

Script is:
cat setroundrobin

#!/bin/sh
#
# To generate the luns file in /tmp
#
# esxcfg-mpath -b | grep ^naa | awk '{print $1}' > /tmp/luns
#
# NOTE: remove the internal disk from the luns file first
#

luns=/tmp/luns

for i in `cat $luns`
do
   echo $i
   esxcli nmp device setpolicy --device $i --psp VMW_PSP_RR
   sleep 3
done

exit 0

3.       Execute the script on all hosts:
for x in `cat esxihosts `; do echo --------------$x------------; ssh $x " sh /tmp/setroundrobin"; done

Tuesday, November 6, 2012

Installing Glassfish server on Linux

Installing Glassfish server on Linux

1. Install SDK http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1637583.html

In my case I downloaded rpm : jdk-7u5-linux-x64.rpm

Let’s set global JAVA_HOME

vi /etc/profile and add :

JAVA_HOME=/usr/local/java; export JAVA_HOME

/usr/local/java is the location where java sdk will be installed.

Let’s get to it:
rpm -ihv jdk-7u5-linux-x64.rpm

Preparing…                ########################################### [100%]

1:jdk                    ########################################### [100%]

Unpacking JAR files…

rt.jar…

jsse.jar…

charsets.jar…

tools.jar…

localedata.jar…

This installs it into: /usr/java/jdk1.7.0_05 ? You can check where files are with the commands:

rpm -ql jdk-1.7.0_05-fcs.x86_64|more


In rhel/fedora you can either remove dummy java symlink or point to your actual install. I am talking about:

/etc/alternatives/java

ls -la /etc/alternatives/java
lrwxrwxrwx 1 root root 46 2011-09-05 18:46 /etc/alternatives/java -> /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java
rm /etc/alternatives/java
rm: remove symbolic link `/etc/alternatives/java’? y
ln -s /usr/java/jdk1.7.0_05/bin/java /etc/alternatives/java
ls -la /etc/alternatives/java
lrwxrwxrwx 1 root root 30 2012-06-13 10:45 /etc/alternatives/java -> /usr/java/jdk1.7.0_05/bin/java
java -version
java version “1.7.0_05?

Java(TM) SE Runtime Environment (build 1.7.0_05-b05)

Java HotSpot(TM) 64-Bit Server VM (build 23.1-b03, mixed mode)

Let’s take care of symlink for our JAVA_HOME
ln -s /usr/java/jdk1.7.0_05 /usr/local/java
ls -la /usr/local/java
lrwxrwxrwx 1 root root 21 2012-06-13 10:44 /usr/local/java -> /usr/java/jdk1.7.0_05

2. Download glassfish server for Linux:

chmod +x ogs-3.1.2-unix.sh

*Please note* if you are planning to bind to ports < 1024 you need to run it as root, otherwise any local/Kerberos user is fine. There’s also a workaround to “bind” to port 80. You can contact me for more info.

sh ./ogs-3.1.2-unix.sh

Unfortunterally, by default it requires X windows. There are command line options available too, however I do have vnc and this is the method I chose to install. You would have to vnc as oracle into your server. You can check my Enabling VNC server on Linux as 1,2,3 quick guide.

Once GUI opens up just follow on-screen instructions
Glassfish is installed in : /usr/local/glassfish3

I created stop and start scripts:

cat stop.sh

bin/asadmin stop-domain domain1
cat start.sh

nohup bin/asadmin start-domain –verbose &

At this point you can launch firefox locally and point your browser to:
http://localhost:4848




Install and configure Apex Listener with Glassfish server

So this suppose to be very thorough tutorial with print screens. Unfortunately, images were lost during migration :(
here you go anyway!


Installing Apex Listener with Glassfish server
1. Download Oracle APEX Listener 1.1.3 (apex_listener.1.1.3.243.11.40.zip )
2. Login as oracle user
mkdir /home/oracle/apex_listener
cd apex_listener
unzip apex_listener.1.1.3.243.11.40.zip
Archive:  apex_listener.1.1.3.243.11.40.zip
creating: docs/
creating: docs/AELIG/
…..
3. Copy Oracle Application Express Images
Before you begin, you must copy Oracle Application Express images.
To copy Oracle Application Express images:
Create folder named ” i ” in:
<glassfish directory>/domains/<domainName>/docroot
In my case it is apparently in: /usr/local/glassfish3/glassfish/domains/domain1/docroot/
mkdir /usr/local/glassfish3/glassfish/domains/domain1/docroot/i
let’s “copy” directories and files. I prefer rsync
rsync  -auvr /home/oracle/apex/images/* /usr/local/glassfish3/glassfish/domains/domain1/docroot/i
* from Oracle apex Listener documentation:
Launch the Administration Console
At least one GlassFish server domain must be started before you start the Administration Console.
To launch the Administration Console:
Launch the Administration Console by typing the following URL in your Web browser:
Create Users and Roles
Oracle Application Express Listener requires users be assigned roles to access Oracle Application Express Listener Administration. This section describes how to create users and roles. For more information on security realms, users, group list, or roles, see your Oracle GlassFish Server documentation.
Topics:
About Roles
Create Users
About Roles
Oracle Application Express Listener requires you assign users roles to access the Application Express Listener Administration. There are two types of roles:
Admin – The user has permission to access the Oracle Application Express Listener Administration page.
Manager – The user has permission to access the Oracle Application Express Listener Status Information Page.
You can enable a default principal-to-role mapping on the Application Server using the Admin Console if the group list names is defined the same as the role names
To enable a default principal-to-role mapping:
On the navigation tree, select Configuration and then Security.
The Security page displays.
Select the check box next to Default Principal to Role Mapping.
Click Save.
Tip:
Enabling the Default Principal to Role requires the Group List to be the same as the role name as described in the sect section.
Create Users
You must create users to access the Oracle Application Express Administration page and Status page.
To create users:
In the navigation tree, expand the Configuration node.
Expand the Security node.
Expand the Realms node.
Select the realm to which to add your user (for example, file).
The Edit Realm page appears.
On the Edit Realm page, click the Manage Users button.
The File Users page appears.
On the File Users page, click New.
The New File Realm User page appears.
On the New File Realm User page, create an Admin user:
User ID – Enter the name of the Oracle Application Express Listener administrator:
adminlistener
Group List – Enter the role to which the user belong:
Admin
New Password – Enter a unique password.
Confirm New Password – Enter the password again.
Click OK.
Repeat the previous steps and create another user for the Oracle Application Express Listener manager, by specifying the following:
User ID: managerlistener
Group List: Manager
Click OK.
Install the Deployment
Tip:
The Oracle Application Express Listener files, apex.war must be available before you start this task. See “Downloading Oracle Application Express Listener”.
To install the deployment:
1.     On the navigation tree, click the Application node.
The Applications page displays.
1.     Click the Deploy button.
The Deploy Applications or Modules page displays.
Description of the illustration glassfish_sel_package.gif
1.     Select Packaged File to be Uploaded to the Server and click Browse.
2.     Navigate to the location of the apex.war file, select the file, and click Open.
The Deploy Applications or Modules page displays.
1.  On the Deploy Applications or Modules page, specify the following:
1.     Type: Web Application
2.     Context Root: apex
3.     Application Name: apex
4.     Status: Enabled
5.     Description: Application Express Listener
6.     Accept all other default settings and click OK.
The Applications page appears. A check mark should appear in the Enabled field for apex
Description of the illustration glassfish_app_pg.gif
Tip:
If a check mark does not appear in the Enabled column for apex, then select the check box next to apex and click Enable.
Access Oracle Application Express Listener Administration
To access Oracle Application Express Listener Administration, in your Web browser go to:
http://<host>:<port>/apex/listenerConfigure
Where:
·         <host> is the DNS name or IP address of the Administration Server
·         <port> is the listen port on which the Administration Server is listening for requests
Access Oracle Application Express Listener Administration
To access Oracle Application Express Listener Administration, in your Web browser go to:
http://<host>:<port>/apex/listenerConfigure
Where:
·         <host> is the DNS name or IP address of the Administration Server
·         <port> is the listen port on which the Administration Server is listening for requests

Additional notes:
after some time digging I was not able to go back to listenerAdmin page until i found post on OTN:
I was working on a similar issue on a new Glassfish installation. (latest version at time of writing: Glassfish 3.1.2)
Deployed correctly
Initial config working
Users setup correctly with proper group names
The listenerAdmin page produced a http 403 error.
The solution i found was in teh server-config – Security – JACC setting.
The DEFAULT setting did not seem to pass user and group back to the APEX listener – causing the security to fail.
Changing the JACC setting to “simple” corrected the 403 issue in my case.
after this you can login to listenerAdmin page as adminlistener user you defined during the install
 

How to configure CSR for Jboss

It’s often provided by good quality CA.
How to configure 2048 bit CSR for Jboss
step 1:
create keystore:
keytool -genkey -alias myalias -keyalg RSA -keysize 2048 -keystore mydomain.com.keystore
Fill in all the information that is asked. Please note when asked for:
What is your first and last name? – This is your actual common name, the name you are securing.
A keystore with the name powerdsr.com.keystore is generated.
step 2:
create csr request to CA [ Certificate Authority ]
keytool -certreq -alias myalias -file mydomain.csr.txt -keystore mydomain.com.keystore
cat mydomain.csr.txt and it should look something like:
—–BEGIN NEW CERTIFICATE REQUEST—–
MIIC0zCCAbsCAQAwgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOSjEPMA0GA1UEBxMGTmV3YXJr
MSkwJwYDVQQKrerwerwrRlcnByaXNlIENvbnN1bHRpbmcsIEluYzEaMBgGA1UECxMRUG93
ZXIgU3VpdGUgR3JvdXAxGTAXBgNVBAMTEHd3dy5wb3dlcmRzci5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCceDbI1gVh/qFb6kdltYa6qadpTzCwLsrthAdHu5+V91ZoUcrjPQnI
7szGxd8mFdHjJerewrhxU36seHcYqv2hKgC/0WnkYjzBYGWJKgzHaJ8QWLfQIaBdJpaCn
LGSKqDnAIHpDFYdn/h7KboMTukJWQ8Sjeox57ie+WfsdfdsfQ3QChbA44aeUIXDUWvOr2r9R
643xNHCe6hsdrChx1iTOzVjWmqA9aPiMKo1rpjP6n/cyp5KL87A9EyI/tEy6rOxeu/UyidbqSrvg
0r4qE2EuCJcazn4mVvjkafmILTTD0vyiNPmQpHEUnATTDKz+k1jcvee8cEGjAgMBAAGgADANBgkq
hkiG9w0BAQUFAAOCAQEAar0ywLt/jHrM53YyBT8tTTHc0wvuMlhzS3Ten1xh0h0D1cU/PK9LpSlS
othbulsB8Z3qf7lQ9OZLz+0qByTiBGBCrAoE90lqFzAXUMajhxDV7UqwtXkI+3ZwffksNL6mm+o5
G3BAiArHdo6Pzsmsorsj+nP92GcAdfsdfsfKWR0j7agSixaIU/tnBczdetsKzx45/RwukQfU
ycv51Eh4tljgjjRW3GE9p6cZWj5pJO/8HavsltaPxk+G/lkRfb72E6m/ftVaKDl+tKooQmfNfU2G
x0QQI1Lymi7qZF8xSm09TJYB/5Q3V/om21Qr/ivYD8XZHpL0QZGZL7a7MA==
—–END NEW CERTIFICATE REQUEST—–

Enabling VNC server on Linux

Enabling VNC server on Linux as 1,2,3

Enabling VNC server on Linux as 1,2,3 ( quick and dirty way)  for oracle user on RHEL/Fedora:
In this example i am only enabling oracle user
yum install tigervnc-server.x86_64 -y
Loaded plugins: refresh-packagekit, rhnplugin
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package tigervnc-server.x86_64 0:1.0.90-0.17.20110314svn4359.el6 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
=============================
Package Arch Version Repository Size
===============================
Installing:
tigervnc-server x86_64 1.0.90-0.17.20110314svn4359.el6 rhel-x86_64-server-6 1.1 M
Transaction Summary
============================
Install 1 Package(s)
Total download size: 1.1 M
Installed size: 0
Downloading Packages:
tigervnc-server-1.0.90-0.17.20110314svn4359.el6.x86_64.rpm | 1.1 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : tigervnc-server-1.0.90-0.17.20110314svn4359.el6.x86_64 1/1
Installed:
tigervnc-server.x86_64 0:1.0.90-0.17.20110314svn4359.el6
Complete!
vi /etc/sysconfig/vncservers
remove everything and add:
# The VNCSERVERS variable is a list of display:user pairs.
#
# Uncomment the lines below to start a VNC server on display :2
# as my ‘myusername’ (adjust this to your own). You will also
# need to set a VNC password; run ‘man vncpasswd’ to see how
# to do that.
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, see
# <URL:http://www.uk.research.att.com/archive/vnc/sshvnc.html>.
# Use “-nolisten tcp” to prevent X connections to your VNC server via TCP.
# Use “-nohttpd” to prevent web-based VNC clients connecting.
# Use “-localhost” to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the “-via” option in the
# `man vncviewer’ manual page.
# VNCSERVERS=”2:myusername”
# VNCSERVERARGS[2]=”-geometry 800×600 -nolisten tcp -nohttpd -localhost”
VNCSERVERS=”3:oracle”
VNCSERVERARGS[3]=”-geometry 1024×768 -depth 16″
save the file
VNCSERVERS=”3:oracle” – means vncsession for user oracle and port 5903
so in vncviewer you would connect as:
my.host.com:5903
####
su – oracle
crate vncpasswd file:
vncpasswd
Password:
service vncserver start ( as root)
Now you can connect via vncviewer using: my.host.com:5903 and user oracle