next batch

Apache-wpadmin.md

@@ -0,0 +1,20 @@
+When using multiple webservers in a load balancer, it's common that one node will be the "admin" node that is preferred for edits. Maybe it's writing to the Master in a MySQL multi-slave or MMM config, (r)syncing it's disk out to all the other nodes, puppetmaster/chef admin node, etc.
+
+Using a simple Apache reverse proxy on all the nodes _except_ the admin node can be handy, for instance in a Wordpress setup.
+
+```
+# 192.168.3.3 = admin node private IP
+ProxyRequests Off
+ProxyPreserveHost Off
+ProxyVia Off
+<Location "/wp-login.php">
+  Header set "Host" "www.myblog.com"
+  ProxyPass http://192.168.3.3/wp-login.php
+  ProxyPassReverse http://192.168.3.3/wp-login.php
+</Location>
+<Location "/wp-admin">
+  Header set "Host" "www.myblog.com"
+  ProxyPass http://192.168.3.3/wp-admin
+  ProxyPassReverse http://192.168.3.3/wp-admin
+</Location>
+```

DB2-Info.md

@@ -0,0 +1,153 @@
+## SysV Initscript
+
+This script is RHCS friendly and LSB compliant, designed to provide proper shutdown of all resources to allow DB2 to exit cleanly and unmount filesystems during a cluster event (planned or unplanned). It does not _require_ RHCS, however.
+
+  - Customize `DB2PROF` and `DB2LOG` as needed
+
+```
+/etc/init.d/ibmdb2
+
+#!/bin/sh
+#
+# SysV initscript for IBM DB2
+#
+# chkconfig: 2345 80 30
+# description: IBM DB2 Database Server
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Application profile
+DB2PROF=/home/db2inst1/sqllib/db2profile
+DB2LOG=/var/log/ibmdb2.log
+
+RETVAL=0
+prog="DB2"
+
+# For SELinux we need to use 'runuser' not 'su'
+if [ -x /sbin/runuser ]
+then
+  SU=/sbin/runuser
+else
+  SU=/bin/su
+fi
+
+dprofile() {
+  if [[ -e ${DB2PROF} ]]; then
+    . ${DB2PROF}
+    return 0
+  else
+    echo -n $"${prog} profile not found; exiting with error."
+    failure
+    echo ""
+    exit 1
+  fi
+}
+
+dstart() {
+  echo -n $"Starting $prog: "
+  dprofile || failure
+  db2gcf -s 1>>${DB2LOG} 2>&1
+  RETVAL=$?
+  if [ $RETVAL -gt 0 ]; then
+    db2start 1>>${DB2LOG} 2>&1 && success || failure
+    RETVAL=$?
+    echo ""
+  else
+    echo -n $"${prog} is already running"
+    success
+    RETVAL=0
+echo ""
+  fi
+}
+
+dstatus() {
+  dprofile || failure
+  db2gcf -s 1>>${DB2LOG} 2>&1
+  RETVAL=$?
+  if [ $RETVAL -gt 0 ]; then
+    echo $"${prog} is stopped"
+    return 3
+  else
+    echo $"${prog} is running..."
+    return 0
+  fi
+}
+
+dstop() {
+  echo -n $"Stopping $prog: "
+  dprofile || failure
+  db2gcf -s 1>>${DB2LOG} 2>&1
+  RETVAL=$?
+  if [ $RETVAL -gt 0 ]; then
+    echo -n $"${prog} is already stopped"
+    failure
+    RETVAL=3
+    echo ""
+  else
+    db2 terminate 1>>${DB2LOG} 2>&1
+    db2 force applications all 1>>${DB2LOG} 2>&1
+    db2stop 1>>${DB2LOG} 2>&1 && success
+    RETVAL=$?
+    if [ $RETVAL -gt 0 ]; then
+      db2stop force 1>>${DB2LOG} 2>&1 && success || failure
+    fi
+    echo ""
+  fi
+}
+
+# See how we were called.
+case "$1" in
+  start)
+    dstart
+    ;;
+  stop)
+    dstop
+    ;;
+  status)
+    dstatus
+    ;;
+  restart)
+    dstop
+    sleep 5
+    dstart
+    ;;
+  *)
+    echo "Usage: $0 {start|stop|status|restart}"
+    RETVAL=1
+esac
+
+exit $RETVAL
+```
+
+
+## Database Storage
+
+IBM DB2 supports using raw partitions; modern Best Practices from IBM developerWorks have shifted to recommending using file systems instead of raw partitions, however.
+
+Outline for Best Practices paper:
+
+  - Executive summary
+  - Introduction to database storage
+  - Goals of good database storage design
+  - Simplicity in database storage design
+  - Recipe for database storage success
+      - Think about real physical disks, not just storage space
+      - Have dedicated LUNs and file systems per non-DPF DB2 database server / per DPF partition
+      - Stripe at most in two places
+      - Separate DB2 transaction logs and data
+      - Use file systems instead of raw devices—one file system per LUN
+      - Where possible, use RAID-10 for transaction logs, RAID-10 or RAID-5 for data
+      - Set `EXTENTSIZE`
+      - Use the `NO FILE SYSTEM CACHING` clause
+      - Use DB2 automatic storage to stripe everything everywhere
+      - Do not hand-tune the `NUM_IOCLEANERS`, `NUM_IOSERVERS`, and `PREFETCHSIZE` configuration parameters
+  - Best Practices
+  - Conclusion
+  - Further reading
+
+
+## References
+
+  - <http://www.ibm.com/developerworks/data/bestpractices/databasestorage/>
+  - <http://www.ibm.com/developerworks/data/bestpractices/managingdatagrowth/index.html>

Dell-OpenManage.md

@@ -0,0 +1,34 @@
+## Disable DRAC autonegotiate
+
+DRAC devices can have a hard time working on 10G (or even 1G) switches with auto-negotiate; in order to ensure your DRAC is available in an emergency disable the auto and hard set it to 100/Full.
+
+```
+# racadm config -g cfgNetTuning -o cfgNetTuningNicAutoneg 0
+# racadm config -g cfgNetTuning -o cfgNetTuningNic100MB 1
+# racadm config -g cfgNetTuning -o cfgNetTuningNicFullDuplex 1
+# racadm racreset
+
+# racadm getconfig -g cfgNetTuning
+cfgNetTuningNic100MB=1
+cfgNetTuningNicFullDuplex=1
+cfgNetTuningNicMtu=1500
+cfgNetTuningNicAutoneg=0
+```
+
+
+## racadm launches and fails silently
+
+The racadm tool will fail silently if the previous run used a PID greater than **65535**. Confirmed still broken as of OMSA 7.3.
+
+  - racadm in local mode will create/check a pidfile `/var/run/local\_racadm.pid`
+  - If the PID inside that file is **larger than 65535** then racadm will crash
+  - Delete `/var/run/local_racadm.pid` before launching the tool
+
+When run locally the first time (meaning not using "racadm -r {IP}", just "racadm" from the local OS using IPC sockets to the local iDRAC) the tool will create a pidfile `/var/run/local_racadm.pid` and drop it’s own PID into that file. However, it doesn’t delete that file when it’s done. Every subsequent time it’s run it will check for the existence of this pidfile; if found, it will read the value and presumably check the process stack to ensure it’s not already running.
+
+Check your max PID value allowed, it's configured with the sysctl `kernel.pid_max` setting:
+
+```
+# cat /proc/sys/kernel/pid_max
+81920
+```

Find-Examples.md

@@ -0,0 +1,17 @@
+Examples using `find`
+
+```
+find / -type f -name *.jpg  -exec cp {} . \;
+find . -type f -size +10000 -exec ls -la {} \;
+find . -atime +1 -type f -exec mv {} /tmp \;
+find . -name "-F" -exec rm {} \;
+find . -exec grep -i "admin" {} \;
+find . \! -name "*.gz" -exec gzip {} \;
+find . -type f \! -name "*.Z" \! -name ".comment" -print
+find . -exec chmod 775 {} \;
+find . -user user1 -exec chown -R user2 {} \;
+find . -name 'cache*' -depth -exec rm {} \;
+find . -name 'cache[0-9][0-9]*' -depth -print | tee -a /tmp/cachefiles
+find . -xdev -name "wagoneer*" -print
+```
+

Git-Multi-SSH.md

@@ -0,0 +1,62 @@
+# git multiple accounts same host
+
+git client 2.10.0 or newer required
+
+## problem
+
+scenario:
+
+  1. two (or more) git accounts at the same host
+      - git@gitlab.com/user1
+      - git@gitlab.com/user2
+  2. using unique SSH keys with each git account
+      - host uses SSH key to know which account to use
+  3. using SSH keyring with both keys in it
+      - keyring presents keys in internal order
+
+`git` needs to be explicitly configured to use a given SSH key
+
+## solution
+
+Test each account to ensure the "welcome!" message reflect the correct user:
+
+```
+$ ssh -i ~/.ssh/id_rsa_user1 -T git@gitlab.com
+Welcome to GitLab, @user1!
+
+$ ssh -i ~/.ssh/id_rsa_user2 -T git@gitlab.com
+Welcome to GitLab, @user2!
+```
+
+Within a cloned repository, locally configure that repository to use a specific key:
+
+```
+$ git clone git@gitlab.com:user1/foo.git
+$ cd foo
+$ git config core.sshCommand "ssh -i ~/.ssh/id_rsa_user1 -F /dev/null"
+```
+and/or
+```
+$ git clone git@gitlab.com:user2/bar.git
+$ cd bar
+$ git config core.sshCommand "ssh -i ~/.ssh/id_rsa_user2 -F /dev/null"
+```
+
+This adds the setting to the local `.git/config` file like so:
+
+```
+[core]
+        sshCommand = ssh -i ~/.ssh/id_user73 -F /dev/null
+        ...
+```
+
+## initial clone
+
+If the initial clone requires a specific SSH key before the above is available, it must be exported to the environment first.
+
+```
+GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa_user99 -F /dev/null" \
+  git clone git@gitlab.com:user99/privatestuff.git
+```
+
+Any option for SSH can be used (`ssh -o StrictHostKeyChecking=no ...` e.g.) as needed.

Glibc-IPv4.md

@@ -0,0 +1,39 @@
+Glibc provides the capability per [RFC 3484](http://www.ietf.org/rfc/rfc3484.txt) to allow the sysadmin to specify the sort order of returned calls to [getaddrinfo()](http://linux.die.net/man/3/getaddrinfo) via the [/etc/gai.conf](http://linux.die.net/man/5/gai.conf) file. This is a handy way to have IPv4 preferred over IPv6 returned addresses:
+
+```
+precedence  ::ffff:0:0/96  100
+```
+
+The presence of a single precedence line in the configuration file causes the default table to not be used. The `/etc/gai.conf` is typically either empty or missing; if configured in the file the default table would look like:
+
+```
+/etc/gai.conf (RFC defaults)
+
+label       ::1/128        0
+label       ::/0           1
+label       2002::/16      2
+label       ::/96          3
+label       ::ffff:0:0/96  4
+precedence  ::1/128        50
+precedence  ::/0           40
+precedence  2002::/16      30
+precedence  ::/96          20
+precedence  ::ffff:0:0/96  10
+```
+
+When adding the IPv4 precedence, change the last line to indicate `100` (larger number == higher precedence):
+
+```
+/etc/gai.conf (IPv4 preferred)
+
+label       ::1/128        0
+label       ::/0           1
+label       2002::/16      2
+label       ::/96          3
+label       ::ffff:0:0/96  4
+precedence  ::1/128        50
+precedence  ::/0           40
+precedence  2002::/16      30
+precedence  ::/96          20
+precedence  ::ffff:0:0/96  100
+```

Mount-qcow2.md

@@ -0,0 +1,18 @@
+Mount a qcow2 image to browse around
+
+```
+apt-get install qemu-utils
+modprobe nbd max_part=8
+qemu-nbd --connect=/dev/nbd0 debian-11-genericcloud-amd64.qcow2
+mkdir /mnt/d11
+mount /dev/nbd0p1 /mnt/d11
+
+find /mnt/d11/ -name cloud_inet6
+#  /mnt/d11/etc/network/if-post-down.d/cloud_inet6
+#  /mnt/d11/etc/network/if-pre-up.d/cloud_inet6
+
+umount /mnt/d11 
+qemu-nbd --disconnect /dev/nbd0
+modprobe -r nbd
+```
+

Netcat-Replacements.md

@@ -0,0 +1,15 @@
+One-liner replacements for basic netcat port pings (`-tzv`)
+
+```
+# if netcat is not available
+# - requires --enable-net-redirections compiled in with bash
+# - works on RHEL/CentOS/Fedora but not Ubuntu/Debian
+function nctzv() { [[ $# -eq 2 ]] && (timeout 3 bash -c "echo >/dev/tcp/$1/$2" && echo "Connection to $1 port $2/tcp succeeded" || echo "Connection to $1 port $2/tcp failed"); }
+
+# the same nctzv() function in perl
+function nctzv_pl() { perl -e 'use IO::Socket::INET;$socket=IO::Socket::INET->new(Proto=>tcp,Timeout=>3,PeerAddr=>$ARGV[0],PeerPort=>$ARGV[1]);printf("Connection to %s port %s/tcp ",$ARGV[0],$ARGV[1]);if(defined $socket && $socket){$socket->close();print "succeeded\n"}else{print "failed\n";}' $1 $2; }
+
+# the same nctzv() function in python
+function nctzv_py() { python -c "exec('import sys\nimport socket\nh=sys.argv[1]\np=sys.argv[2]\ns=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\ns.settimeout(3)\ntry:\n\ts.connect((sys.argv[1],int(sys.argv[2])))\n\ts.shutdown(2)\n\tprint \"Connection to \"+h+\" port \"+p+\"/tcp succeeded\"\nexcept:\n\tprint \"Connection to \"+h+\" port \"+p+\"/tcp failed\"\ns.close')" $1 $2; }
+```
+

_Sidebar.md

@@ -4,9 +4,17 @@
 
 ## Index
 
+- [[Apache wpadmin]]
+- [[DB2 Info]]
+- [[Dell OpenManage]]
+- [[Find Examples]]
+- [[Git Multi SSH]]
+- [[Glibc IPv4]]
 - [[GnuPG Things]]
 - [[Kernel Boot Debug]]
 - [[LUKS Encrypted Partitions]]
+- [[Mount qcow2]]
+- [[Netcat Replacements]]
 - [[Proxmox Doodads]]
 - [[RPM Info]]
 - [[Radeon Temperature]]