2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (230)
- ftp (5)
- IPTABLES (15)
- SFTP (1)
- swap (3)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (31)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (9)
Ldap (5)
Linux (189)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (36)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

Counting number of users in a group – Linux

Counting number of users in a group – Linux

Here is a small command to find number of users in particular group on a *nix system. An example for wheel group:

grep wheel /etc/group | fgrep -o , | wc -m

Now here’s a catch, this command actually counts the commas in the line from the group file. So if there are 5 users in the group, the output will be 4. You will have to add a 1 to the output.

So when using it in scripts, one can use it like this:

VAR1=$(($(grep wheel /etc/group | fgrep -o , | wc -m) + 1))
echo $VAR1
5

Explanation:

First grep will print only the group and its members. The members are seperated by a comma. Next we print the commas using -o option and later count them using wc command. The second example will just add a 1 to it.

Read more at http://kaustubhghanekar.blogspot.com/2015/12/counting-number-of-users-in-group-linux.html#IXfIGy3o5PEqmMlL.99

Disabling default GUI Startup Solaris 10

Many of us may not want to use the Solaris 10 Default JAVA or KDE default GUI. To startup Solaris 10 default in command Line mode you can make use of one of following:

1. You can use dtconfig command:
To disable GUI:
#/usr/dt/bin/dtconfig -d
To enable GUI:
#/usr/dt/bin/dtconfig -e
2. Disable/enable Service that handles cde-login:
To disable GUI:
#svcadm disable svc:/application/graphical-login/cde-login:default
To enable GUI:
#svcadm disable svc:/application/graphical-login/cde-login:default

It is that simple. No defense

Solaris 10 Live Upgrade HowTo

Prepare the disk slice and partition for live upgrade:
disk 1 Partition:
c0d0s0 /
c0d0s1 swap
c0d0s2 backup

disk 2 partition:

c0d1s0 /copyroot

the partition on second disk (/copyroot) is same size as the root (/) partition and it must not appear in use in “/etc/vfstab”.

This example explains how to upgrade a Solaris 10 10/08 system to the Solaris 10 5/09 release. Solaris Live Upgrade has many capabilities but for a simple situation like upgrading a system to a new Solaris release, there are three commands:
• lucreate to create the copy
• luupgrade to upgrade the OS on the copy
• luactivate to choose the environment to boot

Before upgrading, you must install the Solaris Live Upgrade packages from the release to which you are upgrading. New capabilities are added to the upgrade tools, so installing the new packages from the target release is important. In this example, you will upgrade from Solaris 10 3/05 to Solaris 10 1/06, so you must get the Solaris Live Upgrade packages from the Solaris 10 1/06 DVD.

1. Install Live Upgrade package.

Insert Solaris DVD, then from “Solaris_10/Tools/Installers” directory, run the “liveupgrade20” command.

you can run the command without option “noconsole” and “nodisplay” if you want to display the GUI.

bash-3.00# cd /cdrom/sol_10_509_x86/Solaris_10/Tools/Installers/
bash-3.00# ./liveupgrade20 -noconsole -nodisplay

2. Run the “lucreate” command to create a copy of the active boot environment.

bash-3.00# lucreate -c solarisold -n solarisnew -m /:c0d1s0:ufs

“solaris0ld” is the active environment

“solarisnew” is inactive boot environment

3. after the new boot environment is created, now begin the upgrade procedure:

bash-3.00# luupgrade -u -n solarisnew -s /cdrom/cdrom0

4. after finished on step 3, now time to activate the new environment.

bash-3.00# luactivate solarisnew

5. init 6

Creating a Jumpstart Server from ISO images

What is Jumpstart ? Jumpstart is a computer network installation tool set used by the Solaris OS. On this post, you will find easy step to perform Jumpstart installation from ISO Solaris OS images.

here are the step-by-step:

first of all, you need to upload Solaris ISO image to server that will used as Jumpstart server. In this example, my ISO images is “sol-10-u8-ga-sparc-dvd.iso” and I uploaded already to root home directory (/).
Add your client IP address & hostname to “/etc/hosts”, also the hostname and mac address to “/etc/ethers”.
if your client is Sparc, then you can find the mac address by running “banner” command from OK prompt. For x86, the mac address can be found on BIOS.

# more /etc/hosts
::1 localhost
127.0.0.1 localhost
10.32.16.1 solaris10 solaris10. loghost
192.168.1.2 client1
192.168.1.3 client2
192.168.1.4 client3

# more /etc/ethers
0:0:be:a5:1a:9e client1
0:0:be:a5:1a:9f client2
0:0:be:a5:1a:a0 client3

mount ISO images using “lofiadm” command to “/mnt” directory:
# lofiadm -a /sol-10-u8-ga-sparc-dvd.iso /dev/lofi/1
# lofiadm
Block Device File
/dev/lofi/1 /sol-10-u8-ga-sparc-dvd.iso
# mount -F hsfs -o ro /dev/lofi/1 /mnt

Check the “/mnt” directory, the jumpstart scripts are located at “/Solaris_10/Tools/” directory:
# cd /mnt/Solaris_10/Tools/
# ls
add_install_client dial rm_install_client
Boot Installers setup_install_server

If you don’t hv enough disk space, then you can run “add_install_client” script directly:
the format is “add_install_client ”

#./add_install_client client1 sun4u
saving original /etc/dfs/dfstab in /etc/dfs/dfstab.orig
Adding “share -F nfs -o ro,anon=0 /mnt” to /etc/dfs/dfstab
making /tftpboot
enabling tftp in /etc/inetd.conf
starting rarpd
starting bootparamd
starting nfsd’s
starting nfs mountd
updating /etc/bootparams
copying boot file to /tftpboot/inetboot.SUN4U.Solaris_10-1
#

NOTE: If you want to copy all or part of the install DVD onto a system to set it up as a long term install server with the install media available on local disk, then you can run “setup_install_server” script.

FORMAT: setup_install_server .

Check “/etc/bootparams”. The bootparams file contains a list of client entries that diskless clients use for booting. Make sure your client listed in there..
Configure Client to boot from Network. for Sparc, run “boot net – install” from OK Prompt. For X86 configure BIOS to boot from Network.
Follow the installation procedure till finish..
NOTE For X86/i386pc:

You need to configure DHCP macro on Jumpstart server, run “/usr/sadm/admin/bin/dhcpmgr” from X Windows / GUI, then click EDIT > NETWORK WIZARD.
put “i386pc” as your platform while running add_install_client , exp:
./add_install_client -d -e 0:0:be:a5:1a:9e -s 192.168.1.1:/mnt i86pc

How to reset the ILOM root password back to the default ‘changeme’ using ipmitool

If the root password on the ILOM is currently unknown, but you have root access to the O/S installed, you can change the ILOM password back to the default “changeme”.

Follow below steps:
# which ipmitool
/usr/sbin/ipmitool

# /usr/sbin/ipmitool -V
ipmitool version 1.8.8

# /usr/sbin/ipmitool user set password 0x02 changeme

[or you can also use the raw format:
# /usr/sbin/ipmitool raw 0x06 0x47 0x02 0x02 0x63 0x68 0x61 0x6e 0x67 0x65 0x6d 0x65 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00

There will be no confirmation after running the ipmitool command, however the ILOM root password will be changed to changeme.

How to Configure NTP Server and NTP Client on Solaris 10

How to Configure NTP Server on Solaris 10:

[Check NTP services:
bash-3.00# svcs ntp
STATE STIME FMRI
disabled 21:14:03 svc:/network/ntp:default
bash-3.00#

NTP services still ‘disabled’, OK leave it disabled state, before enable NTP services, we need to create / edit ntp.conf.

bash-3.00# cp /etc/inet/ntp.server /etc/inet/ntp.conf
bash-3.00# vi /etc/inet/ntp.conf
[Find two lines:
server 127.127.XType.0
fudge 127.127.XType.0 stratum 0

Replace “XType” with your External Clock Device.the complete list are on ntp.conf file.

—————–

# This is the external clock device. The following devices are
# recognized by xntpd 3-5.93e:
#
# XType Device RefID Description
# ——————————————————-
# 1 local LCL Undisciplined Local Clock
# 2 trak GPS TRAK 8820 GPS Receiver
# 3 pst WWV PSTI/Traconex WWV/WWVH Receiver
# 4 wwvb WWVB Spectracom WWVB Receiver
# 5 true TRUE TrueTime GPS/GOES Receivers
# 6 irig IRIG IRIG Audio Decoder
#etc…..

—————-

Usually we use XType number 1, “Undisciplined Local Clock”. So the configuration become like this:

server 127.127.1.0
fudge 127.127.1.0 stratum 0

You can also syncing to an external NTP server:
Go to http://www.pool.ntp.org/ for a list of public time servers:
change `server 127.127.XType.0`
to `server time_server`

[Exp for Indonesia pool zone:
server 0.id.pool.ntp.org
server 0.asia.pool.ntp.org
server 2.asia.pool.ntp.org
[then ENABLE the NTP services:
bash-3.00# svcadm enable ntp
bash-3.00# svcs ntp
STATE STIME FMRI
online 21:38:44 svc:/network/ntp:default

Now, your NTP server will broadcast its packet using UDP port 123 on Multicast network 224.0.0.1

How to Configure NTP Client on Solaris 10:

On client side, check ntp services, leave it in disabled state, we’ll re-enable again later:

[Copy ntp.client become ntp.conf file:
bash-3.00# cp /etc/inet/ntp.client /etc/inet/ntp.conf
The default config is “multicastclient 224.0.1.1” It mean your client passively waits for a ntp server to provide NTP packet to multicast network 224.0.1.1. If you want to sync your clock to a particular server, even though the clock is coming from the Internet or from the server’s hardware clock then specify it as:

server

Donf forget to remove/comment the line “multicastclient 224.0.1.1”

[ENABLE the NTP services:
bash-3.00# svcadm enable ntp
bash-3.00# svcs ntp
STATE STIME FMRI
online 22:30:15 svc:/network/ntp:default

Run “ntpq -p” to check which NTP server you are using right now.

[Read more:
# man xntpd

[Additional references:
Using NTP to Control and Synchronize System Clocks – Part I: Introduction to NTP
http://www.sun.com/blueprints/0701/NTP.pdf

Using NTP to Control and Synchronize System Clocks – Part II: Basic NTP Administration and Architecture
http://www.sun.com/blueprints/0801/NTPpt2.pdf

Using NTP to Control and Synchronize System Clocks – Part III: NTP Monitoring and Troubleshooting
http://www.sun.com/blueprints/0901/NTPpt3.pdf

How To Boot Solaris Cluster into Non-Cluster Mode

Shut down the specific Global Cluster

# clnode evacuate
# cluster shutdown -g0 -y

For SPARC, drop system to OK Prompt, then type ‘boot -xs’.

ok> boot -xs

For X86:
– In the GRUB menu, use the arrow keys to select the appropriate Solaris entry and type e to edit its commands.
GNU GRUB version 0.95 (631K lower / 2095488K upper memory)
+————————————————————————-+
| Solaris 10 /sol_10_x86 |
| Solaris failsafe |
| |
+————————————————————————-+
Use the ^ and v keys to select which entry is highlighted.
Press enter to boot the selected OS, ‘e’ to edit the
commands before booting, or ‘c’ for a command-line.

– In the boot parameters screen, use the arrow keys to select the kernel entry and type e to edit the entry.
The GRUB boot parameters screen appears similar to the following:
GNU GRUB version 0.95 (615K lower / 2095552K upper memory)
+———————————————————————-+
| root (hd0,0,a) |
| kernel /platform/i86pc/multiboot |
| module /platform/i86pc/boot_archive |
+———————————————————————-+
Use the ^ and v keys to select which entry is highlighted.
Press ‘b’ to boot, ‘e’ to edit the selected command in the
boot sequence, ‘c’ for a command-line, ‘o’ to open a new line
after (‘O’ for before) the selected line, ‘d’ to remove the
selected line, or escape to go back to the main menu.

-Add -x to the command to specify system boot in noncluster mode.
[ Minimal BASH-like line editing is supported. For the first word, TAB
lists possible command completions. Anywhere else TAB lists the possible
completions of a device/filename. ESC at any time exits. ]

grub edit> kernel /platform/i86pc/multiboot -x

-Press the Enter key to accept the change and return to the boot parameters screen.
The screen displays the edited command.
GNU GRUB version 0.95 (615K lower / 2095552K upper memory)
+———————————————————————-+
| root (hd0,0,a) |
| kernel /platform/i86pc/multiboot -x |
| module /platform/i86pc/boot_archive |
+———————————————————————-+
Use the ^ and v keys to select which entry is highlighted.
Press ‘b’ to boot, ‘e’ to edit the selected command in the
boot sequence, ‘c’ for a command-line, ‘o’ to open a new line
after (‘O’ for before) the selected line, ‘d’ to remove the
selected line, or escape to go back to the main menu.-

-Type b to boot the node into noncluster mode.

SOLARIS 11 ZFS ROOT RECOVERY:

* Boot system into single user via network or CDROM.
boot net -s
boot cdrom -s

* On X86 machine, you need edit grub and append -s on kernel line OR boot CDROM with Solaris-11-Text image/media, then select option “3 shell” on “Welcome to the Oracle Solaris Installation Menu”.
* If it ask username: root/solaris or root/password

# mkdir /a /b
# zpool import -R /a -f rpool
# zfs mount –o mountpoint=/b rpool/ROOT/solaris
# vi /b/etc/shadow

*Remove the root password section, it will become look like this:
root::15356::::::

*Note that by default, the new Solaris 11 doesn’t allow blank password
*To allow empty passwords at login:

# vi /b/etc/default/login
*Switch this line “PASSREQ=YES” to “PASSREQ=NO”

*If you access the system via SSH, also check the directive PermitEmptyPasswords in “/etc/ssh/sshd_config”
PermitEmptyPasswords yes

# cd /
# umount /b
# zpool export -f rpool
# reboot

Solaris 10 Remote X11,X-Server or CDE Login Problem

Sometimes I got an error after finishing on Solaris 10 box installation. After make some configuration then suddenly I can’t access my Solaris XDMCP remote session on my laptop.. Usually, I use XManager Enterprise to get Solaris GUI remote session XDMCP. here the step-by-step to troubleshoot if you got the same problem:

*you must run all below command from serial console, all network connection services will stopped when you run command “netservice limited”.

{Make sure that svc:/application/graphical-login/cde-login is enabled and online.

root@solaris10 # svcs cde-login
STATE STIME FMRI
online Mar_02 svc:/application/graphical-login/cde-login:default

root@solaris10 #netservices limited

restarting syslogd
restarting sendmail
dtlogin needs to be restarted. Restart now? [Y] y
restarting dtlogin
{Check dtlogin process:

root@solaris10 # ps -ef | grep dtlogin

root 29384 1 0 Mar 02 ? 0:00 /usr/dt/bin/dtlogin -daemon -udpPort 0 [should be TCP, not UDP]

{Modify the x11-server service:

—–>Show properties:
#svcprop svc:/application/x11/x11-server

——>Turn on tcp listen:
#svccfg -s svc:/application/x11/x11-server setprop options/tcp_listen=true

{Modify the dtlogin service:

—–>Show properties:
#svcprop svc:/application/graphical-login/cde-login:default
#svccfg -s svc:/application/graphical-login/cde-login setprop dtlogin/args=\”\”

—–>Then restart the X server:
#svcadm refresh svc:/application/graphical-login/cde-login:default;
#svcprop -p dtlogin svc:/application/graphical-login/cde-login:default

root@solaris10 #netservices open

restarting syslogd
restarting sendmail

root@solaris10# svcadm restart cde-login
root@solaris10# ps -ef |grep dtlogin
root 27722 1 0 15:08:37 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 27724 26297 0 15:08:43 pts/3 0:00 grep dtlogin

Proxying from Apache HTTPS to some backend server that only speaks HTTP

Proxying from Apache HTTPS to some backend server that only speaks HTTP

Here’s a use case: You want to run an application server that only speaks HTTP, but securely, over HTTPS. The problem is that the application server won’t know that it’s being accessed via HTTPS, so any URLs and redirects it generates might point to HTTP. Here’s an example virtual host entry that takes care of that by rewriting the header.

You need Apache, mod_proxy and mod_headers.

ServerName foo.bar.example.com

SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Header edit Location “^http:(.*)$” “https:$1”

PassengerEnabled off
ProxyPass / http://127.0.0.1:3000/
ProxyPassReverse / http://127.0.0.1:3000/

DocumentRoot /var/www/foo/bar

AllowOverride none
Options -MultiViews

The magical line is the one with “Header edit…”. This makes sure any request your app server would have sent to HTTP are rewritten to HTTPS.

Header edit Location ^http://(yourdomain.com/sslpath.*) https://$1

httpd.conf

LoadModule ext_filter_module modules/mod_ext_filter.so

RewriteEngine on

#1
RewriteCond %{REQUEST_URI} ^/gw/192\.168\.0\.[0-9]{1,3}/
RewriteRule ^/gw/(.*) /gw/http://$1 [R,NS,L]

#2
RewriteCond %{REQUEST_FILENAME} !/\.ht.* [NC]
RewriteCond %{REQUEST_URI} ^/gw/https?[:/]+192\.168\.0\.[0-9]{1,3}/
RewriteRule ^/gw/(https?)[:/]+(.*) $1://$2 [P,L,NS]

#3
Header edit Location ^(https?)[:/]+(.*) /gw/$1://$2

#4
ExtFilterDefine fixurl mode=output cmd=”/bin/bash /var/www/bin/url_rewrite.sh”
SetOutputFilter fixurl

#!/bin/bash

host=$(echo ${DOCUMENT_URI} | sed -e ‘s|^/gw/$https\?$[:/]\+$[^/]*$/.*|/gw/\1://\2/|g’)

/bin/sed \
-e “s%$href\|src\|action$=\”/$[^\” <>\n]*$\”%\1=\”${host}\2\”%g” \
-e “s%$url: *[‘\”]$/$[^’\”]*[‘\”]$%\1${host}\2%g” \
-e “s%\”$https\?$[:/]\+$192\.168\.0\.[0-9]\{1,3\}$/%\”http://${HTTP_HOST}/gw/\1://\2/%g” \
-e “s%localhost/%${HTTP_HOST}${host}%g”

Recent Posts

Pages

Categories

Archives

Recent Comments