Thursday, 20 September 2012

How to increase max connections in mysql

How to increase max connections in mysql, so that it can handle huge connections from applications.

By default in mysql database server max_connections is set to 100. This value indicates how many maximum concurrent connections mysql server can handle. If mysql reaches to it maximum (max) limit then you can see errors like "too many connections".

As we know my.cnf is default configuration file for mysqld service and by default it is located in /etc directory unless and until you have changed it.
To find out how many max_connections are allowed currently on your mysql server use following command from mysql prompt.
    mysql> select @@max_connections;
    +-------------------+
    | @@max_connections |
    +-------------------+
    | 100 |
    +-------------------+
    1 row in set (0.00 sec)
max_connections is a GLOBAL variable. we can increase it on the fly without restarting mysqld service.
To do so use following command.
    mysql> set global max_connections = 200;
    Query OK, 0 rows affected (0.00 sec)
Now, If you check again you will see that limit of max_connections is increased.
    mysql> select @@max_connections;
    +-------------------+
    | @@max_connections |
    +-------------------+
    | 200 |
    +-------------------+
    1 row in set (0.00 sec)

Tuesday, 28 August 2012

How to make the linux server recognize the newly hot added Hard Disk

After adding the HDD to Linux Virtual machine while powered on, it will not automatically recognize it.

Hence please follow the below steps to make the linux server recognize the HDD

Step 1 : Login to the linux server as root user

Step 2 : Execute the below command to check whether HDD has been recognized by your server
              #fdisk -l

Step 3 : If not recognized then please execute the below command.
             # echo "- - -" > /sys/class/scsi_host/host0/scan

Step 4 : Now check (fdisk -l) to check whether it is recognized

How to backup database in Oracle Server 10.10.10.10

How to backup database in Oracle Server 10.10.10.10
Step 1 : Login to the oracle server as root in 10.10.10.10

Step 2 : Then switch over as oracle user using below command
                #su - oracle

Step 3 : Then set oracle_sid to use the respective database
               # export ORACLE_SID=citialps

Step 4 : Then check whether oracle home directory has been set as below
               #echo $ORACLE_HOME
                  /opt/ora9/product/9.2

Step 5 : Then use the below command to backup the database.

Note : make sure atleast 5 GB space is available in the server

            #exp testuat/testuat file=testuat280812.dmp full=yes

Monday, 27 August 2012

How to mount NTFS partition ie USB HDD in linux server

Mounting NTFS Partition on RHEL 5.x/6.x

GCC Packages is must for Mounting NTFS.
After GCC installed

#yum -y install fuse fuse-ntfs-3g dkms dkms-fuse
 
if you are running xen kernel then only run this command

#yum install kernel-xen-devel

if you are running PAE kernel then only run this command
#yum install kernel-PAE-devel

Now Make Entry in your /etc/fstab file
make backup of your /etc/fstab by executing this command

#cp /etc/fstab /etc/fstab.bkp

now open your /etc/fstab file in your favorite editor

#vim /etc/fstab like below example
/dev/sda1          /mnt/ntfs      ntfs-3g      defaults       0  0


save & exit from file

#mount -t ntfs-3g /dev/<devicename> /<mountpoint>

 

 

 

Tuesday, 14 August 2012

Input/Output error while mounting NFS Share

when u get below error while mounting nfs share

[root@ghrms ~]# mount -t nfs 10.2.1.74:/data/dbbackup/10.2.1.47 /nfs
mount.nfs: Input/output error


Please use the below option

[root@orione mnt]# mount -t nfs <ip address>:/mnt/backup/backup /zainetto/ -o nolock,udp

Thursday, 19 July 2012

How to Implement mod_jk for web to app re-direction

mod_jk is used to redirect the requests which comes to port 80 to port 8080 or to tomcat

Step 1: wget http://apache.techartifact.com/mirror//tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.37-src.tar.gz

Step 2: tar -zxvf tomcat-connectors-1.2.37-src.tar.gz

Step 3:cd tomcat-connectors-1.2.37-src

Step 4: cd native

Step 5: ./configure --with-apxs=/usr/sbin/apxs

Step 6: make

Step 7: cd apache-2.0/

Step 8: cp mod_jk.so /usr/lib64/httpd/modules/

Step 9: cd /etc/httpd/conf.d
vim mod_jk.conf

=====================================

LoadModule    jk_module  modules/mod_jk.so
    # Declare the module for <IfModule directive> (remove this line on Apache 2.0.x)
#    AddModule     mod_jk.c
    # Where to find workers.properties
    JkWorkersFile /etc/httpd/conf.d/workers.properties
    # Where to put jk shared memory
    JkShmFile     /var/log/httpd/mod_jk.shm
    # Where to put jk logs
    JkLogFile     /var/log/httpd/mod_jk.log
    # Set the jk log level [debug/error/info]
    JkLogLevel    info
    # Select the timestamp log format
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
    # Send servlet for context /examples to worker named worker1
    #JkMount  /examples/servlet/* worker1
    # Send JSPs  for context /examples to worker named worker1
    #JkMount  /examples/*.jsp worker1
   JkMount /* node1
   JKOptions +DisableReuse
===================================

Step 10: vim /etc/httpd/conf.d/workers.properties

====================================
# Define list of workers that will be used
# for mapping requests
worker.list=node1

# Define Node1
worker.node1.port=8009
worker.node1.host= localhost
worker.node1.type=ajp13
worker.node1.lbfactor=1
#worker.node1.local_worker=1 (1)
worker.node1.cachesize=10
===================================

Step 11:  /etc/init.d/httpd restart


How to implement Openssl for apache in linux

Step 1 : Generate a Private Key

The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.
The first step is to create your RSA Private Key.

#penssl genrsa -des3 -out server.key 2048

Step 2: Generate a CSR (Certificate Signing Request) 

Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which will be demonstrated in the next section.

#openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:CH
State or Province Name (full name) [Berkshire]:Bern
Locality Name (eg, city) [Newbury]:Oberdiessbach
Organization Name (eg, company) [My Company Ltd]:Akadia AG
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server's hostname) []:public.akadia.com
Email Address []:martin dot zahn at akadia dot ch
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step 3: Remove Passphrase from Key 

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

#cp server.key server.key.org
#openssl rsa -in server.key.org -out server.key

Step 4: Generating a Self-Signed Certificate  

At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.
To generate a temporary certificate which is good for 365 days, issue the following command:

#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

 Step 5: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled. 

cp server.crt /etc/httpd/ssl/server.csr
cp server.key /usr/httpd/ssl/server.key


Step 6: Configuring SSL Enabled Virtual Hosts
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 or if there is ssl.conf under /etc/httpd/conf.d/ssl.conf then change the below 2 entry


SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key


Step 7: Restart Apache and Test
 
/etc/init.d/httpd stop
/etc/init.d/httpd stop



 
 

How to create virtual user in ftp using "pure-pw" command

How to create virtual user for existing ftp share using "pure-pw" command

1. Login to the FTP Server
2. Execute the below command

#pure-pw useradd <username> -u ftpuser -d /ftpfolder/cssbt -N 1024

provide the password when prompted

3. Execute the below command to save the configuration

#pure-pw mkdb

Friday, 20 April 2012

How to create ldap user in Linux LDAP Server

Lets see how to create ldap user in Linux LDAP Server

Step 1: Create a local user account named <sl092467> in LDAP Server

#useradd sl092467

Step 2 : Note down the details of the user using passwd file

#cat /etc/passwd | grep sl092467               (note down uid, gid etc)

Step 3 : create a file named <raja> and enter as below

dn: uid=sl092467,ou=People,dc=csscorp,dc=com
uid: sl092467
cn: sl092467
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$QLoEkVTC$RHrUQKYbqtRi4cfoPtusT.
shadowLastChange: 15027
shadowMin: 1
shadowMax: 90
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1014
gidNumber: 1014
homeDirectory: /home/sl092467

Step 4 : Save the file and execute the below command to add user sl092467 as ldap user

#ldapadd  -D "cn=Manager,dc=csscorp,dc=com"  -W -x  -f /home/venkat/ldap/raja

Step 5 : execute the below command to set ldap password for user sl092467

#ldappasswd -S -x -W -D "cn=Manager,dc=example,dc=com" "uid=sl092467,ou=People,dc=example,dc=com"

Enter ldap password for user and confirm the password. Then u will be prompted for ldap root password

Step 6 :  To add user sl092467 as a member of sladmin group. Open the <groupname>.ldif file

dn: cn=sladmin,ou=Group,dc=csscorp,dc=com
objectClass: posixGroup
objectClass: top
cn: sladmin
userPassword: {crypt}x
gidNumber: 1050
memberUid: sl000132
memberUid: sl005204
memberUid: sl005207
memberUid: sl005209
memberUid: sl005241
memberUid: sl005262
memberUid: sl007290
memberUid: sl088966
memberUid: sl089004
memberUid: sl005408
memberUid: css95891
memberUid: sl092467
memberUid: sl088735
memberUid: sl005539
memberUid: css05210

Step 7 : Add the user sl092467 as highlighted above and save the file

Step 8 : Execute the below command to add user sl092467 as member of sladmin group

#ldapmodify  -D "cn=Manager,dc=csscorp,dc=com"  -W -x  -f grp_modi.ldif

Step 9 : Login to linux server using ldap account credentials. when u login for the first time u will be prompted to change the password.







Thursday, 12 April 2012

How to Setup NFS in Linux Server

How to Setup NFS Server

Step 1: Install the following nfs packages in linux server
  •    nfs-utils
  •    libevent
# rpm -ivh nfs-utils-1.0.9-60.el5.x86_64.rpm libevent-1.4.13-1.x86_64.rpm

Step 2: Start the nfs and portmap service as mentioned below

# /etc/init.d/nfs start
# /etc/init.d/portmap restart

Step 3: Open the nfs file /etc/exports and enter details as below

# vim /etc/exports

/data   10.2.1.x(rw,no_root_squash) 10.2.1.x(rw,no_root_squash)

Step 4: Save the file and restart portmap and nfs service

How to Setup NFS Client:

Step 1: Login the server where u want to mount the nfs partition and start netfs and portmap service

# /etc/init.d/netfs start
# /etc/init.d/portmap start

Step 2: Open the fstab file and make an entry as below

# vim /etc/fstab
10.2.1.x:/data/dbbackup     /nfs          nfs               defaults               0 0

Step 3:  Save the file and restart netfs service

Step 4: execute mount command to mount the nfs partition

# mount -a

Step 5:  check whether the nfs partition is mounted using the below command

#df -h


http://www.cyberciti.biz/faq/centos-fedora-rhel-nfs-v4-configuration/


Tuesday, 10 April 2012

How to enable remote access to mysql database

Recently in one of the server mysql was running but in netstat output port was not listening due to which users are not able to connect database in the server.

But able to login to mysql prompt without any issues

Resolution:

Step 1: Login to the server using putty
Step 2: Edit my.cnf file

  • If you are using Debian Linux file is located at /etc/mysql/my.cnf location
  • If you are using Red Hat Linux/Fedora/Centos Linux file is located at /etc/my.cnf location
  • If you are using FreeBSD you need to create a file /var/db/mysql/my.cnf
#vi /etc/my.cnf

Step 3:  Make sure line skip-networking is commented (or remove line) and add following line

bind-address=YOUR-SERVER-IP
 
  • bind-address : IP address to bind to.
  • skip-networking : Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.
Step 4: restart mysql service and check accessing remotely. 
 

Monday, 5 March 2012

Avoid Password Prompt When Executing The Sudo Command

If local user want to execute a command using sudo and does not want the password prompt then

1. Create a user
2. open the sudoers file 

enter as follows

rajasekar ALL=(ALL)       NOPASSWD: NOPASSWD: ALL


Friday, 24 February 2012

Jboss Installation Steps in Linux

1. wget http://download.jboss.org/jbossas/6.1/jboss-as-distribution-6.1.0.Final.zip
2. unzip jboss-as-distribution-6.1.0.Final.zip
3. cd /usr/local
4. mv jboss-6.1.0 .
5. ln -s /usr/local/jboss-6.1.0 jboss
http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u30-download-1377139.html.
6.  chmod +x jdk-6u30-linux-i586.bin
7. ./jdk-6u30-linux-i586.bin
8. mv jdk1.6.0_30/ /usr/lib/
9. cd /usr/lib
10. ln -s jdk1.6.0_30/ jdk
11. JAVA_HOME="/usr/lib/jdk"
12. echo $JAVA_HOME
13. PATH=$JAVA_HOME/bin:$PATH
14. echo $PATH
15. cd /usr/local/jboss-6.1.0.Final/bin/
16. ./run.sh -b 0.0.0.0 &
17. ps -ef | grep jboss


How to Set JAVA_HOME / PATH variables Under Linux Bash Profile

Set JAVA_HOME / PATH for single user

Login to your account and open .bash_profile file
$ vi ~/.bash_profile
Set JAVA_HOME as follows using syntax export JAVA_HOME=<path-to-java>. If your path is set to /usr/java/jdk1.5.0_07/bin/java, set it as follows:
export JAVA_HOME=/usr/java/jdk1.5.0_07/bin/java
Set PATH as follows:
export PATH=$PATH:/usr/java/jdk1.5.0_07/bin
Save and close the file. Just logout and login back to see new changes:
$ echo $JAVA_HOME
$ echo $PATH

Tip: Use the following command to find out exact path to which java executable under UNIX / Linux:
$ which java

 

Set JAVA_HOME / PATH for all user

You need to setup global config in /etc/profile OR /etc/bash.bashrc file for all users:
# vi /etc/profile
Next setup PATH / JAVA_PATH variables as follows:
export PATH=$PATH:/usr/java/jdk1.5.0_07/bin
export PATH=$PATH:/usr/java/jdk1.5.0_07/bin

 

 

 

Tuesday, 31 January 2012

How to add users / change password for phpmyadmin console

config.inc.php file under phpmyadmin will have configuration details about phpmyadmin console


EX: /var/www/html/iris/phpmyadmin/config.inc.php


Default username and password is root 

http://www.phpmyadmin.net/documentation/

Friday, 27 January 2012

Friday, 20 January 2012

How to find whether the linux server is a physical server or virtual machine

To find whether the linux server is a physical box or vmware virtual machine. Execute the below command

# dmidecode | less

#lspci | less





Tuesday, 17 January 2012

java.lang.OutOfMemoryError: PermGen Space while starting jboss in linux

The "PermGen" error happens, when the Java virtual machine runs out of memory in the permanent generation. Recall that Java has a generational garbage collector, with four generations: eden, young, old and permanent. 

More about the error can be read from http://rlogiacco.blogspot.com/2009/02/jboss-and-permgen-outofmemoryerror.html

Solution:


The defaut PermGen space in Jave is 64MB, and you want to define a larger one.
To do so you need to set the two params -XX:PermSize=128m and -XX:MaxPermSize=128m in the JAVA_OPTS - the size is here set to 128MB - but you can set it to your own, it have to be below the max of -Xmx 
     

Step1: Go to  JBOSS_HOME/bin/ directory
Step2: Open run.conf file as shown below   
                #vim run.conf


Step3: Search for the string JAVA_OPTS
Step4: Add the two parameters as shown below


Before adding "permgen" parameters
------------------------------------------------------------------------------------
if [ "x$JAVA_OPTS" = "x" ]; then
   JAVA_OPTS="-Xms128m -Xmx512m  -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000"
fi
------------------------------------------------------------------------------------



After adding "permgen" parameters
------------------------------------------------------------------------------------
if [ "x$JAVA_OPTS" = "x" ]; then
   JAVA_OPTS="-Xms128m -Xmx512m -XX:PermSize=2048m -XX:MaxPermSize=2048m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000"
fi
---------------------------------------------------------------------------------------



Step5: Restart jboss

Monday, 2 January 2012

How to disable HTTP Trace and Track method

Step1: Login to the server

Step2: Locate the apache configuration file
           # locate httpd.conf

Step3: Open the apache configuration file and add the following lines in each virtual host tag

            #vim httpd.conf

--------------------------------------------------------------------------------------
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /www/docs/dummy-host.example.com
    ServerName dummy-host.example.com
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log common
    RewriteEngine on 
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) 
    RewriteRule .* - [F]
</VirtualHost>
------------------------------------------------------------------------------------






Step4: Save the configuration file and restart apache process
      
          #/etc/init.d/httpd restart







######################################################

If there is no virtual host configured then add the following parameter in httpd.conf file
                 #vim httpd.conf

                   TraceEnable Off

restart httpd process


How to password protect jboss web-console (http://:8080/web-console)

Step1: Go to Jboss Deploy folder (ex: cd /usr/local/jboss/server/default/deploy)

Step2: execute the below command to find web-console.war directory

    #find . -iname web-console.war

Step3: Based on the output go to web-console.war/WEB-INF directory

Step4: Open jboss-web.xml file and uncomment the security-domain to enable security

    # vim jboss-web.xml
-----------------------------------------------------------------------------------------------

<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users. -->

<security-domain>java:/jaas/web-console</security-domain>
<!-- The war depends on the -->
<depends>jboss.admin:service=PluginManager</depends>
</jboss-web>

------------------------------------------------------------------------------------------------

Step5: Open web.xml file using vim editor and uncomment security-constraint

    # vim web.xml

-------------------------------------------------------------------------------------------------

<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>

------------------------------------------------------------------------------------------------

Step6: Go to deploy folder and find web-console-users.properties file

    # find . -iname web-console-users.properties

Step7: Based on the output open web-console-users.properties file and put an entry for uname and password

    #vim web-console-users.properties
    admin=admin!23

Step8: Restart jboss and test accessing web-console page

How to password protect jboss jmx-console (http://:8080/jmx-console)


Step1: Go to Jboss Deploy folder (ex: cd /usr/local/jboss/server/default/deploy)

Step2: Then go to jmx-console.war/WEB-INF/ directory

Step3: Open jboss-web.xml file using vim editor and uncomment the security-domain to enable security

    # vim jboss-web.xml

------------------------------------------------------------------------------------------------
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users. -->
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>
------------------------------------------------------------------------------------------------

Step4: Open web.xml using vim editor and uncomment the security-constraint

    # vim web.xml

------------------------------------------------------------------------------------------------
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console. -->

<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>

------------------------------------------------------------------------------------------------

Step5: To configure username and password for accessing jmx-console page, Go to the following location
    # cd /usr/local/jboss/server/default

Step6: locate jmx-console-users.properties file

Step7: Open the jmx-console-users.properties file and configure username and password

    # vim jmx-console-users.properties
    admin=admin!23

Step8: Restart jboss service and test jmx-console page

How to disable status page for jboss (http://:8080/status)

Due to a possible information disclosure issue, remove access to the JBoss status page by following these steps for your version of the application server.

Step1: Go to jboss deploy folder (ex: cd /usr/local/jboss/server/default/deploy)

Step2: execute locate command as below
    # find . -iname ROOT.war

Step3: Based on the output switch to the ROOT.war directory

Step4: Go to WEB_INF directory which will be under ROOT.war directory (ex: .../deploy/jboss-web.deployer/ROOT.war/WEB-INF/)

Step5: find web.xml file and open using vim editor

Step 6: Comment out the servlet and servlet-mapping tags as follows:

<!-- <servlet>
<servlet-name>Status Servlet</servlet-name>
<servlet-class>org.jboss.web.tomcat.service.StatusServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Status Servlet</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping> -->
3
Save and close the file.

hi

this is linux admin