Monthly Archives: August 2014

Oracle DB 12C op Oracle Linux 7

Download de Oracle 12 C database en pak hem uit in OraDB12C


[root@cerita home]# mkdir OraDB12c
[root@cerita home]# cd OraDB12c/
[root@cerita OraDB12c]# mv ../oracle/Downloads/linuxamd64_12102_database_1of2.zip .
[root@cerita OraDB12c]# mv ../oracle/Downloads/linuxamd64_12102_database_2of2.zip .
[root@cerita OraDB12c]# ls
linuxamd64_12102_database_1of2.zip  linuxamd64_12102_database_2of2.zip
[root@cerita OraDB12c]# unzip linuxamd64_12102_database_1of2.zip
[root@cerita OraDB12c]# unzip linuxamd64_12102_database_2of2.zip 

Installeer als user oracle

[oracle@cerita home]$ cd OraDB12c/
[oracle@cerita OraDB12c]$ cd database
[oracle@cerita database]$ ./runInstaller 
Starting Oracle Universal Installer...

De installer komt op een gegeven moment met een scherm over missende prerequisites.
De kernel parameters zijn automatische the fixen, Oracle maakt hier een runfixup script voor.

[root@cerita database]# /tmp/CVU_12.1.0.2.0_oracle/runfixup.sh

maar een aantal libraries moeten nog worden geyummed.


$ yum -y install libaio-devel
$ yum -y install compat-libstdc++-33
$ yum -y install compat-libcap1

Tenslotte vraagt runInstaller nog twee scripts uit te voeren als root.


[root@cerita database]# /home/oracle/app/oraInventory/orainstRoot.sh
Changing permissions of /home/oracle/app/oraInventory.
Adding read,write permissions for group.
Removing read,write,execute permissions for world.

Changing groupname of /home/oracle/app/oraInventory to oinstall.
The execution of the script is complete.
[root@cerita database]# /home/oracle/app/oracle/product/12.1.0/dbhome_1/root.sh
Performing root user operation.

The following environment variables are set as:
    ORACLE_OWNER= oracle
    ORACLE_HOME=  /home/oracle/app/oracle/product/12.1.0/dbhome_1

Enter the full pathname of the local bin directory: [/usr/local/bin]: /usr/local/bin
   Copying dbhome to /usr/local/bin ...
   Copying oraenv to /usr/local/bin ...
   Copying coraenv to /usr/local/bin ...


Creating /etc/oratab file...
Entries will be added to the /etc/oratab file as needed by
Database Configuration Assistant when a database is created
Finished running generic part of root script.
Now product-specific root actions will be performed.

Install Perl DBD::mysql on Oracle Linux/Centos

Install CPAN

yum -y install cpan
cpan App::cpanminus

Install C compiler

[root@yogya ~]# yum -y install cpp

Install MySql developer libraries

[root@yogya mysql-database-stuff]# yum -y install msql-devel

Install DBI and YAML

[root@yogya mysql-database-stuff]# cpan DBI
[root@yogya mysql-database-stuff]# cpan
cpan[2]> install YAML

Om de een of andere reden lukt installeren van DBD::mysql niet met CPAN.
Dus MySql installation from source. Download source distro.

http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql/INSTALL.pod#Manual_installation


[root@yogya ~]# wget http://cpan.metacpan.org/authors/id/C/CA/CAPTTOFU/DBD-mysql-4.028.tar.gz
[root@yogya ~]# gunzip DBD-mysql-4.028.tar.gz
[root@yogya ~]# tar xvf DBD-mysql-4.028.tar 
[root@yogya ~]# cd DBD-mysql-4.028

Maak even de test database en zet een password voor de root user

mysql> create database test;
mysql> use mysql;
mysql> update user set password = password ( 's3kr1t' ) where user = 'root'

Make sure options match, dus kijk even wat je in moet vullen om de Makefile te bouwen met.

[root@yogya DBD-mysql-4.028]# perl Makefile.PL --help
Usage: perl Makefile.PL [options]

Possible options are:

--cflags= Use for running the C compiler; defaults
to the value of "mysql_config --cflags" or a guessed
value
--libs= Use for running the linker; defaults
to the value of "mysql_config --libs" or a gussed
value
--force-embedded Build version of driver supporting mysqlEmb
--embedded= Use these libs when building the embedded version of
DBD (with --force-embedded). Defaults to the value of
"mysql_config --embedded".
--testdb= Use the database for running the test suite;
defaults to test
--testuser= Use the username for running the test suite;
defaults to no username
--testpassword= Use the password for running the test suite;
defaults to no password
--testhost= Use as a database server for running the
test suite; defaults to localhost.
--testport= Use as the port number of the database;
by default the port number is choosen from the
mysqlclient library
--mysql_config= Specify for mysql_config script
--with-mysql= Specify for the root of the MySQL installation.
--nocatchstderr Supress using the "myld" script that redirects
STDERR while running the linker.
--nofoundrows Change the behavior of $sth->rows() so that it
returns the number of rows physically modified
instead of the rows matched
--ps-protocol Toggle the use of driver emulated prepared statements
prepare, requires MySQL server >= 4.1.3 for
server side prepared statements, off by default
--bind-type-guessing Toggle the use of driver attribute mysql_bind_type_guessing
This feature makes it so driver-emulated prepared statements
try to "guess" if a value being bound is numeric, in which
case, quotes will not be put around the value.
--ssl Enable SSL support
--help Print this message and exit

All options may be configured on the command line. If they are
not present on the command line, then mysql_config is called (if
it can be found):

mysql_config --cflags
mysql_config --libs
mysql_config --embedded
mysql_config --testdb

and so on. See DBD::mysql::INSTALL for details.

Finish installation. In dit geval hoef je alleen het password op te geven.


[root@yogya DBD-mysql-4.028]# perl Makefile.PL --testpassword=s3kr1t
[root@yogya DBD-mysql-4.028]# make
[root@yogya DBD-mysql-4.028]# make test
[root@yogya DBD-mysql-4.028]# make install

					

ffmpeg

./configure --disable-yasm
make
make install

264 is available at ​http://www.videolan.org/developers/x264.html. FFmpeg depends on x264 when compiled with –enable-libx264 and x264 depends on FFmpeg when compiled with –enable-lavf-input. The best way to handle it is to install x264 first without –enable-lavf-input, then compile FFmpeg with –enable-libx264 and finally compile x264 again with –enable-lavf-input.

pdeneef@semarang:~/Projects/media-utils/n2.3# ffmpeg
FFmpeg version SVN-r26402, Copyright (c) 2000-2011 the FFmpeg developers
built on Aug 3 2013 14:56:13 with llvm_gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.11.00)
configuration: –enable-libmp3lame –enable-shared –disable-mmx –arch=x86_64
libavutil 50.36. 0 / 50.36. 0
libavcore 0.16. 1 / 0.16. 1
libavcodec 52.108. 0 / 52.108. 0
libavformat 52.93. 0 / 52.93. 0
libavdevice 52. 2. 3 / 52. 2. 3
libavfilter 1.74. 0 / 1.74. 0
libswscale 0.12. 0 / 0.12. 0
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]… {[outfile options] outfile}…

Use -h to get full help or, even better, run ‘man ffmpeg’
pdeneef@semarang:~/Projects/media-utils/n2.3# ffmppeg
-bash: ffmppeg: command not found
pdeneef@semarang:~/Projects/media-utils/n2.3# ./ffmpeg
ffmpeg version 2.3 Copyright (c) 2000-2014 the FFmpeg developers
built on Jul 26 2014 10:47:31 with Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
configuration: –disable-yasm
libavutil 52. 92.100 / 52. 92.100
libavcodec 55. 69.100 / 55. 69.100
libavformat 55. 48.100 / 55. 48.100
libavdevice 55. 13.102 / 55. 13.102
libavfilter 4. 11.100 / 4. 11.100
libswscale 2. 6.100 / 2. 6.100
libswresample 0. 19.100 / 0. 19.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]… {[outfile options] outfile}…

Use -h to get full help or, even better, run ‘man ffmpeg’
pdeneef@semarang:~/Projects/media-utils/n2.3#

rsync SSH

Create backup user on Server called “gudang”. Make user passwordless.

Prepare RSA keys on Server called “gudang”


root@gudang:/root$ su -m yogya
yogya@gudang:/home/yogya/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yogya/.ssh/id_rsa): /home/yogya/.ssh/id_rsa_rsync
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/yogya/.ssh/id_rsa_rsync.
Your public key has been saved in /home/yogya/.ssh/id_rsa_rsync.pub.
The key fingerprint is:
b4:65:6c:d9:5f:5f:27:1e:24:21:c7:b0:a4:c7:ac:ff yogya@gudang
The key's randomart image is:
+--[ RSA 2048]----+
|          +o+..  |
|         * *.o   |
|        o @ . o +|
|       . B   o ++|
|        S     o .|
|         .       |
|          .      |
|           .     |
|            E    |
+-----------------+

Add key to authorized keys on Remote called “yogya”


yogya@gudang:/home/yogya/.ssh$ scp id_rsa_rsync.pub  root@yogya:

[root@yogya .ssh]# cat ../id_rsa_rsync.pub >> authorized_keys 

Check command that Remote wants to perform


yogya@gudang:/home/yogya$ rsync -avz -e 'ssh -v' --numeric-ids --delete root@yogya:/mnt/data/backup/svn /home/yogya/home 2>&1
..
..
debug1: Sending command:  rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /mnt/data/backup/svn
..

Put commands in authorized_keys on Remote


command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /mnt/data/backup/svn",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiI3mw38zbEknwqsy1uPtLfD0H8nMqKoFVyf+hAohyBdsXZysm/xSgYB9T2F4X7KCO4x8vaXrtLBf/ZdTV852jmW2uDlbUlsWj+XsT9AbS9RCncq943l8pzhk8yxB12o+KqRoPnWga0wNYaaF4av0+nsm1fv2Tzxkd8/q0hIrOuWjnJFWuNDgK1sZBOQwHN07jtcGsTvcsRWst9NZCRErIqIoM5LIou7LJzLlVqtBzLO90dWNp6Y6c6ENXtFRezu2myiAtdiWxNUAhoEZA5HJNpotYurDJw3oJgWoIv0Rz6qoSl2gGbAvKfs8UR4Un3DYCVmmbv0Z+qJkeVKuAZuap yogya@gudang

Note:
* only one command per rsa key

Run commands on Server


rsync -az -e 'ssh -i /home/yogya/.ssh/id_rsa_rsync' --numeric-ids --delete root@yogya:/mnt/data/backup/svn /home/yogya/home 2>&1

Add to command to crontab on server


yogya@gudang:/home/yogya/home$ crontab -e
45 * * * * rsync -az -e 'ssh -i /home/yogya/.ssh/id_rsa_rsync' --numeric-ids --delete root@yogya:/mnt/data/backup/svn /home/yogya/home 2>&1

rdiff-backup ReadyNAS

Backup Server

ssh root@gudang
The authenticity of host 'gudang (192.168.178.28)' can't be established.
RSA key fingerprint is 92:f1:cf:b7:26:af:ab:2a:fe:c1:5d:c6:77:ae:93:44.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gudang' (RSA) to the list of known hosts.
root@gudang's password: 

Welcome to ReadyNASOS 6.1.8

Install rdiff-backup

apt-get install rdiff-backup

The general model I use is to initiate all rdiff-backups from a central backup server, and pull the data from the hosts to be backed up. The central backup server uses a non-root user to perform the backups — this relies on metadata features of recent rdiff-backup in order to support proper restores, and has the benefit that rdiff-backup exploits/bugs have reduced potential to damage the backup server. The backup still requires root on the host being backed up, but it is protected by ssh mechanisms which restrict the invoked command, and rdiff-backup mechanisms which restrict it to read-only access.

For convenience I’ll call the backup server gudang and the host to be backed up yogya.
On the backup server gudang, create a new account which will be used to perform the backup. I’ll use the account name backup. The shell can typically be set to /bin/false. In my case the home directory is set to /backup which is where I’ve mounted the filesystem containing all my backups. The account password should be disabled. For example you might have the following entries in your passwd/shadow files:

/etc/passwd
backup:x:34:34:backup:/backup:/bin/false
/etc/shadow
backup:*:12644:0:99999:7:::

Your uid/gid may differ, as may many of the fields in shadow.

Note that if you’re backing up multiple hosts, for an extra layer of paranoia you could create an account per host.

Command to delete user password under Linux

Type the following command to delete a user password

root@gudang:/etc# passwd --delete yogya
passwd: password expiry information changed.
root@gudang:/etc# su -m yogya
Creating directory '/home/yogya'.
bash: /root/.bashrc: Permission denied

Generate public/private rsa key pair


yogya@gudang:/etc$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yogya/.ssh/id_rsa): /home/yogya/.ssh/id_rsa_rdiff
Created directory '/home/yogya/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/yogya/.ssh/id_rsa_rdiff.
Your public key has been saved in /home/yogya/.ssh/id_rsa_rdiff.pub.

Create an ssh config alias which defines how to contact yogya with the backup key.

vi /home/yogya/.ssh/config:

host yogya-backup
  hostname yogya
  user root
  identityfile /home/yogya/.ssh/id_rsa_rdiff
#  compression yes
  protocol 2
  

Note that “compression yes” is optional, and you may wish to omit it if gudang and yogya are connected over high-speed nets. The cipher line is also optional, but may reduce cpu overhead. (On a trusted switched network, or over localhost, you may also wish to patch OpenSSH to enable cipher none.)

This config entry enables backup@gudang to use the “hostname” yogya-backup wherever ssh expects a real hostname. ssh will use the information specified in the config file, which will result in a connection to yogya, using the specified key, compression, cipher, and protocol.

You may need to make some file permission adjustments, it depends on your system:

yogya@gudang:/home/yogya$ chmod -R go-rwx /home/yogya/.ssh

Give permission for backup to access yogya and run rdiff-backup.
Assuming that root@yogya’s home directory is /root, we will construct a terribly long line in the file /root/.ssh/authorized_keys (on yogya). The line is so long that I’m going to break it in two here for demonstration purposes only, you must join this first line and the public key from above on one line, with only a space between them:


yogya@gudang:/home/yogya$ scp /home/yogya/.ssh/id_rsa_rdiff.pub root@yogya:


[root@yogya .ssh]# cat ../id_rsa_rdiff.pub >> authorized_keys
[root@yogya .ssh]# vi authorized_keys
command="rdiff-backup --server --restrict-read-only /",from="gudang",no-port-forwarding,no-X11-forwarding,no-pty
ssh-rsa AAAAB3NzaC1yc2E[......] yogya@gudang

Ensure file permissions are set properly:

[root@yogya ~]#  chmod -R go-rwx /root/.ssh

This entry in /root/.ssh/authorized_keys permits anyone with the specified key (i.e. backup@gudang) to connect with ssh from the host named gudang and issue the forced rdiff-backup command. It further restricts the ssh connection to eliminate port forwarding, X11 forwarding and a pty. The rdiff-backup invocation is also restricted to read-only operations starting from the root of the file system.

Install rdiff-backup on yogya


[root@yogya .ssh]# yum -y install rdiff-backup
..  

NOTE: rdiff-backup 0.13.4 fails to support “–restrict-read-only /” without a patch. It works fine with sub-paths (i.e. /home), but you’ll need my patch to backup from the root of the filesystem. If you’d prefer not to patch rdiff-backup then you can skip the “–restrict-read-only /” parameters — it is up to you how paranoid you wish to be.

If you have any troubles, this step is the one which has most likely caused you problems. Here are some troubleshooting guidelines:

– Make sure there are no line breaks in the authorized_keys entry.
– Use the reverse DNS response for gudang’s IP address in from=”gudang”.
– Make sure you copied the public key properly.
– Make sure rdiff-backup is in root’s PATH, or add a full path to command=”/path/to/rdiff-backup…”.

Perform a test backup and populate known_hosts.

You should now be able to perform a test backup. During this test ssh will probably ask you to accept the yogya host key — you will need to complete this step before you can begin an unattended backup.


yogya@gudang:/home/yogya$ rdiff-backup yogya-backup::/home/pdeneef/cma test-backup

If you are asked for a password or passphrase then something is wrong. Other than asking you to verify the host key it should succeed in performing a backup of yogya::/tmp in test-backup.

Assuming the first attempt asked you to verify the host key, run the test a second time to verify that it asks you nothing.


$ rdiff-backup -v8 yogya-rdiff::/mnt/data/backup/mysqldumps/ /data/backup-yogya/mysqldumps

Create a cron job on gudang to initiate your backup (i.e. crontab -e -u backup):


# su -m yogya
$ crontab -e

10 4 * * * rdiff-backup --force --remove-older-than 4W /data/backup-welgg/mysqldumps >/dev/null  2>&1
50 * * * * rdiff-backup welgg-rdiff::/home/data/backup/mysqldumps /data/backup-welgg/mysqldumps >/dev/null 2>&1