removing rpm imported gpg-key
Mon, 11/22/2010 - 12:17 — sandipWhile install the puppet dashboard, I noticed puppetlabs yum repo changed from using "http://yum.puppetlabs.com/RPM
Below is how I got around to removing all of the imported gpgkeys:
Find GPG keys and owners:
rpm -qa gpg-pubkey\* --qf "%{version}-%{release} %{summary}\n"Remove corresponding GPG Key.
rpm -e gpg-pubkey-8347a27f-4afe0f12 --allmatchesReplacing sysklogd with rsyslog
Sun, 11/21/2010 - 00:56 — sandipIf you need to replace old sysklogd with recent rsyslog on centos, `rpm -e --nodeps sysklogd` is rather kludgy as yum will remove initscripts, upon which most of the system is dependent on. However, it is possible to install and remove via the yum shell in one go, which resolves the dependency issues.
# yum shell
> install rsyslog
> remove sysklogd
> run
> quitLinux cpu processor cores and threads
Fri, 11/12/2010 - 12:26 — sandip/proc/cpuinfo has the info you need to identify the number of processors, cores and threads.
To get the total number of processors/cpu cores:
grep -c processor /proc/cpuinfoTotal number of physical cpus:
grep "physical id" /proc/cpuinfo | sort -u | wc -lNumber of cores per cpu:
grep "cores" /proc/cpuinfo | sort -uTo check if hyperthreading is enabled:
grep "cores\|siblings" /proc/cpuinfo | sort -uIf siblings is a multiple of cores then hyperthreading is enabled.
Trac redirect loop upon password reset
Mon, 11/01/2010 - 15:20 — sandipRecently, I have come across the mentioned bug during a password reset of Trac:
Reference bug trac-hacks.org/ticket/3233
This looks like an issue when set to "Force users to change passwords after a password reset?". I changed the config to not force the password change.
Also removed the session attribute in reference from the trac database:
sqlite3 yourtrac/db/trac.db \ 'DELETE FROM "session_attribute" WHERE "name" = "force__change_passwd&quoProbing if Varnish is Alive
Fri, 10/29/2010 - 23:52 — sandipIf you probe on varnish service status to check if it is alive, this can be setup as below. Put it in "vcl_recv" block:
# Check if Varnish is alive
if (req.url == "/varnish_status") {
error 200 "OK";
}Then check for http "200 OK" in the response code.
List threads with ps and top
Thu, 10/28/2010 - 10:04 — sandipThe "H" option in both ps and top lists the threads:
Examples:
ps auxwHtop HRedirect ports inside OpenVZ containers
Sat, 10/16/2010 - 23:14 — sandipFor port redirection to work inside OpenVZ containers, ipt_REDIRECT kernel module needs to be loaded in the host. Edit "/etc/sysconfig/vz" and add it to the IPTABLES list.
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_owner ipt_length ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_REDIRECT"This should then allow to redirect ports. So if you need to proxy existing apache via nginx or lighttpd and you do not want to switch apaches' default port 80, then the below rules will do the appropriate redirection to port 81 where nginx/lighttpd server is listening, serving static content and proxying to apache for dynamic content:
# Redirect external web traffic to port 81
iptables -t nat -A PREROUTING -s ! 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 81
# Redirect internal port 80 to 81
iptables -t nat -A OUTPUT -s 0/0 -d 192.168.10.2 -p tcp --dport 80 -j REDIRECT --to-ports 81Where 192.168.10.2 is the internal IP resolver of domain/host.
clear out nginx cache
Wed, 10/13/2010 - 16:15 — sandipIf you are switching out static content that have gotten cached in nginx, the head of the cached files usually stores the file path that can be greped for and the file removed. One you hit the url again, it will recreate the new cached file at the same location.
find /var/cache/nginx -type f -exec grep -l /path/to/oldfile.css {} \;Clean up config files
Tue, 10/12/2010 - 21:53 — sandipBelow are one liners to clean out all comment and blank lines with grep and sed, usually in config files.
grep -v "^#\|^$" <conf_file>or
grep -v "^\#" <conf_file> | sed '/^$/d'Enabling md5 shadow password with authconfig
Sat, 10/02/2010 - 14:44 — sandipIf you notice that /etc/shadow file password is using DES encryption, MD5 encryption can be enabled via:
authconfig --enablemd5 --enableshadow --updateIf authconfig is not present edit, "/etc/pam.d/system-auth" and add "md5 shadow" to line starting with "password sufficient pam_unix.so" so it looks like below:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok