Tag Archives: centos

Migrating to a new GIT server

Scenario:

You’re decommissioning an old server, which just so happens to have your GIT repo on it.

How can you migrate it without losing the history?

From the NEW SERVER:

Make your new directory & set the permissions to your GIT_USER:

mkdir /opt/git/qa.git
chown git.git /opt/git/qa.git

‘su’ to GIT_USER on the server, and initialize the newly created directory

su - git
cd /opt/git/qa.git
git init --bare

From the EXISTING CLIENT (with most recent copy of repo), make new directory, ‘cd’ into there and initialize it

mkdir ~/git/qa
cd ~/git/qa
git init .

Now, clone the existing repository INTO here.  It will not have the code, it’ll have the repository configuration.  Again, the command will be pointing at the ORIGINAL (soon to be decommissioned) server:

git clone --bare ssh://git@243.268.8.11/opt/git/qa.git

You’ll see something like:

Cloning into bare repository 'qa.git'...
git@243.268.8.11's password:
remote: Counting objects: 841, done.
remote: Compressing objects: 100% (595/595), done.
remote: Total 841 (delta 292), reused 605 (delta 208)
Receiving objects: 100% (841/841), 21.52 MiB | 23.68 MiB/s, done.
Resolving deltas: 100% (292/292), done.

Then, it will create another <repo>.git directory in your “new” local directory (~/git/qa).  ‘cd’ into that

cd ~/git/qa/qa.git

Now, it’s your job to PUSH that config to the NEW server:

git push --mirror ssh://git@991.11.78.221/opt/git/qa.git

You’ll see something like:

Counting objects: 841, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (511/511), done.
Writing objects: 100% (841/841), 21.52 MiB | 0 bytes/s, done.
Total 841 (delta 292), reused 841 (delta 292)
To ssh://991.11.78.221/opt/git/qa.git
 * [new branch]      master -> master

When that’s done, you can ‘cd’ back a level & delete the <repo>.git file that the clone created.

cd ..
rm -rf qa.git

Now, you can either re-clone from the NEW server, seen HERE, or modify the existing .git directory’s config file to point to the new location:

vi ~/git/original_qa_repo_directory/includes/.git/config

and change the OLD server’s IP …

[remote "origin"]
        url = ssh://git@243.268.8.11/opt/git/qa.git

… to the NEW server’s IP:

[remote "origin"]
        url = ssh://git@991.11.78.221/opt/git/qa.git

Now, issue a ‘git pull’ and you should be all set!

$ git pull
Already up-to-date.

 

HOWTO: Set up an iSCSI target on RHEL7

Install targetcli:

[root@rhce ~]# yum install targetcli -y

I used a USB drive as the soon-to-be-block device, so I had to prep it:

[root@rhce ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-31285247, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-31285247, default 31285247): 
Using default value 31285247
Partition 1 of type Linux and of size 14.9 GiB is set

Command (m for help): p

Disk /dev/sdb: 16.0 GB, 16018046976 bytes, 31285248 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    31285247    15641600   83  Linux

Command (m for help): w
The partition table has been altered!

Start & enable (start on boot) target  (not targetd or targetcli):

[root@rhce ~]# systemctl start target
[root@rhce ~]# systemctl enable target

Enter targetcli and go to the backstores/block directory:

[root@rhce ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb41
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> cd /backstores/block 

Now, we create a LUN from the newly carved out USB drive:

/backstores/block> create lun0 /dev/sdb1 
Created block storage object lun0 using /dev/sdb1.

Now,  go to the /iscsi directory & create an official target name:

/backstores/block> cd /iscsi
/iscsi> create
Created target iqn.2003-01.org.linux-iscsi.rhce.x8664:sn.dd8b652b6367.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.

Now, ‘cd’ into the iqn and target name (seen as TPG 1 above):

/iscsi> cd iqn.2003-01.org.linux-iscsi.rhce.x8664:sn.dd8b652b6367/

/iscsi/iqn.20....dd8b652b6367> cd tpg1

Add your ACL; it could be an IP or IQN of another machine.  I elected to use the Microsoft Initiator, mainly because I had a Windoze VM running at the time:

/iscsi/iqn.20...652b6367/tpg1> cd acls
/iscsi/iqn.20...367/tpg1/acls> create iqn.1991-05.com.microsoft:whoosiewhatsit
Created Node ACL for iqn.1991-05.com.microsoft:whoosiewhatsit

Without a TargetIP, you can’t get here … so, let’s set a listener:

/iscsi/iqn.20...367/tpg1/acls> cd ../portals
/iscsi/iqn.20.../tpg1/portals> create
Using default IP port 3260
Binding to INADDR_ANY (0.0.0.0)
This NetworkPortal already exists in configFS

Now, we have to map the LUN created earlier, into this portal.  You’ll see that it carries across and maps the ACL.

/iscsi/iqn.20.../tpg1/portals> cd ../luns 
/iscsi/iqn.20...367/tpg1/luns> create /backstores/block/lun0 
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.1991-05.com.microsoft:whoosiewhatsit

‘cd’ back to the beginning & save the config:

/iscsi/iqn.20...367/tpg1/luns> cd /
/> saveconfig

The (second to) last thing you need to do, is open up the firewall to allow iSCSI port 3260:

[root@rhce ~]# firewall-cmd --add-port 3260/tcp
success

Now, test the iSCSI initiator, using the IP of the system and see if your SEND_TARGETS request comes back with your new “target”:

 

SUCCESS!  Now, you must make your firewall change permanent:

[root@rhce ~]# firewall-cmd --add-port 3260/tcp --permanent
success

You’re now free to connect, initialize, assign a drive letter & sector-align that bad-boy.

Enjoy!

 

HOWTO: firewalld – allowing individual host access

So, you’re rolling out a new webserver and want only certain people to take a look at the content? Here’s how you do it.
CentOS 7.2 is the OS being used.

What zone are you in?
[root@blog-test ~]# firewall-cmd --get-default-zone
public

OK, let’s make a new zone:

firewall-cmd --permanent --new-zone=blog
systemctl reload firewalld

Now, let’s add your IP & a friends IP to start testing … given you’re using apache & it’s still on port 80:

firewall-cmd --permanent --zone=blog --add-source=YOUR_IP/32
firewall-cmd --permanent --zone=blog --add-source=FRIENDS_IP/32
firewall-cmd --permanent --zone=blog --add-port=80/tcp

NOTE:  If you are using that port in another zone, remove it from that other zone first, because it can’t be in 2 zones at once.

That’s all there is. Move along now.

 

Need WordPress to send email, but you’re on Comcast?

Sending mail with Comcast as your ISP – this is on CentOS 7.2.

Install:
# yum install cyrus-sasl{,-plain}

Edit /etc/postfix/main.cf and insert the following below the other ‘relayhost’ references:
relayhost = [smtp.comcast.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_password
smtp_sasl_security_options =

Note: smtp_sasl_security_options = … is intentionally blank.

Edit:
/etc/postfix/smtp_password and insert:
[smtp.comcast.net]:587
username@comcast.net:password

Lock down the perms:
# chmod 600 /etc/postfix/smtp_password

Run:
postmap hash:/etc/postfix/smtp_password

Create a localhost-rewrite rule. This must be done, or else the Comcast SMTP server will reject your mail as coming from an invalid domain. Insert the following into:
/etc/postfix/sender_rewrite:
/^([^@]*)@.*$/ $1@<
your_domain_here>.com

Allow SELinux to accept apache’s access to send mail:
# setsebool -P httpd_can_sendmail 1

Restart postfix:
# systemctl restart postfix

Test. If it fails, tail /var/log/maillog!

** NEW INFO **
I had some troubles with this (mail still showing root@localhost in the maillog) – and here were a few more steps, if that doesn’t completely work.

vi /etc/postfix/sender_canonical

… and insert the following, to make “root” appear to be the “wordpressuser” on outbound mail. This should have been rewritten by the rule up above, but it wasn’t doing it.

root wordpressuser@yourdomain.com

Create /etc/postfix/sender_canonical.db file
postmap hash:/etc/postfix/sender_canonical

Add sender_canonical variable to /etc/postfix/main.cf
postconf -e "sender_canonical_maps=hash:/etc/postfix/sender_canonical"

Restart postfix:
# systemctl restart postfix

Do you want to build a WordPress …… (site)?

Welcome.

Here’s a build-out on CentOS 7.2.

Install just the core, then add packages as needed – as you see below:

[root@wordpress-server ~]# yum update -y
[root@wordpress-server ~]# yum install bash-completion -y
[root@wordpress-server ~]# systemctl reboot

[root@wordpress-server ~]# yum install httpd php php-gd mariadb mariadb-server php-mysql rsync wget -y
[root@wordpress-server ~]# systemctl start httpd mariadb
[root@wordpress-server ~]# systemctl enable httpd mariadb

[root@wordpress-server ~]# firewall-cmd –add-service=http
[root@wordpress-server ~]# firewall-cmd –add-service=http –permanent

Set passwords for MySql / MariaDB:

[root@wordpress-server ~]# mysql_secure_installation

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!

Remove anonymous users? [Y/n] Y
… Success!

Disallow root login remotely? [Y/n] n
… skipping.

Remove test database and access to it? [Y/n] Y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reload privilege tables now? [Y/n] Y
… Success!

[root@wordpress-server ~]# mysql -u root -p
Enter password:

MariaDB [(none)]> create database wp_site_1;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> create user wordpressadmin@localhost identified by ‘pass_from_above’;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on wp_site_1.* to wordpressadmin@localhost identified by ‘pass_from_above’;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

[root@wordpress-server ~]# groupadd wp

[root@wordpress-server ~]# wget http://wordpress.org/latest.tar.gz

[root@wordpress-server html]# tar zxvf latest.tar.gz

in /var/www/html:
root@wordpress-server html]# mkdir site_1

Copy software to the new directory:
[root@wordpress-server ~]# rsync -aP /root/wordpress/ /var/www/html/site_1/

Fix ownership:
[root@wordpress-server html]# chown -R apache.wp *
drwxr-xr-x. 5 apache wp 4096 Feb 2 12:12 site_1

[root@wordpress-server site_1]# cp wp-config-sample.php wp-config.php

Edit wp-config.php file, then copy to the other site_ directories:
define('DB_NAME', 'wp_site_1');
define('DB_USER', 'wordpressadmin');
define('DB_PASSWORD', 'password_from_mysql_secure_installation');

Again:
[root@wordpress-server html]# chown -R apache.wp *

Edit PHP.INI:
[root@wp-srv-001 html]# vi /etc/php.ini
change the line to this: upload_max_filesize = 25M

Add the following as the last line in /etc/httpd/conf/httpd.conf:
IncludeOptional sites-enabled/*.conf

in /etc/httpd, make these directories:
[root@wordpress-server httpd]# mkdir sites-available
[root@wordpress-server httpd]# mkdir sites-enabled

in sites-available, make config files for each domain:
[root@wordpress-server sites-available]# ll
total 12
-rw-r--r--. 1 root root 203 Feb 4 23:37 yourdomain.conf

The file should have:

DocumentRoot /var/www/html/site_1
ServerName www.yourdomain.com
ServerAlias yourdomain.com
ErrorLog logs/yourdomain_error.log

 

Create the following symlinks to the .conf files:
ln -s /etc/httpd/sites-available/yourdomain.conf /etc/httpd/sites-enabled/yourdomain.conf

RESTART APACHE!

[root@wordpress-server httpd]# apachectl restart

Go to your domains!

HOWTO: Back-up your MariaDB and then restore later?

This is with CentOS 7.2.

Dump the Database you want to backup:
mysqldump mariadb_name -u root > /backup/dir/db_name.$(date +%m%d).sql

Make a tarball with the newly created database dump & the /var/www/html/ directory:
tar czf /backup/dir/wp_site_1_backup_$(date +%m%d).tgz /backup/dir/db_name.$(date +%m%d).sql /var/www/html/site_1

Remove the database dump that was just tar’d up:
<code?rm -f /backup/dir/wp_site_1.$(date +%m%d).sql

In use:

[root@websites ~]# mysqldump mariadb_name -u root > ~/backups/mariadb_name/mariadb_name.$(date +%m%d).sql

[root@websites ~]# tar czf ~/backups/mariadb_name/mariadb_name_full_$(date +%m%d).tgz ~/backups/mariadb_name/mariadb_name.$(date +%m%d).sql /var/www/html/mariadb_name

[root@websites ~]# rm -f ~/backups/mariadb_name/mariadb_name.$(date +%m%d).sql

[root@websites ~]# ll ~/backups/mariadb_name
total 9164
-rw-r–r–. 1 root root 9383639 Feb 7 17:30 mariadb_name_full_0207.tgz

[root@websites ~]# tar tzvf mariadb_name_full_0207.tgz | head -n 3
-rw-r–r– root/root 1211612 2016-02-07 17:30 root/backups/mariadb_name/mariadb_name.0207.sql
drwxr-xr-x apache/wp 0 2016-02-07 13:31 var/www/html/mariadb_name/
drwxr-xr-x apache/wp 0 2016-02-02 12:11 var/www/html/mariadb_name/wp-admin/

To script it, in root’s home directory (or whichever user), create:
.my.cnf ; chmod 600 .my.cnf

In the file, have the following:
[mysqldump]
password=

Need to restore?

[root@websites ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 65
Server version: 5.5.44-MariaDB MariaDB Server

Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> create database databasename;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> \q
Bye
[root@websites ~]# mysql -u root -p -h localhost mariadb_name < backup_file.sql
Enter password:

`sudo -l` returns – nothing?

FYI – All aliases, commands, users etc. have been changed.

I added a new Host_Alias (DB_SRVRS) for a server group that I’ve rolled out.

I tacked it onto the end of a really long User_Alias [_] Host_Alias [_] Cmnd_Alias entry at the end of the sudoers file (yeah, I used visudo).
Here’s what came next:

[otech@server1 ~]$ sudo -l
[sudo] password for otech:
User otech may run the following commands on this host:
[otech@server1 ~]$

Nuthin’. What? I’ve configured the file to give me some [fake] privs.

Solution:
There was too much on the long User_Alias [_] Host_Alias [_] Cmnd_Alias line.

Again, I’m making the command aliases’ up, but it looked something like:
ENG ENG_SRVRS = PIDS, PROCS, SERVICE : IT_SRVRS = PIDS, PROCS, SERVICE : QA_SRVRS = PIDS, PROCS, SERVICE : DB_SRVRS = TC, PGCTL, MYSQL

Once I dropped DB_SRVRS to a new line, it all worked.
Final:
ENG ENG_SRVRS = PIDS, PROCS, SERVICE : IT_SRVRS = PIDS, PROCS, SERVICE : QA_SRVRS = PIDS, PROCS, SERVICE
ENG DB_SRVRS = TC, PGCTL, MYSQL

Now, I get:
[otech@server1 ~]$ sudo -l
[sudo] password for otech:
User otech may run the following commands on this host:
(tomcat) /usr/tommycat/bin/startup.sh, /usr/tommycat/bin/shutdown.sh
(pgusr) /usr/postgrass/bin/postgrassql restart
(mysqlusr) /usr/mahsql/bin/mahsqld restart
[otech@server1 ~]$