分类目录归档:Uncategorized

Using the nsradmin command to enable or disable an Informix Storage Manager (ISM) storage device

发表评论

Troubleshooting

Problem

This article explains how to enable or disable an Informix Storage Manager (ISM) storage device using the nsradmin command.
Resolving The Problem

INTRODUCTION

Before the ISM server can use a storage device for backup or restore operations, it must be enabled. There may be times when a storage device becomes disabled due to an error; for example, an I/O error on a file system storage device. You can use the nsradmin -c command to either re-enable the storage device once the problem has been corrected, or disable the storage device to prevent it from being used.

BEFORE YOU BEGIN

You need to be root or be listed as an ISM administrator in the output from the command:

ism_show -admins

You cannot enable or disable a storage device that has an ISM storage volume mounted on it. To view the status of the devices, run the command:

ism_show -devices

If needed, unmount the storage volume using the command:

ism_op -unmount <device_name>

STEPS

  1. Login as user root or one of the users listed as an ISM administrator.
  2. Run the command: nsradmin -c
  3. Choose the command Select.
  4. Under type, choose NSR device.
  5. Choose the command Next until you locate the storage device you want to enable or disable.
  6. Choose the command Edit, and then press RETURN.
  7. Under enabled, select Yes or No.
  8. Press ESC to leave the menu.
  9. Press RETURN to save changes.

The ism_show -devices command will show the new enabled/disabled status of the device.

Renew/Extend Puppet CA/puppetmasterd certs

发表评论

Puppet CA/puppetmasterd cert renewal

While we’re still converting our puppet controlled infra to Ansible, we still have some nodes “controlled” by puppet, as converting some roles isn’t something that can be done in just one or two days. Add to that other items in your backlog that all have priority set to #1 and then time is flying, until you realize this for your existing legacy puppet environment (assuming false FQDN here, but you’ll get the idea):

Warning: Certificate 'Puppet CA: puppetmasterd.domain.com' will expire on 2019-05-06T12:12:56UTC
Warning: Certificate 'puppetmasterd.domain.com' will expire on 2019-05-06T12:12:56UTC

So, as long as your PKI setup for puppet is still valid, you can act in advance, resign/extend CA and puppetmasterd and distribute newer CA certs to agents, and go forward with other items in your backlog, while still converting from puppet to Ansible (at least for us)

继续阅读

PowerShell提速和多线程

发表评论

本文目录

继续阅读

MySQL Python tutorial

发表评论

This is MySQL Python programming tutorial. It covers the basics of MySQL programming with Python. It uses the MySQLdb module. The examples were created and tested on Ubuntu Linux.

There is a similar PostgreSQL Python tutorial, MySQL Visual Basic tutorial, or MySQL PHP tutorial on ZetCode. SQLAlchemy tutorial covers SQLAlchemy SQL Toolkit and Object Relational Mapper. If you need to refresh your knowledge of the Python language, there is a full Python tutorial. You may also consider to look at the MySQL tutorial, too.

About MySQL database

MySQL is a leading open source database management system. It is a multi user, multithreaded database management system. MySQL is especially popular on the web. It is one part of the very popular LAMP platform which consists of Linux, Apache, MySQL, and PHP. Currently MySQL is owned by Oracle. MySQL database is available on most important OS platforms. It runs on BSD Unix, Linux, Windows, or Mac OS. Wikipedia and YouTube use MySQL. These sites manage millions of queries each day. MySQL comes in two versions: MySQL server system and MySQL embedded system. 继续阅读

How to assign multiple IP addresses to one network interface on CentOS

发表评论

The practice of configuring multiple IP addresses on a particular network interface is called IP aliasing. IP aliasing is useful when you set up multiple sites on virtual web hosting on a single interface, or maintain multiple connections to a network each of which serves a different purpose. You can assign multiple IP addresses to one network interface from a single subnet or completely different ones.

All existing Linux distributions including CentOS supports IP aliasing. Here is how to bind multiple IP addresses to a single network interface on CentOS.

If you would like to set up IP aliasing on the fly, there are two ways to do it. One way is to use ifconfig, and the other method is to use ip command. Using these two methods, let me show you how to add two extra IP addresses to eth0. 继续阅读

Linux、Windows Server Password Security Policy Strengthen

发表评论

catalog

1. windows Security and Protection(Logon and Authentication)
2. windows密码强制安全策略
3. PAM(Pluggable Authentication Modules)
4. linux密码强制安全策略配置

 

1. windows Security and Protection(Logon and Authentication)

This page lists resources for logon and authentication in Windows Server 2003, which includes passwords, Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest. In addition, some protocols are combined into authentication packages, such as Negotiate and Schannel, as part of an extensible authentication architecture.

0x1: Create an extensive defense model 

1. Educate your users about how to best protect their accounts from unauthorized attacks 
https://technet.microsoft.com/en-us/library/cc784090#BKMK_UserBP

2. Use the system key utility (Syskey) on computers throughout your network. The system key utility uses strong encryption techniques to secure account password information that is stored in the Security Accounts Manager (SAM) database. 
    1) The system key utility: https://technet.microsoft.com/en-us/library/cc783856
    2) create or update a system key: 

3. Define password policy that ensures that every user is following the password guidelines that you decide are appropriate 
https://technet.microsoft.com/en-us/library/cc784090#BKMK_PasswordPolicy

4. Consider whether implementing account lockout policy is appropriate for your organization. 
https://technet.microsoft.com/en-us/library/cc784090#BKMK_AccountLockout
 

继续阅读

How to Create and Setup LUNs using LVM in “iSCSI Target Server” on RHEL/CentOS/Fedora – Part II

发表评论

LUN is a Logical Unit Number, which shared from the iSCSI Storage Server. The Physical drive of iSCSI target server shares its drive to initiator over TCP/IP network. A Collection of drives called LUNs to form a large storage as SAN (Storage Area Network). In real environment LUNs are defined in LVM, if so it can be expandable as per space requirements.

Create LUNS using LVM in Target Server

Create LUNS using LVM in Target Server

Why LUNS are Used?

LUNS used for storage purpose, SAN Storage’s are build with mostly Groups of LUNS to become a pool, LUNs are Chunks of a Physical disk from target server. We can use LUNS as our systems Physical Disk to install Operating systems, LUNS are used in Clusters, Virtual servers, SAN etc. The main purpose of Using LUNS in Virtual servers for OS storage purpose. LUNS performance and reliability will be according to which kind of disk we using while creating a Target storage server. 继续阅读

How to Install and Configure HAProxy on CentOS/RHEL 7/6/5

发表评论

HAProxy is a very fast and reliable solution for high availability, load balancing, It supports TCP and HTTP-based applications. Now a days most of websites need 99.999% uptime for there site, which are not possible with single server setup. Then we need some high availability environment which can easily manage with single server failure. 继续阅读

IP Range To CIDR Convertor

发表评论

IP Range To CIDR Convertor

// Convert a given Ip range to CIDR notation.

# cat rangeToCidr
/* rangeToCidr.c - Convert Ip ranges to CIDR */

/*
modification history http://snippets.dzone.com/tag/cidr
--------------------
,17sep08,karn written
*/

/* includes */

#include
#include
#include
#include #include
#include
#include
#include

/* defines */
//#define DBG
#ifdef DBG
#define DEBUG(x) fprintf(stderr,x)
#else
#define DEBUG
#endif /* DBG */

#define IP_BINARY_LENGTH 32+1 /* 32 bits ipv4 address +1 for null */
#define IP_HEX_LENGTH 10
#define MAX_CIDR_MASK 32
#define MAX_CIDR_LEN 18+1 /*255.255.255.255/32*/

/* Forward declaratopms */
void rangeToCidr(uint32_t from ,uint32_t to,
void (callback)(char *cidrNotation));
int ipToBin(uint32_t ip , char * pOut);

void printNotation(char *cidrNotation);

/* Globals */

/*******************************************************************************
*
* ipToBin - convert an ipv4 address to binary representation
* and pads zeros to the beginning of the string if
* the length is not 32
* (Important for ranges like 10.10.0.1 - 20.20.20.20 )
*
* ip - ipv4 address on host order
* pOut - Buffer to store binary.
*
* RETURNS: OK or ERROR
*/

int ipToBin(uint32_t ip , char * pOut)
{
char hex[IP_HEX_LENGTH];
int i;
int result=0;
int len;
char pTmp[2];
int tmp;
/*
* XXX: Could use bit operations instead but was easier to debug
*/
char binMap[16][5] = {
"0000","0001","0010","0011", "0100",
"0101","0110","0111","1000", "1001",
"1010","1011","1100", "1101","1110","1111",
};
pTmp[1]=0x0;
memset(hex,0x0,sizeof(hex));
len=sprintf(hex,"%x",ip);

for(i=0;i IP_BINARY_LENGTH-1)
return -1;

/* Success */
return 0;
}

/*******************************************************************************
* main :
*
* arg1 : Start Ip Address
* arg2 : End Ip address
*/

int main (int argc,char **argv)
{
long fromIp, toIp;
struct in_addr addr;
if(argc !=3 )
{
printf("Usage: %s \n",argv[0]);
return(0);
}

/* All operation on host order */
if (inet_aton(argv[1],&addr) == 0)
goto error;
fromIp = ntohl(addr.s_addr);

if (inet_aton(argv[2],&addr) ==0)
goto error;
toIp = ntohl(addr.s_addr);

rangeToCidr(fromIp,toIp,printNotation);

return 0;
error:
printf("Invalid Argument\n");
return -EINVAL;
}

/*******************************************************************************
*
* rangeToCidr - convert an ip Range to CIDR, and call 'callback' to handle
* the value.
*
* from - IP Range start address
* to - IP Range end address
* callback - Callback function to handle cidr.
* RETURNS: OK or ERROR
*/

void rangeToCidr(uint32_t from ,uint32_t to,
void (callback)(char *cidrNotation))
{
int cidrStart = 0;
int cidrEnd = MAX_CIDR_MASK - 1;
long newfrom;
long mask;
char fromIp[IP_BINARY_LENGTH];
char toIp[IP_BINARY_LENGTH];
struct in_addr addr;
char cidrNotation[MAX_CIDR_LEN];

memset (fromIp,0x0,sizeof(fromIp));
memset (toIp,0x0,sizeof(toIp));

if ( ipToBin(from,fromIp) != 0 )
return;
if ( ipToBin(to,toIp) != 0 )
return;

DEBUG ("from %lu to %lu\n", from,to);
DEBUG("from %s\n",fromIp);
DEBUG("to %s\n",toIp);

if(from < to ) { /* Compare the from and to address ranges to get the first * point of difference */ while(fromIp[cidrStart]==toIp[cidrStart]) cidrStart ++; cidrStart = 32 - cidrStart -1 ; DEBUG("cidrStart is %u\n",cidrStart); /* Starting from the found point of difference make all bits on the * right side zero */ newfrom = from >> cidrStart +1 << cidrStart +1 ; /* Starting from the end iterate reverse direction to find * cidrEnd */ while( fromIp[cidrEnd] == '0' && toIp[cidrEnd] == '1') cidrEnd --; cidrEnd = MAX_CIDR_MASK - 1 - cidrEnd; DEBUG("cidrEnd is %u\n",cidrEnd); if(cidrEnd <= cidrStart) { /* * Make all the bit-shifted bits equal to 1, for * iteration # 1. */ mask = pow (2, cidrStart ) - 1; DEBUG("it1 is %lu \n",newfrom | mask ); rangeToCidr (from , newfrom | mask, callback); DEBUG("it2 is %lu \n",newfrom | 1 << cidrStart); rangeToCidr (newfrom | 1 << cidrStart ,to ,callback); } else { addr.s_addr = htonl(newfrom); sprintf(cidrNotation,"%s/%d", inet_ntoa(addr), MAX_CIDR_MASK-cidrEnd); if (callback != NULL) callback(cidrNotation); } } else { addr.s_addr = htonl(from); sprintf(cidrNotation,"%s/%d",inet_ntoa(addr),MAX_CIDR_MASK); if(callback != NULL) callback(cidrNotation); } } /******************************************************************************* * * printNotation - This is an example callback function to handle cidr notation. * * RETURNS: */ void printNotation(char *cidrNotation) { printf("%s\n",cidrNotation); }
编译:

# gcc rangeToCidr.c -lm -o rang2cidr

Perl版本:

#!/usr/bin/perl -w
# range2cidr.pl

use Net::CIDR;
use Net::CIDR ':all';

if (@ARGV == 0) {
die "Usage Example: $0 192.168.0.0-192.168.255.255 \n";
}

print join("\n", Net::CIDR::range2cidr("$ARGV[0]")) . "\n";

合并CIDR:

#!/usr/bin/perl

use Net::CIDR::Lite;

my $cidr = Net::CIDR::Lite->new;

$cidr->add("202.38.175.0/24");
$cidr->add("202.38.174.0/24");
$cidr->add("202.38.173.0/24");
$cidr->add("202.38.172.0/24");
$cidr->add("202.38.171.0/24");
$cidr->add("202.38.170.0/24");
$cidr->add("202.38.169.0/24");
$cidr->add("202.38.168.0/24");

print "$_\n" for $cidr->list;
// 执行结果:202.38.168.0/21