Feb 9, 2015

Add Domain Users as Local Sudoers (Linux, Samba, Winbind)

My first thought was to add the domain user to the wheel group:

usermod -a -G wheel corpdev\\atwlam

Though it is possible to add domain user to wheel, the user is still unable to sudo.

CORPDEV\atwlam@sles12:~> sudo su -

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

root's password:

So the second option would be to add the domain user (or group, e.g. %corpdev\\linux_admins, note the double backslashes) to sudoers:

# visudo

%wheel ALL=(ALL) NOPASSWD: ALL
%corpdev\\linux_admins ALL=(ALL) NOPASSWD: ALL

And there you go, the domain user can now use sudo:

CORPDEV\atwlam@sles12:~> sudo su -
sles12:~ #

Posted by at No comments:

Jan 13, 2015

Bitmap index exclusive lock on table (oracle database)

Updating table with bitmap index creates an exclusive lock on table. But only happens in the scope of the same cardinality.

E.g. insert of "Y" and "N" into a bitmap index column can happen independently, but insert "N" and "N" in different session would create a deadlock.

-- create table t
create table t (processed_flag varchar2 (1));

-- create bitmap index on tcreate bitmap index t_idx on t (processed_flag);

set pagesize 5000;
set linesize 200;
col username format a10
col owner format a10
col object_name format a20
col machine format a20

-- view locking sessions
select t2.username, t3.owner, t3.object_name, t2.machine, t2.sid as sid, t2.serial#, t2.last_call_et, t2.program, t1.locked_mode from v$locked_object t1, v$session t2, dba_objects t3 where t1.session_id = t2.sid and t1.object_id = t3.object_id order by t2.logon_time;

-- 202, 75

-- view event of waiting locked session
select sid, event from v$session_wait where sid = 202;
select sid, event from v$session_wait where sid = 75;

-- view statement of current lock session
select /* + NO_MERGE (a) NO_MERGE (b) NO_MERGE (c) */ a.username, a.machine, a.sid, a.serial#, a.last_call_et "Seconds", b.id1, c.sql_text "SQL" from v$session a, v$lock b, v$sqltext c where a.username is not null and a.lockwait = b.kaddr and c.hash_value = a.sql_hash_value;
Posted by at No comments:

Nov 30, 2014

Manipulation of index in Oracle

Create table for testing
DROP TABLE "ATWLAM"."TABLE1";
CREATE TABLE "ATWLAM"."TABLE1" AS SELECT * FROM USER_OBJECTS;

Create Index
CREATE INDEX "ATWLAM"."I_TEST1" ON "ATWLAM"."TABLE1" ("OBJECT_ID") TABLESPACE "ATWLAM_INDEX";

Rebuild Index
ALTER INDEX "ATWLAM"."I_TEST1" REBUILD ONLINE;

Posted by at No comments:

Shell script to run rman backup in oracle

#!/bin/sh
export ORACLE_SID=orcl
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1
export ORACLE_BASE=/u01/app/oracle


rman target / << EOF
run {
    # configure retention policy to recovery window of 2 days;
    configure retention policy to redundancy 1;
    configure controlfile autobackup on;

    # crosscheck backup pieces
    crosscheck backup;
    crosscheck archivelog all;

    # delete expired backups
    delete noprompt expired backup;
    delete noprompt expired archivelog all;

    # backup database, archivelog, controlfile
    backup database plus archivelog;

    # verify database, archivelog, controlfile, and spfile
    restore database validate;
    restore archivelog all validate;
    restore controlfile validate;
    restore spfile validate;

    # force cleanup
    delete noprompt obsolete device type disk;

}
EOF

exit 0

Posted by at No comments:

Import and export in Oracle (imp/exp, impdp/expdp)

Create table for testing
create table atwlam.table1 as select * from user_objects;

Traditional import/export (network based)
-- import
exp userid=atwlam/password@orcl owner=atwlam file=/tmp/atwlam.exp log=/tmp/atwlam.log

-- export
imp userid=atwlam/password@orcl owner=atwlam file=/tmp/atwlam.exp log=/tmp/atwlam.log


Data Pump import export (host based)
-- create directory object
create or replace directory dump_dir as '/tmp';
grant read, write on directory dump_dir to atwlam;

-- data pump import
expdp atwlam/password@orcl schemas=atwlam directory=dump_dir dumpfile=atwlam.expdp logfile=atwlam.log

-- data pump export
impdp atwlam/password@orcl schemas=atwlam directory=dump_dir dumpfile=atwlam.expdp logfile=atwlam.log

Posted by at No comments:

Nov 29, 2014

Create a new schema (user, tablespace) in Oracle

------------------------------------------------------------------------
-- create tablespace
create smallfile tablespace atwlam_data
datafile '/u01/app/oracle/oradata/orcl/atwlam_data_1.dbf'
size 100m
autoextend on
next 10m
maxsize unlimited
logging
extent management local
segment space management auto;

-- resize a datafile
alter database datafile '/u01/app/oracle/oradata/orcl/atwlam_data_1.dbf' resize 200m

-- check tablespace status
select file_name, tablespace_name, (bytes/1024) size
from dba_data_files ;

------------------------------------------------------------------------

-- remove existing user and roles
drop user atwlam cascade;
drop user atwlam_user cascade;
drop role atwlam_rw;
drop role atwlam_ro;

-- create schema owner
create user atwlam identified by password
default tablespace atwlam_data
temporary tablespace temp
quota unlimited on atwlam_data
quota unlimited on atwlam_index;
grant connect, resource to atwlam;
alter user atwlam default role all

-- create application user.
create user atwlam_user identified by password
default tablespace atwlam_data
temporary tablespace temp;
grant connect to atwlam_user;
grant create table to atwlam_user;
grant create view to atwlam_user;
grant create any trigger to atwlam_user;
grant create any procedure to atwlam_user;
grant create sequence to atwlam_user;
grant create synonym to atwlam_user;

------------------------------------------------------------------------

-- create schema roles
create role atwlam_rw;
create role atwlam_ro;

grant atwlam_rw to atwlam_user;

-- create table
conn atwlam/password

create table test_tab (
id number,
description varchar2(50),
constraint test_tab_pk primary key (id)
);

-- grant table access to roles
grant select on test_tab to atwlam_ro;
grant select, insert, update, delete on test_tab to atwlam_rw;

-- create synonym from application user
sql> conn atwlam_user/password

create synonym test_tab for atwlam.test_tab;

------------------------------------------------------------------------

-- change default profile
alter profile default
limit
password_life_time unlimited
password_grace_time unlimited
password_lock_time unlimited
failed_login_attempts unlimited;


Posted by at No comments:

Using iSCSI Initiator on Centos 6

Install iSCSI initiator packages
yum install iscsi-initiator-utils
/etc/init.d/iscsid start
/etc/init.d/iscsi start
chkconfig iscsid on
chkconfig iscsi on

Edit iSCSI initiator config
cat << EOF >> /etc/iscsi/iscsid.conf
node.session.auth.username = USERNAME
node.session.auth.password = PASSWORD
discovery.sendtargets.auth.username = USERNAME
discovery.sendtargets.auth.password = PASSWORD
EOF

Discover iSCSI targets on network
iscsiadm --mode discovery --type sendtargets --portal 192.168.4.200:3260
iscsiadm -m discovery -t sendtargets -p 192.168.4.200:3260

Login to the iSCSI target
iscsiadm --mode node  --targetname iqn.2014-11.lan.puppet:san.target1 --login
iscsiadm -m node  -t iqn.2014-11.lan.puppet:san.target1 -l

Utilize the new disk
fdisk -l
fdisk /dev/sdc

Logout of the iSCSI target
iscsiadm --mode node  --targetname iqn.2014-11.lan.puppet:san.target1 --logout
iscsiadm -m node  -t iqn.2014-11.lan.puppet:san.target1 -u

Posted by at No comments:

Nov 19, 2014

Finding out command line parameters to a linux kernel module (modinfo)

Command line: 
  modinfo bonding

Output: 
  filename:       /lib/modules/2.6.32-400.36.4.el5uek/kernel/drivers/net/bonding/bonding.ko
  author:         Thomas Davis, tadavis@lbl.gov and many others
  description:    Ethernet Channel Bonding Driver, v3.6.0
  version:        3.6.0
  license:        GPL
  srcversion:     765520422A582FCDBFBC802
  depends:        ipv6
  vermagic:       2.6.32-400.36.4.el5uek SMP mod_unload modversions
  parm:           max_bonds:Max number of bonded devices (int)
  parm:           tx_queues:Max number of transmit queues (default = 16) (int)
  parm:           num_grat_arp:Number of gratuitous ARP packets to send on failover event (int)
  parm:           num_unsol_na:Number of unsolicited IPv6 Neighbor Advertisements packets to send on failover event (int)
  parm:           miimon:Link check interval in milliseconds (int)
  parm:           updelay:Delay before considering link up, in milliseconds (int)
  parm:           downdelay:Delay before considering link down, in milliseconds (int)
  parm:           use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int)
  parm:           mode:Mode of operation : 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp)
  parm:           primary:Primary network device to use (charp)
  parm:           primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp)
  parm:           lacp_rate:LACPDU tx rate to request from 802.3ad partner (slow/fast) (charp)
  parm:           ad_select:803.ad aggregation selection logic: stable (0, default), bandwidth (1), count (2) (charp)
  parm:           xmit_hash_policy:XOR hashing method: 0 for layer 2 (default), 1 for layer 3+4 (charp)
  parm:           arp_interval:arp interval in milliseconds (int)
  parm:           arp_ip_target:arp targets in n.n.n.n form (array of charp)
  parm:           arp_validate:validate src/dst of ARP probes: none (default), active, backup or all (charp)
  parm:           fail_over_mac:For active-backup, do not set all slaves to the same MAC.  none (default), active or follow (charp)
  parm:           all_slaves_active:Keep all frames received on an interfaceby setting active flag for all slaves.  0 for never (default), 1 for always. (int)
  parm:           resend_igmp:Number of IGMP membership reports to send on link failure (int)
Posted by at No comments:

Failed to get connection to session: Failed to connect to socket /tmp/dbus: Connection refused (virt-manager)

Problem: 
  virt-manager cannot be started after fresh install due to a bug on dbus.

Fix, recreate machine id: 
  dbus-uuidgen > /var/lib/dbus/machine-id

Ref: 
  http://bugs.centos.org/view.php?id=5334
  https://bugzilla.redhat.com/show_bug.cgi?id=598200
  http://nutanix.blogspot.com/2013/06/kvm-virt-manager-startup-failure.html
 
Posted by at No comments:

Nov 18, 2014

Interactive on RHEL / Centos 7 (grub2)

Edit boot entry
  At boot menu, press "e" to edit a boot entry, go to the line beginning with "linux".

Add "systemd.confirm_spawn=1", remove "rhgb quiet"
  linux16 /vmlinuz-3.10.0-123.9.3.el7.x86_64 root=/dev/mapper/ol-root ro crashkernel=auto vconsole.font=latarcyrheb-sun16 rd.lvm.lv=ol/swap rd.lvm.lv=ol/root vconsole.keymap=us rhgb quiet LANG=en_US.UTF-8 systemd.confirm_spawn=1

Continue to boot up linux
  Press ctrl-x to continue the boot process. The system will now ask interactively which services are to be started.
Posted by at No comments:
Subscribe to: Posts (Atom)