среда, 26 апреля 2017 г.

Скрытые команды на HP Procurve

Актуальность инфы - конец 2010 года, но сработало:


Hidden ProCurve commands

by Jeremy L. Gaddis on April 6, 2010 · 9 comments

in Networking

Instructions:

    log in (console, telnet, SSH, etc.) to the CLI
    type “edomtset” and hit enter
    type “edomtset” and hit enter (yes, again)
    the prompt will change from “#” to “$”
    hit ? to see what you can do
    type “exit” and hit enter when you’re done

Make sure you look at the last example (the 5400zl at the bottom)!

NOTE: Some of the formatting got screwed up when I copy/pasted, so I dumped the output to a text file for easier reading.

On an old ass ProCurve 2524 running F.05.72:

 display            Display the running/saved configuration.
 logout             Terminate this console/telnet session.
 DEBUGIO            Redirects output from all printf()'s to the screen
 FORCE_REDRAW       Forces the redraw of field labels in config screens
 LABprototype       Change LAB Prototype status
 MSGPoolshow        Dumps the MSG pool
 PKTPoolshow        Dumps the PKT pool
 BUFSHOW            Dumps a MSG or PKT buffer
 PKTpoolStatsShow   Show the PKT pool allocation statistics
 MSGpoolStatsShow   Show the MSG pool allocation statistics
 CRASHData          Show crash information
 LLshow             Detailed directory listing: llShow
 I                  Task Info
 CHECKSTACK         checkStack()
 SEMSHOW            semShow(semid) - semaphore show
 TASKSUSPEND        taskSuspend (taskId) - suspend a task
 TASKRESUME         taskResume (taskId) - resume a suspended task
 SVCINSTRSHOW       Show the SVC Instrumentation statistics
 VERsion            Display firmware version stamp
 ROMVERsion         Display ROM Version
 BOOTCOUNTER        Number of times this switch has been powered up.
 HReset             Hard Reset of the Switch
 STREBOOT           Reboot to Benchmode
 GETOS              GETOS
 UPDMAC             Update the MAC address (AABBCC-DDEEFF) :
 UPDMACNUM          Update the number of MAC addresses
 Read               Read memory: r [MOPT]
 WR                 Write memory: w [MOPT]
 FILL               Fill memory: fill [MOPT]
 UPDSN              Update the Serial Number
 UPDMFG             Update the specified manufacturing info
 CLRMFG             Clear the specified manufacturing info
 LED                Turn all possible LEDs [on|blink|off]
 SMode              Set Memory Mode: sm [-l -b -h -w -a -d
 NSRSHOW            Shows namespace statistic
 NSSHOW             Shows namespace objects info
 NSTASKSHOW         Show namespace info about tasks
 nvfserase          Erase all files in filesystem
 nvfsfill           Fill up the filesystem
 S_CFG              Display Cage: s_cfg
 UPGRADE
 DOWNGRADE
 CONFIGTest         Verify CLI generation/Xlate function
 X_D                Xcvr Register Dump
x_d

 X_TYPE             Xcvr Type Identification.  For transceiver ports only.
x_ty
 C_R                Read the specifed Port Counters
c_r

 MAC_SHOW           Show learned MAC addresses
mac_show [port number] [-n] [-s]

 IHWMACtableshow    Display the Infinity MAC table refcount info
 IHWPORTshow        Display the Infinity port state data
 IHWTRUNKshow       Display the Infinity trunk state data
 IHWVLANshow        Display the Infinity VLAN state data
 SNIFfer            Set Sniffer Port: snif   [sniff
 ADDBRIDGE          Add Bridge MAC addresses
 DELETEBRIDGE       Remove Bridge MAC addresses
 DUMPCNTRS          Dump hardware counters.
 PHYSHOW            Show Phy registers. Portnum.
 PHYWRITE           PhyWrite. Enter w/o args for help.
 PHYREAD            PhyWrite. Enter w/o args for help.
 RSAGENSTATUS       Display key generator status
 RSAGENSEM          Display key generator semaphore
 RSATRACE           Display key generator status
 RSAERRPRINT        Display key generator errors
 SSHCounters        show context collision and double-exit counters
 SSHLogLevel        Set log level
 syslogConfigShow   Display the syslog configuration
 syslogStatsShow    Display syslog stats

 exit               Return to the previous context or terminate current
                    console/telnet session if you are in the Operator context
                    level.
 show               Display switch operation information.

On a newer, but still sorta old 2650, running H.10.74:

 logout                Terminate this console/telnet session.
 DEBUGIO               Redirects output from all printf()'s to the screen
 FORCE_REDRAW          Forces the redraw of field labels in config screens
 LABprototype          Change LAB Prototype status
 UPTIMESHOW            Shows time the switch has been up
 DATAProtshow          Show information on all dataProt semaphores
 MSGPoolshow           Dumps the MSG pool
 PKTPoolshow           Dumps the PKT pool
 BUFSHOW               Dumps a MSG or PKT buffer
 PKTpoolStatsShow      Show the PKT pool allocation statistics
 MSGpoolStatsShow      Show the MSG pool allocation statistics
 PKTPoolDatashow       Dumps the PKT pool data
 PKTpoolcrashifless    Crash if pkt pool goes below this
 CRASHData             Show crash information
 CRASHLogfileshow      Show all recorded crash records
 CRASHLOGTest          Crash Log Test: crashLogTest -[b][i][I][s][f][a][o][u]b = Bus/Address
                       Error, i = Infinite loop with tasks locked, I = HW watchdog resets =
                       task Infinite loop, f = FATAL, a = ASSERTo = operation fault (illegal
                       inst.) u = unaligned instr
 CRASHLOGClear         Clear Crash Log: crashLogClear
 EVENTLogfileshow      Show contents of the event log file
 LLshow                Detailed directory listing: llShow
 UPDMAC                Update the MAC address (AABBCC-DDEEFF) :
 UPDMACNUM             Update the number of MAC addresses
 Read                  Read memory: r [MOPT]
 WR                    Write memory: w [MOPT]
 FILL                  Fill memory: fill [MOPT]
 UPDSN                 Update the Serial Number
 UPDMFG                Update the specified manufacturing info
 CLRMFG                Clear the specified manufacturing info
 LED                   Turn all possible LEDs [on|blink|off]
 SMode                 Set Memory Mode: sm [-l -b -h -w -a -d -n -i -c
                       -s] Set default memory operation modes (MOPT).
 dType                 debug type set/clear
 VALIDTASK_INFO        Display validation task info
 PDSHOW                Show various PowerDsine information
 PDPOWER               Set PowerDsine Power Supply Value
 PDCAP                 Set PowerDsine Capacitor Detection
 PDDISCON              Set PD33000 AC/DC Detection Mode
 POE_PORT              Set user configurable port parameters.
 POE_STATUS_PORT       Display port statistics and measurements.
 POE_DEBUG             Change the POE Debug level.
 POE_READ_EPS          Read from the specified EPS register.
 POE_WRITE_EPS         Write to the specified EPS register.
 POE_SLOT_UP           Enable a slot for POE functionality.
 POE_START             Enable POE Mgr polling.
 POE_STOP              Disable POE Mgr polling.
 POE_EPS_TIMEOUT       Enable/Disable EPS timeout.
 POE_EPS_COMM_INIT     Send the reset/init sequence to the I2C micro.
 POE_PD_CHECK_ALIVE    Test to see if the Tweety PD is alive.
 POE_PD_INIT           Hard init the PD unit.
 POE_PD_FACTORY        Restore the PD unit to factory defaults.
 POE_EPS_SIGNAL        Simulate and EPS Int.
 POE_EPS_DEBUG         Enable/Disable EPS debug timeout.
 CHASSISshow           Show various chassis information
 S_CFG                 Display Cage: s_cfg
 WATCHDOG              set watchdog parameters
 MEMWATCH              set the wp
 CHIPVER               Prints the Chip Versions
 RPSset                Set a wanted RPS state
 I2CREAD               Read from the specified PPC I2C device and register
 I2CWRITE              Write to the specified PPC I2C device and register
 UPGRADE
 DOWNGRADE
 VALIDTASK_SLAVEINFO   Display validation task slave side info
 XCVRRECSHOWCMD        Print out Transceiver init info.
 CONFIGTest            Verify CLI generation/Xlate function
 P_BCNTRCLR            Clear all counters for unit/port
 P_BCNTRCLRALL         Clear all counters in context.
 DROPCOUNT             Online diag to get stacklink drop counts.
 BCM                   Broadcom Debug: bcm
 UNIT_INIT             Recommended Usage: [slot ] unit_init
 UNIT_UPDATE           Recommended Usage: [slot ] unit_update
 UNIT_LINK             Checks link state of slot's ports
 dsnoopShow            Display dsnoop configuration
 DARPPShow             Display darpp configuration
 DARPPEnable           Enable darpp global configuration
 DARPPDisable          Disable darpp global configuration
 PORTMapshow           Show the mapping between hardware/chip ports and software/logical
                       ports
 GAMSLAVEHWMCASTshow   Display gam slave mcast tables
 GAMHWPORTshow         Display the gam slave port tables
 GAMHWPROBEshow        Display the gam slave probe tables
 GAMHWTRUNKshow        Display the gam slave trunk tables
 GAMHWVLANshow         Display the gam slave vlan tables
 GAMREFCNTMCASTshow    Display gam mcast reference counts
 ADDRMGRHASH           Generate the hash index for a mac/vid
 ADDRMGRMcastinfoshow  Display addrmgr info on multicast
 ADDRMGRFilterinfos... Display addrmgr info on filters
 ADDRMGRFEATURESinf... Display addrmgr info on features
 ADDRMGRCOSinfoshow    Display addrmgr info on COS
 ADDRMGRPORTSECurit... Display addrmgr info on port security
 ADDRMGRTrunkinfoshow  Display addrmgr info on trunks
 ADDRMGRMeshinfoshow   Display addrmgr info on meshs
 ADDRMGRVlaninfoshow   Display addrmgr info on vlan
 ADDRMGRPortinfoshow   Display addrmgr info on port
 ADDRMGRProbeinfoshow  Display addrmgr info on probe port
 ADDRMGRMOVEList       L2 move list
 MACSlearnt
 DISABLE_LEARNS        disable all learns on the switch
 ENABLE_LEARNS         enable learns again on the switch
 ADDRMGRMASTERMACta... Display the master copy of MAC table
 ADDRMGRSEARCHMacSu... Displays all addrs that match sub str
 ADDRMGRMACTABLEInf... Displays MAC table counters
 ADDRMGRHW_Learns      Display distribution of learns on HW
 ADDRMGRCHECKaddrta... Check the software/hardware tables
 GAMMCASTshow          Display the gamma mcast tables
 GAMTRUNKshow          Display the gamma master trunk tables
 GAMHWGROUPshow        Display the gamma mcast hwGroup table
 SNIFfer               Set Sniffer Port: snif   [sniffed port]
                       ...
 LACPAggregatorinfo... Display LACP info on Aggregators
 LACPPortinfoshow      Display LACP info on Ports
 LACPClearpducounters  Clear Rx and Tx PDU counters
 LACPResourceCleaning  Remove port from trunk or remove trunk
 PA                    PA  show [port-number] [counters] set [port-number]
                       [disable|enable|var-name ] init [port-number] [counters]
 PAS                   PAS  show [port-number] set [port-number]
                       [disable|enable|var-name ] init [port-number]
 PMGRTRKcfgshow        Displays the Trunk Cfg Information
 PMGRPPtableshow       Displays the Physical Port table
 PMGRPPtableshowAll    Displays all the Physical Port table
 PMGRLPtableshow       Displays the Logical Port table
 PMGRLPtableshowAll    Displays all the Logical Port table
 PMGRTRUnktableshow    Displays the Trunk table
 PMGRPOrtmapsshow      Displays all global PMGR port maps
 LPMGRDisablelogica... Disable logical port for specified number of seconds
 PORTSECShow           show port security info
 ENABLEPCMDS           Enable the rest of the P-command set.
 statistics            Shows internal statistics.
 transceivers          Shows transceiver properties.
 SNMPCounters          Shows all SNMP port counters.
 DUMPCNTRS             Dump hardware counters.
 NEGINIT               Init link logging
 NEGLINK               Enable disable link logging
 NEGFAULTS             Show neg faults
 NEGLOSSLOG            Show neg faults
 NEGLINKLOG            Show neg faults
 NEGCLEARLOG           Clear link and loss logs
 SPORTRECSHOW          Display PPMGR Slave Port Record: Sportrecshow [portNum].
 BCMSCHANMEMERRCHKCMD  Check the count of s-chan errs.
 DEAD_PHY_CHECK_CMD    Setup a dead phy situation - check FFI .
 PHYSHOW               Show Phy/SFP/X2 registers.
 PHYWRITE              PhyWrite.
 PSP                   Suspends physical port manager and its monitor task.
 FFSHOW                Show Fault Finder data structs
 TRACESET              Enable tracing feature
 HSTEST                Test ppmgr hotswap cleanup.
 XCVRI2CWRITE          Testing transceiver i2c write capabilities.
 XCVRI2CREAD           Testing transceiver i2c read capabilities.
 XCVRI2CREADALL        Reading ALL i2c regs and banks!
 GENDRVSLVREAD         Read the generic driver info for a port #.
 VLANInfoshow          Information about all vlans
 VLSCOUNTersshow       Show VLS counters
 vlsClearCounters      Clear / Zero VLS counters
 PORTVLANinfoshow      Information about vlan ports
 PORTEGRESSlistshow    Information on Port Egress List
 VOICEVLANShow         Information on voice vlan
 TPVIDshow             List temporary Pvid Information
 VLANAttrShow          List attributes for specified VLAN
 IPAMTImesliceshow     Show information about ipAddrmgr time slice.
 IPASShowtech          Show tech information for IP address manager slave
 IPASRtblshow          Display ipAddrMgr Slave route descr table
 IPASHTblshow          Display the ipv4 host table
 IPASHStatsshow        Display ipAddrMgr host table stats.
 IPASNtblshow          Display the network route table
 IPSLAVEINTerfacema... Displays information about the interface manager.
 IPSLAVEIPASICprofi... This command profiles the asic routines performance.
 IPSLAVEASICUsageshow  Shows usage information for the routing ASIC.
 IPSLAVEChangeverif... Changes the verification mode of the verifyHWSWTables() function.
 ffpResourceCheck      Calculates the number of rules required for an L4 port range,

 IPASBcml3status       Shows current L3 hardware status
 ACLListShow           Show the ACLs that are currently configured in hw
 IPAMSHowtech          Show tech information for IP address manager master
 IPAMExceptioncntshow  Display exception counters
 IPAMRAdixtreeshow     Show the contents of the radix tree
 IPAMRDTOtalshow       Show Route table total counts
 IPAMRDCountshow       Route table cache entry counts for route
 IPAMGENmsgstatsshow   Show IP Addr Mgr general message stats
 IPAMMsgstatsshow      Show IP Addr Mgr message stats
 IPAMSTATShow          Show IP Addr Mgr message stats
 IPAMSTATReset         Reset IP Addr Mgr message stats
 ARPshow               Display arp cache
 arpFlush              Clear the arp cache
 IPshow                Display switch ip tables
 IPRATElimitshow       Display rate limiting statistics for ICMP and broadcast forwarding
 IPROUTELEAKshow       Display route redistribution config info
 ipStaticOffListShow   Disply contents of static off list.
 IFshow                Display the attached IP network interfaces
 ICMPSTATshow          Display statistics for ICMP
 INETSTATshow          Display active connections for IP sockets
 IPSTATshow            Display IP BSD statistics
 IPHPStatshow          Show more ip routing stats.
 MBUFshow              Display mbuf statistics
 NETDPOOLshow          Display data sys pool status
 NETSYSPOOLshow        Display net sys pool status
 TCPSTATshow           Display all statistics for the TCP protocol
 UDPSTATshow           Display statistics for the UDP protocol
 ROUTEshow             Display host and network routing tables
 ROUTEWALKshow         Display active IP routing table
 routeWalkStatsShow    Display statistics about routes in the Patricia tree.
 ROUTEWALKshowwithARP  Disply active IP routing table including ARP entries.
 ROUTEWALKALLshow      Display full IP routing table
 routeWalkFilterShow   Display all routes in table that match specified mask & key.
 ROUTEMEMshow          Display routing table memory statistics
 ARPTABshow            ARP Tab show
 RAWPCBshow            RAW pcb show
 MULTIADD              Add multinet addr:
 MULTIDEL              Delete multinet addr:
 MULTIShow             Show multinet addr(s):  []
 ACLAddDipld           configure a DIPLD ACL in hw
 ACLRemoveDipld        remove a DIPLD ACL from hw
 ACLTimerSet           set the acl logging timer (mSec)
 IGMPTimershow         Information about all IP multicast group timers
 IGMPVlanshow          Information about IGMP VLAN information
 IGMPCountershow       Information about IGMP counters
 DHCPCOUNTERSshow      Display dhcp counters
 UDPFSTATINFO          Display the Counters for UDP Forwarding and DHCP Relay Agent.
 RSAGENSTATUS          Display key generator status
 RSAGENSEM             Display key generator semaphore
 RSATRACE              Display key generator status
 RSAERRPRINT           Display key generator errors
 SSHCtxtlist           Display complete context list
 SSHFdsetShow          Display ssh fd_set queues
 SSHLogLevel           Set log level
 SSHSessionDump        Display session data
 SSHVersionString      Set version string
 httpShowSocketPool    Display HTTP socket pool
 httpdatatest          Uncompress HTML data and show
 httpauthtest          Send fake auth done message
 SSLDEFAULT            set SSL to out-of-box defaults
 SSLSHOW               Show SSL mib object values
 SSLMIBTEST            Test SSL MIB
 CERTMIBTEST           Test Cert MIB
 SSLDATA               Show SSL PCB data structure
 SSLCERT               Show SSL certificate
 SSLCAREQSHOW          Show CA request
 CERTCREATE            Create new certificate with dummy fields
 CERTSHOW              Show current certificate in memory
 CERTFLASHSHOW         Show saved certificate in flash (PEM bytes)
 CERTKEYCREATE         Create certificate key and save to flash
 CERTKEYFLASHSHOW      Show saved certificate private key in flash
 CERTNEWCERTMIBSHOW    Show contents of new cert mib object
 GStateDisplay         Displays the garp state of the port
 GVRPPConfig           GVRP Port Configuration (Learn/Block/Disable)
 GVRPPState            GVRP Port State (RegState - Fixed/No/Normal)
 GVRPSTat              GVRP Statistics
 RSTPPortinfoshow      Display Rapid STP info on Ports
 RSTPBridgeinfoshow    Display Rapid STP info on Bridge
 RSTPRootHistoryShow   Display Root Change history known on the Bridge
 RSTPDetBridgeShow     Display detailed statistics info for the Bridge
 RSTPDetPortShow       Display detailed statistics info for the port
 RSTPClrDetBridgeShow  Clear Bridge's detailed statistics counters
 RSTPClrDetPortShow    Clear Port's detailed statistics counters
 RSTPFlushholdshow     Display flush hold timer info
 RSTPFlushholdset      Set l2 and l3 flush hold timer
 LOOPPROTECTshow       show internal loop protect information
 RDISCshow             Display router discovery status
 RDISCsendbcastsoli... Send a broadcast router solicit
 RDISCsendmcastsoli... Send a multicast router solicit
 rdiscTxTraceEnable    Enable display of pkts Tx by RDISC
 rdiscTxTraceDisable   Disable display of pkts Tx by RDISC
 rdiscRxTraceEnable    Enable display of pkts Rx by RDISC
 rdiscRxTraceDisable   Disable display of pkts Rx by RDISC
 idmAclShow            Show IDM ACLs.
 wmatraceenable        Enable debug tracing options
 wmatracedisable       Enable debug tracing options
 webmacauthdefault     Clear web and MAC auth config records (all ports)
 macauthstart          Start MAC Auth
 macauthConfigshow     Show MAC auth config
 macauthstatusshow     Show MAC Auth status
 LWIPSTATS             LWIP TCP/IP stack status
 wmaDhcpShow           Show DHCP server status
 autzShow              Display Authorization info (use "help" to see all cmds)
 syslogConfigShow      Display the syslog configuration
 syslogStatsShow       Display syslog stats
 mlshow                Display mac lockdown and lockout info
 cdp_show              Show cdp packet information
 lldpShow              Show lldp information
 lldpRecordsClear      clear lldp neighbor information
 lldpClearCounters     clear lldp rx and tx counters
 sntp_show             Show recent sntp status

 boot                  Reboot the device.
 clear                 Clear table/statistics or authorized client public keys.
 configure             Enter the Configuration context.
 copy                  Copy datafiles to/from the switch.
 debug                 Enable/disable debug logging.
 end                   Return to the Manager Exec context.
 erase                 Erase the configuration file stored in flash or the primary/secondary
                       flash image.
 getMIB                Retrieve and display the value of the MIB objects specified.
 kill                  Kill other active console, telnet, or ssh sessions.
 log                   Display log events.
 page                  Toggle paging mode.
 print                 Execute a command and redirect its output to the device channel for
                       current session.
 redo                  Re-execute a command from history.
 reload                Warm reboot of the switch.
 repeat                Repeat execution of a previous command.
 setMIB                Set the value of a MIB object.
 setup                 Enter the 'Switch Setup' screen for basic switch configuration.
 telnet                Initiate an outbound telnet session to another network device.
 terminal              Set the dimensions of the terminal window.
 update                Enter Monitor ROM Console.
 walkMIB               Walk through all instances of the object specified displaying the MIB
                       object names, instances and values.
 write                 View or save the running configuration of the switch.

 enable                Enter the Manager Exec context.
 exit                  Return to the previous context or terminate current console/telnet
                       session if you are in the Operator context level.
 link-test             Test the connection to a MAC address on the LAN.
 logout                Terminate this console/telnet session.
 menu                  Change console user interface to menu system.
 ping                  Send IP Ping requests to a device on the network.
 show                  Display switch operation information.
 traceroute            Send traceroute to a device on the network.

And now, on the 5400zl running K.13.71:

HOSTNAME# edomtset
HOSTNAME# edomtset
ATTENTION: You are entering a diagnostic mode on this product that is HP
Confidential and Proprietary. This mode, the commands and functionality
specific to this mode, and all output from this mode are HP Confidential
and Proprietary. You may use this mode only by specific permission of, and
under the direction of, an HP support engineer or HP technical engineer.
Unauthorized or improper use of this mode will be considered by HP to be
unauthorized modification of the product, and any resulting defects or
issues are not eligible for coverage und er the HP product warranty or any
HP support or service.  UNAUTHORIZED OR IMPROPER USE OF THIS MODE CAN
MAKE THE PRODUCT COMPLETELY INOPERABLE.

HOSTNAME$ exit
HOSTNAME#

четверг, 20 апреля 2017 г.

Мониторинг MySQL нод кластера с балансировщика Haproxy (один из вариантов)

При включении на haproxy мониторинга состояния нод MySQL методом без имени пользователя, хосты в мониторинге будут в UP'е, но не долго, так как не осуществляется корректное закрытие сессии. При этом просто добавить пользователя (без пароля!!!) сходу не получится.
Предварительно необходимо внести изменения в структуру БД.

ALTER TABLE mysql.user MODIFY COLUMN `ssl_cipher` BLOB NULL;
ALTER TABLE mysql.user MODIFY COLUMN `x509_issuer` BLOB NULL;
ALTER TABLE mysql.user MODIFY COLUMN `x509_subject` BLOB NULL;
ALTER TABLE mysql.user MODIFY COLUMN `authentication_string` TEXT NULL;

после этих операций можно добавить нужного пользователя с указанием хостов кластера (имена FQDN), который будет проверять состояние сервиса MySQL

INSERT INTO user (Host,User) values ('ru1mysqlfr01.domain.local','mysqlcheck');
INSERT INTO user (Host,User) values ('ru1mysqlfr02.domain.local','mysqlcheck');
flush privileges;

правим конфиг haproxy. В результате получаем что-то вроде такого:
sudo vi /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats
listen ru1mysqlvip_220_3306
        bind *:3306
        mode tcp
        timeout client  10800s
        timeout server  10800s
        balance leastconn
        option mysql-check user mysqlcheck # Будет идти проверка
        default-server port 3307 inter 2s downinter 5s rise 3 fall 2 slowstart 60s maxconn 64 maxqueue 128 weight 100
        server ru1mysqlfr01 192.168.196.241:3307 check
        server ru1mysqlfr02 192.168.196.237:3307 check



Отдельно для мониторинга состояния сервисов:
listen stats :9000  # Listen on localhost:9000
mode http
stats enable  # Enable stats page
stats hide-version  # Hide HAProxy version
stats realm Haproxy\ Statistics  # Title text for popup window
stats uri /haproxy_stats  # Stats URI
stats auth login:password  # Authentication credentials

среда, 19 апреля 2017 г.

Расширение корневого раздела LVM (CentOS 7)

Для расширения LVM раздела подготовлены два партишена (расширение диска и новый диск).

пользоваться буду SSM - system storage manager
yum install system-storage-manager

проверяем текущее состояние дисков:
ssm list
-----------------------------------------------------------------------------
Device          Free      Used      Total  Pool                   Mount point
-----------------------------------------------------------------------------
/dev/fd0                          4.00 KB
/dev/loop0                      100.00 GB
/dev/loop1                        2.00 GB
/dev/sda                         16.00 GB                         PARTITIONED
/dev/sda1                       500.00 MB                         /boot
/dev/sda2    0.00 KB  15.51 GB   15.51 GB  centos_ru1linuxtest02
/dev/sdb                         24.00 GB
/dev/sdb1   36.00 MB  15.96 GB   16.00 GB  centos_ru1linuxtest02
/dev/sdb2                         8.00 GB
/dev/sdc                         16.00 GB
/dev/sdc1                         1.00 KB
-----------------------------------------------------------------------------
------------------------------------------------------------------
Pool                   Type  Devices      Free      Used     Total
------------------------------------------------------------------
centos_ru1linuxtest02  lvm   2        36.00 MB  31.47 GB  31.50 GB
------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------
Volume                           Pool                   Volume size  FS     FS size       Free  Type    Mount point
-------------------------------------------------------------------------------------------------------------------
/dev/centos_ru1linuxtest02/root  centos_ru1linuxtest02     29.87 GB  xfs   29.86 GB   25.08 GB  linear  /
/dev/centos_ru1linuxtest02/swap  centos_ru1linuxtest02      1.60 GB                             linear
/dev/loop0                                                100.00 GB  xfs    9.99 GB    9.99 GB
/dev/sda1                                                 500.00 MB  xfs  496.67 MB  283.60 MB  part    /boot
-------------------------------------------------------------------------------------------------------------------
новые диски присутствуют, но не используются.

добавляем их в LVM
ssm add -p centos_ru1linuxtest02 /dev/sdb2
  Physical volume "/dev/sdb2" successfully created.
  Volume group "centos_ru1linuxtest02" successfully extended
ssm add -p centos_ru1linuxtest02 /dev/sdc1
  Physical volume "/dev/sdc1" successfully created.
  Volume group "centos_ru1linuxtest02" successfully extended

и расширяем полезное пространство

ssm resize -s+24G /dev/centos_ru1linuxtest02/root
  Size of logical volume centos_ru1linuxtest02/root changed from 29.87 GiB (7646 extents) to 53.87 GiB (13790 extents).
  Logical volume centos_ru1linuxtest02/root successfully resized.

результат:
ssm list
-----------------------------------------------------------------------------
Device          Free      Used      Total  Pool                   Mount point
-----------------------------------------------------------------------------
/dev/fd0                          4.00 KB
/dev/loop0                      100.00 GB
/dev/loop1                        2.00 GB
/dev/sda                         16.00 GB                         PARTITIONED
/dev/sda1                       500.00 MB                         /boot
/dev/sda2    0.00 KB  15.51 GB   15.51 GB  centos_ru1linuxtest02
/dev/sdb                         24.00 GB
/dev/sdb1    0.00 KB  16.00 GB   16.00 GB  centos_ru1linuxtest02
/dev/sdb2   28.00 MB   7.97 GB    8.00 GB  centos_ru1linuxtest02
/dev/sdc                         16.00 GB
/dev/sdc1    0.00 KB  16.00 GB   16.00 GB  centos_ru1linuxtest02
-----------------------------------------------------------------------------
------------------------------------------------------------------
Pool                   Type  Devices      Free      Used     Total
------------------------------------------------------------------
centos_ru1linuxtest02  lvm   4        28.00 MB  55.47 GB  55.50 GB
------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------
Volume                           Pool                   Volume size  FS     FS size       Free  Type    Mount point
-------------------------------------------------------------------------------------------------------------------
/dev/centos_ru1linuxtest02/root  centos_ru1linuxtest02     53.87 GB  xfs   29.86 GB   25.07 GB  linear  /
/dev/centos_ru1linuxtest02/swap  centos_ru1linuxtest02      1.60 GB                             linear
/dev/loop0                                                100.00 GB  xfs    9.99 GB    9.99 GB
/dev/sda1                                                 500.00 MB  xfs  496.67 MB  283.60 MB  part    /boot
-------------------------------------------------------------------------------------------------------------------

df -h
Filesystem                              Size  Used Avail Use% Mounted on
/dev/mapper/centos_ru1linuxtest02-root   54G  4.8G   50G   9% /


вторник, 18 апреля 2017 г.

Дисковые разделы с Parted (CentOS7)

В мемориззз.
после рескана дисков они появляются в разделе SCSI host:
lsscsi -s
[1:0:0:0]    cd/dvd  NECVMWar VMware IDE CDR10 1.00  /dev/sr0        -
[2:0:0:0]    disk    VMware   Virtual disk     1.0   /dev/sda   17.1GB
[2:0:1:0]    disk    VMware   Virtual disk     1.0   /dev/sdb   25.7GB
[2:0:2:0]    disk    VMware   Virtual disk     1.0   /dev/sdc   17.1GB

теперь их нужно подготовить (для последующего расширения LVM раздела).
# parted

(parted) select /dev/sdb
Using /dev/sdb

(parted) print
Disk /dev/sdb: 25.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number  Start   End     Size    File system  Name  Flags
 1      1049kB  17.2GB  17.2GB

Создаем раздел, так как на этом диске уже есть один раздел, нужно внимательно смотреть на стартовый номер блока - он будет "концом" предыдущего раздела (Start? 17.2GB = End 17.2GB). А конец создаваемого раздела равен максимальной емкости диска (25.8GB), если, конечно, мы хотим использовать диск полностью.
(parted) mkpart
Partition name?  []?
File system type?  [ext2]? ext4
Start? 17.2GB
End? 25.8GB

команды (parted) resizepart может и не быть!

получили 2 раздела:
Number  Start   End     Size    File system  Name  Flags
 1      1049kB  17.2GB  17.2GB
 2      17.2GB  25.8GB  8589MB

Теперь новый диск (/dev/sdc):
parted /dev/sdc
GNU Parted 3.1
Using /dev/sdc

(parted) print
Error: /dev/sdc: unrecognised disk label
Model: VMware Virtual disk (scsi)
Disk /dev/sdc: 17.2GB

у диска нет метки (label), нужно его пометить, а потом разметить:
(parted) mklabel gpt

(parted) mkpart
Partition name?  []?
File system type?  [ext2]? ext4
Start? 1
End? 17.2GB

(parted) print
Model: VMware Virtual disk (scsi)
Disk /dev/sdc: 17.2GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number  Start   End     Size    File system  Name  Flags
 1      1049kB  17.2GB  17.2GB

теперь есть разделы /dev/sdb2 (8Gb) и /dev/sdc1 (17Gb)

понедельник, 17 апреля 2017 г.

Linux (CentOS 7) hard disk rescan (add new disk, expand present disk)

В меморизз, как пересканировать диски при добавлении или изменении размера (под виртуализацией).
начальное состояние (два диска в LVM):
lsscsi -s
[1:0:0:0]    cd/dvd  NECVMWar VMware IDE CDR10 1.00  /dev/sr0   -
[2:0:0:0]    disk    VMware   Virtual disk     1.0   /dev/sda   17.1GB
[2:0:1:0]    disk    VMware   Virtual disk     1.0   /dev/sdb   17.1GB

ищем "системный класс" устройств SCSI
grep mpt /sys/class/scsi_host/host?/proc_name
получаем: /sys/class/scsi_host/host2/proc_name:mptspi
это host2

Для добавленного нового диска
echo "- - -" > /sys/class/scsi_host/host2/scan
 проверяем
[root@ru1linuxtest02 mik17]# lsscsi -s
[1:0:0:0]    cd/dvd  NECVMWar VMware IDE CDR10 1.00  /dev/sr0        -
[2:0:0:0]    disk    VMware   Virtual disk     1.0   /dev/sda   17.1GB
[2:0:1:0]    disk    VMware   Virtual disk     1.0   /dev/sdb   17.1GB
[2:0:2:0]    disk    VMware   Virtual disk     1.0   /dev/sdc   17.1GB

Для диска с расширенным местом (диск sdb - он же [2:0:1:0])
echo 1 > /sys/class/scsi_device/2\:0\:1\:0/device/rescan
проверяем
[root@ru1linuxtest02 mik17]# lsscsi -s
[1:0:0:0]    cd/dvd  NECVMWar VMware IDE CDR10 1.00  /dev/sr0        -
[2:0:0:0]    disk    VMware   Virtual disk     1.0   /dev/sda   17.1GB
[2:0:1:0]    disk    VMware   Virtual disk     1.0   /dev/sdb   25.7GB
[2:0:2:0]    disk    VMware   Virtual disk     1.0   /dev/sdc   17.1GB

вторник, 11 апреля 2017 г.

Удаленный вход для MySQL v.5.7.17 (в кластере v.7.5.5) (remote login MySQL)

Смотрим на прослушиваемые сервисы:
netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1054/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1054/sshd
tcp6       0      0 :::3306                 :::*                    LISTEN      1866/mysqld

при попытке зайти удаленно получаем отлуп:
mysqladmin -h _ip_or_hostname_ version
mysqladmin: connect to server at 'ip' failed
error: 'Host 'hostname' is not allowed to connect to this MySQL server'

делается "изнутри" самого сервиса:
коннектимся под правильной учеткой и добавляем пользователя с удаленным доступом
CREATE USER 'remote_user'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'remote_user'@'%' WITH GRANT OPTION;
flush privileges;

теперь под этим суперпользователем можно залезть в базу откуда угодно. Да здравствует безопасность!

понедельник, 10 апреля 2017 г.

Сброс root пароля в MySQL v.5.7.17 (в кластере v.7.5.5) (Reset root password MySQL)

Reset root password MySQL
mysqladmin version
   Server version          5.7.17-ndb-7.5.5-cluster

Останавливаем сервис mysqld
sudo systemctl stop mysqld

проверяем его статус
systemctl status mysqld
   Active: inactive (dead)

правим файл /etc/my.cnf
в раздел
   [mysqld]
дописываем
   skip-grant-tables
сохраняемся и перезапускаем сервис mysqld
sudo systemctl start mysqld

проверяем статус, когда он будет в состоянии
   Active: active (running)
логинимся клиентом под root'ом

проверяем наличие таблицы
mysql> SELECT user,authentication_string FROM mysql.user;
+-----------+-------------------------------------------+
| user      | authentication_string                     |
+-----------+-------------------------------------------+
| root      | *ХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХХ|
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+-------------------------------------------+
2 rows in set (0.00 sec)

пишем наш новый пароль на root'а
update mysql.user set authentication_string=PASSWORD('new_password') where User='root';
флашим привилегии

перезапускаем сервис
sudo systemctl restart mysqld


пятница, 7 апреля 2017 г.

Добавление Adobe Flash Player'а в MS Windows Server 2016

Все достаточно просто (как оказывается):
cmd с Админскими привелегиями и:

dism /online /add-package /packagepath:”C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum”


четверг, 6 апреля 2017 г.

Troubleshooting Старт MariaDB 10.0.30-1.el7 (MySQL) с ошибкой

Сразу после установки на свежую систему не стартовал сервис СУБД. При ручном старте вывалилось:
/etc/init.d/mysql start
Starting MySQL. ERROR!
при проверке журнала сервисов данных о сервисе нет:
journalctl -u mariadb.service
-- No entries --
там же сообщения об ошибках:
journalctl --priority=err
Mar 30 04:42:48 ru1linuxdns01 systemd[1]: Failed to start LSB: start and stop MySQL.
хоть что-то про MySQL.
в журнале системных сообщений есть данные только про установку сервиса:
less /var/log/messages
...
Mar 30 04:27:43 ru1linuxdns01 systemd: Reloading.
Mar 30 04:27:52 ru1linuxdns01 yum[2340]: Installed: MariaDB-server-10.0.30-1.el7.centos.x86_64
Mar 30 04:27:53 ru1linuxdns01 yum[2340]: Installed: MariaDB-compat-10.0.30-1.el7.centos.x86_64
Mar 30 04:27:53 ru1linuxdns01 yum[2340]: Installed: MariaDB-shared-10.0.30-1.el7.centos.x86_64
Mar 30 04:27:54 ru1linuxdns01 yum[2340]: Installed: MariaDB-devel-10.0.30-1.el7.centos.x86_64
Mar 30 04:27:54 ru1linuxdns01 yum[2340]: Erased: 1:mariadb-libs-5.5.52-1.el7.x86_64

в статусе сервиса:
systemctl status mysql.service
● mysql.service - LSB: start and stop MySQL
   Loaded: loaded (/etc/rc.d/init.d/mysql; bad; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2017-03-30 04:42:48 EDT; 19min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 955 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE)
Mar 30 04:42:46 ru1linuxdns01 systemd[1]: Starting LSB: start and stop MySQL...
Mar 30 04:42:46 ru1linuxdns01 mysql[955]: Starting MySQL170330 04:42:46 mysqld_safe Logging to '/var/lib/mysql/ru1linuxdns01.err'.
Mar 30 04:42:46 ru1linuxdns01 mysql[955]: .170330 04:42:46 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Mar 30 04:42:46 ru1linuxdns01 mysql[955]: /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1)
Mar 30 04:42:48 ru1linuxdns01 mysql[955]: ERROR!
Mar 30 04:42:48 ru1linuxdns01 systemd[1]: mysql.service: control process exited, code=exited status=1
Mar 30 04:42:48 ru1linuxdns01 systemd[1]: Failed to start LSB: start and stop MySQL.
Mar 30 04:42:48 ru1linuxdns01 systemd[1]: Unit mysql.service entered failed state.
Mar 30 04:42:48 ru1linuxdns01 systemd[1]: mysql.service failed.

при этом, файл регистрации ошибок не создался:
less /var/lib/mysql/ru1linuxdns01.err
/var/lib/mysql/ru1linuxdns01.err: No such file or directory

но вот данные об ошибке:
... /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1)

Поиск по данной проблеме выдал ссылку на проблему с SELinux, которую разработчики MariaDB обещали поправить в версии 10.0.30
Как видно проблему так и не закрыли (о чем есть записи в их Jira).

Решение: отключение SELinux
vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=minimum

reboot




среда, 5 апреля 2017 г.

Troubleshooting установка HP iMC ошибка доступа к базе MS SQL

Во время установки системы управления и мониторинга HP iMC в самой простой конфигурации (для тестовых нужд), на Windows Server 2016, возникла ошибка доступа приложения к СУБД MS SQL 2008 Express, которая шла в комплекте с ПО. Соединение шло с учетной записью sa на localhost. В логе ошибок присутствовала такая запись:
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair".
...
То есть приложение пыталось установить защищенное SSL соединение, но не смогла "договориться" о первичных DH ключах.

По ответу саппорта, это связано с двумя профилями шифрования (из нескольких десятков):
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Это часть ОС!

для решения вопроса необходимо:
- вызвать оснастку gpedit.msc
- перейти в контейнер Computer Configuration > Administrative Templates > Network > SSL Configuration Settings
- включить настройку SSL Cipher Suite Order = Enable
- перезагрузиться.

После перезагрузки отредактировать в regedit ветки реестра:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
убрать из середины профили (см. выше).
во второй ветке
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
скорее всего этих профилей уже не будет (симлинки?)

перезагружаемся.

В моем случае эти телодвижения помогли.

вторник, 4 апреля 2017 г.

Troubleshooting сервер Apache в CentOS 7 не слушает соединение на 80 порту TCP IPv4

Столкнулся недавно с последствием плохо задокументированных изменений в настройках веб сервера Apache. Проявление проблемы:
netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN
tcp6       0      0 [::]:http               [::]:*                  LISTEN
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN
tcp6       0      0 [::]:mysql              [::]:*                  LISTEN

на стеке IPv6 порт 80 слушается, но на IPv4 нет. По некоторым не убедительным объяснениям на форумах, говорилось, что теперь, якобы стеки объединили и прочий подобный бред. Проверить можно сразу же:
curl http://web_server_ip
curl: (7) Failed connect to web_server_ip:80; Connection refused

в соединении отказано, на файрволле разрешения есть:
firewall-cmd --list-all
public (active) 
  services: dhcpv6-client ssh
  ports: 3306/tcp 80/tcp

Сам сервис фактически запущен и работает:
sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-03-31 10:14:44 MSK; 4min 16s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 1181 (httpd)
   Status: "Total requests: 1; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─1181 /usr/sbin/httpd -DFOREGROUND
           ├─2300 /usr/sbin/httpd -DFOREGROUND
           ├─2301 /usr/sbin/httpd -DFOREGROUND
           ├─2302 /usr/sbin/httpd -DFOREGROUND
           ├─2303 /usr/sbin/httpd -DFOREGROUND
           └─2304 /usr/sbin/httpd -DFOREGROUND

Mar 31 10:14:43 HST systemd[1]: Starting The Apache HTTP Server...
Mar 31 10:14:44 HST httpd[1181]: systemd[1]: Started The Apache HTTP Server.

Причина:

если раньше в конфигурационном файле Apache достаточно было указать
Listen 80
чтобы сервер слушал порт TCP 80 на всех интерфейсах и стеках протоколов, то теперь для IPv4 необходимо явно указать:
sudo vi /etc/httpd/conf/httpd.conf
 Listen 0.0.0.0:80
sudo service httpd restart

в результате имеем работоспособный сервис:
netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN
tcp        0      0 localhost:domain        0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN
tcp6       0      0 [::]:mysql              [::]:*                  LISTEN