Oracle 12c Deprecated Featues

When talking about Oracle 12c most will concentrate just the new features, whilst of course it’s important to be familiar with new features of Oracle 12c. It is important to be aware of features which are either being de-supported or deprecated with this database version. Especially if one needs to migrate many legacy database which may have created very long time ago and move from version to version.

Continue reading “Oracle 12c Deprecated Featues”

Advertisements

Short introduction to saltstack

In the past months I’ve tried to find a good configuration management software which is easy to use. I’ve worked with puppet but I wanted to look after an alternative. I’ve found SaltStack. SaltStack has enterprise version and community edition, written in python, and has huge user base, also won ‘Best of VMworld 2014’ award, so I wanted to give it a try. Not to mention that it has very good documentation, and dozens of positive things.

Continue reading “Short introduction to saltstack”

Configure SSH for 2-factor authentication

In the past few days I’ve got the idea to make my server more secure I will deploy 2-factor authentication for SSH sessions.
There are lot of solutions for it, but as there are not lots of users on this server, and I wanted a fast, secure way to achieve this I started to use google authenticator.
It has application for android,iphone,blackberry, so I won’t face angry users who doesn’t have android for example :).

Continue reading “Configure SSH for 2-factor authentication”

How to set up Hiera to you newly installed Puppetmaster

Hiera is a lightweight pluggable hierarchical database which can be useful, when you want to store your puppet-used data in a well organized structure.
Within this article I will show you how you can set it up for your puppetmaster (which was installed in my previous article).

Continue reading “How to set up Hiera to you newly installed Puppetmaster”

MySQL Cluster backup methods

What gives MySQL Cluster the potential of being called a cluster is the network database (NDB) storage engine. NDB’s nature of a storage engine gives us a sometimes confusing flexibility to choose which table to store locally and which to span and/or mirror along the cluster’s data nodes. This also generates a duality when creating backups of MySQL Cluster databases. NDB bears its native backup method that we utilize for data contained in the cluster. The remainder is saved as logical dump of database structure and records. Continue reading “MySQL Cluster backup methods”

Backup concept for system device with Linux and Windows partition

The basic backup scenario looks very simple. If we have system disk device with mix type of partitions, the best approach will be using complete disk backup method. Several software offer better and better solution. Just few of them: Clonezilla, Norton Ghost, Linux dd command, etc. We are able to back up the whole disk or just each partition individually. Ok, it is simple but make our life little bit more complicated. What can we do if we do not want to make whole disk backup regularly. What about if Linux and Windows completely request different frequency to make a copy, but for some reason we defiantly need one image copy for whole disk for restore purpose?

The solution what I am going to introduce combine different technics to deliver the solution.

To sum up the backup-restore demand to don’t lose any requirements:

  • Windows system needs to back up every week once
  • Linux system needs to back up very often, sometimes more than once a day
  • Linux systems needs to restore as fast as possible, it may necessary more than once a day
  • Need to keep the two systems always ready in one disk image copy file (fast restore when hardware failure occurs or fast clone purpose)

Continue reading “Backup concept for system device with Linux and Windows partition”

Puppet first steps: How to install a puppetmaster with a puppetclient

First of all you will need 2 CentOS machines.
One with “Desktop” installation for the Master and one with “Basic Server” installation for the client..
(Desktop will be needed later for module creation with Gepetto.)

I use the official CentOS-6.5-x86_64-bin-DVD1.iso for the installation.

After you have installed the two machines, set up static IPs for both machines, and set them into /etc/hosts.
In my configuration:
puppet master: 192.168.233.180
puppet client: 192.168.233.181
Gateway: 192.168.233.2

1. Turn off NetworkManager:
        [root@puppetmaster ~]# chkconfig NetworkManager off
        [root@puppetmaster ~]# service NetworkManager stop
        Stopping NetworkManager daemon:                            [  OK  ]

2. Set static IPs
        [root@puppetmaster ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
        DEVICE=eth0
        TYPE=Ethernet
        ONBOOT=yes
        NM_CONTROLLED=no
        BOOTPROTO=static
        IPADDR=192.168.233.180
        PREFIX=24
        DNS1=192.168.233.2
        GATEWAY=192.168.233.2

        [root@puppetmaster ~]# service network restart
        Shutting down interface eth0:                              [  OK  ]
        Shutting down loopback interface:                          [  OK  ]
        Bringing up loopback interface:                            [  OK  ]
        Bringing up interface eth0:  Determining if ip address 192.168.233.180 is already in use for device eth0…
                                                                   [  OK  ]
        [root@puppetclient1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
        DEVICE=eth0
        TYPE=Ethernet
        ONBOOT=yes
        NM_CONTROLLED=no
        BOOTPROTO=static
        IPADDR=192.168.233.181
        PREFIX=24
        GATEWAY=192.168.233.2
        DNS1=192.168.233.2
        
        [root@puppetclient1 ~]# service network restart
        Shutting down interface eth0:                              [  OK  ]
        Shutting down loopback interface:                          [  OK  ]
        Bringing up loopback interface:                            [  OK  ]
        Bringing up interface eth0:  Determining if ip address 192.168.233.181 is already in use for device eth0…
                                                                   [  OK  ]
3. Set /etc/hosts

        [root@puppetmaster ~]# cat /etc/hosts
        127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
        ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
        192.168.233.180 puppetmaster
        192.168.233.181 puppetclient1

        [root@puppetclient1 ~]# cat /etc/hosts
        127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
        ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
        192.168.233.180 puppetmaster
        192.168.233.181 puppetclient1

OK. Now we have the basic server configuration, we can install puppet.
For do that we will need the following repositories:

         rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
         rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

        [root@puppetmaster ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        Retrieving http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        warning: /var/tmp/rpm-tmp.gLXpeX: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
        Preparing…                ########################################### [100%]
           1:puppetlabs-release     ########################################### [100%]
        [root@puppetmaster ~]# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        Retrieving http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        warning: /var/tmp/rpm-tmp.hm3epf: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
        Preparing…                ########################################### [100%]
           1:epel-release           ########################################### [100%]

        [root@puppetclient1 ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        Retrieving http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
        warning: /var/tmp/rpm-tmp.0lU0bR: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
        Preparing…                ########################################### [100%]
           1:puppetlabs-release     ########################################### [100%]
        [root@puppetclient1 ~]# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        Retrieving http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
        warning: /var/tmp/rpm-tmp.aEbLpd: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
        Preparing…                ########################################### [100%]
           1:epel-release           ########################################### [100%]

As now we have the required repositories we can install the puppet master:

1. First of all we will open the firewall:

        [root@puppetmaster ~]# iptables -I INPUT 2 -p tcp –dport 8140 -s 192.168.233.0/24 -j ACCEPT
        [root@puppetmaster ~]# service iptables save
        iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
        [root@puppetmaster ~]# service iptables restart
        iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
        iptables: Flushing firewall rules:                         [  OK  ]
        iptables: Unloading modules:                               [  OK  ]
        iptables: Applying firewall rules:                         [  OK  ]

2. Install the puppet-server package

        [root@puppetmaster ~]# yum install puppet-server

        [root@puppetmaster ~]# service puppetmaster start
        Starting puppetmaster:                                     [  OK  ]
        [root@puppetmaster ~]# chkconfig puppetmaster on
        
3. As our puppetmaster is ready we will install the puppet agent on our client:

        [root@puppetclient1 ~]# yum install puppet

4. Set up master on the client:
    Add line ‘server = puppetmaster’ to the [main] section of puppet.conf
        [root@puppetclient1 ~]# head -2 /etc/puppet/puppet.conf
        [main]
            server = puppetmaster

5. Both the master and the client are installed, now we have to connect our client to the master:
    By default it will not work, as the master has to accept the certificate of the client.
    I will show you two ways how you can do that:
    1. manually
        [root@puppetclient1 ~]# puppet agent –server PuppetMaster –waitforcert 60 –test
        Info: Creating a new SSL key for puppetclient1
        Info: Caching certificate for ca
        Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
        Info: Creating a new SSL certificate request for puppetclient1
        Info: Certificate Request fingerprint (SHA256): C5:87:3B:67:35:6D:19:8D:E6:59:3A:35:C8:5E:B7:C9:85:68:C8:63:E5:31:71:D3:B0:5A:D9:F8:BC:A7:97:BE
        Info: Caching certificate for ca
    In the meantime on puppetmaster we will list the connection attempts:
        [root@puppetmaster ~]# puppet cert –list
          “puppetclient1” (SHA256) C5:87:3B:67:35:6D:19:8D:E6:59:3A:35:C8:5E:B7:C9:85:68:C8:63:E5:31:71:D3:B0:5A:D9:F8:BC:A7:97:BE
          
    We can see that puppetclient1 would like to connect, so we accept its certificate:
        [root@puppetmaster ~]# puppet cert sign puppetclient1
        Notice: Signed certificate request for puppetclient1
        Notice: Removing file Puppet::SSL::CertificateRequest puppetclient1 at ‘/var/lib/puppet/ssl/ca/requests/puppetclient1.pem’

    After this client will be able to connect to the puppetmaster:
        
        [root@puppetclient1 ~]# puppet agent –test
        Info: Retrieving pluginfacts
        Info: Retrieving plugin
        Info: Caching catalog for puppetclient1
        Info: Applying configuration version ‘1408026898’
        Notice: Finished catalog run in 0.03 seconds
    
    2. automatically
    
        You can get the same result if you set “autosign = true” in the  [master] section of puppet.conf.
        In this case all clients will be able to connect to out puppetmaster so use it carefully, as it can mean security risk.

Our basic configuration is ready, let’s try it out on a very simple example:
We will create a simple file on client with Puppet.
As you can see it doesn’t exist yet:
        [root@puppetclient1 ~]# ls -l /tmp/my_test_file.txt
        ls: cannot access /tmp/my_test_file.txt: No such file or directory

Add the following lines into /etc/puppet/manifest/site.pp (If site.pp does not exist, then create it)

        node puppetclient1{
            file { “/tmp/my_test_file.txt”:
            owner => root, group => root, mode => 440,
            content => “My Test File\n”
            }
        }

Run ‘puppet agent –test’ on the client:

        [root@puppetclient1 ~]# puppet agent –test
        Info: Retrieving pluginfacts
        Info: Retrieving plugin
        Info: Caching catalog for puppetclient1
        Info: Applying configuration version ‘1408027496’
        Notice: /Stage[main]/Main/Node[puppetclient1]/File[/tmp/my_test_file.txt]/ensure: defined content as ‘{md5}fac7081166f87902d4a5128088e16aea’
        Notice: Finished catalog run in 0.04 seconds

Our test test has been created successfully:

        [root@puppetclient1 ~]# cat /tmp/my_test_file.txt
        My Test File