MySql - przywracanie praw konta root'a

restore / repair / reset mysql root privileges

cat > restore_root_privileges.sql
update mysql.user set Super_priv='y' where user='root';
update mysql.user set Select_priv='y' where user='root';
update mysql.user set Insert_priv='y' where user='root';
update mysql.user set Update_priv='y' where user='root';
update mysql.user set Delete_priv='y' where user='root';
update mysql.user set Create_priv='y' where user='root';
update mysql.user set Drop_priv='y' where user='root';
update mysql.user set Reload_priv='y' where user='root';
update mysql.user set Shutdown_priv='y' where user='root';
update mysql.user set Process_priv='y' where user='root';
update mysql.user set File_priv='y' where user='root';
update mysql.user set Grant_priv='y' where user='root';
update mysql.user set References_priv='y' where user='root';
update mysql.user set Index_priv='y' where user='root';
update mysql.user set Alter_priv='y' where user='root';
update mysql.user set Show_db_priv='y' where user='root';
update mysql.user set Super_priv='y' where user='root';
update mysql.user set Create_tmp_table_priv='y' where user='root';
update mysql.user set Lock_tables_priv='y' where user='root';
update mysql.user set Execute_priv='y' where user='root';
update mysql.user set Repl_slave_priv='y' where user='root';
update mysql.user set Repl_client_priv='y' where user='root';
update mysql.user set Create_view_priv='y' where user='root';
update mysql.user set Show_view_priv='y' where user='root';
update mysql.user set Create_routine_priv='y' where user='root';
update mysql.user set Alter_routine_priv='y' where user='root';
update mysql.user set Create_user_priv='y' where user='root';
-----  8<  -----  8<  -----  8<  -----  8<  -----  8<  -----  8<  ----- 

sudo /etc/init.d/mysql stop
sudo mysqld --skip-grant-tables &
mysql -vv < restore_root_privileges.sql
sudo /etc/init.d/mysql restart
mysql -u root -p
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;
mysql> quit;

(The password of the "debian-sys-maint" user is : sudo cat /etc/mysql/debian.cnf )

XenServer - instalowanie patchy z CLI

Installing the update using the off-host CLI

1. Download the update to a known location on a computer that has the XenServer CLI or XenCenter installed.
2. Extract the xsupdate file from the zip.
3. If using Windows, start a Command Prompt and navigate to the XenCenter directory, for example:

cd C:\Program files\Citrix\XenCenter

4. Upload the xsupdate file to the Pool Master by entering the following commands:
   (Where hostname is the Pool Master's IP address or DNS name.)
   

   xe patch-upload -s <hostname> -u root -pw <password> file-name=<path_to_update_file> XS60E016.xsupdate

   XenServer assigns the update file a UUID which this command prints. Note the UUID.

   46BC6C41-3889-41BE-B394-A4D8455A58E2



5. Apply the hotfix to all hosts in the pool, specifying the UUID of the hotfix:

   xe patch-pool-apply uuid=<46BC6C41-3889-41BE-B394-A4D8455A58E2>

6. Verify that the update was applied by using the patch-list command.

   xe patch-list -s <hostname> -u root -pw <password> name-label=XS60E016

   If the update has been successful, the hosts field will contain the UUIDs of the hosts this patch was successfully applied to. This should be a complete list of all hosts in the pool.
7. The hotfix is applied to all hosts in the pool, but it will not take effect until each host has been rebooted. For each host, migrate the VMs that you wish to keep running, and shutdown the remaining VMs before rebooting the host.
8. To verify in XenCenter that the update has been applied correctly, select the Pool, and then click the General tab. This displays the Pool properties. In the Updates section, ensure that the update is listed as Fully applied.    

Cacti - monitorowanie serwera DNS - BIND9

Do uruchomienia monitorowania serwera DNS Bind9 będa potrzebne:
- skrypty i template do Cacti - bind9-stats-2.0.tar
- biblioteka do Perla - libsnmp-extension-passpersist-perl

Ponieważ nie mam jej w dystrybucji Debian Squeeze należy pobrać pakiet deb na dysk i zainstalować za pomocą:
# dpkg - i libsnmp-extension-passpersist-perl_0.06-1_all.deb

Przed instalacja należy doinstalować pakiety:

• libclass-accessor-perl (>= 0.30)
• liblist-moreutils-perl (>= 0.21)

1. Konfiguracja Binda i sprawdzenie działanie narzędzie RNDC

- do pliku konfiguracyjnego Binda dodajemy sekcje z kluczem MD5 dla RNDC, musi byc on zgodny z kluczem w pliku konfiguracyjny rndc.conf, oraz konfigurujemy Binda by generował statystyki do pliku (jeżeli Bind jest uruchamiany w sand-boxie, podajemy zwykłą ścieżkę do pliku, bez żadnych dodatkowych informacji)


key rndc-key {
        algorithm hmac-md5;
        secret " jakis sekretny klucz MD5 ";
        };

zone-statistics         yes;

dump-file               "/var/cache/bind/cache_dump.db";

statistics-file         "/var/cache/bind/named_stats.txt";

memstatistics-file      "/var/cache/bind/named_mem_stats.txt";

- restart Binda i sprawdzenie działanie narzędzia RNDC
# /etc/init.d/bind9 restart

# rndc status
version: 9.7.3 (DNS)

CPUs found: 1

worker threads: 1

number of zones: 28

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

- sprawdzamy czy rndc generuje plik

# rndc stats
# more /var/cache/bind/named_stats.txt

+++ Statistics Dump +++ (1353929701)

++ Incoming Requests ++

                 123 QUERY

++ Incoming Queries ++

                 117 A

                   6 AAAA

++ Outgoing Queries ++

[View: internal]

[View: external]

[View: _bind]

++ Name Server Statistics ++

                 123 IPv4 requests received

                  54 requests with EDNS(0) received

                  62 recursive queries rejected

                 123 responses sent

                  54 responses with EDNS(0) sent

                  55 queries resulted in successful answer

                  61 queries resulted in authoritative answer

                   6 queries resulted in nxrrset

                  62 other query failures

++ Zone Maintenance Statistics ++

                   9 IPv4 notifies sent

++ Resolver Statistics ++

(...)

- i dodajemy wywołanie skryptu do crona, generowanie statystyk nastąpi co 5 minut

*/5 * * * * /usr/share/bind9/bind9-genstats.sh > /dev/null 2>&1

2. Plik bind9-stats-2.0.tar rozpakowujemy np. do /usr/share/bind9

3. Modyfikujemy skrypty. W obu należy ustawić ścieżkę do pliku named_stats.txt. Tu podajemy już pełną ścieżkę w systemie plików

/usr/share/bind9/bind9-genstats.sh

STAT_FILE=/var/lib/named/var/cache/bind/named_stats.txt

/usr/share/bind9/snmp/bind9-stats-snmpd.pl

$STAT_FILE = "/var/lib/named/var/cache/bind/named_stats.txt";

4. Do pliku snmpd.conf dodajemy:

pass .1.3.6.1.4.1.2021.55 /usr/bin/perl /usr/share/bind9/snmp/bind9-stats-snmpd.pl

restartujemy demona
# /etc/init.d/snmpd restart

i sprawdzamy:

#snmpwalk -v 2c -c <snmp_community> localhost .1.3.6.1.4.1.2021.55

UCD-SNMP-MIB::ucdavis.55.1.0 = INTEGER: 0

UCD-SNMP-MIB::ucdavis.55.1.1 = INTEGER: 1

UCD-SNMP-MIB::ucdavis.55.1.2 = INTEGER: 2

UCD-SNMP-MIB::ucdavis.55.1.3 = INTEGER: 3

UCD-SNMP-MIB::ucdavis.55.1.4 = INTEGER: 4

UCD-SNMP-MIB::ucdavis.55.1.5 = INTEGER: 5

UCD-SNMP-MIB::ucdavis.55.1.6 = INTEGER: 6

UCD-SNMP-MIB::ucdavis.55.2.1 = STRING: "GLOBAL"

(...)

5. Na koniec kopjujemy plik 

# cp /usr/share/bind9/snmp/bind9-stats-snmp.xml /usr/share/cacti/resource/snmp_queries/

oraz importujemy do Cacti template cacti_data_query_bind_9_statistics_snmp.xml

6. Dodajemy do hosta na którym mamy uruchomiony serwer DNS data query BIND 9 Statistics (SNMP), po czym wykonujemy odczyt danych z serwera (Verbose query) i normalnie dodajemy potrzebne wykresy.

Data Query
Obrazek z http://forums.cacti.net

Statystyka ogólna serwera DNS Bind9
Obrazek z http://forums.cacti.net