view release on metacpan or  search on metacpan

lib/ASNMTAP/Asnmtap/Applications.pod  view on Meta::CPAN

=over 4

=item How create simple test certificates with openssl?

http://www.vanemery.com/Linux/Apache/apache-SSL.html

=over 4

=item Step 1: Setup your own CA (Certificate Authority)

 openssl genrsa -des3 -out server-ca.key 2048
 openssl req -new -x509 -days 3650 -key server-ca.key -out server-ca.crt
 # To remove the pass phrase from the key file, execute this: 
 openssl rsa -in server-ca.key -out server-ca-nopass.key
 openssl x509 -in server-ca.crt -text -noout

=item Step 2: Make a key and a certificate for the web server:

 openssl genrsa -des3 -out citap-server.key 1024
 openssl req -new -key citap-server.key -out citap-server.csr
   ...
   Common Name (eg, your name or your server's hostname) []:secure.citap.com <=== This must be the real FQDN of your server!!!
 openssl rsa -in citap-server.key -out citap-server-nopass.key
 openssl x509 -req -in citap-server.csr -out citap-server.crt -sha1 -CA server-ca.crt -CAkey server-ca.key -CAcreateserial -days 3650
 openssl x509 -in citap-server.crt -text -noout

=item Step 3: Creating Client Certificates for Authentication 

 openssl genrsa -des3 -out alex-peeters.key 1024
 openssl req -new -key alex-peeters.key -out alex-peeters.csr
 openssl x509 -req -in alex-peeters.csr -out alex-peeters.crt -sha1 -CA server-ca.crt -CAkey server-ca.key -CAcreateserial -days 3650
 openssl pkcs12 -export -in alex-peeters.crt -inkey alex-peeters.key -name "Alex Peeters" -out alex-peeters.p12
 openssl pkcs12 -in alex-peeters.p12 -clcerts -nokeys -info

 when:
   [error] Re-negotiation handshake failed: Not accepted by client!?
   [error] Certificate Verification: Error (20): unable to get local issuer certificate

 vi /etc/httpd/cond.d/ssl.conf
   SSLCertificateFile /etc/httpd/conf/ssl.crt/citap-server.crt
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/citap-server.key
   SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-ca.crt
   SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-ca.crt

=back

=back

=item MySQL

=over 4

=item A -> B -> C -> A replication

MySQL Reference Manual                  http://mysqld.active-venture.com/

It is safe to connect servers in a circular master/slave relationship with log-slave-updates enabled. Note, however, that many queries will not work correctly in this kind of setup unless your client code is written to take care of the potential prob...

A -> B -> C -> A

Server IDs are encoded in the binary log events. A will know when an event it reads had originally been created by A, so A will not execute it and there will be no infinite loop. But this circular setup will work only if you only if you perform no co...

=over 4

=item PURGE MASTER LOGS

PURGE {MASTER|BINARY} LOGS TO 'log_name'

PURGE {MASTER|BINARY} LOGS BEFORE 'date'

Deletes all the binary logs listed in the log index that are strictly prior to the specified log or date. The logs also are removed from this list recorded in the log index file, so that the given log now becomes the first.

If you have an active slave that is currently reading one of the logs you are trying to delete, this command does nothing and fails with an error. However, if you have a dormant slave, and happen to purge one of the logs it wants to read, the slave w...

You must first check all the slaves with SHOW SLAVE STATUS to see which log they are reading, then do a listing of the logs on the master with SHOW MASTER LOGS, find the earliest log among all the slaves (if all the slaves are up to date, this will b...

=item RESET MASTER

Deletes all binary logs listed in the index file, resetting the binlog index file to be empty

=item RESET SLAVE

Makes the slave forget its replication position in the master's binlogs. This statement is meant to be used for a clean start: it deletes the `master.info' and `relay-log.info' files, all the relay logs, and starts a new relay log. 

Note: All relay logs are deleted, even if they had not been totally executed by the slave SQL thread. (This is a condition likely to exist on a replication slave that is highly loaded, or if you have issued a STOP SLAVE statement.) Connection informa...

=item How do I configure a slave if the master is already running and I do not want to stop it?

There are several options. If you have taken a backup of the master at some point and recorded the binlog name and offset ( from the output of SHOW MASTER STATUS ) corresponding to the snapshot, do the following:

Make sure the slave is assigned a unique server ID. 

Execute the following statement on the slave, filling in appropriate values for each parameter: 

 mysql> CHANGE MASTER TO
   ->     MASTER_HOST='master_host-name',
   ->     MASTER_USER='master_user_name',
   ->     MASTER_PASSWORD='master_pass',
   ->     MASTER_LOG_FILE='recorded_log_name',
   ->     MASTER_LOG_POS=recorded_log_pos;

Execute START SLAVE on the slave. 

If you do not have a backup of the master already, here is a quick way to do it consistently:

 FLUSH TABLES WITH READ LOCK 
 gtar zcf /tmp/backup.tar.gz /var/lib/mysql (or a variation of this) 
 SHOW MASTER STATUS - make sure to record the output - you will need it later 
 UNLOCK TABLES 

An alternative is taking an SQL dump of the master instead of a binary copy like above; for this you can use mysqldump --master-data on your master and later run this SQL dump into your slave. However, this is slower than makeing a binary copy.

No matter which of the two methods you use, afterwards follow the instructions for the case when you have a snapshot and have recorded the log name and offset. You can use the same snapshot to set up several slaves. As long as the binary logs of the ...

You can also use LOAD DATA FROM MASTER. This is a convenient command that takes a snapshot, restores it to the slave, and adjusts the log name and offset on theslave all at once. In the future, LOAD DATA FROM MASTER will be the recommended way to set...

=back

=item Contrains

Foreign keys definitions are subject to the following conditions: