ASNMTAP
view release on metacpan or search on metacpan
lib/ASNMTAP/Asnmtap/Applications.pod view on Meta::CPAN
more /opt/asnmtap/applications/etc/ArchiveCT
# ArchiveCT - CTP-CENTRAL, generated on 2010/dd/mm 17:58:36, ASNMTAP v3.002.003 or higher
#
# <resultsdir>#[<catalogID>_]<uniqueKey>#check_nnn[|[<catalogID>_]<uniqueKey>#check_mmm]
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
_ASNMTAP#_ASNMTAP#CID_collectorDaemonSchedulingReports.pl
#
test-01#CID_DUMMY-T1#check_dummy.pl
#
test-02#CID_DUMMY-T2#check_dummy.pl
#
test-03#CID_DUMMY-T3#check_dummy.pl
#
test-04#CID_DUMMY-T4#check_dummy.pl
#
test-05#CID_DUMMY-T5#check_dummy.pl
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Einde ArchiveCT - CTP-CENTRAL
=back
=back
=item located at /opt/asnmtap/applications/master
=over 4
=item rsync-wrapper-failover-*.sh
=over 4
=item rsync
mkdir /home/asnmtap/.ssh
chown -R asnmtap:asnmtap /home/asnmtap/.ssh
ssh-keygen -t rsa -f /home/asnmtap/.ssh/rsync -N ""
# or
ssh-keygen -t dsa -f /home/asnmtap/.ssh/rsync -N ""
=item testing
ssh -i /home/asnmtap/.ssh/rsync asnmtap@probe
... Access Denied! Sorry
Connection to probe closed.
rsync -e "ssh -i /home/asnmtap/.ssh/rsync" -a /opt/asnmtap/results/test/ asnmtap@probe.citap.be:/opt/asnmtap/results/test/ -v -c -z --exclude=*-all.txt --exclude=*-nok.txt --exclude=*-KnownError --exclude=*.tmp --exclude=*.sql
building file list ... done
./
yyyymmdd-check_dummy-PROBE-01-T1-csv.txt
...
/opt/asnmtap/applications/slave/rsync-mirror-distributed-probe.citap.be.sh
building file list ... done
yyyymmdd-check_dummy-PROBE-01-T5-csv.txt
...
sent nnnn bytes received nnnn bytes nnnn.nn bytes/sec
total size is nnnn speedup is nnnn.nn
when problems: check value off 'KeyRsync'
=back
=item linux
=over 4
=item standalone
ln -s /opt/asnmtap/applications/master/root-display.sh /etc/init.d/root-display
ln -s /etc/init.d/root-display /etc/rc3.d/S99root-display
ln -s /etc/init.d/root-display /etc/rc3.d/K99root-display
ln -s /etc/init.d/root-display /etc/rc2.d/S99root-display
ln -s /etc/init.d/root-display /etc/rc2.d/K99root-display
ln -s /opt/asnmtap/applications/master/root-collector.sh /etc/init.d/root-collector
ln -s /etc/init.d/root-collector /etc/rc3.d/S99root-collector
ln -s /etc/init.d/root-collector /etc/rc3.d/K99root-collector
ln -s /etc/init.d/root-collector /etc/rc2.d/S99root-collector
ln -s /etc/init.d/root-collector /etc/rc2.d/K99root-collector
ln -s /opt/asnmtap/applications/bin/root-importDataThroughCatalog.sh /etc/init.d/root-importDataThroughCatalog
ln -s /etc/init.d/root-importDataThroughCatalog /etc/rc3.d/S99root-importDataThroughCatalog
ln -s /etc/init.d/root-importDataThroughCatalog /etc/rc3.d/K99root-importDataThroughCatalog
ln -s /etc/init.d/root-importDataThroughCatalog /etc/rc2.d/S99root-importDataThroughCatalog
ln -s /etc/init.d/root-importDataThroughCatalog /etc/rc2.d/K99root-importDataThroughCatalog
=item failover
more /opt/asnmtap.sh
#!/bin/sh
# ---------------------------------------------------------------
# © Copyright 2004-2011 Alex Peeters [alex.peeters@citap.be]
# ---------------------------------------------------------------
# This shell script takes care of starting and stopping
AMNAME="All ASNMTAP"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
start() {
# Start daemons
echo "Start: '$AMNAME' ..."
/etc/init.d/root-display start
/etc/init.d/root-collector start
/etc/init.d/root-importDataThroughCatalog start
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
stop() {
# Stop daemons
echo "Stop: '$AMNAME' ..."
/etc/init.d/root-display stop
lib/ASNMTAP/Asnmtap/Applications.pod view on Meta::CPAN
=item importDataThroughCatalog.pl
this program imports automatically the data for other distributed/federated catalog members, defined by the CGI program catalog.pl
=item importDataThroughCatalog.sh
Shell script to run importDataThroughCatalog.pl with the default command line options
cd /opt/asnmtap/applications/bin
mv generateReports.sh-orig importDataThroughCatalog.sh
chmod 755 importDataThroughCatalog.sh
crontab -e
30 0 * * * /opt/asnmtap/applications/bin/importDataThroughCatalog.sh --type=CONFIG > /dev/null
*/5 * * * * /opt/asnmtap/applications/bin/importDataThroughCatalog.sh --type=DATA > /dev/null
=back
=item located at /opt/asnmtap/applications/sbin
=over 4
=item bash_stop_root.sh
Shell script to run CollectorCT-*.sh and DisplayCT-*.sh with uid protection.
cd /opt/asnmtap/applications/sbin
mv bash_stop_root.sh-orig bash_stop_root.sh
chmod 755 bash_stop_root.sh
Modify when required:
STOP_ROOT=TRUE
NOTICE: ASNMPTAP has been configured not to run as root !
WARNING: Running ASNMPTAP as root is not recommended !
ASNMPTAP_UID=32006
ASNMPTAP_USER=asnmtap
NOTICE: ASNMPTAP must be started with shell uid(user) !
HTTPD_UID=99
NOTICE: ASNMPTAP must be started with httpd uid !
=item sshWrapperASNMTAP.pl
ASNMTAP ssh wrapper script for ssh execution through a rsa or dsa key
Accepted ssh calls are as follows:
'script $APPLICATIONPATH/master/DisplayCT-<daemon name>.sh stop|start|restart|reload'
'script $APPLICATIONPATH/slave/DisplayCT-<daemon name>.sh stop|start|restart|reload'
'script $APPLICATIONPATH/master/CollectorCT-<daemon name>.sh stop|start|restart|reload'
'script $APPLICATIONPATH/slave/CollectorCT-<daemon name>.sh stop|start|restart|reload'
'remove $PIDPATH/DisplayCT-<daemon name>.pid'
'remove $PIDPATH/CollectorCT-<daemon name>.pid'
'killall <pid>'
'../' are forbidden into a directory of filename for security reasons !!!
You need to create an ssh account:
ssh-keygen -t dsa -f /home/asnmtap/.ssh/asnmtap
vi /home/asnmtap/.ssh/authorized_keys
from="localhost", command="/opt/asnmtap/applications/sbin/sshWrapperASNMTAP.pl" ssh-dss AAAAB3Nza...+90k63Mx...3OmZOk= alex.peeters@citap.be
or with
from="localhost", command="ASNMTAP_PERL5LIB=/opt/asnmtap/cpan-shared/lib/perl5; /opt/asnmtap/applications/sbin/sshWrapperASNMTAP.pl" ssh-dss AAAAB3Nza...+90k63Mx...3OmZOk= alex.peeters@citap.be
vi hosts.allow
ssh: localhost
vi hosts.deny
ssh: ALL
ssh -i '/home/asnmtap/.ssh/asnmtap' asnmtap@localhost 'killall number'
ssh -i '/home/asnmtap/.ssh/asnmtap' asnmtap@localhost 'remove /opt/asnmtap/pid/CollectorCT-zombie.pid'
ssh -i '/home/asnmtap/.ssh/asnmtap' asnmtap@localhost 'script /opt/asnmtap/applications/master/CollectorCT-test.sh stop'
Test sshWrapperASNMTAP.pl:
ssh -i '/home/asnmtap/.ssh/ssh' asnmtap@localhost 'killall number'
SSH REQUEST FAILED INSPECTION - SKIPPING 'killall number'
EVALUATING 'killall number'
or
Couldn't open log '/opt/asnmtap/log/sshWrapperASNMTAP.log'!
chmod 664 /opt/asnmtap/log/sshWrapperASNMTAP.log
ssh -i '/home/asnmtap/.ssh/ssh' asnmtap@localhost 'script /opt/asnmtap/applications/master/CollectorCT-Configsol2-environment-probe.sh stop'
EVALUATING 'script /opt/asnmtap/applications/master/CollectorCT-Configsol2-environment-probe.sh stop'
SSH REQUEST PASSED INSPECTION - INITIATING '/opt/asnmtap/applications/master/CollectorCT-Configsol2-environment-probe.sh stop'
EXECUTE '/opt/asnmtap/applications/master/CollectorCT-Configsol2-environment-probe.sh stop'
'/opt/asnmtap/applications/master/CollectorCT-Configsol2-environment-probe.sh stop' COMPLETED
ssh -i '/home/asnmtap/.ssh/ssh' asnmtap@localhost 'remove /opt/asnmtap/pid/CollectorCT-Configsol2-environment-probe.pid'
EVALUATING 'remove /opt/asnmtap/pid/CollectorCT-Configsol2-environment-probe.pid'
SSH REQUEST PASSED INSPECTION - INITIATING '/bin/rm /opt/asnmtap/pid/CollectorCT-Configsol2-environment-probe.pid'
EXECUTE '/bin/rm /opt/asnmtap/pid/CollectorCT-Configsol2-environment-probe.pid'
'/bin/rm /opt/asnmtap/pid/CollectorCT-Configsol2-environment-probe.pid' COMPLETED
more /opt/asnmtap/log/sshWrapperASNMTAP.log
... EVALUATING: 'killall number'
... SSH REQUEST FAILED INSPECTION - SKIPPING 'killall number'
...
Dependencies:
- Getopt::Long
=item perfparse_asnmtap_pulp_command.pl
... TODO ... NO PART OF NORMAL SETUP ...
=item perfparse_crontab.sh
... TODO ... NO PART OF NORMAL SETUP ...
=item perfparse_crontab_failed.sh
lib/ASNMTAP/Asnmtap/Applications.pod view on Meta::CPAN
=item onto the master and slave server:
Standalone monitoring example
MySQL 5.0.x
database:
SQLyog -> Db -> Import from SQL Statements ... -> \opt\asnmtap-3.002.xxx\applications\tools\mysql\asnmtap-3.002.003_mysql-v5.0.x.sql
or
mysql -u root -p < /opt/asnmtap/applications/tools/mysql/asnmtap-3.002.003_mysql-v5.0.x.sql
triggers to make fast display possible for heavy environment:
SQLyog -> Db -> Import from SQL Statements ... -> \opt\asnmtap-3.002.xxx\applications\tools\mysql\asnmtap-3.002.003_mysql-v5.0.x-trigger-events.sql
or
mysql -u root -p < /opt/asnmtap/applications/tools/mysql/asnmtap-3.002.003_mysql-v5.0.x-trigger-events.sql
SQLyog -> Db -> Import from SQL Statements ... -> \opt\asnmtap-3.002.xxx\applications\tools\mysql\applications/tools/mysql/asnmtap-3.002.003_mysql-v5.0.x-trigger-eventsUpdate.sql
or
mysql -u root -p < /opt/asnmtap/applications/tools/mysql/applications/tools/mysql/asnmtap-3.002.003_mysql-v5.0.x-trigger-eventsUpdate.sql
SQLyog -> Db -> Import from SQL Statements ... -> \opt\asnmtap-3.002.xxx\applications\tools\mysql\asnmtap-3.002.003_mysql-v5.0.x-trigger-eventsDisplayData.sql
or
mysql -u root -p < /opt/asnmtap/applications/tools/mysql/asnmtap-3.002.003_mysql-v5.0.x-trigger-eventsDisplayData.sql
Distributed monitoring example
MySQL 5.0.x
SQLyog -> Db -> Import from SQL Statements ... -> \opt\asnmtap-3.002.xxx\applications\tools\mysql\asnmtap-3.002.003-distributed_mysql-v5.0.x.sql
or
mysql -u root -p < /opt/asnmtap/applications/tools/mysql/asnmtap-3.002.003-distributed_mysql-v5.0.x.sql
=item onto the master server:
mysql -u root -p
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES, CREATE, CREATE TEMPORARY TABLES, DROP ON asnmtap.* TO 'asnmtap'@'localhost' IDENTIFIED BY 'passwd';
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES, CREATE, CREATE TEMPORARY TABLES, DROP ON asnmtap.* TO 'asnmtap'@'hostname-master-server' IDENTIFIED BY 'passwd';
mysql> GRANT SELECT ON asnmtap.* TO 'asnmtapro'@'hostname-master-server' IDENTIFIED BY 'passwd-ro';
mysql> GRANT SELECT, SUPER, REPLICATION CLIENT, REPLICATION SLAVE, RELOAD ON asnmtap.* TO 'replication'@'hostname-slave-server' IDENTIFIED BY 'passwd-replication';
mysql> FLUSH TABLES WITH READ LOCK;
mysql> QUIT;
when master is in production before the slave exist
mysqldump -u root -p asnmtap > asnmtap.sql
or for big tables
make sure mysqld is dead!!!
tar -cvf /tmp/mysql-snapshot.tar /path/to/data-dir
mysql -u root -p
mysql> SHOW MASTER STATUS;
# If the master has been previously running without --log-bin enabled, the log
# name and position values displayed by SHOW MASTER STATUS will be empty.
mysql> UNLOCK TABLES;
mysql> QUIT;
Write down the parrameters from SHOW MASTER STATUS when master already exists !!!
Make sure the [mysqld] section of the `my.cnf' file on the master host includes a log-bin option. The section should also have a server-id=master_id option, where master_id must be an integer value from 1 to 2^32 - 1.
vi /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
port=3306
server-id=1
log-bin=asnmtap
log-slave-updates
binlog-ignore-db=mysql
replicate-ignore-db=mysql
report-host=slave-server.citap.com
auto_increment_increment = 2
auto_increment_offset = 1
[mysql.server]
user=mysql
basedir=/var/lib
[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
# If those options are not present, add them and restart the server.
mysql -u root -p
mysql> SHOW MASTER STATUS;
# +---------------+----------+--------------+------------------+
# | File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
# +---------------+----------+--------------+------------------+
# | mysql-bin.001 | 73 | checklist | mysql |
# +---------------+----------+--------------+------------------+
mysql> QUIT;
Write down the parrameters from SHOW MASTER STATUS, when master didn't exists befire!!!
The File column shows the name of the log, while Position shows the offset. In the above example, the binary log value is mysql-bin.001 and the offset is 73. Record the values. You will need to use them later when you are setting up the slave. Once ...
=item onto the slave server:
Make sure there are NO update queries on the slave server at this point!!!
mysql -u root -p
mysql> STOP SLAVE; <-- if replication was running
mysql> QUIT;
when master is in production before the slave exist:
mysql -u root -p
mysql> CREATE DATABASE asnmtap;
mysql> QUIT;
mysql -u root -p asnmtap < asnmtap.sql
mysql -u root -p
or
make sure mysqld is dead!!!
copy and untar mysql-snapshot.tar created earlier
mysql -u root -p
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES, CREATE, CREATE TEMPORARY TABLES, DROP ON asnmtap.* TO 'asnmtap'@'localhost' IDENTIFIED BY 'passwd';
lib/ASNMTAP/Asnmtap/Applications.pod view on Meta::CPAN
cd /usr/local/awstats
./awstats_configure.pl
/etc/init.d/httpd restart
/usr/bin/env perl /usr/local/awstats/awstats_updateall.pl now -awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -configdir=/usr/local/awstats/etc/
vi /var/spool/cron/crontabs/root
15 * * * * /usr/local/awstats/tools/awstats_updateall.pl now > /dev/null
http://awstats.sourceforge.net/docs/awstats_setup.html
=back
=head1 HOWTO
=over 4
=item Apache and ASNMTAP not installed into '/opt/asnmtap/'
when ASNMTAP is not installed into '/opt/asnmtap/' you need to add SetEnv ASNMTAP_PATH to your webserver config
more /etc/httpd/conf.d/asnmtap.conf
...
<VirtualHost *:80>
...
SetEnv ASNMTAP_PATH /opt/asnmtap-3.001.xxx-other/
...
</VirtualHost>
=item SQL statement to query one results from the database
SELECT id, title, status, endDate, endTime, statusMessage, step, timeslot FROM `events` where uKey = '<uKey>' and endDate = 'yyyy-mm-dd' order by id desc limit 1;
status
----------------------------------------------------------------------------------------
OK no problems
WARNING indicates that there is something wrong, but not critical
CRITICAL indicates a critical problem
UNKNOWN indicates that we don't now the correct status
NO-TEST there is no test for this timeslot
OFFLINE this application is offline (no test sheduled for this timeslot)
<NIHIL> problem with the execution from the plugin
<keyl>
--------
DUMMY-T1
DUMMY-T2
DUMMY-T3
DUMMY-T4
DUMMY-T5
=item run archiver.pl on cygwin
Install libpng... needed, install this now
mount -f -s -b "D:/cygwin/usr/sbin" "/usr/sbin" <-- to update the registry
cygrunsrv --install "CYGWIN crontab" --path /usr/sbin/cron.exe -a '-D' -e CYGWIN=ntsec
cygrunsrv --stop "CYGWIN crontab"
cygrunsrv --start "CYGWIN crontab"
cygrunsrv --remove "CYGWIN crontab"
0 2 * * * cd /opt/asnmtap/applications; ./archive.sh > /dev/null <-- crontab op master server
30 23 * * * cd /opt/asnmtap/applications/bin; ./holidayBundleSetDowntimes.sh > /dev/null <-- crontab op master server
=item maximum timeslot interval greather then 2 hours:
asyncroon scheduling required
=item Perl
=over 4
=item update every CPAN module that is outdated
perl -MCPAN -e 'CPAN::Shell->install(CPAN::Shell->r)'
=item using CPAN with a non-root account for ASNMTAP
mkdir /opt/asnmtap/cpan-shared
mkdir /opt/asnmtap/cpan-shared/lib
mkdir /opt/asnmtap/cpan-shared/lib/perl5
mkdir /opt/asnmtap/cpan-shared/share
mkdir /opt/asnmtap/cpan-shared/share/man
mkdir /opt/asnmtap/cpan-shared/share/man/man1
mkdir /opt/asnmtap/cpan-shared/share/man/man3
chmod -R 775 /opt/asnmtap/cpan-shared
chown -R asnmtap:asnmtapcmd /opt/asnmtap/cpan-shared
mkdir -p ~/.cpan/CPAN
chown -R asnmtap:asnmtap ~/.cpan/CPAN
cd ~/.cpan/CPAN
vi MyConfig.pm
# <-- MyConfig.pm
$CPAN::Config = {
'build_cache' => q[10],
'build_dir' => q[/home/asnmtap/.cpan/build],
'cache_metadata' => q[1],
'cpan_home' => q[/home/asnmtap/.cpan],
'ftp' => q[/usr/kerberos/bin/ftp],
'ftp_proxy' => q[http://proxyorg:8080],
'getcwd' => q[cwd],
'gpg' => q[/usr/bin/gpg],
'gzip' => q[/bin/gzip],
'histfile' => q[/home/asnmtap/.cpan/histfile],
'histsize' => q[100],
'http_proxy' => q[http://proxyorg:8080],
'inactivity_timeout' => q[0],
'index_expire' => q[1],
'inhibit_startup_message' => q[0],
'keep_source_where' => q[/home/asnmtap/.cpan/sources],
'links' => q[],
'make' => q[/usr/local/bin/make],
'make_arg' => q[],
'make_install_arg' => q[],
lib/ASNMTAP/Asnmtap/Applications.pod view on Meta::CPAN
'term_is_latin' => q[1],
'unzip' => q[/usr/bin/unzip],
'urllist' => [q[http://cpan.llarian.net/], q[http://ftp.easynet.be/pub/CPAN/], q[http://cpan.mirrors.skynet.be/pub/CPAN], q[http://ftp.belnet.be/packages/cpan/], q[ftp://http.kulnet.kuleuven.ac.be/pub/mirror/CPAN/], q[http://ftp.scarlet.be/pub/cpan...
'wget' => q[/usr/bin/wget],
};
1;
__END__
# MyConfig.pm -->
su - asnmtap
perl -c MyConfig.pm
perl -MCPAN -e 'reload index'
vi ~/.bash_profile
...
export PATH=/usr/local/bin:/usr/local/sbin:/usr/sbin:/etc:/usr/ccs/bin:/usr/bin:/opt/csw/bin:/usr/ucb:/usr/local/mysql/bin:${PATH}
if [ -d /opt/asnmtap/cpan-shared/lib/perl5 ]; then
PERL5LIB=${PERL5LIB:+$PERL5LIB:}/opt/asnmtap/cpan-shared/lib/perl5
MANPATH=${MANPATH:+$MANPATH:}/opt/asnmtap/cpan-shared/share/man
export MANPATH PERL5LIB
fi
export LD_LIBRARY_PATH=/opt/asnmtap/ssl/lib:/usr/local/lib/mysql:/usr/local/lib:/usr/lib:${LD_LIBRARY_PATH}
...
vi /etc/init.d/httpd
...
if [ -d /opt/asnmtap/cpan-shared/lib/perl5 ]; then
PERL5LIB=${PERL5LIB:+$PERL5LIB:}/opt/asnmtap/cpan-shared/lib/perl5
MANPATH=${MANPATH:+$MANPATH:}/opt/asnmtap/cpan-shared/share/man
export MANPATH PERL5LIB
fi
...
start() {
echo -n $"Starting $prog: "
check13 || exit 1
PATH=$PATH MANPATH=$MANPATH PERL5LIB=$PERL5LIB LANG=$HTTPD_LANG daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
...
sudo /etc/init.d/httpd restart
more /etc/httpd/conf.d/asnmtap.conf
...
<VirtualHost *:80>
...
SetEnv PERL5LIB /opt/asnmtap/cpan-shared/lib/perl5
...
</VirtualHost>
# Module section - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vi Makefile.pl
...
use lib qw(/opt/asnmtap/cpan-shared/lib/perl5/.);
...
# Configuration section - - - - - - - - - - - - - - - - - - - - - - - - -
If you're not the Perl administrator you probably don't have permission to install a module to its default location.
Then you should install it for your own use into your home directory or other directory like so:
perl Makefile.PL PREFIX=/opt/asnmtap/cpan-shared SITELIBEXP=/opt/asnmtap/cpan-shared/lib/perl5 LIB=/opt/asnmtap/cpan-shared/lib/perl5 INSTALLMAN1DIR=/opt/asnmtap/cpan-shared/share/man/man1 INSTALLMAN3DIR=/opt/asnmtap/cpan-shared/share/man/man3 INSTA...
or
perl Makefile.PL INSTALL_BASE=/opt/asnmtap/cpan-shared
This will put modules into /opt/asnmtap/cpan-shared/lib/perl5, man pages into /opt/asnmtap/cpan-shared/man and programs into /opt/asnmtap/cpan-shared/bin.
INSTALLARCHLIB INSTALL_BASE/lib/perl5/$Config{archname}
INSTALLPRIVLIB INSTALL_BASE/lib/perl5
INSTALLBIN INSTALL_BASE/bin
INSTALLSCRIPT INSTALL_BASE/bin
INSTALLMAN1DIR INSTALL_BASE/man/man1
INSTALLMAN3DIR INSTALL_BASE/man/man3
make
make install
=back
=item Apache
=over 4
=item How create simple test certificates with openssl?
http://www.vanemery.com/Linux/Apache/apache-SSL.html
=over 4
=item Step 1: Setup your own CA (Certificate Authority)
openssl genrsa -des3 -out server-ca.key 2048
openssl req -new -x509 -days 3650 -key server-ca.key -out server-ca.crt
# To remove the pass phrase from the key file, execute this:
openssl rsa -in server-ca.key -out server-ca-nopass.key
openssl x509 -in server-ca.crt -text -noout
=item Step 2: Make a key and a certificate for the web server:
openssl genrsa -des3 -out citap-server.key 1024
openssl req -new -key citap-server.key -out citap-server.csr
...
Common Name (eg, your name or your server's hostname) []:secure.citap.com <=== This must be the real FQDN of your server!!!
openssl rsa -in citap-server.key -out citap-server-nopass.key
openssl x509 -req -in citap-server.csr -out citap-server.crt -sha1 -CA server-ca.crt -CAkey server-ca.key -CAcreateserial -days 3650
openssl x509 -in citap-server.crt -text -noout
=item Step 3: Creating Client Certificates for Authentication
openssl genrsa -des3 -out alex-peeters.key 1024
openssl req -new -key alex-peeters.key -out alex-peeters.csr
openssl x509 -req -in alex-peeters.csr -out alex-peeters.crt -sha1 -CA server-ca.crt -CAkey server-ca.key -CAcreateserial -days 3650
openssl pkcs12 -export -in alex-peeters.crt -inkey alex-peeters.key -name "Alex Peeters" -out alex-peeters.p12
openssl pkcs12 -in alex-peeters.p12 -clcerts -nokeys -info
when:
[error] Re-negotiation handshake failed: Not accepted by client!?
[error] Certificate Verification: Error (20): unable to get local issuer certificate
vi /etc/httpd/cond.d/ssl.conf
SSLCertificateFile /etc/httpd/conf/ssl.crt/citap-server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/citap-server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-ca.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server-ca.crt
=back
=back
=item MySQL
=over 4
=item A -> B -> C -> A replication
MySQL Reference Manual http://mysqld.active-venture.com/
It is safe to connect servers in a circular master/slave relationship with log-slave-updates enabled. Note, however, that many queries will not work correctly in this kind of setup unless your client code is written to take care of the potential prob...
A -> B -> C -> A
Server IDs are encoded in the binary log events. A will know when an event it reads had originally been created by A, so A will not execute it and there will be no infinite loop. But this circular setup will work only if you only if you perform no co...
=over 4
=item PURGE MASTER LOGS
PURGE {MASTER|BINARY} LOGS TO 'log_name'
PURGE {MASTER|BINARY} LOGS BEFORE 'date'
Deletes all the binary logs listed in the log index that are strictly prior to the specified log or date. The logs also are removed from this list recorded in the log index file, so that the given log now becomes the first.
If you have an active slave that is currently reading one of the logs you are trying to delete, this command does nothing and fails with an error. However, if you have a dormant slave, and happen to purge one of the logs it wants to read, the slave w...
You must first check all the slaves with SHOW SLAVE STATUS to see which log they are reading, then do a listing of the logs on the master with SHOW MASTER LOGS, find the earliest log among all the slaves (if all the slaves are up to date, this will b...
=item RESET MASTER
Deletes all binary logs listed in the index file, resetting the binlog index file to be empty
=item RESET SLAVE
( run in 0.807 second using v1.01-cache-2.11-cpan-39bf76dae61 )