How to restart openvpn on pfsense via CLI

Restarting OpenVPN on the CLI of a pfSense can be done using the following command:

echo "<?php include('openvpn.inc'); openvpn_resync_all();?>" | php -q

Hope it works for you 🙂

Please follow and like us:
0

Clean Inodes on Linux

This morning i just got alarm on our system monitoring said that inodes on one of server had 5% left space, then check disk with df -h there had not disk space issue, aha this wierd, then try to read more detail about the alarm and it said no disk space issue but inodes space issue, you have to know what different disk and inodes once.

To cehck inodes had different command on linux to check the disk, you can running this command to check inodes :

df -i

and it will showing like this

# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda3 671744 640908 30836 96% /var
/dev/sda4 3662848 584548 3078300 16% /home
tmpfs 507592 4 507588 1% /run/user/1033
1263/3965MB 0.34 0.54 0.50 1/141 20462

on the print command above said that /var had 96% inodes usage, so next we have to search where path inodes that have a lot files.

just run this command to find a lot files :

# for i in /var/*; do echo $i; find $i |wc -l; done
/var/agentx
2
/var/backups
39
/var/cache
443
/var/count_files
1
/var/lib
639131

On the result command above said that /var/lib had a lot files, but we still don’t know exactly what path folder, so we have to check again on /var/lib/ with this command :

# for i in /var/lib*; do echo $i; find $i |wc -l; done
/var/lib/ocsinventory-agent
10
/var/lib/os-prober
1
/var/lib/pam
7
<strong>/var/lib/php5</strong>
<strong>628060</strong>
/var/lib/polkit-1
7
/var/lib/postfix
5
/var/lib/python-support
1
/var/lib/sgml-base

And the result above said /var/lib/php5 had a lot files, so we have to re-check again the path folder that had a lot files.

# for i in /var/lib/php5/*; do echo $i; find $i |wc -l; done
the result said :
/var/lib/php5/modules
59
/var/lib/php5/sessions
628001
/var/lib/php5/sessions_backup
1

After we checcked folder /var/lib/php5/sessions there were many files, so we sure that this path folder that had many files, so to clean up the /var/lig/php5/sessions just running this command :

First we have to know that we on the right path to delete the files, if you on wrong path folder this will make a big issue, you would be on fired 😀

find . -mtime +7 -exec stat -c "%n %y" {} \;</li>
find . -mtime +7 -exec rm {} \;</li>

the command above will delete file 7day before.

And We hope it will solve your issue 🙂

Noted :
This will not worked fo you, so we won’t be responsible if there is Error on you OS!

Please follow and like us:
0

Limiting Access with SFTP Jails on Debian and Ubuntu

As the system administrator for your Linode, you may want to give your users the ability to securely upload files to your server. The most common way to do this is to allow file transfers via SFTP, which uses SSH to provide encryption. This means you need to give your users SSH logins. But, by default, SSH users are able to view your Linode’s entire filesystem, which may not be desirable.

Limiting Access with SFTP Jails on Debian and Ubuntu

This guide will help you configure OpenSSH to restrict users to their home directories, and to SFTP access only. Please note that these instructions are not intended to support shell logins; any user accounts modified in accordance with this guide will have the ability to transfer files, but not the ability to log into a remote shell session.

These instructions will work for Ubuntu 9.04, Debian 5, and later. Unfortunately, the version of SSH packaged with Ubuntu 8.04 is too old to support this configuration.

Configure OpenSSH

First, you need to configure OpenSSH.

1. Edit your /etc/ssh/sshd_config file with your favorite text editor:

vim /etc/ssh/sshd_config

2. Add or modify the Subsystem sftp line to look like the following: /etc/ssh/sshd_config

Subsystem sftp internal-sftp

3. Add this block of settings to the end of the file: /etc/ssh/sshd_config

Match Group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Save the changes to your file.

4. Restart OpenSSH:

service ssh restart

OpenSSH has been successfully modified.

Modify User Accounts

In this section, we’ll set up the correct new groups, ownership, and permissions for your user accounts.

1. Create a system group for users whom you want to restrict to SFTP access:

addgroup filetransfer

2. Modify the user accounts that you wish to restrict to SFTP. Issue the following commands for each account, substituting the appropriate username. Please keep in mind that this will prevent these users from being able to log into a remote shell session.

usermod -G filetransfer username
sudo chown root /home/username
sudo chmod go-w /home/username

These users will now be unable to create files in their home directories, since these directories are owned by the root user.

3. Next, you need to create new directories for each user, to which they will have full access. Issue the following commands for each user, changing the directories created to suit your needs:

sudo mkdir /home/username/writable
sudo chown username:filetransfer /home/username/writable
sudo chmod ug+rwX /home/username/writable

Your users should now be able to log into their accounts via SFTP and transfer files to and from their assigned subdirectories, but they shouldn’t be able to see the rest of your Linode’s filesystem.

Reference :
1. https://www.linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu

2. https://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes

Please follow and like us:
0

Howto use docker-compose to Start, Stop, Remove Docker Containers

If you are new to docker, and if you have taken over a system that already has docker application running, you should at least know how to maintain it.

This quick tutorial explains how to start, stop, remove, restart, and view status of docker container application using docker-compose.

docker-compose is very helpful when you are managing a complex multi container docker application.

1. Start Docker Containers In the Background

All the services of your application are typically defined under the docker-compose.yml file. Inside this yml file, you’ll also define all your application service dependencies.

Sometimes, you might also have a separate Dockerfile, where you’ll specify how to build a particular image.

Typically, when you execute docker-compose up, it will download and pull the appropriate image (if it is not cached locally on your server), it will then build the image using your application code, and finally start the whole docker application with all the dependencies.

To start, go to the directory where docker-compose.yml file resides, and execute the following docker-compose up command.

&amp;lt;br data-mce-bogus="1"&amp;gt;
# cd /home/myapp/
# ls -l
 -rw-rw-r--. 1 root root 1288 Apr 4 09:26 docker-compose.yml
 -rw-rw-r--. 1 root root 132 Apr 4 21:34 Dockerfile
# docker-compose up -d
 Creating network "myapp" with driver "overlay"
 Pulling data (myrepo/mongo:latest)...
 datanode: Pulling myrepo/mongo:latest... : downloaded
 Creating data
 ..
 Pulling myapp (myrepo/tomcat:latest)...
 datanode: Pulling myrepo/tomcat:latest... : downloaded
 Creating myapp
 Building myapp
 ..
 Pulling web (myrepo/nginx:latest)...
 datanode: Pulling myrepo/nginx:latest... : downloaded
 Creating web
 ..

You’ll notice that it will download the container only the 1st time when you execute it, after that, it will use the cached version. You’ll not see the “Pulling..” line in the about output anymore.

You’ll only see the following when you start the docker-compose from the next time around.

# docker-compose up -d
 Creating data
 Creating myapp
 Creating web

The -d options runs the docker application in the background as a daemon. This will leave the application running until you decide to stop it.

In the above example output, it has started the following services:

mongo for database
nginx for webserver
tomcat for application server

2. Start Docker Containers In the Foreground

When you don’t specify the -d option, docker-compose will start all the services in the foreground.

In this case, you can see all log messages directly on the screen.

This is helpful when you are debugging any startup related issues with your docker containers, images, or services.

# cd /home/myapp/
# docker-compose up

In this case, the application will be up and running until you hit Ctrl-C to cancel the foreground process.

In this case, when you press Ctrl-C, it is equivalent to executing the “docker-compose stop”. So, it will stop all the containers gracefully.

3. Additional docker-compose Startup Options

When you use docker-compose up, if there are any changes in the docker-compose.yml file that affects the containers, they will stopped and recreated.

But, you can force docker-compose not to stop and recreate the containers, you can use –no-recreate option as shown below during the docker-compose up. In other words, if the container already exits, this will not recreate it.

# docker-compose up -d --no-recreate

You also can do the opposite. The following will forcefully recreate the containers even if nothing in the docker-compose.yml is changed.

You can also specify the timeout value. Default value is 10 seconds, but the following command will use the time-out value of 30 seconds.

# docker-compose up -d -t 30

The following are few additional options you can use along with “docker-compose up”

–no-deps This will not start any linked depended services.
–no-build This will not build the image, even when the image is missing
–abort-on-container-exit This will stop all the containers if any container was stopped. You cannot use this option with -d, you have to use this option by itself.
–no-color In the output, this will not show any color. This will display the monochrome output on screen.

4. Stop All Docker Containers

To stop a docker application that is running in the foreground, you just have to press Ctrl-C as show above.

But, to stop a docker application that is running in the background, use the docker-compose stop as shown below.

There are two steps to stop a docker application containers:

First, stop the running containers using docker-compose stop
Second, remove the stopped containers using docker-compose rm -f

Stop the application containers using docker-compose stop:

# cd /home/myapp/
# docker-compose stop
 Stopping web ... done
 Stopping data ... done
 Stopping myapp ... done

Remove the application containers using docker-compose rm -f:

# cd /home/myapp/
# docker-compose rm -f
 Going to remove web, data, myapp
 Removing web ... done
 Removing data ... done
 Removing myapp ... done

Note: If you don’t specify -f in the above command, it will prompt you for Y/N before removing it.

Since you’ll be doing this frequently, combine both of the above stop and rm, as shown below.

In this case, since we have “&&”, which will execute the 2nd command only after the 1st command is successful. So, it will do “rm -f”, only after stopping the docker containers successfully.

# docker-compose stop &amp;amp;&amp;amp; docker-compose rm -f
 Stopping web ... done
 Stopping data ... done
 Stopping myapp ... done
 Going to remove web, data, myapp
 Removing web ... done
 Removing data ... done
 Removing myapp ... done

5. Stop a Specific Docker Container

Instead of stopping all the containers, you can also specifically stop a particular service.

The following example, will stop only the data container

# docker-compose stop data
 Stopping data ... done

You can also specify a shutdown time-out during docker-compose stop. By default it will wait for 10 seconds. For some reason, if you know that your application might take little longer to stop, you may want to increase this time-out as shown below during the shutdown.

# docker-compose stop -t 30
# docker-compose stop data -t 30

6. Remove Container Volumes

While removing a stopped containers, it doesn’t remove all the volumes that are attached to the containers.

In a typical situation, you don’t want to remove the attached volumes during your regular stop/start/rm process.

But, if you decide to remove the attached volumes, you can do that during rm by using -v option as shown below.

The following will remove the volumes that are attached to the containers.

# docker-compose rm -v

You can also remove a specific container by specifying the container name. The following will remove only the data container.

# docker-compose rm -f data
Going to remove data
Removing data ... done

7. Status of Docker Containers

To view the Status of an docker application, execute the following docker-compose ps command.

# docker-compose ps
Name Command State Ports
----------------------------------------------------------------
myapp catalina.sh run Up 192.168.1.2:8080->8080/tcp
data /usr/bin/mongod Up 192.168.1.3:28017->27017/tcp
web nginx -g daemon off; Up 192.168.1.4:80->80/tcp

In the above output, we see that all of our three containers are running without any issue. The above output doesn’t show the container id. If you want to get an ID for a particular container, use the -q option.

The following will display the ID for the data container.

# docker-compose ps -q db
a6e7334b4454f65b1a45931..

After a docker-compose rm -f, if you execute the docker-compose ps, you’ll not see any containers listed in the output.

However, after a docker-compose stop, if you execute docker-compose ps, you’ll see empty values in the “Ports” column, and the “State” column will display Exit and the corresponding exit value of the process when it stopped.

# docker-compose ps
Name Command State Ports
----------------------------------------------
myapp catalina.sh run Exit 137
data /usr/bin/mongod Exit 0
web nginx -g daemon off; Exit 0

8. Restart Multiple Docker Containers

To summarize, if you just want to restart multiple containers that are created by docker-compose.yml file, use the following commands in sequence.

This will first stop all the containers, next remove all the containers, and finally start them in the background as specified by the docker-compose.yml file.

First, cd to the directory where docker-compose.yml file is present, and then execute the following to restart.

cd /home/myapp
docker-compose stop && docker-compose rm -f
docker-compose up -d

Source : http://www.thegeekstuff.com/2016/04/docker-compose-up-stop-rm/comment-page-1/

Please follow and like us:
0

Mysql : ERROR 1016 (HY000) at line 1: Can’t open file

When creating a large number of partitions or tables, MySQL may mysteriously stop working and you find this type of error on /var/lib/mysql/$HOSTNAME.err:

[ERROR] /usr/sbin/mysqld: Can’t open file: ‘./database/table.frm’ (errno: 24)

errno: 24 simply means that too many files are open for the given process. There is a read-only mysql variable called open_files_limit that will show how many open files are allowed by the mysqld:

SHOW VARIABLES LIKE 'open%'

A lot systems set this to something very low, like 1024. Unfortunately, the following will NOT work:
SET open_files_limit=100000<

MySQL will respond with:

ERROR 1238 (HY000): Variable ‘open_files_limit’ is a read only variable

However, it is possible to make a change to /etc/my.cnf This file may not exist, if not, just create it. Be sure it has the following contents:

[mysqld]
open_files_limit = 100000

Then, be sure to restart mysql:

sudo /etc/init.d/mysql restart

Now, SHOW VARIABLES LIKE ‘open%’ should show 100000. The number you use may be different.

Source : http://www.solomonson.com/content/how-fix-errno-24-mysql

Please follow and like us:
0