Cooking Infrastructure by Chef Chef is a configuration management and automation platform from Chef. Chef helps you describe your infrastructure with code. Because your infrastructure is managed with code, it can be automated, tested and reproduced with ease. [fig:cheflogo] Chef is a configuration management tool written in Ruby and Erlang. The user writes <<recipes>> that describe how Chef manages server applications (such as Apache, MySQL, or Hadoop) and how they are to be configured. Traditionally, Chef is used to manage GNU/Linux but later versions support running on Windows as well. What are the core principles? Idempotence A recipe can run multiple times on the same system and the results will always be identical. Thick Clients, Thin Server Chef does as much work as possible on the node and as little as possible on the server. Order Matters When the chef-client configures each node in the system, the order in which that configuration occurs is very important. Why you should use Chef? [fig:automate-all-the-things] ! !. !
MySQL SSH Tunnel mit autossh » Debian Root MySQL SSH Tunnel mit autossh Warum ein SSH Tunnel eine gute Wahl ist um von einem Remote Client auf einen MySQL Server zuzugreifen habe ich in diesem Artikel beschrieben. Jetzt möchte ich zeigen wir man einen dauerhaften SSH Tunnel erstellt und ihn aufrecht erhält. Zum Monitoring des Tunnels kommt autossh zum Einsatz und die Authentifizieren geschieht per PublicKey. MySQL Server (Bob) Dieser MySQL Server soll unter dem Port 3307 von Alice aus dauerhaft erreichbar sein. MySQL Server auf Bob Auf Bob wird ein neuer User angelegt und der sshd so konfiguriert das dieser User sich per PublicKey Authentication anmelden kann. Webserver auf Alice Als erstes wird autossh installiert, dann wird ein neue User angelegt. Jetzt loggt man sich als tunnel User ein und testet die Verbindung. Der autossh Aufruf endet nach dem -M 20009 (setzt den Monitoring Port auf 20009). Nun kümmern wir uns um den PublicKey zum anmelden ohne Passwort. Jetzt noch einmal die Verbindung per PublicKey testen. Auf Alice: Auf Bob:
rsync hack to bounce files between two unconnected servers LuRsT/hr Scrap the SCP. How to copy data fast using pigz and nc « Intermediate SQL Have you ever heard that the speed of the system is determined by its slowest component ? I am made painfully aware of that every time I do data migrations. I.e. it doesn’t matter if you have 64 core systems with 100+ Gb of memory on either end if the majority of time is spent waiting for data to trickle across a slow 1 Gb network link. Watching data trickle for hours, while the rest of the system is doing nothing is a pretty frustrating experience. But limitations breed creativity … so lately, I’ve been experimenting with several different copy techniques to see if there is any way transfer speed can be improved, perhaps using some of the idle capacity to speed things up. Here is the short summary of my experiments (transferring 16Gb ORACLE data file across the WAN), which I summarized as a “speed and effect comparison” table. And here is the longer explanation if you are really interested Copying data using SCP > scp /u02/databases/mydb/data_file-1.dbf remote_host:/u02/databases/mydb Yes.
Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support (LEMP) On Debian Wheezy Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Follow me on Twitter Last edited 05/27/2013 Nginx (pronounced "engine x") is a free, open-source, high-performance HTTP server. Nginx is known for its stability, rich feature set, simple configuration, and low resource consumption. This tutorial shows how you can install Nginx on a Debian Wheezy server with PHP5 support (through PHP-FPM ) and MySQL support (LEMP = L inux + nginx (pronounced " e ngine x") + M ySQL + P HP) . I do not issue any guarantee that this will work for you! 1 Preliminary Note In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 . 2 Installing MySQL 5 In order to install MySQL, we run apt-get install mysql-server mysql-client You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as root@server1.example.com , so we don't have to specify a MySQL root password manually later on: 3 Installing Nginx
Linux Disable Core Dumps Only software developers legitimately need to access core files and none of my production web server requires a core dump. How do I disable core dumps on Debian / CentOS / RHEL / Fedora Linux to save large amounts of disk space? A core dump file is the memory image of an executable program when it was terminated by the operating system due to various error behavior. To disable core dumps for all users, open /etc/security/limits.conf, enter: # vi /etc/security/limits.conf Make sure the following config directive exists: * hard core 0 Save and close the file.
5 simple ways to troubleshoot using Strace 2008-06-10 I keep being surprised how few people are aware of all the things they can use strace for. It's always one of the first debug tools I pull out, because it's usually available on the Linux systems I run, and it can be used to troubleshoot such a wide variety of problems. Strace is quite simply a tool that traces the execution of system calls. In its simplest form it can trace the execution of a binary from start to end, and output a line of text with the name of the system call, the arguments and the return value for every system call over the lifetime of the process. But it can do a lot more: It can filter based on the specific system call or groups of system callsIt can profile the use of system calls by tallying up the number of times a specific system call is used, and the time taken, and the number of successes and errors.It traces signals sent to the process.It can attach to any running process by pid. If you've used other Unix systems, this is similar to "truss". Ah.
Software >> sslsniff Some History This tool was originally written to demonstrate and exploit IE's vulnerabilityto a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN, and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide. The New Scoop Version 0.6 has been significantly updated to additionally support the null-prefix attacks that I demonstrated at BlackHat 09 and Defcon 17. sslsniff has also been updated to support the OCSP attacks that I published at Blackhat 09 and Defcon 17, thus making the revocation of null-prefix certificates very difficult. sslsniff is useful for deploying other vulnerabilities as well. Installing sslsniff Running sslsniff
SSH Can Do That? Productivity Tips for Working with Remote Servers | Smylers SSH has many features which are helpful when working regularly with files on remote servers; together they can give a vast increase in productivity over the bare use of SSH. If you regularly use SSH, it’s worth spending a little time learning about these and configuring your environment to make your life easier. This has been presented at presented at Yapc Europe 2011 in Riga and the Floss UK Spring 2012 Conference in Edinburgh. If you’d like me to come and talk about this at your user group or workplace, please get in touch. Multiple Connections Often it’s useful to have multiple connections to the same server, for example to edit a file, run some file-system commands, and view a log file all in different terminal windows. Fortunately OpenSSH has a feature which makes it much snappier to get another terminal on a server you’re already connected to: connection sharing. ControlMaster auto ControlPath /tmp/ssh_mux_%h_%p_%r What About Windows Users? Copying Files Repeated Connections $ ssh www2