Getting Started with Mysql and Heidi SQL

Posted on February 27, 2015

SQL train blogs

Getting Started with Mysql and Heidi SQL

At the target server prompt, become root and type:

apt-get install mysql-server

provide a a password for the root mysql user

Verify that mysql is running:

netstat -tap | grep mysql

you should see something like this:

tcp 0 0 localhost:mysql *:* LISTEN 21921/mysqld

Verify that you can log in:

mysql -u root -p

You should be prompted for the root password and your prompt should change to:

mysql>

Type “help” or “?” to review the commands.

Type to exit:

To configure Mysql for remote connections edit /etc/mysql/my.cnf

Verify the port number. The default is 3306
Set the bind-address to 0.0.0.0

CREATE USER ‘myuser’@’localhost’ IDENTIFIED BY ‘mypass’;
CREATE USER ‘myuser’@’%’ IDENTIFIED BY ‘mypass’;

GRANT ALL ON *.* TO ‘myuser’@’localhost’;
GRANT ALL ON *.* TO ‘myuser’@’%’;

Note: the ‘localhost’ and ‘%’ are the correct syntax. Only change myuser and mypass.

Restart mysql:

/etc/init.d/mysql restart

You should be able to install Heidi SQL and log in now.

Matt
01/23/2015

Configuring PostgreSQL for access with PGAdmin

Posted on February 27, 2015

postgresql train blogs

Configuring PostgreSQL for access with PGAdmin

Download and install PGAdmin on your workstation.

At the postgresql server that you want to connect to, the configuration files for PostgreSQL are stored in:

/etc/postgresql//main

Edit the postgesql.conf file, uncomment the line and add the server’s ip address:

listen_addresses = ‘ip_address’
ssl = true
ssl_ciphers = ALL
password_encryption = on

You can also change the default port number here with the line:

port = 5432

Make note of the port number that you use.

edit the pq_hba.conf file and include a line:

host all all 192.168.1.0/24 md5

substitute the ip address for whatever your local network uses.

If your login in PGAdmin fails, the error message may report a different ip address than what is defined in your workstation.
use the reported ip address in the pg_hba.conf file.

After making changes to the postgrsql.conf file, restart the database server:

/etc/init.d/postgresql restart

PGAdmin should now be able to open a connection to your database server. Log in with your postgresql username and password.

Matt 01/23/2015

AWS Auto Scaling Group – CodeDeploy Challenges

Posted on February 20, 2015

AWS CodeDeploy

AWS Auto Scaling Group – CodeDeploy Challenges

First here is my setup

A single development / test server in the AWS cloud, backed by a separate Git Repository.
WHen code is completed in the development environment it is commited to the development branch (using whichever branching scheme best fits the project)
At the same time the code is merged to the test branch, and the code is available for client testing on the ‘test_stage’ site if they would like
Then on an as needed basis the code in in the test branch (on the test_stage server) is deployed to AWS using their CodeDeploy api
- git archive test -> deploy.zip
- upload the file an S3 bucket (s3cmd)
- register the zip file as a revision using the AWS Register Revision API call
This creates a file that can be deployed to any deployment group
I setup two groups in my AWS account , test and live.
When the client is ready, I run a script which deploys thes the ziped up revision to the Test server, where they are able to look atit and approve.
Then I use the same method but move it instead of the www deployment group.

(The complexities of setting this up are deeper than I am going in this article, but for future prospects, all of this programming knowledges is stored in our deploy.php file)

A couple of tricks “they” dont tell you.

Errors can be difficult to debug – if you update your code deployment to do more verbose logging it can help you to determine what some of the errors were.
- update /etc/codedeploy-agent/conf/codedeployment.yml, set verbose to yes.
- restart the service /etc/init.d/code-deployment restart (it can take several minutes to restart, this is normal)
- tail the log files to watch a deployment in real time, or investigate it after the fact (tail /var/log/aws/codedeploy-agent)
Deploying a Revision to servers while they may be going through some termination instability, may likely cause your deployment to fail when one of you servers terminates.
- To prevent this, update the deployment autoscaling plan to have a minim and a maximum of the server, and do not take it under load during the 10 – 15 minutes (up to 2 hours) issues will cause errors
- Depending on the load on your servers, your deployment could take a lot of cpu and could generate an autoscaling alert and could spin up new tasks or send you an email. There is not a correct way to deal with this, however it is a good idea to know about it before you deploy.
- Finally the item that I wrote this because of, it appears that when you attempt to deploy a revision to an autoscaling group, it can cause some failures.
  - The obvious one is that the deployment will fail if it is attempted while the server is shutting down
  - However, it seems that if you have decided to upgrade your AMI, and your Launch Configuration, that a deployment will fail. And for me, it actually caused a key failure to login as well (this could have been because of multiple server terminations and then another server took over the IPs within a few minutes) Anyway, much caution about these things.

UPDATE:

Well, the problem was actually that the by ‘afterinstall.sh’ script, was cleaning up the /opt/codedeployment/ directory (so we didn’t run out of space after a couple dozen deployments), but I was also removing the appspec.yml file.

So I updated the command that runs in the afterinstall to be

 /usr/bin/find /opt/codedeploy-agent/deployment-root/ -mindepth 2 -mtime +1 -not -path '*deployment-instruction*' -delete

Debugging CodeDeployment on AWS

Posted on February 16, 2015

AWS

Debugging CodeDeployment on AWS

This article is being written well after I have already installed the CodeDeployment daemon on an ubuntu server, created an AMI out of it and set it up as an auto launch server from a Scaling Group.

I am documenting the process I went through to dig into the error a bit more, this helps to identify and remember where the logs files are and how to get additional information, even if the issue is never the same again.

Issues with running the codedeployment showed up as a python error in the log

more /var/log/aws/codedeploy-agent/codedeployment-agent.log
 put_host_command_complete(command_status:"Failed",diagnostics:{format:"JSON",payload:"{"error_code":5,"script_name":"","message":"not opened for reading","log":""}"

I decided this is not enough information to troubleshoot an error so I had to dig in and fina way to make it more verbose. I found this file, just update verbose from false to true

vi /etc/codedeploy-agent/conf/codedeployagent.yml

Then restart the codedeploy-agent

/etc/init.d/code-deployagent restart

This can take quite a while since it runs quite a bit of background installing and checking for duplicate processes. but once it is complete you can check that the process is running again.

ps ax|grep codedeploy

Once this is running in verbose mode, monitor the log

tail -f /var/log/aws/codedeploy-agent/codedeployment-agent.log

and re-run the deployment and view the results of the log, the most useful thing for me was to grep for the folder that more specific error information was written to.

grep -i "Creating deployment" /var/log/aws/codedeploy-agent/codedeployment-agent.log

This showed me the folder that all of the code WAS going to be extracted to, since there was an error the system actually dumped the contents of an error into a file called bundle.tar in the folder that it would have exported to.

cat /opt/codedeploy-agent/deployment-root/7ddce865-0611-45f0-bf74-459fcf806f23/d-YK4NWBJD7/bundle.tar

This returned an error from the S3 showing that the Code Deploy was having an error downloading from S3, so I had to add access to the policy to download from S3 buckets as well

InstanceAgent::CodeDeployPlugin::CommandPoller: Missing credentials – Debug / My Fix

Posted on February 16, 2015 | updated: March 20, 2023

AWS

InstanceAgent::CodeDeployPlugin::CommandPoller: Missing credentials – Debug / My Fix

I created a Policy and Launch Configuration according to this documentation

http://docs.aws.amazon.com/codedeploy/latest/userguide/how-to-create-service-role.html

However I still received this error

InstanceAgent::CodeDeployPlugin::CommandPoller: Missing credentials  - please check if this instance was started with an IAM instance profile

The problem lay somewhere in the configuration of how I setup and Launched the server, however I set about exploring the server to evaluate and confirm the ‘missing credentials’.

Using these checks I would be able to confirm that the reason behind these errors (and there fore the problem with actually deploying code):

First run this command to check to see what roles were ‘requested’

echo `wget http://169.254.169.254/latest/meta-data/iam/security-credentials/ -O - -q `

This command will return the list of Roles that were given to your server. You can then extend the request

MyRoleName

Then add the return on to the end of the URL to see the results of attempting to add the role, in my case the error was displayed

{
 "Code" : "AssumeRoleUnauthorizedAccess",
 "Message" : "EC2 cannot assume the role MyRoleName. Please see documentation at http://docs.amazonwebservices.com/IAM/latest/UserGuide/RolesTroubleshooting.html.",
 "LastUpdated" : "2015-02-17T04:38:25Z"
}

Basically, the EC2 was unable to assume the role MyRoleName did not have permission to Assume a Role, This could be due to the permissions of the development account that was used to start eh Scaling Group which launched the EC2. To test this,

I login with an administrator account
recreate the scaling group, identical
login to the server
run the echo `wget http://169.254.169.254/latest/meta-data/iam/security-credentials/ -O – -q ` command

This didn’t do anything, So I thought I would look into the specifics of why we have a role that should be able to be assumed, but which has a message which explains that EC2 cannot assume the role.

So I looked back at the article http://docs.aws.amazon.com/codedeploy/latest/userguide/how-to-create-service-role.html and found somewhat of an anomaly, it seems that the article suggests that we build a trust relationship with gives the ‘codedeploy.us-west-2.amazonaws.com’ service the ability to use this policy. However, that does not jive with the Messages I see in the logs defining that EC2 is not able to assume the role. So I opened the trust relationship under the Role, and Added the bolded line

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": [
            "ec2.amazonaws.com",
            "codedeploy.us-east-1.amazonaws.com",
            "codedeploy.us-west-2.amazonaws.com"

] }, "Action": "sts:AssumeRole" } ] }

Lo and Behold, it worked. Now when I run the following I get a Success Message

echo `wget http://169.254.169.254/latest/meta-data/iam/security-credentials/MyRoleName-O - -q `

So, it turns out the problem is that the article is either incorrect or was written in order to give the CodeDeploy service the ability to work on EC2, but not giving the EC2 servers access to the CodeDeploy service. ( the codedeploy.us-east-1 services are also required in order to to give the deployment group the IAM role.)

While, it was difficult to find the solution, this troubleshooting steps above are useful to help identify related or other issues, I hope you find some use from the tools

Michael Blood

Compare the packages (deb / apache) on two debian/ubuntu servers

Posted on February 9, 2015

Linux Ubuntu

Compare the packages (deb / apache) on two debian/ubuntu servers

Debian / Ubuntu

I worked up this command and I don’t want to lose it

#diff <(dpkg -l|awk '/ii /{print $2}') <(ssh 111.222.33.44 "dpkg -l"|awk '/ii /{print $2}')|grep '>'|sed -e 's/>//'

This command shows a list of all of the packages installed on 111.222.33.44 that are not installed on the current machine

To make this work for you, just update the ssh 111.222.33.44 command to point to the server you want to compare it with.

I used this command to actually create my apt-get install command

#apt-get install `diff <(dpkg -l|awk '/ii /{print $2}') <(ssh 111.222.33.44 "dpkg -l"|awk '/ii /{print $2}')|grep '>'|sed -e 's/>//'`

Just be careful that you have the same Linux kernels etc, or you may be installing more than you expect

Apache

The same thing can be done to see if we have the same Apache modeuls enabled on both machines

diff <(a2query -m|awk '{print $1}'|sort) <(ssh 111.222.33.44 a2query -m|awk '{print $1}'|sort)

This will show you which modules are / are not enabled on the different machines

Installing s3tools on SUSE using yast

Posted on January 3, 2015

Linux Suse

Installing s3tools on SUSE using yast

We manage many servers with multiple flavors of Linux. All of them use either apt or yum for package management.

The concept of yast is the same as apt and yum, but was new to me, so I thought I would document it.

Run yast which pulls up an ncurses Control Center, use the arrows go to Software -> Software Repositories

#yast

Use the arrows or press Alt+A to add a new repository

I selected Specify URL (the default) and press Alt+x to go to the next screen where I typed into the url box

http://s3tools.org/repo/SLE_11/

and then pressed Alt+n to continue.

Now I have a new repository and I press Alt+q to quit.

At the command line I types

#yast2 -i s3cmd

And the s3cmd is installed, 15 minutes!

Bulk Domain NS, MX and A record lookup tool

Posted on December 31, 2014 | updated: March 22, 2023

DNS PHP Quick Web Utilities Server Administration Utility

<br />

Summary: We have two tools to help you lookup information on domains quickly

quick-domain-research.php – See the NS, MX, A records and IPs for multiple domains in one table
nameserver-compare.php – Compare NS, MX, A records for multiple domains, against multiple Name Servers

Bulk Domain NS, MX and A record lookup tool

Occassionally, we come across some sort of project in which we have to work through a list of multiple domain names and make some sort of changes.

In some cases we simply have to update contact records, in other cases we have to determine ownership, hosting and mail setups so we can assist with an ownership transfer.

There are a plethora of domain tools out there which help one at a time, But we were hard pressed to find a tool that could do a bulk lookup of multiple domains with table based out put.

So, we built the tool

https://www.matraex.com/quick-domain-research.php

This tool has the

A records for the root domain (@) and the (www) domain.
MX records for the root domain
NS records for the root domain

This tool was thrown together quickly to help us identify whether an OLD but active nameserver, which had dozens of domain names on it, was actually being used for the domains.

We were able to delete more than 20 domains cluttering up the DNS entries.

Additionally we were able to clean up associated webservers that had not been cleaned of hosting accounts after a client left the account.

Some future ideas which will make their way in next time:

Display whois information for the domain
Optionally group the domains based on which name servers, whois records or www C class they are hosted at

Update 11/28/2015 by Michael Blood

Since this original post, we have added several new features including the ability to upload a file with a large batch upload, and download a CSV file with the results. You can see all of the details in this Enhanced Bulk Domain NS, MX and A record lookup tool post.

HANA Database Backup using Cron

Posted on December 26, 2014

HANA

HANA Database Backup using Cron

To create backups using HANA we

create a user
create a user key
create a script
schedule the script to run via cron job

1) Create a HANA user to use specifically for Cron Job – Daily HANA Database Backup

Open an SQL Window and run the following to create a user, give them access to backup, and then remove their password so they can not connect via login.

create user backup_operator password Xxxxxxxx1;
grant backup operator to backup_operator;
alter user backup_operator disable password lifetime;

2) Create a HANA user key to be used for automated connection to the HANA database by the Backup User

Login to the server console using putty.
Under the hdbclient/ directory use the hdbuserstore command to create a key, -i makes it so you will then have to type in a password key from the command above

#/vol/vol_HDB/sysfiles/hana/shared/HDB/hdbclient/hdbuserstore -i SET cronbackupkey localhost:30015 backup_operator

Next, list all keys so that we know where the keys are that we will use to run the cron job automatically.

#/vol/vol_HDB/sysfiles/hana/shared/HDB/hdbclient/hdbuserstore list
DATA FILE : /home/backupuser/.hdb/sid-hdb/SSFS_HDB.DAT

KEY CRONBACKUPKEY
 ENV : localhost:30015
 USER: backup_operator

Run a quick check of the new key by running a test command, this is where the password you entered above will be used

#/vol/vol_HDB/sysfiles/hana/shared/HDB/hdbclient/hdbsql -U cronbackupkey "select now() from dummy;"|more
CURRENT_TIMESTAMP
"2014-12-26 21:46:24.799000000"
1 row selected (overall time 600 usec; server time 98 usec)

If you run into a situation where the password is wrong, you may end up with a message usage as this:

* 416: user is locked; try again later: lock time is 1440 minutes; user is locked until 2014-12-27 21:35:34.3170000 (given in UTC) [1440,2014-12-27 21:35:34.3170000] SQLSTATE: HY000

If that happens, fix the password by running the hdbuserstore -i DELETE cronbackupkey and hdbuserstore -i SET command above with the correct password than run the following commands to allow the user access again.

alter user backup_operator RESET CONNECT ATTEMPTS;

Using these method the automated method finally came together. Keep in mind the the password for connecting to the database is stored in the key, so if you update the password in the database for the user, you will need to also update the password stored in the key.

3) Create a bash script to backup the HANA database to a time and date file

Create a bash script file you can run from a cron job, that does the work of creating a backup file. I create a wrapper script instead or running a command from the cron job, so I can decide in the script whether I would like to receive an email with the output of the command.

#touch /customcommands/hanabackup
#chown hdbadm.sapsys /customcommands/hanabackup
#chmod 754 /customcommands/hanabackup
#vi /customcommands/hanabackup

tmpfile=/tmp/`date +s`
textsearch="successful"
sqlcommand="BACKUP DATA USING FILE ('$(date +F_%k%M)')"
/vol/vol_HDB/sysfiles/hana/shared/HDB/hdbclient/hdbsql -U CRONBACKUPKEY $sqlcommand>$tmpfile
#look up the backup that just completed"
/vol/vol_HDB/sysfiles/hana/shared/HDB/hdbclient/hdbsql -U CRONBACKUPKEY "SELECT top 1 *
 FROM M_BACKUP_CATALOG
 WHERE ENTRY_TYPE_NAME = 'complete data backup'
 ORDER BY UTC_START_TIME desc">>$tmpfile
success=`grep $textsearch $tmpfile`
if [ "$success" == "" ]; then
 echo "HANA BACKUP FAILED: `date`"
 echo "SQL COMMAND: $sqlcommand"
 echo "TEXT NOT FOUND:$textsearch"
 echo
 echo "File Out Put Below"
 echo ---------------------------------
 echo
 cat $tmpfile
 exit 10
fi
exit 0

This script will output a message ONLY if the HANA backup fails, if it is successful, it just quietly completes

4) Finally setup a cron job which runs the HANA database backup once a day

create a crontab entry to run one time per day at 1:01 am

#crontab -e
MAILTO=myemail@myemail.com
1 1 * * * /customcommands/hanabackup

In order to test that this works, you can force a test failure by setting a data_backup_buffer that is to high for your system see a recent post where we corrected this issue.
You can set a much higher limit than you system allows, and you can confirm that you have the CRON process send you an email each time that the process fails.

HANA error [447] backup could not be completed, [1000002] Allocation failed – Solution

Posted on December 26, 2014 | updated: March 22, 2023

HANA

HANA error [447] backup could not be completed, [1000002] Allocation failed – Solution

When attempting to backup a HANA database, I received an error which stopped the backup from progressing

[447] backup could not be completed, [1000002] Allocation failed ; $size$=536870912; $name$=ChannelUtils::copy; $type$=pool; $inuse_count$=1; $allocated_size$=536870912

When I looked at which files were created as part of the backup I found that the entire backup did not fail, actually it was only the ‘statisticsserver’ file that would have failed.

While the exact reasons for failure are still a mystery, I found several posts online encouraging me to reduce the size of the data_backup_buffer_size.
Since I had already had several successful backups using the default information, I was skeptical. Turns out it did work, by reducing the size of the buffer to only 256MB instead of 512MB, the backup started to work again

But the thing that had changed in my HANA installation was the license, so what was it about the reduction that made it work, I have 33GB of space I can use in the system.

So, while I have been able to resolve the issue and I can now create backups, I do still have an open question to HANA to find out what it is about the data_backup_buffer_size that prevented me from using the default 512 to run the system after it has worked previously?

Do I now have full memory?
Am I only licensed to use a certain amount of memory and I can’t exceed it?
Do I have another setting in one of the other .ini files which limits how the data can be used?

Any comments on how i can control how this setting is used is appreciated!