Steve Robbins's questions

I'm am trying to set up SSL on my load balancer with a certificate I purchased from GoDaddy.

When trying to upload the certificate in the console I got an error

Failed to create load balancer: Server Certificate not found for the key: arn:aws:iam::************:server-certificate/mycert

I've never encountered this error before when adding SSL certificates. I'm not sure why iam is even used here.

After some Googling, I was able to upload my certificate to iam using aws cli (again, not sure why I had to do this).

Now when modifying the listeners I can see my uploaded certificate as an existing SSL certificate. When I try to save the my changes to the load balancer however, I get the same error. I have verified that the certificate exists:

$ aws iam list-server-certificates
{
    "ServerCertificateMetadataList": [
        {
            "ServerCertificateId": "*********************", 
            "ServerCertificateName": "mycert", 
            "Expiration": "2018-11-19T18:47:38Z", 
            "Path": "/", 
            "Arn": "arn:aws:iam::************:server-certificate/mycert", 
            "UploadDate": "2015-11-19T19:23:32Z"
        }
    ]
}

(I have verified the obfuscated account number here is the same as in the error)

From here I am stuck. Why am I not able to apply my certificate to this load balancer?

Edit Thu Nov 19 11:47:18 PST 2015

After waiting for a while and logging out and in, I was able to update the listeners with my SSL certificate. However, it doesn't seem to be working correctly. When trying to load my domain over HTTPS the request times out. It seems it unable to load the certificate

$ echo | openssl s_client -connect www.example.com:443 2>/dev/null | openssl x509 -noout -subject
unable to load certificate
69457:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-52.30.1/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE

So most of our developers work with a MAMP/XAMPP setup using rewrite rules to point username.project.local to a document root of /Users/username/Projects/project/public_html. This part works, but the problem is getting *.local to point to their machine. Instead of tackling this on each developer's machine, I was thinking I could add a rule on our internal DNS, since we already have one set up.

Currently in /var/named/example.com I see

@       IN      SOA     SERVER1.EXAMPLE.COM.   dns.example.com.(
                        2013020501      ; Serial yyyymmddnn
                        3h              ; Refresh After 3 hours
                        1h              ; Retry Retry after 1 hour
                        1w              ; Expire after 1 week
                        1h)             ; Minimum negative caching of 1 hour

; NS Records
@                       3600    IN      NS      DNS1.STABLETRANSIT.COM.
@                       3600    IN      NS      DNS2.STABLETRANSIT.COM.

; MX Records
@                       3600    IN      MX      10      ASPMX.L.GOOGLE.COM.
@                       3600    IN      MX      20      ALT1.ASPMX.L.GOOGLE.COM.
@                       3600    IN      MX      20      ALT2.ASPMX.L.GOOGLE.COM.
@                       3600    IN      MX      30      ASPMX2.GOOGLEMAIL.COM.
@                       3600    IN      MX      30      ASPMX3.GOOGLEMAIL.COM.
@                       3600    IN      MX      30      ASPMX4.GOOGLEMAIL.COM.
@                       3600    IN      MX      30      ASPMX5.GOOGLEMAIL.COM.

; Google
mail                    3600    IN      CNAME   ghs.google.com.
docs                    3600    IN      CNAME   ghs.google.com.
mail                    3600    IN      CNAME   ghs.google.com.
calendar                3600    IN      CNAME   ghs.google.com.
sites                   3600    IN      CNAME   ghs.google.com.

; A Records
@                       3600    IN      A       ***.***.***.***

; CNAME Records
www                     3600    IN      A       ***.***.***.***

; Staging Environment
server2              3600    IN      A       192.168.1.1
*.server2            3600    IN      CNAME   server2.example.com.
server3              3600    IN      A       192.168.1.2
*.server3            3600    IN      CNAME   server3.example.com.

Is it possible to add a rule so that *.local will resolve to 127.0.0.1?

So I've installed Solr on a linux server and I want to access it from another web server and/or my computer.

From the Solar Server, I can see that it's running

[root@solr ~]# wget -qO- http://localhost:8983/solr




<html>
<head>
<link rel="stylesheet" type="text/css" href="solr-admin.css">
<link rel="icon" href="favicon.ico" type="image/ico"></link>
<link rel="shortcut icon" href="favicon.ico" type="image/ico"></link>
<title>Welcome to Solr</title>
</head>

<body>
<h1>Welcome to Solr!</h1>
<a href="."><img border="0" align="right" height="78" width="142" src="admin/solr_small.png" alt="Solr"/></a>


<a href="admin/">Solr Admin</a>


</body>
</html>

However, plugging http://192.168.1.19:8983/solr/ into my browser, or pinging from my web server, fails to connect. How do I make Solr accessible to other devices on my network?

# netstat -anp | grep :8983
tcp        0      0 :::8983                     :::*                        LISTEN      15138/java 

$ telnet 192.168.1.19 8983
Trying 192.168.1.19...
telnet: connect to address 192.168.1.19: Connection refused
telnet: Unable to connect to remote host

I have a web server that it set up to dynamically server different document roots for different domains

<VirtualHost *:80>
    <IfModule mod_rewrite.c>
        # Stage sites :: www.[document root].server.company.com => /home/www/[document root]
        RewriteCond   %{HTTP_HOST}          ^www\.[^.]+\.server\.company\.com$
        RewriteRule   ^(.+)                 %{HTTP_HOST}$1          [C]
        RewriteRule   ^www\.([^.]+)\.server\.company\.com(.*) /home/www/$1/$2  [L]
    </IfModule>
</VirtualHost>

This makes it so that www.foo.server.company.com will serve the document root of server.company.com:/home/www/foo/

For one of these sites, I need to add a ProxyPass, but I only want it to be applied to that one site. I tried something like

<VirtualHost *:80>
    <Directory /home/www/foo>
        UseCanonicalName Off
        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass /services http://www-test.foo.com/services
        ProxyPassReverse /services http://www-test.foo.com/services
    </Directory>
</VirtualHost>

But then I get these errors

ProxyPreserveHost not allowed here

ProxyPass|ProxyPassMatch can not have a path when defined in a location.

How can I set up a ProxyPass for a single virtual host?

I'm having trouble restarting the mysql service

[root ~]# service mysqld restart
Stopping MySQL:                                            [FAILED]
Timeout error occurred trying to start MySQL Daemon.
Starting MySQL:                                            [FAILED]

From the mysqld.log

131004 10:34:49  mysqld started
131004 10:34:52  InnoDB: Started; log sequence number 0 43655
131004 10:34:52 [ERROR] Can't start server: Bind on TCP/IP port: Address already in use
131004 10:34:52 [ERROR] Do you already have another mysqld server running on port: 3306 ?
131004 10:34:52 [ERROR] Aborting

131004 10:34:52  InnoDB: Starting shutdown...
131004 10:34:54  InnoDB: Shutdown completed; log sequence number 0 43655
131004 10:34:54 [Note] /usr/libexec/mysqld: Shutdown complete

131004 10:34:54  mysqld ended

Processes

# ps -Af | grep mysql
root     24965     1  0 08:39 ?        00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --user=mysql
mysql    25018 24965 43 08:39 ?        00:57:11 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --open-files-limit=65535 --socket=/var/lib/mysql/mysql.sock
root     27960 27143  0 10:50 pts/0    00:00:00 grep mysql

It almost seems like there's 2 mysqlds running, one of them zombie. How can I fix this?

Is there a way I can include the command that was executed in the output when I'm logging to a file? For example:

* * * * * date && /path/to/php /path/to/script.php >> cron.log 2>&1

Gives me:

Wed Oct  2 14:56:50 PDT 2013
output from script

How can I include the executed command too, to make the log look like this:

Wed Oct  2 14:56:50 PDT 2013
/path/to/php /path/to/script.php
output from script

I'm looking to add this in the crontab and not in the script.

For some reason I'm not able to write to other users on my system.

[root@hostname ~]# write
write: you have write permission turned off.
[root@hostname ~]# mesg y
[root@hostname ~]# mesg
is y
[root@hostname ~]# write
write: you have write permission turned off.

What else needs to be enabled/corrected for this to work?

Scenario

All our developers work on a Linux server and use Samba to connect their IDEs (mostly ST2/3 on Mac) to their developer instances.

Every now and then when saving a file it will hang up for 20/30 seconds. I think this has to do with a large amount of locked files. When I do a smbstatus -L there are hundreds, many days old.

It seems that when opening the share in finder, the finder app will keep all these session alive (until finder is force restarted or computer is turned off).

My attempted solution was to set the keepalive to one hour, but it doesn't seem to be obeying that. In my smb.conf

[global]
deadtime = 1
keepalive = 60

Question

Why are smb locked files being saved if they're days old and should be being killed in an hour?

Is it possible to edit this message that someone sees when a sudo command fails due to permissions problems?

I'm looking to run a job at these very specific times.

Can this even be done in one expression?

So I stumbled across svn color and thought it was something useful all our devs would appreciate. The read me for this says to put some code in your ~/.bash_profile, but I'm wondering how I might include this globally on the server, so it's a default for everyone. Is there some global .bash_profile I could add this to? Perhaps another way?

Is there there a way to show a list of apache/httpd processes with their pids and some information about the request? Like request url, any params, domain, internal/external IP address, etc.

I've tried things like netstat or htop but that doesn't tell me much information about what's going on.

I would like this so that I can pick and choose a process to kill rather than having to restart the service, which kills all of them.

I want to get the size of all directories within a specific directory. I was thinking something like

find . -type d -exec du -sh {} \;

But that returns all directories recursively. How can I limit the depth?

I'm using svn on a project and I'm trying to see how much file space all of the .svn folders are taking up.

If I do something like

du -h | egrep ".*\.svn$"

It will list all of the .svn folders and their sizes, but on 3k+ lines. How can I total all these lines (or perform an operation that would give me the equivalent result)?

I have this directory

drwxrwxr-x  6 awdfiles                pasgroup                4096 Jan 31 17:20 awdfiles

Which I want to access via another FTP connection. The user is part of the pasgroup

I traverse to the root html directory of my desired user and create the symlink

$ cd rayhawkpas/dev
$ ln -s ../../awdfiles awdfiles
lrwxrwxrwx  1 rayhawkpas rayhawkpas   14 Feb  6 13:06 awdfiles -> ../../awdfiles

However, when I try to download the directory in dreamweaver it looks like this

It seems to not recognize that it's a directory.

I tried symlinking to a specific file to make sure my permissions were right

ln -s ../../awdfiles/themes/1/includes/header.php test.php

This worked fine. It showed up in dreamweaver and I was able to download and upload the file.

I know I have existing groups and users but I'm not sure about their association. Is there an shell command I can use to list all users or all groups and a command to list all groups/users for a specified user/group?

So something like showusers would list all users, and showgroups -u thisuser would show all the groups that have thisuser in it.

I accidentally the whole thing

drwxr-xr-x  4 imaan                rayhawkpasscom 4096 May  9 14:59 imaan
drwxr-xr-x  4 kimessite            rayhawkpasscom 4096 Mar 15  2011 kimessite
drwxr-xr-x  4 kineticimaging       rayhawkpasscom 4096 Apr  4 15:56 kineticimaging
drwxr-xr-x  4 lynbrookmed          rayhawkpasscom 4096 Jul 18 11:51 lynbrookmed
drwxr-xr-x  5 marcop               rayhawkpasscom 4096 Sep  6 15:39 marcop
drwxr-xr-x  5 mesachiro            rayhawkpasscom 4096 Sep  9 13:21 mesachiro
drwxr-xr-x  4 paramount            rayhawkpasscom 4096 Jun  7 10:39 paramount
drwxr-xr-x  4 paramountco          rayhawkpasscom 4096 Jun 16 13:50 paramountco
drwx------  2 rayhawk              rayhawkpasscom 4096 Jul 13 15:30 rayhawk

I mistakenly changed the groups of all these directories to an incorrect group.

The group name should be the same as the owner (3rd column) or the folder (last column)

Is there a way I can automatically chgrp recursively based on owner/dir name?

I've tried restarting them

# /sbin/service named restart
Stopping named: [ OK ]
Starting named: [FAILED]

And I've tried this to fix it

# yum install dbus

Which completed successfully. But I still can't get them to start.

Some useful information

[root@ip-184-168-86-185 /]# /sbin/service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [FAILED]
[root@ip-184-168-86-185 /]# tail -50 /var/log/messages
2011-09-20T18:32:37.322626-07:00 ip-184-168-86-185 rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="3127" x-info="http://www.rsyslog.com"] (re)start
2011-09-20T18:32:37.321006-07:00 ip-184-168-86-185 rsyslogd: WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your config and adding -c3 as the first rsyslogd option.
2011-09-20T18:32:37.322354-07:00 ip-184-168-86-185 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad imuxsock
2011-09-21T11:38:21.437308-07:00 ip-184-168-86-185 shutdown[16303]: shutting down for system reboot
2011-09-21T11:38:22.551115-07:00 ip-184-168-86-185 init: Switching to runlevel: 6
2011-09-21T11:38:22.578505-07:00 ip-184-168-86-185 saslauthd[1834]: server_exit     : master exited: 1834
2011-09-21T11:38:38.059150-07:00 ip-184-168-86-185 xinetd[1422]: Exiting...

-

-rwxr-xr-x  2 root root      381956 Feb 22  2011 named
-rwxr-xr-x  1 root root        7299 Feb 22  2011 named-bootconf
-rwxr-xr-x  1 root root       13640 Feb 22  2011 named-checkconf
-rwxr-xr-x  1 root root       13644 Feb 22  2011 named-checkzone

-

[root@ip-184-168-86-185 /]# grep named /var/log/messages
[root@ip-184-168-86-185 /]# ls -la /etc/named.conf
lrwxrwxrwx 1 root named 32 Feb  1  2011 /etc/named.conf -> /var/named-chroot/etc/named.conf
[root@ip-184-168-86-185 /]# ls -la /etc/rndc.conf
lrwxrwxrwx 1 root named 32 May 23 16:23 /etc/rndc.conf -> /var/named-chroot//etc/rndc.conf
[root@ip-184-168-86-185 /]# nano etc/named.conf
options {
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;

        // don't allow queries for domains we don't know about
        allow-recursion {localnets; };
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "forward.localhost";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "reverse.127.0.0";
        allow-update { none; };
};

include "/etc/rndc.key";

include "/etc/named-turbopanel.conf";

I had an issue where the permissions of /var/lib/php/session got overwritten so I could no longer created session variables in PHP.

I think the same thing is happening with my mail function. Where is the mail function located in a linux server so that I can chmod it?

Edit

Some additional information:

$ "This is a test" | mail -s "Testing 123" [email protected]
-bash: This is a test: command not found
Null message body; hope that's ok
postdrop: warning: mail_queue_enter: create file maildrop/111989.3781: Permission denied
postdrop: warning: mail_queue_enter: create file maildrop/112524.3781: Permission denied
postdrop: warning: mail_queue_enter: create file maildrop/113649.3781: Permission denied
postdrop: warning: mail_queue_enter: create file maildrop/114574.3781: Permission denied
postdrop: warning: mail_queue_enter: create file maildrop/115551.3781: Permission denied

chmod: changing permissions of `/usr/sbin/sendmail.postfix': Operation not permitted

chmod: changing permissions of `/usr/sbin/sendmail': Operation not permitted

I'm trying to change my server's timezone.

I was following this tutorial but I can't get it to change to Pacific Standard Time.

ln -sf /usr/share/zoneinfo/EST localtime

Will work, but

ln -sf /usr/share/zoneinfo/PST localtime

will not. What's going on here?