Press "Enter" to skip to content

Posts published in April 2014

List Installed libraries

To display all of the libraries installed on your Linux system there is no need to soft through /lib and /usr/lib, etc… try this command it will display all of the libraries and where they are linked to.

[code]
/sbin/ldconfig -p
[/code]

Combine it with grep and you can search for a specific library

something like:
[code]
/sbin/ldconfig -p | grep libQtTest
[/code]

Convert ESXi disk from thick to thin

When copying, cloning, and moving VM’s around in general any disks that were created with thin provisioning will unltimately be converted to thick provisioning. What a tremendous waste of disk space if you frequently over provision disk space and allow them to grow over time as needed. (Oh yeah that’s what thin provisioning was created for)

Let’s reduce the disk consumption and convert the vmdk’s back to thin (or to thin if you chose thick to begin with)

Ensure you have ssh enabled to your esx server and login as root or su to root from your user account.

Shut down the VM you wish to shrink (I’d suggest reconciling any snapshots you have and making a backup just in case something goes sideways)

Change directory to the path holding your VM, it will look something like /vmfs/volumes/53448b8c-b6d48f58-692a-ac220bdcff63/server_name (you may have to hunt down the right path)
for example I am going to shrink my vCenter Server Appliance which lives in
/vmfs/volumes/53448b8c-b6d48f58-692a-ac220bdcff63/VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10

the directory looks like this:
# ls -ltrah
total 140495888
-rw-r–r– 1 root root 0 Apr 10 23:57 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmsd
-rw-r–r– 1 root root 311 Apr 10 23:57 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmxf
-rw——- 1 root root 547 Apr 11 00:05 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmdk
-rw——- 1 root root 553 Apr 11 00:05 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10_1.vmdk
drwxr-xr-t 1 root root 1.6K Apr 11 01:49 ..
-rw——- 1 root root 100.0G Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10_1-flat.vmdk
-rw——- 1 root root 8.5K Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.nvram
-rw——- 1 root root 25.0G Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10-flat.vmdk
-rw-r–r– 1 root root 125.6K Apr 12 01:37 vmware.log
-rwxr-xr-x 1 root root 3.1K Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmx

As you can see the directory contains 125+G (I closed my terminal window with the actual du output.
But I know it’s using closer to 10G, so let’s shrink it down….

Notice there are two virtual disks ending with OVF10.vmdk & OVF10_1.vmdk

# vmkfstools -K ./VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmdk
vmfsDisk: 1, rdmDisk: 0, blockSize: 1048576
Hole Punching: 100% done.

# vmkfstools -K VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10_1.vmdk
vmfsDisk: 1, rdmDisk: 0, blockSize: 1048576
Hole Punching: 100% done.

This may take a bit of time to complete depending on your disk speed etc…

End result looks the same but notice the actual usage:
# ls -ltrah
total 11077648
-rw-r–r– 1 root root 0 Apr 10 23:57 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmsd
-rw-r–r– 1 root root 311 Apr 10 23:57 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmxf
-rw——- 1 root root 547 Apr 11 00:05 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmdk
-rw——- 1 root root 553 Apr 11 00:05 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10_1.vmdk
drwxr-xr-t 1 root root 1.6K Apr 11 01:49 ..
-rw——- 1 root root 100.0G Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10_1-flat.vmdk
-rw——- 1 root root 8.5K Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.nvram
-rw——- 1 root root 25.0G Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10-flat.vmdk
-rw-r–r– 1 root root 125.6K Apr 12 01:37 vmware.log
-rwxr-xr-x 1 root root 3.1K Apr 12 01:37 VMware-vCenter-Server-Appliance-5.5.0.5201-1476389_OVF10.vmx
drwxr-xr-x 1 root root 1.5K Apr 12 02:03 .

# du -hs
10.6G .

Much better!
Now restart your VM and move on to your next project

Updated ssltest.sh

I had to update my ssl cipher testing script, the output from openssl changed enough in recent versions of RedHat/CentOS 6.x which broke the reporting. I tried to write in in simple code so it would be easy to understand and facilitate those wanting to improve upon it (if you do… please share!)

What does it do? I scans your installed copy of openssl for all supported ciphers, and tests the target webserver and reports back what ciphers and ssl/tls versions it will support. I added a little color coding to the ciphers to quickly point out less than optimal (ie non-FIPS ciphers) in red. FIPS ciphers will display in green.

Why is this important? That’s akin to asking the difference between padlocks.. the better the lock the more relative security it will provide and resist being broken.

How do I use it? Simple invoke the script and the hostname;port you want to test. If you see red… you should consider limiting the ciphers your webserver will support. (I’ll post these detailed how-to’s for apache, tomcat and weblogic in a future edition)

[code]
./ssltest.sh www.greyfuzz.com:443
or
./ssltest.sh www.greyfuzz.com:443 -v ( adding -v displays the ciphers being tested instead of just the results)
[/code]

[code]
#!/bin/sh
## ssltest.sh version 0.4 (last update 4/10/2014)
## – Dave Cochran
##
## Location of openssl
openssl=/usr/bin/openssl

## Make a request (may be altered)
echo "GET / HTTP/1.1" > ssltest.tmp

###### END OF CONFIGURATION #####

if ! [ $1 ]; then
echo syntax: $0 host:sslport [-v] optional for verbose testing
exit
fi

if ! [ -e $openssl ]; then
echo The path to openssl is wrong, please edit $0
exit
fi

## temp file for output – removed at script end
tempfile=./ssltest.tmp

touch $tempfile

if ! [ -e $tempfile ]; then
echo Cannot create temp file in this directory… exiting $0
exit
fi

## Request available ciphers from openssl and test them
for ssl in ssl2 ssl3 tls1
do
echo -e ‘E[37;30mnn’ Testing `echo $ssl ` ….

$openssl ciphers -$ssl -v | while read line

do
cipher=`echo $line | awk ‘{print $1}’`
bits=`echo $line | awk ‘{print $5}’ | cut -f2 -d( | cut -f1 -d)`
if [ $2 ]; then
echo -n $cipher – $bits bits…
fi

if ($openssl s_client -$ssl -cipher $cipher -connect $1 < $tempfile 2>&1 | grep "^Certificate chain" > /dev/null); then
# if [ $2 ]; then
# echo -en ‘E[37;32m’"Cipher Enabled"’E[37;30m’"n"
# else
if [[ $cipher = "EDH-RSA-DES-CBC3-SHA" || $cipher = "EDH-DSS-DES-CBC3-SHA" || $cipher = "DHE-RSA-AES256-SHA" || $cipher = "DES-CBC3-SHA" || $cipher = "AES256-SHA" || $cipher = "DES-CBC3-SHA" || $cipher = "AES128-SHA" || $cipher = "DHE-RSA-AES128-SHA" || $cipher = "DHE-DSS-AES128-SHA" || $cipher = "ADH-AES128-SHA" || $cipher = "DHE-DSS-AES256-SHA" || $cipher = "ADH-AES256-SHA" ]]; then
echo -en ‘E[37;32m’"$cipher – $bits bits – FIPS APPROVED CIPHER enabledn";
else
echo -en ‘E[37;31m’"$cipher – $bits bits – WEAK CIPHER enabledn";
fi
fi
#else
if [ $2 ]; then
echo -en ‘E[37;30m’"Cipher Not Enabled"’E[37;30m’"n"
fi
# fi
echo " " > $tempfile
done | grep -v error

done
echo -en ‘E[37;30m’"nTesting Complete.nn"
## Remove temporary file
rm -f $tempfile
[/code]

Copy CD/DVD to .iso

Installing from physical CD’s or DVD’s is always a hassle, first actually putting your hands on the disc you want can be quite a process. On and around my desk sit a number of 100 disk spindles, digging through them is always a hassle. Disk space is cheap, and the time saved by mounting an .iso can go a long way to paying for the disks. Not to mention physical optical disc’s are SLOW! I keep a mount point reserved on my filer to store everything I use frequently as .iso’s. Now when I need to spin up a Virtual Machine (VM) or even install to bare metal I simply mount the .iso and away we go, but at gigabit speeds instead of waiting for the slow transfer speeds of optical drives.

With Linux, it’s a simple as finding the disc and using the dd command.

[code]
dd if=/dev/sr0 of=/path_to_store/discname.iso
[/code]

That’s all there is to it. You may have to adjust the input device name to suit your particular setup, typically something along the lines of /dev/sr0, /dev/cdrom, /dev/dvd etc..

From here, lather, rinse, repeat. Then store your optical discs in a safe place, or use them for coasters. So long as your storage media is intact you will generally not need them.

scp: command not found

Here is a simple problem with an easy solution. And it’s pretty easy to get yourself into this situation using kickstart as well. As I am transitioning myself from Slackware to CentOS (servers), and LinuxMint (Desktops) there is always a bit of a learning curve.

So, I recently built a new CentOS 6.x VM server, it was kickstart’d from my Spacewalk server, actually its been running for months as a Munin server collecting and graphing metrics for me without so much as a hiccup. Today, while attempting to use scp to copy over some new files to this box I ended up with a peculiar error.

-bash: scp: command not found

What on earth is going on here. After a few minutes of head scratching, a search of /usr/bin and /usr/sbin revealed scp was not installed. If you are like me and assumed this was installed by default along with the ssh package… well you too would be wrong! It’s a separate package named openssh-clients.

Easy solution:

[code]
yum install openssh-clients
[/code]

Additionally, if you are like me and using a custom kickstart file to deploy new servers, add openssh-clients to your package list and life will continue on sans any attempts to conjoin your forehead and the desk surface (claim extends to this issue alone, as many more will surface)