Tuesday, November 19, 2013

Installing SMT on SLES 11

1. Generate nu.novell.com credentials on novell support portal

2. Download SMT iso from novell

3. install and setup

4. a2enmod ssl

https://www.suse.com/documentation/smt11/book_yep/data/book_yep.html

Monday, November 18, 2013

Reclaim VMDK space from thin disk on ESXi 5.0/5.1/5.5

There are 2 methods but both need you system to power down.

1. Use VMware convertor, it is free, but need to rename your VM and GUID also changed. It is not a very good choice if you have all those VM backup software that recognize GUID instead of VM Name  (However, I have tested both, it give the best result for reclaiming space, especially some space in LVM will not be able to be reclaimed by method 2 )

2. Do it Manually in 2 steps
- zero out all empty space (Windows sdelete, Linux secure-delete)
        Linux: execute "sfill -llfzv /" after installing secure-delete  (you might want to zero out swap also)
        Windows: "sdelete -z" (downloaded from microsoft technet)
- hole punching using vmkfstools in ESXi
         SSH into ESXi host and run this command: vmkfstools -K <vmdkname>

**if space not able to reclaim, try storage vmotion to thick then thin to force it happens.







Friday, November 8, 2013

Install Oracle 12c on SLES 11SP3



/etc/fstab
none                 /dev                 tmpfs      remount,size=6G       0 0


zypper install binutils gcc43 gcc-c++ glibc glibc-devel ksh libaio libaio-devel libcap1 libstdc++33 libstdc++43 libstdc++46 libgcc46 make sysstat


Install software only during when running ./runInstaller, do not create database

When it prompt for running root.sh script

Open terminal  (using oracle owner account)

1. su root    (don't use "su -" )
2. Execute those script required
3. Back to finish the installer
4. run ./netca to create LISTENER
5. run ./dbca to create your DB

For init script

you can install orarun packet using YaST or zypper

you have to modify /etc/sysconfig/oracle to select what service you want to start

/etc/init.d/oracle
1. Add 11g and 12c version support for startdb part
        ORACLE_VERSION=`$ORACLE_HOME/bin/sqlplus -v | awk '{split($3, V, "."); print V[1]}'`
        if [ $ORACLE_VERSION = "11" ]; then
to
        ORACLE_VERSION=`$ORACLE_HOME/bin/sqlplus -v | awk '{split($3, V, "."); print V[1]}'`
        if [ $ORACLE_VERSION = "11" ] || [ $ORACLE_VERSION = "12" ]; then


2.Change
  if [ ! -z "$ORACLE_HOME" -a ! -d "$ORACLE_HOME" ]; then
to
  if [ ! -z "$ORACLE_HOME" -a -d "$ORACLE_HOME" ]; then

3.
  # Set Intelligent Agent Start/Stop
  AGENT_VERSION="unknown"
to
 ORACLE_VERSION=`$ORACLE_HOME/bin/sqlplus -v | awk '{split($3, V, "."); print V[1]}'`
  # Set Intelligent Agent Start/Stop
  AGENT_VERSION="unknown"








Friday, November 1, 2013

After Cisco UCS Manager Upgrade to 2.1.X , FC and SAN disconnected due to Zoning behavior changed

How dare Cisco totally changed FC Zoning behavior in from 2.0 to 2.1 without warning, migration wizard or default allowing policy!!!!

It is totally not possible to upgrade to 2.1 without putting the whole SAN offline!

Once UCS Manager reboot according to follow manual, it block all FC traffic from Blade to SAN Storage.
And Cisco didn't add any warning here telling FC Zoning behavior will be changed. It still telling in the manual could upgrade without affecting service.

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/upgrading/from2.0/to2.1/b_UpgradingCiscoUCSFrom2.0To2.1.html#concept_C70F7CFF31AC46C7AD03E8022299C808

Please study complete about this sample config before upgrading to UCS Firmware bundle 2.1

http://www.cisco.com/en/US/products/ps11350/products_configuration_example09186a0080c0a508.shtml#anc7

Monday, July 8, 2013

Enabled SPAMASSASSIN to check SURBL in SLES 11

The default parameter of spamassassin in SLES 11 is local test only.

You have you remove the -L ARGS in /etc/sysconfig/spamd


Friday, June 28, 2013

Login FTP automatically in bash batch

Add a line in .netrc in your home directory

machine <IP> login <username> password <password>

Wednesday, April 24, 2013

Block frequent spamming IP by fail2ban with iptables

1. install fail2ban
2. Modify jail.conf

[postfix-iptables]


enabled  = true
filter   = postfix
action   = iptables[name=Postfix, port=smtp, protocol=tcp]
           sendmail[name=Postfix, dest=alertmailaddress@yourdomain.com]
logpath  = /var/log/maillog
bantime  = 3600
findtime = 300
maxretry = 3

3. Modify postfix.conf

failregex = reject: RCPT from (.*)\[<HOST>\]: 554
            reject: RCPT from (.*)\[<HOST>\]: 550
            reject: RCPT from (.*)\[<HOST>\]: 450

4. Done.

PS: Just find a very good piece of modification for blocking repeaters

http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/

Friday, March 15, 2013

Virtualization vcpu-provisioning best practice

A nice one to read

http://www.the-little-things.net/blog/2012/03/22/virtualization-vcpu-provisioning-best-practices/


bcdedit /set detecthal yes

Tuesday, March 5, 2013

how-to-shrink-a-thin-vmdk-on-esxi-5-0

http://boerlowie.wordpress.com/2012/09/06/how-to-shrink-a-thin-vmdk-on-esxi-5-0/

Friday, March 1, 2013

squid cache settings


cache_mem 512 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/spool/squid 10240 16 256

Friday, February 22, 2013

Make a USB Boot ThinClient with VPN for any PC by using Ubuntu and VMware View Client

1. Install a Ubuntu on a USB according to official guideline
http://www.ubuntu.com/download/help/create-a-usb-stick-on-windows

2. Boot that USB on a PC that with Internet Connection

3. Open Terminal and Execute following commands

echo "deb http://archive.canonical.com/ubuntu/ quantal partner" >> /etc/apt/sources.list.d/canonical_partner.list

4. Open /etc/apt/source.list using vi or your favorite editor
Add  "universe" at the end of all source list.
Save it.

5. Execute the following command in Terminal

sudo apt-get update
sudo apt-get install network-manager-vpnc vmware-view-client
sudo apt-get remove ubiquity

6. Setup your VPN connection using network manager (Just the same menu where you connect WIFI)

7. Done.

Thursday, February 7, 2013

Trendmicro OfficeScan Block Domino Server Port 80


When Domino HTTP Server started, it report this error even no process is listening port 80. Actually it is caused by Trendmicro

HTTP Server: Error - Unable to Bind port 80, port may be in use or user needs net_privaddr privilege 


  1. Open the Registry Editor on the domino server.
  2. Important: Always back up the whole registry before making any modifications.
  3. Navigate to HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList
  4. Click Edit > New > Key and then name the key "Domino".
  5. Under this new key, create a string value (Edit > New > String Value) named "ProcessImageName". Set the value to "nhttp.exe".
  6. Restart OfficeScan.

Monday, January 7, 2013

HRSP ARP Issue

Recently, I help my sibling company to setup HSRP configuration

1 Cisco 2921 connecting 2 Cisco 3650.

It works normally without any problem at the very beginning.

Later, user reports that Windows 2008 report duplicate IP after rebooting or re-enable network adapter.

After a serious a research, I got the following findings.
1. ping to unused ip address will got TTL expire.
2. traceroute to unused ip address will loop between that 3 Cisco device.
3. all unused ip address in Cisco 3650 arp table will map to ether-channel mac address.

After digging a 2 weeks about this problem, finally I found an article on the web. It said Cisco has made some changes on IOS after 12.8 which I need to add "no ip proxy-arp" on both 3650 uplink to 2921.