1. Generate nu.novell.com credentials on novell support portal
2. Download SMT iso from novell
3. install and setup
4. a2enmod ssl
https://www.suse.com/documentation/smt11/book_yep/data/book_yep.html
Tuesday, November 19, 2013
Monday, November 18, 2013
Reclaim VMDK space from thin disk on ESXi 5.0/5.1/5.5
There are 2 methods but both need you system to power down.
1. Use VMware convertor, it is free, but need to rename your VM and GUID also changed. It is not a very good choice if you have all those VM backup software that recognize GUID instead of VM Name (However, I have tested both, it give the best result for reclaiming space, especially some space in LVM will not be able to be reclaimed by method 2 )
2. Do it Manually in 2 steps
- zero out all empty space (Windows sdelete, Linux secure-delete)
Linux: execute "sfill -llfzv /" after installing secure-delete (you might want to zero out swap also)
Windows: "sdelete -z" (downloaded from microsoft technet)
- hole punching using vmkfstools in ESXi
SSH into ESXi host and run this command: vmkfstools -K <vmdkname>
**if space not able to reclaim, try storage vmotion to thick then thin to force it happens.
1. Use VMware convertor, it is free, but need to rename your VM and GUID also changed. It is not a very good choice if you have all those VM backup software that recognize GUID instead of VM Name (However, I have tested both, it give the best result for reclaiming space, especially some space in LVM will not be able to be reclaimed by method 2 )
2. Do it Manually in 2 steps
- zero out all empty space (Windows sdelete, Linux secure-delete)
Linux: execute "sfill -llfzv /" after installing secure-delete (you might want to zero out swap also)
Windows: "sdelete -z" (downloaded from microsoft technet)
- hole punching using vmkfstools in ESXi
SSH into ESXi host and run this command: vmkfstools -K <vmdkname>
**if space not able to reclaim, try storage vmotion to thick then thin to force it happens.
Friday, November 8, 2013
Install Oracle 12c on SLES 11SP3
/etc/fstab
none /dev tmpfs remount,size=6G 0 0
zypper install binutils gcc43 gcc-c++ glibc glibc-devel ksh libaio libaio-devel libcap1 libstdc++33 libstdc++43 libstdc++46 libgcc46 make sysstat
Install software only during when running ./runInstaller, do not create database
When it prompt for running root.sh script
Open terminal (using oracle owner account)
1. su root (don't use "su -" )
2. Execute those script required
3. Back to finish the installer
4. run ./netca to create LISTENER
5. run ./dbca to create your DB
For init script
you can install orarun packet using YaST or zypper
you have to modify /etc/sysconfig/oracle to select what service you want to start
/etc/init.d/oracle
1. Add 11g and 12c version support for startdb part
ORACLE_VERSION=`$ORACLE_HOME/bin/sqlplus -v | awk '{split($3, V, "."); print V[1]}'`
if [ $ORACLE_VERSION = "11" ]; then
to
ORACLE_VERSION=`$ORACLE_HOME/bin/sqlplus -v | awk '{split($3, V, "."); print V[1]}'`
if [ $ORACLE_VERSION = "11" ] || [ $ORACLE_VERSION = "12" ]; then
2.Change
if [ ! -z "$ORACLE_HOME" -a ! -d "$ORACLE_HOME" ]; then
to
if [ ! -z "$ORACLE_HOME" -a -d "$ORACLE_HOME" ]; then
3.
# Set Intelligent Agent Start/Stop
AGENT_VERSION="unknown"
to
ORACLE_VERSION=`$ORACLE_HOME/bin/sqlplus -v | awk '{split($3, V, "."); print V[1]}'`
# Set Intelligent Agent Start/Stop
AGENT_VERSION="unknown"
AGENT_VERSION="unknown"
Friday, November 1, 2013
After Cisco UCS Manager Upgrade to 2.1.X , FC and SAN disconnected due to Zoning behavior changed
How dare Cisco totally changed FC Zoning behavior in from 2.0 to 2.1 without warning, migration wizard or default allowing policy!!!!
It is totally not possible to upgrade to 2.1 without putting the whole SAN offline!
Once UCS Manager reboot according to follow manual, it block all FC traffic from Blade to SAN Storage.
And Cisco didn't add any warning here telling FC Zoning behavior will be changed. It still telling in the manual could upgrade without affecting service.
http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/upgrading/from2.0/to2.1/b_UpgradingCiscoUCSFrom2.0To2.1.html#concept_C70F7CFF31AC46C7AD03E8022299C808
Please study complete about this sample config before upgrading to UCS Firmware bundle 2.1
http://www.cisco.com/en/US/products/ps11350/products_configuration_example09186a0080c0a508.shtml#anc7
It is totally not possible to upgrade to 2.1 without putting the whole SAN offline!
Once UCS Manager reboot according to follow manual, it block all FC traffic from Blade to SAN Storage.
And Cisco didn't add any warning here telling FC Zoning behavior will be changed. It still telling in the manual could upgrade without affecting service.
http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/upgrading/from2.0/to2.1/b_UpgradingCiscoUCSFrom2.0To2.1.html#concept_C70F7CFF31AC46C7AD03E8022299C808
Please study complete about this sample config before upgrading to UCS Firmware bundle 2.1
http://www.cisco.com/en/US/products/ps11350/products_configuration_example09186a0080c0a508.shtml#anc7
Thursday, October 24, 2013
Tuesday, October 22, 2013
Monday, July 8, 2013
Enabled SPAMASSASSIN to check SURBL in SLES 11
The default parameter of spamassassin in SLES 11 is local test only.
You have you remove the -L ARGS in /etc/sysconfig/spamd
You have you remove the -L ARGS in /etc/sysconfig/spamd
Friday, June 28, 2013
Login FTP automatically in bash batch
Add a line in .netrc in your home directory
machine <IP> login <username> password <password>
machine <IP> login <username> password <password>
Wednesday, April 24, 2013
Block frequent spamming IP by fail2ban with iptables
1. install fail2ban
2. Modify jail.conf
[postfix-iptables]
enabled = true
filter = postfix
action = iptables[name=Postfix, port=smtp, protocol=tcp]
sendmail[name=Postfix, dest=alertmailaddress@yourdomain.com]
logpath = /var/log/maillog
bantime = 3600
findtime = 300
maxretry = 3
PS: Just find a very good piece of modification for blocking repeaters
http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
2. Modify jail.conf
[postfix-iptables]
enabled = true
filter = postfix
action = iptables[name=Postfix, port=smtp, protocol=tcp]
sendmail[name=Postfix, dest=alertmailaddress@yourdomain.com]
logpath = /var/log/maillog
bantime = 3600
findtime = 300
maxretry = 3
3. Modify postfix.conf
failregex = reject: RCPT from (.*)\[<HOST>\]: 554
reject: RCPT from (.*)\[<HOST>\]: 550
reject: RCPT from (.*)\[<HOST>\]: 450
4. Done.
http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
Friday, March 15, 2013
Virtualization vcpu-provisioning best practice
A nice one to read
http://www.the-little-things.net/blog/2012/03/22/virtualization-vcpu-provisioning-best-practices/
bcdedit /set detecthal yes
http://www.the-little-things.net/blog/2012/03/22/virtualization-vcpu-provisioning-best-practices/
bcdedit /set detecthal yes
Tuesday, March 5, 2013
how-to-shrink-a-thin-vmdk-on-esxi-5-0
http://boerlowie.wordpress.com/2012/09/06/how-to-shrink-a-thin-vmdk-on-esxi-5-0/
Friday, March 1, 2013
squid cache settings
cache_mem 512 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/spool/squid 10240 16 256
Friday, February 22, 2013
Make a USB Boot ThinClient with VPN for any PC by using Ubuntu and VMware View Client
1. Install a Ubuntu on a USB according to official guideline
http://www.ubuntu.com/download/help/create-a-usb-stick-on-windows
2. Boot that USB on a PC that with Internet Connection
3. Open Terminal and Execute following commands
echo "deb http://archive.canonical.com/ubuntu/ quantal partner" >> /etc/apt/sources.list.d/canonical_partner.list
4. Open /etc/apt/source.list using vi or your favorite editor
Add "universe" at the end of all source list.
Save it.
5. Execute the following command in Terminal
sudo apt-get update
sudo apt-get install network-manager-vpnc vmware-view-client
sudo apt-get remove ubiquity
6. Setup your VPN connection using network manager (Just the same menu where you connect WIFI)
7. Done.
http://www.ubuntu.com/download/help/create-a-usb-stick-on-windows
2. Boot that USB on a PC that with Internet Connection
3. Open Terminal and Execute following commands
echo "deb http://archive.canonical.com/ubuntu/ quantal partner" >> /etc/apt/sources.list.d/canonical_partner.list
4. Open /etc/apt/source.list using vi or your favorite editor
Add "universe" at the end of all source list.
Save it.
5. Execute the following command in Terminal
sudo apt-get update
sudo apt-get install network-manager-vpnc vmware-view-client
sudo apt-get remove ubiquity
6. Setup your VPN connection using network manager (Just the same menu where you connect WIFI)
7. Done.
Thursday, February 7, 2013
Trendmicro OfficeScan Block Domino Server Port 80
When Domino HTTP Server started, it report this error even no process is listening port 80. Actually it is caused by Trendmicro
HTTP Server: Error - Unable to Bind port 80, port may be in use or user needs net_privaddr privilege
- Open the Registry Editor on the domino server.
- Important: Always back up the whole registry before making any modifications.
- Navigate to HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList
- Click Edit > New > Key and then name the key "Domino".
- Under this new key, create a string value (Edit > New > String Value) named "ProcessImageName". Set the value to "nhttp.exe".
- Restart OfficeScan.
Monday, January 7, 2013
HRSP ARP Issue
Recently, I help my sibling company to setup HSRP configuration
1 Cisco 2921 connecting 2 Cisco 3650.
It works normally without any problem at the very beginning.
Later, user reports that Windows 2008 report duplicate IP after rebooting or re-enable network adapter.
After a serious a research, I got the following findings.
1. ping to unused ip address will got TTL expire.
2. traceroute to unused ip address will loop between that 3 Cisco device.
3. all unused ip address in Cisco 3650 arp table will map to ether-channel mac address.
After digging a 2 weeks about this problem, finally I found an article on the web. It said Cisco has made some changes on IOS after 12.8 which I need to add "no ip proxy-arp" on both 3650 uplink to 2921.
1 Cisco 2921 connecting 2 Cisco 3650.
It works normally without any problem at the very beginning.
Later, user reports that Windows 2008 report duplicate IP after rebooting or re-enable network adapter.
After a serious a research, I got the following findings.
1. ping to unused ip address will got TTL expire.
2. traceroute to unused ip address will loop between that 3 Cisco device.
3. all unused ip address in Cisco 3650 arp table will map to ether-channel mac address.
After digging a 2 weeks about this problem, finally I found an article on the web. It said Cisco has made some changes on IOS after 12.8 which I need to add "no ip proxy-arp" on both 3650 uplink to 2921.
Subscribe to:
Posts (Atom)