Compare staffs Compare two jar files: 1diff -W200 -y <(unzip -vqq file1.jar | awk '{ if ($1 > 0) {printf("%s\t%s\n", $1, $8)}}' | sort -k2) <(unzip -vqq file2.jar | awk '{ if ($1 > 0) {printf("%s\t%s\n", $1, $8)}}' | sort -k2)
Find a process blocking a file with fuser: 1fuser -m </dir or /files> # Find process blocking/using this directory or files. 2fuser -cu </dir or /files> # Same as above but add the user 3fuser -kcu </dir or /files> # Kill process 4fuser -v -k -HUP -i ./ # Send HUP signal to process 5 6# Output will send you <PID + letter>, here is the meaning: 7# c current directory. 8# e executable being run. 9# f open file. (omitted in default display mode). 10# F open file for writing. (omitted in default display mode). 11# r root directory. 12# m mmap'ed file or shared library. with lsof ( = list open file): 1lsof +D /var/log # Find all files blocked with the process and user. 2lsof -a +L1 <mountpoint> # Process blocking a FS. 3lsof -c ssh -c init # Find files open by thoses processes. 4lsof -p 1753 # Find files open by PID process. 5lsof -u root # Find files open by user. 6lsof -u ^user # Find files open by user except this one. 7kill -9 `lsof -t -u toto` # kill user's processes. (option -t output only PID). MacGyver method: 1#When you have no fuser or lsof: 2find /proc/*/fd -type f -links 0 -exec ls -lrt {} \;
Basic Troubleshooting Checks interfaces 1nmcli con show 2NAME UUID TYPE DEVICE 3ens192 4d0087a0-740a-4356-8d9e-f58b63fd180c ethernet ens192 4ens224 3dcb022b-62a2-4632-8b69-ab68e1901e3b ethernet ens224 5 6nmcli dev status 7DEVICE TYPE STATE CONNECTION 8ens192 ethernet connected ens192 9ens224 ethernet connected ens224 10ens256 ethernet connected ens256 11lo loopback unmanaged -- 12 13# Get interfaces details : 14nmcli connection show ens192 15nmcli -p con show ens192 16 17# Get DNS settings in interface 18UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0") 19nmcli --get-values ipv4.dns c show $UUID Changing Interface name 1nmcli connection add type ethernet mac "00:50:56:80:11:ff" ifname "ens224" 2nmcli connection add type ethernet mac "00:50:56:80:8a:0b" ifname "ens256" Create a custom config 1nmcli con load /etc/sysconfig/network-scripts/ifcfg-ens224 2nmcli con up ens192 Adding a Virtual IP 1nmcli con mod enp1s0 +ipv4.addresses "192.168.122.11/24" 2ip addr del 10.163.148.36/24 dev ens160 3 4nmcli con reload # before to reapply 5nmcli device reapply ens224 6systemctl status network.service 7systemctl restart network.service Add a DNS entry 1UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0") 2DNS_LIST=$(nmcli --get-values ipv4.dns c show $UUID) 3nmcli conn modify "$UUID" ipv4.dns "${DNS_LIST} ${DNS_IP}" 4 5# /etc/resolved is managed by systemd-resolved 6sudo systemctl restart systemd-resolved
Server Side First Install samba and samba-client (for debug + test)
/etc/samba/smb.conf 1[home] 2Workgroup=WORKGROUP (le grp par defaul sur windows) 3Hosts allow = ... 4[shared] 5browseable = yes 6path = /shared 7valid users = user01, @un_group_au_choix 8writable = yes 9passdb backend = tdbsam #passwords are stored in the /var/lib/samba/private/passdb.tdb file. Test samba config testparm
/usr/bin/testparm -s /etc/samba/smb.conf
smbclient -L \192.168.56.102 -U test : list all samba shares available
smbclient //192.168.56.102/sharedrepo -U test : connect to the share
pdbedit -L : list user smb (better than smbclient)
SSHFS SshFS sert à monter sur son FS, un autre système de fichier distant, à travers une connexion SSH, le tout avec des droits utilisateur. L’avantage est de manipuler les données distantes avec n’importe quel gestionnaire de fichier (Nautilus, Konqueror, ROX, ou même la ligne de commande).
- Pre-requis : droits d'administration, connexion ethernet, installation de FUSE et du paquet SSHFS. - Les utilisateurs de sshfs doivent faire partie du groupe fuse. Rq : FUSE permet à un utilisateur de monter lui-même un système de fichier. Normalement, pour monter un système de fichier, il faut être administrateur ou que celui-ci l’ait prévu dans « /etc/fstab » avec des informations en dur.
Tar - « tape archiver » Preserve files permissions and ownership.
The Basic
1# Archive 2tar cvf mon_archive.tar <fichier1> <fichier2> </rep/doosier/> 3 4## Archive and compress with zstd everything in the current dir and push to /target/dir 5tar -I zstd -vcf archive.tar.zstd -C /target/dir . 6 7# Extract 8tar xvf mon_archive.tar 9 10# Extract push to target dir 11tar -zxvf new.tar.gz -C /target/dir Other usefull options • t : list archive’s content. • T : Archive list given by a file. • P : Absolute path is preserve (usefull for backup /etc) • X : exclude • z : compression Gunzip • j : compression Bzip2 • J : compression Lzmacd
Most usefull shortcut Ctrl + r : Search and reverse. (ctrl+r pour remonter l’history). Ctrl + l : Clear the screen (instead to use “clear” command). Ctrl + p : Repeat last command. Ctrl + x + Ctrl + e : Edit the current command on an external editor. (Need to define export EDITOR=vim ). Ctrl + shift + v : Copy / paste in linux. Ctrl + a : Move to the begin of the line.
Ctrl + e : Move to the end of the line.
Ctrl + xx : Move to the opposite end of the line.
Ctrl + left : Move to left one word. Ctrl + right : Move to right one word.
Trust a CA on Linux host 1# [RHEL] RootCA from DC need to be installed on host: 2cp my-domain-issuing.crt /etc/pki/ca-trust/source/anchors/my_domain_issuing.crt 3cp my-domain-rootca.crt /etc/pki/ca-trust/source/anchors/my_domain_rootca.crt 4update-ca-trust extract 5 6# [Ubuntu] 7sudo apt-get install -y ca-certificates 8sudo cp local-ca.crt /usr/local/share/ca-certificates 9sudo update-ca-certificates
Troubleshooting cloud-init status --wait usefull for scripting, waiting cloud-init to finish before going to next step.
cloud-init status --long
1status: done 2extended_status: done 3boot_status_code: enabled-by-generator 4last_update: Thu, 01 Jan 1970 00:00:55 +0000 5detail: DataSourceNoCloud [seed=/dev/sr0] 6errors: [] 7recoverable_errors: {} sudo cloud-init analyze show 1-- Boot Record 01 -- 2The total time elapsed since completing an event is printed after the "@" character. 3The time the event takes is printed after the "+" character. 4 5Starting stage: init-local 6|`->no cache found @00.00600s +00.00000s 7|`->found local data from DataSourceNoCloud @00.01500s +00.12600s 8Finished stage: (init-local) 00.75400 seconds 9 10Starting stage: init-network 11|`->restored from cache with run check: DataSourceNoCloud [seed=/dev/sr0] @04.21100s +00.00200s 12|`->setting up datasource @04.22800s +00.00000s 13|`->reading and applying user-data @04.23400s +00.00500s 14|`->reading and applying vendor-data @04.23900s +00.00000s 15|`->reading and applying vendor-data2 @04.23900s +00.00000s 16|`->activating datasource @04.27100s +00.00100s 17|`->config-seed_random ran successfully and took 0.000 seconds @04.29500s +00.00100s 18|`->config-write_files ran successfully and took 0.001 seconds @04.29600s +00.00100s 19|`->config-growpart ran successfully and took 0.562 seconds @04.29700s +00.56200s 20|`->config-resizefs ran successfully and took 0.193 seconds @04.86000s +00.19200s 21|`->config-mounts ran successfully and took 0.001 seconds @05.05200s +00.00100s 22|`->config-set_hostname ran successfully and took 0.004 seconds @05.05300s +00.00500s 23|`->config-update_hostname ran successfully and took 0.001 seconds @05.05800s +00.00100s 24|`->config-update_etc_hosts ran successfully and took 0.005 seconds @05.05900s +00.00500s 25|`->config-users_groups ran successfully and took 0.216 seconds @05.06400s +00.21600s 26|`->config-ssh ran successfully and took 0.404 seconds @05.28100s +00.40400s 27|`->config-set_passwords ran successfully and took 0.001 seconds @05.68500s +00.00200s 28Finished stage: (init-network) 01.50000 seconds 29 30Starting stage: modules-config 31|`->config-ssh_import_id ran successfully and took 0.001 seconds @07.43300s +00.00100s 32|`->config-locale ran successfully and took 0.003 seconds @07.43400s +00.00300s 33|`->config-grub_dpkg ran successfully and took 0.352 seconds @07.43700s +00.35200s 34|`->config-apt_configure ran successfully and took 0.049 seconds @07.79000s +00.04800s 35|`->config-timezone ran successfully and took 0.007 seconds @07.83900s +00.00700s 36|`->config-runcmd ran successfully and took 0.001 seconds @07.84600s +00.00100s 37|`->config-byobu ran successfully and took 0.000 seconds @07.84700s +00.00100s 38Finished stage: (modules-config) 00.45400 seconds 39 40Starting stage: modules-final 41|`->config-package_update_upgrade_install ran successfully and took 26.632 seconds @20.56700s +26.63300s 42|`->config-write_files_deferred ran successfully and took 0.001 seconds @47.20000s +00.00200s 43|`->config-reset_rmc ran successfully and took 0.000 seconds @47.20200s +00.00100s 44|`->config-scripts_vendor ran successfully and took 0.001 seconds @47.20300s +00.00000s 45|`->config-scripts_per_once ran successfully and took 0.000 seconds @47.20300s +00.00100s 46|`->config-scripts_per_boot ran successfully and took 0.000 seconds @47.20400s +00.00000s 47|`->config-scripts_per_instance ran successfully and took 0.000 seconds @47.20400s +00.00100s 48|`->config-scripts_user ran successfully and took 0.558 seconds @47.20500s +00.55800s 49|`->config-ssh_authkey_fingerprints ran successfully and took 0.005 seconds @47.76400s +00.00500s 50|`->config-keys_to_console ran successfully and took 0.054 seconds @47.76900s +00.05500s 51|`->config-install_hotplug ran successfully and took 0.001 seconds @47.82400s +00.00100s 52|`->config-final_message ran successfully and took 0.001 seconds @47.82500s +00.00100s 53Finished stage: (modules-final) 27.29600 seconds Check the logs: sudo tail -n 50 /var/log/cloud-init-output.log
Server Idm - Identity Manager prerequisites :
repository configured NTP synchronize check config DHCP/DNS hostname -f == hostname acces to webui IDM : https://idm01.idm.ad-support.local/ipa/ui/ 1yum install -y ipa-server ipa-server-dns 2 3ipa-server-install \ 4 --domain=example.com \ 5 --realm=EXAMPLE.COM \ 6 --ds-password=password \ 7 --admin-password=password \ 8 --hostname=classroom.example.com \ 9 --ip-address=172.25.0.254 \ 10 --reverse-zone=0.25.172.in-addr.arpa. \ 11 --forwarder=208.67.222.222 \ 12 --allow-zone-overlap \ 13 --setup-dns \ 14 --unattended Client link to IDM 1yum install -y ipa-client 2 3ipa-client-install --mkhomedir --enable-dns-updates --force-ntpd -p admin@EXAMPLE.COM --password='password' --force-join -U 4 5# Test login 6echo -n 'password' | kinit admin Script if DNS config is right for a IDM server 1sudo sh -c "cat <<EOF > ~/IdmZoneCheck.sh 2#!/bin/bash 3### IdM zone check ### 4# Check if the zone name is provided as a parameter # 5if [ -z "$1" ]; 6then 7 echo -e "Provide the zone name to be checked as a parameter!\n(ex: IdmZoneCheck.sh domain.local)" 8 exit 9fi 10clear 11echo -e "### IDM / TCP ###\n\n" 12echo -e "TCP / kerberos-master (SRV)" 13dig +short _kerberos-master._tcp.$1. SRV 14echo -e "_TCP / kerberos (SRV)" 15dig +short _kerberos._tcp.$1. SRV 16echo -e "_TCP / kpasswd (SRV)" 17dig +short _kpasswd._tcp.$1. SRV 18echo -e "_TCP / ldap (SRV)" 19dig +short _ldap._tcp.$1. SRV 20echo -e "\n### IDM / UDP ###\n\n" 21echo -e "_UDP / kerberos-master (SRV)" 22dig +short _kerberos-master._udp.$1. SRV 23echo -e "_UDP / kerberos (SRV)" 24dig +short _kerberos._udp.$1. SRV 25echo -e "_UCP / kpasswd (SRV)" 26dig +short _kpasswd._udp.$1. SRV 27echo -e "\n### IDM / MSDCS DC TCP ###\n\n" 28echo -e "_MSDCS / TCP / kerberos (SRV)" 29dig +short _kerberos._tcp.dc._msdcs.$1. SRV 30echo -e "_MSDCS / TCP / ldap (SRV)" 31dig +short _ldap._tcp.dc._msdcs.$1. SRV 32echo -e "\n### IDM / MSDCS DC UDP ###\n\n" 33echo -e "_MSDCS / UDP / kerberos (SRV)" 34dig +short _kerberos._udp.dc._msdcs.$1. SRV 35echo -e "\n### IDM / REALM ###\n\n" 36echo -e "REALM (TXT)" 37dig +short _kerberos.$1. TXT 38echo -e "\n### IDM / CA ###\n\n" 39echo -e "A / ipa-ca" 40dig +short ipa-ca.$1. A 41echo -e "\n### IDM / A ###\n\n" 42echo -e "A / $HOSTNAME" 43dig +short $HOSTNAME. A 44EOF Script usage : 1./IdmZoneCheck.sh idm.ad-support.local
Manuals for commands man <cmd> : Open man page of command.
space : go ahead page by page. b : go back page by page. q : quit. Enter : go line by line. /<word> : search a word in man. n : go to the next expression that you search. N : go back to search expression. man -k <key word> : look for in all man for your key words.
man -k <word1>.*<word2> : “.*” allow to search several words. whatis <cmd> : give short explaination about the command.
