Divers

Restic

Mettre un backup de côté :

restic tag --set nopurge d340707c

Créer une autorité de certification et un certificat SSL

Générer une clef privée et un certificat pour l’autorité de certification :

openssl req -x509 -newkey rsa:4096 -keyout ca-key.pem -out ca.pem -sha256 -days 3650 -nodes -subj "/C=FR/O=PKGDATA/CN=CA"

Générer une clef privée et une demande de certificat puis supprimer la passphrase :

openssl req -newkey rsa:4096 -days 365000 -nodes -keyout server-key.pem -out server-req.pem -subj "/C=FR/O=PKGDATA/CN=SERVER"
openssl rsa -in server-key.pem -out server-key.pem

Générer le certificat :

openssl x509 -req -in server-req.pem -days 365000 -CA ca.pem -CAkey ca-key.pem -set_serial "0x`openssl rand -hex 8`" -out server-cert.pem

MySQL troubleshooting

SELECT * from mysql.user;
ERROR 1356 (HY000): View 'mysql.user' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them

INSERT INTO `tables_priv` (`Host`, `Db`, `User`, `Table_name`, `Grantor`, `Timestamp`, `Table_priv`, `Column_priv`) VALUES ('localhost','mysql','mariadb.sys','global_priv','root@localhost','0000-00-00 00:00:00','Select,Delete','');
FLUSH PRIVILEGES;

MySQL

Déplacer le dossier MySQL sur une autre partition :

/etc/init.d/mariadb stop
mv /var/lib/mysql /data/ ; mkdir /var/lib/mysql
cat >> /etc/fstab <<EOF
/data/mysql /var/lib/mysql none bind 0 0
EOF
mount -a
/etc/init.d/mariadb start

Extraire le dump d’une seule table depuis le dump d’une BDD entière :

sed -n -e "/DROP TABLE.*`<table>`/,/UNLOCK TABLES/{/UNLOCK TABLES/{q};p}" dump.sql > output.dump; echo "UNLOCK TABLES;" >> output.dump

MariaDB

Rattraper le retard de replication :

#log_slave_updates  =   1
#innodb_flush_log_at_trx_commit =   1
#sync_binlog            =   1
log_slave_updates   =   0
innodb_flush_log_at_trx_commit  =   0
sync_binlog         =   0
slave_parallel_threads = 20

Modifier le definer

EVENTS
SHOW EVENTS;
ALTER DEFINER='axonaut'@'%' EVENT eventProductUpdateInvoiceLine COMMENT '';
PRODECURES
select db,name,definer from `mysql`.`proc`;
UPDATE `mysql`.`proc` p SET definer = 'axonaut@%' WHERE db='axonaut';
TRIGGERS

Dumper et modifier le dump puis le re-importer

mariadb-dump --triggers --add-drop-trigger --no-create-info --no-data --no-create-db --skip-opt axonaut > axonaut_triggers.sql

InfluxDB/Telegraf

Effacer les métriques d’une infra :

influx -username 'admin' -password 'XXX'
use telegraf
drop series where infra='orangeqr'

Effacer les métriques d’un serveur :

influx -username 'admin' -password 'XXX'
use telegraf
drop series where host='<server>.pkgdata.net'

Créer un compte SFTP

mkdir -p /home/sftp/eurazeo-upload
addgroup sftponly
useradd --no-create-home --home-dir /home/sftp/eurazeo-upload/ --no-user-group -G users,sftponly -s /bin/false eurazeo-upload
cat >> /etc/fstab <EOF
/home/www/prod.eurazeo-corpo.monkees.pro/web/uploads	/home/sftp/eurazeo-upload/uploads	none   bind   0 0
EOF
mount -a

Openvswitch

Supprimer un bridge en mode rescue (hetzner)

ssh -o StrictHostKeyChecking=no root@server
mount /dev/mapper/vg0--raid1-root /mnt
chroot-prepare /mnt
chroot /mnt
mkdir /var/run/openvswitch && ovsdb-server --remote=punix:/var/run/openvswitch/db.sock --detach
ovs-vsctl --no-wait del-br br-ex
exit
reboot

RAID soft

Lorsque le RAID est bloqué en “resync=pending”

cat /proc/mdstat
mdadm --readwrite /dev/md0

Passer un RAID1 vers un RAID0 :

umount /partition
mdadm --stop /dev/md2
mdadm --create /dev/md2 --level=0 --raid-devices=2 /dev/nvme0n1p5 /dev/nvme1n1p5
mkfs.ext4 /dev/md2
mount /partition

Ne pas oublier de modifier /etc/fstab si besoin.

LVM

Créer un nouveau LVM :

umount /data
apt install lvm2
pvcreate /dev/md2
vgcreate vg0-raid0 /dev/md2
lvcreate -L2T -n data vg0-raid0
mkfs.ext4 /dev/vg0-raid0/data
blkid
vi /etc/fstab

Iptables

Rediriger un domain vers une autre infra (ici 185.46.231.150) Le domaine doit pointer sur une IP dédiée (ici 163.172.206.43)

sysctl net.ipv4.ip_forward=1
iptables -A PREROUTING -t nat -p tcp -d 163.172.206.43 --dport 443  -j DNAT --to-destination 185.46.231.150:443
iptables -A POSTROUTING -t nat -p tcp -d 185.46.231.150 --dport 443 -j MASQUERADE
iptables -I FORWARD -m state -p tcp -d 185.46.231.150 --dport 443 --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d 163.172.206.43 --dport 80  -j DNAT --to-destination 185.46.231.150:80
iptables -A POSTROUTING -t nat -p tcp -d 185.46.231.150 --dport 80 -j MASQUERADE
iptables -I FORWARD -m state -p tcp -d 185.46.231.150 --dport 80 --state NEW,ESTABLISHED,RELATED -j ACCEPT

SSH

Rediriger les requetes MySQL arrivant sur 127.0.0.1 vers une autre machine :

ssh -fN -L 3306:127.0.0.1:3306 pkgdata@163.172.198.205

Supervision

  • Test envoi alerte pushover depuis le serveur de supervision
ssh sc002.pkgdata.net
export message="test"; export title="test"; /etc/icinga2/scripts/pushover.pl

Debian

  • Choisir la version de PHP par défaut
update-alternatives --config php

Lsyncd

apt install lsyncd
mkdir /etc/lsyncd
cat >> /etc/lsyncd/lsyncd.conf.lua <<EOF
settings {
	logfile		= "/var/log/lsyncd/lsyncd.log",
	statusFile	= "/var/log/lsyncd/lsyncd.status",
	nodaemon	= false,
	insist		= true
}

sync {
	default.rsyncssh,
	source		= "/data",
	host		= "on104.rpn",
	targetdir	= "/data",
	rsync		= {
		rsh			= "/usr/bin/ssh -l root -i /root/.ssh/restic -o StrictHostKeyChecking=no",
		archive		= true,
		whole_file	= true
	}

}
EOF
sysctl fs.inotify.max_user_watches=10000000
sysctl fs.inotify.max_queued_events=1000000
cat >> /etc/sysctl.conf <<EOF
# Lsyncd tunning
fs.inotify.max_user_watches=10000000
fs.inotify.max_queued_events=10000000
EOF
mkdir /var/log/lsyncd
/etc/init.d/lsyncd start