yum install glibc.i686 zlib.i686 nss-mdns.i686
Get realm name:
wget -q –no-check-certificate -O – ‘https://some.site.com/dana-na/auth/url_0/welcome.cgi’ | sed -n ‘s/.*]*name=”realm” [^>]*\)>.*/\1/p’ | sed -n ‘s/.* value=”\([^”]*\)”.*/\1/p’
wget https://some.site.com/dana-cached/nc/ncLinuxApp.jar
unzip ncLinuxApp.jar
sudo chown root:root ncsvc
sudo chmod 6711 ncsvc
chmod 744 ncdiag
chmod +x getx509certificate.sh
./getx509certificate.sh some.site.com company.cert
./ncsvc -h some.site.com -u username -p password -r REALM -f ./company.cert -U ‘https://some.site.com/dana-na/auth/url_default/welcome.cgi’
Radius 2nd factor configured realm:
dnf install openconnect NetworkManager-openconnect NetworkManager-openconnect-gnome
GNOME NetworkManager:
Add VPN -> Cisco AnyConnect Compatible VPN (openconnect)
In “Identity General” tab:
VPN Protocol “Juniper/Pulse Network Connect”
Gateway pulse.domain.com/name
In “IPV4” tab:
“Use this connection only for resources on its network”
After a new VPN connection was created you need to switch it on. A new “Connect to VPN X” window with “frmLogin” label shows login/password prompt. Next, click “Login” and another window with “frmDefender” requests “password”, which is actually OTP. You could get it from your pre-configured OTP app like google authenticator, SecureAuth, etc. Click “Login” after you typed random OTP and you should be all set.
Links:
https://serverfault.com/questions/363061/how-to-connect-to-a-juniper-vpn-from-linux
You must add a rule to the default export policy to allow all clients access through NFSv3. Without such a rule, all NFS clients are denied access to the Storage Virtual Machine (SVM) and its volumes.
- In the navigation pane, select the SVM and click .
- Select the export policy named default, which is applied to the SVM root volume.
- In the lower pane, click Add.
- In the Create Export Rule dialog box, create a rule that opens access to all clients for NFS clients:
- In the Client Specification field, enter 0.0.0.0/0 so that the rule applies to all clients.
- Retain the default value as 1 for the rule index.
- Select NFSv3.
- Clear all the check boxes except the UNIX check box under Read-Only.
- Click OK.
Links:
https://library.netapp.com/ecmdocs/ECMP1547459/html/GUID-FC041987-F793-427E-BB00-19D3DB1F30DA.html
https://library.netapp.com/ecmdocs/ECMP12517204/html/GUID-44DFBDC9-03DD-4046-A9B8-4857858AB9C1.html
https://kb.netapp.com/support/s/article/ka21A0000000Z9uQAE/how-do-export-policies-work-in-clustered-data-ontap?language=en_US
https://library.netapp.com/ecmdocs/ECMP1366835/html/GUID-EB3438EC-21B1-401F-8190-D509E67D8E90.html
cat /etc/sysconfig/network-scripts/ifcfg-eth3
DEVICE=eth3
HWADDR=64:31:50:4B:52:4E
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
BRIDGE=br2
cat /etc/sysconfig/network-scripts/ifcfg-br2
DEVICE=br2
ONBOOT=yes
TYPE=Bridge
NM_CONTROLLED=no
BOOTPROTO=none
cat /etc/rc.local
#add it to your /etc/rc.local file:
for task in /etc/rc.local.d/*
do
# Source the post-boot script
. $task
done
cat /etc/rc.local.d/kvm
brctl setageing br2 0
brctl setfd br2 0
Links:
http://www.ryanhallman.com/kvm-configure-mirrored-ports-traffic-to-be-visible-in-guest-snort/
https://serverfault.com/questions/798001/kvm-bridge-for-promisc-interface-ids
http://linux-blog.anracom.com/2016/01/14/vmware-ws-bridging-of-linux-bridges-and-security-implications/
https://wiki.linuxfoundation.org/networking/bridge#Showing_devices_in_a_bridge
https://wiki.libvirt.org/page/Networking
The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:
$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key
The `modulus’ and the `public exponent’ portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it’s bothering comparing long modulus you can use the following approach:
$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. As a “one-liner”:
$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5
And with auto-magic comparison (If more than one hash is displayed, they don’t match):
$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5) | uniq
BTW, if I want to check to which key or certificate a particular CSR belongs you can compute
$ openssl req -noout -modulus -in server.csr | openssl md5
Links: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify
https://kb.wisc.edu/middleware/page.php?id=4064
Requirements here.
PHP 5.5 installation:
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
yum install http://rpms.remirepo.net/enterprise/remi-release-6.rpm
yum install php55.x86_64 php55-php php55-php-pdo php55-php-gd php55-php-mysql php55-php-mcrypt php55-php-common php55-php-mbstring php55-php-pecl-imagick mysql-server.x86_64 php55-php-pecl-zip php55-php-ldap
yum install mod_ssl
Creating a Database and User:
mysql_secure_installation
mysql -u root -p
create database snipeit;
show databases;
create user snipe_user;
grant all on snipeit.* to 'snipe_user'@'localhost' identified by 'YOUR_DB_PASSWORD_HERE';
wget https://github.com/snipe/snipe-it/archive/v3.6.4.tar.gz
tar zxvf snipe-it-3.6.4.tar.gz
mkdir /var/www/snipeit && cp -r snipe-it-3.6.4/* /var/www/snipeit/
cd /var/www/snipeit/
cp .env.example .env
.env file has to be filled out with your data:
vi .env
# --------------------------------------------
# REQUIRED: BASIC APP SETTINGS
# --------------------------------------------
APP_ENV=production
APP_DEBUG=false
APP_KEY=ChangeMe
APP_URL=null
APP_TIMEZONE='UTC'
APP_LOCALE=en
# --------------------------------------------
# REQUIRED: DATABASE SETTINGS
# --------------------------------------------
DB_CONNECTION=mysql
DB_HOST=localhost
DB_DATABASE=null
DB_USERNAME=null
DB_PASSWORD=null
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'
# --------------------------------------------
# OPTIONAL: SSL DATABASE SETTINGS
# --------------------------------------------
DB_SSL=false
DB_SSL_KEY_PATH=null
DB_SSL_CERT_PATH=null
DB_SSL_CA_PATH=null
DB_SSL_CIPHER=null
# --------------------------------------------
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_DRIVER=smtp
MAIL_HOST=email-smtp.us-west-2.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOURUSERNAME
MAIL_PASSWORD=YOURPASSWORD
MAIL_ENCRYPTION=null
MAIL_FROM_ADDR=you@example.com
MAIL_FROM_NAME='Snipe-IT'
MAIL_REPLYTO_ADDR=you@example.com
MAIL_REPLYTO_NAME='Snipe-IT'
# --------------------------------------------
# REQUIRED: IMAGE LIBRARY
# This should be gd or imagick
# --------------------------------------------
IMAGE_LIB=gd
# --------------------------------------------
# OPTIONAL: SESSION SETTINGS
# --------------------------------------------
SESSION_LIFETIME=12000
EXPIRE_ON_CLOSE=false
ENCRYPT=false
COOKIE_NAME=snipeit_session
COOKIE_DOMAIN=null
SECURE_COOKIES=false
# --------------------------------------------
# OPTIONAL: CACHE SETTINGS
# --------------------------------------------
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
# --------------------------------------------
# OPTIONAL: AWS S3 SETTINGS
# --------------------------------------------
AWS_SECRET=null
AWS_KEY=null
AWS_REGION=null
AWS_BUCKET=null
# --------------------------------------------
# OPTIONAL: LOGIN THROTTLING
# --------------------------------------------
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=60
# --------------------------------------------
# OPTIONAL: MISC
# --------------------------------------------
APP_LOG=single
APP_LOCKED=false
FILESYSTEM_DISK=local
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
ALLOW_IFRAMING=false
Detailed information about all options could be found here.
Composer installation:
su - snipeit
cd /var/www/snipeit/
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
Generate Your App Key:
This should automatically set the APP_KEY value in your .env file for you.
php artisan key:generate
To start installation process just go to your Snipe IT url
Web Server and SSL config:
openssl req -new -x509 -days 1825 -keyout servername.domain.com.key -out servername.domaincom.crt -nodes -subj '/O=Organization/OU=Organization Department/CN=servername.domain.com
cp servername.domain.com.key /etc/pki/tls/private/
chmod 400 /etc/pki/tls/private/servername.domain.com.key
cp servername.domain.com.crt /etc/pki/tls/certs/
vi /var/www/snipeit/public/.htaccess
#Uncomment these lines
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
vi /etc/httpd/conf.d/snipeit.conf:
DocumentRoot /var/www/snipeit/public
ServerName servername.domain.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/servername.domaincom.crt
SSLCertificateKeyFile /etc/pki/tls/private/servername.domain.com.key
Allow From All
AllowOverride All
Options +Indexes
chown -R snipeit:snipeit /var/www/snipeit/
chown -R apache:apache /var/www/snipeit/storage
chown -R apache:apache /var/www/snipeit/public/uploads
chmod -R 755 /var/www/snipeit/storage
chmod -R 755 /var/www/snipeit/public/uploads/
LDAP Settings:
LDAP Integration - LDAP enabled
Active Directory - This is an Active Directory server
LDAP Password Sync - Yes
Active Directory domain - domain.com
LDAP Server ldap://servername.domain.com
LDAP Bind Username - readonlyuser@domain.com
Base Bind DN - OU=Users,OU=SomeOU,DC=domain,DC=com
#Request only enabled users
LDAP Filter - &(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))
Username Field - samaccountname
Last Name - sn
LDAP First Name - givenname
LDAP Authentication query - samaccountname=
LDAP Version - 3
LDAP Email - mail
Links: https://snipe-it.readme.io/docs
https://snipe-it.readme.io/v3.6.2/docs/ldap-sync-login
First, make sure a new HDD replaced and initialized correctly. In my example it’s /dev/sdc.
Creating linux primary partition, formating as xfs and mounting to the same mount point as it was before:
parted -a optimal /dev/sdc mkpart primary 0% 100%
mkfs.xfs -i size=512 /dev/sdc1
mount /dev/sdc1 /export/sdc1
mkdir -p /export/sdc1/brick1
gluster volume info gfsvol – BrickN server1-gluster:/export/sdc1/brick1 should be listed here
Volume Name: gfsvol
Type: Replicate
Volume ID: def9e71b-e3cd-4d25-a604-e53aa717e744
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: server1-gluster:/export/sdc1/brick1
Brick2: server2-gluster:/export/sdc1/brick1
gluster volume heal gfsvol full
Another transaction is in progress for gfsvol. Please try again after sometime.
ls -ltr /var/log/glusterfs
cat etc-glusterfs-glusterd.vol.log
[2017-05-17 23:57:24.089817] W [socket.c:611:__socket_rwv] 0-management: readv on /var/run/6a4503614e8aae691f635297ed0dca19.socket failed (Invalid argument)
The message "I [MSGID: 106005] [glusterd-handler.c:4142:__glusterd_brick_rpc_notify] 0-management: Brick server1-gluster:/export/sdc1/brick1 has disconnected from glusterd." repeated 39 times between [2017-05-17 23:55:27.065833] and [2017-05-17 23:57:24.091004]
[2017-05-17 23:57:27.090603] W [socket.c:611:__socket_rwv] 0-management: readv on /var/run/6a4503614e8aae691f635297ed0dca19.socket failed (Invalid argument)
[2017-05-17 23:57:27.091934] I [MSGID: 106005] [glusterd-handler.c:4142:__glusterd_brick_rpc_notify] 0-management: Brick server1-gluster:/export/sdc1/brick1 has disconnected from glusterd.
[2017-05-17 23:57:30.091171] W [socket.c:611:__socket_rwv] 0-management: readv on /var/run/6a4503614e8aae691f635297ed0dca19.socket failed (Invalid argument)
gluster volume heal gfsvol full
Commit failed on server2-gluster. Please check log file for details.
cat /var/log/glusterfs/bricks/export-sdc1-brick1.log
[2017-05-17 23:35:29.469536] I [MSGID: 100030] [glusterfsd.c:2018:main] 0-/usr/sbin/glusterfsd: Started running /usr/sbin/glusterfsd version 3.6.1 (args: /usr/sbin/glusterfsd -s server1-gluster --volfile-id gfsvol.server1-gluster.export-sdc1-brick1 -p /var/lib/glusterd/vols/gfsvol/run/server1-gluster-export-sdc1-brick1.pid -S /var/run/6a4503614e8aae691f635297ed0dca19.socket --brick-name /export/sdc1/brick1 -l /var/log/glusterfs/bricks/export-sdc1-brick1.log --xlator-option *-posix.glusterd-uuid=c876c33a-3605-4c5c-b773-8d5e85655111 --brick-port 49153 --xlator-option gfsvol-server.listen-port=49153)
[2017-05-17 23:35:29.608846] I [graph.c:269:gf_add_cmdline_options] 0-gfsvol-server: adding option 'listen-port' for volume 'gfsvol-server' with value '49153'
[2017-05-17 23:35:29.608880] I [graph.c:269:gf_add_cmdline_options] 0-gfsvol-posix: adding option 'glusterd-uuid' for volume 'gfsvol-posix' with value 'c876c33a-3605-4c5c-b773-8d5e85655111'
[2017-05-17 23:35:29.640944] I [rpcsvc.c:2142:rpcsvc_set_outstanding_rpc_limit] 0-rpc-service: Configured rpc.outstanding-rpc-limit with value 64
[2017-05-17 23:35:29.641025] W [options.c:898:xl_opt_validate] 0-gfsvol-server: option 'listen-port' is deprecated, preferred is 'transport.socket.listen-port', continuing with correction
[2017-05-17 23:35:29.656007] E [posix.c:5604:init] 0-gfsvol-posix: Extended attribute trusted.glusterfs.volume-id is absent
[2017-05-17 23:35:29.656026] E [xlator.c:425:xlator_init] 0-gfsvol-posix: Initialization of volume 'gfsvol-posix' failed, review your volfile again
[2017-05-17 23:35:29.656034] E [graph.c:322:glusterfs_graph_init] 0-gfsvol-posix: initializing translator failed
[2017-05-17 23:35:29.656041] E [graph.c:525:glusterfs_graph_activate] 0-graph: init failed
[2017-05-17 23:35:29.656750] W [glusterfsd.c:1194:cleanup_and_exit] (--> 0-: received signum (0), shutting down
“[2017-05-17 23:35:29.656007] E [posix.c:5604:init] 0-gfsvol-posix: Extended attribute trusted.glusterfs.volume-id is absent” – here it is. Let’s add extended attribute.
grep volume-id /var/lib/glusterd/vols/gfsvol/info | cut -d= -f2 | sed 's/-//g'
def9e71be3cd4d25a604e53aa717e744
setfattr -n trusted.glusterfs.volume-id -v 0xdef9e71be3cd4d25a604e53aa717e744 /export/sdc1/brick1
service glusterd restart
Just to confirm:
getfattr -d -m . -e hex /export/sdc1/brick1
Check if it’s getting synced:
while [ 1 ]; do du -sh /export/sdc1/brick1; sleep 30; done
Start heal process again
gluster volume heal gfsvol full
gluster volume heal gfsvol info
Links: https://serverfault.com/questions/710220/how-do-you-add-a-replacement-hdd-to-a-glusterfs-volume
https://joejulian.name/blog/replacing-a-brick-on-glusterfs-340/
Identify the bricks info:
[root@server1 ~]# gluster volume info images
Volume Name: images
Type: Replicate
Volume ID: e60b5d4b-be1f-4233-b09c-84a97001021f
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: server1-gluster:/export/images/brick1
Brick2: server2-gluster:/export/images/brick1
Options Reconfigured:
diagnostics.count-fop-hits: on
diagnostics.latency-measurement: on
performance.quick-read: off
performance.read-ahead: off
performance.io-cache: off
performance.stat-prefetch: off
cluster.eager-lock: enable
network.remote-dio: enable
cluster.quorum-type: fixed
cluster.quorum-count: 1
storage.owner-uid: 107
storage.owner-gid: 107
Get the path of the file that is in split-brain:
It can be obtained either by
a) The command gluster volume heal <volname> info split-brain.
[root@server1 ~]# gluster volume heal images info split-brain
Gathering list of split brain entries on volume images has been successful
Brick server1-gluster:/export/images/brick1
Number of entries: 1024
at path on brick
-----------------------------------
2017-02-08 06:14:56 /srvmsim01v.img
2017-02-08 07:55:53 /srvmmdb02v.img
2017-02-08 07:55:53 /srvmmgw02v.img
etc.
Brick server2-gluster:/export/images/brick1
Number of entries: 1024
at path on brick
-----------------------------------
2017-03-01 09:36:44 /srvmmgw02v.img
2017-03-01 09:37:45 /srvmsim01v.img
2017-03-01 09:37:45 /srvmmdb02v.img
etc.
b) Identify the files for which file operations performed from the client keep failing with Input/Output error.
Close the applications that opened this file from the mount point. In case of VMs, they need to be powered-off.
Decide on the correct copy:
This is done by observing the afr changelog extended attributes of the file on the bricks using the getfattr command; then identifying the type of split-brain (data split-brain, metadata split-brain, entry split-brain or split-brain due to gfid-mismatch); and finally determining which of the bricks contains the ‘good copy’ of the file.
getfattr -d -m . -e hex <file-path-on-brick>.
0x 000003d7 00000001 00000000
| | |
| | \_ changelog of directory entries
| \_ changelog of metadata
\ _ changelog of data
It is also possible that one brick might contain the correct data while the other might contain the correct metadata.
[root@server1 ~]# stat /export/images/brick1/srvmsim01v.img
File: `/export/images/brick1/pny2msim01v.img'
Size: 15228796928 Blocks: 29743528 IO Block: 4096 regular file
Device: 812h/2066d Inode: 116 Links: 2
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-03-01 09:46:23.599184357 -0500
Modify: 2017-03-01 12:23:04.693187960 -0500
Change: 2017-03-01 12:23:21.924583877 -0500
[root@server1 ~]# md5sum /export/images/brick1/srvmsim01v.img
cb21a48ee44309cd0a2bcf6bec4c0f7c /export/images/brick1/srvmsim01v.img
[root@server2 ~]# stat /export/images/brick1/srvmsim01v.img
File: `/export/images/brick1/pny2msim01v.img'
Size: 15228796928 Blocks: 22730808 IO Block: 4096 regular file
Device: 812h/2066d Inode: 115 Links: 2
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-09-16 19:01:35.737767450 -0400
Modify: 2017-03-01 12:23:17.320088786 -0500
Change: 2017-03-01 12:23:34.542382249 -0500
[root@server2 ~]# md5sum /export/images/brick1/srvmsim01v.img
5062e0f3ef1a0a2c36825cd769366276 /export/images/brick1/srvmsim01v.img
[root@server1 ~]# getfattr -d -m . -e hex /export/images/brick1/srvmsim01v.img
getfattr: Removing leading '/' from absolute path names
# file: export/images/brick1/srvmsim01v.img
trusted.afr.dirty=0x000000000000000000000000
trusted.afr.images-client-0=0x000000000000000000000000
trusted.afr.images-client-1=0x015457d20000000000000000
trusted.gfid=0x43304ae0fa284e178e8364b837b30925
[root@server2 ~]# getfattr -d -m . -e hex /export/images/brick1/srvmsim01v.img
getfattr: Removing leading '/' from absolute path names
# file: export/images/brick1/srvmsim01v.img
trusted.afr.dirty=0x000000000000000000000000
trusted.afr.images-client-0=0x000000040000000000000000
trusted.afr.images-client-1=0x000000000000000000000000
trusted.gfid=0x43304ae0fa284e178e8364b837b30925
So, different md5sum output, blocks, inodes, but the same size. Meta data is not corrupted. I decided to keep the first replica.
Reset the relevant extended attribute on the brick(s) that contains the ‘bad copy’ of the file data/metadata using the setfattr command.
setfattr -n <attribute-name> -v <attribute-value> <file-path-on-brick>
[root@server2 ~]#setfattr -n trusted.afr.images-client-0 -v 0x000000000000000000000000 /export/images/brick1/srvmsim01v.img
Trigger self-heal on the file by performing lookup from the client:
ls -l <file-path-on-gluster-mount>
[root@server1 ~]# ls -l /export/images/brick1/srvmsim01v.img
-rw------- 2 qemu qemu 15236399104 Mar 1 17:37 /export/images/brick1/srvmsim01v.img
[root@server1 ~]# ls -l /var/lib/libvirt/images/pny2msim01v.img
-rw------- 1 qemu qemu 15236399104 Mar 1 17:38 /var/lib/libvirt/images/srvmsim01v.img
Links:
https://gluster.readthedocs.io/en/latest/Troubleshooting/split-brain/
https://gluster.readthedocs.io/en/latest/Troubleshooting/heal-info-and-split-brain-resolution/ (If you’re under 3.7 or higher))
https://github.com/gluster/glusterfs/blob/master/doc/debugging/split-brain.md
The only way to do this is by using the AWS CLI, at the current time there’s no way to do this using the web console.
aws ec2 modify-instance-attribute –instance-id i-123e4567fc8901234 –block-device-mappings “[{\”DeviceName\”: \”/dev/xvda\”,\”Ebs\”:{\”DeleteOnTermination\”:false}}]”
cat /etc/inittab
# inittab is no longer used when using systemd.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses ‘targets’ instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target
Runlevel 3 is now multi-user.target and runlevel 5 is now graphical.target.
systemctl set-default multi-user.target;
systemctl set-default graphical.target;
To switch from graphical to multi-user:
systemctl isolate multi-user.target;
To switch from multi-user to graphical:
systemctl isolate graphical.target;
Links:
https://www.centos.org/forums/viewtopic.php?t=47306
http://www.freedesktop.org/software/systemd/man/systemd.special.html
https://www.youtube.com/watch?v=jbYucYX1WwM
The following matrix shows which TS CAL’s and RDS CAL’s can be entered on different versions of the TS and RD Licensing Server:
|
TS|RD Licensing Server OS Version |
| CAL type |
2000 |
2003 |
2003R2 |
2008 |
2008R2 |
2012 |
2012R2 |
2016 |
|
2000
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
No
|
No
|
No
|
|
2003
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
2008(2)
|
No
|
No
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
2012
|
No
|
No
|
No
|
No
|
No
|
Yes
|
Yes
|
Yes
|
|
2016
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
Yes
|
The following matrix shows which TS CAL’s and RDS CAL’s can be used to allow a user to connect to an RDS host OS version (from
official article 
)
|
RD Session/Virtual Host OS version |
| CAL type |
2000 |
2003 |
2003R2 |
2008 |
2008R2 |
2012 |
2012R2 |
2016 |
|
2000
|
Yes
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
|
2003
|
Yes
|
Yes
|
Yes
|
No
|
No
|
No
|
No
|
No
|
|
2008
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
No
|
No
|
No
|
|
2012
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
No
|
|
2016
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Notes:
Links:
https://social.technet.microsoft.com/wiki/contents/articles/14988.rds-and-ts-cal-interoperability-matrix.aspx
“There might be situation when you want to configure License server on the RD Session Host or on the RD Virtualization Host manually since you do not have any RD Connection Broker in your environment. You have already configured RD Session Host server or Virtualization Host Server as required and now you want to configure the License server which is already installed and configured with licenses. All you are left to do is configure the License Server and the Licensing mode on the corresponding RD session Host or Virtualization Host servers.”
To configure the license server on RDSH/RDVH:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.SetSpecifiedLicenseServerList(“License.contoso.com”)
To verify the license server configuration on RDSH/RDVH:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.GetSpecifiedLicenseServerList()
To change the licensing mode on RDSH/RDVH:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.ChangeMode(value) – Value can be 2 – per Device, 4 – Per user
To validate the licensing mode:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.LicensingType
$obj.LicensingName
Links:
https://blogs.technet.microsoft.com/askperf/2013/09/20/rd-licensing-configuration-on-windows-server-2012/
Installation
yum install nano wget ftp telnet perl tcl expect gcc cvs rcs httpd autoconf openssh-clients postfix -y
groupadd netadm
useradd -g netadm -c “Networking Backups” -d /usr/local/rancid rancid
mkdir /usr/local/rancid/pkg
cd /usr/local/rancid/pkg
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.4.1.tar.gz
tar zxvf rancid-3.4.1.tar.gz
cd rancid-3.4.1
./configure –prefix=/usr/local/rancid/
make install
Configuration
cp /usr/local/rancid/pkg/rancid-3.4.1/cloginrc.sample /usr/local/rancid/.cloginrc
chmod 0600 /usr/local/rancid/.cloginrc
chown -R rancid:netadm /usr/local/rancid/
chmod 775 /usr/local/rancid/
cp /usr/local/rancid/pkg/rancid-3.4.1/README /usr/local/rancid
SSH key/keys generation
su – rancid
ssh-keygen -t ecdsa (for Juniper)
ssh-keygen -t rsa -b 4096 (for Cisco/Arista devices)
ssh-keygen -f .ssh/id_rsa.pub -l (Show fingerprint of specified public key file)
clogin configuration
vi /usr/local/rancid/.cloginrc
#add method * ssh
#add user * rancid
#add password * RancidPW EnablePW
add password * blah
#Juniper
add user juniper-device-01 rancid
add method juniper-device-01 {ssh}
add identity juniper-device-01 $env(HOME)/.ssh/id_ecdsa
#Cisco/Arista
add user ciscoarista-device-02 rancid
add method ciscoarista-device-02 {ssh}
add identity ciscoarista-device-02 $env(HOME)/.ssh/id_rsa
add autoenable ciscoarista-device-02 1
Rancid configuration
vi /usr/local/rancid/etc/rancid.conf
LIST_OF_GROUPS=”LOC1 LOC2″
FILTER_PWDS=NO; export FILTER_PWDS
NOCOMMSTR=NO; export NOCOMMSTR
Once happy with your groups, you need to run rancid-cvs to create the directories/files required as the rancid user
su – rancid
/usr/local/rancid/bin/rancid-cvs
router.db config
cat “juniper-device-01;juniper;up” >> /usr/local/rancid/var/LOC1/router.db
cat “ciscoarista-device-02;arista;up” >> /usr/local/rancid/var/LOC1/router.db or cat “ciscoarista-device-02;cisco;up” >> /usr/local/rancid/var/LOC1/router.db
vi /etc/aliases:
rancid-LOC1: mail1@mail.com
rancid-admin-LOC1: mail1@mail.com
rancid-LOC2: mail1@mail.com
rancid-admin-LOC2: mail1@mail.com
newaliases
SMTP postfix relay configuration
vi /etc/postfix/main.cf
inet_interfaces = 192.168.0.100
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost = 192.168.0.111
smtp_fallback_relay = 192.168.0.112
mydomain = subdomain.domain.com
myorigin = monhost.subdomain.domain.com
mydestinations = monhost.subdomain.domain.com
local_transport = error:local mail delivery is disabled
systemctl restart postfix
systemctl status postfix
Juniper device configuration
set system login class RANCID permissions access
set system login class RANCID permissions admin
set system login class RANCID permissions firewall
set system login class RANCID permissions flow-tap
set system login class RANCID permissions interface
set system login class RANCID permissions network
set system login class RANCID permissions routing
set system login class RANCID permissions secret
set system login class RANCID permissions security
set system login class RANCID permissions snmp
set system login class RANCID permissions storage
set system login class RANCID permissions system
set system login class RANCID permissions trace
set system login class RANCID permissions view
set system login class RANCID permissions view-configuration
set system login user rancid full-name RANCID
set system login user rancid uid 2020
set system login user rancid class RANCID
set system login user rancid authentication ssh-ecdsa "ecdsa-sha2-nistp256 loooooooooooooooong-hash LOC1MGMTRANCID"
Cisco device configuration
#You could find ssh rsa key fingerprint by ssh-keygen -f .ssh/id_rsa.pub -l command
username rancid privilege 15
ip ssh pubkey-chain
username rancid
key-hash ssh-rsa ssh-rsa-fingerprint-without-colons
Arista device configuration
aaa authorization exec default local none
username rancid privilege 15 secret secret-password
username rancid sshkey ssh-rsa ssh-rsa-key-public-part-from-id_rsa.pub rancid@monhost
Check if ssh password less configuration works fine
#juniper
/usr/local/rancid/bin/jlogin -c “show version” juniper-device-01
#arista/cisco
/usr/local/rancid/bin/jlogin -c “show configuration” ciscoarista-device-02
Rancid manual start
/usr/local/rancid/bin/rancid-run
CRON setup
crontab -u rancid -e
1 * * * * /usr/local/rancid/bin/rancid-run
# Daily Clean Up of Diff Files at 11 50 pm
50 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f -mtime +2 -exec rm {} \;
# Daily Clean Up of .SITE.run.lock Files at 11 50 pm
50 23 * * * rm /tmp/.*.lock
ViewVC installation
I suggest if RANCID has been provisioned as a VM, snapshot at this point in case you make a any mistakes configuring View VC.
cd /usr/local/rancid/pkg
wget http://viewvc.tigris.org/files/documents/3330/49392/viewvc-1.1.23.tar.gz
tar -zxvf viewvc-1.1.23.tar.gz
cd viewvc-1.1.23
./viewvc-install ## we set the installation path as /usr/local/viewvc
Consult the INSTALL document for detailed information on completing the installation and configuration of ViewVC on your system. Here’s a brief overview of the remaining steps:
1) Edit the /usr/local/viewvc/viewvc.conf file.
2)Copy /usr/local/viewvc/bin/cgi/viewvc.cgi to an already-configured cgi-bin directory.
vi /usr/local/viewvc/viewvc.conf
root_parents = /usr/local/rancid/var/CVS : cvs
rcs_dir = /usr/bin/
#use_enscript = 1
#enscript_path = /usr/bin/
#use_highlight = 1
#highlight_path = /usr/bin
cp /usr/local/viewvc/bin/cgi/*.cgi /var/www/cgi-bin/
chown apache:apache /var/www/cgi-bin/query.cgi
chown apache:apache /var/www/cgi-bin/viewvc.cgi
vi /etc/httpd/conf/httpd.conf
ScriptAlias /rancid "/var/www/cgi-bin/viewvc.cgi"
ScriptAlias /query "/var/www/cgi-bin/query.cgi"
<Location /viewvc>
AuthType basic
AuthName "Client Access"
AuthUserFile /usr/local/viewvc/passwd
Require valid-user
</Location>
htpasswd -c /usr/local/viewvc/passwd admin
systemctl restart httpd
Links:
https://www.cryptomonkeys.com/2013/09/rancid-junos/
https://www.ip-life.net/rancid-setup-on-ubuntu-10-04-lts/
After I have enabled HTTPS on every SCCM 1606 component all my windows update client just suddenly stopped working. Windows Update check stopped with “0x80244019”
WindowsUpdate.log on a client side:
2016/11/21 13:13:00.7947333 1396 5228 WebServices Auto proxy settings for this web service call.
2016/11/21 13:13:00.8137726 1396 5228 WebServices Auto proxy settings for this web service call.
2016/11/21 13:13:00.8267772 1396 5228 WebServices WS error: There was an error communicating with the endpoint at ‘https://sccmwsusserver.com:8531/ClientWebService/client.asmx’.
2016/11/21 13:13:00.8267778 1396 5228 WebServices WS error: The server returned HTTP status code ‘404 (0x194)’ with text ‘Not Found’.
2016/11/21 13:13:00.8267778 1396 5228 WebServices WS error: The requested resource was not found.
2016/11/21 13:13:00.8267787 1396 5228 WebServices Web service call failed with hr = 80244019.
2016/11/21 13:13:00.8267787 1396 5228 WebServices Current service auth scheme=0.
2016/11/21 13:13:00.8267790 1396 5228 WebServices Current Proxy auth scheme=0.
Ok, lets troubleshoot:
netsh winhttp show proxy
Current WinHTTP proxy settings:
Direct access (no proxy server).
https://sccmwsusserver.com:8531/SimpleAuthWebService/SimpleAuth.asmx – reachable
https://sccmwsusserver.com.com:8531/ClientWebService/client.asmx – reachable
Clients/DMZ firewalls were fine also
After some useless googling I’ve found this Microsoft TechNet thread .
And last replay was: “Whats in WCM.log on the SUP? Was KB3159706 recently installed? If you do, there is some post installation steps https://support.microsoft.com/en-au/kb/3159706”. Interesting. I checked updates on my SCCM server and I found KB3159706 installed there. Great. Let me copy-paste from the article:
Manual steps required to complete the installation of this update
Open an elevated Command Prompt window, and then run the following command (case sensitive, assume “C” as the system volume):
“C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
Restart the WSUS service.
If SSL is enabled on the WSUS server
Assign ownership of the Web.Config file to the administrators group (run at an elevated command prompt):
cd “C:\Program Files\Update Services\WebServices\ClientWebService\”
takeown /f web.config /a
icacls “C:\Program Files\Update Services\WebServices\ClientWebService\Web.config” /grant administrators:f
Locate the Web.Config file in the following path:
C:\Program Files\Update Services\WebServices\ClientWebService\Web.Config
Make the following changes in the file.
Note This code sample represents a single text block. The line spacing is used only to emphasize the text changes, which are shown in bold.
<services>
<service
name="Microsoft.UpdateServices.Internal.Client"
behaviorConfiguration="ClientWebServiceBehaviour">
<!--
These 4 endpoint bindings are required for supporting both http and https
-->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="SSL"
contract="Microsoft.UpdateServices.Internal.IClientWebService" />
<endpoint address="secured"
binding="basicHttpBinding"
bindingConfiguration="SSL"
contract="Microsoft.UpdateServices.Internal.IClientWebService" />
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="ClientWebServiceBinding"
contract="Microsoft.UpdateServices.Internal.IClientWebService" />
<endpoint address="secured"
binding="basicHttpBinding"
bindingConfiguration="ClientWebServiceBinding"
contract="Microsoft.UpdateServices.Internal.IClientWebService" />
</service>
</services>
Add the multipleSiteBindingsEnabled=”true” attribute to the bottom of the Web.Config file, as shown:
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Links:
https://nhogarth.net/2016/09/13/scan-failed-with-error-0x80244019/
http://thedesktopteam.com/raphael/sccm-2012-scan-failed-with-error-0x80244019/
https://support.microsoft.com/en-us/kb/900935
https://social.technet.microsoft.com/Forums/en-US/3b85e68e-7ab5-4935-9221-40973487ecae/software-updates-deployment-fails-after-enabling-https-scan-failed-with-error-0x80244019
https://support.microsoft.com/en-au/kb/3159706
Use the BIND dig utility to retrieve a list of root name servers
dig @a.root-servers.net . ns > named.ca
Make sure to copy named.ca to the directory containing your DNS maps. Restart BIND for the changes to take effect
Links:
Updating BIND default ROOT servers (named.ca)
1)
Got the issue on Centos 6.6 x86_64 with Spacewalk2.2 when tried to do client Centos 7 with EPEL installation – “/tmp/yum.cache/epel7-centos7-x86_64/comps.xml: not well-formed (invalid token): line 1, column 0”.
This is an XML parsing error. The installer is expecting this file to be in XML format. The file is not in XML format, it is XML that has been LZMA/XZ compressed.
I’ve found solution here and here.
So, the idea is to find, first, where spacewalk store python files that I have to update to support xz:
find / -name ‘reposync.py’ or find / -name ‘fileutils.py’
For me it’s here:
/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py
/usr/lib/python2.6/site-packages/spacewalk/common/fileutils.py
Update the files:
common/fileutils.py
@@ -17,6 +17,7 @@
import sys
import bz2
import gzip
+import lzma
import pwd
import grp
import types
@@ -478,6 +479,8 @@ def decompress_open(filename, mode='r'):
file_obj = gzip.open(filename, mode)
elif filename.endswith('.bz2'):
file_obj = bz2.BZ2File(filename, mode)
+ elif filename.endswith('.xz'):
+ file_obj = lzma.LZMAFile(filename, mode)
else:
file_obj = open(filename, mode)
return file_obj
satellite_tools/reposync.py
@@ -248,7 +248,7 @@ def import_groups(self, plug, url):
os.makedirs(absdir)
relativepath = os.path.join(relativedir, basename)
abspath = os.path.join(absdir, basename)
- for suffix in ['.gz', '.bz']:
+ for suffix in ['.gz', '.bz', '.xz']:
if basename.endswith(suffix):
abspath = abspath.rstrip(suffix)
relativepath = relativepath.rstrip(suffix)
2)
rhn-client-tools dependencies:
rhn-client-tools-2.2.6-1.el7.noarch requires python-dmidecode
rhn-client-tools-2.2.6-1.el7.noarch requires python-gudev
rhn-client-tools-2.2.6-1.el7.noarch requires python-hwdata
This was caused by using the CentOS-7-x86_64-DVD-1511.iso iso as a kickstart tree…
Resolution: Prepare the centos7 tree using the CentOS-7-x86_64-Everything-1511.iso media:
mkdir /var/satellite/rhn/kickstart/2/centos-7-x86_64-base
mount -o loop /var/CentOS-7-x86_64-Everything-1511.iso /mnt/
rsync -arv /mnt/ /var/satellite/rhn/kickstart/2/centos-7-x86_64-base/
rm -f /var/satellite/rhn/kickstart/2/centos-7-x86_64-base/Packages/*.rpm
Links:
https://marc.info/?l=spacewalk-list&m=142387145808334&w=3
https://github.com/spacewalkproject/spacewalk/commit/76883065ff72449726adc82d081ae681f2a5bb59
Get-NetConnectionProfile
Open Windows PowerShell and type “Get-NetConnectionProfile”
PS C:\Users\Administrator> Get-NetConnectionProfile
Name : Network
InterfaceAlias : Ethernet
InterfaceIndex : 12
NetworkCategory : Public
IPv4Connectivity : LocalNetwork
IPv6Connectivity : NoTraffic
We need just InterfaceIndex number. It’s usually 12.
Set-NetConnectionProfile -InterfaceIndex 12 -NetworkCategory Private
Install Dependencies
#yum install -y libbsd-devel libbsd glibc-devel libX11-devel help2man autoconf git tar glib2 glib2-devel kernel-devel kernel-headers automake gcc gtk2-devel
You also need to install VirtualGL. Download the latest version for your arch at the VirtualGL download page or use yum command
#yum install VirtualGL
If you want to run 32 bit apps on your 64 bit system, then also install:
#yum install VirtualGL.i686
Install Bumblebee
Install the Bumblebee yum repository
Fedora 21
$yum install http://install.linux.ncsu.edu/pub/yum/itecs/public/bumblebee/fedora21/noarch/bumblebee-release-1.2-1.noarch.rpm
Install Bumblebee:
$yum install bbswitch bumblebee
Bumblebee with the NVIDIA proprietary drivers
The previous commands install bumbleblee with the nouveau drivers. If you want to install bumblebee with the NVIDIA proprietary drivers you must also follow these instructions:
Install the bumblebee-nonfree repository:
Fedora 21
$yum install http://install.linux.ncsu.edu/pub/yum/itecs/public/bumblebee-nonfree/fedora21/noarch/bumblebee-nonfree-release-1.2-1.noarch.rpm
For all versions
Make sure you have glibc-devel installed because it is needed for bumblebee-nvidia to compile the driver
sudo yum install glibc-devel
Now install bumblebee-nvidia
#yum -y install bumblebee-nvidia
“bumblebee-nvidia” is both a rpm package and a shell script. The “bumblebee-nvidia” package contains the shell “wrapper” script, init scripts to run it at bootup, and a SELinux security policy, and lastly a copy of the NVidia Linux binary driver “blob” downloaded from NVidia’s UNIX drivers page. This is why the packages are so large compared to the bumblebee package.
Reboot.
Testing Bumblebee
To verify you are now using the NVIDIA driver, run the glxgears demo (from mesa-demos):
optirun glxgears -info | grep “GL_VENDOR”
You should see some gears rotating. In the terminal you should see “GL_VENDOR = NVIDIA Corporation” or something similar.
Primus
For speed imrovements you can use primus. Primus is a shared library that provides OpenGL and GLX APIs and implements low-overhead local-only client-side OpenGL offloading via GLX forking, similar to VirtualGL. It intercepts GLX calls and redirects GL rendering to a secondary X display, presumably driven by a faster GPU. On swapping buffers, rendered contents are read back using a PBO and copied onto the drawable it was supposed to be rendered on in the first place. Currently primus requires the NVIDIA proprietary drivers.
Install primus:
#yum -y install primus
If you want to run 32 bit apps on your 64 bit system, then also install:
#yum -y install primus.i686
Testing primus
Open up a terminal and run:
PRIMUS_VERBOSE=2 optirun -b primus glxgears -info
If primus is working properly, you should see “primus: profiling:” messages every so often in the terminal you ran it from.
How to use Bumblebee
General Usage:
optirun [options] [application-parameters]
If you installed primus, then you can use the following command to take advantage of it:
optirun -b primus [application-parameters]
Start Windows applications:
optirun wine .exe
with primus:
optirun -b primus wine .exe
By default, primus renders up to 60 fps. To render more frames per second:
vblank_mode=0 optirun -b primus [application-parameters]
In practice this will probably only waste power, as most screens do not display more than 60 frames per second.
You can always run “man optirun” for more information.
Optimus and Steam for Linux
To make a game run using the discrete GPU, use these simple steps:
1. Select a game – that you want to run using your discrete Nvidia card – from the Library page of the Steam client, right-click, and select Properties.
2. Click the SET LAUNCH OPTIONS… button and specify primusrun %command% for the command line.
3. Save your changes.This method allows you to pick when the discrete NVidia GPU should be used on a per-game basis.
Links:
https://fedoraproject.org/wiki/Bumblebee
https://wiki.archlinux.org/index.php/Bumblebee
http://techies.ncsu.edu/wiki/bumblebee
http://bumblebee-project.org/
https://github.com/Bumblebee-Project/Bumblebee/wiki
http://ubuntuforums.org/showthread.php?t=2059854
https://fedoraproject.org/wiki/How_to_debug_Xorg_problems
https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_T420#NVIDIA_Optimus
https://support.steampowered.com/kb_article.php?ref=6316-GJKC-7437
https://cjenkins.wordpress.com/2013/01/01/steam-for-linux-on-optimus-enabled-computer-running-ubuntu-12-04-64bits/
http://unix.stackexchange.com/questions/133921/is-it-possible-to-run-steam-games-using-optirun
Metacharacters
| char |
meaning |
^ |
beginning of string |
$ |
end of string |
. |
any character except newline |
* |
match 0 or more times |
+ |
match 1 or more times |
? |
match 0 or 1 times; or: shortest match |
| |
alternative |
( ) |
grouping; “storing” |
[ ] |
set of characters |
{ } |
repetition modifier |
\ |
quote or special |
To present a metacharacter as a data character standing for itself, precede it with \ (e.g. \. matches the full stop character . only).
In the table above, the characters themselves, in the first column, are links to descriptions of characters in my The ISO Latin 1 character repertoire – a description with usage notes. Note that the physical appearance (glyph) of a character may vary from one device or program or font to another. |
Repetition
a* |
zero or more a’s |
a+ |
one or more a’s |
a? |
zero or one a’s (i.e., optional a) |
a{m} |
exactly m a’s |
a{m,} |
at least m a’s |
a{m,n} |
at least m but at most n a’s |
repetition? |
same as repetition but the shortest match is taken |
Read the notation a’s as “occurrences of strings, each of which matches the pattern a”. Read repetition as any of the repetition expressions listed above it. Shortest match means that the shortest string matching the pattern is taken. The default is “greedy matching”, which finds the longest match. The repetition? construct was introduced in Perl version 5. |
Special notations with \
Single characters
\t |
tab |
\n |
newline |
\r |
return (CR) |
\xhh |
character with hex. code hh |
|
“Zero-width assertions”
\b |
“word” boundary |
\B |
not a “word” boundary |
|
Matching
\w |
matches any single character classified as a “word” character (alphanumeric or “_”) |
\W |
matches any non-“word” character |
\s |
matches any whitespace character (space, tab, newline) |
\S |
matches any non-whitespace character |
\d |
matches any digit character, equiv. to [0-9] |
\D |
matches any non-digit character |
Character sets: specialities inside […]
Different meanings apply inside a character set (“character class”) denoted by […] so that, instead of the normal rules given here, the following apply:
[characters] |
matches any of the characters in the sequence |
[x-y] |
matches any of the characters from x to y (inclusively) in the ASCII code |
[\-] |
matches the hyphen character “-” |
[\n] |
matches the newline; other single character denotations with \ apply normally, too |
[^something] |
matches any character except those that [something] denotes; that is, immediately after the leading “[”, the circumflex “^” means “not” applied to all of the rest |
Examples
| expression |
matches… |
abc |
abc (that exact character sequence, but anywhere in the string) |
^abc |
abc at the beginning of the string |
abc$ |
abc at the end of the string |
a|b |
either of a and b |
^abc|abc$ |
the string abc at the beginning or at the end of the string |
ab{2,4}c |
an a followed by two, three or four b’s followed by a c |
ab{2,}c |
an a followed by at least two b’s followed by a c |
ab*c |
an a followed by any number (zero or more) of b’s followed by a c |
ab+c |
an a followed by one or more b’s followed by a c |
ab?c |
an a followed by an optional b followed by a c; that is, either abc or ac |
a.c |
an a followed by any single character (not newline) followed by a c |
a\.c |
a.c exactly |
[abc] |
any one of a, b and c |
[Aa]bc |
either of Abc and abc |
[abc]+ |
any (nonempty) string of a’s, b’s and c’s (such as a, abba, acbabcacaa) |
[^abc]+ |
any (nonempty) string which does not contain any of a, b and c (such as defg) |
\d\d |
any two decimal digits, such as 42; same as \d{2} |
\w+ |
a “word”: a nonempty sequence of alphanumeric characters and low lines (underscores), such as foo and 12bar8 and foo_1 |
100\s*mk |
the strings 100 and mk optionally separated by any amount of white space (spaces, tabs, newlines) |
abc\b |
abc when followed by a word boundary (e.g. in abc! but not in abcd) |
perl\B |
perl when not followed by a word boundary (e.g. in perlert but not in perl stuff) |
Examples of simple use in Perl statements
These examples use very simple regexps only. The intent is just to show contexts where regexps might be used, as well as the effect of some “flags” to matching and replacements. Note in particular that matching is by default case-sensitive (Abc does not match abc unless specified otherwise).
s/foo/bar/;
replaces the first occurrence of the exact character sequence foo in the “current string” (in special variable $_) by the character sequence bar; for example, foolish bigfoot would become barlish bigfoot
s/foo/bar/g;
replaces any occurrence of the exact character sequence foo in the “current string” by the character sequence bar; for example, foolish bigfoot would become barlish bigbart
s/foo/bar/gi;
replaces any occurrence of foo case-insensitively in the “current string” by the character sequence bar (e.g. Foo and FOO get replaced by bar too)
if(m/foo/)…
tests whether the current string contains the string foo
Links: https://www.cs.tut.fi/~jkorpela/perl/regexp.html
http://www.troubleshooters.com/codecorn/littperl/perlreg.htm
http://www.skillz.ru/dev/php/article-Regulyarnye_vyrazheniya_dlya_chaynikov.html
http://www.ultraedit.com/support/tutorials_power_tips/ultraedit/non-greedy-perl-regex.html
http://www.regular-expressions.info/wordboundaries.html
http://www.cs.xu.edu/csci380/99s/perlstuff/anchorreg.html
http://www.tutorialspoint.com/perl/perl_regular_expression.htm
Positional parameters $1,$2,$3… and their corresponding array representation, count and IFS expansion $@, $#, and $*.
$_ last argument of last command
$# number of arguments passed to current script
$* / $@ list of arguments passed to script as string / delimited list
$- current options set for the shell.
$$ pid of the current shell (not subshell)
$_ most recent parameter (or the abs path of the command to start the current shell immediately after startup)
$IFS the (input) field separator
$? most recent foreground pipeline exit status
$! PID of the most recent background command
$0 name of the shell or shell script
Links: http://www.gnu.org/software/bash/manual/bashref.html#Special-Parameters
Make sure you have one of the supported finger scanners. You can check if your device is supported by checking this list of supported devices. To check which one you have, type:
lsusb
Bus 001 Device 003: ID 147e:2016 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor
Installation:
yum install fprintd ImageMagick
Login configuration
Note: If you use GDM, the fingerprint-option is already available in the login menu. You can skip this section!
Add pam_fprintd.so to the auth section of /etc/pam.d/system-auth and /etc/pam.d/system-auth-ac
vi /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
This tries to use fingerprint login first, and if if fails or if it finds no fingerprint signatures in the give user’s home directory, it proceeds to password login.
To add a signature for a finger, run
$ fprintd-enroll
You will be asked to scan the given finger. After that, the signature is created in /var/lib/fprint/$USER.
For more information, see man fprintd.
Links:
https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_T420#Fingerprint_reader
https://wiki.archlinux.org/index.php/Fprint#Setup_fingerprint-gui
http://karuppuswamy.com/wordpress/2010/07/22/how-to-get-fingerprint-reader-working-in-fedora-linux-upek-147e1000-in-this-case/
Page 2 of 6«12345...»Last »
