cert sorcerer braindump
Find the number of innodes in a directory
find . -printf '%i\n' | sort -u | wc -l
Get the first word of a line
grep [word_you_are_looking_for] [file_in_which_you-are_looking] | awk '{print $1}'
File descriptors
For users are set in: /etc/security/limits.d/
Global number available: /proc/sys/fs/file-max
Symptoms on diracweb in startup/Configuration_Server/log/current:
ERROR: Can't verify proxy or certificate file /opt/dirac/etc/grid-security/hostcert.pem:No certificate loaded
Kill all processes belonging to yum on a machine:
ps -ef | awk '/[y]um/ {print $2}' | xargs kill
Yum got it's knickers into a twist
Before doing anything else try:
yum clean all
rm -f /var/lib/rpm/__db*
rpm --rebuilddb
yum update
Log into all the wd-worker nodes, run up2date (from Ray):
for n in `seq -w 2 39` ;do ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@wd$n up2date-nox -u ;done
Get the hostcerts from the storage nodes
for n in `seq 10 38` ; do scp root@sedsk$n:/etc/grid-security/hostcert.pem
sedsk$n"_hostcert".pem; done
Copy a bunch of hostcerts on the storage nodes
for n in `seq 39 51` ; do scp sedsk$n"_grid_hostkey.pem"
root@sedsk$n:/etc/grid-security/hostkey.pem; done
Checking a list of pnfsids in the companion database - script.
Find all files in a lost pool
psql companion -t -c "select pnfsid from cacheinfo where pnfsid in (select pnfsid from cacheinfo where pool='sedsk18cms_0') group by pnfsid having count(pool)=1" > /tmp/sedsk18cms_0.txt
companion=# select * from cacheinfo where pool='sedsk18cms_0';
Find (and list) all files in gu2-cmsprd older than 30 days, replace "ls -l" with "rm -rf" at
your own peril:
find /srv/grid/home/lt2/gu2-cmsprd -mtime +30 -type f -exec ls -l {} \; >
/tmp/cms.older.30.days
remove empty dirs where status was last changed 5 days ago (not sure this
actually works):
find /srv/grid/home/lt2/gu22-cmsprd -maxdepth 1 -ctime +5 -type d -empty -exec rm
-rf {} \;
Details on the internal disks sedsk16-28: smartctl -a /dev/sda
logical/physical volumes
/sbin/vgdisplay
/sbin/pvdisplay
/sbin/lspci
rpm -ivh packagename
rpm -q --whatprovides /usr/bin/man
to list contents: rpm -qlp packagename
To find out what is installed on a machine:
dmidecode
How to dig yourself out of a hole
1) edit the boot command with 'e' (may need to specify grub password first with
'p')
2) select the kernel line (usually 2nd line) and edit with 'e'
3) append init=/bin/bash to end of the kernel line
4) boot system with 'b'
5) system should boot into a shell (if you are lucky)
6) remount root partition rw by: mount -o rw,remount /
7) now edit passwd file (take out the first 'x' to set to a blank password)
and/or fstab to get out of the hole you are in
8) reboot (now with blank password !) so you can do interactive fsck when
prompted
9) Reset password when done
Our raid arrays
areca-cli
To see if array has rebuilt:
vsf info
To check disk status:
disk info
To look at a specific disk (i.e. serial number): The first number in disk info is the drive number
(typically runs from 9 to 32), so disk info drv=9 will give the first disk in
the array.
old arrays:
cd 3ware
./tw_cli help
./tw_cli info (list controllers etc)
./tw_cli /c0 show
./tw_cli /c0 help
./tw_cli /c0 rescan
qstat
qstat -f
qmon (run on sgemaster as dbauer)
enable:
qmod -e grid.q@wd01.hep.ph.ic.ac.uk
disable:
qmod -d grid.q@wd01.hep.ph.ic.ac.uk
Other qstat commands:
qstat -u \*
qstat -s z
Make my jobs go ahead in the queue (on sgemaster02):
qalter -u gu2-dteam768 -ot 2
explain error state for a job: qstat -explain c -j [jobid]
stat filename
ls -il filename
find . -inum [inode] -exec ls -l {} \;
iptables
To allow printer connections
/sbin/iptables -I INPUT <rulenum> -p <protocol> -s <source ip> --dport <destport> -jACCEPT
protocol typically = udp or tcp
/etc/rc.d/init.d/iptables status // to look at the rules
/etc/rc.d/init.d/iptables restart
/sbin/iptables-save // copy output to /etc/sysconfig/iptables so they won't be
forgotten on reboot
/sbin/iptables -L -v -n// to look at the rules
E.g. to be able to see the printer queues:
iptables -I INPUT 5 -p udp -s 155.198.211.218 --dport 631 -jACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 8088 -j ACCEPT
Or just edit /etc/sysconfig/iptables:
Before the first 'reject' add
-A INPUT -s 155.198.211.218/32 -p udp -m udp --dport 631 -j ACCEPT
batch: Somebody spelled out the man pages:
Thank you.
Block copy in emacs
(M- means Alt + command)
Move the cursor to the upper-left corner of the area you want to cut.
Set the mark by pressing C-@ or C-SPC . If your terminal does not allow this keystroke, you can also set the mark by pressing: M-x At the prompt, enter: set-mark
Move the cursor one space beyond the lower-right corner of the region you are going to cut.
Delete the rectangle into the kill buffer by pressing: M-x At the prompt, enter: kill-rectangle
Move the cursor to the upper-left corner of the area where you want to paste the rectangle.
Retrieve your text by entering: M-x yank-rectangle
Your rectangle of text will now appear at the new location you have chosen.