The DBA might like to try
execute DBMS_STATS.GATHER_DATABASE_STATS;
FTI Server Config Post Migration issue list
1. Creating of index agents the FTI expects Server Config object to be same name as docbase. Thus shutdown docbase. Edit server.ini, change the docbase config to that of docbase name. Start back up. Now you have a server config same name. Shut down, restore the original name of the serverconfig in the server.ini. Start back up.
2. Go to DA, To security and search for acl, dm_f – ensure the owner is the docbase owner (if that name changed after a migration.
SSL Checklist Apache2 Centos5 HideMyIP
Installing an SSL certificate on Apache2 on Centos5
If you have not generated a certificate then suggest you jump to that section first then scroll back up.
Checks to be made in
/etc/httpd/conf.d/ssl.conf
under <VirtualHost _default_:443>
1. ServerName www.<mysite.com>:443
(Failure to set this will result in SSL_ERROR_RX_RECORD_TOO_LONG or “unsupported proxy” by Firefox)
2. In ssl.conf: SSLCertificateFile <path to> /www.<mysite.com>.crt
This is the file sent by the SSL certificate provider.
3. In ssl.conf: Ensure SSLCertificateKeyFile is set to valid path to key
4. In ssl.conf: SSLCertificateChainFile <path to> gd_intermediate_bundle.crt
The bundle file comes with the certificate (at least with DoDaddy).
5. Check iptables, port 443 should be enabled.
6. Check ssl is installed (yum list | grep ssl)
7. Check router port forwarding is enabled for port 443.
8. If you are testing a web server on the same net as the machine there is a chance the router is resolving the external facing ISP issued IP in such a way that it is impossible to test a your own website from the internet. intranet. Some routers don’t permit it at all, e.g. netgear DG814 with recent firmware v 4.10 or below.
The fix is to use a proxy server like www.turbohide.com for testing or even install (read warning before buying) HideMyIP from www.hide-my-ip.com to fake the ip of the machine used to test. You get a 3 day trial or buy for £16 ish. Warning: HideMyIp will reduce your bandwidth very noticeably unless you upgrade to the premium service this is probably because of the proxies used as the free ones suffer also – though there are other products – I’ve not tried them.
9. Restart web server
# /usr/sbin/apachectl graceful
httpd not running, trying to start
Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.<my site>.com:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
If you don’t get the above information the first time when you start then your cert is not installed properly.
10. Protect your pages. For example (and there are many on the net)
if ($_SERVER['SERVER_PORT'] != 443)
{
header(“Location: https://www.mysite.com/”); // ssl site now
exit;
}
and/or setup a location rewrite in ssl.conf:
<Location /mywebfolder>
RewriteEngine on
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^.*/mywebfolder(.*)$ https://%{SERVER_NAME}:443/mywebfolder$1 [R]
</Location>
or .htaccess in the web folder – here we are challenged for a password and its said where the .htpasswd file is:
AuthUserFile /var/www/html/.htpasswd
AuthName "Secret stuff going on here - you need a password"
AuthType Basic
Require valid-user
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
Any of this not working then check the error_log (in /etc/httpd/logs). Not forgetting to apachectl graceful and clear the browser session info between tests (for the password challenge bit).
Generate Certificate
Execute this:
openssl genrsa -des3 -out www.<my site.com>.key 1024
Use the outfile and execute this:
openssl req -new -key www.<my site.com>.key -out <my site.com>.csr
The resulting file is <my site.com>.csr
`cat` the file to copy the content and past it into the browser with prompted by the ssl issuer.
Convert postcode to longitude and latitude
Usage:
./postcodetolonglat.sh 'SK99 9LZ'
Creates a little temp file called ‘postcode’. The file is put in /tmp and is of course unique for each execution of the program. These files can be cleared out quite easily as part of maintenance of the /tmp folder. (i.e. a weekly cron that executes
find /tmp -mtime +1 -user apache -exec rm {} \;
where the file will be at least a day old and is owned by apache which (in my case) is the apache user for the apache web server.
Script:
#!/bin/bash
. `/usr/bin/wget "http://maps.google.com/maps/geo?q=$1" -O "/tmp/$1"`
LAT=`cat "/tmp/$1" | awk -F "[" '{print $4}' | awk -F "," '{print $2}'`
LON=`cat "/tmp/$1" | awk -F "[" '{print $4}' | awk -F "," '{print $1}'`
echo "<script language=JavaScript>"
echo " var Lon=$LON;"
echo " var Lat=$LAT;"
echo " var orig='$1';"
echo "</script>"
Then in, say, google maps:
From your browser, call (for example for the Warminster postcode of the R.E.M.E - BA12 0BS)
http://server.com/map4.php?pc=BA12%200BS
The code for map4.php is below.
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml">
<head>
<?php
$Postcode= $_GET['pc'];
echo passthru("./postcodetolonglat.sh '$Postcode'");
?>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<script src="http://maps.google.com/maps?file=api&v=2&key=ABQIAAAA2OgjrxQMCCnZOIKNKqdqqxQQ2LfZc7AlgWy0LicD3n_XCYU-EBSRAF96CM-HbX18JJscTSEShXpbfg"
type="text/javascript"></script>
<script type="text/javascript">
function initialize() {
if (GBrowserIsCompatible()) {
var map = new GMap2(document.getElementById("map_canvas"));
var gll = new GLatLng(Lat,Lon);
map.setCenter(gll,17);
map.addControl(new GSmallMapControl());
map.addControl(new GMapTypeControl());
GEvent.addListener(map,"click", function(overlay,latlng) {
if (latlng) {
var myHtml = "The GLatLng value is: " + map.fromLatLngToDivPixel(latlng) + " at zoom level " + map.getZoom();
//map.openInfoWindow(latlng, myHtml);
alert(gll.toUrlValue(10));
}
});
}
}
</script>
</head>
<body onload="initialize()" onunload="GUnload()">
<div id="map_canvas" style="width: 100%; height: 100%"></div>
<div id="message"></div>
</body>
</html>
Startup index agent
$ cd $FASTSEARCH/bin && ./startup.sh && ./nctrl start j2ee && ./nctrl start httpd && ./nctrl sysstatus
Before going to web interface, execute startup.sh in
$DOCUMENTUM/dfc/IndexAgents/IndexAgent1
To get to web interface put the full url to:
http://<fdqn>:9081/IndexAgent1/login.jsp
AIX TL and hardware (Documentum 5.3 friendly)
IBM Technology levels are obtained by using
oslevel
with no params tells you the version of AIX. (For Documentum it should be at least 5.2 currently).
oslevel -q -s
Will give a lengthy list of service packs and the technology level.
Example:
$ oslevel -q -s
Known Service Packs
——————-
5300-07-04-0818
5300-07-03-0811
5300-07-02-0806
5300-07-01-0748
5300-06-07-0818
5300-06-06-0811
5300-06-05-0806
5300-06-04-0748
5300-06-03-0732
5300-06-02-0727
5300-06-01-0722
5300-06-01-0000
5300-06-00-0000
5300-05-CSP-0000
5300-05-06-0000
5300-05-05-0000
5300-05-04-0000
5300-05-03-0000
5300-05-02-0000
5300-05-01-0000
5300-04-CSP-0000
5300-04-03-0000
5300-04-02-0000
5300-04-01-0000
5300-03-CSP-0000
$ oslevel -s
5300-06-07-0818
Which is AIX 5.3 TL6 SP7
Systems running Documentum include
$ oslevel -s
5300-06-00-0000
Which is AIX 5.3 TL6 No SP
prtconf
will tell you the cpu, network and other information. Abbreviated example below:
$ prtconf
System Model: IBM,9117-570
Machine Serial Number: 65045F0
Processor Type: PowerPC_POWER5
Number Of Processors: 2
Processor Clock Speed: 1900 MHz
CPU Type: 64-bit
Kernel Type: 64-bit
LPAR Info: 5 manch0010
Memory Size: 4096 MB
Good Memory Size: 4096 MB
Platform Firmware level: Not Available
Firmware Version: IBM,SF240_320
Console Login: enable
Auto Restart: true
Full Core: false
At time of writing it is believed (by me) TL05 is out of support from IBM.
mysql 5 trigger upgrade
Mysql triggers are not the best in the world and it seems you can’t call something external from the db – like, for example, running a script.
Well, I needed to know if an update had occurred on a table and to fire off a remote command to another server.
The solution was:
1. Add a field to the table called action – default it to NULL
2. Perl script to check the table for rows which contained default=NULL
3. If such a row existed then do some file system action
4. Update the table so that action is no longer null
5. Make the whole thing reliable
Step 1. Create a shell script
check_relay.sh
#!/bin/bash
echo “running application”;
while [ 1 ]; do
echo “running”
perl /home/user/relay2.pl
sleep 3
done
2. create a perl script to query the db table we spoke off earlier (relay2.pl – in my app)
my $database = ‘relay’;
my $host = ‘localhost’;
my $user = ‘relay_user’;
my $pass = ‘relay_pass’;
my $dbh = DBI->connect(“DBI:mysql:database=$database;host=$host”,”$user”,”$pass”) or die “Can’t open DB: $!”;
my $sth = $dbh->prepare(q{SELECT tr_id, actioned FROM relay where actioned is null});
$sth->execute() or die $dbh->errstr;
my $actioned;
my $tr_id; # should use a transaction id so you know which row was updated in case there is more than one.
$sth->bind_columns(\$actioned,\$tr_id);
while($sth->fetch()) {
#here we do stuff on the os, e.g. system(“php ./relay2.php $field_from_db_etc”);
#now update the db so the row no longer requires a trigged type event
my $newQ2 = “UPDATE transactions SET actioned =true WHERE tr_id=$tr_id”;
my $sth3 = $dbh->prepare($newQ2);
$sth3->execute() or die $dbh->errstr;
$sth3->finish;
}
$sth2->finish;
}
$sth->finish;
$dbh->disconnect;
3. create a perl script to check the process is actually running (which it wont be unless you ran it by hand)
#!/usr/bin/perl
open PROS, “ps -ef|grep check_relay.sh |”;
while ($line = <PROS>){
unless ($line =~ m/grep/){
#print “is already running\n”;
exit;
}
}
print “check_relay was not running. Trying to start it.\n”;
exec ‘nohup /home/user/./check_relay.sh &’;
4. Make sure the damn thing boots up about 60 seconds after the system starts and check it is still running every 60 seconds.
Edit cron for the user under which this script will run -
(crontab -e)
* * * * * /home/user/ps_check.pl
If you have done everything right then kill the process and see that it launches again within 60 secs which is the resolution of cron.
Obviously make sure mysql is configured to autostart at the correct run levels if the machine is booted up.
(if I remember correctly on centos, chkconfig mysqld on –level 35)
ImageMagick Annotate/Watermark/Add text to graphic image
Where logo_01.jpg is the source image.
The output image is out.jpg
The text put on is 12345
The font was installed on the system by default and standard TTF which can be found with a basic search FS.
convert logo_01.jpg -fill ‘#0008′ -draw ‘rectangle 5,128,114,145′ -font /usr/share/fonts/bitstream-vera/Vera.ttf -fill white -annotate +10+141 ‘12345′ out.jpg
Nicest email ever received
Hi K######,
It is not often that we get a chance to stop, and give recognition to an individual who has been a great team player, an expert in the field, and an awesome individual to work with, who for the past 3-4 weeks has assisted the US ### team to successfully deliver a solution on the RFS# ######-## for the XXXXXXXX customer. This RFS was recently signed.
I am taking that opportunity to do so now with regards to Kevin Yeandel, who has been working with the team in terms of educating us on the nuances of Documentum, and how it should be architected to be backed up and recovered. Additionally, Kevin identified “risk” and also “risk mitigation” strategies.
We still a bit of closure to do with the customer, due to no fault of our own, however to date, and given the 5-6 hr time difference, I am very pleased with Kevin, in that with very brief notice, Kevin has been able to make all calls, take charge on the calls and educate the XXXXXXXX customer, and team ### as to how to do it and do it the correct way. I look forward to working with Kevin on future assignments.
I also tried to follow up with a “Thanks award”, and received this response “Either the CNUM or the e-mail address you have entered is incorrect or the person whose e-mail address you have entered is not eligible to participate in the Thanks! Award Program at this time.
Thanks,
Dxxxxxx
mysql autostart runlevel
chkconfig –level 3 mysqld on
chkconfig –list mysqld
service mysqld status
