# yum install httpd* mysql* -y

*** Install Module Needed for Authentication from MySQL databases. ***

# yum install mod_auth_mysql -y

*** Create a database which contains a table holding the username and passwd ***

#mysql -u root -p
password:

mysql> create database httpd;
mysql> use httpd;
mysql> create user ‘apache’@'localhost’ identified by ‘apache’;
mysql> create table users( user_name char(30) NOT NULL, user_passwd char(30), user_group char(30)
NOT NULL, PRIMARY KEY(user_name));
mysql> grant all privileges on *.* to ‘apache’@'localhost’ with GRANT option;
mysql> INSERT INTO users VALUES (’testuser’, ENCRYPT(’testpass’), ‘user’);
mysql> INSERT INTO users VALUES (’admin’, ENCRYPT(’testpass’), ‘group’);
mysql> quit

# service mysqld restart

# vim /etc/httpd/conf/httpd.conf

AuthName “MySQL group authenticated zone”
AuthType Basic
AuthMYSQLEnable on
AuthMySQLUser apache
AuthMySQLPassword apache
AuthMySQLDB httpd
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLGroupField user_group
require group admin /or/ require valid-user

# service httpd restart

enjoy

TYPES OF MYSQL REPLICATION

• Statement-based Replication

• Row-based Replication

• Mixed

  To change the type of Replication modify my.cnf configuration file and change

  binlog_format=mixed | row | statement

mysql> SHOW VARIABLES LIKE ‘binlog_format’;

+—————+——-+

| Variable_name | Value |

+—————+——-+

| binlog_format | MIXED

+—————+——-+

Processes/Threads inside MySQL that are responsible for replication

• MASTER - Binlog Dump Thread

• SLAVE - I/O Thread

  • • • • SQL Thread

Statements useful to check the status of these threads as replication goes:

mysql> SHOW PROCESSLIST\G

mysql> SHOW MASTER STATUS\G

mysql> SHOW SLAVE STATUS\G

Directories and File Locations

• Datadir – /var/lib/mysql

• General Log dir. - /var/log

• Bin Log dir. - /var/log/mysql

• Configuration file - /etc/mysql/my.cnf

• SSL Certificates - /etc/mysql/ssl

• Relay Log file - /var/lib/mysql/slavehost-relay-bin.NNNNNN

• Status Files - master.info, relay-log.info

Note:

- All modification/updates to data should be done on Master only, and not on any Slave. Slave should be used for queries.

setup replication

MySQL MASTER = 192.168.1.100:3306

MySQL SLAVE = 192.168.1.111:3306

MASTER host

root@sage:~# mkdir /etc/mysql/ssl

root@sage:~# cd /etc/mysql/ssl/

root@sage:~# rm -rf *

Create CA certificate

root@sage:~# openssl genrsa 2048 > ca-key.pem

root@sage:~# openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem

Create server certificate

root@sage:~# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem

root@sage:~# openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

Copy ca-cert file to MySQL clients & slaves

root@sage:~# scp ca-cert.pem root@slave-host-IP:/etc/mysql/ssl/

Modify configuration file

root@sage:~# vi /etc/mysql/my.cnf

Enable Binary logging in Mixed format. And specify a Unique Server ID of Master

[mysqld]

log-bin = /var/log/mysql/mysql-bin

binlog_format = mixed

server-id = 1

ssl-key = /etc/mysql/ssl/server-key.pem

ssl-cert = /etc/mysql/ssl/server-cert.pem

ssl-ca = /etc/mysql/ssl/ca-cert.pem

Test SSL connectivity using MySQL-Client

root@sage:~# /etc/init.d/mysql restart

root@sage:~# mysql --ssl-ca=/etc/mysql/ssl/ca-cert.pem -u root -p

mysql> SHOW VARIABLES LIKE ‘%ssl%’;

+—————+——————————–+

| Variable_name | Value |

+—————+——————————–+

| have_openssl | YES |

| have_ssl | YES |

| ssl_ca | /etc/mysql/ssl/ca-cert.pem |

| ssl_capath | |

| ssl_cert | /etc/mysql/ssl/server-cert.pem |

| ssl_cipher | |

| ssl_key | /etc/mysql/ssl/server-key.pem |

+—————+——————————–+

mysql> SHOW STATUS LIKE ‘Ssl_cipher’;

+—————+——————–+

| Variable_name | Value |

+—————+——————–+

| Ssl_cipher | DHE-RSA-AES256-SHA |

+—————+——————–+

confirms that SSL is supported & enabled on MASTER

Create mysql user on master that has the privileges to do replication.

mysql -u root -p

mysql> GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO replssl@’%’ IDENTIFIED BY ‘replipass’ REQUIRE SSL;

If user already exists

mysql> GRANT USAGE ON *.* TO 'repl'@'%' REQUIRE SSL;

mysql> FLUSH PRIVILEGES;

mysql> SHOW GRANTS FOR repl;

Find the location where Master is writing now

mysql> show master status;

+—————-+——–+————-+—————+

| File | Position |Binlog_Do_DB |Binlog_Ignore_DB

+—————-+——–+————-+——————

|mysql-bin.000004| 7705 | |

+—————-+——–+————-+—————–

They are: mysql-bin.000004, 7705

Take snapshot of Mysql data on Master and then scp it to slave.

mysql> FLUSH TABLES WITH READ LOCK;

root@sage:~# tar czvf ~/mysql-snapshot.tar.gz /var/lib/mysql

mysql> UNLOCK TABLES;

Copy snapshot to the slave

root@sage:~# scp mysql-snapshot.tar/gz user@slave-IP:~

SLAVE side

To configure this host as a replication slave, you can choose between

two methods :

- Use the CHANGE MASTER TO command

CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,

MASTER_USER=<user>, MASTER_PASSWORD=<password> ……

OR

- Set the variables in /etc/mysql/my.cnf.

Create client certificate

root@sage:~# openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem

root@sage:~# openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem

root@sage:~# vi /etc/mysql/my.cnf

[mysqld]

server-id = 2

master-host = 192.168.1.100

master-user = repl

master-password = replipass

master-port = 3306

log-bin = /var/log/mysql/mysql-bin

binlog_format = mixed

tmpdir = /tmp/

[client]

ssl-ca=/etc/mysql/ssl/ca-cert.pem

#ssl-key=/etc/mysql/ssl/client-key.pem

#ssl-cert=/etc/mysql/ssl/client-cert.pem

“If the account has no special SSL requirements or was created using a GRANT statement that includes the REQUIRE SSL option, a client can connect securely by using just the --ssl-ca option:

shell> mysql --ssl-ca=cacert.pem

To require that a client certificate also be specified, create the account using the REQUIRE X509 option. Then the client must also specify the proper client key and certificate files or the server will reject the connection:

shell> mysql --ssl-ca=cacert.pem \
       --ssl-cert=client-cert.pem \
       --ssl-key=client-key.pem

In other words, the options are similar to those used for the server. Note that the Certificate Authority certificate has to be the same. “

Ref: http://dev.mysql.com/doc/refman/5.0/en/secure-using-ssl.html

root@sage:~# /etc/init.d/mysql restart

Test connectivity to Master from Slave

root@sage:~# mysql –ssl-ca=/etc/mysql/ssl/ca-cert.pem -u root -p -h 192.168.1.100

root@sage:~# mysql -u root -p

mysql> SLAVE STOP;

mysql> mysql> CHANGE MASTER TO MASTER_HOST=’192.168.1.100′, MASTER_PORT=3306, MASTER_USER=’replssl’, MASTER_PASSWORD=’1′,MASTER_LOG_FILE=’mysql-bin.000004′, MASTER_LOG_POS=7705, MASTER_SSL=1, MASTER_SSL_CA=’/etc/mysql/ssl/ca-cert.pem’;

mysql> START SLAVE;

mysql> SHOW SLAVE STATUS\G

mysql> SHOW PROCESSLIST\G

Note : If we have given only GRANT … REQUIRE SSL to replication user then MASTER_SSL=1, MASTER_SSL_CA are to be specidfied. ITo require that a client certificate also be specified, create the account using the REQUIRE X509 option.

]]> http://www.hackadmin.com/2010/03/04/mysql-server-replication-with-ssl/feed/ 0 http://www.hackadmin.com/2010/02/20/how-to-recover-a-lost-mysql-password/ http://www.hackadmin.com/2010/02/20/how-to-recover-a-lost-mysql-password/#comments Sat, 20 Feb 2010 18:23:14 +0000 admin http://www.hackadmin.com/?p=256 Article by Aashish

This article explains the process that will allow you to recover a lost MySQL password:

Stop the MySQL server process

Start the MySQL (mysqld) server/daemon process with the
–skip-grant-tables option so that it will not prompt for password.

Connect to mysql server as the root user.

Setup new mysql root account password.

Exit and restart the MySQL server.

Example:

# service mysqld stop

Output:

Stopping MySQL database server: mysqld.

Then start MySql in safe mode

# mysqld_safe –skip-grant-tables

Output

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql

Then connect the mysql without any password

# mysql -u root

( Then setup password )

mysql> use mysql;

mysql> update user set password=PASSWORD(”NEW-ROOT-PASSWORD”) where User=’root’;

How do I redirect 80 port to 8123 using iptables?

You can easily redirect incoming traffic by inserting rules into PREROUTING chain of the nat table. You can set destination port using the REDIRECT target.

Syntax

The syntax is as follows to redirect tcp $srcPortNumber port to $dstPortNumber:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport $srcPortNumber -j REDIRECT –to-port $dstPortNumbe

The syntax is as follows to redirect udp $srcPortNumber port to $dstPortNumber:

iptables -t nat -A PREROUTING -i eth0 -p udp –dport $srcPortNumber -j REDIRECT –to-port $dstPortNumber

Replace eth0 with your actual interface name. The following syntax match for source and destination ips:

iptables -t nat -I PREROUTING –src $SRC_IP_MASK –dst $DST_IP -p tcp –dport $portNumber -j REDIRECT –to-ports $rediectPort

Examples:

In The following example redirects TCP port 25 to port 2525:

# iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 25 -j REDIRECT –to-port 2525

this example all incoming traffic on port 80 redirect to port 8123

# iptables -t nat -I PREROUTING –src 0/0 –dst 192.168.1.5 -p tcp –dport 80 -j REDIRECT –to-ports 8123

How Do I View NAT Rules?

Type the following command:

# iptables -t nat -L -n -v

How Do I Save NAT Redirect Rules?

Type the following command:

# iptables-save

Apache Performance Modules

Apache is a powerful and widely-used World-Wide Web (Web) server. One of its strengths is that the modules that it is made of are customizable according to the user’s requirements. Ashish Kumar discusses the benefits and the process of customization, along with a brief introduction to some useful modules.

List of Standard Modules

This appendix (alphabetically) lists of all of the standard modules that are part of the current (version 1.3.x) Apache distribution. Table 1 the modules that are compiled-in by default and Table 2 lists the ones which are not.

Table 1. Apache Standard Modules Compiled-In by Default.

Table 2. Apache Standard Modules Not Compiled-In by Default.

Appendix II : List of Nonstandard Modules

This appendix is a list of some nonstandard Apache modules. The selection is biased towards modules for programming language support and Web site administration. See Table 3.

How do I restrict the number of connections used by a single IP address to my server for port 80 and 25 using iptables?

You need to use the connection limit modules which allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block). This is useful to protect your server or vps box against flooding, spamming or content scraping.

Syntax
The syntax is as follows:

# /sbin/iptables -A INPUT -p tcp –syn –dport $port -m connlimit –connlimit-above N -j REJECT –reject-with tcp-reset

save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save

Example: Limit SSH Connections Per IP / Host

Only allow 3 ssh connections per client host:

# /sbin/iptables  -A INPUT -p tcp –syn –dport 22 -m connlimit –connlimit-above 3 -j REJECT

save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save

Example: Limit HTTP Connections Per IP / Host

Only allow 20 http connections per IP (MaxClients is set to 60 in httpd.conf):

# /sbin/iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 20 -j REJECT –reject-with tcp-reset
save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save

Skip proxy server IP 1.2.3.4 from this kind of limitations:

# /sbin/iptables -A INPUT -p tcp –syn –dport 80 -d ! 1.2.3.4 -m connlimit-above 20 -j REJECT –reject-with tcp-reset

Enjoy it….

Storage resource located on an iSCSI server known as a “target”. An iSCSI target usually represents nothing but hard disk storage. As with initiators, software to provide an iSCSI target is available for most mainstream operating systems.

iSCSI initiator (client)

An initiator functions as an iSCSI client. An initiator typically serves the same purpose to a computer as a SCSI bus adapter would, except that instead of physically cabling SCSI devices (like hard drives and tape changers), an iSCSI initiator sends SCSI commands over an IP network.

Debian / Ubuntu Linux Install tgt

Type the following command to install Linux target framework user-space tools:

$ sudo apt-get install tgt

CentOS / RHEL / Red Hat Linux Install tgt

RHEL 5.2 and older version do not have tgt tools. However, RHEL 5.3 (preview version) comes with tgt tools.

tgtadm – Linux SCSI Target Administration Utility

tgtadm is used to monitor and modify everything about Linux SCSI target software: targets, volumes, etc. This tool allows a system to serve block-level SCSI storage to other systems that have a SCSI initiator. This capability is being initially deployed as a Linux iSCSI target, serving storage over a network to any iSCSI initiator.

Start tgtd

To start the tgtd, enter:

# /usr/sbin/tgtd

Under RHEL 5.3 to start the tgtd service, enter:

# /etc/init.d/tgtd start

Define an iscsi target name

The following example creates a target with id 1 (the iqn is 19 iqn.2001-04.com.example:storage.disk2.amiens.sys1.xyz) and adds a 20 logical unit (backed by /dev/hdc1)with lun 1.

# tgtadm –lld iscsi –op new –mode target –tid 1 -T iqn.2001-04.com.example:storage.disk2.amiens.sys1.xyz
To view the current configuration, enter:

# tgtadm –lld iscsi –op show –mode target

Sample output:

Target 1: iqn.2001-04.com.example:storage.disk1.amiens.sys1.xyz

System information:

Driver: iscsi

Status: running

I_T nexus information:

LUN information:

LUN: 0

Type: controller

SCSI ID: deadbeaf1:0

SCSI SN: beaf10

Size: 0

Online: No

Poweron/Reset: Yes

Removable media: No

Backing store: No backing store

Account information:

ACL information:

Add a logical unit to the target (/dev/sdb1):

# tgtadm –lld iscsi –op new –mode logicalunit –tid 1 –lun 1 -b /dev/sdb1

Note:- about home computer / test system

Most production boxes will only use iSCSI root with real iSCSI devices, but for testing purposes it can be quite useful to set up an iSCSI target on your image server. This is useful for testing and learning iSCSI target and iSCSI initiator at home, simply use filesystem for testing purpose. Use dd command to create diskbased filesystem:

# dd if=/dev/zero of=/fs.iscsi.disk bs=1M count=512

Add /fs.iscsi.disk as a logical unit to the target:

# tgtadm –lld iscsi –op new –mode logicalunit –tid 1 –lun 1 -b /fs.iscsi.disk

Now, you should able to view details:

# tgtadm –lld iscsi –op show –mode target

Sample output:

Target 1: iqn.2001-04.com.example:storage.disk1.amiens.sys1.xyz

System information:

Driver: iscsi

Status: running

I_T nexus information:

LUN information:

LUN: 0

Type: controller

SCSI ID: deadbeaf1:0

SCSI SN: beaf10

Size: 0

Online: No

Poweron/Reset: Yes

Removable media: No

Backing store: No backing store

LUN: 1

Type: disk

SCSI ID: deadbeaf1:1

SCSI SN: beaf11

Size: 512M

Online: Yes

Poweron/Reset: Yes

Removable media: No

Backing store: /fs.iscsi.disk

Account information:

ACL information:

Accept iSCSI Target

To enable the target to accept any initiators, enter:

# tgtadm –lld iscsi –op bind –mode target –tid 1 -I ALL

This should open network port # 3260:

# netstat -tulpn | grep 3260

Sample output:

tcp 0 0 0.0.0.0:3260 0.0.0.0:* LISTEN 27328/tgtd
tcp6 0 0 :::3260 :::* LISTEN 27328/tgtd

And you are done. Your system is configured as iSCSI Target. Remote client computer can access this computers hard disk over network. Your can use cluster aware filesystem to setup real shared storage for small business. Open TCP port 3260 in your firewall, if required.

For Client
Install Required Package

iscsi-initiator-utils RPM package – The iscsi package provides the server daemon for the iSCSI protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks. This package is available under Redhat Enterprise Linux / CentOS / Fedora Linux and can be installed using yum command:

# yum install iscsi-initiator-utils

A note about Debian / Ubuntu Linux

If you are using Debian / Ubuntu Linux install open-iscsi package, enter:

$ sudo apt-get install open-iscsi

iSCSI Configuration

There are three steps needed to set up a system to use iSCSI storage:

1. iSCSI startup using the init script or manual startup. You need to edit and configure iSCSI

via /etc/iscsi/iscsid.conf file

2. Discover targets.

3. Automate target logins for future system reboots.

4. You also need to obtain iSCSI username, password and storage server IP address (target host)

Step # 1: Configure iSCSI

Open /etc/iscsi/iscsid.conf with vi text editor:

# vi /etc/iscsi/iscsid.conf

Setup username and password:

node.session.auth.username = My_ISCSI_USR_NAME

node.session.auth.password = MyPassword

discovery.sendtargets.auth.username = My_ISCSI_USR_NAME

discovery.sendtargets.auth.password = MyPassword

Where,

* node.session.* is used to set a CHAP username and password for initiator authentication by the target(s).
* discovery.sendtargets.* is used to set a discovery session CHAP username and password for the initiator authentication by the target(s)

You may also need to tweak and set other options. Refer to man page for more information. Now start the iscsi service:

# /etc/init.d/iscsi start

Step # 2: Discover targets
Now use iscsiadm command, which is a command-line tool allowing discovery and login to iSCSI targets, as well as access and management of the open-iscsi database. If your storage server IP address is 192.168.1.5, enter:

# iscsiadm -m discovery -t sendtargets -p 192.168.1.5

# /etc/init.d/iscsi restart

Now there should be a block device under /dev directory. To obtain new device name, type:

# fdisk -l

or

# tail -f /var/log/messages

Output:
Oct 10 12:42:20 ora9is2 kernel: Vendor: EQLOGIC Model: 100E-00 Rev: 3.2
Oct 10 12:42:20 ora9is2 kernel: Type: Direct-Access ANSI SCSI revision: 05
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: 41963520 512-byte hdwr sectors (21485 MB)
Oct 10 12:42:20 ora9is2 kernel: sdd: Write Protect is off
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: drive cache: write through
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: 41963520 512-byte hdwr sectors (21485 MB)
Oct 10 12:42:20 ora9is2 kernel: sdd: Write Protect is off
Oct 10 12:42:20 ora9is2 kernel: SCSI device sdd: drive cache: write through
Oct 10 12:42:20 ora9is2 kernel: sdd: unknown partition table
Oct 10 12:42:20 ora9is2 kernel: sd 3:0:0:0: Attached scsi disk sdd
Oct 10 12:42:20 ora9is2 kernel: sd 3:0:0:0: Attached scsi generic sg3 type 0
Oct 10 12:42:20 ora9is2 kernel: rtc: lost some interrupts at 2048Hz.
Oct 10 12:42:20 ora9is2 iscsid: connection0:0 is operational now
/dev/sdd is my new block device.

Step # 3: Format and Mount iSCSI Volume

You can now partition and create a filesystem on the target using usual fdisk and mkfs.ext3 commands:

# fdisk /dev/sdd

# mke2fs -j -m 0 -O dir_index /dev/sdd1

OR

# mkfs.ext3 /dev/sdd1

Tip: If your volume is large size like 1TB, run mkfs.ext3 in background using nohup:

# nohup mkfs.ext3 /dev/sdd1 &

Mount new partition:

# mkdir /mnt/iscsi

# mount /dev/sdd1 /mnt/iscsi

Step #4: Mount iSCSI drive automatically at boot time

First make sure iscsi service turned on at boot time:

# chkconfig iscsi on

Open /etc/fstab file and append config directive:

/dev/sdd1 /mnt/iscsi ext3 _netdev 0 0

How To Set Red hat / CentOS Linux Remote Backup / Snapshot Server

Q. I am using an HP RAID 6 server running RHEL 5.x. I’d like this box to act as a backup server for my other Red Hat DNS and Web server. The server must keep backup in hourly, daily and monthly format. How do I configure my Red Hat / CentOS Linux server as remote backup or snapshot server?

A. rsnapshot is easy, reliable and a good disaster recovery backup solution. It is a remote backup program that uses rsync to take backup snapshots of your filesystems. It uses hard links to save space on disk and offers following features:

• Filesystem snapshot – for local or remote systems.

• Database backup – MySQL backup

• Secure – Traffic between remote backup server is always encrypted using openssh

• Full backup – plus incremental

• Easy to restore – Files can restored by the users who own them, without the root user getting involved.

• Automated backup – Runs in background via cron.

• Bandwidth friendly – rsync used to save bandwidth

Sample setup

• snapshot.example.com – HP box with RAID 6 configured with Red Hat / CentOS Linux ac as backup server for other clients.

• DNS ns1.example.com – Red Hat server act as primary name server.

• DNS ns2.example.com – Red Hat server act as secondary name server.

• www.example.com – Red Hat running Apache web server.

• mysql.example.com – Red Hat mysql server.

Install rsnapshot

Login to snapshot.example.com. Download rsnapshot rpm file, enter: WARNING! These examples only works on Red hat / CentOS / Suse / RHEL / Fedora Linux. See Debian / Ubuntu Linux backup server instructions here.

# cd /tmp

# wget http://www.rsnapshot.org/downloads/rsnapshot-1.3.0-1.noarch.rpm

# wget http://www.rsnapshot.org/downloads/rsnapshot-1.3.0-1.noarch.rpm.md5

Verify rpm file for integrity, enter

# md5sum -c rsnapshot-1.3.0-1.noarch.rpm.md5

Sample output:
rsnapshot-1.3.0-1.noarch.rpm: OK
Install rsnapshot, enter:

# rpm -ivh rsnapshot-1.3.0-1.noarch.rpm
Sample output:
Preparing… ########################################### [100%]
1:rsnapshot ########################################### [100%]

Configure rsnapshot

You need to perform following steps

Step # 1: Configure passwordless login

To perform remote backup you need to setup passwordless login using openssh. Create ssh rsa key and upload them to all servers using scp (note you are overwriting ~/ssh/authorized_keys2 files).You need to type following commands on snapshot.example.com server:

# ssh-keygen -t rsa

# scp .ssh/id_rsa.pub root@ns1.example.com:.ssh/authorized_keys2

# scp .ssh/id_rsa.pub root@ns2.example.com:.ssh/authorized_keys2

# scp .ssh/id_rsa.pub root@www.example.com:.ssh/authorized_keys2

# scp .ssh/id_rsa.pub root@mysql.example.com:.ssh/authorized_keys2

Step # 2: Configure rsnapshot

The default configuration file is located at /etc/rsnapshot.conf. Open configuration file using a text editor, enter:

# vi /etc/rsnapshot.conf

Configuration rules

You must follow two configuration rules:

• rsnapshot config file requires tabs between elements.

• All directories require a trailing slash. For example, /home/ is correct way to specify directory, but /home is wrong.

First, specify root directory to store all snapshots such as /snapshots/ or /dynvol/snapshot/ as per your RAID setup, enter:

snapshot_root /raiddisk/snapshots/

You must separate snapshot_root and /raiddisk/snapshots/ by a [tab] key i.e. type snapshot_root hit [tab] key once and type /raiddisk/snapshots/.

Define snapshot intervals

You need to specify backup intervals i.e. specify hourly, daily, weekly and monthly intervals:

interval hourly 6

interval daily 7

interval weekly 4

interval monthly 3

The line “interval hourly 6″ means 6 hourly backups a day. Feel free to adapt configuration as per your backup requirements and snapshot frequency.

Remote backup directories

To backup /var/named/ and /etc/ directory from ns1.example.com and ns2.example.com, enter:

backup root@ns1.example.com:/etc/ ns1.example.com/

backup root@ns1.example.com:/var/named/ ns1.example.com/

backup root@ns2.example.com:/etc/ ns2.example.com/

backup root@ns2.example.com:/var/named/ ns2.example.com/

To backup /var/www/, /var/log/httpd/ and /etc/ directory from www.example.com, enter

backup root@www.example.com:/var/www/ www.example.com/

backup root@www.example.com:/etc/ www.example.com/

backup root@www.example.com:/var/log/httpd/ www.example.com/

To backup mysql database files stored at /var/lib/mysql/, enter:

backup root@mysql.example.com:/var/lib/mysql/ mysql.example.com/dbdump/Save and close the file. To test your configuration, enter:

# rsnapshot configtest

Sample output:

Syntax OK

Schedule cron job

Create /etc/cron.d/rsnapshot cron file. Following values used correspond to the examples in
#vim /etc/rsnapshot.conf.

0 */4 * * * /usr/bin/rsnapshot hourly

50 23 * * * /usr/bin/rsnapshot daily

40 23 * * 6 /usr/bin/rsnapshot weekly

30 23 1 * * /usr/bin/rsnapshot monthly

Save and close the file. Now rsnapshot will work as follows to backup files from remote boxes:

1. 6 hourly backups a day (once every 4 hours, at 0,4,8,12,16,20)

2. 1 daily backup every day, at 11:50PM

3. 1 weekly backup every week, at 11:40PM, on Saturdays (6th day of week)

4. 1 monthly backup every month, at 11:30PM on the 1st day of the month

How do I see backups?

To see backup change directory to

# cd /raiddisk/snapshots/

# ls -l

Sample output:
drwxr-xr-x 4 root root 4096 2008-07-04 06:04 daily.0
drwxr-xr-x 4 root root 4096 2008-07-03 06:04 daily.1
drwxr-xr-x 4 root root 4096 2008-07-02 06:03 daily.2
drwxr-xr-x 4 root root 4096 2008-07-01 06:02 daily.3
drwxr-xr-x 4 root root 4096 2008-06-30 06:02 daily.4
drwxr-xr-x 4 root root 4096 2008-06-29 06:05 daily.5
drwxr-xr-x 4 root root 4096 2008-06-28 06:04 daily.6
drwxr-xr-x 4 root root 4096 2008-07-05 18:05 hourly.0
drwxr-xr-x 4 root root 4096 2008-07-05 15:06 hourly.1
drwxr-xr-x 4 root root 4096 2008-07-05 12:06 hourly.2
drwxr-xr-x 4 root root 4096 2008-07-05 09:05 hourly.3
drwxr-xr-x 4 root root 4096 2008-07-05 06:04 hourly.4
drwxr-xr-x 4 root root 4096 2008-07-05 03:04 hourly.5
drwxr-xr-x 4 root root 4096 2008-07-05 00:05 hourly.6
drwxr-xr-x 4 root root 4096 2008-07-04 21:05 hourly.7
drwxr-xr-x 4 root root 4096 2008-06-22 06:04 weekly.0
drwxr-xr-x 4 root root 4096 2008-06-15 09:05 weekly.1
drwxr-xr-x 4 root root 4096 2008-06-08 06:04 weekly.2

How do I restore backup?

Let us say you would like to restore a backup for www.example.com. Type the command as follows (select day and date from ls -l output):

# cd /raiddisk/snapshots/
# ls -l

# cd hourly.0/www.example.com/

# scp -r var/www/ root@www.example.com:/var/www/

# scp -r etc/httpd/ root@www.example.com:/etc/httpd/

How do I exclude files from backup?

To exclude files from backup, open rsnapshot.conf file and add following line:

exclude_file /etc/rsnapshot.exclude.www.example.com

Create /etc/rsnapshot.exclude.www.example.com as follows:

/var/www/tmp/

/var/www/*.cache

That’s It!

MySQL Change Password
How do I MySQL root password under Linux, FreeBSD, OpenBSD and UNIX like operating system over ssl / telnet session ?
Setting up mysql password is one of the essential tasks.

By default root user is MySQL admin account. Please note that the Linux / UNIX login root account for your operating system and MySQL root are different. They are separate and have nothing to do with each other (indeed some admins remove the root account and setup admin as mysql super user).

mysqladmin command to change root password:

If you have never set a root password for MySQL, the sever doesn’t require a password at all for connecting as root to setup root password for first time, use the mysqladmin command at shell prompt as follows:

$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root passwod, then you need to use following command

$ mysqladmin -u root -p’oldpassword’ password newpass

For example, if old password abc, and set new password 123456, enter:

$ mysqladmin -u root -p’abc’ password ‘123456′

Change MySQL password for other user:

To change a normal user password you need to type (let us assume to would like to change password for ashish):

$ mysqladmin -u ashish -p oldpassword password newpass

Changing MySQL root user password using MySQL sql command:

This is the another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using
the following method to update or change password for user ashish:

1) Loging to mysql server, type following command at shell prompt:
$ mysql -u root -p
2) Use mysql database (type command at mysql>prompt):
mysql> use mysql;
3) Change password for user ashish
mysql> update user set password=PASSWORD(“NEWPASSWORD”) where User=’ashish’;
4) Reload privileges:
mysql> flush privileges;
mysql> quit
$ mysql -u root -p

MySQL can sometimes create big problems on a server when you have users abusing it.
This article will teach you how to correctly identify the queries that are creating a problem for your server.

MySQL can log those queries that are taking longer then X seconds but this future is not turned on by default.
Here’s how you turn it on:
Login to your server as root
Open my.cnf with your favorite editor. Example:
vim /etc/my.cnf

Into the [mysqld] section add the fallowing lines
log-slow-queries = /var/log/mysql-slow.log
long_query_time = 3

This is just an example. You can use any file name that you want and you can modify the long_query_time to any value. In this example I will be logging to /var/log/mysql-slow.log any queries that are taking longer then 3 seconds.

Go ahead and save the configuration.
For vim: CTRL+X and YES

Now we have to actually create the log file.
touch /var/log/mysql-slow.log

Now we are changing the owner of the file so that mysql and actually write to it.
chown mysql.root /var/log/mysql-slow.log

Now we restart mysql
service mysql restart

It should restart successfully. If it doesn’t check that you didn’t brake my.cnf by examining the error file in your data directory.

Wait a few minutes and then examine the slow queries log
A few examples on how to do it:

cat /var/log/mysql-slow.log
tail /var/log/mysql-slow.log
tail -50 /var/log/mysql-slow.log

After you have identified the offending query go ahead and optimize or remove it.
Again test the results by looking at your server load and the mysql slow queries log.

After you fixed all the problems go ahead and comment the slow queries logging as it will slow your server a bit if you leave it on. my.cnf should now look similar to this:

#log-slow-queries = /var/log/mysql-slow.log
#long_query_time = 3

And don’t forget to restart MySQL after this.

service mysql restart

Hope this helps !

Install MySQL Performance Tuning Primer Script

Tuning the performance of MySQL can be a really hard job to do.
There are many things to consider and no two servers are identical so there is no universal solution.
Tuning Primer is a script that will help you tune your mysql installation by providing very healthy recommendations based on past mysql records.
For the script to be efficient you must run the mysql server for at least 48 hours.
Installation is extremely simple:

Download the script
wget http://day32.com/MySQL/tuning-primer.sh

Change the permissions for the file
chmod 755 tuning-primer.sh

Run it
./tuning-primer.sh

Apply the sugesttions

Enjoy!