Memo

From AleikoumWiki

(Difference between revisions)
Jump to: navigation, search
m
Current revision (16:49, 10 October 2013) (edit) (undo)
m (Divers)
 
(25 intermediate revisions not shown.)
Line 7: Line 7:
=== Divers ===
=== Divers ===
<pre>
<pre>
 +
 +
# find remote adresse mac
 +
arp-scan 192.168.200.0/24
 +
 +
# taille du fichier
 +
stat -c '%s' file.txt
 +
# timestamp de la derniere modif du fichier
 +
stat -c '%Y' file.txt
 +
 +
# pratique !
 +
FILE_EXTENSION="${FILENAME_TMP##*.}"
 +
 +
 +
# math en bash ! je passe par perl
 +
perl -E "say 1-($PLOP-$PLIP)"
 +
 +
 +
update-locale LC_ALL=en_US.UTF-8
 +
update-locale LC_TYPE=en_US.UTF-8
 +
 +
# le resultat sont les lignes uniquement dans file1
 +
diff <(sort file1) <(sort file2)
 +
 +
# smartctl
 +
smartctl -a /dev/sda
 +
# then
 +
status=$?
 +
for ((i=0; i<8; i++)); do
 +
echo "Bit $i: $((status & 2**i && 1))"
 +
done
 +
# understand the bits: http://smartmontools.sourceforge.net/man/smartctl.8.html
 +
# tester un plugin munin
# tester un plugin munin
munin-run --debug --config /etc/munin/munin-node.conf nom_plugin
munin-run --debug --config /etc/munin/munin-node.conf nom_plugin
Line 101: Line 133:
find /data/images -newer /tmp/foo
find /data/images -newer /tmp/foo
-
 
+
# split
 +
cat file | split -d -l $NUMBER - file-split.
# umask pour avoir du 664 a mettre dans le bashrc
# umask pour avoir du 664 a mettre dans le bashrc
Line 374: Line 407:
iptables -P FORWARD ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P OUTPUT ACCEPT
- 
-
# some git stuff
 
-
git clone git@machine:repo
 
-
git config --global user.name "Erwan Ben Souiden"
 
-
git config --global user.email "erwan.bensouiden@plop.com
 
Line 450: Line 478:
/tmp/plop.sh $MODULO
/tmp/plop.sh $MODULO
fi
fi
 +
 +
 +
 +
 +
# dec > hex
 +
hex() { echo $1 16op | dc; }
 +
hex() { printf "%X\n" $1; }
 +
 +
 +
# tu clones ta virtual box debian et tu n as pas de carte reseau ?
 +
rm /etc/udev/rules.d/70-persistent-net.rules
 +
reboot
</pre>
</pre>
Line 540: Line 580:
...
...
[ $DEBUG_VALUE -ge 1 ] && echo "$NOM_SHELL - CRITICAL : cas critique" >> $SORTIE 2>&1
[ $DEBUG_VALUE -ge 1 ] && echo "$NOM_SHELL - CRITICAL : cas critique" >> $SORTIE 2>&1
 +
</pre>
 +
 +
 +
Verifier qu un element est dans une liste !
 +
<pre>
 +
function elementExists()
 +
{
 +
myexcluded_list=$2
 +
 +
if [ -z "$1" ]
 +
then
 +
return
 +
fi
 +
 +
for i in ${myexcluded_list[@]}
 +
do
 +
if [ $i == $1 ]
 +
then
 +
return 1
 +
fi
 +
done
 +
return 0
 +
}
</pre>
</pre>
Line 818: Line 881:
<pre>
<pre>
 +
 +
# some git stuff
 +
git clone git@machine:repo
 +
git config --global user.name "Erwan Ben Souiden"
 +
git config --global user.email "erwan.bensouiden@plop.com
 +
# nombre de commits par commiters
# nombre de commits par commiters
git shortlog -s -n
git shortlog -s -n
Line 832: Line 901:
# date des tags
# date des tags
git log --tags --simplify-by-decoration --pretty="format:%ai %s"
git log --tags --simplify-by-decoration --pretty="format:%ai %s"
 +
# liste de tous les tags
 +
git for-each-ref --sort='*authordate' --format='%(refname:short)' refs/tags
 +
# info sur le taf
 +
git show TAG_NAME
 +
 +
# really useful for your post-merge script
 +
git diff --name-only HEAD@{1}..HEAD
</pre>
</pre>
Line 851: Line 927:
# pour bash
# pour bash
psql $BASE -t --no-align --field-separator ';' -c "$QUERY"
psql $BASE -t --no-align --field-separator ';' -c "$QUERY"
 +
# just in case
 +
psql -U $USER --host $hOST --port $PORT $BASE -t --no-align --field-separator ';' -c "$QUERY"
#
#
createuser -D -R -S -P -E yourusername
createuser -D -R -S -P -E yourusername
createdb -O yourusername yourDB
createdb -O yourusername yourDB
 +
 +
# change password
 +
ALTER USER youruser WITH ENCRYPTED PASSWORD 'password';
 +
 +
#
 +
## list all triggers
 +
select * from pg_trigger;
 +
## display triggers in psql
 +
select prosrc from pg_trigger,pg_proc where pg_proc.oid=pg_trigger.tgfoid and pg_trigger.tgname = 'TRIGGER_NAME'
 +
 +
# enable plpgsql
 +
createlang -U postgres plpgsql DATABASE_NAME
 +
# list all enabled languages of a database
 +
createlang -U postgres -l DATABASE_NAME
 +
</pre>
</pre>
Line 861: Line 954:
# voir ce qui se passe au global
# voir ce qui se passe au global
select * from pg_stat_activity;
select * from pg_stat_activity;
 +
# reduction sur les current queries
 +
SELECT datname,procpid,current_query FROM pg_stat_activity;
# voir ce qui se passe avec tri sur les 10 plus vieilles
# voir ce qui se passe avec tri sur les 10 plus vieilles
SELECT datname,procpid,current_query, query_start FROM pg_stat_activity ORDER BY query_start limit 10;
SELECT datname,procpid,current_query, query_start FROM pg_stat_activity ORDER BY query_start limit 10;
Line 900: Line 995:
SELECT c.relname as "Name" FROM pg_catalog.pg_class c LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace LEFT JOIN pg_catalog.pg_index i ON i.indexrelid = c.oid LEFT JOIN pg_catalog.pg_class c2 ON i.indrelid = c2.oid WHERE c.relkind IN ('i','') AND n.nspname <> 'pg_catalog' AND n.nspname <> 'information_schema' AND n.nspname !~ '^pg_toast' AND pg_catalog.pg_table_is_visible(c.oid);
SELECT c.relname as "Name" FROM pg_catalog.pg_class c LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace LEFT JOIN pg_catalog.pg_index i ON i.indexrelid = c.oid LEFT JOIN pg_catalog.pg_class c2 ON i.indrelid = c2.oid WHERE c.relkind IN ('i','') AND n.nspname <> 'pg_catalog' AND n.nspname <> 'information_schema' AND n.nspname !~ '^pg_toast' AND pg_catalog.pg_table_is_visible(c.oid);
 +
# stats sur les index
 +
SELECT schemaname, relname, indexrelname, idx_scan, idx_tup_read, idx_tup_fetch FROM pg_stat_all_indexes where schemaname='public' ORDER BY schemaname, relname;
 +
 +
# affiche toutes les commandes pour vider une base
 +
SELECT 'TRUNCATE TABLE ' || tablename || ' CASCADE;' FROM pg_tables WHERE tableowner='msot-user';
 +
# mais astuce
 +
DROP DATABASE mydb;
 +
CREATE DATABASE mydb TEMPLATE my_template;
 +
 +
 +
drop view pg_buffercache;
 +
drop function pg_buffercache_pages();
 +
create extension pg_buffercache;
</pre>
</pre>
Line 938: Line 1,046:
# Grant select permissions on all database tables from the command line:
# Grant select permissions on all database tables from the command line:
psql -U postgres -qAt -c "select 'grant select on ' || tablename || ' to \"mydbuser_ro\";' from pg_tables where schemaname = 'public'" mydb | psql -U postgres mydb
psql -U postgres -qAt -c "select 'grant select on ' || tablename || ' to \"mydbuser_ro\";' from pg_tables where schemaname = 'public'" mydb | psql -U postgres mydb
 +
 +
 +
 +
 +
 +
#note: chaque table est sur ce schema
 +
REVOKE ALL ON TABLE mytable FROM PUBLIC;
 +
REVOKE ALL ON TABLE mytable FROM mydbuser;
 +
GRANT ALL ON TABLE mytable TO mydbuser;
 +
GRANT SELECT ON TABLE mytable TO "mydbuser_ro";
</pre>
</pre>
Line 966: Line 1,084:
logging_collector = on
logging_collector = on
log_directory = 'pg_log'
log_directory = 'pg_log'
-
log_filename = 'postgresql-no_statement.log'
+
log_filename = 'postgresql-only_error.log'
-
log_rotation_age = 0
+
log_rotation_size = 10MB
client_min_messages = error
client_min_messages = error
log_min_messages = fatal
log_min_messages = fatal
Line 975: Line 1,093:
log_disconnections = off
log_disconnections = off
log_duration = off
log_duration = off
-
log_error_verbosity = default
+
log_error_verbosity = verbose
log_hostname = off
log_hostname = off
-
log_line_prefix = '%t [%p]: [%l-1] '
+
log_line_prefix = '%t [%p]: [%l-1] db=%d,user=%u '
log_statement = 'none'
log_statement = 'none'
...
...
Line 989: Line 1,107:
logging_collector = on
logging_collector = on
log_directory = 'pg_log'
log_directory = 'pg_log'
-
log_filename = 'postgresql-%Y-%m-%d-%H.log'
+
log_filename = 'postgresql-%Y-%m-%d.log'
-
log_rotation_age = 60
+
log_min_duration_statement = 0
-
#client_min_messages = notice
+
-
#log_min_messages = warning
+
-
#log_min_error_statement = error
+
-
#log_min_duration_statement = -1
+
log_checkpoints = on
log_checkpoints = on
log_connections = on
log_connections = on
Line 1,001: Line 1,115:
log_error_verbosity = default
log_error_verbosity = default
log_hostname = on
log_hostname = on
-
log_line_prefix = '%t [%p]: [%l-1] '
+
log_line_prefix = '%t [%p]: [%l-1] db=%d,user=%u '
-
log_statement = 'all'
+
log_lock_waits = on
 +
log_statement = 'none'
 +
log_temp_files = 0
..
..
</pre>
</pre>
Line 1,120: Line 1,236:
# supprimer les messages frozen de la queue
# supprimer les messages frozen de la queue
exiqgrep -z -i | xargs exim -Mrm
exiqgrep -z -i | xargs exim -Mrm
 +
 +
# releaser manuellement un mail
 +
exim -v -M $ID_MAIL
 +
</pre>
 +
 +
 +
== SVN ==
 +
 +
=== Log XML problem ===
 +
 +
It's relatively rare but sometimes when you dump a log in xml format. E.g :
 +
<pre>
 +
$ svn log --xml -v https://pyx4j.com/svn/pyx4me/pyx4me-maven-plugins/proguard-maven-plugin > /tmp/proguard-maven-plugin-DUMP
 +
</pre>
 +
And if you read /tmp/proguard-maven-plugin-DUMP you'll find this :
 +
<pre>
 +
<?xml version="1.0"?>
 +
<log>
 +
<logentry
 +
revision="4011">
 +
<author>vlads</author>
 +
<date>2009-09-10T16:17:24.482460Z</date>
 +
<paths>
 +
<path
 +
kind=""
 +
action="M">/pyx4me/pyx4me-maven-plugins/j2me-maven-plugin/pom.xml</path>
 +
<path
 +
kind=""
 +
action="M">/pyx4me/pyx4me-maven-plugins/obex-maven-plugin/pom.xml</path>
 +
<path
 +
kind=""
 +
action="M">/pyx4me/pyx4me-maven-plugins/pom.xml</path>
 +
<path
 +
kind=""
 +
action="M">/pyx4me/pyx4me-maven-plugins/proguard-maven-plugin/pom.xml</path>
 +
</paths>
 +
 +
...
 +
</pre>
 +
The kind attribut is empty.
 +
 +
We test it with several SVN client version and still got the same "problem".
 +
 +
So we decide to download the subversion sources and check it. And we find the following interesting lines in the file /path/subversion-1.6.13/subversion/svn/schema/log.rnc :
 +
<pre>
 +
...
 +
 +
## Path within repository.
 +
path = element path { attlist.path, text }
 +
attlist.path &=
 +
## "action code": A)dd, D)elete, R)eplace or M)odify
 +
attribute action { "A" | "D" | "R" | "M" },
 +
## kind is "" when repository was < 1.6 when committing
 +
attribute kind { "file" | "dir" | "" },
 +
(
 +
## The copyfrom path within repository.
 +
attribute copyfrom-path { text },
 +
## Copyfrom revision number.
 +
attribute copyfrom-rev { revnum.type })?
 +
 +
...
 +
</pre>
 +
 +
It seems to depend of the subversion server version when you commit your changes !
 +
 +
But why do we see this only on few repositories (reminder : subrversion v1.6 was released on 20/03/2009) ?
 +
* there are stil some old subversion servers
 +
* some subversion servers seem to be upgraded in a badly way thus the kind attribut stay empty...
 +
 +
 +
 +
=== Hack the date of a revision ===
 +
 +
If you want to change the date of a revision
 +
* First create this file in your repo : <path_to_repo>/hooks/pre-revprop-change (please be sure this file is executable :) )
 +
<pre>
 +
#!/bin/sh
 +
 +
REPOS="$1"
 +
REV="$2"
 +
USER="$3"
 +
PROPNAME="$4"
 +
ACTION="$5"
 +
 +
if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:log" ]; then exit 0; fi
 +
if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:date" ]; then exit 0; fi
 +
 +
echo "Changing revision properties other than svn:log or svn:date is prohibited" >&2
 +
exit 1
 +
</pre>
 +
 +
* Then you just have to run the following command in your copy :
 +
<pre>
 +
$ svn propset -r2 --revprop svn:date "2018-03-10T03:00:00.000000Z"
</pre>
</pre>
 +
!!! the date must follow the [http://fr.wikipedia.org/wiki/ISO_8601#Fuseau_horaire ISO date format].

Current revision

Au moins je suis sur de rien perdre comme ca !


Contents

Commandes Linux diverses

Divers


# find remote adresse mac
arp-scan 192.168.200.0/24

# taille du fichier
stat -c '%s' file.txt
# timestamp de la derniere modif du fichier
stat -c '%Y' file.txt 

# pratique !
FILE_EXTENSION="${FILENAME_TMP##*.}"


# math en bash ! je passe par perl
perl -E "say 1-($PLOP-$PLIP)"


update-locale LC_ALL=en_US.UTF-8
update-locale LC_TYPE=en_US.UTF-8

# le resultat sont les lignes uniquement dans file1
diff <(sort file1) <(sort file2)

# smartctl
smartctl -a /dev/sda
# then
status=$?
for ((i=0; i<8; i++)); do
  echo "Bit $i: $((status & 2**i && 1))"
done
# understand the bits: http://smartmontools.sourceforge.net/man/smartctl.8.html

# tester un plugin munin
 munin-run --debug --config /etc/munin/munin-node.conf nom_plugin

# pas oublier le sed -i ! ca evite de passer par un fichier temp !

# Cette ligne va unlink tout les pipes contenu dans /tmp  
for i in `ls -la /tmp | grep '^prwxrwxrwx' |tr -s ' '|cut -d' ' -f9`; do `unlink /tmp/$i`;done

# Efface tout les liens du repertoire courant
for i in `ls -la . | grep '^lrwxrwxrwx' |tr -s ' '|cut -d' ' -f9`; do `rm -rf $i`;done

# TEST
for a in `grep -rn "_msg" * | sed "s/.*_msg \(....\).*/\1/g"`; do cat /users/too00/data/ecrit_log.msg | grep $a > /dev/null && echo "$a orphelin : $?" ; done

# tronquer les lignes au de X caracteres de nom_fichier
fold -w X nom_fichier

# et hop type en majuscule !
$type=`echo "$type" | tr '[:lower:]' '[:upper:]'`

# Liste le contenu du repertoire courant en classant par ordre croissant de creation, la date est de type : date +"%s"
ls -l --time-style=+%s | sed -e 's/^.* \([0-9]*\) \([^ ]*\)$/\1 \2/'

# Liste le contenu du repertoire courant en classant par ordre decroissant de creation, la date est de type : date +"%s"
ls -rl --time-style=+%s | sed -e 's/^.* \([0-9]*\) \([^ ]*\)$/\1 \2/'

# au lieu de faire un head | tail 
sed 'debut_bloc,fin_bloc!d' nom_fichier

# megacommande perso
rpm -qil -g PSA | grep "Build Date" | sed "s/.*Build Date: \(.*\)/\1/g" | while read a;do  date -d "$a" +%Y%m%d;done | sort | tail -n 1
ou
rpm -qil -g PSA | grep "Build Date" | awk -F: '{print "date -d \""$3"\" +%Y%m%d"}'|sh|sort -u | tail -1

# Connaitre la taille du contenu d'un repertoire
du -hs le_rep

# Petite manip
$ aa="test"
$ bb="rere"
$ testrere="ajourdhui"
$ port=$aa$bb
$ echo $port
testrere
$ echo ${!port}
ajourdhui

# Code retour d'une commande
[toto@p00]$ ll ~
[toto@p00]$ echo $?		 --> 0
[toto@p00]$ ll /root
[toto@p00]$ echo $?		 --> 1, si pas le droit !

# Copie d'un groupe de fichier en le renommant 
for i in `ls *.cgi`; do cp $i $i.bkp ; done		# ici tous les .cgi sont COPIES et RENOMMES en .bkp

# Changer un mot dans une liste de fichier
for a in `grep -rl 'httpd2' *` ; do echo "traite $a"; sed -e 's,/httpd2/,/httpd/,g' $a > out.sed && mv -f out.sed $a ; done
# remplace le mot /httpd2/ contenu dans tout les fichiers du repertoire courant et le remplace par /httpd/

#Formattage en ext3 avec le label plop !
mke2fs -j /dev/PARTITION -L plop
# en fat32
mkdosfs -v -F 32 /dev/PARTITION -n plop

#Monter un lecteur NFS : en read only avec le no lock !
mount -o ro,nolock @serveur_nfs:/usr/local/plop /mnt/temp/

#Envoie de mail a la volee
sendmail -f plop@oo.com -F "plop le ouf" erwan@oo.com
echo "Subject: Le sujet" | cat fichier | /usr/sbin/sendmail -F "plop le ouf" -f plop.oo.cim erwan@oo.com
uuencode Master.csv Master.csv | /usr/sbin/sendmail -f erwan@eo.com -F "Test" erwan@eo.com

# la même chose en mode compile :
$ echo "Subject:Plop" > plop
$ echo -e "lalalalala des barres\n" >> plop
$ uuencode Master.csv Master.csv >> plop
$ /usr/sbin/sendmail -f erwan@linkeo.com -F "Test" erwan@linkeo.com < plop


#Recherche d'un fichier (correspondant à une pattern) dans une arborescence donné
find /home/plop/public/BACKUPS-MACHINES/Ntbackup/ -name "1-*" -print -follow 2> /dev/null

#
find /srv/optimail/private-maildirs/9/u000003019/Maildir/new/ -ctime -5 -print -exec cp {} /srv/optimail/private-maildirs/local/u000002520/Maildir/.copie5j/new/ \;

#
find /var/linkfirst/www/preprod/ -not -user www-data -exec chown www-data:www-data {} \;

# astuce de find
touch --date "2010-01-05" /tmp/foo
# Find files newer than 2010/Jan/05, in /data/images
find /data/images -newer /tmp/foo

# split
cat file | split -d -l $NUMBER - file-split.

# umask pour avoir du 664 a mettre dans le bashrc 
umask 0002

#convertir un timestamp en date classique 
date -d "1970-01-01 UTC + $TIMESTAMP seconds" +"%Y/%m/%d %H:%M:%S"
#l'inverse
date -d $AAAA-$MM-$JJ +"%s"


#mysql divers
> show variables;


# petit truc avec find 
find ./ -size +200000k -printf "Size: %kK\tPath: %p\n"
find /tmp/erwan/letestrm/* -mtime +30 -delete #efface tout les fichiers modifie la derniere fois il y a plus 30jours !
find /tmp/erwan/letestrm/* -type f -ctime +30 -exec rm -v {} \; #efface tout les fichiers modifie la derniere fois il y a plus 30jours !
find /tmp/erwan/letestrm/* -mtime -30 -delete #efface tout les fichiers modifie la derniere fois il y a moins 30jours !
find /srv/samba/lnk_crea/ -maxdepth 0 -mtime +30 -exec du -sh {} \;
for dossier in `find /mnt/vd0/administratif-* -maxdepth 0 -mtime +10`; do echo "plop : $dossier"; done
#astuce sur : http://www.ai.univ-paris8.fr/~fb/Cours/Exposes0405-1/find.html

# oui parle moi petit serveur 
nmap -sV -p port addresse server # avec -O on peut avoir l'OS !!
# scanner par ping son reseau
nmap -sP A.B.C.*
* port ouvert d'une machine
nmap -sS A.B.C.D

# un ps pratique
ps -eo pcpu,pmem,args | sort -k 1 -r

# fork bomb
:(){ :|:& };:
# on previent ce danger via : /etc/security/limits.conf en limitant simplement le nombre de processus par user

# qu est ce qu on graphe dans notre base RRD ? bref quelles sont les ordonnees qu'on a dans un fichier rrd
rrdtool info fichier.rrd | grep ds | grep type | cut -d [ -f 2 | cut -d ] -f 1

#en test : validation d une adresse IP
expr match 40.255.255.26 '[0-2]\{0,1\}[0-5]\{0,1\}[0-9]\{1,2\}.[0-2]\{0,1\}[0-5]\{0,1\}[0-9]\{1,2\}.[0-2]\{0,1\}[0-5]\{0,1\}[0-9]\{1,2\}.[0-2]\{0,1\}[0-5]\{0,1\}[0-9]\{1,2\}$'

#retirer le dernier caractere
expr "bonjour" : "\(.*\).$"

# parcourir un fichier ligne a ligne, ouais ouais je sais des fois j'oublie !
cat /etc/ntp.conf | while read ligne
do
        echo "plop : $ligne"
done

# autre methode
while read ligne 
do
         echo "ma ligne : $ligne" 
done < /tmp/plop


#creer un splash screen a partir d une image donne
convert -resize 640x480 -colors 14 wallpaper.jpg imagepourgrub.xpm
gzip imagepourgrub.xpm

#manip printf
#adding leading zero in bash
printf "%03d" "0"
va donner 000
printf %02d 3
va donner 03
printf "%0.3f" 1234567.1
va donner 1234567.100

#afficher toutes les adresses ip montees
for addr in `ifconfig | grep "inet addr" | cut -d":" -f 2 | cut -d" " -f 1`
do
        listaddr="$listaddr$addr,"
done
listaddr=`expr $listaddr : "\(.*\).$"

#calcul
let a=$b+3
#ou
a=`expr $b+3`
#ou
a=$[$b+3]

# remove package debian in rc
dpkg -l | grep ^rc | cut -d' ' -f3|xargs dpkg -P


#un exemple d utilisation de sed 
soit le fichier test.txt contenant : 
-rw-r--r--  1 helbi helbi    6679 2008-05-09 17:24 nagios    of a i lover.dia
-rw-r--r--  1 helbi helbi   28186 2008-05-16 10:30 nagiosofailover-d  ou b lon.png
-rw-r--r--  1 helbi helbi   74846 2008-05-09 17:53 nagiosofailover.png
Je souhaite recuperer le nom du fichier... avec les espaces et tout et tout ! voici une methode :
sed 's/.*\(nagios.*\)/\1/' test.txt
enjoy !


#avoir le dernier mot d'une ligne avec sed :
echo $phrase | sed 's/^.* //'

#site howto NTP : http://www.traduc.org/docs/HOWTO/lecture/TimePrecision-HOWTO.html

# To automatically launch 'screen'
WINDOW=${WINDOW:-notset}
# If 'WINDOW' is not set, then its value is 'notset'
# In this case, we can launch 'screen', else, we do nothing
if [[ "$WINDOW" == "notset" ]] && [[ "$TERM" == "xterm" ]]; then
 screen -URD
fi


# un cron le dernier jour du mois ? facil
58 23 * * * [ `date -d tomorrow +%d` -eq '01' ] && echo "on est le dernier jour du mois !"

# outil diff plus facil a comprendre :) : http://os.ghalkes.nl/dwdiff.html


# genere mdp sous forme MD5 qu'on peut apres rejouer par exemple pour changer un password
mkpasswd -H md5 monmdp
#on peut rejouer ce resultat de la facon suivante : 
echo $result | chpasswd -e
#hop mdp passe change ! cette manip peut etre interessante pour changer des passwords sans que ces
#derniers passent en clair !



# getopts
OPTERR=0 # pour ne pas afficher les erreurs retournees par getopts
while getopts "h:dw:" optionName; do # toutes options suivies des : attends un parametre
    case "$optionName" in
       h)
            echo "option h avec $OPTARG"
            ;;
       d)
            echo "option d sans arg"
            ;;
       w)
            echo "option w avec $OPTARG"
            ;;
       [?]) # pour une option inconnue
            echo "option inconnue"
            exit 1
            ;;
    esac

done
shift $(($OPTIND -1))



# smbclient
smbclient \\\\IP_machine\\share -U user%password < commandes.txt
avec commandes :
get rep_origine\file_origine rep_distant\file_distant
quit


ou mount -t smbfs -o username="$LOGIN",password="$PASSWD" //$HOST$THESHARE $MONTAGE

lister :
smbclient -L <IP> -U <user>

#monter partage windows sous linux :
mount-t cifs -o username=toto,password=monsecret //adresseip/dossier /media/dossier

# on sait jamais si je dois refaire du float !
echo "scale=2;2/3" | bc | sed "s/\.\(.*\)/0.\1/g"

# shell and perl pour convertir des entrees en base64
cat file \
| perl -e 'use MIME::Base64;while (<>) { if (/^(.*):: (.*)$/) { print "$1: ".decode_base64($2)."\n";} else {print $_;}}'

#tcpdump
tcpdump -X  src host A.B.C.D port xxxx

#divers petite chose sur apt-get
apt-config dump # pour avoir la conf
apt-cache search plop # recherche de paquet plop
dpkg -l # liste des paquets installes

# monter une iso 
mount -o loop -t iso9660 /home/erwan/plop.iso /mnt/iso

#bigmem or not ?
grep HIGHMEM /boot/config-`uname -r`


# envoie d'email par sendmail en ligne de commande
cat test | sendmail -toi -vv -f plop@plop.com

cat test =
To:plip@plip.com
Subject:Essai
Test de mail

.




#afficher le contenu d'un fichier PEM : 
openssl x509 -inform PEM -in file -noout -text

#afficher le contenu d'un fichier PKCS#12 : 
openssl pkcs12 -in file 

#afficher le contenu d'un fichier CSR (certificate signing request) :
openssl req -noout -text -in server.csr


#Postfix
Voir la queue de postfix :
postqueue -p
La queue est la liste des courriels en attente.
Vider la queue :
postqueue -f
Supprimer un courriel dans la queue :
postsuper -d ID
(l’ID est donné par la commande postqueue -p)
Voir les statistiques de la queue :
qshape incoming active deferred
Les journaux d’activité sont /var/log/mail.*.


# le repo d'archi debian
http://archive.debian.org/debian-archive/debian/


# wget recursif
wget  -r -p http://ton.url.com


# pour avoir des stats sur les connexions tcp/ip
netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c


# dump dans des sql !=
BDDLIST=$(mysql -s -e "show databases;")
for BASE in $BDDLIST
do
    mysqldump --opt -Q -B "$BASE" | gzip > "$PATH_BCK"/"$DATE"_"$BASE".sql.gz
done

# les options pour un dump lisible :
mysqldump -uLOGIN -p --opt --skip-extended-insert MABASE > /home/erwan/MABASE-`date +%Y%m%d`.sql

# a ne pas oublier pour changer les options apt !
dpkg-reconfigure debconf


# montage dumb : dans la fstab
/srv/pureftpd/video/partage /srv/pureftpd/video/claire/partage none bind

#
mysql -e "SELECT * INTO OUTFILE '${dump_dir}/${i}_week_${date}.csv' FIELDS TERMINATED BY ';' OPTIONALLY ENCLOSED BY '"'"'"' LINES TERMINATED BY '\n' FROM ${base}.${i};"


# tu veux tout flusher dans ton iptables
#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT


# compter le nombre d'inodes
find /tmp -printf "%i\n" | sort -u | wc -l

# rebalancer les mails de la mailqueue
sendmail -q -v



# java 
keytool -import -alias aleikoum.net -keystore $JAVA_HOME/jre/lib/security/cacerts -file cert.crt
keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
keytool -delete -alias aleikoum.net -keystore $JAVA_HOME/jre/lib/security/cacerts

# wget de la mort
wget -r --level=0 -E --ignore-length -x -k -p -erobots=off -np -N http://url.com/dir --user=USER --password=PASSWORD


# passer des arguments avec des quotes en shell... plus un probleme
command2="$command1 $count \"$myarg\""
eval $command2

# interessant a retenir
THIRD_CHAR=`printf "%s" ${MY_STRING:2:1}`

# logcheck test
su logcheck -s /bin/bash -c "/usr/sbin/logcheck -l <logfile> -o -t"

# a ne pas oublier :)
[ "$(ls -A /tmp)" ] && echo "Not Empty" || echo "Empty"


# astuce pour les separateurs lors d'un read qui par defaut est <tab> et <space>
IFS=,
echo $'one\t\tthree' | tr \\11 , | (
  read one two three
  printf '<%s> ' "$one" "$two" "$three"; printf '\n'
)

# sort on multiple fields
cut -f3 plop.txt | sort -t / -k1n -k2n -n | uniq


# multiple var quand on ne peut pas faire : printf '$CHAINE%.0s' {0..4}
x() {
  # usage: x string num
  for i in $(seq 1 $2); do printf "%s" "$1"; done
  # print a newline only if the string does not end in a newline
  [[ "$1" == "${1%$'\n'}" ]] && echo ""
}

x "$CHAINE" $VAR



# convertisseur de colonne number en colonne "excel"
#!/bin/bash

COLONNE=$1

if [ $COLONNE -lt 27 ]
then
    let ASCII_VALUE=64+$COLONNE
    printf \\$(printf '%03o' $ASCII_VALUE)
else
    let PARTIE_ENTIERE=$COLONNE/26
    /tmp/plop.sh $PARTIE_ENTIERE
    let MODULO=$COLONNE%26
    /tmp/plop.sh $MODULO
fi




# dec > hex
hex() { echo $1 16op | dc; }
hex() { printf "%X\n" $1; }


# tu clones ta virtual box debian et tu n as pas de carte reseau ?
rm /etc/udev/rules.d/70-persistent-net.rules
reboot

Random Value in shell

Voici un petit script qui va permettre de generer des valeurs aleatoire en shell ouhou !

# If you need a random int within a certain range, use the 'modulo' operator.
# This returns the remainder of a division operation.

RANGE=500

echo

number=$RANDOM
let "number %= $RANGE"
echo "Random number less than $RANGE  ---  $number"

echo

# If you need a random int greater than a lower bound,
# then set up a test to discard all numbers below that.

FLOOR=200

number=0   #initialize
while [ "$number" -le $FLOOR ]
do
  number=$RANDOM
done
echo "Random number greater than $FLOOR ---  $number"
echo


# May combine above two techniques to retrieve random number between two limits.
number=0   #initialize
while [ "$number" -le $FLOOR ]
do
  number=$RANDOM
  let "number %= $RANGE"  # Scales $number down within $RANGE.
done
echo "Random number between $FLOOR and $RANGE ---  $number"
echo


# Generate binary choice, that is, "true" or "false" value.
BINARY=2
number=$RANDOM
T=1

let "number %= $BINARY"
# let "number >>= 14"    gives a better random distribution
# (right shifts out everything except last binary digit).
if [ "$number" -eq $T ]
then
  echo "TRUE"
else
  echo "FALSE"
fi  

echo

Base pour shell

mouais normalement on doit retrouver ceci :P :

# DEBUG_VALUE=0 : on affiche rien
# DEBUG_VALUE=1 : seulement les ERR/CRITICAL
# DEBUG_VALUE=2 : ERR/CRITICAL et WARN
# DEBUG_VALUE=3 : ERR/CRITICAL, WARN et INFO
# DEBUG_VALUE=4 : DEBUG max
export DEBUG_VALUE=4
export NOM_SHELL="$0"
export SORTIE="/dev/stdout"

#...
#puis dans le code
#...
[ $DEBUG_VALUE -ge 1 ] && echo "$NOM_SHELL - CRITICAL : cas critique" >> $SORTIE
[ $DEBUG_VALUE -ge 2 ] && echo "$NOM_SHELL - WARNING : cas warning" >> $SORTIE
[ $DEBUG_VALUE -ge 3 ] && echo "$NOM_SHELL - INFO : cas info" >> $SORTIE
[ $DEBUG_VALUE -ge 4 ] && echo "$NOM_SHELL - DEBUG : cas debug" >> $SORTIE

Nota :

export SORTIE="/dev/stdout"
...
[ $DEBUG_VALUE -ge 1 ] && echo "$NOM_SHELL - CRITICAL : cas critique" >> $SORTIE 2>&1


Verifier qu un element est dans une liste !

function elementExists()
{
        myexcluded_list=$2

        if [ -z "$1" ]
        then
                return
        fi

        for i in ${myexcluded_list[@]}
        do
                if [ $i == $1 ]
                then
                        return 1
                fi
        done
        return 0
}

Divers perl

# connaitre la version de manip
perl -MDate::Manip -e 'print "$Date::Manip::VERSION\n"'
# connaitre le 3eme samedi du mois courant
use Date::Manip;   
$days = ParseDate("today" ); 
#recherche du mois courant 
$mois=UnixDate($days,"%B" ); 
print $mois;print "\n";  
$date = ParseDate("3rd saturday in $mois" ); 
print &UnixDate($date,"%Y-%m-%d" );


# qqmanipulations avec Manip
# convertir un timestamp
my $date = DateCalc("Jan 1, 1970  00:00:00 GMT","+ $secs");
$date = UnixDate($date,"%Y%m%d.%H%M%S");
# pour manipuler des date au format DD/MM/YYYY
Date_Init("Language=French", "DateFormat=non-US");

#
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtime(time);
my $file_timestamp = sprintf "%4d%02d%02d%02d%02d%02d",$year+1900,$mon+1,$mday,$hour,$min,$sec;
# ma gestion du debug et des sorties en Perl
my ($sortie_err,$sortie_std)=("STDERR","STDOUT");
# debug_value=0 : on affiche rien
# debug_value=1 : seulement les ERR/CRITICAL
# debug_value=2 : ERR/CRITICAL et WARN
# debug_value=3 : ERR/CRITICAL, WARN et INFO
# debug_value=4 : DEBUG max
my $debug_value=4;

GetOptions (
	'E=s' => \ $sortie_err,
	'err=s' => \ $sortie_err,
	'S=s' => \ $sortie_std,
	'std=s' => \ $sortie_std
);

open(STDERR, ">>$sortie_err") || die "Erreur E/S:$!\n" if ($sortie_err != "STDERR");
open(STDOUT, ">>$sortie_std") || die "Erreur E/S:$!\n" if ($sortie_std != "STDOUT");

print STDERR "sur erreur\n" if ($debug_value >= 1);
print STDOUT "sur standard\n" if ($debug_value >= 4);

close (STDOUT) if ($sortie_std != "STDOUT");
close (STDERR) if ($sortie_err != "STDERR");


# lors du cgi

# Récupération de input

# Si GET
my $input=$ENV{'QUERY_STRING'};
# Si passage en ligne de commande alors prime devant le reste
$input = $ARGV[0] if (defined $ARGV[0]);
# Si POST
read(STDIN, $input, $ENV{'CONTENT_LENGTH'}) if ($ENV{'REQUEST_METHOD'} eq 'POST');

$input=~s/\+/ /g;
$input=~s/%40/\\@/g;
$input=~s/%2C/,/g;

# Donnée rangée dans un hash
my @liste_arg = split(/&/,$input);
my %rarg;
for (@liste_arg) {
  my ($key,$val) = split(/=/,$_,2);
  $rarg{$key} = $val;
}

Certificat Auto-signed

# Creation de la cle du CA et de son certif
openssl req -new -x509 -days 365 -keyout ca.key -out ca.crt
# Creation du certificat
openssl genrsa -out what.cert 1024
# Requete pour signer le certif
openssl req -in what.cert -out what.req -keyout what.key -new -nodes
# Signature du certificat par le CA 
openssl x509 -req -in what.req -out what.crt -CA ca.crt -CAkey ca.key -days 2000 -CAcreateserial
# le pem est généré de la facon suivante
cat what.crt what.key > what.pem


IMAP en Telnet

$ telnet <@_serveur> <port>
Trying X.X.X.180...
Connected to X.X.X.180.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc.  See COPYING for distribution information.
A LOGIN "<login>" "<password>"
A OK LOGIN Ok.
BC SELECT "Inbox"
* FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent)
* OK [PERMANENTFLAGS (\Draft \Answered \Flagged \Deleted \Seen)] Limited
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1214902187] Ok
* OK [MYRIGHTS "acdilrsw"] ACL
BC OK [READ-WRITE] Ok
ZZZZ LOGOUT
* BYE Courier-IMAP server shutting down
ZZZZ OK LOGOUT completed
Connection closed by foreign host.


SMTP en Telnet

elnet servername portnumber
MAIL FROM Admin@test.com
RCPT TO: User@Domain.Com
DATA
Subject: test message
This is a test message you will not see a response from this command.
.
QUIT 


Postfix Astuces

convertir un mail encode sur 8bits en 7bits

Okay, firstly this may not be the best solution or even a solution at all...! It's just that I had to implement a 'per specific destination' configuration (in order to force 7-bit encoding for some recipients) and so a variation on my solution could well work for you.

I don't want to imply I'm an 'expert' in all of this - I just learnt enough to achieve what I wanted to do... Hence, I will show you my relevent config verbatim then you can change it, and yours, to suit.

Firstly, in /etc/master.cf I added the following line (leaving the default smtp service line alone):

no8bitmimesmtp unix - - - - - smtp -o smtp_never_send_ehlo=yes
Hence, in my case, this set up a service (callable by no8bitmimesmtp - you call yours something suitable) which simply runs the smtp dameon with the smtp_never_send_ehlo=yes directive set (i.e. all over config remains the same). In your case you'd need to instead force the sender_cananonical_maps... directive.

Now, this 'modified' service needs to be called on a per-destination basis and this is done using a transport table. So, in /etc/postfix/transport I added the following:

orange.net no8bitmimesmtp:[smtp.blueyonder.co.uk]
This meant that all mail to orange.net would be 'ran through' the special no8bitmimesmtp service (with smtp.blueyonder.co.uk set as the next hop - modify to suit or check the check out the transport manpage to see how to modify accordingly and do more-specific/fancy matching etc).

After creating/modifying /etc/postfix/transport create the database version using postmap (which I'm guessing you're familiar with).

Then, finally(!), in /etc/postfix/main.cf, I added the following line:

transport_maps = hash:/etc/postfix/transport
..to check the above transport table for matches (and corresponding actions).

I think that's pretty much it. If it looks like this method could be of use, and you need anything elaborating on, just shout. I've kept it brief as it could work out-of-the-box for you (modified to suit) or it could be way off target.... either way it'd be a waste to add any more detail!
;)

source : http://ubuntuforums.org/archive/index.php/t-235886.html

Gnome

auto exec

On souhaite lancer un exec apres le chargement de gnome et de son environnement
exemple ici avec firefox lancer au demarrage
Creer un fichier dans le rep /etc/xdg/autostart/ (dans notre cas /etc/xdg/autostart/firefoxquickstart.desktop)
puis editer ce fichier ainsi :

[Desktop Entry]
X-SuSE-translate=true
Encoding=UTF-8
Name=Firefox Quickstart
Comment=Firefox Quickstart
GenericName=Firefox Quickstart
Exec=/usr/bin/firefox http://quickstart/
Terminal=false
Type=Application
NoDisplay=false
Categories=FirefoxQuickstart;

ecran de login

Tout se passe

chargement de Gnome

Tout se passe ici /etc/opt/gnome/gconf/gconf.xml.defaults/apps/gnome-session/options/%gconf.xml

site pratique

http://asher256.tuxfamily.org/index.php?2005/12/29/10-personnaliser-gnome-avec-gconf


Algo

un peu de dichotomie

#!/bin/sh

max=999
fic="/tmp/erwan/liste-fic"
flag="NOT-FIND"
pattern="fichier"

# premier test : y a t il de la place ?
nb_lignes=`wc -l $fic | cut -d " " -f 1`
echo "nb_lignes == $nb_lignes"

if [[ $nb_lignes -gt $max ]]
then
        echo "il n y a pas de place dispo"
        exit 1
fi

# initialisation des variables pour la recherche
let limite_haute=$max
limite_basse=0
let compteur=$nb_lignes/2

while [[ $flag == "NOT-FIND"  ]]
do
        # sauvegarde des bornes de recherches
        o_limite_haute=$limite_haute
        o_limite_basse=$limite_basse

        # dans le $fic les lignes sont sous la forme : $pattern.nnn
        fic_temp=`cat $fic | head -n $compteur | tail -n 1 | sed "s/$pattern\.\(...\)/\1/g" | sed "s/^0\(..\)/\1/g" | sed "s/^0\(.\)/\1/g"`


        # on compare l'indice ($fic_temp) du fichier avec compteur ($compteur)
        # qui correspond a la moyenne entre [$limite_basse,$limite_haute]

        if [[ $compteur -eq $fic_temp ]]
        then
                #echo "compteur $compteur egal a $fic_temp"
                limite_basse=$fic_temp
        elif [[ $compteur -lt $fic_temp ]]
        then
                #echo "compteur $compteur inf a $fic_temp"
                limite_haute=$fic_temp
        elif [[ $compteur -gt $fic_temp ]]
        then
                #echo "compteur $compteur sup a $fic_temp"
                limite_basse=$fic_temp
        fi
        let compteur=($limite_haute+$limite_basse)/2
        #echo "les limites deviennent [$limite_basse;$limite_haute]"
        #echo "les anciennes limites deviennent [$o_limite_basse;$o_limite_haute]"
        if [[ $limite_haute -eq $o_limite_haute ]] && [[ $limite_basse -eq $o_limite_basse ]]
        then
                let compteur=$limite_basse+1
                flag="FIND"
        fi
        #echo""
done
compteur=`printf "%03d" "$compteur"`
echo "fic est $pattern.$compteur"
echo "fin"
exit 0



Git

useful commands


# some git stuff
git clone git@machine:repo
git config --global user.name "Erwan Ben Souiden"
git config --global user.email "erwan.bensouiden@plop.com

# nombre de commits par commiters
git shortlog -s -n

# liste les differents commiters d'un projet
git log --format='%aN' | sort -u

# nombre de commits sans compter les merges
git log --pretty=oneline --no-merges | wc -l

# obtenir la liste des operations d'un repository
for a in `git rev-list $ID_LAST_COMMIT`;do git diff-tree -r -c -M -C --root --no-commit-id $a >> /tmp/list;done

# date des tags
git log --tags --simplify-by-decoration --pretty="format:%ai %s"
# liste de tous les tags
git for-each-ref --sort='*authordate' --format='%(refname:short)' refs/tags
# info sur le taf
git show TAG_NAME

# really useful for your post-merge script
git diff --name-only HEAD@{1}..HEAD

PostgreSQL

bases

# equivalent du use
\c dbname
# show tables
\d
# desc table
\d tablename
# show databases
\l
# list users
\du

# pour bash
psql $BASE -t --no-align --field-separator ';' -c "$QUERY"
# just in case
psql -U $USER --host $hOST --port $PORT $BASE -t --no-align --field-separator ';' -c "$QUERY"

#
createuser -D -R -S -P -E yourusername
createdb -O yourusername yourDB

# change password
ALTER USER youruser WITH ENCRYPTED PASSWORD 'password';

#
## list all triggers
select * from pg_trigger;
## display triggers in psql
select prosrc from pg_trigger,pg_proc where pg_proc.oid=pg_trigger.tgfoid and pg_trigger.tgname = 'TRIGGER_NAME'

# enable plpgsql
createlang -U postgres plpgsql DATABASE_NAME
# list all enabled languages of a database
createlang -U postgres -l DATABASE_NAME

requetes pratiques

# voir ce qui se passe au global
select * from pg_stat_activity;
# reduction sur les current queries
SELECT datname,procpid,current_query FROM pg_stat_activity;
# voir ce qui se passe avec tri sur les 10 plus vieilles
SELECT datname,procpid,current_query, query_start FROM pg_stat_activity ORDER BY query_start limit 10;
# voir qui et avec quelle requete on squatte le plus la base
SELECT count(*) as cnt, usename, current_query FROM pg_stat_activity GROUP BY usename,current_query ORDER BY cnt DESC;

# stats sur les IO et le cache avec le ratio
SELECT datname, blks_read, blks_hit, round((blks_hit::float/(blks_read+blks_hit+1)*100)::numeric, 2) as cachehitratio FROM pg_stat_database ORDER BY datname, cachehitratio ;

# voir tout un tas d'info
show seq_page_cost;show random_page_cost; show cpu_tuple_cost; show cpu_index_tuple_cost; show cpu_operator_cost; show effective_cache_size;

# info sur les DB
SELECT datname, numbackends, xact_commit, xact_rollback, blks_read, blks_hit FROM pg_stat_database ORDER BY datname ;

# taille des tables de la base sur laquelle on est connecte
SELECT  schemaname||'.'||tablename as table,pg_total_relation_size(schemaname||'.'||tablename) as size from pg_tables order by size desc;

# taille d'une DB
SELECT pg_database_size('mydb');
SELECT pg_size_pretty(pg_database_size('mydb'));

# taille d'une table
SELECT pg_size_pretty(pg_total_relation_size('mytable'));
# meme mais sans index
SELECT pg_size_pretty(pg_relation_size('mytable'));

#creer un index
CREATE INDEX name ON table USING index_type (column);


# changer le display equivalent au \G mysql
\x

# ecrire dans un fichier
\o /tmp/plop

# lister les index d'une base
SELECT c.relname as "Name" FROM pg_catalog.pg_class c LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace LEFT JOIN pg_catalog.pg_index i ON i.indexrelid = c.oid LEFT JOIN pg_catalog.pg_class c2 ON i.indrelid = c2.oid WHERE c.relkind IN ('i','') AND n.nspname <> 'pg_catalog' AND n.nspname <> 'information_schema' AND n.nspname !~ '^pg_toast' AND pg_catalog.pg_table_is_visible(c.oid);

# stats sur les index
SELECT schemaname, relname, indexrelname, idx_scan, idx_tup_read, idx_tup_fetch FROM pg_stat_all_indexes where schemaname='public' ORDER BY schemaname, relname;

# affiche toutes les commandes pour vider une base
SELECT 'TRUNCATE TABLE ' ||  tablename || ' CASCADE;' FROM pg_tables WHERE tableowner='msot-user';
# mais astuce
DROP DATABASE mydb;
CREATE DATABASE mydb TEMPLATE my_template;


drop view pg_buffercache;
drop function pg_buffercache_pages();
create extension pg_buffercache;

droit en lecture seulement

postgres@infra:~$ createuser -S -R -D -P -E backupUser
for table in `echo "SELECT relname FROM pg_stat_all_tables;" | psql $DATABASENAME | grep -v "pg_" | grep "^ "`;
do
   echo "GRANT SELECT ON TABLE $table to \"backupUser\";"
   echo "GRANT SELECT ON TABLE $table to \"backupUser\";" | psql $DATABASENAME
done

lire en plus: http://www.ruizs.org/archives/89 extrait:

I’m guessing 95% of postgres users just use the default “public” schema, and as such, you need to revoke create privileges from the PUBLIC group. 
Otherwise, your “read-only” user will still be allowed to create tables that it owns, even if you’ve only given it read only access to all other objects in your database.

For this example, we’ll use database name “mydb”, database user/owner “mydbuser”, and we’ll create a read-only user named “mydbuser_ro”. 
This assumes that you did not define a schema for your database and are using the default “public” schema.
# Revoke default permissions from public group:
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
REVOKE USAGE ON SCHEMA public FROM PUBLIC;

# Add back permissions for your database owner:
GRANT CREATE ON SCHEMA public TO mydbuser;
GRANT USAGE ON SCHEMA public TO mydbuser;

# Create the new user via the command line, or pgadmin/etc:
psql -U postgres -t -c "create role mydbuser_ro password 'abc123' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;

# Grant usage permissions for your read-only user:
GRANT USAGE ON SCHEMA public TO mydbuser_ro;

# Grant select permissions on all database tables from the command line:
psql -U postgres -qAt -c "select 'grant select on ' || tablename || ' to \"mydbuser_ro\";' from pg_tables where schemaname = 'public'" mydb | psql -U postgres mydb





#note: chaque table est sur ce schema
REVOKE ALL ON TABLE mytable FROM PUBLIC;
REVOKE ALL ON TABLE mytable FROM mydbuser;
GRANT ALL ON TABLE mytable TO mydbuser;
GRANT SELECT ON TABLE mytable TO "mydbuser_ro";

a propos des dumps

# only le schema
pg_dump --schema-only

changer le owner de toutes les tables/vues/sequences

for tbl in `psql -qAt -c "select tablename from pg_tables where schemaname = 'public';" YOUR_DB` ; do  psql -c "alter table $tbl owner to NEW_OWNER" YOUR_DB ; done
for tbl in `psql -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" YOUR_DB` ; do  psql -c "alter table $tbl owner to NEW_OWNER" YOUR_DB ; done
for tbl in `psql -qAt -c "select table_name from information_schema.views where table_schema = 'public';" YOUR_DB` ; do  psql -c "alter table $tbl owner to NEW_OWNER" YOUR_DB ; done

about log

Voici deux confs qu'on pourra switcher uniquement via un reload (et donc sans avoir a restart le service)

no log

attention il y aura un log mais qui ne contiendra que les erreurs (login rate, connection echouee...)

...
log_destination = 'stderr'
logging_collector = on
log_directory = 'pg_log'
log_filename = 'postgresql-only_error.log'
log_rotation_size = 10MB
client_min_messages = error
log_min_messages = fatal
log_min_error_statement = error
log_checkpoints = off
log_connections = off
log_disconnections = off
log_duration = off
log_error_verbosity = verbose
log_hostname = off
log_line_prefix = '%t [%p]: [%l-1] db=%d,user=%u '
log_statement = 'none'
...

with log

...
log_destination = 'stderr'
logging_collector = on
log_directory = 'pg_log'
log_filename = 'postgresql-%Y-%m-%d.log'
log_min_duration_statement = 0
log_checkpoints = on
log_connections = on
log_disconnections = on
log_duration = on
log_error_verbosity = default
log_hostname = on
log_line_prefix = '%t [%p]: [%l-1] db=%d,user=%u '
log_lock_waits = on
log_statement = 'none'
log_temp_files = 0
..

Avec pgfouine il ne reste qu'a analyser

pgfouine /home/postgresql/9.0/main/pg_log/postgresql-$yesterday-$h.log > /root/pgfouine-devel/postgresql-$yesterday-$h.html 2> /dev/null

various links

http://forums.postgresql.fr/viewtopic.php?id=1333 : réplication des stats générées par le vaccum (hot stand by)

MySQL

droits pour un user backup

il faut creer un user avec des privileges particuliers

mysql> GRANT RELOAD,SELECT,LOCK TABLES ON *.* TO 'backupuser'@localhost IDENTIFIED BY 'passwordenclair';

puis il suffit juste de

mysqldump -ubackupuser -ppasswordenclair --all-databases --flush-privileges --lock-all-tables > /tmp/plop

Drop toutes les tables d'une base

mysqldump -u[USERNAME] -p[PASSWORD] --add-drop-table --no-data [DATABASE] | grep ^DROP | mysql -u[USERNAME] -p[PASSWORD] [DATABASE]

Drop de toutes les DB sauf les exludes

USER="root"
PASS="password"
HOST="127.0.0.1"
PORT="3307"
EXCLUDE="\(plop\|mysql\|test\)"
########################
COMMANDE="mysql -N -u${USER} -p${PASS} --host=${HOST} --port=${PORT}"

#MYSQL=$(mysql -N -u${USER} -p${PASS} --host=${HOST} --port=${PORT} <<<"SHOW DATABASES" | grep -v -e $EXCLUDE  | tr "\n" " ")
DB=$($COMMANDE <<<"SHOW DATABASES" | grep -v -e $EXCLUDE)

for a in $DB 
do
    echo "$COMMANDE -e \"drop database \`$a\`\""
    $COMMANDE -e "drop database \`$a\`"
done

Apache

compression avec mod_deflate

extrait d'une conf d'un virtual host

...
        # Activation de la compression pour les fichiers html, css et js
	AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript application/x-javascript
	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

        # Pour debugger le mod_deflate
	#DeflateFilterNote Input input_info
        #DeflateFilterNote Output output_info
        #DeflateFilterNote Ratio ratio_info
	#LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
	#CustomLog /usr/local/web2rama/logs/access_log deflate
...

gestion des url avec des separateurs encodes

AllowEncodedSlashes On

gestion cache

ExpiresActive On
...
<Directory /mypath/>
               Options ExecCGI FollowSymLinks
               AllowOverride all
               Allow from all
               Order allow,deny

	       ExpiresDefault "access plus 1 week"
	       Header append Cache-Control "public"
</Directory>
...

limitation par ip

Order deny,allow
Allow from 10.0.2.0/24
Deny from all
Satisfy Any


Exim

useful commands

# info sur un mail
exim4 -d -bt $ID_MAIL

# forcer la relance des frozen
exim -qff

# afficher des infos sur la queue (qui quand comment)
exiqgrep

# supprimer les messages frozen de la queue
exiqgrep -z -i | xargs exim -Mrm

# releaser manuellement un mail
exim -v -M $ID_MAIL


SVN

Log XML problem

It's relatively rare but sometimes when you dump a log in xml format. E.g :

$ svn log --xml -v https://pyx4j.com/svn/pyx4me/pyx4me-maven-plugins/proguard-maven-plugin > /tmp/proguard-maven-plugin-DUMP

And if you read /tmp/proguard-maven-plugin-DUMP you'll find this :

<?xml version="1.0"?>
<log>
<logentry
   revision="4011">
<author>vlads</author>
<date>2009-09-10T16:17:24.482460Z</date>
<paths>
<path
   kind=""
   action="M">/pyx4me/pyx4me-maven-plugins/j2me-maven-plugin/pom.xml</path>
<path
   kind=""
   action="M">/pyx4me/pyx4me-maven-plugins/obex-maven-plugin/pom.xml</path>
<path
   kind=""
   action="M">/pyx4me/pyx4me-maven-plugins/pom.xml</path>
<path
   kind=""
   action="M">/pyx4me/pyx4me-maven-plugins/proguard-maven-plugin/pom.xml</path>
</paths>

...

The kind attribut is empty.

We test it with several SVN client version and still got the same "problem".

So we decide to download the subversion sources and check it. And we find the following interesting lines in the file /path/subversion-1.6.13/subversion/svn/schema/log.rnc :

...

## Path within repository.
path = element path { attlist.path, text }
attlist.path &=
  ## "action code": A)dd, D)elete, R)eplace or M)odify
  attribute action { "A" | "D" | "R" | "M" },
  ## kind is "" when repository was < 1.6 when committing
  attribute kind { "file" | "dir" | "" },
  (
   ## The copyfrom path within repository.
   attribute copyfrom-path { text },
   ## Copyfrom revision number.
   attribute copyfrom-rev { revnum.type })?

...

It seems to depend of the subversion server version when you commit your changes !

But why do we see this only on few repositories (reminder : subrversion v1.6 was released on 20/03/2009) ?

  • there are stil some old subversion servers
  • some subversion servers seem to be upgraded in a badly way thus the kind attribut stay empty...


Hack the date of a revision

If you want to change the date of a revision

  • First create this file in your repo : <path_to_repo>/hooks/pre-revprop-change (please be sure this file is executable :) )
#!/bin/sh

REPOS="$1"
REV="$2"
USER="$3"
PROPNAME="$4"
ACTION="$5"

if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:log" ]; then exit 0; fi
if [ "$ACTION" = "M" -a "$PROPNAME" = "svn:date" ]; then exit 0; fi

echo "Changing revision properties other than svn:log or svn:date is prohibited" >&2
exit 1
  • Then you just have to run the following command in your copy :
$ svn propset -r2 --revprop svn:date "2018-03-10T03:00:00.000000Z"

!!! the date must follow the ISO date format.

Personal tools