Category: Linux

How to deal with mysqldump error 23: out of resources when opening file

So earlier today I was doing a mysql dump of a large database. And I got this error:

mysqldump: Got error: 23: "Out of resources when opening file './xxxx/xxxx' (Errcode: 24)" when using LOCK TABLE

A quick google reveals that it’s because the number of files that MySQL is permitted to open has been exceeded.

So I counted how many files our database has:

ls /var/lib/mysql/dbname/ -l|wc -l

The result is 8350 files.

Then checked the limit by executing this in phpmyadmin:

SHOW VARIABLES LIKE 'open%'

It gives me a result of 1024, so I opened /etc/my.cnf and added

[mysqld]
open_files_limit = 10000

Unfortunately this didn’t do the job!

Some further digging landed me on this stackexchange post: http://dba.stackexchange.com/questions/86987/mysql-open-files-limit-cannot-change-this-variable

Looks like the issue is systemd related.

Edit /usr/lib/systemd/system/mysqld.service  and add

LimitNOFILE=10000
LimitMEMLOCK=10000

Then run systemctl daemon-reload  and systemctl restart mysql.service .

Now with all that sorted, finally, the real deal:

mysqldump -u username -p dbname | gzip > ./dbexport.sql.gz

 

Configure iptables for PPTPD on CentOS 6

Rules in bold are essential.

#!/bin/bash

# Set defaults. Be careful with -F and -X they will reset your iptable rules.
# iptables -F
# iptables -X
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -A INPUT -j DROP
iptables -A INPUT -i lo -j ACCEPT

# Accept established sessions
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

# Allow Pings.
# iptables -A INPUT -p icmp -j ACCEPT

# Allow SSH
# iptables -A INPUT -p tcp –dport 22 -j ACCEPT

# Allow PPTP Control connection
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT

# Allow GRE
iptables -A INPUT -p gre -j ACCEPT

# NAT for PPTP clients connectivity
iptables -t nat -A POSTROUTING -j SNAT –to-source 192.168.0.1
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

PPTPD VPN server installation and configuration

This howto describes the steps in how to setup a PPTP VPN on Centos, Fedora, Debian, and Ubuntu with basic RSA authentication.

Before the installation make sure to have your Yum repos updated with the Epel repos.

CentOS and Red Hat Enterprise Linux 5.x

 wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm && sudo rpm -Uvh epel-release-5*.rpm

CentOS and Red Hat Enterprise Linux 6.x

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm && sudo rpm -Uvh epel-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x

 wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm && sudo rpm -Uvh epel-release-7*.rpm

Step 1. Install PPTPD

CentOS/RedHat 5:

yum install pptpd.x86_64 -y

CentOS/RedHat 6:

yum install pptpd.x86_64 -y

Fedora 20:

yum install pptpd.x86_64 -y

Ubuntu/Debian:

apt-get install pptpd

Step 2. Edit IP setttings in /etc/pptpd.conf

echo > /etc/pptpd.conf

paste the following content into the pptpd.conf file

 

#start of custom file
#logwtmp
option /etc/ppp/options.pptpd
localip 192.168.0.1   # local vpn IP 
remoteip 192.168.0.100-200  # ip range for connections
listen 23.216.x.x # eth0 my example public IP and network interface
#end of custom file

Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)

vi /etc/ppp/chap-secrets

usernameForuser1 *  setpassword1here  *

usernameForuser2 *  setpassword2here  *

Step 4. Optional settings in /etc/ppp/options.pptpd

echo > /etc/ppp/options.pptpd

Paste the following to your options.pptp

 

#custom settings for a simple fast pptp server
ms-dns 8.8.8.8
ms-dns 4.2.2.2
lock
name pptpd
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
 require-mppe-128

 

Step 5. Enable network forwarding in /etc/sysctl.conf

vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

use the following command to apply the change:

sysctl -p

Step 6. Configure firewall (don’t skip this step even if you have firewall disabled.)

# sudo nano /etc/rc.local
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp –syn -s 192.168.0.0/24 -j TCPMSS –set-mss 1356

Step 7. Start PPTP VPN server

Fedora/Debian:

service pptpd restart

Centos/Fedora:
/etc/init.d/pptpd restart-kill && /etc/init.d/pptpd start

Note: To avoid starting pptp on every reboot you can automated by running chkconfig pptp on

 

The log of the VPN server, by default, is combined with system log located at /var/log/messages.

Source: https://www.photonvps.com/billing/knowledgebase.php?action=displayarticle&id=58

PHP can not connect RDS MySQL on an Amazon EC2 RHEL box

So I decided to use Amazon RDS for my blog. It’s fairly simple to set up RDS, but somehow I couldn’t get PHP to connect to RDS. WordPress kept throwing this error: “Error establishing a database connection”.

So I thought maybe my RDS security group settings are not correct? I opened the RDS instance to 0.0.0.0/0 and I was able to connect using mysql cli anywhere, including the RHEL box, but WP still gave me the same error. I then tried php mysql connection to RDS on another linux box and it worked!

OK, so that means somehow php mysql connection is not working on the RHEL box, what can be causing the problem? After a few Google searches, one post drew my attention, SELinux!! Of course!! How did I forget this thing…

So I went to /etc/selinux/config and set SELinux = disabled, after reboot, problem solved!

Of course you can add an exception rule but to avoid future headaches, better leave it disabled.

Git – How to avoid typing your password repeatedly

There are at least three ways to avoid typing your password repeatedly when using git. First solution requires to use KDE wallet, second solution doesn’t require additional tools and third is not the safest one.
First way – use KDE wallet

To store passwords in the KDE wallet you need to install ksshaskpass package:

$ sudo apt-get install ksshaskpass

Then configure git to use it:

$ git config –global core.askpass /usr/bin/ksshaskpass

Alternatively you can use GIT_ASKPASS environmental variable:

$ export GIT_ASKPASS=`which ksshaskpass`

Use secure protocol:

$ git clone –verbose https://[email protected]/git/personal_repo.git

Second way – temporarily store passwords in memory (recommended)

You can temporarily store passwords in memory by using credential helper:

$ git config credential.helper ‘cache’

By default credentials are stored for 15 minutes, to change number of seconds to cache credentials use timeout parameter (30 minutes in this example):

$ git config credential.helper ‘cache –timeout=1800’

Use secure protocol:

$ git clone https://[email protected]/git/personal_repo.git

To clear credentials cache before time out execute command:

$ git credential-cache exit

Checkout manual pages:

$ man git-credential-cache
$ man gitcredentials

Third way – use ~/.netrc file

You can also store credentials (per host) using plain text in ~/.netrc file:

machine source.sleeplessbeastie.eu login USERNAME password PASSWORD

Make sure that anyone else cannot read file:

$ chmod 0600 ~/.netrc

Use secure protocol:

$ git clone https://source.sleeplessbeastie.eu/git/personal_repo.git

reference: http://blog.sleeplessbeastie.eu/2012/08/12/git-how-to-avoid-typing-your-password-repeatedly/

Set up SSH keys – avoid typing password every time

On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.

  • Step 1:
    % ssh-keygen -t dsa
    Generating public/private dsa key pair.
    Enter file in which to save the key (~/.ssh/id_dsa):     (just type return)
    Enter passphrase (empty for no passphrase):     (just type return)
    Enter same passphrase again:     (just type return)
    Your identification has been saved in ~/.ssh/id_dsa
    Your public key has been saved in ~/.ssh/id_dsa.pub
    The key fingerprint is:
    Some really long string
    %
  • Step 2:
    Then, paste the content of the local ~/.ssh/id_dsa.pub file into the file ~/.ssh/authorized_keys on the remote host.
  • RSA instead of DSA
    • If you want something strong, you could try
      % ssh-keygen -t rsa -b 4096
    • Instead of the names id_dsa and id_dsa.pub, it will be id_rsa and id_rsa.pub , etc.
    • The rest of the steps are identical.

That’s it!

FAQ:

  • Q: I follow the exact steps, but ssh still ask me for my password!
  • A: Check your remote .ssh directory. It should have only your own read/write/access permission (octal 700)
    % chmod 700 ~/.ssh

Source: http://www.ece.uci.edu/~chou/ssh-key.html

解决rTorrent下载中文资源文件名乱码的问题

解决办法:

1. 修改rTorrent配置文件,我的配置文件位置是在 /opt/etc/rtorrent.conf ,在最后一行加上一句: encoding_list = zh_CN.UTF-8

这个并没有解决我的问题,文件名依然乱码,后来查资料才发现需要改挂载参数。

2. 因为我是SAMBA挂载的NAS,在挂载的时候需要加一个参数iocharset=utf8: mount -t cifs //192.168.1.2/ShawnHDD /tmp/ -o rw,iocharset=utf8,username=shawn,passwo rd=password

参考资料:http://ubuntuforums.org/showthread.php?t=288534

PPTPD源码安装 Install PPTPD from source code

今天花了一晚上倒腾VPN服务器,因为是用的CENTOS,没法直接apt-get install pptpd,虽然网上有RPM包,但最后还是选择了源码安装,过程中碰到很多问题,在此总结一下:

1. make install后默认没有安装服务,需要自行创建/etc/rc.d/init.d/pptpd,写入代码如下:

#!/bin/sh
#
# Startup script for pptpd
#
# chkconfig: 345 85 15
# description: PPTP server
# processname: pptpd
# config: /etc/pptpd.conf

# Source function library.
. /etc/rc.d/init.d/functions
# See how we were called.
case "$1" in
start)
echo -n "Starting pptpd: "
if [ -f /var/lock/subsys/pptpd ] ; then
echo
exit 1
fi

daemon /usr/local/sbin/pptpd
echo
touch /var/lock/subsys/pptpd
;;
stop)
echo -n "Shutting down pptpd: "
killproc pptpd
echo
rm -f /var/lock/subsys/pptpd
;;
status)
status pptpd
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit 0

2. 将pptpd安装为服务并随机启动:

chkconfig --add pptpd
chkconfig pptpd on
service pptpd start

3. 客户端链接的时候很可能提示错误,这是因为通过yum install ppp安装的组件版本与pptpd所支持的版本不一致,解决办法,修改/etc/pptpd.options,注释掉logwtmp即可。这个问题折磨我好久!=-=!

4. 还有一个很折腾人的问题,就是连上VPN后无法访问外网只能访问VPN服务器,原因是要通过iptables转发数据包才行,代码如下:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
//add it to /etc/rc.d/rc.local for auto execution when rebooted.

5. 附上具体安装步骤:

//install ppp 
yum install ppp

//install pptpd, download source code and
./configure
make
make install

// update pptpd configurations in file /etc/pptpd.conf:
localip     192.168.9.1
remoteip    192.168.9.11-30

// /etc/ppp/options.pptpd:
ms-dns    8.8.8.8
ms-dns    8.8.4.4

// /etc/ppp/chap-secrets. Each line in the file has the format:
<username> pptpd <passwd> *

// /etc/sysctl.conf, use the following config:
net.ipv4.ip_forward = 1

 

 

ERST: Failed to get Error Log Address Range

Question
I noticed X8 DP series motherboard showing “ERST: Failed to get Error Log Address Range” message during the RHEL/CentOS 6.2,6.3 version while booting. What is this problem related to?
Answer
For “ERST: Failed to get Error Log Address Range” this type of event message, you can do one of following items to get workaround. 
1. Disable ACPI with command “acpi=off” in boot grub 
2. Disable WHEA option from enable to disable in BIOS setup menu 
The reason is WHEA requesting ACPI 4.0 table support. Recently, X8 DP series do not support ACPI 4.0 feature (only ACPI 3.0). This is why you will see this warming message shown up during OS boot.