Linux (CUPS) Spooler Troubleshooting

Step 1:Check Error logs

Command:    tail -f /var/log/cups/error_log 

I [08/Mar/2017:16:58:03 +0300] [Job ???] Request file type is text/plain.
 I [08/Mar/2017:16:58:03 +0300] [Job 7] Adding start banner page "none".
 I [08/Mar/2017:16:58:03 +0300] [Job 7] Adding end banner page "none".
 I [08/Mar/2017:16:58:03 +0300] [Job 7] File of type text/plain queued by "emdadm".
 I [08/Mar/2017:16:58:03 +0300] [Job 7] Queued on     
 "TEST_LABEL_PRINTER" by "emdadm".

Linux (CUPS) Spooler Commands

Step 2:To view the status of all print queues:

Command:    lpc status

Example:

serddad1:~ # lpc status
 TEST_LABEL_PRINTER:
 printer is on device 'socket' speed -1
 queuing is enabled
 printing is enabled
 1 entries
 daemon present

PROD_LABEL_PRINTER:
 printer is on device 'socket' speed -1
 queuing is enabled
 printing is enabled
 1 entries
 daemon present

Step 3:To check the status of a single print queue and view a list of pending jobs:

Command:  lpc status printer_name,  lpstat -P printer_Name,

lpstat -pprinter_name

Example:

serddad1:~ # lpc status TEST_LABEL_PRINTER
 TEST_LABEL_PRINTER:
 printer is on device 'socket' speed -1
 queuing is enabled
 printing is enabled
 1 entries
 daemon present
 serddad1:~ # lpstat -P TEST_LABEL_PRINTER
 TEST_LABEL_PRINTER-1 root 17408 Tue Feb 28 14:38:09 2017
 serddad1:~ # lpstat -pTEST_LABEL_PRINTER
 printer TEST_LABEL_PRINTER is idle. enabled since Thu Mar 9 14:30:20 2017

Step 4:To remove a single print job:

Command:  cancel printer_name-id(check output of lpstat -P TEST_LABEL_PRINTER)  ,

Example:

serddad1:~ # cancel TEST_LABEL_PRINTER-1

Step 5:To remove all print jobs in a queue:

Command: cancel -a  printer_name

Example:

serddad1:~ # cancel -a TEST_LABEL_PRINTER

Step 6:To enable  a queue:

Command:cupsenable  printer_name

Example:

serddad1:~ # cupsenable TEST_LABEL_PRINTER

Step 7:To disable  a queue:

Command:cupsdisable  printer_name

Example:

serddad1:~ # cupsdisable TEST_LABEL_PRINTER

Step 8:To enable all queues:

Command:

lpstat -p | grep disabled | awk '{print $2}' | xargs cupsenable

Example:

serddad1:~ #lpstat -p | grep disabled | awk '{print $2}' | xargs cupsenable

Step 9:To print a test job:

Command:

echo test_page | lpr -P printer_name

Example:

serddad1:~ #echo test_page | lpr -P  TEST_LABEL_PRINTER

Step 10:To restart/refresh the cups service:

Command:

service cups restart

ORA-15032, ORA-15040, ORA-15042 Error on Oracle ASM

ERROR:Try to mount the disk group on ASM

SQL> alter diskgroup RECOc1 mount;

alter diskgroup RECOc1 mount

*

ERROR at line 1:

ORA-15032: not all alterations performed

ORA-15040: diskgroup is incomplete

ORA-15042: ASM disk “2” is missing from group number “2”

Check  Alert Log:

Wed Feb 15 15:32:15 2017
NOTE: Disk RECOC1_0000 in mode 0x7f marked for de-assignment
NOTE: Disk RECOC1_0001 in mode 0x7f marked for de-assignment
ERROR: diskgroup RECOC1 was not mounted
ORA-15032: not all alterations performed
ORA-15040: diskgroup is incomplete
ORA-15042: ASM disk “2” is missing from group number “2”

 

SOLUTION:

All transactions must be done by root user.

1-Scan and find RECOC1 disks with scripts;

/etc/init.d/oracleasm querydisk -d `/etc/init.d/oracleasm listdisks -d` | \

cut -f2,10,11 -d” ” | \

perl -pe ‘s/”(.*)”.*\[(.*), *(.*)\]/$1 $2 $3/g;’ | \

while read v_asmdisk v_minor v_major

do

v_device=`ls -la /dev | grep ” $v_minor, *$v_major ” | awk ‘{print $10}’`

echo “ASM disk $v_asmdisk based on /dev/$v_device [$v_minor, $v_major]”

done

2-Remove RECOC* found disks

/etc/init.d/oracleasm deletedisk RECOC1

/etc/init.d/oracleasm deletedisk RECOC2

/etc/init.d/oracleasm deletedisk RECOC3

3-Add re-create RECOC* disks

oracleasm createdisk RECOC1 /dev/sdd1;

oracleasm createdisk RECOC2 /dev/sdh1;

oracleasm createdisk RECOC3 /dev/sdj1;

ora-15032

if flashback on, you have to off it on your oracle database and use the grid user for below processes.

  1. On GUI–>open asmca—>Disk Group Name:RECOC1  select 3  disks to add diskgroup
  2. check your alert log again.

SUCCESS: diskgroup RECOC1 was mounted
Wed Feb 15 15:46:30 2017
SUCCESS: CREATE DISKGROUP RECOC1 EXTERNAL REDUNDANCY DISK ‘/dev/oracleasm/disks/RECOC1’ SIZE 102398M ,
‘/dev/oracleasm/disks/RECOC2’ SIZE 1048570M ,
‘/dev/oracleasm/disks/RECOC3’ SIZE 511993M ATTRIBUTE ‘compatible.asm’=’12.1.0.0.0′,’au_size’=’1M’ /* ASMCA */
Wed Feb 15 15:46:30 2017

 

device ethX does not seem to be present, delaying initialization..

Problem :device ethX does not seem to be present, delaying initialization…

Solution: fix the problem by deleting the /etc/udev/rules.d/70-persistent-net.rules file and restarting server.

Step 1:Restart network daemon.

#Service network restart

Shutting down loopback interface:
Bringing up loopback interface:
Bringing up interface eth0: Device eth0 does not seem to be present, delaying initialization.

Step 2:

#rm -rf /etc/udev/rules.d/70-persistent-net.rules

Step 3:

#reboot

If your server is virtualbox;

Solution:

step 1:copy the mac address from the inside file “/etc/sysconfig/network-scripts/ifcfg-eth0” to the host to virtualbox–>Settings–>network–>Adapter 1–>advanced–>MAc address

step 2:

#service network reload

 

 

root user SSH Failed Login Attempts on Oracle Exadata

Problem:root user SSH Failed Login Attempts on Oracle Exadata

Solution: check log file and unlock user

[root@exa01dbadm01 ~]# tail -f /var/log/secure

Jan 20 08:12:02 exa01dbadm01 sshd[119402]: Failed password for root from 172.18.17.71 port 61446 ssh2

Jan 20 08:12:14 exa01dbadm01 sshd[119402]: pam_tally2(sshd:auth): user root (0) tally 23, deny 5

[root@exa01dbadm01 ~]# pam_tally2 –user=root

Login           Failures Latest failure     From

root               23    01/20/17 09:12:14 172.18.17.71

[root@exa01dbadm01 ~]# pam_tally2 –user=root –reset

Login           Failures Latest failure     From

root               23    01/20/17 09:12:14 172.18.17.71

[root@exa01dbadm01 ~]# pam_tally2 –user=root

Login           Failures Latest failure     From

root                0

How to seperate IP-based production and test database on exadata?is it possible?

Multiple public networks in the same cluster for Production,test and EBS database

Exadata our infrastructure;
/u01——–>Production database mount point
/u02——–>Test database mount point
192.168.90.3 exa01db01-vip
192.168.90.5 exa01db02-vip
exa01-scan IP
192.168.90.6
192.168.90.7
192.168.90.8

Question 1) Is it possible to change scan or vip name and like this?
Exa01live-scan —–>192.168.90.6 ve 192.168.90.7 user connect only PRODUCTION DATABASE with that IPs.
Exa01test-scan ——>192.168.90.8 user connect only TEST DATABASE with that IPs.

Solution:

You can create multiple networks and configure multiple scans for different database to use it. Please find the below document for steps.Note this article talks for ODA.But the steps are same for any 12.1.0.2 Cluster.
ODA (Oracle Database Appliance): HowTo Configure Multiple Public Network on GI (Grid Infrastructure) 12c ( Doc ID 2101109.1 )

 

How To install rsh, rlogin, rexec for Data protector/Netbackup client.

Install rsh and rshd using yum command:

[root@cintqasrv01 ~]# yum -y install rsh rsh-server
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package rsh.x86_64 0:0.17-60.el6 will be installed
—> Package rsh-server.x86_64 0:0.17-60.el6 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Installing:
rsh x86_64 0.17-60.el6 nas 48 k
rsh-server x86_64 0.17-60.el6 nas 42 k

Transaction Summary
====================================================================================================================================
Install 2 Package(s)

Total download size: 90 k
Installed size: 141 k
Downloading Packages:
————————————————————————————————————————————
Total 2.9 MB/s | 90 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : rsh-0.17-60.el6.x86_64 1/2
Installing : rsh-server-0.17-60.el6.x86_64 2/2
Installed products updated.
Verifying : rsh-server-0.17-60.el6.x86_64 1/2
Verifying : rsh-0.17-60.el6.x86_64 2/2

Installed:
rsh.x86_64 0:0.17-60.el6 rsh-server.x86_64 0:0.17-60.el6

Complete!

 

Enable rsh (or rlogin, …)

The option “disable” set to “no“.

[root@cintqasrv01 ~]# vi /etc/xinetd.d/rsh

# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
disable = no
}

Restart your  “xinetd” daemon:

[root@cintqasrv01 ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

Append rsh, rlogin, rexec in  /etc/securetty file.

[root@cintqasrv01 ~]# vi /etc/securetty

console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
rsh
rlogin
rexec

Add client server and backup server on /etc/hosts file.

[root@cintqasrv01 ~]# vim /etc/hosts
10.80.0.13 client01.turizmkampanyalari.com.tr client01
10.90.0.52 tkbcksrv1..turizmkampanyalari.com.tr tkbcksrv1

Add the line(backup server and user) on target(client) machine.

[root@cintqasrv01 ~]# vi ~/.rhosts

tkbcksrv1   root

Check /etc/pam.d/rsh file like below.

[root@cintqasrv01 ~]# vim  /etc/pam.d/rsh
#%PAM-1.0
# For root login to succeed here with pam_securetty, “rsh” must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts.so
account include password-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include password-auth

Disable firewall and SELinux security settings.

[root@cintqasrv01 ~]# chkconfig iptables off
[root@cintqasrv01 ~]# /etc/init.d/iptables stop
[root@cintqasrv01 ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disable
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted

You can install Data Protector  or Netbackup client properly.

How to Generate CSR in OpenSSL and SSL Certificate Installation on HAProxy on Linux.

How to generate CSR and private Key – OpenSSL

 

Make directory for CSR and private key.

root@loadbalancer:mkdir –p /etc/ssl/certs/pem/CSRandPrivateKey

root@loadbalancer:cd /etc/ssl/certs/pem/CSRandPrivateKey

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privatekey.key

Generating a 2048 bit RSA private key

……………………+++

………………………………………….+++

writing new private key to ‘privatekey.key’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:TR

State or Province Name (full name) [Some-State]:Istanbul

Locality Name (eg, city) []:Maslak

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Turizm Kampanyları Ltd.

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:*.turizmkampanylari.com

Email Address []:

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# ll

total 20

drwxr-xr-x 2 root root 4096 Dec 23 15:12 ./

drwxr-xr-x 3 root root 4096 Dec 23 15:08 ../

-rw-r–r– 1 root root 1001 Dec 23 14:28 CSR.csr

-rw-r–r– 1 root root 1704 Dec 23 14:28 privatekey.key

After that you will send CSR.csr file to Certificate Authorities (like globalsign).Globalsign will send it back to you turizmk.crt extension file.

Create .pem file to install to Haproxy loadbalancer:

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# cat privatekey.key turizmk.crt > /etc/ssl/certs/pem/turizmk.pem

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# vi /etc/haproxy/haproxy.cfg 

frontend HTTPS_NLB
bind *:443 ssl crt /etc/ssl/certs/pem/turizmk.pem
reqadd X-Forwarded-Proto:\ https
rspadd Strict-Transport-Security:\ max-age=31536000

root@loadbalancer:/etc/ssl/certs/pem/CSRandPrivateKey# service haproxy restart
* Restarting haproxy haproxy
…done.