mysql and SELinux - list of mysql related SELinux contexts

For curiosity sake, here's a list of mysql SELinux contexts:
# seinfo -t | grep mysql
   mysqld_var_run_t
   mysqld_server_packet_t
   mysqlmanagerd_client_packet_t
   mysqlmanagerd_var_run_t
   mysqld_etc_t
   mysqld_log_t
   mysqlmanagerd_port_t
   mysqld_initrc_exec_t
   mysqld_exec_t
   mysqld_safe_t
   mysqlmanagerd_t
   mysqld_client_packet_t
   mysqlmanagerd_initrc_exec_t
   mysqld_safe_exec_t
   mysqld_db_t
   mysqld_t
   mysqld_tmp_t
   mysqlmanagerd_server_packet_t
   mysqlmanagerd_exec_t
   mysqld_port_t

And just in case if you don't have the command seinfo installed, and yum will probably tell you setools-console is needed

# yum whatprovides */seinfo

Install setools-console

# yum install setools-console

mysqld and SELinux

I have had the most unfortunate chance to discover how SELinux is enabled by default on CentOS 6.4 and it is mostly likely to have been enabled by default on Red Hat's 6.4. Ok, maybe I lied, I knew SELinux was enabled by default, I just happened to forget that it was enabled by default.

After having installed mysql-server
# yum install mysql-server

And making certain changes to the /etc/my.cnf, and in my case it was the changing of the datadir from the default /var/lib/mysql to /mysqldatadir

This was what I did when I created the custom directory /mysqldatadir
# mkdir -p /mysqldatadir/mysql
# chown -R mysql:mysql /mysqldatadir
# cp -pR /var/lib/mysql/mysql/*

After of which I tried to start mysqld
# service mysqld start
Initializing MySQL database:  Installing MySQL system tables...
131116 14:04:52 [Warning] Can't create test file /mysqldatadir/jupiter.lower-test
131116 14:04:52 [Warning] Can't create test file /mysqldatadir/jupiter.lower-test
ERROR: 1005  Can't create table 'db' (errno: 13)
131116 14:04:52 [ERROR] Aborting

131116 14:04:52 [Note] /usr/libexec/mysqld: Shutdown complete


Installation of system tables failed!  Examine the logs in
/mysqldatadir for more information.

You can try to start the mysqld daemon with:

    shell> /usr/libexec/mysqld --skip-grant &

and use the command line tool /usr/bin/mysql
to connect to the mysql database and look at the grant tables:

    shell> /usr/bin/mysql -u root mysql
    mysql> show tables

Try 'mysqld --help' if you have problems with paths.  Using --log
gives you a log in /mysqldatadir that may be helpful.

Please consult the MySQL manual section
'Problems running mysql_install_db', and the manual section that
describes problems on your OS.  Another information source are the
MySQL email archives available at http://lists.mysql.com/.

Please check all of the above before mailing us!  And remember, if
you do mail us, you MUST use the /usr/bin/mysqlbug script!

                                                           [FAILED]

Of course, that was when I checked and found out that getenforce was set to Enforced.
# getenforce
Enforcing

Tailed the /var/log/mysqld.log and these were what I could see (and read)

# tail -100 /var/log/mysqld.log
131116 14:06:24 mysqld_safe Starting mysqld daemon with databases from /mysqldatadir
131116 14:06:24 [Warning] Can't create test file /mysqldatadir/jupiter.lower-test
131116 14:06:24 [Warning] Can't create test file /mysqldatadir/jupiter.lower-test
/usr/libexec/mysqld: Table 'mysql.plugin' doesn't exist
131116 14:06:24 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it.
131116 14:06:24  InnoDB: Initializing buffer pool, size = 8.0M
131116 14:06:24  InnoDB: Completed initialization of buffer pool
131116 14:06:24  InnoDB: Operating system error number 13 in a file operation.
InnoDB: The error means mysqld does not have the access rights to
InnoDB: the directory.
InnoDB: File name ./ibdata1
InnoDB: File operation call: 'create'.
InnoDB: Cannot continue operation.
131116 14:06:24 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended

Tailed the /var/audit/audit.log for any denied entry with regards to mysql
# tail -100 /var/log/audit/audit.log | grep -i mysql
type=AVC msg=audit(1384628936.756:96): avc:  denied  { write } for  pid=2157 comm="mysqld" name="mysqldatadir" dev=dm-0 ino=3301 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=dir

type=SYSCALL msg=audit(1384628936.756:96): arch=c000003e syscall=2 success=no exit=-13 a0=7fff98ce2560 a1=42 a2=1b6 a3=7fff98ce2020 items=0 ppid=2055 pid=2157 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=5 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)

type=AVC msg=audit(1384628936.757:97): avc:  denied  { write } for  pid=2157 comm="mysqld" name="mysqldatadir" dev=dm-0 ino=3301 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=dir

type=SYSCALL msg=audit(1384628936.757:97): arch=c000003e syscall=2 success=no exit=-13 a0=7fff98ce2560 a1=42 a2=1b6 a3=fffffffffffffffd items=0 ppid=2055 pid=2157 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=5 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)

type=AVC msg=audit(1384628936.768:98): avc:  denied  { write } for  pid=2157 comm="mysqld" name="mysqldatadir" dev=dm-0 ino=3301 scontext=unconfined_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1384628936.768:98): arch=c000003e syscall=2 success=no exit=-13 a0=7fff98cdf4a0 a1=c2 a2=1b0 a3=0 items=0 ppid=2055 pid=2157 auid=0 uid=27 gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 tty=pts2 ses=5 comm="mysqld" exe="/usr/libexec/mysqld" subj=unconfined_u:system_r:mysqld_t:s0 key=(null)

When I tried my hands on the command semanage (or it's full path /usr/sbin/semanage)
# semanage
-bash: semanage: command not found

Aha! So semanage was not installed, so which package did I have to install in order to get semanage?
# yum whatprovides */semanage

So it looks like I have to install policycoreutils-python in order to be able to use semanage 

# yum install policycoreutils-python

Before I did anything a quick check on the directory /mysqldatadir to check on properties (plus SELinux context, if there was any)
# ls -lZ /mysqldatadir
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 mysql

To fix it, or at least to make mysqld to be able to use the directory /mysqldatadir as it's datadir (as defined in the /etc/my.cnf)

# semanage fcontext -a -t mysqld_db_t "/mysqldatadir(/.*)?"

# restorecon -Rv /mysqldatadir

Start up mysql, and voila!
# service mysqld start
Starting mysqld:                                           [  OK  ]

Generate random alphanumeric strings for passwords

Here's a few

# date +%s | sha256sum | base64 | head -c 32 ; echo

# openssl rand -base64 32

# tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1

# strings /dev/urandom | grep -o ':alnum:' | head -n 30 | tr -d '\n'; echo

And to easily access them, load them into your profile as a function

randpw() {
   len=$1
   if [ -z $len ]; then
      len=12
   fi
   date +%s | sha256sum | base64 | head -c $len; echo;
}

CentOS 6 completing incomplete yum transactions

For those who has twitchy fingers like mine, and whose fingers are always on the Ctrl+C combo like I do. In case if you did happen to cancel a yum transaction just like what I did.

Install yum-utils.
# yum install yum-utils

And then execute
# yum-complete-transaction

CentOS 6 - minimal installation

A note to self, packages that's required after CentOS 6 installation minimal installation is complete.

wget
bind-utils
vim-enhanced
man-pages
perl
man (can you believe they left this one out?)

Wordpress How-To Part Deux

Alright, where was I. Right, mysqld. Time to turn that on.

# service mysqld start

And when you do run this, the mysqld start up script will give an output that will only be displayed when you attempt to start mysqld for the first time. And that is to set a password to the mysql root account and run the /usr/bin/mysql_secure_installation. Now if you have a strict security requirement, you might want to take heed. Well I am going to stick with the /usr/bin/mysql_secure_installation script, since it will make your life so easy, when installing MySQL of course.

What the /usr/bin/mysql_secure_installation will do is pretty much the following:
1. Set a password for the root account
2. Remove all anonymous user account.
3. Disable remote root login, in other words removing any root@'*' entry from the mysql.user table.
4. Drop the database called test
5. Reload privileges, which is typically what you would do when changes are made to the mysql.user table.

I am not going to open up the port 3306 on iptables since the mysql database is going to be running on the same host as where the wordpress is going to be running from.

Right, download the latest wordpress from the link http://wordpress.org/latest.tar.gz

Right, I might have mention that I would be install wordpress from the EPEL yum repository, and as it turns out, the wordpress has all sorts of weird dependencies which I wasn't willing to force (which you can when using yum) and break the dependencies on any other packages that are already installed.

Since I've download the latest wordpress tar ball into the root home directory, extract the tarball into the directory /var/www

# cd /var/www/html
# tar xvfz ~/latest.tar.gz
# mv wordpress blog

Make a copy of the wp-config-sample.php and call it wp-config.php. This should be made from the directory /var/www/html/blog

# cd /var/www/html/blog
# cp -p wp-config-sample.php wp-config.php

Edit the file wp-config.php appropriately, especially the database-related connection parameters.

The next thing that should be done would to change the authentication unique keys and salts. Yep, it a mouthful, but it has to be done (I think, not sure if it's optional). Since this has been mentioned in the installation steps, I thought I should just do as stated in the docs.

Fire up the browser and point it to the URL https://api.wordpress.org/secret-key/1.1/salt/.

Copy and paste the contents into the wp-config.php appropriately.

Apparently I missed out on the php-mysql package. To install it simply run yum install -y php-mysql php-pdo

php-pdo is the dependency require by php-mysql.

Apparently httpd requires a restart after php-mysql has been installed.

Open up your browser again and point it to the URl http://hostname/blog/wp-admin/setup-config.php to start setting up Wordpress.

And voila you know have a running Wordpress copy, hopefully.

Wordpress How-To

Since I'm always not in the habit of jotting the stuffs I do at work, well I'm going to change that for this particular test install.

My bosses seems to be keen in selling SaaS, surprisingly, and they want to know if it's doable. I know for a fact it is doable, but thought I'd do it for well, for work sake.

I'm going to install CentOS 6.4. As a matter of fact, I had installed RHEL 6.3 earlier, but since I don't have a "valid" subscription, I'd skip RHEL and decided to work on CentOS instead.

So, first things first, always update your copy of CentOS or Linux or whichever distribution you pick to install.

The mirror list that is hard coded into the CentOS yum repo list /etc/yum.repos.d does not seem to be working as it should, I wonder why. And I don't know why they haven't gotten this fixed.

Edit /etc/yum.repos.d/CentOS-Base.repo
And remark all mirrorlist configuration parameter and add baseurl=http://mirror.nus.edu.sg/centos/6/centosplus/$basearch/

Replace the text /centosplus/ appropriately. e.g. For updates simply replace it with /updates/.

Yes, I'm going to use a mirror which in Singapore to do my yum updates. And I don't understand why none of the Malaysian mirrors are so unreliable.

First things first, assign an IP address to the first assignable network interface eth0. If you choose to use bonding, I'm not going to cover that for this test install.

Disable IPv6 since nobody out there is using it appropriately still by adding the following into /etc/modprobe.d/dist.conf

# Disable IPv6
alias ipv6 off

And add the following into /etc/sysconfig/network

NETWORKING_IPV6=no

Disable IPv6 ip6tables

# chkconfig ip6tables off

Next would be install all the appropriate patches. Run yum check-update for absolutely no reason except to list all the packages that will be replace when you actually run yum update.

Go gungho and run yum -y update and REBOOT !

Apparently I picked basic install, and as it turns out I don't have wget installed, run yum install -y wget. Once that's done download the EPEL yum repository rpm. You're going to be installing, well I'm going to be installed some packages from Fedora Project's EPEL repository.

# wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Install the EPEL yum repository rpm package file
# rpm -ivh epel-release-5-4.noarch.rpm

Apparently wordpress is available for install from Fedora's EPEL yum repository, surprisingly enough.

Install php (version 5.3.3) by running yum install php. The dependencies that are required for the php installing are
apr
apr-util
apr-util-ldap
httpd (version 2.2.15)
httpd-tools
libedit
mailcap
php-cli
php-common

Next, install mysql-server (version 5.1.69), by running yum install -y mysql-server. And the dependencies are, in no particular order:
mysql
perl
perl-DBD-MySQL
per-DBI
perl-Module-Pluggable
perl-Pod-Escapes
perl-Pod-Simple
perl-libs
perl-version

Enable httpd to after the next reboot. And don't forget to start it up either

# chkconfig httpd on
# service httpd start

Since iptables is turned on by default allow port 80 on iptables by adding the following into the /etc/sysconfig/ipfilter

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Restart iptables

# service iptables restart

There's a possible chance that the HTTPS might be used, so you can always add the HTTPS port of 443 later if you need to.

Since this is going to be a lengthy post. I am going to end this right here. I'll be continuing the later part of the install under a different entry.

Solaris 11 - root as a role

This is a little bit something a colleague of mine had mentioned about the root account/role.

Upon completing an installation, if you choose not to create a normal user account when being prompted to, root will be configured as a normal account with its appropriate root privileges.

And if you happen to decide to install Solaris 11 with a normal user account when prompted, the root account will be revert to being a role instead of a normal account (with root privileges, of course).

To verify if root is a role instead of a normal account, running the following command would yield an empty output:
# grep root /etc/user_attr

Or rather if you display the content (using cat) of the file /etc/user_attr, it should only display the text below
# cat /etc/user_attr
#
# The system provided entries are stored in different files
# under "/etc/user_attr.d".  They should not be copied to this file.
#
# Only local changes should be stored in this file.
# This line should be kept in this file or it will be overwritten.
#

If root is indeed a role, you should be able to see the following
# grep root /etc/user_attr
root::::type=role

If root is indeed a role, to revert root to being a normal account, meaning you can login with it:
# rolemod -K type=normal root

To change the account root to being a role
# usermod -K type=role root

To assign any normal account shahmatd with the root role
# usermod -R root shahmatd

Oracle ASM - locating disks by serial numbers

This 'ere is a little something I picked up while trying to attend one of Oracle's Field Change Order for the Oracle Database Appliance, where I was tasked to replace 10 600GB SAS hard disk drives.

As it turns out the disks are being managed by Oracle ASM. Never in the world have I worked on this before and before you know it I was googling away.

Basically the only information I had was the serial number of the Oracle Database Appliance, of which I will refer to as ODA henceforth, the number of disks that are to be replaced, the serial numbers, and well that's pretty much it.

Armed with some knowledge, the equipment model and make, plus the disks (model and make too), I asked the chap, well the customer who was tasked by his superiors to look after this ODA. A really nice Malay chap. Yeah, and so he had first helped me out by pulling out one of those KVM consoles that is used to access to the ODA. And once he logged in, oh well, I can see that it's running on Oracle's OEL 5 update 7 to be precise.

The first thing I had to figure out what, I need to match which disks corresponds physically with the list of serial numbers I had in hand. As it turns out the ODA had a nifty too used to interact with the OAK. OAK, as of writing is the Oracle Appliance Manager. So far I only know it handles all the nitty gritty disks stuffs. It manages disks that is discovered by OS, invokes gparted (apparently) and give name to the disks according to the enclosure and slot numbers. Pretty neat eh?

Alright, so in order to find out which disk corresponds to which serial number, I invoked:

grid@cs-oa1 $ /u01/app/oracle/grid/bin/oak show disk | awk '{print $1}'
pd_00
pd_01
...
..
pd_23

This particular ODA has 2 slots for two SATA disks, which is basically installed with Oracle's OEL, this is located at the back of the ODA. While at the front, there are 24 slots that has been designated slot where the data disks would be.

To find out what the details of the disk, such as the status, the disk name, the multipath name, the current active disk name, etc. I had invoked the following:

grid@cs-oda1 $ oakcli show disk pd_00 | egrep -i "diskid|multipathlist|serial|slotnum|sate|prevusrdevname|usrdevname|state"
        DiskId          :       35000cca02aae9414
        IState          :       0
        MultiPathList   :       |/dev/sdan||/dev/sdd|
        PrevState       :       0
        PrevUsrDevName  :
        SerialNum       :       001238K30BJL
        SlotNum         :       4
        State           :       Online
        StateChangeTs   :       1372319243
        StateDetails    :       Good
        UsrDevName      :       HDD_E0_S04_716084244

Armed with this knowledge I wrote a little script to find out the disk that needs to be replaced based on the list of serial numbers I had. Let's call it findserial.sh

#!/bin/sh

ORACLE_HOME=/u01/app/oracle/grid
ORACLE_SID=+ASM1
PATH=$ORACLE_HOME/bin:$PATH

export ORACLE_HOME ORACLE_SID PATH

disks=`oak show disk | awk '{print $1}'`

for serial in `cat serials.txt`; do
   for disk in $disks
      disk_serial=`oak show $disk | grep -i serialnum | awk '{print $3}'`
      echo $serial | grep "^$disk_serial$" 1>&2 >/dev/null; found_serial=$?
      if [ $found_serial -eq 0 ];
         echo "Found $disk:$disk_serial"
      fi
   done
done

On the other hand I create a text that contains the list of serial numbers.

grid@cs-oda1 # cat serials.txt
1238K2UW2L
1238K302JL
...
..

So when I ran the script the output would look something like the following:

grid@cs-oda1 $ ./findserial.sh
Found pd_10:1238K2UW2L
Found pd_18:1238K302JL

Another good feature of the OAK cli, it can be used to lit up the amber light LED on the corresponding disk

grid@cs-oda1 $ oak locate disk pd_00 on

The locate disk command can be integrated with the findserial.sh script mentioned above by adding it after the  line

       echo "Found $disk:$disk_serial"
       oakcli locate disk $disk on

Fire it up and voila the list of disk will be lit up based on the serial numbers contained in the text file serials.txt.

MegaRAID

Just a little something a bud and myself experienced with the cryptic MegaRAID cli commands and if you happen to hate the MegaRAID WebBios like most people do and that would include myself.

MegaCli64 important parameters

-aX or All, where X is the adapter number 0 or 1, etc

-PhysDrv [E:S] refers to the particular physical disk, where E is the enclosure ID and S is the slot number of the physical disk

To find out what is the enclosure ID, refer to the enclosure info output

e.g.

 In case there is a single LSI MegaRAID adapter, if the enclosure ID is 252 and the disk that is supposed to be replaced is Slot 5 (in actual fact it is Slot 6, the slot number starts from 0). So the format of the [E:S] is [252:5].

- To view adapter info, this will tell you how many LSI MegaRAID adapters are there installed

MegaCli64 -AdpAllInfo -aAll

- To view the enclosure info

MegaCli -EncInfo -aALL

- To view the list of all virtual disks that is connected to the LSI MegaRAID adapters

MegaCli64 -LDInfo -Lall -aALL

- To view the list of all physical disks that is connected to the LSI MegaRAID adapters

MegaCli64 -PDList -aALL

- To view the information of a particular physical disk

MegaCli64 -PDInfo -PhysDrv [E:S] -aALL

- To set the state of a particular disk to offline

MegaCli64 -PDOffline -PhysDrv [E:S] -aX

- To set the state of a particular disk to online

MegaCli64 -PDOnline -PhysDrv [E:S] -aX

- To mark a physical disk as missing, used specifically for disk replacement

MegaCli64 -PDMarkMissing -PhysDrv [E:S] -aX

- To prepare a physical for removal

MegaCli64 -PDPrpRmv -PhysDrv [E:S] -aX

- To replace a missing drive

MegaCli64 -PDReplaceMissing -PhysDrv [E:S] -ArrayM -rowN -aX

- To rebuild a drive

MegaCli64 -PDRbld -Start -PhysDrv [E:S] -aX

MegaCli64 -PDRbld -Stop -PhysDrv [E:S] -aX

MegaCli64 -PDRbld -ShowProg - PhysDrv [E:S] -aX

- To change the status of particular disk from bad to good, or from Unconfigured-Bad to Unconfigured-Good, this is especially useful when a disk has been removed abruptly without properly removing the disk from a particular virtual drive by abruptly pluggin the disk out of it's slot

MegaCli64 -PDMakeGood -PhysDrv [E:S] -aX

To change/replace a drive that is a part of a mirror logical disk

- In the case of the disk replacement we did in RHB, the faulty disk is on slot 5 (6th slot) on enclosure with the ID of 252 on adapter 0

1. Set the drive offline, if it is already not offline

MegaCli64 -PDOffline -PhysDrv [252:5] -a0

2. Mark the drive as missing

MegaCli64 -PDMarkMissing -PhysDrv [252:5] -a0

3. Prepare drive for removal

MegaCli64 -PDPrpRmv -PhysDrv [252:5] -a0

4. Physically remove the disk from the slot, and plug in the new disk

5. Add the new disk back to the affected virtual drive and start rebuilding.

MegaCli64 -PDReplaceMissing -PhysDrv [252:5] -Array2 -row1 -a0

MegaCli64 -PDRbld -Start -PhysDrv [252:5] -a0

6. To view the progress of the rebuild 

MegaCli64 -PDRbld -ShowProg -PhysDrv [252:5] -a0

A note on step 4, how do you find out which Array number was affected by the bad disk, we can get find this out by viewing the status of all the logical disk configured on the HBA card (by running MegaCli64 -LDInfo -Lall -aALL) the status of the logical drive should have been marked as degraded.

Another note on step 4, how do you want to now which row the disk is logically at (this row number does not correspond to the slot number). You can find this out by running (MegaCli –PdGetMissing -a0, hopefully you won't have more that one disk missing/removed manually by your goodself)

To replace a drive that is the designated hotspare on a RAID-5 logical disk, well maybe next time.

gnome 3 sucks, and so does kde

And I am going to stick with Linux Mint 14 codenamed Nadia. Pretty decent of them to keep Gnome 2 which I think they may have somewhat forked it from GNOME, and they call it NATE or was it? I'm in no way very good with names, except for pretty looking colourful pictures.

Compiling rpm for httpd on RHEL 5.7

I have had the pleasure of knowing that I (possibly) will be deploying the Apache Web server (httpd) version 2.2.22 on a Red Hat Enterprise Linux (RHEL) 5.7. The Apache web server that is included in this release of RHEL is of version 2.0.49. Apparently version 2.2.x isn't included in this release of RHEL.

First things first, I would need the source code for the Apache Web server (httpd) version 2.2.22 from http://archive.apache.org/dist/httpd/

I have had problems compiling the older apr and apr-util, apparently due to some bug which I can't be bother to get them patched, so I decided to use the latest version, available from http://apr.apache.org/download.cgi

Using yum, your friendly Yellowdog Updater Modified, download and install the following packages. Why is doxygen in the list, I have no idea why, apparently it is required by apr.

# yum install -y rpm-build make m4 gcc gcc-c++ autoconf automake ncurses-devel redhat-rpm-config expat-devel freetds-devel unix-ODBC-devel libtool doxygen e2fsprogs-devel db4-devel postgresql-devel mysql-devel sqlite-devel openldap-devel openssl-devel nss-devel distcache-devel

Oh yeah, what is apr, apr stands for Apache Portable Runtime, what it's used for, please read http://apr.apache.org/, all I can say is it's for you to perform certain modifications to the Apache Web server, or in other words runtime, without having to recompile or reinstall or restart the httpd service, among others.

First compile apr
Download apr-1.4.6 and apr-util-1.5.1 (the latest as of this writing)
Move them over to /usr/src/redhat/SOURCES

# mv ~/apr-1.4.6.tar.gz /usr/src/redhat/SOURCES
# mv ~/apr-util-1.5.1.tar.gz /usr/src/redhat/SOURCES

Build the rpm, yep it's quite that straightforward.

# cd /usr/src/redhat
# rpmbuild -tb --clean SOURCES/apr-1.4.6.tar.gz

If the compilation/rpm creation is successful, you should be getting the following messages, you should be getting a lot besides the ones shown below:

.....

Wrote: /usr/src/redhat/RPMS/x86_64/apr-1.4.6-1.x86_64.rpm
Wrote: /usr/src/redhat/RPMS/x86_64/apr-devel-1.4.6-1.x86_64.rpm
Wrote: /usr/src/redhat/RPMS/x86_64/apr-debuginfo-1.4.6-1.x86_64.rpm
.....

When you're seeing the above messages, this means all three apr rpm has been create and can be found under the directory /usr/src/redhat/RPMS/x86_64. As of this writing, I am compiling/creating the rpm using a 64-bit version of CentOS 5.7. And yes, RHEL 5.7 and CentOS 5.7 are binary compatible.

Once that is done, install apr and apr-devel, you'll need this to compile apr-util.

# cd /usr/src/redhat
# rpm -Uvh RPMS/x86_64/apr-1.4.6.x64_64.rpm RPMS/x86_64/apr-devel-1.4.6.x86_64.rpm

Secondly, compile apr-util
Extract the apr-util tarball appropriately, in my case, I had it extracted in /usr/src/redhat/BUILD

# cd /usr/src/redhat/BUILD
# tar xvfz ../SOURCES/apr-util-1.5.1.tar.gz

Copy the apr-util.spec out and into /usr/src/redhat/SPECS

# cp apr-util.spec ../SPECS

Edit the apr-util.spec, and locate the following line

BuildRequires: expat-devel, libuuid-devel

And change it to

BuildRequires: expat-devel, e2fsprogs-devel

libuuid-devel is apparently missing from CentOS/RHEL 5.7 and instead it is owned by the e2fsprogs-devel package

Locate another line that looks like this:

make check || exit 1

And change it to, for some weird reason, which I can't be bothered to find out why :D the when make and ultimately testing during execution of make, testcrypto will fail. Changing 'exit 1' to 'continue' will make the even after failing testcypto portion during execution of make (quite a mouthful isn't it)

make check || continue

And build the rpm, and voila!

# rpmbuild --clean -ba SPECS/apr-util.spec

You will see these messages if the build is completed successfully.

.....
Wrote: /usr/src/redhat/SRPMS/apr-util-1.5.1-1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-devel-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-dbm-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-pgsql-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-mysql-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-sqlite-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-freetds-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-odbc-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-ldap-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-openssl-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-nss-1.5.1-1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/apr-util-debuginfo-1.5.1-1.i386.rpm
.....

Install apr-util and apr-util-devel, which is needed for the next build, and that's for httpd

# rpm -Uvh RPMS/x86_64/apr-util-1.5.1.x86_64.rpm RPMS/x86_64/apr-util-devel-1.5.1.x86_64.rpm

Lastly, build httpd-2.2.22

# rpm -Uvh RPMS/x86_64/httpd-devel-2.2.22-1.x86_64.rpm RPMS/x86_64/httpd-2.2.22-1.x86_64.rpm RPMS/x86_64/mod_ssl-2.2.22-1.x86_64

One final thing, apxs

Oh and in case, should there be a need to manually build dso modules. e.g. mod_jk
Edit the file /usr/lib64/httpd/build/config_vars.mk, locate

exp_installbuilddir = some path

And change it to

exp_installbuilddir = /usr/lib64/httpd/build

Oh and bear in mind that this method will have all DSO modules enabled which makes this install bulky, so pick and choose which modules that you might need. Or otherwise you'll need to manually remark or disable some of the modules.

Oracle tablespaces

Here's a bunch of sql commands I use to check for tablespace utilization

SET LINESIZE 209
SET PAGESIZE 26
SET FEEDBACK OFF
SET HEADING ON
SET TIMING OFF
SET ECHO OFF
SET UNDERLINE =

VARIABLE xxx CHAR(200)

COLUMN "Tablespace" FORMAT A16
/* COLUMN "Initial extent(Mb)" FORMAT 999,999 */
COLUMN "Status" FORMAT a7
/* COLUMN "Next extent(MB)" FORMAT 999,999 */
/* COLUMN "Max extents" FORMAT 99,999,999,999 */
/* COLUMN "Pct_increase" FORMAT 999 */
COLUMN "USED SIZE(Mb)" FORMAT 9,999,999,999
/* COLUMN "USED BLOCKS" FORMAT 999,999,999 */
COLUMN "USED USAGE" FORMAT A10
COLUMN "FREE SIZE(Mb)" FORMAT 9,999,999,999
/* COLUMN "FREE BLOCKS" FORMAT 999,999,999 */
COLUMN "FREE USAGE" FORMAT A10
COLUMN "TOTAL SIZE(Mb)" FORMAT 99,999,999,999
/* COLUMN "TOTAL BLOCKS" FORMAT 9999,999,999 */
BREAK ON "Tablespace"
DECLARE
CURSOR c1 IS SELECT 'Print Date:'||to_char(sysdate,'yyyy/mm/dd hh24:mi:ss')||' ***** Tablespace InFORMATion from DataBase :'||name||' Instance:'||instance||' *****' xxx
FROM v$database,v$thread
WHERE rownum=1;
BEGIN
OPEN c1;
FETCH c1 INTO :xxx;
CLOSE c1;
END;
/

SET PAGESIZE 1
PRINT xxx
SET PAGESIZE 24

SELECT SUBSTR(A.tablespace_name,1,16) "Tablespace",
MAX(A.contents) "Type",
MAX(A.status) "Status",
/* MAX(A.initial_extent)/1024 "Initial extent(Kb)", */
/* MAX(A.next_extent)/1024 "Next extent(Kb)", */
/* MAX(A.max_extents) "Max extents", */
/* MAX(A.pct_increase) "Pct_increase", */
(SUM(B.BYTES)*COUNT(DISTINCT B.FILE_ID)/COUNT(B.FILE_ID)/1024/1024)-(ROUND(SUM(C.BYTES)/1024/1024/COUNT(DISTINCT B.FILE_ID))) "USED SIZE(Mb)",
/* (SUM(B.BLOCKS)*COUNT(DISTINCT B.FILE_ID)/COUNT(B.FILE_ID))-(SUM(C.BLOCKS)/COUNT(DISTINCT B.FILE_ID)) "USED BLOCKS", */
TO_CHAR(100-(SUM(C.BLOCKS)*100*COUNT(B.FILE_ID)/(SUM(B.BLOCKS)*COUNT(DISTINCT B.FILE_ID)))/COUNT(DISTINCT B.FILE_ID),'999.99')||'%' "USED USAGE",
ROUND(SUM(C.BYTES)/1024/1024/COUNT(DISTINCT B.FILE_ID)) "FREE SIZE(MB)",
/* SUM(C.BLOCKS)/COUNT(DISTINCT B.FILE_ID) "FREE BLOCKS", */
TO_CHAR((SUM(C.BLOCKS)*100*COUNT(B.FILE_ID)/(SUM(B.BLOCKS)*COUNT(DISTINCT B.FILE_ID)))/COUNT(DISTINCT B.FILE_ID),'999.99')||'%' "FREE USAGE",
SUM(B.BYTES)*COUNT(DISTINCT B.FILE_ID)/COUNT(B.FILE_ID)/1024/1024 "TOTAL SIZE(Mb)"
/* SUM(B.BLOCKS)*COUNT(DISTINCT B.FILE_ID)/COUNT(B.FILE_ID) "TOTAL BLOCKS"  */
FROM dba_tablespaces A,
DBA_DATA_FILES B,
DBA_FREE_SPACE C
WHERE A.TABLESPACE_NAME=B.TABLESPACE_NAME
AND A.TABLESPACE_NAME=C.TABLESPACE_NAME
GROUP BY A.TABLESPACE_NAME
ORDER BY 1;
TTITLE OFF
BTITLE OFF
SET FEEDBACK ON

EXIT

Keeping up with time, as in system time, windows system time

Here a techie note entry,

I like to do stuffs the command line way, and here a way to configure windows time server on Windows 2008 R2. Open the command prompt, and enter these

C:\> w32tm /config /manualpeerlist:pool.ntp.org,0x8 /syncfromflags:MANUAL
C:\> net stop w32time
C:\> net start w32time

To verify if the configuration which you had just applied is correct, perform a status query

C:\>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 4 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0312500s
Root Dispersion: 16.0100000s
ReferenceId: 0x0A3D0A14 (source IP:  10.61.10.20)
Last Successful Sync Time: 2013-02-15 05:40:59
Source: pool.ntp.org,0x8
Poll Interval: 10 (1024s)
And voila !