MySQL accepts network connections

Make sure skip-networking is commented out in my.cnf file.

Test with: netstat -antulp | grep LISTEN

tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      2297/snmpd          
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      4485/mysqld         
tcp        0      0 :::22                       :::*                        LISTEN      2334/sshd

The mysqld entry will not be listed if MySQL is not accepting network connections.

nmap

EXAMPLES:
 nmap -sR -p 1-65535 servername (RPC scan on all TCP ports)
 nmap -sR -sU -p 1-65535 servername (RPC scan on all UDP ports)

 Find hosts on a network
 nmap -sL network
 Find if host is up on a network
 nmap -sP network
 Find open TCP ports on a host without pinging and determine host OS
 sudo nmap -sT -PN -O serverIP

Cisco ASA 0 SYN Timeout

The following solution was found here: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml

I was having issues connecting to my load balancers and we seeing in the Cisco logs that the TCP connection was being built but then getting torn down with the following error:

Teardown TCP connection 90 for outside:172.22.1.1/80 to inside:192.168.1.50/1107 duration 0:00:30 bytes 0 SYN Timeout

The syslog message indicates the connection closed because the of SYN timeout. This tells the administrator that no application X server responses were received by the ASA. Syslog message termination reasons can vary.

The SYN timeout gets logged because of a forced connection termination after 30 seconds that occurs after the three-way handshake completion. This issue usually occurs if the server fails to respond to a connection request, and, in most cases, is not related to the configuration on PIX/ASA.

Sure enough my load balancers had an incorrect default gateway!

Apache Virtual Hosts Examples

If you want multiple VirtualHosts on the same IP address and port you are going to require a NamedVirtualHost directive.

If you are configuring multiple virtual hosts on different IP addresses but all on the same port you do NOT require the NamedVirtualHost directive.

If you are configuring multiple virtual hosts on the same IP address but different ports you do not require the NamedVirtualHost directive.

NOTE: You can run a combination of all of the above if you wish!

You can specify a range of port to listen on as well.

Listen 40000:40500

Putting /etc Under Subversion (SVN)

Instructions taken from here: http://www.barryodonovan.com/index.php/2007/04/25/putting-etc-under-subversion-svn

A Google for the above took some work to locate the exact recipe I wanted for this. The problem is that one really needs to do an ‘in-place’ import. The solution was fromSubversion‘s own FAQs (specifically this) which is reproduced here with some changes:

# svn mkdir svn+ssh://user@host/srv/svn-repository/hosts/host1/etc \
         -m "Make a directory in the repository to correspond to /etc for this host"
# cd /etc
# svn checkout svn+ssh://user@host/srv/svn-repository/hosts/host1/etc .
# svn add *
# svn commit -m "Initial version of this host's config files"

The commit is failing due to propset eol-style errors.  To set the native svn properties for all files under etc you can run this command:

find . -type f -exec svn propset svn:eol-style native {} \;

There was a pre-commit script that was blocking uploading of files with svn:special property set.  Excluding svn:special files out of the check allowed me to commit! Sweet!

Here’s a handy script to add multiple new files to the svn repo by having installed many packages or something that would cause a bunch of files to be added to /etc.

svn st | grep "^?" | awk '{ print $2}' | while read f; do svn add $f; done
svn ci -m "Adding files after extracted tar from prod server"
svn st | grep "^A" | awk '{ print $2}' | while read f; do svn propset svn:eol-style native $f; done

To set svn:special property on a symbolic link:

svn propset svn:special native path/to/symlink

Do NOT set svn:special on actual directories or you will get an:

Svn error: .. has unexpectedly changed special status

To resolve this remove the svn:special property on all directories:

svn st | grep "^~" | awk '{print $2}' | while read f; do svn propdel svn:special $f; done

Remove a directory from subversion control

find /path/to/directory -name .svn -exec rm -rf {} \;

Juniper EX4200 Virtual Chassis setup

Note: Use these steps at your own risk. These were performed on NON-PRODUCTION hardware.

Steps and troubleshooting taken from here: http://www.juniper.net/techpubs/en_US/junos10.4/topics/example/virtual-chassis-ex4200-basic.html

NOTE: Follow these steps to setup Virtual Chassis configuration.  If you have already connected the virtual chassis make sure you are connected to the master!!!  If not, the eazy setup will try to put 192.168.1.1 on int0/0/0 and if you are connected to the backup that will not exist! To get around this power off the backup and disconnect the virtual chassis and then follow the steps below!

Step-by-Step Procedure
To configure a Virtual Chassis with master and backup:

#1 Make sure the VCPs on the rear panel of the member switches are properly cabled. See Virtual Chassis Cabling Configuration Examples for EX4200 Switches.
#2 Power on SWA-0 (the member switch that you want to function as the master). '''Make sure to leave the second switch powered off!!!'''
#3 Check the front-panel LCD to confirm that the switch has powered on correctly.
#4 Run the EZSetup program on SWA-0, specifying the identification parameters. See Connecting and Configuring an EX Series Switch (CLI Procedure) or Connecting and Configuring an EX Series Switch (J-Web Procedure) for details.
#5 Configure SWA-0 with the virtual management Ethernet (VME) interface for out-of-band management of the Virtual Chassis configuration, if desired.<br>[edit]<br>user@SWA-0# set interfaces vme unit 0 family inet address /ip-address/mask/
#6 Power on SWA-1.

Cisco ASA Active/Standby Failover

NOTE: Use these instructions at your own risk!!! They were performed on a Dev environment and not production env.

Here are brief instructions on how to configure a LAN based Active/Standby failover for a Cisco ASA 5510 series. The interfaces are as follows:

Note: the IP addresses were picked at random and are just for example purposes only

int Ethernet0/0: 129.136.22.0/29 (For ASA1 .1 and ASA2 .2)

int Ethernet0/1: 77.127.246.0/25 (For ASA1 .1 and ASA2 .2)

int Ethernet0/2: 192.168.10.0/24 (For ASA1 .1 and ASA2 .2)

int Ethernet0/3 (Failover LAN interface)

On the primary unit run the following commands:

# conf t

(config)# conf interface Ethernet0/0

(config-if)# ip address 129.136.22.1 255.255.255.248 standby 129.136.22.2

(config-if)# Ctrl-Z

# conf t

(config)# conf interface Ethernet0/1

(config-if)# ip address 77.127.246.1 255.255.255.128 standby 77.127.246.2

(config-if)# Ctrl-Z

# conf t

(config)# conf interface Ethernet0/2

(config-if)# ip address 192.168.10.1 255.255.255.0 standby 192.168.10.2

(config-if)# Ctrl-Z

# conf t

(config)# conf interface Ethernet0/3

(config-if)# description LAN Failover Interface

Before configuring anything else on the primary make sure to configure the above commands on the secondary first!!!

On the secondary unit:

# conf t

(config)# failover

(config)# failover lan unit secondary

(config)# failover lan interface FailoverLinkName Ethernet0/3

(config)# failover key ************

(config)# failover interface ip FailoverLinkName 1.1.1.1 2552.55.255.252 standby 1.1.1.2

Note: If you don’t want to monitor an interface for failure use the next command:

(config)# no monitor-interface InterfaceName

Now back over to the primary unit:

# conf t

(config)# failover

(config)# failover lan unit primary

(config)# failover lan interface FailoverLinkName Ethernet0/3

(config)# failover key ************

(config)# failover interface ip FailoverLinkName 1.1.1.1 2552.55.255.252 standby 1.1.1.2

Note: If you don’t want to monitor an interface for failure use the next command:

(config)# no monitor-interface InterfaceName

You should see a statement from the device saying something like syncing from primary or something like that.