Tips And Tricks Archive

Installing Katello

What is Katello?

The official definition according to the Katello website:

“Katello brings the full power of content management alongside the provisioning and configuration capabilities of Foreman.

In short Katello is a plugin for Foreman. The two have been combined and are shipped as one by the developers. It adds the ability for provisioning and deployment with Puppet from Foreman and merges the control and management of local yum and puppet repositories with Katello.

Installing Katello

I have found installing Katello a bit tricky as the documentation is lacking at time. Katello offers two ways of installing the first by adding the appropriate repositories and initializing the installation. To be honest I have never been able to install Katello this way. Which is probably why they came up with the second method utilizing  Katello Deploy. Now don’t be fooled as this install method has a trick up it’s sleeve also.

Katello deploy instructions are quite simple. Checkout the code from git and run the install command. But here is where it gets tricky as checking out the master branch will probably give you the same issues I faced when trying to install. You instead need to checkout the KATELLO-2.4 branch. This branch contain the official release version of Katello 2.4.

So following modifying the official instructions from the repository:

  1. ssh to target machine as root
  2. Install git and ruby   yum install -y git ruby
  3. Clone the repository  git clone https://github.com/Katello/katello-deploy.git
  4. Enter the repository  cd katello-deploy
  5. Checkout KATELLO-2.4  git checkout KATELLO-2.4
  6. Install Katello  ./setup.rb --version 2.4

Once installation is done you will be presented with login information for you Katello install.

Helpful Links

What is Shellshock?

What is the Shellshock Bash Vulnerability?

Shellshock is a recently discovered vulnerability that allows attackers to execute code on a system and set environment variables. The variables could be used to execute other more powerful commands.

What is Bash?

Bash stands for Bourne Again Shell. Bash was first released in 1989, the bug was introduced in version 1.14 and has been in place till version 4.3. This makes the vulnerability over 20 years old.

How do I know if my system is vulnerable to Shellshock?

To verify if your system is vulnerable, first you need to be running Bash. If you have Bash installed, executing the following command will output if you are vulnerable or not.

If your system is vulnerable the following result will be displayed on your screen:

If you got the message displayed above you will need to update your Bash installation.

If your system is not vulnerable to Shellshock then the following will be output to your screen:

How to patch my machines against Shellshock?

Patching against Shellshock is as easy as updating Bash on the machine. Below are the commands for updating the various Linux operating systems:

Centos, Fedora, or Red Hat

 Debian or Ubuntu

 

How To Calculate A PostgreSQL Database Size

Knowing where you stand on disk usage is really important in a database. The last thing you want to do is run out of disk space. The following tutorial will list some simple commands to help you find or calculate the disk usage of several PostgreSQL objects. This includes tables, indexes, views, tablespaces, and so on. For the following examples I used the PostgreSQL 9.3.2

How to find the largest table in a PostgreSQL database

To get the largest table we need to query the pg_class table. This is a catalog containing pretty much anything that has columns or is similar to a table. We can get the ten largest tables with the following query:

Once we execute the query we get our results:

Defining the above SELECT:

  • relname is the name of the object. This could be a table, index, or view
  • relpages is the  size of the given table in pages. This is only an estimate and is updated periodically.
  • relkind is the type of object and is defined as follows: r = ordinary table, i = index, S = sequence, v = view, m = materialized view, c = composite type, t = TOAST table, f = foreign table.

A note on pg_toast tables. TOAST (The Oversized-Attribute Storage Technique) tables are created when the data set of a table is too big. By default PostgreSQL uses 8kB page sizes. If tuples are larger than 8kB they cannot span multiple pages. To fix this, large values are compressed and split up into multiple physical rows.

How to find the largest index, sequence, view, materialized view, or composite type in a PostgreSQL database

Similar to our query for finding the largest table, however now we look for a different type of relkind value.

How to calculate the disk space used by a PostgreSQL database

The pg_database_size() function will return the file size in bytes of a given database. It only accepts one parameter which is the database name.

The output is returned in bytes. To print out the size in a more user friendly format we can call the same pg_database_size() function, but this time we pass it into pg_size_pretty().

How to calculate the disk space used by a PostgreSQL table

There are two functions for retrieving the disk usage of a table. The first, pg_relation_size() which returns the size of a table excluding the index.

The second option, pg_total_relation_size() which will include the index and toasted data.

How to calculate the index size of a table

pg_indexes_size() returns the physical disk usage of only indexes for a particular table.

How to calculate the size of a PostgreSQL tablespace

Lastly we calculate the size of tablespaces, this we do with the function pg_tablespace_size().

 

SSH Public Key Authentication

Public key authentication is not only more convenient than entering a password but also far more secure. On any given day your server or machine if SSH is on default port 22 and you have a public IP, it will probably receive at least 1,000 login attempts. These are all automated processes created in order to gain access to a server. They are not after your server, but they are after any server they can get their hands on.

When you generate a public key you are creating a random encrypted password, which is not easily hacked and tied to your particular machine. Only the machine that has the matching private key will be able to gain access.

The steps for generating a public key are rather simple. First generate a private and public key on the local machine, then copy the public key to the host. It’s that simple, but let’s go through all the steps:

1. Generate the public key

Make sure you are logged as the user you want to generate a public key for. To generate the public and private key we are going to use the ssh-keygen command.

If you notice I passed the argument -t rsa this specifies that I want to use the rsa protocol for generating the key. I also did not enter a password. You may enter a password if you wish. It would defeat the purpose of password less authentication but it will make login more secure.

If you look at your home directory, there is now a .ssh folder. This contains your private and public key.

id_rsa is your private key and id_rsa.pub your public key.

2. Prepare your host to receive the public key

To copy your public key to your host you need access to it. So of course you need to have a password.

In order to copy over the public key we need to create the .ssh folder on your host. Login as your user and in your home directory create a .ssh folder and chmod it to 700.

We also need to create the authorized_keys file, this is where we will copy out public key into. This file contains all of the public keys that are authorized to login to this machine.

3. Copy the public key to your host

Go back to your machine and make sure you are logged in as the user you generated the public and private keys for.

Type in the following to copy over your public key. Replace YOUR_USERNAME with your user and YOUR_HOSTNAME_OR_IP with your host’s hostname or ip. The command will ask you for your password since you haven’t yet added the public key to the host.

Your public key is now setup on your host. You can now ssh into your host without the need of a password:

4. Optional – Delete your password from the host machine

If you want to be really secure, you can delete your password from the host. This will ensure that only the machine with the private key will have access to this user. Note, that if you ever lose the private key you will lose access to the host.

 

The Time Command

Often while executing commands in the command line interface I find myself nervous or anxious. Particularly if I am working in a production machine because I don’t know if and when a command I issued is going to finish. Knowing how long a command is going to take is very useful as I would be able to anticipate it’s completion instead of waiting and looking at a black and white terminal with no progress for hours. This is where the time command is very useful.

The time command is essentially a wrapper for any command executed in a terminal. The time command must precede any other command to be executed, for example:

The above command will copy big_file.tar.gz to big_file_copy.tar.gz and will return how long it took.

The time command will output to standard error three pieces of information. The elapsed real time, this is how long it took from the start of the call to it’s termination. The user CPU time, which is the CPU time spent executing the instructions from the command issued. The last bit of information is the system CPU time. The system CPU contains the time it took to execute the tasks from the command issued.

If we view the output of the copy command we issued earlier

We can see that it took 23 minutes to run through the entire command execution, from me hitting enter until the file was copied to it’s new location. Roughly 360ms for the CPU to execute all command related to cp , and about 1 minute and 25 seconds for the CPU to execute the tasks needed by cp to copy a file.

As you can see the time command is very useful as it allows you to time how long a command takes to execute. You can use it to benchmark scripts that you created, find out how long something is going to take before actually implementing it on a production machine, or you just want to know for curiosity sake.