Generate Wildcard SSL for Apache 2.x using OpenSSL
openssl req -new -newkey rsa:2048 -nodes -keyout star.domain.key -out star.domain.csr
Convert an Apache Cert and Key to IIS format
openssl pkcs12 -export -out star.domain.pfx -inkey star.domain.key -in star.domain.crt
Import Key into IIS from pfx format:
  1. Start > Run
  2. Type in MMC and click GO
  3. Go into the Console Tab > select Add/Remove Snap-in
  4. Click on Add > Double Click on Certificates and click on Add > OK
  5. Select Computer Account
  6. Select Local Computer
  7. Click the + to Expand the Certificates Console Tree
  8. Right click on the Personal Certificates Store
  9. Choose > ALL TASKS > Import
  10. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
  11. In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
  12. Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
  13. If you are asked what you want to do with the current certificate on the site, choose to remove it, finish the wizard, and click the server certificate button to run the wizard again.
  14. Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported and supply the password used to create the pfx file.
  15. Finish the certificate wizard.
  16. Restart the server.

Extract values within quotes from com...

Extract values within quotes from command output on Linux using perl

For example:
To obtain all values within quotes from the output of a jstack command you could

 ./jstack <pid> |perl -lne 'print $1 if (/"(.*)"/)' 

and if you wanted a count of how many quoted values there are

 ./jstack 23545 |perl -lne 'print $1 if (/"(.*)"/)' |wc -l

Oracle on Linux RMAN from Netbackup t...

Oracle on Linux RMAN from Netbackup to Avamar Backup Client


I recently migrated some Oracle 10g and 11g RHEL 5 VM’s and Physical boxes from Netbackup based clients to Avamar clients with the RMAN plugin. I will create a separate post regarding automation of the AvamarClient setup and focus on the RMAN configuration for event/client driven backup here.

First thing I did before automating any of the processes was to download the required docs and binaries from the Avamar web interface. There is a Documents and Downloads link at the bottom of the page of the following sample url:

http://avamarservernameorip

Then I downloaded the Avamar Oracle Client User Guide and the appropriate binaries for the platform from the right hand column, for example:

AvamarClient-linux-rhel4-x86_64-5.0.101-32.rpm

AvamarRMAN-linux-rhel4-x86_64-5.0.101-32.rpm

Also, ask your friendly EMC Avamar installer to provide a copy of AvOracleRMAN.pdf and AvOracleDatabasePrep.pdf which provide a lot more detail than the Client User Guide.

Installation and registration of the Avamar Client

1. As root cd to location of downloaded rpms

2. Type rpm -ivh AvamarClient-linux-rhel4-x86_64-5.0.101-32.rpm

3. Type /usr/local/avamar/bin/avregister

4. Enter the fqdn of the Administrator server when prompted [avamarserver.domain.com]

5. Enter the Avamar server domain [clients] when prompted

6. The Avamar Client installation is now complete

Installation of the AvamarRMAN Plugin

1. As root cd to location of downloaded rpms

2. Type rpm -ivh AvamarRMAN-linux-rhel4-x86_64-5.0.101-32.rpm

3. Update iptables with following rules to allow secure backups and also update any firewalls to allow backup through these ports:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 28002 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 27000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 29000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8672 -j ACCEPT

4. Create a new user account that will have access to backup/restore jobs on the domain containing the Oracle backup jobs using the Avamar Administrator Console.

5. Create a my-avtar-flags.txt file for linux in /usr/local/avamar/bin containing:
–pidname=Oracle
–pidnum=1002
–logfile=/usr/local/avamar/var/avtar.log
–vardir=/usr/local/avamar/var
–id=[userid from prior step]
–ap=[password from prior step]
–path=[/domain/oracleservername]
–expires=[number in days]

6. Create RMAN scripts (avorabackup and avorarestore) that can be launched with cron or scheduler of your choosing, examples below:

launch this example backup script from a file named avorabackup as follows:


       rman target / nocatalog @avorabackup


run {

configure device type sbt clear;

allocate channel c1 type ‘SBT_TAPE’ PARMS=”SBT_LIBRARY=/usr/local/avamar/lib/libobk_avamar64.so, ENV=(PATH=/bin:/usr/bin:/usr/local/avamar/bin)” format ‘%d_%U’;

send ‘”–flagfile=/usr/local/avamar/bin/my-avtar-flags.txt” ‘;

send ‘”–sysdir=/usr/local/avamar/etc” “–bindir=/usr/local/avamar/bin” “–vardir=/usr/local/avamar/var”‘;

configure retention policy to recovery window of 10 days;

configure retention policy to redundancy 2;

backup database plus archivelog;

delete noprompt obsolete;

crosscheck backupset;

release channel c1;

}


launch this example restore script from a file named avorarestore as follows:


     rman target / nocatalog @avorarestore


run {

allocate channel c1 type ‘SBT_TAPE’ PARMS=”SBT_LIBRARY=/usr/local/avamar/lib/libobk_avamar64.so, ENV=(PATH=/bin:/usr/bin:/usr/local/avamar/bin)” format ‘%d_%U’;

send channel=’c1′ ‘”–flagfile=/usr/local/avamar/bin/my-avtar-flags.txt” ‘;

send ‘”–sysdir=/usr/local/avamar/etc” “–bindir=/usr/local/avamar/bin” “–vardir=/usr/local/avamar/var”‘;

restore database;

recover database;

release channel c1;

}