How Do You Get Apache Web Server Configuration File Changes To Take Effect without Interrupting the Service?

Problem scenario
You want to change the main configuration file for Apache web server (e.g., httpd.conf). But you do not want to drop current web surfers viewing the website. How do you change a security module or listening port for an Apache web server and have the changes take effect without interrupting the service by doing a regular restart?

Solution
Use the "graceful" directive. The exact command depends on the distribution of Linux that is running apache.

To learn more about it, see one of the links below:
https://www.cyberciti.biz/faq/apache-2-reload-httpd-config-file-unix-linux-command/
https://www.liquidweb.com/kb/restarting-services-from-the-command-line/

Explanation
Behind the scenes signals are sent to a [web service] process. SIGHUP would interrupt the service.* SIGUSR1 would be a signal that would facilitate a graceful reloading and prevent interruption.*

*Taken from https://www.liquidweb.com/kb/restarting-services-from-the-command-line/

For further context and knowledge you may want to read this related posting.

How Do You Troubleshoot the Installation of Apache Accumulo on Linux?

Problem scenario
You are trying to install open source Accumulo on Linux. You have two GB of swap space. You have installed Java, Hadoop, and Zookeeper. You have run the bootstrap_config.sh script for Accumulo 1.9.2.

You run this (and expected it to work): /bin/accumulo-1.9.2/bin/accumulo init

But you get this error:

OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N 2019-03-20 17:21:56,705 [start.Main] ERROR: Problem initializing the class loader java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.accumulo.start.Main.getClassLoader(Main.java:101) at org.apache.accumulo.start.Main.main(Main.java:48) Caused by: java.lang.NoClassDefFoundError: org/apache/commons/logging/LogFactory at org.apache.commons.vfs2.impl.DefaultFileSystemManager.(DefaultFileSystemManager.java:136) at org.apache.accumulo.start.classloader.vfs.AccumuloVFSClassLoader.generateVfs(AccumuloVFSClassLoader.java:258) at org.apache.accumulo.start.classloader.vfs.AccumuloVFSClassLoader.getClassLoader(AccumuloVFSClassLoader.java:210) ... 6 more Caused by: java.lang.ClassNotFoundException: org.apache.commons.logging.LogFactory at java.net.URLClassLoader.findClass(URLClassLoader.java:382) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at org.apache.accumulo.start.classloader.AccumuloClassLoader$2.loadClass(AccumuloClassLoader.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 9 more Exception in thread "Thread-0" java.lang.NoClassDefFoundError: org/apache/commons/io/FileUtils at org.apache.accumulo.start.classloader.vfs.AccumuloVFSClassLoader.close(AccumuloVFSClassLoader.java:425) at org.apache.accumulo.start.classloader.vfs.AccumuloVFSClassLoader$AccumuloVFSClassLoaderShutdownThread.run(AccumuloVFSClassLoader.java:75) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.ClassNotFoundException: org.apache.commons.io.FileUtils at java.net.URLClassLoader.findClass(URLClassLoader.java:382) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at org.apache.accumulo.start.classloader.AccumuloClassLoader$2.loadClass(AccumuloClassLoader.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 3 more

You have modified this script purely for troubleshooting purposes: /bin/accumulo-1.9.2/bin/accumulo

You have it print out the $CLASSPATH variable when it runs. In two directories that you see when you run it (before it errors out), you have copied the commons-io-2.5.jar file. This way two directories definitely have the .jar file. You changed the permissions and ownership of these files to various permissive settings. You kept reproducing the problem after you did this. The problem even happens when you log in as root and start HDFS and Yarn and then run accumulo init. Why are you getting the error above when the commons-io-2.5.jar file is present in the classpath? How do you install Accumulo and run the accumulo init script?

Solution
Modify the accumulo-site.xml file. It may be here on your server: /usr/bin/accumulo-1.9.2/conf/accumulo-site.xml

Determine the version of Hadoop you are using (e.g., 2 or 3, or something else). This example will be for Hadoop 3. Add the third line in the below section (you'll see lines 1, 2, and 4 below in the file above; the third line needs to be added):

  <!-- Hadoop 3 requirements -->
  $HADOOP_PREFIX/share/hadoop/client/[^.].*.jar,
  $HADOOP_PREFIX/share/hadoop/common/lib/.*.jar,
  <!-- End Hadoop 3 requirements -->

How Do You Set Up a Multi-Node Cluster of Zookeeper?

Problem scenario
You want to set up Zookeeper with three nodes in AWS. What do you do?

Solution
1. Install Zookeeper on each of the servers. If you need assistance with this, see this posting.

2. Modify the zoo.cfg file on each of the servers. Add stanzas like these but substitute foobarX.amazonaws.com with the Public DNS name of each server:

server.1=foobar1.amazonaws.com:2888:3888
server.2=foobar2.amazonaws.com:2888:3888
server.3=foobar3.amazonaws.com:2888:3888
initLimit=5
syncLimit=5

3. The assignment of server.1, server.2, and server.3 should each be the exact same. That is, zoo.cfg should be the same on each server.

4. Create a file /var/zookeeper/myid on each server. The value should be either a 1, 2, or 3 based on the server.X assignments above. So the server with the Public DNS name of foobar2.amazonaws.com should have a file /var/zookeeper/id with "2" (with no quotes) because it was assigned in zoo.cfg with the value server.2.

5. Make sure the Security Group governing the servers allow for connectivity based on the internal IP address of each server. The servers need to communicate with each other.

6. Go to your zookeeper directory (e.g., /bin/zookeeper-3.4.13/) and go to the bin subdirectory there in.

7. Run this command: sudo bash zkServer.sh start-foreground

How Do You Create a Database in MongoDB Not Using using Compass (the GUI)?

Problem scenario
You want to create a database in MongoDB using the CLI. How do you do this from a Linux server and then add a document to the database you just created?

Solution
Prerequisite
Install MongoDB on a Linux server; if you need assistance, see this posting.

Procedures

1.a. Enter the MongoDB shell: /usr/bin/mongo

1.b. If you were able to enter the MongoDB shell, skip directly to step #2. If the command is not found, run this: sudo find / -name mongo | grep bin
1.b.i. Run the file that was found in 1.b.

2. Run a command such as this (but replace "contint" with the new name of a database): use contint

3. Run a command such as this: db.inventory.insertOne( { item: "silk", qty: 35, tags: ["silk"], size: { h: 24, w: 39.5, uom: "in" } } )

4. View the content running a command such as this: db.inventory.find( {} )

What Is The Difference between an A Record and a PTR Record in DNS?

Problem scenario
You have heard of A records and PTR records. But you do not know the difference. What is the difference?

Solution
The short answer is that they are opposites of each other in the context of DNS.

An A record maps a domain name to an IP address (pg 858 of A Practical Guide to Fedora and Red Hat Enterprise Linux).

A PTR record maps a host name to an IP address (pg 859 of A Practical Guide to Fedora and Red Hat Enterprise Linux).

They are complementary. Depending on what you need to find and what you have (e.g., a host name vs. an IP address), the two can help you configure your network.

How Do You Do Variable Expansion with an Ansible Playbook without Introducing Punctuation?

Problem scenario
You use a variable in an Ansible playbook. The value of the variable is surrounded by quotes and brackets. You may refer to it as punctuation [""]. You want to assign the variable without the new symbols such as '[""]'. How do you get just the value and no punctuation?

Solution
Do not use quotes or square brackets "[]" around the variable.

Here is an example that will provide the variable without any extra punctuation:
shell: 'echo {{ ansible_hostname }} > /tmp/date.txt'

Here is an example that will include new symbols:
shell: 'echo "{{ [ansible_hostname] }}" > /tmp/date.txt'

You may also want to see How Do You Get an Ansible Variable to Not Add Single Quotes or Brackets when the Variable Is Substituted?.

How Do You Use the least_conn Directive in an Nginx Configuration File?

Problem scenario
You have configured Nginx to be an HTTP load balancer (a web server configured to behave as a landing portal that enables traffic to pass through).  As a reverse proxy with built-in keywords you have use the "least_conn" directive, but it does not seem to be working.  You want inbound network connection requests from your users via web browsers to be relayed to the web servers with the fewest (or least) amount of active connections.  Any Nginx server can work as a reverse proxy server like this.  In your instance you find that the special heuristic of conveying traffic to the available web server with the fewest current connections is not happening. 

You have placed the "least_conn;" directive in an "upstream backend {}" block in the /etc/nginx/conf.d/default.conf file of the distributor Nginx web server configured to be an HTTP load balancer.  However there is no evidence that the traffic is being routed to the underlying Nginx servers with the fewest connections.  Based on your testing, the traffic is evenly divided among the web servers with no regard for how many active connections persist.  This is consistent with the round-robin distribution method, Nginx's default routing mechanism.  It is as if the least_conn directive has been commented out.  What is wrong?

Solution
#1  Are the web pages small?  If they are purely text and less than 200 lines, that may be the reason.  When the web pages from at least one web server are very large, then the download process takes more time.  Individual connections of longer duration associated with bigger web pages (more than 1 MB) are more likely to be detected by the Nginx algorithm for traffic distribution purposes.  Active connections may have such a short duration that within your testing, the round robin method appears to be the prevailing distribution algorithm.  The round robin method is used if there are equal numbers of connections on each of the available web servers -- even when the least_conn directive has been used.  Unless there are unequal active connections on the web server the least_conn directive will have any influence.  Moreover, connections can be so short temporally with default "Welcome to Nginx" index.html pages, the least_conn will have no noticeable affect.  To test properly, copy some text to create the pages being downloaded to be disparate in size with at least one web server having a a web page that is 1 MB in size.

In a typical Nginx deployment, the index.html file is located here:  /usr/share/nginx/html/index.html

If you first installed Apache web sever before Nginx, the Nginx web service may present the /var/www/html/index.html file as the default web page.  You may want to modify it so the size  of at least one web page is VERY large.  This crucial to getting a test that will prove least_conn is working.

#2  Have you brought down Nginx services and brought them back up?  For the least_conn directive to take  effect for the first time, the Nginx service must be restarted.

#3  Are you testing properly?  Ideally you have two computers or servers that can both make web-based client requests that also perform comparably with reads/writes of web pages.  This way you can simulate a load of traffic simultaneously. Bandwidth, RAM, CPU, and hard disk I/O performance are all  factors.  A big difference could mean that that automated scripts are not running at exactly the same time.  Thus your simulated load is not creating active connections to test.  You should used cronjobs (with Unix/Linux servers) or Scheduled Tasks (with Windows  servers).  The activated task should be a script that repeatedly downloads the web page.  Once the job on each server has been invoked at a synchronized time for web-request contention, the script should save the the downloaded pages by appending them to the same file.  Ideally the content of the pages have something identifiable to the web server it came from (a unique string from its web server).  Once you have two aggregate files from two downloading processes that happened contemporaneously, you can use either Bash or PowerShell to count the identifying strings.  This way you can see evidence of which web server had the least connections and which had the most connections.

If the web page on one web server takes considerably longer, it will have more connections to it than the other web server.  But this is only apparent if there definitely are more active connections to one server than another.  Web servers must have different sizes of index.html files (or whatever file you are downloading from them) to be noticeable.

FYI
We tested Nginx in Docker containers as both the HTTP load balancer and as a web server.  The least_conn directive can work in this scenario (with Nginx in Docker as a reverse proxy relaying inbound connections to Nginx in Docker containers web servers).

FFR
If you want to need to troubleshoot problems with your Nginx load balancer, see this link.

How Do You Know if kubectl Is Installed on Your Linux Server?

One or both of the following scenarios applies.

Problem scenario #1
Try to install kubectl, but you get an error message about it being installed.

Problem scenario #2
You run "man kubectl" but you see no man page. You still think kubectl is installed.

What should you do?

Solution
Run this command: kubectl version
The results should give you some clues as to what is wrong. You may want to see this posting if you are using a Red Hat derivative or this posting for any distribution of Linux.

What is SELinux?

Question
What is SELinux?

Answer
Security-Enhanced Linux (or SELinux) is a kernel module that can be installed and turned on in a Linux server. It categorizes files, hardware resources and processes; to learn more see this posting. It has the ability to restrict access to these categories. If a server is designated as an application server, a database server, or a web server, the relevant processes can be given minimal access. This allows you to harden a server according to the principle of least privilege. SELinux allows for configurable policies to protect your server.

Without SELinux, a typical Linux server will merely use Discretionary Access Control (with server users and groups) (page 472 of A Practical Guide to Fedora and Red Hat Enterprise Linux). This book provides a link to the selinuxproject.org. SELinux was originally "developed by the NSA (U.S. National Security Agency" (page 472 of A Practical Guide to Fedora and Red Hat Enterprise Linux).

You may want to view the posting Can the Kernel Access Hardware Directly?.

How Do You Troubleshoot The Kerberos Error ‘kinit: Cannot find KDC for realm “CONTINUALINTEGRATION.COM” while getting initial credentials’?

Problem Scenario
You run a "kinit" command. But you receive this: 

'kinit: Cannot find KDC for realm "CONTINUALINTEGRATION.COM" while getting initial credentials'

What should you do?

Solution
Look at the /etc/krb5.conf file. Look at the REALM section. Does it look like this?

[realms]
EXAMPLE.COM =

You need to change "EXAMPLE.COM" to your domain name.

Look also at the libdefaults section. There is a stanza for default_realm. This assignment must be consistent with the [realms] section.