PostgreSQL cheat sheet

Reference: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-14-04

sudo -i -u postgres

psql


1. To create a user

#create user unais with password '123';

==> To make superuser

#alter user unais with superuser;
select * from sessions limit 10;
2. To create database

#create database dbname;

3. To grant all privileges on a db to a user

#grant all privileges on database dbname to dbuser;

4. To log in to a single database

psql -U unais dbname;

If peer authentication fails, edit /etc/postgresql/9.1/main/pg_hba.conf

local              all                                     postgres                     all

TO

local             all                                      postgres                     md5

Peer authentication

The peer authentication method works by obtaining the client's operating system user name from the kernel and using it as the allowed database user name (with optional user name mapping). This method is only supported on local connections.

Password authentication

The password-based authentication methods are md5 and password. These methods operate similarly except for the way that the password is sent across the connection, namely MD5-hashed and clear-text respectively.

If you are at all concerned about password "sniffing" attacks then md5 is preferred. Plain password should always be avoided if possible. However, md5 cannot be used with the db_user_namespace feature. If the connection is protected by SSL encryption then password can be used safely (though SSL certificate authentication might be a better choice if one is depending on using SSL).

And then reload PostgreSQL

5. Error while loading application over browser

psql: FATAL: Peer authentication failed for user

Change in pg_hba.conf

local  all  all  peer    TO    local  all  all  trust

6. To list all the databases

# \list

6. To list all the tables

#\dt

6. To list roles

\du

6. To give permission to a user/role on a database where another user has full permission

GRANT user1 to user2;

then check using du -

                              List of roles
 Role name |                   Attributes                   | Member of
-----------+------------------------------------------------+------------
 db1     | Superuser, Create role, Create DB, Replication | {}
 user1  | Create DB                                      | {}
 postgres  | Superuser, Create role, Create DB, Replication | {}
 user2                                                                      {user1}                                                                            

6. To list limited entry or rows

#select * from table_name limit 10;

7. To truncate a table

TRUNCATE TABLE  table_name;

8. To list size of tables of a database in descending order

SELECT relname, relpages FROM pg_class ORDER BY relpages DESC;

9. To check version 

#psql -V 

All about cron jobs

http://www.thegeekstuff.com/2009/06/15-practical-crontab-examples/

tcp and udp

http://www.diffen.com/difference/TCP_vs_UDP

S3cmd tool

S3cmd sync
=========

 A bit more powerful is sync – the path names handling is the same as was just explained. However the important difference is that sync first checks the list and details of the files already present at the destination, compares with the local files and only uploads the ones that either are not present remotely or have a different size or md5 checksum. If you ran all the above examples you’ll get a similar output to the following one from a sync:

~/demo$ s3cmd sync  ./  s3://s3tools-demo/some/path/
dir2/file2-1.log -> s3://s3tools-demo/some/path/dir2/file2-1.log  [1 of 2]
dir2/file2-2.txt -> s3://s3tools-demo/some/path/dir2/file2-2.txt  [2 of 2]

As you can see only the files that we haven’t uploaded yet, that is those from dir2, were now sync‘ed. Now modify for instance dir1/file1-2.txt and see what happens. In this run we’ll first check with —dry-run to see what would be uploaded. We’ll also add —delete-removed to get a list of files that exist remotely but are no longer present locally (or perhaps just have different names here):

~/demo$ s3cmd sync --dry-run --delete-removed ~/demo/ s3://s3tools-demo/some/path/
delete: s3://s3tools-demo/some/path/file1-1.txt
delete: s3://s3tools-demo/some/path/file1-2.txt
upload: ~/demo/dir1/file1-2.txt -> s3://s3tools-demo/some/path/dir1/file1-2.txt
WARNING: Exiting now because of --dry-run

So there are two files to delete – they’re those that were uploaded without dir1/ prefix in one of the previous examples. And also one file to be uploaded — dir1/file1-2.txt, the file that we’ve just modified.

Sometimes you don’t want to compare checksums and sizes of the remote vs local files and only want to upload those that are new. For that use the —skip-existing option:

~/demo$ s3cmd sync --dry-run --skip-existing --delete-removed ~/demo/ 
              s3://s3tools-demo/some/path/
delete: s3://s3tools-demo/some/path/file1-1.txt
delete: s3://s3tools-demo/some/path/file1-2.txt
WARNING: Exiting now because of --dry-run

See? Nothing to upload in this case because dir1/file1-2.txt already exists in S3. With a different content, indeed, but --skip-existing only checks for the file presence, not the content.

http://s3tools.org/s3cmd-howto

https://github.com/s3tools/s3cmd



Bucket policy example

##############################################################

{
"Id": "Policy1416407058443",
"Statement": [

  {
   "Sid": "Stmt1416407056513",
   "Action": "s3:*",
   "Effect": "Allow",
   "Resource": "arn:aws:s3:::phab-server/*",
   "Principal": {
    "AWS": [
     "*"
    ]
   }
  }

]
}

##############################################################

Puppet - install and configuration

https://docs.puppetlabs.com/
https://www.digitalocean.com/community/tutorials/how-to-install-puppet-to-manage-your-server-infrastructure


Foreman to manage Puppet Nodes

How to optimize php

http://www.radinks.com/upload/config.php

http://www.cyberciti.biz/faq/apache-limiting-upload-size/

sed command

http://www.grymoire.com/unix/sed.html

Shell shock

https://community.oracle.com/thread/3612626

Google Online Security Blog: Gradually sunsetting SHA-1

Google Online Security Blog: Gradually sunsetting SHA-1

Linux process management

It is always a good practice to find out/categorize processes running on a server based on their cpu and memory (RAM) usage. We can terminate/kill the unwanted processes causing high cpu load or memory consumption.

Here I use the process management application 'ps':

To view all running processes on the system we use

[root@server ~]# ps -aux

These options tell ps to show processes owned by all users (regardless of their terminal association) in a user-friendly format.

a - All processes except both session leaders and processes not associated with a terminal

u - Select by effective user ID (EUID) or name

x - also show processes not attached to a terminal

0 - User defined format

Top 10 cpu consuming processes

 [root@server ~]# ps axo stat,ruser,%cpu,comm,pid,euser | sort -nr | head -n 10

stat - status of the process

ruser - real user

%cpu - percentage of cpu utilized by process.

comm - command

Top 10 memory consuming processes

[root@server ~]# ps axo stat,ruser,%mem,comm,pid,euser | sort -nr | head -n 10

Useful Links -

http://www.cyberciti.biz/faq/show-all-running-processes-in-linux/

http://www.binarytides.com/linux-ps-command/

https://www.digitalocean.com/community/tutorials/how-to-use-ps-kill-and-nice-to-manage-processes-in-linux

PhpMyAdmin and Memcache

I have come across this issue several times on a cpanel server.
Cannot start session without errors in phpMyAdmin

I found that we could only temporarily fixed this issue. Phpmyadmin has to work with sessions in files and it is not developed to work with memcache. So to avoid problems edit the file: libraries/session.inc.php


1. Include this line at the top of the file:

ini_set(‘session.save_path’, “/tmp/”);

2. Uncomment line (line around 74)

ini_set(‘session.save_handler’, ‘files’);

How to block email from a specific address on a cPanel/WHM or other web server using Exim

With EXIM, you can setup filters that can perform a large number of tasks, like blocking message, or blind copying messages to other email addresses.  In this case, I’m going to create a filter to cause an email coming from a specific sender to fail (the email address I use to send the email in PHP). What you’ll want to do is find your System Filter File for EXIM.  In WHM, you can find this file listed in your EXIM Configuration Editor about half way down the page. Once you’ve located the file, log into SSH and edit the file.

pico /path/to/your/file

Then enter the following filter into the file and save it:

if first_delivery
and ( ("$h_from:" contains "emailtoblock@mydomain.com")
)
then fail
endif

If you’d like a copy of the email sent to you after the message fails so you can make sure it is correctly formatted, just add one line:

if first_delivery
and ( ("$h_from:" contains "emailtoblock@mydomain.com")
)
then
unseen deliver "youremail@yourdomain.com"
fail
endif

I suggest you read up more about EXIM filtering for more advanced functions. Where I Learned This: I found the solution the Imthiaz Blog and the Exim Documentation.

Exim Configuration Manager:basic editor

There will be a warning in Filter configuration File: /etc/cpanel_exim_system_filter

Exim filter
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#  cPanel System Filter for EXIM                                                                                #
#  VERSION = 2.0                                                                                                #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!      #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#   Direct modifications to the /etc/cpanel_exim_system_filter file will be lost when the configuration is      #
#   next rebuilt. To have modifications retained, please use one of the following options:                      #
#                                                                                                               #
#    1)                                                                                                         #
#      * Place each sysfilter block you wish to include in a unique file at:                                    #
#            /usr/local/cpanel/etc/exim/sysfilter/options/                                                      #
#      * Enable or disable the custom block in WHM using:                                                       #
#          Service Configuration => Exim Configuration Manager => Filters => Custom Filter: [your unique file]  #
#                                                                                                               #
#    2)                                                                                                         #
#      * Create a custom sysfilter file in /etc/                                                                #
#      * Change the location of the sysfilter file in WHM using:                                                #
#          Service Configuration => Exim Configuration Manager => Filters => System Filter File                 #
#                                                                                                               #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!      #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#                                                                                                               #
#  Only process once                                                                                            #
#                                                                                                               #
# # # # # # # # # # # # # # # # # # # # #

So I created this simple php file on /usr/local/cpanel/etc/exim/sysfilter/options and it was visible in the WHM filter.

SPI (SaaS, PaaS, IaaS) model in cloud

SaaS

Cloud application services or “Software as a Service” (SaaS) are probably the most popular form of cloud computing and are easy to use. SaaS uses the Web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the clients’ side. Most SaaS applications can be run directly from a Web browser, without any downloads or installations required. SaaS eliminates the need to install and run applications on individual computers. With SaaS, it’s easy for enterprises to streamline their maintenance and support, because everything can be managed by vendors: applications, runtime, data, middleware, O/S, virtualization, servers, storage, and networking. Gmail is one famous example of an SaaS mail provider.

PaaS

The most complex of the three, cloud platform services or “Platform as a Service” (PaaS) deliver computational resources through a platform. What developers gain with PaaS is a framework they can build upon to develop or customize applications. PaaS makes the development, testing, and deployment of applications quick, simple, and cost-effective, eliminating the need to buy the underlying layers of hardware and software. One comparison between SaaS vs. PaaS has to do with what aspects must be managed by users, rather than providers: With PaaS, vendors still manage runtime, middleware, O/S, virtualization, servers, storage, and networking, but users manage applications and data.
PaaS provides the computing infrastructure, the hardware, and the platforms that are installed on top of the hardware. Similar to the way that you might create macros in Excel, PaaS allows you to create applications using software components that are controlled by a third-party vendor. PaaS is highly scalable , and users don’t have to worry about platform upgrades or having their site go down during maintenance. Users who benefit most from PaaS include companies who want to increase the effectiveness and interactivity of a large staff. For the needs of larger companies and independent software vendors, Apprenda is one provider of a private cloud PaaS for .NET and Java business-application development and deployment.


IaaS

Cloud infrastructure services, known as “Infrastructure as a Service” (IaaS), deliver computer infrastructure (such as a platform virtualization environment), storage, and networking. Instead of having to purchase software, servers, or network equipment, users can buy these as a fully outsourced service that is usually billed according to the amount of resources consumed. Basically, in exchange for a rental fee, a third party allows you to install a virtual server on their IT infrastructure. Compared to SaaS and PaaS, IaaS users are responsible for managing more: applications, data, runtime, middleware, and O/S. Vendors still manage virtualization, servers, hard drives, storage, and networking. What users gain with IaaS is infrastructure on top of which they can install any required platforms. Users are responsible for updating these if new versions are released.

See some explaining diagrams:

Classification of Cloud service providers