Difference between revisions of "Linux Tools"
(41 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
This page is a collection of various and often unrelated bits of information available elsewhere but kept | This page is a collection of various and often unrelated bits of information available elsewhere but kept | ||
here for quick reference and occasionally useful in building a functional system in the Linux environment. | here for quick reference and occasionally useful in building a functional system in the Linux environment. | ||
− | + | For ease of access, a lot of the information previously contained here has been factored out into separate | |
− | + | articles accessible via the navigation sidebar on the left. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=Remote Access and Execution= | =Remote Access and Execution= | ||
Line 111: | Line 14: | ||
==ssh== | ==ssh== | ||
− | + | ||
+ | <h4>Installation and keys</h4> | ||
You'll need to run the '''sshd''' service on every machine you want to connect to. On Linux, this is most frequently '''openssh-server''' and it can be trivially installed. Make sure there is a ssh entry in /etc/services, with the desired port number. | You'll need to run the '''sshd''' service on every machine you want to connect to. On Linux, this is most frequently '''openssh-server''' and it can be trivially installed. Make sure there is a ssh entry in /etc/services, with the desired port number. | ||
Line 150: | Line 54: | ||
The '-X' option is needed to enable X11 forwarding in a connection established in this manner. | The '-X' option is needed to enable X11 forwarding in a connection established in this manner. | ||
− | + | <h4>Tunnels</h4> | |
Using proxies at BNL: | Using proxies at BNL: | ||
<pre>ssh -L 8080:130.199.23.54:3128 yourAccount@your.gateway.bnl.gov</pre> | <pre>ssh -L 8080:130.199.23.54:3128 yourAccount@your.gateway.bnl.gov</pre> | ||
Line 164: | Line 68: | ||
</pre> | </pre> | ||
− | The above gives you access to the remote port 8000 on the local machine via localhost:8000. For example, this | + | The above gives you access to the remote port 8000 on the local machine via localhost:8000. For example, this works for accessing a machine |
+ | on the internal CERN netword via http: | ||
<pre> | <pre> | ||
ssh -L 8008:neutdqm.cern.ch:8008 user@lxplus015.cern.ch | ssh -L 8008:neutdqm.cern.ch:8008 user@lxplus015.cern.ch | ||
</pre> | </pre> | ||
− | If there is a need to access a HTTPS site, port number 443 needs to be forwarded | + | If there is a need to access a HTTPS site, port number 443 needs to be forwarded. Forwarding to low-numbered ports (e.g. forwarding 443 remote to 443 local) |
+ | will require sudo or root on most systems. | ||
− | + | If there is a certificate issue it needs to be resolved either in the browser, or, if wget is used, by applying the --no-check-certificate option. | |
− | There are cases when key-based auth is not suitable and one has to use passwords with ssh. To automate logging in one may choose to install and use the "sshpass" utility, provided the credentials you supply are not stored in the open. | + | |
+ | |||
+ | <h4>Password Automation</h4> | ||
+ | There are a few cases when key-based auth is not suitable and one has to use passwords with ssh. To automate logging in one may choose to install and use the "sshpass" utility, provided the credentials you supply are not stored in the open. To force the password authentication method instead of the public key this option can be used: | ||
+ | <pre> | ||
+ | -o PubkeyAuthentication=no | ||
+ | </pre> | ||
+ | |||
+ | <h4>Windows clients</h4> | ||
+ | Once in a while you may need to use a Windows client to connect to various services via ssh. In Windows 10 there is a variation of steps to get the ssh client(s) operational depending on the software release. The more recent updates (as of Spring 2019) have OpenSSH installed under Windows\System32\OpenSSH, with the usual complement of tools. | ||
==telnet== | ==telnet== | ||
Line 235: | Line 150: | ||
</pre> | </pre> | ||
− | = | + | ==curl== |
+ | |||
+ | To post a form: | ||
<pre> | <pre> | ||
− | + | curl -X POST -F 'username=minime' -F 'password=something' http://blah.com | |
+ | curl -X POST -F 'username=minime' -H "Content-Type: application/x-www-form-urlencoded" http://blah.com | ||
</pre> | </pre> | ||
=Miscellania= | =Miscellania= | ||
− | ==User Management== | + | |
+ | ==Linux Version and Distribution== | ||
+ | |||
+ | <pre> | ||
+ | cat /etc/os-release | ||
+ | lsb_release -a | ||
+ | hostnamectl | ||
+ | # Linux kernel version: | ||
+ | uname -r | ||
+ | </pre> | ||
+ | |||
+ | This seems to work reliably: | ||
+ | <pre> | ||
+ | cat /proc/version | ||
+ | </pre> | ||
+ | |||
+ | Also, | ||
+ | <pre> | ||
+ | cat /etc/*release | ||
+ | # or | ||
+ | cat /etc/issue* | ||
+ | # or | ||
+ | cat /proc/version | ||
+ | </pre> | ||
+ | |||
+ | ==Linux User Management== | ||
https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-centos-quickstart | https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-centos-quickstart | ||
Line 256: | Line 199: | ||
</pre> | </pre> | ||
− | By default, on CentOS, members of the wheel group have sudo privileges. | + | By default, on CentOS, members of the ''wheel'' group have sudo privileges. |
==Network== | ==Network== | ||
Line 277: | Line 220: | ||
<pre> | <pre> | ||
sudo service network-manager restart | sudo service network-manager restart | ||
+ | </pre> | ||
+ | |||
+ | An extremely useful command (at least on Ubuntu) - lists IPs, DNSs etc: | ||
+ | <pre> | ||
+ | nmcli device show | ||
+ | </pre> | ||
+ | |||
+ | To see what process is listening on a given port: | ||
+ | <pre> | ||
+ | lsof -i :8000 | ||
</pre> | </pre> | ||
Line 340: | Line 293: | ||
f=$(basename /home/maxim/JOB.html) | f=$(basename /home/maxim/JOB.html) | ||
echo $f | echo $f | ||
+ | </pre> | ||
+ | |||
+ | ==SUDO== | ||
+ | To change the password prompt timeout for sudo, you will need to run the command ''sudo visudo'' (which is the way to safely edit the ''sudoers'' file) and modify the following line by adding the timeout clause set to the desired number of minutes: | ||
+ | <pre> | ||
+ | Defaults env_reset, timestamp_timeout=XX | ||
</pre> | </pre> | ||
Line 359: | Line 318: | ||
xrdadler32 | xrdadler32 | ||
</pre> | </pre> | ||
+ | ==CVMFS== | ||
− | + | https://cernvm.cern.ch/portal/filesystem/downloads | |
− | |||
− | |||
− | // | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
− | sudo apt-get install | + | sudo apt-get install cvmfs cvmfs-config-default |
− | + | https://cernvm.cern.ch/portal/filesystem/quickstart | |
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | == | + | ==Encrypt a directory== |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
− | + | tar cz myDir/ | mcrypt -k myPassword > myDir.z.nc | |
− | |||
</pre> | </pre> | ||
=Version Control (git)= | =Version Control (git)= | ||
+ | [[ Git ]] | ||
+ | |||
==Starting out== | ==Starting out== | ||
Notify git of your identity and ID: | Notify git of your identity and ID: | ||
Line 430: | Line 340: | ||
git config --global user.email "yourname@yoursite.yourdomain" | git config --global user.email "yourname@yoursite.yourdomain" | ||
git config --global user.name yourID | git config --global user.name yourID | ||
+ | </pre> | ||
+ | Pick a better editor for commit messages: | ||
+ | <pre> | ||
+ | git config --global core.editor "nano" | ||
</pre> | </pre> | ||
Line 481: | Line 395: | ||
</pre> | </pre> | ||
− | To remove two last commits: | + | To remove two or one last commits: |
<pre> | <pre> | ||
git reset --hard HEAD~2 | git reset --hard HEAD~2 | ||
+ | git reset --hard HEAD~1 | ||
</pre> | </pre> | ||
− | |||
==gitHub quirks == | ==gitHub quirks == | ||
− | Sometimes a cloned repo will end up in a state where you can't push local content. Things you might want to try: | + | Sometimes a cloned repo will end up in a state where you can't push local content. Things you might want to try this: |
<pre> | <pre> | ||
− | git remote set-url origin https:// | + | git remote set-url origin https://myNameOnGithub@github.com/DUNE/dqmconfig.git |
</pre> | </pre> | ||
Line 497: | Line 411: | ||
<pre> | <pre> | ||
unset SSH_ASKPASS | unset SSH_ASKPASS | ||
+ | </pre> | ||
+ | |||
+ | ==Empty Commit== | ||
+ | When you need to trigger an action on GitHub or in other similar situation the following | ||
+ | "empty commit" can be used (and then pushed): | ||
+ | <pre> | ||
+ | git commit -m 'rebuild pages' --allow-empty | ||
</pre> | </pre> | ||
Line 515: | Line 436: | ||
gets rid of the "rc" but they are just harmless cruft). | gets rid of the "rc" but they are just harmless cruft). | ||
− | =HTCondor= | + | =Setting the environment for HTCondor= |
It is often desirable to dynamically modify the content of the condor submit file (typically | It is often desirable to dynamically modify the content of the condor submit file (typically |
Latest revision as of 23:31, 30 November 2020
Contents
About this page
This page is a collection of various and often unrelated bits of information available elsewhere but kept here for quick reference and occasionally useful in building a functional system in the Linux environment. For ease of access, a lot of the information previously contained here has been factored out into separate articles accessible via the navigation sidebar on the left.
Remote Access and Execution
Overview
It is convenient to control a few machines from a single host. Typically ssh is used for this purpose, but if security is not a concern (e.g. then the network is strictly local) telnet can be also used as a quick solution. It will also server to "bootstrap" ssh connectivity i.e. debug ssh configuration remotely to make it operational.
Among advantages of ssh is X11 forwarding, which functionality telnet does not have.
ssh
Installation and keys
You'll need to run the sshd service on every machine you want to connect to. On Linux, this is most frequently openssh-server and it can be trivially installed. Make sure there is a ssh entry in /etc/services, with the desired port number.
To be used productively, private and public keys will need to be generated or imported as necessary. For the private/public key pair to work, public keys should be added to the file ".ssh/authorized_keys". A matching private key must be loaded to an identity managing service (e.g. ssh-agent in case of Linux) on the machine from which you are going to connect. If it's not cached, you will likely be prompted to enter the passphrase for the key.
Typically (this depends on the flavor of your sshd) you will get a message specifying which public key is used during the login that you are attempting. This is useful to know if you have many keys and forget which was used for what connection.
Restarting the service:
sudo systemctl restart ssh
Adding a key to the agent:
eval "$(ssh-agent -s)" ssh-add key_file
You can also check which keys are loaded
ssh-add -l
In case of problems while connecting, it may be helpful to check the log on the ssh server machine: /var/log/auth.log.
Gateways such as one operating at BNL and other Labs typically require that your public key would be uploaded and cached on their side in advance. The exact way this can be done is site-dependent. Some sites require to verify the upload by providing the public key's fingerprint. Example of how to get it:
ssh-keygen -E md5 -lf my_public_key_file
If you lost your public key (while still having your private one) you can re-create it:
ssh-keygen -yf my_private_key_file
Once it's done, a connection becomes possible, for example:
ssh username@atlasgw.usatlas.bnl.gov
The '-X' option is needed to enable X11 forwarding in a connection established in this manner.
Tunnels
Using proxies at BNL:
ssh -L 8080:130.199.23.54:3128 yourAccount@your.gateway.bnl.gov
The port 8080 is chosen as an example - it must be a number larger than a certain lower limit to satisfy a security policy. On your local machine, you would need to specify a proxy which looks like this:
localhost:8080
Another example when going from one Linux box to another:
ssh -L 8000:localhost:8000 myRemoteHost
The above gives you access to the remote port 8000 on the local machine via localhost:8000. For example, this works for accessing a machine on the internal CERN netword via http:
ssh -L 8008:neutdqm.cern.ch:8008 user@lxplus015.cern.ch
If there is a need to access a HTTPS site, port number 443 needs to be forwarded. Forwarding to low-numbered ports (e.g. forwarding 443 remote to 443 local) will require sudo or root on most systems.
If there is a certificate issue it needs to be resolved either in the browser, or, if wget is used, by applying the --no-check-certificate option.
Password Automation
There are a few cases when key-based auth is not suitable and one has to use passwords with ssh. To automate logging in one may choose to install and use the "sshpass" utility, provided the credentials you supply are not stored in the open. To force the password authentication method instead of the public key this option can be used:
-o PubkeyAuthentication=no
Windows clients
Once in a while you may need to use a Windows client to connect to various services via ssh. In Windows 10 there is a variation of steps to get the ssh client(s) operational depending on the software release. The more recent updates (as of Spring 2019) have OpenSSH installed under Windows\System32\OpenSSH, with the usual complement of tools.
telnet
While using ssh is in general preferable for many reasons and foremost due to security concerns, sometimes there is a chicken and an egg problem where you need to establish access fast in order to debug ssh on a remote machine. In these cases, and if security is not a concern (rare, but could happen on an entirely internal network), one may opt to use telnet.
On Ubuntu one can install the software necessary to run the telnet service in the following manner:
sudo apt-get install xinetd telnetd
Make sure there is an entry in /etc/services which looks like
telnet 23/tcp
Also, create a file /etc/xinetd.d/telnet with contents similar to this:
service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID HOST log_on_success += PID HOST EXIT log_type = FILE /var/log/xinetd.log }
...and start the service as follows:
sudo /etc/init.d/xinetd start
pdsh
This is an advanced parallel shell designed for cluster management. It often uses ssh as the underlying protocol although there are other options as well. Configuration is defined by files residing in /etc/pdsh. For example, the file "machines" needs to contain the list of computers to be targeted by pdsh. Optionally, this is also the place for a file that can be sourced for convenience of setup, cf
# setup pdsh for cluster users export PDSH_RCMD_TYPE='ssh' export WCOLL='/etc/pdsh/machines'
This of course can be done from the command line anyway, cf
export PDSH_RCMD_TYPE=ssh
Using ssh as the underlying protocol for pdsh implies that you have set up private and public keys just like you normally would for ordinary ssh login. Once this is done, you should be able to do something like this as a basic test of your setup:
pdsh -w targetHost "ls"
If the targetHost is omitted, the command will be run against all machines listed in the "machines" file as explained above. Should a command fail on a particular machine, this will be indicated (with an error code) in the output of the command, with the name of the machine listed. Redirection of stderr with something like "2>/dev/null" included with the command you run won't work with pdsh.
Example of installation on CentOS:
yum install pdsh
curl
To post a form:
curl -X POST -F 'username=minime' -F 'password=something' http://blah.com curl -X POST -F 'username=minime' -H "Content-Type: application/x-www-form-urlencoded" http://blah.com
Miscellania
Linux Version and Distribution
cat /etc/os-release lsb_release -a hostnamectl # Linux kernel version: uname -r
This seems to work reliably:
cat /proc/version
Also,
cat /etc/*release # or cat /etc/issue* # or cat /proc/version
Linux User Management
https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-centos-quickstart
adduser username passwd username
Use the usermod command to add the user to the wheel group.
usermod -aG wheel username
By default, on CentOS, members of the wheel group have sudo privileges.
Network
"nslookup" is a useful network information utility with diverse functionality. One simple function is to translate qualified host names to IP addresses and back.
"sha" headers one may need while installing xrootd can be obtained by running (on Ubuntu):
sudo apt-get install libssl-dev
...or as follows on CentOS
sudo yum install openssl openssl-devel
libssl may be necessary also for installation of pip3 etc.
A few other dependencies of xrootd can be met by installing glib2.0.
In case the network connection becomes stale, on Ubuntu:
sudo service network-manager restart
An extremely useful command (at least on Ubuntu) - lists IPs, DNSs etc:
nmcli device show
To see what process is listening on a given port:
lsof -i :8000
Shell
White space when using "sed":
$ sed -e "s/\s\{3,\}/ /g" inputFile will substitute every sequence of at least 3 whitespaces with two spaces.
Produce a convenient timestamp for various uses:
date -d "today" +"%Y%m%d%H%M"
To get timestamps in history:
HISTTIMEFORMAT="%d/%m/%y %T "
"find"
find . -maxdepth 1 -mmin +400
'mmin' means it accepts minutes, 'mtime' days.
Find and recurcively delete directories modified more than 5 hours ago:
find . -maxdepth 1 -mindepth 1 -mmin +300 -exec rm -fr {} \;
If you don't specify 'mindepth', the current directory will show up in the results and will be deleted in the case presented above.
Find files modified in a particular date:
find . -type f -newermt 2018-04-11 ! -newermt 2018-04-12 -exec ls -l {} \;
Alternatively, this will find files between the two dates & times
touch -t 0810010000 /tmp/t1 touch -t 0810011000 /tmp/t2 find / -newer /tmp/t1 -and -not -newer /tmp/t2
"cksum" - calculates CRC and byte count.
Remove line breaks from a file:
echo $(cat $1)
Redirect stdout to one file and stderr to another file:
command > out 2>error
Redirect stderr to stdout (&1), and then redirect stdout to a file:
command >out 2>&1
Redirect both to a file:
command &> out
Find the name of the file, minus the complete path:
f=$(basename /home/maxim/JOB.html) echo $f
SUDO
To change the password prompt timeout for sudo, you will need to run the command sudo visudo (which is the way to safely edit the sudoers file) and modify the following line by adding the timeout clause set to the desired number of minutes:
Defaults env_reset, timestamp_timeout=XX
Crontab
- minute (from 0 to 59)
- hour (from 0 to 23)
- day of month (from 1 to 31)
- month (from 1 to 12)
- day of week (from 0 to 6) (0=Sunday)
crontab -r # clear out your crontab crontab -l # list your crontab
Checksum
xrdadler32
CVMFS
https://cernvm.cern.ch/portal/filesystem/downloads
sudo apt-get install cvmfs cvmfs-config-default https://cernvm.cern.ch/portal/filesystem/quickstart
Encrypt a directory
tar cz myDir/ | mcrypt -k myPassword > myDir.z.nc
Version Control (git)
Starting out
Notify git of your identity and ID:
git config --global user.email "yourname@yoursite.yourdomain" git config --global user.name yourID
Pick a better editor for commit messages:
git config --global core.editor "nano"
To avoid entering git userID and password:
git config --global credential.helper 'cache --timeout 7200'
To address the usual "^M" problem when switching between Linux and Windows environments
$ git config --global core.autocrlf true # Remove everything from the index $ git rm --cached -r . # Re-add all the deleted files to the index # You should get lots of messages like: "warning: CRLF will be replaced by LF in <file>." $ git diff --cached --name-only -z | xargs -0 git add # Commit $ git commit -m "Fix CRLF"
(Also see https://stackoverflow.com/questions/1889559/git-diff-to-ignore-m)
Restoring Files
First, see this link:
https://stackoverflow.com/questions/953481/find-and-restore-a-deleted-file-in-a-git-repository
A recipe that may work well:
git log --diff-filter=D --summary # finds deleted files git checkout $commit~1 filename # where "$commit" stands for the actual commit name (a long string)
In the above, it's best to operate from the top level directory of the project and use path relative to that. Also, you may want to "git add" the restored files and commit them to make it permanent.
If you want to get a specific previous revision of a file, just capture the stdout of the following command:
git show $REV:$FILE
...and rename the output as you see fit.
Undoing a commit
See:
https://sethrobertson.github.io/GitFixUm/fixup.html
If you want to reverse your latest commit to the HEAD:
git reset --hard HEAD
To remove two or one last commits:
git reset --hard HEAD~2 git reset --hard HEAD~1
gitHub quirks
Sometimes a cloned repo will end up in a state where you can't push local content. Things you might want to try this:
git remote set-url origin https://myNameOnGithub@github.com/DUNE/dqmconfig.git
And in case it was not annoying enough, if you see something like "can't open display" this may help:
unset SSH_ASKPASS
Empty Commit
When you need to trigger an action on GitHub or in other similar situation the following "empty commit" can be used (and then pushed):
git commit -m 'rebuild pages' --allow-empty
LaTeX
One can choose to install all of tex packages or just a few:
apt install texlive texlive-humanities texlive-science
To see what is installed
dpkg -l
The little two-leter code at the front of each line says the status of the package. "ii" means installed and "rc" means removed but with config files still around ("dpkg --purge" or "apt-get remove --purge" gets rid of the "rc" but they are just harmless cruft).
Setting the environment for HTCondor
It is often desirable to dynamically modify the content of the condor submit file (typically having the JDL extension). While it does not appear possible to access the shell environment variables within the submit file directly, a similar effect can be obtained by setting the internal HTCondor parameters on the command line, cf:
condor_submit A=100 foo.jdl
Then, one can access the value of "A" within the JDL file as $(A).
To find a number of idle jobs:
/usr/bin/condor_q 2>&1| tail -1 | cut -d' ' -f 7