How to Enable Query Logging in MySQL/MariaDB

For example, you manage a high traffic website, that utilizes an abstraction layer like an ORM to manage MySQL queries. Now, as a DevOps/System Admin, it becomes difficult for you to get a stat of which MySQL query being overused in the scenario. For these cases, one way, you may get some idea on what being overused, is called ‘MySQL General Logs’. Remember, it is very much different than the MySQL Slow Query Logging. It is not essential to have a slow query in the system to determine if your mysql is boggling. It is very much possible, there are queries, that take very small amount of time, but starves your CPU by executing many times and performs the same operation. Once you are able to identify them, you may utilize any Hashmap based caching strategy like Memcache or Redis or Simple file cache to reduce your load down on MySQL instance or cluster.

First, we create a query logging file and set the right permission:

touch /var/log/mysql_query.log
chown mysql:mysql /var/log/mysql_query.log

Once the file creation is done, now we can enable general log either by using mysql shell, if you would like to avoid restarting your mysql instance or in my.cnf file to keep the change permanent. A point to note, you should not do query logging all the time, as it decreases MySQL performance by 15-25%, which might hurt your overall production performance, plus the size of log will cumulatively increase if you have a server that performs over a thousand or more queries per second.

# Type in your shell prompt
mysql

# this will open your mysql shell, you may run mysql commands as below:

mysql > SET global general_log = 1;
mysql > SET global log_output = '/var/log/mysql_query.log';

This should immediately advise mysql to push the logs to /var/log/mysql_query.log.

Now, if you observe the file, you may see the queries are coming up so quickly that you may hardly find anything out from it. The file has no output until you aggregate the result. If you have a large file, a better way to aggregate result by using Lotstash and Elasticsearch. We won’t do that here, that would be a topic for another blog post. We would instead use, some basic shell aggregation to see if we can determine anything useful from this. You may use the following tool, that list the last 10000 lines, then sort, and group the unique lines with the count and order by ascending to put the most frequent query at the end of the line:

tail -10000 /var/log/mysql_query.log | sort | uniq -c | sort -n

This will help you by giving the top most used query in last 10K queries. If the number is more than 5%, you need to pay attention to that. If it is the same query, that means, you may use a Hashmap based caching technique to reduce database boggling and improve performance.

Hope this helps.

How to reset root password in CentOS 7

Resetting admin password in CentOS 7 is different than of CentOS 6, as CentOS 7 utilized Grub 2 and has a different procedure to access Single User Mode. First, boot your system in Single User Mode to reset the root password by following the below tutorial:

Once done, now, you may first chroot the system:

chroot /sysroot

Now, you may reset the password using the following:

passwd root

You should be done. If you are using SELinux, then you need to relabel accordingly:

touch /.autorelabel

Then, exit chroot and reboot the system:

exit && reboot

You should be done now.

How to boot CentOS 7 in Single User Mode

Booting CentOS 7 in single user mode is total different than of CentOS 6 as it uses a different version of Grub. We will go step by step to boot into single user mode in CentOS 7.

  1. First, boot the screen and press an arrow key while the timer comes on this screen to stop the timer

    CentOS 7 Boot Screen

  2. Press ‘e’ on the selected default CentOS version. That will take you to the following screen

    CentOS 7 Boot Edit Screen

  3. These are grub commands that the bootloader is using to boot you to the system. Arrow down in this window to the line, that starts with linux16. Now take the right arrow on the keyboard to take your cursor to the word that says ‘ro’ as shown in the image

    Linux16 Command Boot

  4. Now replace ro with rw init=/sysroot/bin/sh as shown below

    CentOS 7 Boot Sysroot

  5. Now press Ctrl + x to start Single User Mode

    Boot in Single User Mode CentOS 7

You should be done now, you are on the single user mode console. If you would like to use the main system, you may chroot as the following:

chroot /sysroot

Now, if you are trying to reset the root password, after booting into the single user mode, you may follow the following to reset the root password:

How To Get Disk Serial Number in Megaraid

Question:

We can use smartctl to get the disk serial ID in case of disk replacement or crashes, with the following:

smartctl -a /dev/sdX

Where X is the device identifier like, for the first disk, this would be sda, second sdb etc. But in case the devices are behind the RAID, this command returns an error:

[[email protected] ~]# smartctl -a /dev/sda
smartctl 7.0 2018-12-30 r4883 [x86_64-linux-3.10.0-1127.el7.x86_64] (local build)
Copyright (C) 2002-18, Bruce Allen, Christian Franke, www.smartmontools.org

Smartctl open device: /dev/sda failed: DELL or MegaRaid controller, please try adding '-d megaraid,N'

How to make this work?

Answer:

To get the serial numbers behind the LSI MegaRAID, you would first need to find out the device ID using LSI Megaraid tools. A quick way to install LSI Megaraid tool is available here:

How to: Install LSI Command Line Tool

One you have installed the LSI Megaraid command line tools, now you may use the following command to identify your device:

/opt/MegaRAID/MegaCli/MegaCli64 -PDList -aAll | egrep 'Slot\ Number|Device\ Id|Inquiry\ Data|Raw|Firmware\ state' | sed 's/Slot/\nSlot/g'

This would output something like the following:

Slot Number: 1
Device Id: 11
Raw Size: 447.130 GB [0x37e436b0 Sectors]
Firmware state: Online, Spun Up
Inquiry Data: 50026B72822A7D3A    KINGSTON SEDC500R480G                   SCEKJ2.3

In this server, it has one disk, but you may have multiple disk with different ‘Firemware state’ and ‘Device Id’. To use smartmontools, you need to pick the ‘Device Id’, mentioned here, which is 11. Now you can run the following command to get the device details using smartctl:

smartctl -d megaraid,N -a /dev/sdX

Here, N is the device ID, and X is the device name, you may get the device name using df -h command or fdisk -l. For our case, this command would be like the following:

smartctl -d megaraid,11 -a /dev/sda

This would print a lot of information about your device, but if you are looking to identify the Serial Number only, you may run the following:

~ smartctl -d megaraid,11 -a /dev/sda|grep Serial
Serial Number:    50026B72822A7D3A

One thing to note, we can also get Serial number from the MegaCli tools Inquiry data, you may have already noticed:

[[email protected] ~]# /opt/MegaRAID/MegaCli/MegaCli64 -PDList -aAll | grep 'Inquiry Data'
Inquiry Data: 50026B72822A7D3A    KINGSTON SEDC500R480G                   SCEKJ2.3

Here, the first parameter in the return is the same as smartctl returns as Serial number, it’s because it’s the serial number that megacli gets/identifies as well.

How to Access Redis over TLS/SSL

If you are trying to purchase Managed Redis Database, from companies like digitalocean, then, you would get access to those Redis servers, only over TLS/SSL support. Unfortunately, by default redis-cli does not ship with TLS support, hence, you need to either use Tunnel to access redis instance through redis-cli or use different tool for your purpose.

Access Your Redis Instance using Python

If you are developing your application using python, and using a managed redis database, then, you would have to make the redis connection over TLS/SSL. This can be done by setting the ‘SSL’ to True, in the Redis constructor. Here is an example:

import redis

r = redis.Redis(host='db-redis-sfo2-89862-do-user-4233327-0.b.db.ondigitalocean.com', port=25061, password='abcdhjnmjtxeupp', decode_responses=True, ssl=True)

As you can see, I have set the ssl to True at the end, to set the connection over TLS/SSL.

Access Your Redis from Command Line using Redli

If you want to have access to your redis instance through a command line tool, then using redli is my first line choice. Configuring stunnel with redis-cli is also possible, but it would be another topic of discussion here.

Let’s see, how can we install redli:

Redli is a tool developed by IBM with TLS/SSL support. It is written in Golang. You may download a version for Linux from the IBMCloud Github repo and start using it:

~ wget https://github.com/IBM-Cloud/redli/releases/download/v0.4.4/redli_0.4.4_linux_amd64.tar.gz
~ tar -xvzf redli_0.4.4_linux_amd64.tar.gz
~ cp redli /usr/bin/
~ chmod +x /usr/bin/redli

Now, you may use redli to connect to your Redis database with TLS enabled as following:

redli --tls -h db-redis-sfo2-89862-do-user-4233327-0.b.db.ondigitalocean.com -p 25061 -a abcdhjnmjtxeupp

See how ‘–tls’ is enabled to access redis over TLS here. Hope this helps.

How to Uninstall Let’s Encrypt from Cpanel / WHM

To uninstall the Cpanel / WHM plugin for Let’s Encrypt, login to your SSH for root and run the following:

/usr/local/cpanel/scripts/uninstall_lets_encrypt_autossl_provider

It might take sometime, once completed, it should remove let’s encrypt as a provider from your AutoSSL plugin.

How to Install Let’s Encrypt in Cpanel

Let’s Encrypt is a popular tool to use free SSL for your website. Cpanel comes with Sectigo free ssl service through requesting and pooling system. Although, you might feel interested in getting the SSL released immediately without a queue based approach, and would prefer to use Let’s Encrypt that’s why.

There are two ways, you may install Let’s Encrypt in Cpanel.

  1. Using Cpanel Plugin

First one would be using the plugin created by Cpanel. Login to your server as root:

ssh [email protected]_ip

Then, run the following to install Let’s Encrypt in your cpanel system

/usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider

It might take a couple of minutes, then it should install Let’s Encrypt as a provider in AutoSSL.

Now, go to WHM >> Manage AutoSSL and select Let’s Encrypt as the provider instead of Sectigo Cpanel default. You need to check the Agreement rules under the Let’s Encrypt selection and you may create the account in Let’s Encrypt using the same tool.

Once done, your new SSLs would be issued using the Let’s Encrypt tool through Cpanel AutoSSL plugin.

2. Using FleetSSL

There is a 3rd party tool, existed before Cpanel provided a plugin for Let’s Encrypt. It’s FleetSSL. One key benefit of using FleetSSL is that, it allows the Cpanel end users to control issuing and renewing the SSL from Cpanel. One key cons of using FleetSSL is that, it is not free of charge, it comes with 30$ one time fees. But mainly hosting provider would not mind to use this as it is a nice addition for the end user feature set in a hosting provider’s point of view.

You may check for details here:

https://letsencrypt-for-cpanel.com/

Now, once you complete installing Let’s Encrypt SSL, you may now use Let’s Encrypt for different cpanel services like webmail/cpanel/whm/calenders/MTA services. You may check the following to know how to:

dial unix /tmp/padapter.usk: socket: too many open files

Error Definition

There are times, when your application may throw error like the following in Linux:

dial unix /tmp/padapter.usk: socket: too many open files

It could only contain the following, without relating the fast message:

socket: too many open files

How to Fix

This error appears because Linux file system puts a limit of amount of open files you may use at a time. It is calculated based on a variable system set is called ‘file-max’. File System also keeps a variable called ‘file-nr’ to count the number of file you have in usage. To quickly look at your usage, you may run the following:

[[email protected] ~]# cat /proc/sys/fs/file-nr
4512    0       265535

The first number is the amount of file descriptions in use in your linux system. Here the last number is your hard limit and the second number is your soft limit. The hard limit is your file-max. To know your file-max value, you may run the following:

[[email protected] ~]# cat /proc/sys/fs/file-max
265535

As we see, the limit is set to 265535 and the usage is 4512. If the usage goes up for some reason, for example an infinite loop on the cache creation, you may run out of file system open limit and hit the error. To set the value fir file-max, we will take sysctl.conf in consideration.

First open sysctl.conf file with the following:

nano /etc/sysctl.conf

Add the following line and save:

fs.file-max = 524280

This will increase your open file limit to 524280. Now to reflect the change immediately, you need to run the following:

sysctl -p

You should be done now.

How To Find : If two different date ranges intersects

I was making a Odoo module today, it had a requirement to find the products that has offering within two ranges. Each of the product has different range for discounts/offers. It is sort of like the following:

For example, a shampoo discount starts from 01-06-2020 and ends at 20-06-2020, while another product like a soap discount starts from 10-06-2020 and ends at 22-06-2020. Now if I look for discounted credit notes to apply within a range, then we need to provide some time range, that these ranges intersect. For example, if I want to find discounts that were given within 02-06-2020 – 11 – 06 – 2020, then we should get both the discounts available here, as the discounts were still available for a day to the Soap and a few days for Shampoo. That means, we need to find if any of the given two ranges intersects with the ranges we have discounts for.

The easiest way to calculate this, is to check which date is max among the lower boundaries and which date is minimum in the lower boundaries. This should follow that the starting date would be less than or equal to the ending date, but never greater than the ending date. If greater than, then it does not intersect logically. In python, we can do this like the following:

# first we find all the vendor discounts, it has property start_date and end_date
vendor_discounts = self.env['vendor.discount'].search([])

# list to keep the vendor discount instances
vendor_discount_id_in_range = []

# from the form, we get date_from and date_to, where the dates intersect
for vendor_discount in vendor_discounts:
   # here is the logic to find intersects
    if max(self.date_from, vendor_discount.start_date) <= min(self.date_to, vendor_discount.end_date):
        vendor_discount_id_in_range.append(vendor_discount.id)

So, the logic going to be like the following:

if max(input_date_from, start_date_to_match) <= min(input_date_to, end_date_to_match)

How to Enable Logging in Odoo

There are two ways to see the Odoo Logs. One is rough and can be used to see the latest Odoo logs, it’s the Journal tools. You may do this using the following if your Odoo service is installed as odoo13 for example

journalctl -u odoo13

Note: If you are having trouble primarily in installing Odoo properly, you may check the following:

The other way, is the enable logging to a file. This has to be enabled from the odoo.conf file which is located under /etc/ folder. First we open the /etc/odoo.conf file:

nano /etc/odoo.conf

Now, search to see if you have a directive called ‘logfile’. If you don’t, you may add the following to /etc/odoo.conf:

logfile = /var/log/odoo13/odoo.log

If you already have the directive, but commented out, like this:

; logfile = /var/log/odoo13/odoo.log

You may remove the ‘;’ in front of the logfile directive and save the file. Now you may restart your Odoo instance to allow odoo log the information to the file /var/log/odoo13/odoo.log

systemctl restart odoo13

If the restart showing some errors, probably because it is failing to put permission to odoo13 folder. You may try the following:

mkdir /var/log/odoo13
chown -Rf odoo:odoo /var/log/odoo13
systemctl restart odoo13