Workaround: Mac OS X High Sierra 10.13.2 – SSH tries to connect via HTTP proxy

With Mac OS X release 10.13.2 Apple introduced a new bug where OpenSSH will attempt to use any web proxy configured from a DAC file.

As SSH is not HTTP this will typically not work, resulting in connection timeouts or other connection errors.

You are likely to encounter this problem if you are using a VPN solution such as Cisco AnyConnect with a web proxy in the group policy.

Thankfully, netcat (nc) is not affected by the bug, so until Apple comes with a fix you can work around the issue by telling SSH to use netcat as a proxy channel.

This alias will take care of it:

alias ssh="ssh -o ProxyCommand=\"nc %h %p\""

Alternatively you can add the option to your ssh config file, for a more permanent effect:

echo "ProxyCommand nc %h %p" >> ~/.ssh/config



Posted in Mac OS X | Tagged , , , , | Leave a comment

Fast track: Installing Ansible 2.1 stable on Oracle Linux 6.7

Ansible can certainly be installed using prebuilt packages from the EPEL repository, but while convenient, their offering is limited to Ansible 1.9.x – that is to say only versions prior to the major 2.0 release that includes a number of significant improvements, that were seen further polished in 2.1.

You will, more than likely, want to run 2.1.2, the latest stable release, for any production use, or perhaps the penultimate 2.0.1 release, if you are of a slightly more conservative origin.

That being said, I’ve always been told that DBAs like myself are about as conservative as they come, and I surprisingly experience no additional anxiety doing mission critical work with Ansible 2.1.2, which in truth, appear to be a solid release of the project’s most mature code yet. I should say these feelings are in strong contrast to those that come attached with Enterprise Linux 7 and Oracle Database 12c, products which are still years away from prime time in my twisted paradigm of the world.

These few commands should take care of dependencies required to build an RPM, pull Ansible code from their official repository on GitHub and do a checkout of the 2.1 stable release before building an RPM package on and for your system – which you can then install locally on your machine or distribute in your environment as you see fit. On a side note, I like to maintain local/internal repositories with custom built packages and approved updates, which lets me stay in control while keeping yum in position to deal with the tedious bits.

I’m using Oracle Linux 6.7 and have not tested this elsewhere, but the commands and package names should be identical on any 6 or 7 release of Oracle Linux, CentOS or RHEL and you should consequently be able to install without any modifications other than variations to the name of the generated RPM file.

sudo yum -y install git python2-devel rpm-build asciidoc
cd /usr/src ; sudo git clone git:// -b stable-2.1 --recursive
cd ansible ; sudo make rpm

You should now be presented with the name of the ready to install RPM package, you do need to grab said name and customize the final yum command:

Ansible RPM is built:
[roy@kayna ansible]$ sudo yum -y install rpm-build/ansible-
Loaded plugins: fastestmirror, refresh-packagekit, rhnplugin, security, ulninfo
This system is receiving updates from ULN.
Setting up Install Process

In my case I had the Ansible 1.9.4-1 package from EPEL already installed on my system, yum smoothly replaced the existing RPM installation and upgraded to Ansible 2.1.2 without any fuzz.

[roy@kayna ansible]$ ansible --version
 config file = /etc/ansible/ansible.cfg
 configured module search path = Default w/o overrides
Posted in Ansible, CentOS, Enterprise Linux, Oracle Linux, Red Hat Enterprise Linux, Technical | Tagged , , , , | 2 Comments

Adding Oracle Database Appliance to ULN

At some point you may want to register an Oracle Database Appliance with the Oracle Unbreakable Linux Network so you can get a critical security update, without running a complete ODA update bundle.

However, if you happen to be running ODA Virtual Platform (that supports running virtual machines), rather than the bare metal version (that does not) – you may be up for a surprise.

“This system profile has already been registered”

Your ODA appears to already exist on ULN!
But wait, no, there is no sign of it on your account. What is going on here?

At least in the early versions of the ODA software, Oracle forgot to update the UUID for registration on the ODA_BASE image after installation. This means that ALL database appliances (with virtual support, anyway) would try to register with the same UUID.

Well, now that we know what the fuzz is all about, it’s easy enough to fix:

First generate a new UUID

[root@oda1-base ~]# uuidgen -t

Then edit /etc/sysconfig/rhn/up2date-uuid and change the entry for rhnuuid to the freshly generated value

uuid[comment]=Universally Unique ID for this server

All set, just run rhn_register (or up2date-nox –register) and complete the registration.

Posted in ODA, Oracle, Technical | Leave a comment

Make Oracle VM 3.2.x console work on OL6

How to make Oracle VM 3.2.x RAS proxy work on OL6

1) Install Iced Tea
sudo yum install icedtea-web
2) locate
sudo vi /usr/lib/jvm/java-1.7.0-openjdk-
3) comment out the line starting with:

Additional tip:

If the browser can’t connect to Oracle VM Manager due to obsolete protocol stack, use Firefox 44 or newer, and make your way through the obsolete protocol warnings and queries.
Posted in Oracle, Oracle VM | Leave a comment

Fast track: Deploy EM 13c agent on Oracle Linux 6

Key steps to do an initial deploy of the Enterprise Manager 13c agent on Oracle Linux 6

Please note that my fast track posts are intended for lab use only.

  • Install OL6 or deploy VM template from Oracle
  • disable iptables
  • adduser oem
  • Give sudo access with nopasswd – requiretty  must be disabled (visudo)
  • mkdir /opt/agentHome
  • chown oem:oem /opt/agentHome
  • yum install make binutils gcc libaio sysstat glibc-common libstdc++
    • EM will tell you if anything is missing when you push the agent
  • ensure oem host can be reached by it’s default FQDN
  • push agent from EM web console:
    • setup.. add target .. add targets manually
    • enter FQDN of target
    • specify /opt/agentHome as the agent home directory
    • specify credentials for oem user (with sudo root)
Posted in Enterprise Manager, Oracle, Technical | Leave a comment

Workaround for OVMM database restore BUG – OVCA 2.0.2 – OVM3.2.8.x

If you ever have to restore the Oracle Virtual Machine Manager database using the provided, chances are that you will end up with a bunch of corrupted or missing tables in the back-end MySQL database schema. Specifically, all tables with 0 rows will be dysfunctional after successful restore. In turn this prevents management of compute-nodes, virtual machines and other resources.

I don’t know which other versions of OVM might be affected, but the latest 2.0.2 software release for the Virtual Compute Appliance certainly is.

I wrote a workaround that will identify, drop and re-create the corrupted tables. No guarantees, but it did the trick here. Perhaps it can save someone a bit of a headache.



Assorted errors related to missing tables after restoring OVMM database using provided tools.


While trying to stop a VM server:

OVMAPI_6000E Internal Error: Caught during commit: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table ‘ovs.Mgr_ServerStoppingEvent’ doesn’t exist

Affected Versions
Oracle Virtual Compute Appliance Software Release 2.0.2
Oracle VM Manager Software Release 3.2.8.x

Working Theory

All ovs tables with 0 rows are corrupted during restore.

Steps to repdroduce

1. Restore OVMM database using /u01/app/oracle/ovm-manager-3/ovm_shell/tools/

2. Query all tables in ovs schema

3. Look for ERROR 1146


service ovmm stop ; service ovmm_mysql stop


sudo -u oracle /bin/bash /u01/app/oracle/ovm-manager-3/ovm_shell/tools/ AutoFullBackup-20150510_0100


service ovmm_mysql start


This should identify, drop and re-create affected tables:

/usr/bin/mysql -D ovs -b -f -s -u root -pWelcome1 -S /u01/app/oracle/mysql/data/mysqld.sock -e “show tables;” | awk ‘{print “select count(*) from ” $1 “;” }’ | /usr/bin/mysql -D ovs -b -f -s -u root -pWelcome1 -S /u01/app/oracle/mysql/data/mysqld.sock 2>&1 >/dev/null | grep “ERROR 1146″ | awk –field-separator=\’ ‘{print “drop table ” $2 “;\ncreate table ” $2″(m_id bigint,m_data longblob,primary key (m_id));”}’ | /usr/bin/mysql -D ovs -b -f -s -u root -pWelcome1 -S /u01/app/oracle/mysql/data/mysqld.sock


service ovmm start

Posted in Oracle | Leave a comment

Lesson learned: How to kill an Oracle Virtual Compute Appliance

If you’re having a rather dull afternoon at the office, and you happen to have an OVCA as your personal playground, you can always try this little trick to spice up your day: Point your browser to the Oracle VM Manager, look for the the network configuration tab and attempt to make the storage and heartbeat network available to virtual machines. I can virtually promise you that your day will be more interesting. Much more. Almost instantly.

Without spoiling all of the little surprises, I can disclose that you will have some enlightening moments watching the first compute node (typically ovcacn07r1) head for a rapid reboot, just as soon as the cluster watchdog sees that the OCFS2 voting drive is no longer responding. Granted, it may take a few moments for it to notice, but I can assure you that it’s worth waiting for. You see, it will leave behind an inconsistent Oracle VM Pool, which in turn will trigger dozens of interesting events.

If and when you manage to start any of the lost guest machines, the fun increases as you can watch the pool balancer continuously migrating machines from one compute node to the next. Personally I found this last bit absolutely fascinating. For an additional kick, try having an open ssh session to one such machine.

I will leave the rest for you to figure out. Tons of fun!

Now, if on the other hand, you have an OVCA running, say, a production workload, I strongly suggest you keep your VMs very much isolated from the network.

Well, unless you are you are really, really, really bored and you, preferably, get paid by the hour.

Posted in General, Oracle | Leave a comment

Remove password and watermark from pdf on Ubuntu 14

For this recipe we need ghostscript which is/should be installed by default, as well as pdftk and xpdf-utils:

apt-get install pdftk
sudo apt-get install xpdf-utils

If the PDF is encrypted with a password, remove it using xpdf-utils and ghostscript:

pdftops -upw PASSWORD encrypted.pdf
ps2pdf plaintext.pdf

Now remove the watermark with sed and repair it with pdftk, assuming the file name is plaintext.pdf

sed -e "s/THISISTHEWATERMARK/ /g" <plaintext.pdf >nowatermark.pdf && pdftk nowatermark.pdf output repaired.pdf && mv repaired.pdf nowatermark.pdf

Resulting in the final nowatermark.pdf without encryption or watermark

Posted in Technical, Ubuntu | Tagged , , , | 1 Comment

Fast Track: ElasticSearch on CentOS 6.x on DigitalOcean VPS

yum install wget
cd /opt
wget --no-cookies --no-check-certificate --header "Cookie:; oraclelicense=accept-securebackup-cookie" ""
tar xzf jdk-7u67-linux-x64.tar.gz
cd jdk1.7.0_67/
alternatives --install /usr/bin/java java /opt/jdk1.7.0_67/bin/java 2
alternatives --config java
alternatives --install /usr/bin/jar jar /opt/jdk1.7.0_67/bin/jar 2
alternatives --install /usr/bin/javac javac /opt/jdk1.7.0_67/bin/javac 2
alternatives --set jar /opt/jdk1.7.0_67/bin/jar
alternatives --set javac /opt/jdk1.7.0_67/bin/javac
rpm --import
vi /etc/yum.repos.d/elasticsearch.repo
name=Elasticsearch repository for 1.3.x packages
yum install elastic search
/sbin/chkconfig --add elastic search
service elastic search start
cd /usr/share/elasticsearch/bin/plugin -install polyfractal/elasticsearch-inquisitor
Posted in CentOS, ElasticSearch, Technical | Tagged , , , | Leave a comment

Installing MediaWiki 1.20.2 with Oracle 11g Express Edition

I encountered and worked around a couple of issues when installing MediaWiki 1.20.2 with Oracle 11g Express Edition as the database back-end. The solutions below can be also applied to MediaWiki 1.20.0 and 1.20.1.

I did the installation on top of Zend Server Community Edition, saving me the trouble of tinkering too much with apache, php and oracle drivers.

First out, the web installer did not accept the new Easy Connect string format, even though the help text encouraged such use. The Zend Server environment doesn’t play well with TNS based connect strings these days, so I worked around this by commenting out the validation code on line 90 and 91 includes/installer/OracleInstaller.php:

[roy@lonora02 installer]# diff OracleInstaller.php.orig OracleInstaller.php
< } elseif ( !preg_match( '/^[a-zA-Z0-9_\.]+$/', $newValues['wgDBserver'] ) ) {
< $status->fatal( 'config-invalid-db-server-oracle', $newValues['wgDBserver'] );
> // } elseif ( !preg_match( '/^[a-zA-Z0-9_\.]+$/', $newValues['wgDBserver'] ) ) {
> // $status->fatal( 'config-invalid-db-server-oracle', $newValues['wgDBserver'] );

The installer now accepted localhost/XE:POOLED quite nicely for my Oracle 11g XE database with Database Resident Connection Pooling (DRCP) enabled.

After a couple of attempts, I found that the installer failed to create a database user, so I created a user manually, I suppose this is a good practice in any event, based on maintenance/oracle/user.sql

[oracle@lonora02 ~]$ sqlplus "/as sysdba"

create user wikiuser identified by SECRET default tablespace users temporary tablespace temp quota unlimited on users;

grant connect,resource to wikiuser;

grant alter session to wikiuser;

grant ctxapp to wikiuser;

grant execute on ctx_ddl to wikiuser;

grant create view, create synonym, create table, create sequence, create trigger to wikiuser;

After installation successfuly completed, I found a bug that was introduced in MediaWiki 1.20.0, where an array would incorrectly translate to a variable thus breaking a lot of SQL queries and making the wiki all but unusable. Luckily, I was able to borrow an existing workaround from the Postgres database script and modified includes/db/DatabaseOracle.php to implode the array to a comma separated list before passing it on to the variable. I found that this problem occurred two places, around line 1165 and 1168.

[roy@lonora02 db]# diff DatabaseOracle.php DatabaseOracle.php.orig
< $ob = is_array( $options['GROUP BY'] )
< ? implode( ',', $options['GROUP BY'] )
< : $options['GROUP BY'];
< $preLimitTail .= " GROUP BY {$ob}";
> $preLimitTail .= " GROUP BY {$options['GROUP BY']}";
< $ob = is_array( $options['ORDER BY'] )
< ? implode( ',', $options['ORDER BY'] )
< : $options['ORDER BY'];
< $preLimitTail .= " ORDER BY {$ob}";
> $preLimitTail .= " ORDER BY {$options['ORDER BY']}";

I really think it’s great that the MediaWiki team has taken the time to support Oracle database, not too many open source products like this do. The bugs I found have been reported and hopefully these issues will be all fixed by the next stable release.

Posted in Oracle, PHP, Technical | 1 Comment