HOWTO: IBM DB2, ODBC, and Linux (*nix) configuration

The DB2 ODBC driver works like anything else IBM. Nonstandard to the rest of the universe. How to set up ODBC:

Unix admin needs to do:
Retrieve the config file locations:

$ odbcinst -j
unixODBC 2.2.14
DRIVERS............: /etc/odbcinst.ini
SYSTEM DATA SOURCES: /etc/odbc.ini
FILE DATA SOURCES..: /etc/ODBCDataSources
USER DATA SOURCES..: /home/jason/.odbc.ini
SQLULEN Size.......: 8
SQLLEN Size........: 8
SQLSETPOSIROW Size.: 8

Add/update the following lines in the /etc/odbcinst.ini file (or wherever the file is as reported by odbcinst -j):

[DB2]
Description = DB2 Driver
Driver = /opt/ibm/db2/db2_v9.7/lib64/libdb2o.so
fileusage=1
dontdlclose=1

The driver line should point to the full path of libdb2o.so (any *nix but aix) or libdb2o.a (aix).

DBAs need to:
Add/update the following lines to the ${IBM_DB_DIR}/sqllib/cfg/db2cli.ini file for each database that uses odbc:

[MYDB2DB]
Database=MYDB2DB
Protcol=TCPIP
Hostname=mydbhost
ServiceName=67033

Add/update the following lines in the ${HOME}/.odbc.ini file:

[MYDB2DB]
Driver=DB2

Make sure we’re using the unixODBC isql:

$ /usr/bin/isql --version
unixODBC 2.2.14

Validate using unixodbc “isql”:

$ /usr/bin/isql -v MYDB2DB testuser test_password
+---------------------------------------+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| quit                                  |
|                                       |
+---------------------------------------+
SQL>

The DSN for the entry is simply “dbi:ODBC:MYDB2DB” if you’re using Perl. Later versions of the db2 client allow you to specify the connect options in the DSN like so:

my $odbc_connect_str = "dbi:ODBC:"
               . "DRIVER=/opt/ibm/db2_v10.5/lib64/libdb2o.so;
               . "Protocol=tcpip;"
               . "Hostname=mydbhost;"
               . "Port=67033;"
               . "DATABASE=MYDB2DB";
Share Button

Apple OSX 10.2 on Linux using the PowerPC CPU emulator Pear

I was able to get OS X 10.2 (PowerPC) running in Pear (PowerPC emulator for Windows and Linux) on Kubuntu 16.10 🙂

I need to set up the tun0 interface in order to get networking (internet) working.

PearPC Linux host setup
vde_tunctl — create and manage persistent TUN/TAP interfaces

Why? Because I can

Share Button

SOLVED: SSH and Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)

OpenSSHI ran across the error “Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).” while ssh’ing to another server today:

$ ssh myhost
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

Usually this means that the permissions of ~/.ssh, ~/.ssh/authorized_keys or your home directory on the other box isn’t setup right The permissions should look like so:

  1. -rwx——. /home/jason
  2. -rwx——. /home/jason/.ssh
  3. -rw——-. /home/jason/.authorized_keys

You would fix with:

$ chmod 0700 ~
$ chmod 0700 ~/.ssh
$ chmod 0600 ~/.ssh/authorized_keys

In my case, the permissions were correct. I ran the ssh command with extra verbose (-v -v)

$ ssh -v -v myhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/jason/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 62: Deprecated option "RhostsAuthentication"
debug2: ssh_connect: needpriv 0
debug1: Connecting to myhost [192.168.12.6] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/jason/.ssh/id_rsa type 1
debug1: identity file /home/jason/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/jason/.ssh/id_dsa type 2
debug1: identity file /home/jason/.ssh/id_dsa-cert type -1
debug1: identity file /home/jason/.ssh/id_ecdsa type -1
debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 154/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Warning: Permanently added 'myhost,192.168.1.66' (RSA) to the list of known hosts.
debug2: bits set: 525/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/jason/.ssh/id_rsa (0x7ff594d8ecb0)
debug2: key: /home/jason/.ssh/id_dsa (0x7ff594d90550)
debug2: key: /home/jason/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).

I didn’t see a reason why I wasn’t getting a password prompt but I do see it reading my ssh_config file. A real quick override of the ssh_config showed me that my ssh_config was the culprit:

$ ssh -F /dev/null myhost
jason@myhost's password:

So what is in my ~/.ssh/config file?

ServerAliveInterval 240
BatchMode yes
TCPKeepAlive = yes

Neither ServerAliveInterval or TCPKeepAlive have anything to do with authentication but BatchMode does. From the ssh_config man page:

BatchMode

The argument must be yes or no. If set to yes, passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where you have no user to supply the password.

So, if my public ssh key is not in the ~/.ssh/authorized_keys, the connection will fail with a permission denied. Let’s verify but removing BatchMode from the ~/.ssh/config file:

ServerAliveInterval 240
TCPKeepAlive = yes
$ ssh -F /dev/null myhost
___$

Success 🙂

Share Button

Getting Flickr::API to work on Ubuntu Linux SOLVED

In order to use the Flickr::API example by Gabor Szabo, I needed to create a LWP object specifying the path to the system certificates when creating the Flickr::API object.

Works:

my $flickr_api = Flickr::API->new( {
    key       => $key,
    # secret  => $secret,
    unicode   => 1,
    lwpobj    => LWP::UserAgent->new(
        ssl_opts => { 
            SSL_ca_path => '/etc/ssl/certs',
        },
    ),
}); 

Doesn’t work Perl(reports a 500 error with “Can’t connect to api.flickr.com:443 (certificate verify failed)” ) :

my $flickr_api = Flickr::API->new( {
    key       => $key,
    # secret  => $secret,
    unicode   => 1,
    ssl_opts  => { 
        SSL_ca_path       => '/etc/ssl/certs',
    },
});

You could use Mozilla::CA as brian d foy suggests but the bundled file is from 2014. Personally, I’ll use the certificate files from the OpenSSL project. 🙂

Share Button

HOWTO: Enable 3D Acceleration in VMWare Player/Workstation in Ubuntu Linux 15.04 with Intel Graphics SOLVED

When youVMware start a virtual machine using VMWare Workstation or Player and receive a warning saying 3D Acceleration is not available, you can easily enable it. All you need to do is add a single line to the .vmx file (e.g. “Fedora Linux.vmx”):

mks.gl.allowBlacklistedDrivers = "TRUE"
Share Button

Creating an ebook (epub) using Quickly on Ubuntu Linux

I ran across Mike Hingley‘s video on Youtube and had to share 🙂

Share Button

Linux & selinux: xauth timeout in locking authority file .Xauthority SOLVED

Error:

Last login: Tue Jan 20 14:17:19 2015 
/usr/bin/xauth:  timeout in locking authority file /home/jason/.Xauthority

Attempting to manually generate a new .Xauthority file results in the same error:

$ xauth generate :0 .trusted
xauth:  timeout in locking authority file /home/jason/.Xauthority

If the SELinux configuration is set to enforcing then we need to make sure the home directories are set in the correct context:

[root@localhost selinux]# egrep -e '^SELINUX=' /etc/selinux/config
SELINUX=enforcing

Taking a look at the SELinux settings for the home directories (use Z with the ls command):

[root@localhost ~]# ls -aslZ /home/
total 36
drwxr-xr-x. root    root    system_u:object_r:home_root_t:s0 .
drwxr-xr-x. root    root    system_u:object_r:root_t:s0      ..
drwx------. 55 unconfined_u:object_r:home_root_t:s0 jason users   4096 Jan 20 14:22 jason

The context for my home directory (jason) should be unconfined_u:object_r:user_home_dir_t:s0 and not unconfined_u:object_r:home_root_t:s0 as it is a home directory and not part of the root file system per se.

The easiest thing to do is just reset (restore) the context using restorecon as root

[root@localhost ~]# restorecon /home/jason

Verify that the context was changed:

[root@locahost ~]# ls -aslZ /home/
total 36
drwxr-xr-x. root    root    system_u:object_r:home_root_t:s0 .
drwxr-xr-x. root    root    system_u:object_r:root_t:s0      ..
drwx------. jason users   unconfined_u:object_r:user_home_dir_t:s0 jason

Verify fix:
Verify with a new ssh connection (with X11 Forwarding enabled):

Last login: Tue Jan 20 14:19:15 2015 
/usr/bin/xauth:  creating new authority file /home/jason/.Xauthority
$ xeyes

Capture

Share Button

HOWTO: stty: tcgetattr: Not a typewriter Shell scripting SOLVED

If you connect to a remote system or run a script through a cron like scheduler, you may encounter an error message from the stty or some such program:

stty: tcgetattr: Not a typewriter

The error is raised because your script is being run in a non-interactive mode and the stty program is expecting to have access to a terminal (ptty / tty). If your script isn’t explicitly calling stty, check any scripts that you’re sourcing and you will find code similar to the following:

set -o vi
stty erase ^H

So, how do you work around this? Easily, simply check if the script is running in interactive mode.

if [[ $- = *i* ]]; then
    set -o vi
    stty erase ^H
fi

The shell special variable $- will list the shell modes that are active.

echo $-
ism
Share Button

HOWTO: Find the real and effective users in AIX & Linux when you’re sudo / su’d to another

Retrieving the user that you logged in as while running sudo or su’d into another user can be painful if you don’t have access to root. Here’s a short script that will retrieve the original user that was your session logged in as.

#!/bin/ksh93

OS_NAME=$( uname -s )

if [[ $OS_NAME == "AIX" ]]; then
    typeset var TTY
    REAL_USER=$( TTY=$(tty | sed 's:/dev/::' ) ; ps -t "$TTY" -o ruser=,etime= |sort -r -k2,2 | awk '{ print $1 } ' |head -1 )
elif [[ $OS_NAME = "Linux" ]]; then
    REAL_USER=$( ps T --sort start_time --no-heading -o ruser |head -1 )
else
    echo "ERROR: Requires Linux or AIX"
    exit 1
fi

EFFECTIVE_USER=$( whoami )

echo "I am \"$EFFECTIVE_USER\" but really \"$REAL_USER\""
ssh mybox
..
> sudo su - sybase

AIX Output:

 ./realme.ksh
I am "sybase" but really "jason"

Linux Output:

 ./realme.ksh
I am "sybase" but really "jason"
Share Button

SAP Sybase IQ SA CR 728597 / Linux Kernel direct i/o bug & huge pages

Last year, April -> October, I asked the question about IQ supporting Huge Pages on Linux. It was mentioned that under SA CR 728597 and Red Hat Bug 891857 that there was a bug in the Linux kernel handling of direct I/O while using transparent huge memory pages (a variant of Linux Huge memory pages).

CR 728597:
This problem is related to a possible bug in the transparent huge pages (THP) feature introduced in these operating system versions. Red Hat bug 891857 has been created to track this issue.

The problem can be triggered by calling an external environment, xp_cmdshell, or other procedure that causes a fork while other I/O is occurring. A known limitation with the Linux kernel limits the use of fork while doing O_DIRECT I/O operations. Essentially what can happen is that the data can come from or go to the wrong process’ memory after the fork. SQL Anywhere performs O_DIRECT I/O operations according to the documented safe usage. However, THP appears to cause further problems and the O_DIRECT I/O data comprising database page reads/writes appears to get lost.

http://scn.sap.com/thread/3338917 and http://froebe.net/blog/2013/06/17/does-anyone-have-any-details-on-redhat-linux-bug-891857/

Does anyone know the status of this ongoing FIVE year old issue?

http://scn.sap.com/thread/3505418

Share Button