Monday, July 21, 2014

encrypting/decrypting files using gpg

Typically you should never transmit any SSH keys over the network or emails. However, in some cases, you may need to encrypt them and move them into a vault or software. In such cases, you could use GnuPG package.

Encrypt:-

$tar cvz keys.tar.gz *.pem | gpg -c -o keys.tar.gz.gpg
tar: keys.tar.gz: Cannot stat: No such file or directory
test.pem
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
Enter passphrase: tar: Exiting with failure status due to previous errors

Decrypt:-

$gpg -d keys.tar.gz.gpg | tar xvz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
test.pem

Tuesday, July 15, 2014

Purging MySQL active DB connections

In some cases when you are trying to truncate a table, there could be active DB connections that could prevent the query from executing quickly. In order to purge the active DB connections. Here is an example from Percona folks

mysql> select concat('KILL ',id,';') from information_schema.processlist where user='root';
+------------------------+
| concat('KILL ',id,';') |
+------------------------+
| KILL 3101;             |
| KILL 2946;             |
+------------------------+
2 rows in set (0.00 sec)
mysql> select concat('KILL ',id,';') from information_schema.processlist where user='root' into outfile '/tmp/a.txt';
Query OK, 2 rows affected (0.00 sec)
mysql> source /tmp/a.txt;
Query OK, 0 rows affected (0.00 sec)

Monday, July 14, 2014

Openjdk bug that results in NullPointerException when taking a dump from jmap utility

When taking a heap dump using jmap utility, you might see a NPE thrown such as below:-

$jmap -dump:format=b,file=/tmp/dump <pid>
Debugger attached successfully.
Server compiler detected.
JVM version is 24.51-b03
Dumping heap to /tmp/asgportaldump ...
Exception in thread "main" java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at sun.tools.jmap.JMap.runTool(JMap.java:197)
        at sun.tools.jmap.JMap.main(JMap.java:128)
Caused by: java.lang.NullPointerException
        at sun.jvm.hotspot.utilities.HeapHprofBinWriter.writeSymbolID(HeapHprofBinWriter.java:905)
        at sun.jvm.hotspot.utilities.HeapHprofBinWriter.writeFieldDescriptors(HeapHprofBinWriter.java:743)
        at sun.jvm.hotspot.utilities.HeapHprofBinWriter.writeClassDumpRecord(HeapHprofBinWriter.java:508)
        at sun.jvm.hotspot.utilities.HeapHprofBinWriter.access$000(HeapHprofBinWriter.java:297)
        at sun.jvm.hotspot.utilities.HeapHprofBinWriter$1.visit(HeapHprofBinWriter.java:446)
        at sun.jvm.hotspot.memory.SystemDictionary$2.visit(SystemDictionary.java:179)

Openjdk defect id - JDK-8023105

Wednesday, July 9, 2014

Ingress rules on multi-AZ RDS security group needs RDS instance restart to take effect

When we add a new ingress rule to the security group to which a running RDS instance belongs, then it would need an instance restart to take effect. In case of MySQL RDS instance, you will see an error on mysql client

>mysql -h <rds instance url> -u <userid> -p
ERROR 2003 (HY000): Can't connect to MySQL server on '<rds instance>' (10060)

After restarting the instance, you will see that inbound connections from the EIP address that you have allowed will start working.