shutdown system saftly glassfish and apache - apache

I have two server glassfish and apache, when maintaining the sysytem i want to make sur that i have no connecting client, or stop receiving new clients and wait for the current clients until they finish theire tasks then shutdown the system. how can i do this from linux servers ?
I used netstat -nap | grep :80 but since i have actife connection between glassfish and apache i dont know how to determine the exact number of connected clients.
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1825/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1703/httpd

I assume apache listens on port 80 and glassfish on port 8080. You can go with your command or you can use this:
netstat -nat | grep :80 | grep EST
That will output the established connections on port 80 and port 8080 (if there are any).
If you want real-time stats you could use this:
netstat -ntapc | grep :80 | grep EST
-c reloads the output every second

Related

Create a SSH tunnel from a Jump host to a Database and access the database on Jump Host Port

I am trying to create a SSH tunnel between a database running server port and another server as the following.
MySQL:3306 <=====> Server-A:3306
And I want to use the Server-A:3306 as the database URI to connect to the database.
I am running the following on ServerA
ssh -f -N -i ~/keys/test.pem foo#foo.storesandbox.com -L5001:127.0.0.1:2001
I can see that the tunnel is up and running. But when I use the public IP of Server-A and try to connect to the database, It does not work.
If I create another tunnel between between Server-A and where I run the MySQL client. then it works. But I don't want to do that.
What can be the reason for this issue. I am fairly new to scripting
by default local side (ssh client) creates listening port at loopback interface with address 127.0.0.1 when you use command like this
ssh me#server -L3306:localhost:3306
if you check netstat on your host you will see something like this
sudo netstat -ntlp | grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 12354/ssh
So applications at your local node can connect to such mapped service because loopback interface is visible to host itself but external nodes have no access to this virtual interface so can't make any connections to any service(port) which is listening on this single interface.
To instruct local ssh client to share such mapped port to the world you need to instruct it to bind to either all interfaces (including loopback) or to specific interface only
# here you explicitly tell ssh client to accept connection to your tunnel
# from any client(i.e. bind listenning port to all interfaces)
ssh me#server -L0.0.0.0:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#here you do the same thing by using -g option
ssh me#server -g -L3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#and here is an example of how to bind to specific interfaces only
# 10.0.0.12 is an IP of one of interfaces on your node
# 10.1.0.156 is also IP address of one interfaces of your node
ssh me#server -L10.0.0.12:3306:localhost:3306 -L10.1.0.156:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 10.0.0.12:3306 0.0.0.0:* LISTEN 12354/ssh
tcp 0 0 10.1.0.156:3306 0.0.0.0:* LISTEN 12354/ssh

ssh tunnel doesn't work

Even though tunnelling using ssh is a well discussed topic in internet, I couldn't make my setup proper. This is what the problem statement I have
-> I have two servers A and B.
-> I am trying to create a tunnel from A to B
-> In B I have echo server which is listening on port 34567
-> In A I have executed the command ssh -L 4444:10.106.251.90:34567 127.0.0.1
-> Netstat shows as follows
~ # netstat -na | grep 4444
tcp 0 0 127.0.0.1:4444 0.0.0.0:* LISTEN
tcp 0 0 ::1:4444 :::* LISTEN
-> In B I tried to check netstat -na | grep 4444 but there was no reference of it
-> In A I have echo client which writes into 127.0.0.1:4444
-> If I execute client in A, it doesn't forward. Instead it gives some 0 length string always
Is there any thing that I am missing here ?
Thanks
~S
Try using
ssh -L 4444:127.0.0.1:34567 user#10.106.251.90
This will open port 4444 on your local machine, forwarding packets to port 34567 of the remote machine.
# using on local
telnet 127.0.0.1 4444
# is the same as
# on remote
telnet 127.0.0.1 34567

How to enable SSH on SLES 12?

I am trying to enable ssh connection to suse linux. I have sshd service running:
peeyush#linux-pohb:~/gccgo.work> systemctl status sshd.service
sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2015-03-19 18:36:05 IST; 3h 50min ago
Process: 5702 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Main PID: 6035 (sshd)
CGroup: /system.slice/sshd.service
└─6035 /usr/sbin/sshd -D
Mar 19 18:36:01 linux-pohb sshd-gen-keys-start[5702]: Checking for missing se...
Mar 19 18:36:05 linux-pohb sshd-gen-keys-start[5702]: ssh-keygen: generating ...
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on 0.0.0.0 port 22.
Mar 19 18:36:06 linux-pohb sshd[6035]: Server listening on :: port 22.
Hint: Some lines were ellipsized, use -l to show in full.
It is listening on port 22 fine:
peeyush#linux-pohb:~/gccgo.work> netstat -an | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
But I am not able to connect to it.
[root#lep8a peeyush]# ssh root#192.168.122.19
ssh: connect to host 192.168.122.19 port 22: Connection timed out
My head is aching with finding solutions on internet. Nothing is working.
Could you guys please help me out?
Check if your firewall accepts incoming TCP connections on port 22:
# iptables -nL | grep 22
If the result is empty, you have to add a rule in your firewall.
Open Yast and firewall configuration:
# yast firewall
Goto "Allowed Services" and add "Secure Shell Server". Save and quit Yast and try to connect.
Comment: If you have disabled your firewall completly (not recommended) this answer does not apply.
Run this command:
systemctl enable sshd.service
Then make necessary changes in your /etc/ssh/sshd_config file, and start sshd via:
systemctl start sshd.service
I was dealing with the same problem in SUSE Linux Enterprise Server 15 x86-64. Within the system I was able to # ssh 127.0.0.1 (so the sshd service was working correctly), but from other nodes I got a "Timed out" message.
First, I checked the firewall rules (see answer from xloto):
# iptables -nL | grep 22
Resulted in an empty return message, so we need to set an additional rule.
To set the the firewall rule for SSH's standard port 22, I followed another tutorial (as I do not have a GUI):
# firewall-cmd --permanent --add-service=ssh
# firewall-cmd --reload
It worked for my case, but I'm not sure whether this is best practice.

Is it good to release these ports?

When I am trying to start Apache server from Eclipse, I am getting message as:
Several ports (8085, 8009) required by Tomcat v6.0 Server at localhost are already in use. The server may already be running in another process, or a system process may be using the port. To start this server you will need to stop the other process or change the port number(s).
I find the ports are opened by any process by the OS using "netstat -an"
I found below data as listening.
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8085 0.0.0.0:0 LISTENING
TCP [::]:8009 [::]:0 LISTENING
TCP [::]:8080 [::]:0 LISTENING
TCP [::]:8085 [::]:0 LISTENING
I don't know whether this are useful process, or can I release this ports.
If tomcat is already running eclipse will report this. This could happen if eclipse crashed.
If you only have one instance of tomcat on your machine
Try stopping it
bin/shutdown.sh
or on windows
bin/shutdown.bat
and then restarting tomcat from eclipse.
On linux
You can verify those ports are in use by another tomcat (or the same one that is already running) with
netstat -anp #running as the superuser the -p option will say what the process is
You can then check the process table to cross reference the ports
ps aux | grep java
or
ps aux | grep 1234 #replacing 1234 with the PID reported by netstat
If it is tomcat and it won't shutdown after running bin/shutdown.sh then you can kill it using the kill commmand.
If you do have something else that is using those ports
edit conf/server.xml
change the ports that tomcat will use, try 6080, 6005, etc
start tomcat from eclipse again

What ports does RabbitMQ use?

What ports does RabbitMQ Server use or need to have open on the firewall for a cluster of nodes?
My /usr/lib/rabbitmq/bin/rabbitmq-env is set below which I'm assuming are needed (35197).
SERVER_ERL_ARGS="+K true +A30 +P 1048576 \
-kernel inet_default_connect_options [{nodelay,true}] \
-kernel inet_dist_listen_min 35197 \
-kernel inet_dist_listen_max 35197"
I haven't touched the rabbitmq.config to set a custom tcp_listener so it should be listening on the default 5672.
Here are the relevant netstat lines:
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 728/epmd
tcp 0 0 0.0.0.0:35197 0.0.0.0:* LISTEN 5126/beam
tcp6 0 0 :::5672 :::* LISTEN 5126/beam
My questions are:
for other nodes to be able to connect to the cluster, do all 3 ports 4369, 5672 and 35197 need to be open?
Why isn't 5672 running on tcp and not just tcp6?
PORT 4369: Erlang makes use of a Port Mapper Daemon (epmd) for resolution of node names in a cluster. Nodes must be able to reach each other and the port mapper daemon for clustering to work.
PORT 35197
set by inet_dist_listen_min/max Firewalls must permit traffic in this range to pass between clustered nodes
RabbitMQ Management console:
PORT 15672 for RabbitMQ version 3.x
PORT 55672 for RabbitMQ pre 3.x
Make sure that the rabbitmq_management plugin is enabled, otherwise you won't be able to access management console on those ports.
PORT 5672 RabbitMQ main port (AMQP)
PORT 5671 TLS-encrypted AMQP (if enabled)
For a cluster of nodes, they must be open to each other on 35197, 4369 and 5672.
For any servers that want to use the message queue, only 5672 (or possibly 5671) is required.
What ports is RabbitMQ using?
Default: 5672, the manual has the answer. It's defined in the RABBITMQ_NODE_PORT variable.
https://www.rabbitmq.com/configure.html#define-environment-variables
The number might be differently if changed by someone in the rabbitmq configuration file:
vi /etc/rabbitmq/rabbitmq-env.conf
Ask the nmap if it can see it:
sudo nmap -p 1-65535 localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-19 13:50 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00041s latency).
PORT STATE SERVICE
443/tcp open https
5672/tcp open amqp
15672/tcp open unknown
35102/tcp open unknown
59440/tcp open unknown
Oh look, 5672, and 15672
Ask netstat if it can see it:
netstat -lntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:55672 0.0.0.0:* LISTEN
tcp 0 0 :::5672 :::* LISTEN
Oh look 5672.
lsof to see ports:
eric#dev ~$ sudo lsof -i | grep beam
beam.smp 21216 rabbitmq 17u IPv4 33148214 0t0 TCP *:55672 (LISTEN)
beam.smp 21216 rabbitmq 18u IPv4 33148219 0t0 TCP *:15672 (LISTEN)
use nmap from a different machine, find out if 5672 is open:
sudo nmap -p 5672 10.0.1.71
Starting Nmap 5.51 ( http://nmap.org ) at 2014-09-19 13:19 EDT
Nmap scan report for 10.0.1.71
Host is up (0.00011s latency).
PORT STATE SERVICE
5672/tcp open amqp
MAC Address: 0A:40:0E:8C:75:6C (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Try to connect to a port manually with telnet, 5671 is CLOSED:
telnet localhost 5671
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Try to connect to a port manually with telnet, 5672 is OPEN:
telnet localhost 5672
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Check your firewall:
sudo cat /etc/sysconfig/iptables
It should tell you what ports are made open:
-A INPUT -p tcp -m tcp --dport 5672 -j ACCEPT
Reapply your firewall:
sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
To find out what ports rabbitmq uses:
$ epmd -names
Outputs:
epmd: up and running on port 4369 with data:
name rabbit at port 25672
Run these as root:
lsof -i :4369
lsof -i :25672
More about epmd options.
Port Access
Firewalls and other security tools may prevent RabbitMQ from binding to a port. When that happens, RabbitMQ will fail to start. Make sure the following ports can be opened:
4369: epmd, a peer discovery service used by RabbitMQ nodes and CLI tools
5672, 5671: used by AMQP 0-9-1 and 1.0 clients without and with TLS
25672: used by Erlang distribution for inter-node and CLI tools communication and is allocated from a dynamic range (limited to a single port by default, computed as AMQP port + 20000). See networking guide for details.
15672: HTTP API clients and rabbitmqadmin (only if the management plugin is enabled)
61613, 61614: STOMP clients without and with TLS (only if the STOMP plugin is enabled)
1883, 8883: (MQTT clients without and with TLS, if the MQTT plugin is enabled
15674: STOMP-over-WebSockets clients (only if the Web STOMP plugin is enabled)
15675: MQTT-over-WebSockets clients (only if the Web MQTT plugin is enabled)
Reference doc:
https://www.rabbitmq.com/install-windows-manual.html
Check \AppData\Roaming\RabbitMQ\log. If you have a log file there search for started TCP listener on [::].
It should tell you on which port rabbitMq is running. Look for the last entry.
Disclaimer: not the best way to find port, as there might be a chance the port has been changed in the mean time.