Convert .pem into .key

Convert .pem into .key

root# openssl rsa -in privkey.pem -out private.key

.pem – Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.


.key – This is a PEM formatted file containing just the private-key of a specific certificate and is merely a conventional name and not a standardized one. In Apache installs, this frequently resides in /etc/ssl/private. The rights on these files are very important, and some programs will refuse to load these certificates if they are set wrong.

Mounted disk does not contain SELinux labels.

After mounting the disk the listed below problem appears.

root# mount -v /dev/sdb1 /mnt/backup
mount: /mnt/backup does not contain SELinux labels.
You just mounted an file system that supports labels which does not
contain labels, onto an SELinux box. It is likely that confined
applications will generate AVC messages and not be allowed access to
this file system. For more details see restorecon(8) and mount(8).
mount: /dev/sdb1 mounted on /mnt/backup.
root#

The SELinux warning is fixed by “restorecon -R /mnt/backup“.

Run cron job every other week.

Run cron job every other week, let’s say Friday at 10AM. Add this to your crontab:

0 10 * * 5 [ `expr \`date +\%s\` / 86400 \% 2` -eq 1 ] &&

Every second Friday is an odd number of days since Thursday, Jan 1, 1970 and every first Friday is an even number, plus there are 86400 seconds in a day.
If there is “-eq 1” this means it will not be executed this Friday only every other Friday, if there is “-eq 0” this means it will executed this Friday and every other Friday.

Using CPU hotplug.

The kernel option CONFIG_HOTPLUG_CPU needs to be enabled. It is currently available on multiple architectures including ARM, MIPS, PowerPC and X86.
List all current CPUs and cores in the system:

server124:~ # ls -lh /sys/devices/system/cpu
total 0
drwxr-xr-x 5 root root 0 Jul 20 09:46 cpu0
drwxr-xr-x 5 root root 0 Jul 20 09:51 cpu1
drwxr-xr-x 2 root root 0 Jul 20 09:54 cpu2
drwxr-xr-x 2 root root 0 Jul 20 09:54 cpu3
drwxr-xr-x 2 root root 0 Jul 20 10:18 cpufreq
drwxr-xr-x 2 root root 0 Jul 20 10:18 cpuidle
-r--r--r-- 1 root root 4.0K Jul 20 09:46 kernel_max
-r--r--r-- 1 root root 4.0K Jul 20 10:12 offline
-r--r--r-- 1 root root 4.0K Jul 20 09:46 online
-r--r--r-- 1 root root 4.0K Jul 20 10:18 possible
-r--r--r-- 1 root root 4.0K Jul 20 10:18 present
--w------- 1 root root 4.0K Jul 20 10:18 probe
--w------- 1 root root 4.0K Jul 20 10:18 release

Each CPU folder contains an online file which controls the logical on (1) and off (0) state.
To logically shutdown cpu3:

server124:~ # echo 0 > /sys/devices/system/cpu/cpu3/online

and in the log file you can find something like this:

Jul 20 10:52:38 server124 kernel: [ 3969.489290] CPU 2 is now offline
Jul 20 10:52:38 server124 kernel: [ 3969.492336] CPU 3 is now offline

also by executing lscpu command:

server124:~ # lscpu |grep line
On-line CPU(s) list: 0-2
Off-line CPU(s) list: 3
server124:~ #

Once the CPU is shutdown, it will be removed from /proc/interrupts, /proc/cpuinfo and should also not be shown visible by the top command.
To bring cpu3 back online:

server124:~ # echo 1 > /sys/devices/system/cpu/cpu3/online

and in the log file:

Jul 20 11:00:01 server124 kernel: [ 4412.323732] Booting Node 0 Processor 3 APIC 0x3
Jul 20 11:00:01 server124 kernel: [ 4053.024204] mce: CPU supports 0 MCE banks

and by executing lscpu command:

server124:~ # lscpu |grep line
On-line CPU(s) list: 0-3
server124:~ #

The CPU is usable again.

Also chcpu can be used (chcpu can modify the state of CPUs. It can enable or disable CPUs, scan for new CPUs, change the CPU dispatching mode of the underlying hypervisor, and request CPUs from the hypervisor (configure) or return CPUs to thehypervisor (deconfigure)).

To disable CPUs 2 and 3:

server124:~ # chcpu -d 2,3
CPU 2 disabled
CPU 3 disabled

To enable CPUs 2 and 3:

server124:~ # chcpu -e 2,3
CPU 2 enabled
CPU 3 enabled

Find out whether a filesystem check is scheduled for the next boot.

To find out whether a filesystem check is scheduled for the next boot. Use this command: “dumpe2fs -h /dev/disk”.
Fsck will run if mount count is equal or greater than maximum mount count, or if “next check after” is passed.

Continue reading “Find out whether a filesystem check is scheduled for the next boot.”

Creating virtual disks using dd and losetup.

To create an image file, in this case a “virtual disk”, use “dd” command. The below command will write zeros to a file of a specified size.

dd if=/dev/zero of=1GB_disk.img bs=1M count=1024

Once completed, a partition can be created using cfdisk or fdisk command. Then the filesystem should be created using mkfs.ext4

cfdisk 1GB_disk.img

Now, you can proceed to setup a loop device for you image. This requires the use of “losetup”. This command will assign an available loop device (-f option to find one) to the partition on the image, and show the name a loop device (–show option):​

losetup -Pf --show 1GB_disk.img

If successful, you should be able to access the partition by mounting the image.

[root@s1 disk]# lsblk|grep loop
loop0 7:0 0 1G 0 loop /mnt/disk
[root@s1 disk]#

mount /dev/loop0 /mnt/disk

[root@s1 disk]# df -hP /mnt/disk/
Filesystem Size Used Avail Use% Mounted on
/dev/loop0 976M 46M 863M 6% /mnt/disk
[root@s1 disk]#

To remove a loop device just run:

losetup -d /dev/loop0