In SVN, you cannot checkout a specific file. You must check out a directory. Therefore, you check out the parent directory then update the specific file.
$ svn update -r27684 release-build.xml U release-build.xml Updated to revision 27684.
In SVN, you cannot checkout a specific file. You must check out a directory. Therefore, you check out the parent directory then update the specific file.
$ svn update -r27684 release-build.xml U release-build.xml Updated to revision 27684.
<cmsys1:2388># zoneadm -z ${zonename} halt
<cmsys1:2388># zoneadm -z ${zonename} reboot
<cmsys1:2388># zlogin -C nagios
Include only running zones:
<cmsys1:114># zoneadm list -v ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 sirls running /data/zones/sirls native shared
Include halted zones:
<cmsys1:2392># zoneadm list -vi ID NAME STATUS PATH BRAND IP 0 global running / native shared 7 sasvn running /data/zones/sasvn native shared 8 saldp running /data/zones/saldp native shared 9 nagios running /data/zones/nagios native shared 10 garls running /data/zones/garls native shared 11 dvrls running /data/zones/dvrls native shared 12 sirls running /data/zones/sirls native shared 13 qarls running /data/zones/qarls native shared - saweb installed /data/zones/saweb native shared - sacvs installed /data/zones/sacvs native shared
<cmsys8:457># isainfo -v 64-bit amd64 applications amd_lzcnt popcnt amd_sse4a tscp cx16 mon sse3 sse2 sse fxsr amd_3dnowx amd_3dnow amd_mmx mmx cmov amd_sysc cx8 tsc fpu 32-bit i386 applications amd_lzcnt popcnt amd_sse4a tscp cx16 mon sse3 sse2 sse fxsr amd_3dnowx amd_3dnow amd_mmx mmx cmov amd_sysc cx8 tsc fpu <cmsys8:858># isainfo -kv 64-bit amd64 kernel modules
401 wget http://rsync.samba.org/ftp/rsync/rsync-3.0.7.tar.gz 402 gunzip ./rsync-3.0.7.tar.gz 403 ls 404 tar -xvf rsync-3.0.7.tar 405 cd rsync-3.0.7 406 ./configure 407 echo $PATH 408 id 409 make 410 ls /usr/ccs/bin 411 export PATH=$PATH:/usr/ccs/bin 412 make install 413 which rsync
This is a script which uses the XML parsing tool ElementTree to copy one Jenkins job to another & replaces the SVN location to be the latest created tag.
import urllib import urllib2 from urllib2 import URLError import logging import re import os import base64 import sys import time import pysvn import xml.etree.ElementTree from xml.etree.ElementTree import ElementTree, Element, SubElement # ElementTree XML tutorial -> http://www.bigfatalien.com/?p=223 """ get_svn_login is required for pysvn to set credentials """ def get_svn_login(realm, username, may_save): return True, "svninfoforbuild", "svninfoforbuild", False """ query SVN for a list of tags. Look through that list for tags matching regex. figure out which of these was created last. return this tag. """ def svn_get_latest_tag(device, client): logging.debug( "svn_get_latest_tag(" + device + ", Client)") reponame = svn_url + "/" + svn_repo_list[device] + "/tags" logging.debug( "reponame = " + reponame) taglist = client.list(reponame) logging.debug("taglist = " + str(taglist)) maxtime = 0 maxtag = None tagname = None for tag in taglist: #for x in tag[0]: # logging.debug( str(x) + " = " + str(tag[0][x])) m = re.search(r"/(" + device + "-d+.d+.d+.d+)$", tag[0]["path"]) if m is not None: if tag[0]["time"] > maxtime: tagname = m.group(1) maxtime = tag[0]["time"] maxtag = tag[0]["path"] logging.debug( "maxtime = " + str(maxtime)) logging.debug( "maxtag = " + str(maxtag)) logging.debug( "tagname = " + str(tagname)) return maxtime, maxtag, tagname """ query SVN for a list of branchs. Look through that list for branchs matching regex. figure out which of these was created last. return this branch. """ def svn_get_latest_branch(device, client): logging.debug( "svn_get_latest_tag(" + device + ", Client)") reponame = svn_url + "/" + svn_repo_list[device] + "/branches" logging.debug( "reponame = " + reponame) branchlist = client.list(reponame) maxtime = 0 maxtag = None branchname = None for branch in branchlist: logging.debug( "------------------------") for x in branch[0]: logging.debug( str(x) + " = " + str(branch[0][x])) logging.debug( str(branch[0]["time"]) + " > " + str(maxtime)) m = re.search(r"/(" + device + "-d+.d+.d+.[dw]+)$", branch[0]["path"]) if m is not None: logging.debug( "m is not None") if branch[0]["time"] > maxtime: branchname = m.group(1) maxtime = branch[0]["time"] maxbranch = branch[0]["path"] logging.debug( "********* branchname == " + branchname) logging.debug( "------ maxtime == " + str(maxtime)) logging.debug( "------------------------") logging.debug( "maxtime = " + str(maxtime)) logging.debug( "maxbranch = " + str(maxbranch)) logging.debug( "branchname = " + str(branchname)) return maxtime, maxbranch, branchname def jenkins_get_project_xml(device, timestr): jobxmlurl = jenkins_url + "/job/" + jenkins_project_list[device] + "/config.xml" req = urllib2.Request(jobxmlurl) base64string = base64.encodestring("%s:%s" % (jenkins_id, jenkins_pwd))[:-1] req.add_header("Authorization", "Basic %s" % base64string) response = urllib2.urlopen(req) jobxml = response.read() f = open("./" + device + "_config_" + timestr + ".xml", "w") f.write(jobxml) f.close() return "./" + device + "_config_" + timestr + ".xml" #logging.debug( jobxmlurl) def jenkins_push_project_xml(new_proj_name, source_proj, new_proj_xml): # READ XML INTO MEMORY xml_contents = "" file = open(new_proj_xml, "r") for line in file: xml_contents += line file.close() # 1) CREATE A NEW JOB IN JENKINS job_create_url = jenkins_url + "/createItem?name=" + new_proj_name logging.debug( job_create_url) req = urllib2.Request(job_create_url, data=xml_contents, headers={"Content-Type":"text/xml"}) base64string = base64.encodestring("%s:%s" % (jenkins_id, jenkins_pwd))[:-1] req.add_header("Authorization", "Basic %s" % base64string) response = urllib2.urlopen(req) create_results = response.read() def jenkins_project_exists(pname): logging.debug("jenkins_project_exists(" + pname + ")") jobxmlurl = jenkins_url + "/job/" + pname logging.debug( "jobxmlurl = " + jobxmlurl) req = urllib2.Request(jobxmlurl) base64string = base64.encodestring("%s:%s" % (jenkins_id, jenkins_pwd))[:-1] req.add_header("Authorization", "Basic %s" % base64string) try: response = urllib2.urlopen(req) except URLError, e: return False return True def svn_get_trunk_url(device): return svn_url + "/" + svn_repo_list[device] + "/trunk" def process_xml(device, tagname, jobxml, svn_trunk_url, svn_maxtag_url, timestr): # Element - XML elements containing: # the label (tag), # a list of attributes # a list of chilren elements (forming the XML tree hierarchy) # Elementtree - The wrappers around Element objects which provide facilities to output the Element as an xml file # You can also read an xml file into an ElementTree then access teh Elements within. # CREATE AN ELEMENT TREE OBJECT et = ElementTree() # PARSE THE XML FILE. project_elem = et.parse(jobxml) logging.debug( "--------------------------------------------") # REPLACE THE SCM LOCATION POINTING TO TRUNK WITH ONE POINTING TO THE NEW TAG # Structure = ## ... # # FIND THE FIRST description ELEMENT de = project_elem.find("description") de.text = device + " TAG " + tagname scme = project_elem.find("scm") loce = scme.find("locations") location_children = list(loce) logging.debug( "svn_trunk_url = " + svn_trunk_url) for l in location_children: remote = l.find("remote") local = l.find("local") m = re.search(r"^" + svn_trunk_url + "(/src)?$", remote.text) if m is not None: newstr = svn_maxtag_url if m.group(1) is not None: newstr += m.group(1) logging.debug( newstr) remote.text=newstr newxmlname = "./" + device + "_config_new_" + timestr + ".xml" et.write(newxmlname); return(newxmlname); svn_url="https://svn.company.com" #device_type="ios" jenkins_url="http://jenkins.corp.company.com:8080" job_sub_http="job" svn_repo_list={} svn_repo_list["android"] = "android" svn_repo_list["ios"] = "ios" svn_repo_list["blackberry"] = "blackberry" jenkins_project_list={} jenkins_project_list["android"] = "android_trunk" jenkins_project_list["ios"] = "ios_trunk" jenkins_project_list["blackberry"] = "blackberry_trunk" jenkins_id = "tag_creator" jenkins_pwd = "1qazxsw2" job_file="config.xml" logging.basicConfig(level=logging.DEBUG) timestr = time.strftime("%Y-%m-%d_%H%M%S", time.localtime()) device_type = None svn_loc = "tags" for arg in sys.argv: args = re.search(r"^--(S+)=(S+)$", arg) if args is not None: if re.search(r"^device_type$", args.group(1)): device_type = args.group(2).lower() logging.debug("device_type = " + device_type) elif re.search(r"^svn_loc$", args.group(1)): svn_loc = args.group(2) logging.debug("svn_loc = " + svn_loc) try: repo = svn_repo_list[device_type] logging.debug("repo = " + repo) except KeyError, e: sys.exit("ERROR: device_type does not match the required list of options (android, ios, blackberry)") svn_trunk_url=svn_url + repo + "/trunk" logging.debug("svn_trunk_url = " + svn_trunk_url) client = pysvn.Client() client.callback_get_login = get_svn_login maxtime = None svn_maxtag_url = None reponame = None if svn_loc == "tags": maxtime, svn_maxtag_url, reponame = svn_get_latest_tag(device_type, client) elif svn_loc == "branches": maxtime, svn_maxtag_url, reponame = svn_get_latest_branch(device_type, client) else: sys.exit("ERROR: You cannot use svn_loc = " + svn_loc) logging.debug("maxtime = " + str(maxtime)) logging.debug("svn_maxtag_url = " + str(svn_maxtag_url)) logging.debug("reponame = " + str(reponame)) project_exists = jenkins_project_exists(reponame) logging.debug("project_exists = " + str(project_exists)) if project_exists: sys.exit("ERROR: The Jenkins job " + reponame + " already exists.") origxml = jenkins_get_project_xml(device_type, timestr) newxml = process_xml(device_type, reponame, origxml, svn_trunk_url, svn_maxtag_url, timestr) jenkins_push_project_xml(reponame, jenkins_project_list[device_type], newxml) os.remove(origxml) os.remove(newxml)projectname # ... ## # ... ## # ... ## # ... #... #... #
perl -MCPAN -e 'install HTML::Template'
Basic Setup:
Here I have mentioned the basic configurations for enabling iptables in fedora linux.
List your current iptables configuration.:
[root@cmlin02:~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bb ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:snmp ACCEPT udp -- anywhere anywhere udp dpt:snmp ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ldap ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ldaps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ndmp REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT udp -- anywhere anywhere state NEW udp dpt:49222 ACCEPT udp -- anywhere anywhere state NEW udp dpt:mdns Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
1) To allow established sessions to receive traffic
# iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2) You could start by blocking traffic, but you might be working over SSH, where you would need to allow SSH before blocking everything else.
To allow incoming traffic on the default ssh port (22)
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
To allow incoming traffic on the default Squid port (3128)
# iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
To allow incoming traffic on the default Apache port
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
To allow incoming traffic on the default samba port
# iptables -A INPUT -p udp --dport 137 -j ACCEPT # iptables -A INPUT -p udp --dport 138 -j ACCEPT # iptables -A INPUT -p udp --dport 139 -j ACCEPT # iptables -A INPUT -p tcp --dport 139 -j ACCEPT # iptables -A INPUT -p tcp --dport 445 -j ACCEPT
To allow incoming traffic on the default SNMP port (161)
# iptables -A INPUT -p tcp --dport 161 -j ACCEPT # iptables -A INPUT -p udp --dport 161 -j ACCEPT
Now check the current configuration
[root@cmlin02:~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere udp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere tcp dpt:snmp ACCEPT tcp -- anywhere anywhere udp dpt:snmp ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:squid
3) Once we enabled the above port.we can drop all other incoming ports.
# iptables -A INPUT -j DROP
Now check the rule
# iptables -L
For Interface based access for eth0 specify -i eth0
4) In the final step we have to enable loopback interface. After all the traffic has been dropped. We need to insert this rule before that. Since this is a lot of traffic, we’ll insert it as the first rule so it’s processed first.
#iptables -I INPUT 1 -i lo -j ACCEPT
5) To enabling logging
# iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
6) To save this configuration
# iptables-save > /etc/sysconfig/iptables
or
#service iptables save #service iptables start
This configuration will enable ssh port and disable all other incoming ports.
To manually edit iptables config
Also you can manual edit /etc/sysconfig/iptables
IP Tables configuration for other Services
1) Iptables for default ldap port
# iptables -A INPUT -p tcp --dport 389 -j ACCEPT # iptables -A INPUT -p tcp --dport 636 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
2) Iptables for Backup Exec
3) IP tables for smtp
#iptables -A INPUT -p tcp --dport 25 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
4) iptables for smtps
#iptables -A INPUT -p tcp --dport 465 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
5) iptables for pop3 , pop3s
#iptables -A INPUT -p tcp --dport 110 -j ACCEPT #iptables -A INPUT -p tcp --dport 995 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
6) iptables for imap , imaps
#iptables -A INPUT -p tcp --dport 143 -j ACCEPT #iptables -A INPUT -p tcp --dport 993 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
7) iptables for webmin default port
#iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 1000 -j ACCEPT
8) IPtables for named, domain
#iptables -A INPUT -p tcp --dport 53 -j ACCEPT #iptables -A INPUT -p udp --dport 53 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT
9) iptables for TFTP server
#iptables -A INPUT -p udp --dport 69 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p udp -m udp --dport 69 -j ACCEPT
10) iptable configuration for DHCP server
#iptables -A INPUT -p udp --dport 67 -j ACCEPT #iptables -A INPUT -p udp --dport 68 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p udp -m udp --dport 67 -j ACCEPT -A INPUT -p udp -m udp --dport 68 -j ACCEPT
11) iptables for NFS server- click here
12) iptables for FTP server – click here
13) iptables for NTP server
#iptables -A INPUT -p udp --dport 123 -j ACCEPT
or manually edit /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
One of my iptables files:
[root@cmlin02:~]# more /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [85:9266] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT # HTTP -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # XYMON #-A INPUT -p tcp --destination-port 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 1984 -j ACCEPT # SSH -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # SNMP -A INPUT -p tcp --dport 161 -j ACCEPT -A INPUT -p udp --dport 161 -j ACCEPT # SAMBA -A INPUT -p udp -m udp --dport 137 -j ACCEPT -A INPUT -p udp -m udp --dport 138 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT # HTTPS -A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT # BIND -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp --dport 53 -j ACCEPT # LDAP -A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT # WEBMIN -A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited # avahi -A INPUT -m state --state NEW -p udp --dport 49222 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 5353 -j ACCEPT COMMIT