Last edit: October 01, 2017 10:03:52 AM CDT List of all cheatsheets See also Jamf Pro for additional information Java Keytool Generate a Java keystore key tool -genkeypair -alias [name] -keystore /path/to/keystore.jks8 Generate a certificate signing request (CSR) for an existing Java keystore keytool -certreq -keyalg [RSA] -alias [name] -keystore /path/to/keystore.jks Import a root or intermediate CA certificate to an existing Java keystore keytool -import -alias [root/name] -keystore /path/to/keystore.jks -trustcacerts -file /path/to/cacer.pem Add child cert to keystore keystone -import [sitename] -keystore /path/to/keystore.jks -trustcacerts -file /path/to/cert.pem Check a stand-alone certificate keytool -printcert -v -file [cert].crt View contents of keystore keytool -list -v -keystore keystore.jks Delete a certificate from a Java Keytool keystore keytool -delete -alias [domain] -keystore keystore.jks Change a Java keystore password keytool -storepasswd -new new_storepass -keystore keystore.jks Export a certificate from a keystore keytool -export -alias [domain] -file mydomain.crt -keystore keystore.jks List Trusted CA Certs keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts MySQL Don't forget to close with the ; Caps are a convention, not a requirement Is MySQL running netstat -ntlap | awk '/3306/ && /LISTEN/' Get MySQL performance stats mysqladmin -u root -p status • Threads: The number of active threads (clients) • Questions: Number of queries since the server was started • Open: number of tables the server has opened • Open tables: number of currently open tables Operators that can be used in statements = | != or <> | <, <=, >, >= | between (a range) | like (look for pattern) Show all databases on server show databases; Create a database create database [database name]; Delete a database drop database [database name]; Delete a table drop table [table name]; Switch databases use [database name]; See all tables in a database show tables; See field formats (aka column names or keys) describe [table name]; View active connections in mysql show processlist; show processlist full; View active connections from CLI mysqladmin -u root -p processlist Show config settings show variables; show variables like '[term]'; e.g. show variables like 'max_connections'; What database engine is in use select database; SELECT TABLE_NAME, ENGINE FROM information_schema.TABLES where TABLE_SCHEMA = 'databasename' AND ENGINE IS NOT NULL; Get engine information show engines; See information about installed engines use [database]; show table status; See information about engine used by a particular database Get database size select table_schema "db name", round(sum(data_length + index_length) / 1024 / 1024, 1) "db size in mb" from information_schema.tables group by table_schema; Sort and size tables select table_schema as db,table_name, round((data_length+index_length) / 1048576,1) as size from information_schema.tables order by data_length+index_length desc limit 20; Get a list of MySQL users select user FROM mysql.user; select user,host from mysql.user; Find the privilege(s) granted to a particular MySQL account show grants for 'UserName'@'HostName'; Create a new user create user 'newuser'@'localhost' identified by 'password'; Grant access to a specific database grant all privileges on 'db name between single quotes'.* to 'username'@'localhost'; flush privileges; flush hosts; Grant access to all databases grant all privileges on *.* to 'username'@'%' with grant option; flush privileges; flush hosts; Create a new user and grant privileges all in one grant all on DataBaseName.* to 'username'@'hostname' identified by 'password'; Change a user's password set password for 'user'@'localhost' = password('[password value to use]'); flush privileges; Remove access rights revoke all privileges on DataBaseName.* from 'UserName'@'HostName'; Remove a user drop user 'UserName'@'HostName'; Change mysql root user's password in 5.7.6+ ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass'; Change mysql root user's password' mysqladmin -u root -p [oldpassword] [newpassword] Show all data in a table select * from [table name]; Show unique records select distinct [column name] FROM [table name]; Using WHERE to find matches select */[column] from [table]; WHERE [column you want to search through][operator][value] e.g. select * from princeNames; where lastName != Nevermind; Export MySQL query to a text file select application_name, count(*) as count from applications where bundle_id!='' and bundle_id not like '[search term without brackets].%' group by application_name order by count into outfile '/path/to/file.txt'; Dump a single database for backup in a script mysqldump -u username -p[password right next to the “P”] [database name] >/path/to/[database name].sql Dump multiple database for backup in a script mysqldump -u username -p[password right next to the “P”] --databases [database names] >/path/to/[database name].sql Restore a database from a dump backup mysql -u username -p password [database name] < /path/to/[database name].sql Set child node in a clustered environment rights grant insert, select, update, delete, lock tables on DataBaseName.* to 'UserName'@'HostName' identified by 'Password'; View connections from cluster nodes with different users grant process on 8.8 to 'UserName'@'HostName' identified by 'Password'; (needs to be master db user) MySQL on OS X Basic Control /usr/local/mysql/support-files/mysql.server start|stop|restart OS X mysql best practice Install MySQL and confirm works + Restart and check Change mysql_root password: ALTER USER 'root'@'localhost' IDENTIFIED BY 'new-password'; + Restart and check Edit my.conf + Restart and check Edit LaunchDaemon with Port + Restart and check Uninstall mysql on OS X /usr/local/mysql/support-files/mysql.server stop edit /etc/hostconfig and remove the line MYSQLCOM=-YES- if present rm /etc/my.cnf rm /Library/LaunchDaemons/com.mysql.mysql.plist rm -rf /Library/StartupItems/MySQLCOM if present rm -rf /usr/local/mysql* rm -rf ~/Library/PreferencePanes/My* pkgutil —forget com.mysql.* Tomcat Tomcat is nested objects all the way down Structural Overview Tomcat Server \_Service (includes Listener) Connectors ------> \_Engine (includes Realms and Valves) \_Host \_Context \_WebApp This structure is mimicked in the server.xml config file: <Server> <Listerner> <Service> <Connector> <Engine> <Realm> <Valve> Clients communicate over Connectors. Requests coming in over a Connector are matched to an appropriate Container group, starting with the proper Engine for the request. The Engine in turn hands the request down to the proper Host, then Context and Webapp Server: Overall application server. Controls startup and shutdown of the environment. Interacts with the JVM. Can contain multiple Services. Default port is 8005 Listeners: Listens for and responds to specific program events Connectors: Handles communications between a Service and clients. There are multiple Connector types, including: •  HTTP/1.1 (aka Coyote) - Port 8080 •  AJP - Port 8009 •  SSL - Port 8443 n.b. “Catalina” is used as the name for a Container, a Service and an Engine as well as an object for Java to work with/address. These are all different things despite sharing the same “Catalina” name. The Catalina Service and Catalina Engine are the default Service and the primary Engine in Tomcat.In a way, Catalina is Tomcat but Tomcat is not just Catalina. Container: An Engine, Host and Context group. Services are elements of a Containers. Service: Combination of one or more Connector components that share a single Engine. Maps Connectors to Engines. Engine: Processor that takes input from Connectors and directs requests to the proper Host (Tomcat container host, not a compute/server host). n.b. Jasper is the JSP engine that parses and compiles Java code into items to be handled by the Catalina engine. Realm: Per container user authentication mechanism. In Casper, this functionality is handled by the webapp and webapp database. Valves: Intercepts incoming HTTP requests that are bound for a particular application, host or engine and preprocesses those requests. Valves are essentially filters. Hosts: Represents a virtual machine within the Tomcat server that associates a network name ( to the server. The default configuration of Tomcat includes the host named localhost. Keys that define application behavior (file system location, WAR unpacking) are defined per-host. Context: Represents a single web application. Tomcat Directory Structure /bin: Tomcat binaries and control scripts /conf: Tomcat global config files. Applicable to Tomcat Server and all webapps. /lib: Java files shared by all webapps /logs: Server/Service-level logs /webapps: Default application directory /work: Compiled source files in use by web apps /temp: Temp service files Casper Webapp Directory Structure META-INF: Contains webapp-specific config files, including an app-level context.xml file. Required by Tomcat. WEB-INF: Contains application-specific config files (including web.xml), classes files and libraries used by the web app. Is not directly accessible by web clients. Required by Tomcat. api: API UI and backend elements. bin: jamf, jamfAgent, jamfHeper, jamfNotificationService, quickadd and SelfService binaries javascripts: Javascript libraries stylesheets: Site stylesheets ui: GUI for site favicon.ico, index.html, robots.txt, uapisamlfail.jsp and uapisamlsuccess.jsp: Extra bits Tomcat Config Files server.xml: Main Tomcat config file. Defines how server presents itself to clients, how clients communicate with it and the capabilities (Engines) of the server. Applies to all webapps. •  Threadpool in Server.xml is the maximum amount of threads that Tomcat can create for incoming connections to a webapp •  MaxThreads value in Server.xml recommended values: [Value of MaxPoolsize in DataBase.xml] x 2.5 catalina.policy: Tomcat security policy Sets some class loader paths, security package lists, and some tunable performance properties. context.xml: Global Tomcat-specific configuration options. Can also set per-webapp context.xml files. Defines logging options for Tomcat and webapps. Webapps can also have specific logging settings defined in per-app file. tomcat-users.xml: Defines Tomcat-specific users and access rights. If using Tomcat Manager, configure credentials and access here. web.xml: Defines application needs to engine; sets how pages are presented and includes things like time out value. This is a global file, but webapps can have their own web.xml to define app-specific values. /path/to/tomcat/tomcat/bin/ Set global Tomcat Java custom configuration values. n.b. that CATALINA_OPS values are specific to Catalina. JAVA_OPS values will apply to all Java applications. •  JAVA_OPS/CATALINA_OPS MaxPermSize or MaxMetasize value in how much memory to use to load all components Key Casper Webapp Config Files Basepath: /path/to/tomcat/webapps/[$webAppName]/WEB-INF/ /classes/ App-specific logging properties /classes/dal/ Sets what type of cache type the JSS will use (ehcache or memcache). /classes/dal/ service configuration. Ehcache is used in a single server environment. •  If restoring from a backup, strip "DBAPPLIED_" from the contents /classes/dal/ memecache service configuration. Memcache is used in a clustered environment. •  If restoring from a backup, strip "DBAPPLIED_" from the contents /xml/DataBase.xml: Defines database connection credentials and performance values; defines number of allowed MySQL connections from webapps to the database •  MaxPoolSize is the number of allowed MySQL connections from webapps to the database •  What Tomcat calls "pool size" MySQL calls “connections” •  MaxPoolSize of 90 should be adequate until client machine count gets into thousands /xml/JAMFSoftwareServerDatabaseSchema.xml: Jamf's current database schema web.xml: Defines application needs to engine; sets how pages are presented and includes things like time out value. Values here will override values set for global web.xml. my.cnf: max_connections in my.conf recommended value is (number of all webapps x 90) + 1 Tomcat Log Files catalina.[$dateStamp].log: Log rolled from catalina.out catalina.out: stdin and stderr from Tomcat processes. Covers all webapps. Includes logging of user access to webapps. •  If the JSS is not loading, check this log for details. •  Should list line and column numbers for errors in server.xml host-manager.[$dateStamp].log: Log for Tomcat Host-Manager webapp. Used to manage Tomcat clusters, ala the Tomcat Manager app. localhost.[$dateStamp].log: General Tomcat logging. manager.[$dateStamp].log: Log for Tomcat Manager webapp tomcatinit.log: Runtime info for Tomcat, including version Casper Webapp Log Files JAMFChangeManagement.log: Tracks app-wide changes if Change Management is enabled in JSS. JAMFSoftwareServer: Webapp application log. •  If web app isn't starting but Tomcat is up, check this log for details JSSAccess.log: User access logging. Includes remote IP values. jssinstaller.log: If using JAMF installer, install details logging