Replace broken hard drive in software RAID1

This scenario assumes that you have two hard disk with RAID1 setup and one of them is broken (say sdb).

To check the status of RAID:

$ cat /proc/mdstat

Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md2 : active raid1 sda3[1]
730202368 blocks [2/1] [U_]
md1 : active raid1 sda2[1]
264960 blocks [2/1] [U_]
md0 : active (auto-read-only) raid1 sda1[1]
2102464 blocks [2/1] [U_]

you will see [_U] or [U_] if there is a broken RAID.

If required remove the broken hardrive from RAID from all md devices.

# mdadm --manage /dev/md0 --fail /dev/sdb1

# mdadm --manage /dev/md1 --fail /dev/sdb2

# mdadm --manage /dev/md2 --fail /dev/sdb3

Shutdown the machine and replace the hard drive.

Once the server is booted, you will see the new device (either sda or sdb depends on what drive is broken)

# ls -l /dev/sd*

Now we need to replicate the partition schema on the new drive.

sfdisk -d /dev/sda | sfdisk /dev/sdb

// -d     Dump the partitions of a device

We can add the partition to the RAID now, you could verify the partitions with fdisk -l.

# mdadm --manage /dev/md0 --add /dev/sdb1

# mdadm --manage /dev/md1 --add /dev/sdb2

# mdadm --manage /dev/md2 --add /dev/sdb3

It will start sync the data and will be ready once completed.

You may verify the mdstat

# cat /proc/mdstat
Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md2 : active raid1 sda3[0] sdb3[1]
7302023 blocks [2/2] [UU]

md1 : active raid1 sda2[0] sdb2[1]
2649 blocks [2/2] [UU]

md0 : active (auto-read-only) raid1 sda1[0] sdb1[1]
21024 blocks [2/2] [UU]

./arun

Enable IPv6 on Direct Admin

It was rather easy to get IPv6 working with DA if you have the IPv6 subnet allocated for your server.

Make sure that you have IPv6 enabled on your DA.

# grep ipv6 /usr/local/directadmin/conf/directadmin.conf
ipv6=1

Add the IPv6 Addresses to your direct admin, through IP Management (This will add IPv6 address to the interface).
Enter the IPv6 Address in IP field and keep the Netmask as 255.255.255.0

Add IPv6 address for your name servers,
go to DNS administration –> Select your name server domain –> Add AAAA records for your Name Servers. Make sure you have added the IPv6 addresses already to DA.

Check your name server is resolving/reachable via IPv6.

Now to add IPv6 Address to hosted domains, select the domain –> Modify user –> select the IPv6 address in “Add Additional IP”. If the IPv6 address is not visible, make sure it is added to DA and to the reseller account you are editing the domain.

Add the IPv6 address(AAAA) to the corresponding domains DNS configuration.

Here we go, ping666666

 

./arun

Extending LVM disk space

Add the new disk drive to the system, you need to reboot the machine and configure the hardware RAID if required.

Add the new disk to Volume group

For e.g.: if the disk is HP with Smart array

# pvcreate /dev/cciss/c0d1
# vgextend <volume_group_name> /dev/cciss/c0d1

Extend the Logical volume:
# lvextend -L<+mention_the_size> /dev/<volume_group>/<logical_volume>
eg: # lvextend -L+25G /dev/localhost/var
       # lvextend -L+10G /dev/localhost/home

Resize the file system:
# resizefs <file_system>
eg:
# resizefs /dev/mapper/localhost-var
# resizefs /dev/mapper/localhost-home

./arun

Install and configure rsnapshot for central backup (without root privilege)

Download and install RsnapShot
Download the latest package from: http://rsnapshot.org/downloads.html

# wget http://rsnapshot.org/downloads/rsnapshot-1.3.1-1.noarch.rpm
# rpm -Uvh rsnapshot-1.3.1-1.noarch.rpm

Configure public key authentication

– Enable public key authentication with remote hosts with normal user privilege

local# ssh-keygen -t rsa
local# scp id_rsa.pub ssh-remote-server:id_rsa.pub

remote# useradd -c “Backup user” -d /data/home/backup/ backup
remote# su – backup

remote# vi .ssh/authorized_keys

remote# chmod 600 .ssh/authorized_keys

remote# cat id_rsa.pub >> authorized_keys ; rm id_rsa.pub

Add the command allowed to execute in the authorized_keys

command=”/home/backup/validate-rsync.sh”

Create the /home/backup/validate-rsync.sh script with following contents

#!/bin/sh
case “$SSH_ORIGINAL_COMMAND” in
  *&*)
    echo “Rejected 1”
    ;;
  *;*)
    echo “Rejected 2”
    ;;
    rsync*)
    $SSH_ORIGINAL_COMMAND
    ;;
  *true*)
    echo $SSH_ORIGINAL_COMMAND
    ;;
  *)
    echo “Rejected 3”
    ;;
esac

$ chmod 700 validate-rsync.sh

Create the rsync wrapper script

$ cat  > /usr/local/bin/rsync_wrapper.sh

#!/bin/sh
/usr/bin/sudo /usr/bin/rsync “$@”;

# chmod 755 /usr/local/bin/rsync_wrapper.sh

This steps will basically force the ssh connection to execute the rsync as sudo

Grant user to execute rsync as root

backup    ALL=(root) NOPASSWD: /usr/bin/rsync

Configure Rsnapshot

master# cp /etc/rsnapshot.conf.default /etc/rsnapshot.conf

Configure path for cp, rsync, ssh, logger, du etc

set link_dest = 1

change rsync_long_args like

rsync_long_args –rsync-path=rsync_wrapper.sh –delete –numeric-ids –relative –delete-excluded

If you require daily backup for a week,

interval daily 7

More details are on the how to section for rsnapshot website
http://rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html

Configure the hosts and file system to backup

backup      backup@remotehost:/etc/     remotehost/

./arun

 

 

 

 

Upgrading php to 5.2 or 5.3 in Redhat EL 5

Unfortunately RHEL 5 does not have php.5.2 package, which is required by most of the applications including latest wordpress and drupal.

First thought of compiling php from source, but hard to keep it uptodate. So decided to make the life easier with EPEL/IUS repositories.

Remove all existing php related packages:

# rpm -e php php-mysql php-cli php-pdo php-common

Download and install the EPEL/IUS RPMs

# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/epel-release-1-1.ius.el5.noarch.rpm

# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/ius-release-1.0-8.ius.el5.noarch.rpm

incase if the list not working just browse and find the rpm.

Install the RPMs

# rpm -Uvh *-release-*.rpm

Now you can install php 5.2 or 5.3 like:

# yum install php52 php52-mysql

./arun

 

svn over ssh tunnel

 

 

 

 

 

 

 

 

 

It is very often required that you need to commit/update to the svn repository which is only indirectly accessible through a gateway (user can ssh to gateway and gateway can ssh to internal svn server)

Suppose you have a working copy (locally on your machine)  setup with the real svn url (eg : svn+ssh://svn.example.com)

– Make ssh connection with local port forwarding to the gateway server

# sudo ssh gateway.example.com -L 22:svn.example.com:22

Change the repository url to localhost, since the local host connection forward to remote svn server through the gateway.

#cd <local_svn_path>

# svn switch –relocate svn+ssh://svn.example.com/trunk svn+ssh://localhost/trunk

Now you should be able to update, commit, etc to/from your repository.

You can switch it back to the original url when you have direct access to repository.

./arun

 

Racktable, Apache+LDAP authentication

Login to the Rack tables as admin:

Add the following line under configuration–> permission

allow {$tab_default}

* This is for read only account, assign extra permissions if required

Configure Apache + LDAP

< Directory /var/www/racktables >
Options +Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AuthName "Rack Tables"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldaps://ldaphost.com/dc=company,dc=com?uid?sub?(objectClass=< depends_on_ldap >)"

# Bind if required
AuthLDAPBindDN "uid=userid,ou=people,dc=company,dc=com"
AuthLDAPBindPassword "xxxxxx"
AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN on
require ldap-group cn=group_name,dc=company,dc=com
require ldap-attribute cn=group-name-allowed
< /Directory >

* Most of LDAP configs based on your setup

Configure Rack Tables:

Edit the inc/secret.php

Set :

$user_auth_src = 'httpd';
$require_local_account = FALSE;

NOTE: to get the logout working properly make sure the Apache AuthName matches with the one configured for Rack tables authentication.

Referene : http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide

Reference

./arun

Rsnapshot Lchown

# rsnapshot du localhost
require Lchown
Lchown module not found

Install the Lchown module:

# wget http://www.rsnapshot.org/downloads/extras/Lchown-1.00.tar.gz

# tar xvzf Lchown-1.00.tar.gz

# cd Lchown-1.00

# perl Makefile.PL
Checking if your kit is complete…
Looks good

# make install

# rsnapshot du localhost
require Lchown
Lchown module loaded successfully

You can also try installing the module from Perl CPAN

# perl -MCPAN -e ‘install qw(Lchown)’

./arun

Install Cpanel on FreeBSD 8.2

– Install FreeBSD with proper network and file system configuration (Ref:  http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/Quick-StartInstallationGuide)

– Install dependency packages:

# pkg_add -r wget

# pkg_add -r perl

# pkg_add -r rsync (required later for ports sync)

# pkg_add -r gmake

To Fix:

creating glibconfig.h
config.status: executing default commands
gmake: not found
child exited with value 127
Died at /usr/local/cpanel/bin/rrdtoolinstall line 109.

# pkg_add -r png // To fix the following error

To Fix : configure: error: requested PNG backend could not be enabled

– Create the following symlinks

# ln -s /usr/local/bin/wget /usr/bin/wget

# ln -s /lib/libcrypt.so.5 /lib/libcrypt.so.2 // To Fix: Shared object “libcrypt.so.2” not found,

# ln -s /lib/libc.so.7 /lib/libc.so.5 // To Fix: Shared object “libc.so.5” not found

ln -s /lib/libm.so.5 /lib/libm.so.3 // To Fix: “libm.so.3” not found

– Install Cpanel

cd /home

wget -N http://httpupdate.cpanel.net/latest

sh latest

– Once installation successful activate the license (make sure the ip is licensed –  http://www.cpanel.net/apps/verify/)  :

#  /usr/local/cpanel/cpkeyclt

– Start Cpanel

– Touch the following file

# touch /etc/rc.d/init.d/function // To fix:  Could not find functions file, your system may be broken

# /etc/init.d/cpanel start

Now you should be able to access Cpanel at https://< yourip >:2087/

Try to upgrade

Exim: /scripts/eximup –force (this will get the free bsd ports as well)
Cpanel : # /scripts/upcp

./arun

 

 

Drupal 7 issue with SQL Mode TRADITIONAL

PDOException: SQLSTATE[42000]: Syntax error or access violation: 1231 Variable ‘sql_mode’ can’t be set to the value of ‘TRADITIONAL’ in lock_may_be_available() (line 165 of /includes/lock.inc).

This was the case when I installed Drupal 7 with Cpanel/Fantastico, the drupal site was displaying the above error.

This issue is discussed at drupal issues . try to patch it as mentioned in the url.

But for me it works with the following change, just removed the TRADITIONAL mode, not  sure it is the correct way to fix it. You can verify the sql modes at http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html ,  Anyway now there is no errors in drupal site and I am able to login.

(includes/database/mysql/database.inc) Line: 65

New file
<  $this->exec(“SET sql_mode=’ANSI,ONLY_FULL_GROUP_BY'”);

Old file
>  $this->exec(“SET sql_mode=’ANSI,TRADITIONAL'”);

Also setting up the sql connection mode to SET SESSION sql_mode = "ANSI,TRADITIONAL"; is an option instead of above change.

./arun

 

 


Install and configure RSA web agent with Redhat EL5 and Apache

Login to RSA interface:

– Create the apache server as agent host with type web agent
– Generate the config file (zip file containing sdconf.rec) from RSA interface, and download to your local machine

Login to the web server

– Download the RSA web agent installation files from RSA website.

# mkdir -p /var/ace

– Copy and extract (sdconf.rec) the downloaded config file
# chmod 755 sdconf.rec

– Create the sdopts.rec file with the ip address of the machine, if you have multiple ip address assigned to the server or if the RSA we agent is a virtual machine. Otherwise the authentication might break with following kind of errors
“100: Access denied. The RSA ACE/Server rejected the Passcode. Please try again.” , “attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain””

# echo "CLIENT_IP=" > sdopts.rec
# chown -R webuser:webuser /var/ace

– Now install the RSA web agent

# tar xvf WebAgent_70_Apache_RHEL5_32_379_08201024.tar
# cd CD/
# chmod u+x install
# ./install

– Enter the location of sdconf.rec

– Configure the apache virtual host

It was found that web agent breaks if apache starts multiple server thread, so would be better to limit the thread.

< IfModule prefork.c >
StartServers 1
MinSpareServers 1
MaxSpareServers 1
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
< /IfModule >

– Now start apache and you will be able to access the RSA web interface.

Once authenticated, the RSA server will create a node secret for the agent host and will be copied automatically to the web server.

This web interface is mainly useful for the token users to reset or enable to token assigned to him.

./arun

Performance issues with KVM – Redhat

The general performance issue with KVM is due to DISK I/O

– by default the Redhat KVM guest are created with x86_64 architecuture, if you installed 32 bit operating system change this to i686.

<os>
<type arch=’i686′ machine=’rhel5.6.0′>hvm</type>
<boot dev=’hd’/>

– Make sure the hypervisor used is correct in the configuration , either qemu or kvm

<domain type=’kvm’>

or

<domain type=’kvm’>

– Use virtio drivers if the guest is paravirtulized (http://www.ibm.com/developerworks/linux/library/l-virtio/index.html?ca=dgr-lnxw97Viriodth-LX&S_TACT=105AGX59&S_CMP=grlnxw97 http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaat/liaatbpparavirt.htm)

./arun

yum update, IndexError: tuple index out of range

If you happen to get this error while updating server with yum update

.
.
.
File “/usr/lib/python2.4/site-packages/M2Crypto/m2urllib2.py”, line 82, in https_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File “/usr/lib/python2.4/httplib.py”, line 813, in request
if v[0] != 32 or not self.auto_open:
IndexError: tuple index out of range

disable the location aware access from rhn.

Ref:
http://kbase.redhat.com/faq/docs/DOC-16881

./arun

Converting LVM virtual machine storage to image

To convert the LVM disk to qcow2 formatted disk image,

Use lvdisplay to get the Logical volume name

$ sudo lvdisplay

Use qemu-img to convert to the required image format

# qemu-img convert -O qcow2 /dev/mapper/lv_name <destination_file>.qcow2

eg:

# qemu-img convert -O qcow2 /dev/mapper/disk1 disk1.qcow2

This will be useful to replicate the virtual machines to other hardware.

./arun

Exporting display over ssh

To export the display from a remote server over ssh:

ssh -X user@host

Just made sure that, X11 forwarding is enabled on the sshd_config .

Once the connection is made, you can make sure the display is exported using:

# echo $DISPLAY
localhost:10.0

if the value is empty, make sure you have the necessary package (mkxauth) installed to create .XAuthority file.

./arun

IPv6 configuration for KVM guests

It is simple and straight forward to enable IPv6 on KVM guests

Configure the host machine with IPv6 Address on the bridge interface

cat ifcfg-br0

IPV6INIT=yes
IPV6ADDR=xxxx.xx::10
IPV6_DEFAULTGW=xxxx.xx::1
IPV6_AUTOCONF=no

Configure the interface on virutal machines with ipv6 address

cat ifcfg-eth0

IPV6INIT=yes
IPV6ADDR=xxxx.xx::11
IPV6_DEFAULTGW=xxxx.xx::1
IPV6_AUTOCONF=no

Add the the necessary firewall rules to ip6tables on the host machine

-A FORWARD -m physdev –physdev-is-bridged -j ACCEPT.

./arun

NAT with port forwarding on Virtual Box

You can use the host-only-adapter networking, if you require the virtual machine to be accessible only from the host machine. In this case your virtual machine will not have access to anywhere outside the host. Read more about virtual box networking at http://www.virtualbox.org/manual/ch06.html

On the other hand NAT enabled interface can communicate with clients outside the host, but the host cannot access the services on the virtual machine directly. We need to enabled port forwarding with NAT interface to achieve this.

On Linux:
If you need to have ssh accessible from host machine to virtual machine,

$ VBoxManage modifyvm "VM Name" --natpf1 "openssh,tcp,127.0.0.1,2222,,22"

Where –natpf1 is for adapter1, openssh is just a anme, and you can also input the ip address of virtual machine like

$ VBoxManage modifyvm "VM Name" --natpf1 "openssh,tcp,127.0.0.1,2222,10.0.2.20,22"

(assume the virtual machine ip is 10.0.2.20)

Now you can make ssh connection from host like, $ ssh localhost -p 2222

We can use same port number for port number about 1024 , say for a service running on port 8080 we can forward it with

VBoxManage modifyvm "VM Name" --natpf1 "proxy,tcp,127.0.0.1,8080,10.0.2.20,8080"

These rules will be added to the .VirtualBox/Machines/machine_name/machine_name.xml file like:
< Forwarding name="openssh" proto="1" hostip="127.0.0.1" hostport="2222" guestip=10.0.2.20 guestport="2222"/>

You can forward connection to any port on virtual host like this.

Make sure that the virtual machine interface is closed and the vm is not running while you change it, otherwise the changes will not take effect.

On Windows:

VBoxManage setextradata "VM Name" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/Protocol" TCP
VBoxManage setextradata "VM Name" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/GuestPort" 22
VBoxManage setextradata "VM Name" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/guestssh/HostPort" 2222

* Replace VM Name with your virtual instance name

./arun

Convert KVM images to Virtual Box (VDI)

It took a while to get the KVM image working with Sun virtual box.

The advantages of a virtual box image is, you can run it on any platform (linux, mac or windows), works without virtualization enabled processor and will work on a 32bit machine
Here are the steps to create an image that works with virtual box:

From the KVM installed server

$ qemu-img convert kvm-os.img -O raw kvm-os-raw.img

Copy the image (kvm-os-raw.img) to virtual box machine

$ VBoxManage convertfromraw --format VDI kvm-os-raw.img vbox.vdi

Converting from raw image file=”kvm-os-raw.img” to file=”vbox.vdi”…
Creating dynamic image with size ….

This will create a virtual box compatible image
Incase required you can compact the image to actual size

$ VBoxManage modifyvdi /home/user/vbox.vdi compact

0%…10%…20%…30%…40%…50%…60%…70%
Here the path to vdi image must be absolute.

Now you can create a new virtual machine from virtual box console/command line, with the vdi image as storage.
Boot the machine and hope for the best 🙂
But it wasn’t easy for me even after this beautiful vdi image, boot hangs with a kernel panic, file system not found.

To fix this issue, we need to recreate the initrd image in the virtual machine:
instructions to do it for redhat:
– Boot the virtual machine in rescue mode with Redhat CD

> linux rescue

# chroot /mnt/sysimage

take a backup of existing initrd

# cp /boot/initrd-2.6.xxx.img initrd-2.6-old

create new initrd image

# mkinitrd -v /boot/initrd-new.img kernel-version

// eg: mkinitrd -v /boot/initrd-new.img 2.6.18-194.8.1.el5

edit the grub configuration and replace the initrd image name with new one

# cat /boot/grub/menu.lst

Reboot the machine and see if it boots 🙂

Hope this will be helpful for someone, I spent hours to get it working 🙂 .
./arun

Netboot KVM guest

To install the KVM guest operating system (eg: RHEL) from the network
– Create the bridge interface on the KVM host machine (http://arunnsblog.com/2010/04/09/virtualization-with-kvm-under-redhat-linux-migrate-vmware-virtual-images-to-kvm/)
– Make sure that the gateway is configured in the bridge interface (GATEWAY=).
– Make sure that you have the required rules added to the iptables:
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
– Create virtual machine with supported network interface type (pcnet, rtl8139 used to work)
– Add the mac address of kvm guest to the dhcp server

Start the virtual machine and see if it can kick start from the network.

You can trouble shoot with a tcpdump on the KVM host machine:
tcpdump -i br0 port bootps -vvv -s 1500

./arun