Friday, November 25, 2011

Creating Archives using tar command (tape archive)

tar command is useful to combine 1 or more files/directories into a single file. It is good for restore/backup purpose. There are some compress utilities which compress the files to save space on the filesystem.

1. Create a tar file from your current directory ..
# tar -cvf /var/tmp/mytar.tar mytar/ # Relative path

[ # tar -cvf /var/tmp/mytar.tar /home/mytar/ #Absolute path. ]

2. View the content of the tar file.
# tar -tvf mytar.tar

3. Extract the content of the tar file.
# tar -xvf mytar.tar

If you want to compress,

# bzip2 -c mytar.tar > mytar.tar.bz2 ==>> creates a new file mytar.tar.bz2
# bzip2 mytar.tar ==>> Compress the original file and renames with .bz2
# gzip -c mytar.tar > mytar.tar.gz ==>> creates a new file mytar.tar.gz
# gzip myfile ==>> Compress the original file and renames with .gz

# compress myfile # Compresses the file with .Z extension.

4. To extract the tar file
# bzip2 -d mytar.tar.bz2
# gzip -d mytar.tar.gz
# gunzip mytar.tar.gz
# uncompress mytar.tar.Z
and
# tar -xvf mytar.tar

5. Reading/viewing the Compress file.

# bzcat mytar.tar.bz2
# zcat mytar.tar.gz
# tar -tvf mytar.tar

setuid and setgid and sticky bit on Unix/Linux

setuid and setgid and sticky bit on Unix/Linux

When a file had setuid permission set, a user can executes a file or a program being (effective user id of the owner) owner of the file.
When a file has setgid permission set, a user can executes a file or a program being (effective group id of ) the group owner of the program.


You can use setgid on directories as well. When a user creates files on a setgid directory, the group ownership to set to the group owner of the directory. (Note the owner permission for S and s for execute bit)


1. Working with setuid files.

$ ls -l
-rw-r--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile

a. myfile does not have setuid set up. To enable setuid

$ chmod u+s myfile
$ ls -l
-rwSr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile

$ chmod u+x myfile # Note: adding execute bit to the owner.
$ ls -l
-rwsr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile

or
$ chmod 4754 myfile
$ ls -l
-rwsr-xr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile

Note: You can use 4 instead to u+s with chmod command but you have to use other permission as well.


b. To disable,

$ chmod u-s myfile
$ ls -l
-rwxr--r-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile

---------------------------------------------

2. Working with setgid (Note the group ownership on execute bit for s and S, why?)

a. To enable setgid,
$ chmod g+s myfile
$ ls -l
-rwxr-Sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile

$ chmod g+x myfile # Adding execute permission to the group.
$ ls -l
-rwxr-sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile


b. To disable,
$ chmod g-s myfile
$ ls -l
-rwxr-xr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile
$

or use number 2 instead to g+s.

$ chmod 2754 myfile
$ ls -l
-rwxr-sr-- 1 kbhusal kbhusal 13 Nov 25 12:55 myfile

Note: You can use 2 with chmod command to set GID but remember other permissions as well.

---------------------------------------------

3. Working with sticky bit. (Note the execute permission on others for T and t).


Sticky bit is set to the shared directories where public need to have read, write permission such as /tmp, /var/tmp. If you give permissions without sticky bit set on, any user can edit/remove any files created by any user. So, with sticky bit set on the publicly writable directory, user can create file and also execute other files created by other users as well but they can not remove or change it. Only the owner or the root can make changes or delete the file or directories inside sticky bit set directories.

If you encounter any issues with the application failed to load, please make sure that you have proper permission set on /var/tmp and /tmp directories.


# ls -ld /tmp /var/tmp
drwxrwxrwt 19 root root 159288 Dec 1 08:32 /tmp
drwxrwxrwt 12 root sys 1536 Nov 30 19:01 /var/tmp

Note the execute permission for others, you will see t value. If you see upper case T that means execute permission on the directory for others is not enabled. lower case t states that execute permission is placed for the directory.


To set sticky bit

# chmod o+t /tmp
if there is not execute bit set for others then there will be S on execute bit place.

To add execute bit to the directory,
# chmod o+x /tmp
You will see s (lower case now) on others execute permission on the directory.

or

# chmod o=rwxt /tmp

or

# chmod 1777 /tmp

---------------------------------------------

4. setuid/setgid/sticky bit setting together.

# chmod 4755 myfile.sh # always execute the script as the user or owner.
# chmod 2755 /mydir # When created a file, it will inherit the group permission.
# chmod 1777 /tmp # setting sticky bit on the directory.

Note: If you want to apply set uid + gid + sticky bit, you can add the numeric value together. such as,

#chmod 3777 /tmp

here, note the first numeric value of 3 (2+1) which comes off gid + sticky bit set on the directory.

How to limit unauthorized access to grub.conf file.

If you want to protect illegal access to grub.conf file and unauthorized password change or reboot, you can protect the grub.conf file with encrypted password. Use the encrypted password generated by grub-md5-crypt.

1. Generate md5 password.

# /sbin/grub-md5-crypt
Password:
Retype password:
$1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
[root@durava ~]#

2. Add md5 password just generated to the grub.conf file right after splashimage entry.
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1

==========================================



# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/sda1
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
title Red Hat Enterprise Linux Server (2.6.18-238.9.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.9.1.el5 ro root=LABEL=/ elevator=deadline audit=1
initrd /initrd-2.6.18-238.9.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-238.5.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.5.1.el5 ro root=LABEL=/ audit=1
initrd /initrd-2.6.18-238.5.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-194.26.1.el5)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.26.1.el5 ro root=LABEL=/ audit=1
initrd /boot/initrd-2.6.18-194.26.1.el5.img
#

Tuesday, November 22, 2011

Find if the kernel is 32 or 64 bit.

Find whether the kernel is 32 or 64 bit.

On Redhat run the following commands.

$getconf LONG_BIT
64

$ uname -m
x86_64

$ uname -m
i686

$ file /bin/ls
/bin/ls: ELF 32-bit


The command below gives you if you are running 64 or 32 bit platform.
$ cat /proc/cpuinfo
32
On Solaris

$ isainfo -v

Wednesday, November 16, 2011

step by step guide to Redhat KickStart Installation

step by step guide to Redhat KickStart Installation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


The kickstart file has 4 sections: pre, configuration, packages and post.
The pre section is generally used to check for certain hardware types or configurations and act upon that data. The pre is not used in this scenario.
The configuration, sets up the network, video, hard disk, locale, etc.
The packages lists which packages to install or (with a ‘-‘) not install.
The post is how all the third party software is added, the system is customized, and environment is setup.
The post section executes immediately after loading the OS packages, but is finished before the OS reboots for the first time.  Because there are some things which do not load properly until the full OS is booted, a finishing script is placed on the system to run on first boot.  
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kick start is a hand free installation of Redhat server on multiple machine.

Plan:
- Any successfully installed redhat system creates /root/anaconda-ks.cfg file. Based on this file you can add or remove packages.
- Or use the command System-Config-Kickstart to create a new ks file based on your requirement.
- Define your OS location either using ftp, nfs, or http
- Start the kickstart installation.

================================================
detail to follow,
 ===============================================

Before setting up your kickstart environment, first you better set up yum repo so that you can install all required softwares.

A. a. To set up your yum, just create the following file with the info below.

# createrepo /opt/RHL6.1/Packages
[jay@sama ~]$ cat /etc/yum.repos.d/file.repo
[RHEL-Repository]
name=RHEL repository
baseurl=file:///opt/RHL6.1/Packages
enabled=1
gpgcheck=0

b. Set up nfs server.
[root@sama ~]# yum install nfs*
[jay@sama ~]$ cat /etc/exports
#/opt/RHL6.1/Packages   *(rw,sync)
/opt/RHL6.1     *(rw,sync)

[root@sama ~]# service nfs reload

c. set up web server.
[root@sama ~]# yum -y install httpd
[root@sama ~]# service httpd start

[root@sama html]# vi index.html
<html>
<title>This is a test page</title>
<body>
This is a test page
</body>
</html>

confirm that you can access your website,
type http://192.168.10.110/ on your browser and press enter, you should be able to see "This is a test page page".

B. Now, you can copy your OS DVD copy on your web server.

# mkdir /OS; mount -o loop OS_Image.iso /OS; cd /OS
# cp -a * /var/www/html/yum/

verify that you can access http://192.168.10.110/yum

make sure that you can access the site from other systems on the network. if it failed, disable firewall (iptables).
# /etc/init.d/iptables stop


C. Now, real fun begins, Create a kickstart file

a. you can use anaconda-ks.cfg file as a template that is created during the first time installation of the Linux OS. Modify the values based on your requirement or

the environment.

b. Create kickstart config file using the system-config-kickstart command utility and select different parameters based on your environment. Note: make sure to instal

kickstart config package to use this feature.

here is the sample file,

[root@sama html]# cat /var/www/html/ks.cfg
# Kickstart file automatically generated by anaconda.

#version=DEVEL
install
#cdrom
nfs --server=192.168.10.110 --dir=/opt/RHL6.1
lang en_US.UTF-8
keyboard us
#network --onboot no --device eth0 --noipv4 --noipv6
network --device eth0 --bootproto static --ip 192.168.10.150 --netmask 255.255.255.0 --gateway 192.168.10.110 --hostname kickRH6.1.local
rootpw  --iscrypted $6$dsXNrQw2LZLmKFLZ$55Pxwi.6bJhI3QCxembF5lRD9hrjd15b5wx3caJZVcxQC8yTEc0cz2GyVeR5s9Ao4ZxnDvFyDLWBVy9Oi2SGC0
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux --drives=sda

#part  --onpart=sda1 --format
part /boot --fstype=ext4 --size=500
part pv.008003 --grow --size=1

volgroup vg_kickRH6.1 --pesize=4096 pv.008003
logvol / --fstype=ext4 --name=lv_root --vgname=vg_kickRH6.1 --grow --size=1024 --maxsize=51200
logvol swap --name=lv_swap --vgname=vg_kickRH6.1 --grow --size=2032 --maxsize=4064
repo --name="Red Hat Enterprise Linux"  --baseurl=http://192.168.10.110/yum --cost=100

%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@basic-desktop
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@hardware-monitoring
@internet-browser
@java-platform
@kde-desktop
@large-systems
@mysql-client
@mysql
@nepali-support
@network-file-system-client
@performance
@perl-runtime
@postgresql-client
@postgresql
@remote-desktop-clients
@server-platform
@server-policy
@system-admin-tools
@web-server
@x11
mtools
pax
python-dmidecode
oddjob
sgpio
genisoimage
wodim
qt-mysql
certmonger
pam_krb5
krb5-workstation
perl-DBD-MySQL
perl-DBD-SQLite
rdesktop
crypto-utils
certmonger
perl-CGI
%end
%post
(
# Disable some services and create normal user with encripted password.
chkconfig --level 3 ip6tables off
useradd -p '$6$OY1GbBYr

$MJI1dgQK23CBRzNyAEWGupxMRd2Hhwovr0cID6CtSgX7TSnLpPTR0rYNJ.AgshZzyK6QhPSWQZ0ifP9ky8HFl.' jay
) 2>&1 | tee /root/post-install.log
echo "Installation completed !!"
echo "All unauthorized activities will be monitored">>/etc/issue
%end

D. validate the kickstart configuration file with ksvalidator command
# ksvalidator /var/www/html/ks.cfg
Note: If there is an mistake or typos, you will get an error.

E. Confirm the configuration file is available form the browser.
Either type the full path on the browser or use elinks to verify.
[root@sama html]# elinks 192.168.10.110/ks.cfg

*Make sure ks.cfg file has at least 644 permission.
Now you kickstart configuration is available for installer using the web.

Now, use your installer, if you are using redhat use boot.iso, centos-->> CentOS*netinstall.iso, sciencefic linux SL*boot.iso file to install. You can use any iso file

to install any OS type but make sure to use right 32 or 64 bit image.

F. When you boot the system using any boot image, at the grub menu list, press the tab and type the following values at the prompt

linux ks=http://192.168.10.110/ks.cfg

press enter and you are good to go. You should have system installed with a normal user which you can use to login.

boot options
linux ks=ftp://myserver.com/ks.conf
linux ks=http://domain.com/path/ks.conf

linux ks=nfs:servername:/path/ks.conf
 
================================
for the post installation entry
--------------------------------
%post --nochroot

###### NFS mounts ######

mkdir /mnt/sysimage/opt/users
mkdir /mnt/sysimage/home
echo "192.168.10.110 sama sama.expanor.local >>/mnt/sysimage/etc/hosts"
echo "sama:/home/users /opt/users nfs rw,bg,intr,soft 1 2" >> /mnt/sysimage/etc/fstab
##echo "d2:/vol/root/home /home nfs rw,bg,intr,soft 0 0" >> /mnt/sysimage/etc/fstab
 

some selinux info

======================================
List and identify SELinux file and process context.
View SELinux contexts of processes:
# ps -eZ, ps -axZ, ps -Zc <process name>, etc.
View SELinux contexts of files and directories:
# ls -Zd /path/to/dir/, ls -Z /path/to/file, etc.
View SELinux contexts of users:
id -Z
Policy context rules are stored in
/etc/selinux/targeted/context/files/file_contexts and 
/etc/selinux/targeted/context/files/file_contexts.local
# semanage fcontext -[a|d|m] -f <ftype> -t <context> ‘<regex>’
e.g.: semanage fcontext -a -t virt_image_t “/virtstorage(/.*)?”
Restore default file contexts.
# restorecon -R -v /dir/ : note the last slash. -R = recursive (all child files and directories) -v = verbose.

Use boolean settings to modify system SELinux settings.
 - Booleans are plain text files located in /selinux/booleans
 - semanage boolean -l : List booleans with basic descriptions (very useful with grep)
 - setsebool [-P] <boolean_name> : set SE boolean, -P to make permanent (survive reboot)
 - Use the graphical tool: system-config-selinux
 - Diagnose and address routine SELinux policy violations.
Many targeted services have specialised man pages dealing with SELinux configuration.
Display these pages with:
# man -k ‘_selinux’
Installing setroubleshoot-server sends SELinux error messages to /var/log/messages. These can be further parsed with sealert.
audit2why and audit2allow can be used to parse the messages in /var/log/audit/audit.log and explain why access was denied, and how to modify your configuration to allow it.
# semanage port -l : list SELinux port settings.
SELinux Packages and utilities
coreutils : Always installed. Provides some default elements of SELinux.
policycoreutils : Provides restorecon, secon, setfiles, et al.
libselinux-utils : Provides getenforce, setenforce, getsebool, setsebool, et al.
policycoreutils-gui : Provides system-config-selinux and sepolgen, et al.
policycoreutils-python : Provides semanage, audit2allow, audit2why, et al.
setroubleshoot : Provides seapplet
setroubleshoot-server : Provides sealert, sedispatch, setroubleshootd, et al.

==========================
SET ENFORCING AND PERMISSIVE MODES FOR SELINUX
Persistent change:
/etc/selinux/config:
SELINUX=enforcing|permissiveCurrent session:
Non persistent change:
setenforce 1|0|enforcing|permissive

VIEW SELINUX STATUS:
Sestatus

LIST AND IDENTIFY SELINUX FILE AND PROCESS CONTEXT
ls -lZ
ps -efZ

RESTORE DEFAULT FILE CONTEXTS
restorecon -R*file

USE BOOLEAN SETTINGS TO MODIFY SYSTEM SELINUX SETTINGS
View booleans:
getsebool -a | grep keyword
OR*semanage boolean -l | grep keyword
Change booleans:
setsebool -P boolean on|off

DIAGNOSE AND ADDRESS ROUTINE SELINUX POLICY VIOLATIONS
Diagnose:
/var/log/audit/audit.log
/var/log/messages
view service logs
sealert
Fix:
audit2allow
setsebool -P boolean on|off

========================

Step by Step guide to Create and manage Logical Volume Manager in Redhat .

Step by Step guide to Create and manage Logical Volume Manager in Redhat Linux.


1. Creating an LVM Logical Volume on Three Disks (or more if you have available).
2. Creating a Striped Logical Volume
3. Splitting a Volume Group
4. Removing a Disk from a Logical Volume


1. Creating an LVM Logical Volume on Three Disks.
Plan:
logical volume name: new_logical_volume
Disks: /dev/sda1, /dev/sdb1, and /dev/sdc1
partition type: Linux LVM which is 8e.

Warning: Verify that disks does not contain any important data.

a. Creating the Physical Volumes
# pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1
# pvdisplay # command to display physical volume detail.

Note: Each physical volume has a UUID.

b. Creating the Volume Group
# vgcreate new_vol_group /dev/sda1 /dev/sdb1 /dev/sdc1
# vgs or # Displays new volume group attributes
# vgdisplay volume_name

Note: volume group name is new_vol_group

c. Creating the Logical Volume
# lvcreate -L 2G -n new_logical_volume new_vol_group # Creates 2 GB Logical volume
# lvcreate -L 3GB -n mylvvol new_vol_group # Creates 3 GB Logical volume
# lvdisplay # Displays Logical Volume attributes.

Here, L flag is sued to size while n flag is for new logical volume name.
Note: creates 2gb of logical volume new_logical_volume from the volume group new_vol_group.
You can create multiple logical volumes on a single volume group.

d. Creating the File System using mkfs command.
# mkfs.gfs2 -p lock_nolock -j 1 /dev/new_vol_group/new_logical_volume or
# mkfs.ext4 /dev/new_vol_group/new_logical_volume

Note: You can use mke2fs, mkfs.ext3, mkfs.ext4 commands with different options.

e. mount the logical volume
# mount /dev/new_vol_group/new_logical_volume /mnt

f. Add entry to /etc/fstab to be mounted across the reboot.

g. Resize the logical volume to expand or shrink the filesystem.
# lvresize -L 5GB /dev/new_vol_group/new_logical_volume
# resize2fs /dev/new_vol_group/new_logical_volume 5G
# lvresize -L 3GB /dev/new_vol_group/new_logical_volume
# resize2fs /dev/new_vol_group/new_logical_volume 3G

Note: To shrink you have to unmount the filesystem. To resize with new storage space added, use resize2fs command. The filessytem must be ext3 and up to resize the volume.

# resize2fs /dev/new_vol_group/new_logical_volume 5G

h. Remove the logical volume
# lvremove /dev/new_vol_group/new_logical_volume

i. Rename Logical Volume
# lvrename new_vol_group new_logical_volume my_logical_volume
# lvresize -L 10GB /dev/new_vol_group/my_logical_volume

Note: Only renames logical Volume not the volume group.

j. Rename Volume Group.
# vgrename new_vol_group my_vol_group

Note: Once you rename Logical volume or the volume group, make sure to change your mount point and the /etc/fstab entry.


=================================================================

2. Creating a Striped Logical Volume
Plan:
LVM striped logical volume: striped_logical_volume
Disk for stripping: /dev/sda1, /dev/sdb1, and /dev/sdc1

Warning: Any data on the disk will be lost.

a. Creating the Physical Volumes
# pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1

b. Creating the Volume Group
# vgcreate volgroup01 /dev/sda1 /dev/sdb1 /dev/sdc1

Verify the volume group attributes,
# vgs

c. Creating the Logical Volume
# lvcreate -i3 -I4 -L2G -n striped_logical_volume volgroup01

The command creates striped logical volume striped_logical_volume with 2 gigabytes in size, with three

stripes and a stripe size of 4 kilobytes from the volume group volgroup01.

d. Creating the File System
# mkfs.gfs2 -plock_nolock -j 1 /dev/volgroup01/striped_logical_volume

e. Mount the filesystem.
# mount /dev/volgroup01/striped_logical_volume /mnt
# df -h /mnt

3. Splitting a Volume Group
Plan:
modify ?? below...
If there is enough unused space on the physical volumes, a new volume group can be created without adding

new disks.

In the initial set up, the logical volume mylv is carved from the volume group myvol, which in turn

consists of the three physical volumes, /dev/sda1, /dev/sdb1, and /dev/sdc1.

After completing this procedure, the volume group myvg will consist of /dev/sda1 and /dev/sdb1. A second

volume group, yourvg, will consist of /dev/sdc1.

a. Determining Free Space
determine how much free space is currently available in the volume group using pvscan
# pvscan - change the output. ..
PV /dev/sda1 VG myvg lvm2 [17.15 GB / 0 free]
PV /dev/sdb1 VG myvg lvm2 [17.15 GB / 12.15 GB free]
PV /dev/sdc1 VG myvg lvm2 [17.15 GB / 15.80 GB free]
Total: 3 [51.45 GB] / in use: 3 [51.45 GB] / in no VG: 0 [0 ]

b. Moving the Data
You can move all the used physical extents in /dev/sdc1 to /dev/sdb1 with the pvmove command. The pvmove

command can take a long time to execute.

# pvmove /dev/sdc1 /dev/sdb1

Verify that the space on /dev/sdc1 is free using the pvscan command.
# pvscan
PV /dev/sda1 VG myvg lvm2 [17.15 GB / 0 free]
PV /dev/sdb1 VG myvg lvm2 [17.15 GB / 10.80 GB free]
PV /dev/sdc1 VG myvg lvm2 [17.15 GB / 17.15 GB free]
Total: 3 [51.45 GB] / in use: 3 [51.45 GB] / in no VG: 0 [0 ]

c. Splitting the Volume Group

Using vfsplit command you can create new volume group yourvg, to split the volume group myvg.

Make sure your logical volume is inactive. If there are any mounts, unmount before deactiviting the logical

volume.

Use lvchange or vgchange command to deactivate the logical volume.

# lvchange -a n /dev/myvg/mylv
# vgsplit myvg yourvg /dev/sdc1

The above command deactivates the logical volume mylv and splits the volume group yourvg from volume group

myvg, moving physical volume /etc/sdc1 into new volume group yourvg.


Verify the volume group attributes.
# vgs


d. Creating the New Logical Volume
Now, create new logical volume yourlv after creating the new volume group.
# lvcreate -L5G -n yourlv yourvg

e. Create a File System and mount the New Logical Volume
# mkfs.gfs2 -plock_nolock -j 1 /dev/yourvg/yourlv

f. Activating and Mounting the Original Logical Volume
# lvchange -a y mylv
# mount /dev/myvg/mylv /mnt
# df


4. Removing a Disk from a Logical Volume
You can remove a disk from existing logical volume to use the disk for other volume or to replace the

failed disk. To process, you must have to move the extents on the LVM physical volume to a different disk

or the set of disks.

A. Moving Extents to Existing Physical Volumes
Plan:
We have a logical volume that is distributed across four physical volumes in the volume group myvg.
a.
# pvs -o+pv_used
PV VG Fmt Attr PSize PFree Used
/dev/sda1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdb1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdc1 myvg lvm2 a- 17.15G 12.15G 5.00G
/dev/sdd1 myvg lvm2 a- 17.15G 2.15G 15.00G

We want to move the extents off of /dev/sdb1 so that we can remove it from the volume group.
You need to have free extents on other physical volumes in volume group. The extents will be distributed to

the other devices.

# pvmove /dev/sdb1
/dev/sdb1: Moved: 2.0%
...
/dev/sdb1: Moved: 79.2%
...
/dev/sdb1: Moved: 100.0%

Check the distribution of extents using pvs command.
# pvs -o+pv_used

b. Remove the physical volume /dev/sdb1 from the volume group using vgreduce command.
# vgreduce myvg /dev/sdb1
# pvs

Now, disk can be physically remove or use for other purpose.

B. Moving Extents to a New Disk
Plan:
The logical volume is distributed across three physical volumes in the volume group myvg as follows:
# pvs -o+pv_used
PV VG Fmt Attr PSize PFree Used
/dev/sda1 myvg lvm2 a- 17.15G 7.15G 10.00G
/dev/sdb1 myvg lvm2 a- 17.15G 15.15G 2.00G
/dev/sdc1 myvg lvm2 a- 17.15G 15.15G 2.00G

We want to move the extents of /dev/sdb1 to a new device, /dev/sdd1.

a. Creating the New Physical Volume

scenario: Create a new physical volume from /dev/sdd1.

# pvcreate /dev/sdd1

b. Adding the New Physical Volume to the Volume Group
# vgextend myvg /dev/sdd1
# pvs -o+pv_used

c. Moving the Data
Use the pvmove command to move the data from /dev/sdb1 to /dev/sdd1.

# pvmove /dev/sdb1 /dev/sdd1

# pvs -o+pv_used

d. Removing the Old Physical Volume from the Volume Group
After you have moved the data off /dev/sdb1, you can remove it from the volume group.
# vgreduce myvg /dev/sdb1


Creating and using snapshop for backup

1. Create a new snapshot volume called snaplvname of /dev/vgname/lvname that is 20 mb in size

# lvcreate -s -n snaplv -L 20M /dev/vgname/lvname

2. If backup software requires it, mount the snapshot and point that back program to the new mountpoint.

# mkdir /snapmount
# mount -o ro /dev/vgname/snaplv /snapmount

3. Verify the status of the snapshot logical volume

# lvs /dev/vgname/snaplv

4. When done with snapshot, unmount and remove it.

# umount /snapmount
# lvremove /dev/vgname/snaplv


Based on the online doc @redhat....

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Logical_Volume_Manager_Administration/index.html#troubleshooting

Tuesday, November 15, 2011

How to change the root password for root user on Redhat.

How to change the root password for root user on Redhat.

Plan:
Two steps to change root password on RedHat.

- You need to have physical access to the server or have a console access to the system.
- Boot the system to the single user mode and change the pw.


Steps:

1. Reboot/poweron the server.
2. On grub menu press e to go to edit mode.
3. Select the boot line from the list and press e again.
4. Insert an space and type the number 1 ( or type single)
5. Press ENTER and press 'b' and ENTER again.
6. You are in single user mode without a password.


--------------------------Detail-------------------------

1. Login to the console. Boot/reboot the system and and press F12 for boot menu.

# reboot or @ shutdown -r
or
CTRL+ALT+DELETE
or
power cycle [ be careful, you may have to run fsck)

2. Edit the grub menu
Select (High Light) the kernel you want to login to and change the pw.
Note: Use the arrow keys to move to different the kernel line and to disable the automatic boot counter timer.

3. Press the 'e' key on the keyboard to edit the entry.
For eg.:- kernel /boot/vmlinuz-............

4. Press the 'e' key to edit the line, and you will be at the end of the line.

5. Now, verify your cursor is on correct position. Press the space bar, and type single; and press the enter key.
kernel /boot/vmlinuz-x.x.x.x.x.abc ro root=/dev/sda1 single

6. Press the 'b' key to continue the boot process.

7. You will be on single user mode. Change the root pw. create other users if needed.
# passwd root

8. Reboot the system.
# shutdown -r now.

you done ..

Tuesday, November 8, 2011

How to configure network interface on Redhat

Interface name starts with ethx on redhat. If you have nore than 1 interface it starts like eth0, eth1 and so on.h1 and so on.


1. List the plumbed interfaces.
# ifconfig

2. If IP is not assigned, use ifconfig command to assign.
# ifconfig eth0 192.168.0.155 up

3. To bring the interface down.
# ifconfig eth0 down

4. To configure the interface using GUI
# system-config-network


5. If you want to make it permanent, edit the interface file on /etc/sysconfig/network-scripts/ifcfg-eth0. i.e. interface instance is eth0

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.0.155
PEERDNS=no

check_link_down() {
return 1;
}
GATEWAY=192.168.0.1
TYPE=Ethernet
HWADDR=00:00:00:00:00:00

# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.0.155 Bcast:195.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:56aa:febe:7a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:65734108 errors:0 dropped:0 overruns:0 frame:0
TX packets:29311081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26973738977 (25.1 GiB) TX bytes:24118414406 (22.4 GiB)



6. Check the entry on network file.
# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
IPV6INIT=no
HOSTNAME=devi.bhusal.com
NOZEROCONF=yes

7. If you want to restart network services use the following command. If you are changing the hostname on the server, you have to reboot the server.
# service network restart

8. Verify the ip address, routing information.
# ifconfig -a
# route -rn


9. If you want to use configuration window, run the following command at the prompt.
# system-config-network

10. If you want to set up a dns, you have to add entry on nsswitch.conf file..
1. vi /etc/nsswitch.conf

hosts: files dns

2. Add entry on /etc/resolv.conf file

NOTE: Starting Redhat 6 EP, you can use dns on interface file as follow,

DNS1=192.168.0.125

3. Use dig command to verify the dns information..
# dig devi.bhusal.com

if you get problem, ping the server.
# ping devi.
if you still get issue resolve your ip issue and dns issue second.

How to add swap space on linux

What is swap space

Swap space is used when the amount of physical memory on the system is full. Paging is the process of moving of inactive pages in memory to the swap space. Swap help you to cope up with shortage of RAM but you better increase your physical memory (RAM) on the system. Swap space can be a dedicated swap partition or swap files. When you build the system you have to consider adding better chunk of dedicated swap partition. The size of the swap partition is calculated using the formula below.

Lets say:

M = Amount of RAM in GB, and
S = Amount of swap in GB, then

If M < 2 then
S = M *2
else
S = M + 2

so, if a system has 2 GB of physical RAM then the recommended swap on the system is 4 GB.
If the system with 3 GB of physical RAM would have 5 GB of swap space. Swap space is used when the amount of physical memory (RAM) is full and the pages are start transferring to the swap.

----------------------------------------------------
Sometime you need to add extra swap due to the application and other service need extra space। There are two ways you can add swap space on the system।


I. Add a swap device/file on the system.

1. Using the disk partition as a swap device
2. Using a file as a swap space.

1. Disk partition as a swap space.
If you are planning to use disk partition as a swap space, create a new partition (fdisk /dev/sdb) as a swap file system and add a device as a swap device.

a. Lets say you have a new partition called /dev/sdb1. It is as a swap partition.
# mkswap /dev/sdb1

b. enable your partition
# swapon /dev/sdb1

c. Verify your swap is added to the system.
# swapon -s
# free -k
# cat /proc/swaps


----------------------------------------------------

2. Using a file as a swap space.

a. Display the current swap space on the system using swapon -s or cat /proc/swaps. Out put display in KB in size.
# swapon -s
# cat /proc/swaps


b. Create a swap file using the dd command.
# dd if=/dev/zero of=/path_to_file/meroswap bs=1m count=1024
# dd if=/dev/zero of=/export/meroswap bs=1m count=1024
The above command creates 1GB of file. Note the bs and count values.

# dd of=/dev/zero of=/path_to_file/meroswap bs=1024 count=1048578
# dd of=/dev/zero of=/export/merofile bs=1024 count=1048578
The above command also creates 1gb of file. The block size is 1024 bytes

Note: If you want to have a size in block other then human readable format like mb then you can use the formula below.
If the 512 mb of space multiply by 1024 to make it in block (512*1024=524288)
if you want 1gb (1024mb) multiply by 1024 to get in block (1024*1024=1048576)

Note: bs=bytes and count=blocks (bs=block size)
- You cannot use the cp (copy) command to create a swap file because the swap file must be physically continuous on the hard drive.
- Verify you have enough space on your file system before creating swap file.

c. Make the file as a swap file using the mkswap command. Verify the permission to access by root only.
# mkswap /path_to_file/meroswap
# mkswap /export/meroswap
# chmod 600 /export/meroswap


d. Enable the swap file.
# swapon /export/meroswap

e. Verify your swap space is added successfully and available for use by usingcat /proc/swaps or free command.
# swapon -s
# cat /proc/swaps
# free -k

II. Make it permanent across the reboot.

To make this permanent across the reboot, add an entry to your /etf/fstab.

/dev/sda1 swap swap defaults 0 0
/export/meroswap swap swap defaults 0 0


III. Removing a Swap File
a. Disable the swap file.
# swapoff -v /export/meroswap

b. Remove the entry from /etc/fstab.
/export/meroswap swap swap defaults 0 0

c. Remove the file
# rm /export/meroswap

Note: The output of the swapon -s command under partition displace the swap area if that is a partition or a file.