Pages

Saturday, March 29, 2014

Linux kernel rp_filter settings

The main functionality of a router is to route packets from one place to another. Linux machine can be used as router on your network that will route substantial amount of traffic without any issues, if configured correctly.

Due to the increasing amount of malicious and attack traffic on the internet, it has become very much necessary to take some extra care while configuring routes on a Linux machine or physical router's.

One of the major problem that internet security people are dealing with today, is spoofing.





What is IP address spoofing?

IP spoofing is a method adopted by attacker's to send forged source address in their attack traffic.Which means they can send an IP packet with an IP address of their wish.

Most of the time's spoofing is used by an attacker mainly for the following reasons.

To conduct a DDOS attack ,and he does not want the response from the target machine to reach him
To compromise source based authentication
Spoofing can be controlled to a certain extent by using Reverse Path filtering(not fully although).



What is reverse path filtering?

Reverse path filtering is a mechanism adopted by the Linux kernel, as well as most of the networking devices out there to check whether a receiving packet source address is routable.

So in other words, when a machine with reverse path filtering enabled receives a packet, the machine will first check whether the source of the received packet is reachable through the interface it came in.

If it is routable through the interface which it came, then the machine will accept the packet
If it is not routable through the interface, which it came, then the machine will drop that packet.
Latest red hat machine's will give you one more option. This option is kind of liberal in terms of accepting traffic.

If the received packet's source address is routable through any of the interfaces on the machine, the machine will accept the packet.


Reverse Path Filter(rp_filter) settings in Red hat 5/Centos 5 machines



In Linux machine's Reverse Path filtering is handled by sysctl, like many other kernel settings.

The current value on your machine can be found from the following method.

[root@localhost ~]# cat /proc/sys/net/ipv4/conf/default/rp_filter
1
[root@localhost ~]#


Let's understand the boolean values for rp_filter first then go ahead with configuration.

1 indicates, that the kernel will do source validation by confirming reverse path.

0 indicates, no source validation.
The previously shown output of /proc/sys/net/ipv4/conf/default/rp_filter  indicates the default value of Reverse path filtering for any new interface.

You can also enable reverse path filtering only on your desired interface, because each interface has got different rp_filter files.

[root@localhost ~]# cd /proc/sys/net/ipv4/conf/
[root@localhost conf]# ll
total 0
dr-xr-xr-x 2 root root 0 Feb 28 05:12 all
dr-xr-xr-x 2 root root 0 Feb 28 05:12 default
dr-xr-xr-x 2 root root 0 Feb 28 05:12 eth0
dr-xr-xr-x 2 root root 0 Feb 28 05:12 lo


All the folder's in the above shown output has the file rp_filter. I will recommend enabling it by modifying the file /proc/sys/net/ipv4/conf/all/rp_filter file, if you Reverse filtering very strictly. This can be done by simply redirecting your desired boolean value(1 or 0) to the desired file.

[root@localhost conf]# echo 1 >  /proc/sys/net/ipv4/conf/all/rp_filter
[root@localhost conf]#
Now restart your network for the new configuration to take effect.



However editing file's inside /proc is not at all a good practice. So you can do this by editing sysctl.conf file

[root@localhost conf]#  sysctl -w "net.ipv4.conf.all.rp_filter=1"
net.ipv4.conf.all.rp_filter = 1
Replace "all" with default,eth0,<or any interface name of your wish>



Reverse Path Filter(rp_filter) settings in Red hat 6/Centos 6 mahcines



Like previously mentioned there is one more option which is to do a source validation of the packet's recieved through all the interfaces on the machine.

In other words if the source address is routable with any of the routes on any of the interface, then packet is accepted. And this is called as a loose mode reverse filtering.

The numeric value to enable this mode of rp_filter in redhat-linux 6 is 2 .

For example you can simply set the value of 2 as shown below to enable this mode.



[root@localhost conf]# echo 2 >  /proc/sys/net/ipv4/conf/all/rp_filter
[root@localhost conf]#
Rest of the setting's related to rp_filter in Red Hat enterprise Linux 6 is same as in Red Hat 5.

Tuesday, March 25, 2014

Limit Outgoing Bandwidth using 'tc' Command




You can limit the outgoing bandwidth on server with the tc tool as shown below

(1) Limit the bandwidth to 1MBps on the node(Xen node with brdge network)

#tc qdisc add dev peth0 handle 1: root htb default 11
#tc class add dev peth0 parent 1:1 classid 1:11 htb rate 1Mbit
#tc -s qdisc ls dev peth0

Note: peth0 is the bridge name. For a dedicated server it should be eth0

(2) bandwidth limiting With a Xen PV VM.

#tc qdisc add dev viftest1.0 handle 1: root htb default 11
#tc class add dev viftest1.0 parent 1:1 classid 1:11 htb rate 1Mbit

#tc -s qdisc ls dev peth0

R1Soft Agent Installation

Installing Backup Agent Using YUM
================================
You should configure the YUM repository to manage install and upgrades of the Backup Agent.
(1)Create a yum repository for r1soft
#cd /etc/yum.repos.d
# nano -w /etc/yum.repos.d/r1soft.repo
(use any text editor according to your convenience)
(2)Add the following to the .repo file
------------------------------------------------------
[r1soft]
name=R1Soft Repository Server
baseurl=http://repo.r1soft.com/yum/stable/$basearch/
enabled=1
gpgcheck=0
--------------------------------------------------------
(3) Install serverbackup-agent
#yum install serverbackup-agent
(4) Test the connectivity with r1soft server using the following command
#serverbackup-setup –test-connection
(5) Install the kernel-devel package using YUM
#yum install kernel-devel
(Note: Please make sure that you have installed proper kernel-devel and header packages.)
(6) Run the following command to build the kernel module.
#serverbackup-setup --get-module
(7) The cdp-agent is installed now and you can restart it as follows
#/etc/init.d/cdp-agent restart
(8) It is important to fetch key from the server. Use the following command to fetch key from the cdp-server
#serverbackup-setup --get-key http://<cdp-server_IP>:<port>
To view the list of keys.
#serverbackup-setup --list-keys

CMS Version Check Script

#!/bin/bash
#
# usage : sh ver.sh
#
#
read -p "ENTER LATEST WORDPRESS VERSION: " wp
read -p "ENTER LATEST JOOMLA VERSION: " jm
read -p "ENTER LATEST VBULLETIN VERSION: " vb
read -p "ENTER LATEST PHPBB VERSION: " pb
read -p "ENTER LATEST DRUPAL VERSION: " dp
cd /home
echo Printing Outdated versions:: > /tmp/versions
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~: >> /tmp/versions
echo >> /tmp/versions
echo Wordpress installations:: >> /tmp/versions
echo ------------------------: >> /tmp/versions
find /home/*/public_html/ -type f -wholename *wp-includes/version.php -exec grep -H "wp_version = " {} \; | replace "\$wp_version" "Wordpress version" | replace "," "" | replace ";" " " | grep -v $wp >> /tmp/versions
echo >> /tmp/versions
echo Joomla Installations:: >> /tmp/versions
echo ---------------------: >> /tmp/versions
find /home/*/public_html/ -name version.php -exec grep -H "var \$RELEASE " {} \; | replace "var \$RELEASE" " Joomla version" | replace "," "" | replace ";" " " | grep -v $jm >> /tmp/versions
echo >> /tmp/versions
echo vBulletin installations:: >> /tmp/versions
echo ------------------------: >> /tmp/versions
find /home/*/public_html/ -type f -wholename *includes/config.php -exec grep -H "Licence Number" {} \; | replace "," "" | replace ";" " " | grep -v $vb >> /tmp/versions
echo >> /tmp/versions
echo phpBB installations:: >> /tmp/versions
echo --------------------: >> /tmp/versions
find /home/*/public_html/ -type f -wholename *includes/constants.php -exec grep -H "PHPBB_VERSION" {} \; |replace "define(" " " | replace "," "" | replace ";" " " | grep -v $pb >> /tmp/versions
echo >> /tmp/versions
echo Drupal installations:: >> /tmp/versions
echo ---------------------: >> /tmp/versions
find /home/*/public_html/ -type f -wholename *includes/bootstrap.inc -exec grep -H "define('VERSION" {} \; | replace "define(" " " | replace "," "" | replace ";" " " | grep -v $dp >> /tmp/versions
echo >> /tmp/versions
############
cat /tmp/versions | replace "'" "" > /tmp/versions2
/bin/mv /tmp/versions2 /tmp/versions
cut -d: -f1 /tmp/versions | rev| cut -d/ -f2- | rev > /tmp/versions1
cut -d: -f2- /tmp/versions | replace ")" "" | replace "|| #" "" > /tmp/versions2
paste /tmp/versions1 /tmp/versions2
rm -f /tmp/versions1 /tmp/versions2

Forcefully remove LVM


You may come across the below error while removing an LVM especially with Xen nodes.
lvremove -f /dev/xen/vmXXX_img
Logical volume xen/vmXXX_img is used by another device.
Here are the steps to remove the LV's forcefully.
dmsetup ls
dmsetup info -c xen-vmXXX_img
dmsetup remove xen-vmXXX_img
lvremove -f /dev/xen/vmXXX_img

HDD health check script

******************************************************
for i in `lshw -class disk -class tape | grep "logical name" | cut -d: -f2`; do echo Disk $i ; echo "=========================================" ;smartctl --all $i | grep 'PASSED\|Reallocated_Sector_Ct\|Temperature_Celsius' ; echo " "; done
*****************************************************
Sample Output:
[root@localhost ~]# sh test.sh 
Disk /dev/sda 
=========================================
SMART overall-health self-assessment test result: PASSED
5 Reallocated_Sector_Ct 0x0033 100 100 036 Pre-fail Always - 0
194 Temperature_Celsius 0x0022 028 048 000 Old_age Always - 28 (0 19 0 0 0)

Disk /dev/sdb
=========================================
SMART overall-health self-assessment test result: PASSED
5 Reallocated_Sector_Ct 0x0033 100 100 036 Pre-fail Always - 0
194 Temperature_Celsius 0x0022 024 048 000 Old_age Always - 24 (0 15 0 0 0)

[root@localhost ~]#

Migration of Xen Virtual Machines



This is a guide that will help you to transfer Xen PV and Xen HVM virtual servers between nodes
SAFELY. This guide explains the best methods to create backups of Xen VPS, which are also used
in the process of cloning a VPS's filesystem or migrating a VPS to another server.
Please use extreme care when backing up or restoring a customers system, since loss of data is
possible.

1. Backup/Restore Xen PV

First we will disscss about transfering Xen PV Virtual servers.
1.2. A quick glace on Xen PV
Paravirtualization (PV) is an efficient and lightweight virtualization technique introduced by Xen.
PV does not require virtualization extensions from the host CPU and thus enables virtualization on
hardware architectures that do not support Hardware-assisted virtualization. However, PV guests
and control domains require kernel support and drivers that in the past required special kernel
builds, but are now part of the Linux kernel as well as other operating systems.
1.3. General/Primary steps of Migration
1. Make a note of the VM's (Virtual Machine) name and resource details like
RAM/SWAP/DISK-SPACE (We can find this from SolusVM console.

2. Make the below folders for the Xen VPS on the server you are transfering to (i.e Destination
server):
Lets consider we are transfering vm166 ( Vm166: Xen Virtual server ID)
#mkdir /home/xen/vm166
#mkdir /home/xen/vm166/mnt

3. Copy the Xen configuration file from the source server to the destinaton server:

#scp /home/xen/vm166/vm166.cfg root@xx.xx.xx.xx:/home/solusvm/xen/vm166/

4. Check the size of the logical volumes in the source server.

Note: If it's Xen PV, ther will be an _img and a _swap Logical Volume. If it's Xen HVM there will
only be an _img logical volume.
#lvs | grep vm166
We get a similar output like on below:
#lvs | grep vm166
vm166_img Xen
vm166_swap Xen
-wi-ao---- 30.00g
-wi-ao---- 512.00m5. Create logical volumes with the same size on the destination server:
#lvcreate -L 30G -n vm166_img Xen
#lvcreate -L 512M -n vm166_swap Xen

If it's Xen PV, you should format the swap LV now:
#mkswap /dev/Xen/vm166_swap

1.4. Creating backup of XenPV VM
1. Stop the specific VM which you want to take backup. (here vm166)
You can use the below command to stop the VM.
xm destroy vm166
2. Mount the VM's logical volume on the host server:
#mkdir -p /mnt/tmp
#mount /dev/Xen/vm166_img /mnt/tmp
3. Enter into the directory where you mounted the Logical Volume vm166_img and create the
backup:
#cd /mnt/tmp
#tar -czf /home/solusvm/xen/vm101.tar.gz .
Copy this tar file to the destination server.
4. Once the backup is completed, change to /root and unmount the Logical Volume. You can also
start the VPS again at the source server if required.
#cd /root
#umount /mnt/tmp
#xm create /home/xen/vm101/vm101.cfg
1.5. Restoring XenPV VM
1. Ensure the VPS is stoped in the destination server.
2. Format the Logical Volume you are restoring to with the ext3/ext4 filesystem as per the to source
server:
#mkfs.ext3 /dev/Xen/vm166_img
3. Mount the Logical Volume on the destination server:
#mkdir -p /mnt/tmp
#mount /dev/Xen/vm166_img /mnt/tmp4. Locate the backup which is copied from the source server, and run the following to restore the
VM:
#tar xzf /home/solusvm/xen/vm166.tar.gz -C /mnt/tmp

5. Once the backup completes, change to /root and unmount the Logical Volume.

Now you can start the VM in destination server after stoping the VM in the source server.
#cd /root
#umount /mnt/tmp
#xm create /home/xen/vm166/vm166.cfg
Note: Sometimes the name of the Volume Group on the new server may be different to the old
server. If it is different, you need to edit the VPS configuration file
disk
= ['phy:/dev/Xen/vm166_img,hda,w', ',hdc:cdrom,r']

6. After restorion has been completed make sure the VM is online without any problem. After that
you need to update the SolusVM database so the VPS appears on the correct server.
- Login to the solusvm master SSH
- Run /script/vm-migrate
NOTE: Here you must enter the vserverid and the Node ID for the new server.
eg: /scripts/vm-migrate 150 4
vserverid = The number which appears on the left side of the VPS in the solusvm list. It is NOT the
same as the VM name.
nodeid = The number which appears on the left side of the Node list (Under Nodes > List) in
solusvm.
Once that is done, you have migrated the VPS successfully, and can remove the backup files.2.


Backup/Restore Xen HVM
=====================
Here we will discuss about the Migration of Xen HVM VPS.

2.1. A quick glace on Xen HVM

Fully virtualized aka HVM (Hardware Virtual Machine) guests require CPU virtualization
extensions from the host CPU (Intel VT, AMD-V). Xen uses modified version of Qemu to emulate
full PC hardware, including BIOS, IDE disk controller, VGA graphic adapter, USB controller,
network adapter etc for HVM guests. CPU virtualization extensions are used to boost performance
of the emulation. Fully virtualized guests don't require special kernel, so for example Windows
operating systems can be used as Xen HVM guest. Fully virtualized guests are usually slower than
paravirtualized guests, because of the required emulation.

2.2. General/Primary steps of Migration

1. Make a note of the VM's (Virtual Machine) name and resource details like
RAM/SWAP/DISK-SPACE (We can find this from SolusVM console.
2. Make the below folders for the Xen VPS on the server you are transfering to (i.e Destination
server):
Lets consider we are transfering vm166 ( Vm166: Xen Virtual server ID)
#mkdir /home/xen/vm166
#mkdir /home/xen/vm166/mnt
3. Copy the Xen configuration file from the source server to the destinaton server:
#scp /home/xen/vm166/vm166.cfg root@xx.xx.xx.xx:/home/solusvm/xen/vm166/
4. Check the size of the logical volumes in the source server.
Note: In Xen HVM there will only be an _img logical volume.
#lvs | grep vm166
We get a similar output like on below:
#lvs | grep vm166
vm166_img Xen
-wi-ao---- 30.00g
5. Create logical volumes with the same size on the destination server:
#lvcreate -L 30G -n vm166_img Xen2.3. Creating backup of Xen HVM
1. Ensure the VPS is stopped in the source server:
#xm destroy vm166

2. Create a compressed backup with dd & gzip

#dd if=/dev/Xen/vm166_img | gzip > /home/solusvm/xen/vm166.img.gz
Now you have a full back up of VM.

2.4. Restoring XenHVM

1. Ensure the VPS is stopped in the destination server:
2. Restore a compressed backup with gzip. Run the below command:
#zcat /home/solusvm/xen/vm166.img.gz | dd of=/dev/Xen/vm166_img

3. Now you can start the VM in destination server after stoping the VM in the source server.
#cd /root
#umount /mnt/tmp
#xm create /home/xen/vm166/vm166.cfg
Note: Sometimes the name of the Volume Group on the new server may be different to the old
server. If it is different, you need to edit the VPS configuration file
disk
= ['phy:/dev/Xen/vm166_img,hda,w', ',hdc:cdrom,r']

4. After restorion has been completed make sure the VM is online without any problem. After that
you need to update the SolusVM database so the VPS appears on the correct server using.
#/script/vm-migrate

Reference:
http://docs.solusvm.com/xen_migrations
http://wiki.xen.org/wiki/Xen_Overview

UBC Parameters: OpenVZ


Primary Parameters

• avnumproc - The average number of processes and threads.
• numproc - The maximum number of processes and threads the VE may create. The barrier of
numproc doesn't provide additional control and should be set equal to the limit.
• numtcpsock - This parameter limits the number of TCP connections with a VPS
The barrier of this parameter should be set equal to the limit.
• numothersock – This parameter limits the number of sockets other than TCP, like UDP.
The barrier of this parameter should be set equal to the limit. The number of local sockets in
a system is not limited.
• vmguarpages - VE applications are guaranteed to be able to allocate additional memory; as
long as the amount of memory accounted as privvmpages does not exceed the configured
vmguarpages parameter. Above this barrier, additional memory allocation is not guaranteed
and may fail in case of overall memory shortage.
The amount of memory that container's applications are guaranteed to be able to allocate is
specified as the barrier of vmguarpages parameter, and the limit for the vmguarpages
parameter is unspecified in the current version and should be set to the maximal allowed
value.

Secondary Parameters

• kmemsize – When allowing a container access to a certain amount of memory, not all of it
will be used in the same way. kmemsize is the amount of bytes that will be used for kernel
activity of that specific container. Equal barrier and limit of the kmemsize parameter may
lead to the situation where the kernel will need to kill container's applications to keep the
kmemsize usage under the limit.
• tcpsndbuf - The kernel memory allocated to buffer the data sent from an application to
remote side but not acknowledged yet.
• tcprcvbuf - The kernel memory allocated to buffer the data received from remote , but not
yet read by local application.
• othersockbuf – This parameter defines total size of UDP socket buffers.
• dgramrcvbuf – The parameter define total size of received UDP buffers. For dgramrcvbuf
the barrier should be set to the limit.
• oomguarpages - This limit defines cuase the OOM errors with the VE. The out-of-memory
a VE process will not be killed even in case of heavy memory shortage if the current
memory consumption does not reach the oomguarpages barrier.

Auxiliary Parameters

• lockedpages - The memory not allowed to be swapped out (locked with the mlock() system
call), in pages. The barrier may be set equal to the limit or may allow some gap between the
barrier and the limit.
• shmpages - The total size of shared memory allocated by the process of a particular VE.
The barrier should be set equal to the limit.
• privvmpages - The size of private memory allocated by an application. This memory is
always shared among different applications, and it is not included in this resource parameter.
• numfile - The number of files opened by all VE processes. The barrier should be set equal to
the limit.
• numflock - The number of file locks created by all VE processes. This parameter should
have a gap between the barrier and the limit.
• numpty - The number of pseudo-terminals, such as an ssh session, the screen or xterm
applications, etc. The barrier should be set equal to the limit.
• numsiginfo - The number of siginfo structures,this parameter limits the size of the signal
delivery queue. The barrier should be set equal to the limit.
• dcachesize – This value determines the inode limit with the VE.
• physpages - The total size of ram used by the VE processes. This is an accounting-only
parameter currently. It shows the usage of RAM by the VE. For vswap-enabled kernels, the
barrier should be set to 0, and the limit limits the total size of RAM used by a container.For
older kernels, physpages is an accounting-only parameter. The barrier should be set to 0 and
the limit to 'unlimited'.
• numiptent - The number of IP packet filtering entries. The barrier should be set equal to the
limit.

Limits and Barriers

The meaning of barrier and limit is parameter-dependant; in short, those can be thought of as a soft
limit and a hard limit. If any resource hits the limit, the corresponding fail counter will be increased.
For all parameters the barrier should not be greater than the limit. If the resource usage exceeds the
barrier but doesn't exceed the limit, vital operations are still allowed to allocate new resources, and
other ones are not allowed. A gap between the barrier and the limit gives applications better chances
to handle resource shortage gracefully.Please find the snippet from a sample conguration below.
---------------------------------------------------------------------
# UBC parameters (in form of barrier: limit)
# Primary parameters
NUMPROC = "128:128"
AVNUMPROC = "64:64"
NUMTCPSOCK = "288:288"
NUMOTHERSOCK = "288:288"
VMGUARPAGES = "98304:9223372036854775807"
# Secondary parameters
KMEMSIZE = "15523666:17076032"
TCPSNDBUF = "2449232:3598712"
TCPRCVBUF = "2449232:3598712"
OTHERSOCKBUF = "844366:1481926"
DGRAMRCVBUF = "844366:844366"
OOMGUARPAGES = "98304:9223372036854775807"
PRIVVMPAGES = "196608:204800"
# Auxiliary parameters
LOCKEDPAGES = "344:344"
SHMPAGES = "19567:19567"
PHYSPAGES = "0:9223372036854775807"
Numfile = "4256:4256"
NUMFLOCK = "224:246"
Numpty = "16:16"
NUMSIGINFO = "512:512"
DCACHESIZE = "2254786:2322430"
NUMIPTENT = "64:64"
--------------------------------------------------------------------------------------
Note: privvmpages show allocated (some of which might not be used), whereas oomguarpages
show allocated, all of which are used.

Parted Partitioning Tool


Parted Installation
-----------------------
You can install parted using yum
#yum -y install parted
How to Viewing the Current Partition Layout?
------------------------------------------------------------
You can use either 'p' or 'print' to view the current partition layout
[root@localhost ~]# parted /dev/sda
GNU Parted 2.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: ATA ST500DM002-1BC14 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1
1049kB 83.9GB 83.9GB primary ext4
boot, raid
2
83.9GB 92.3GB 8389MB primary
raid
(parted)
Mklabel
-------------
NOTE: One of the major advantage over fdisk is, we can create huge partitions (2GB and more)
To accomplish this, you must use a gpt label (the GUID Partition Type) for your disk.
[root@localhost ~]# parted /dev/sda
GNU Parted 2.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel gpt
NOTE: Changing the partition type will remove all partitions from your disk. All data on the disk
will be lost.
How to create an ext4 partition?
------------------------------------------
Create an ext4 parttion using the remaining space on a HDD
(parted) p
Model: ATA ST3500418AS (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/512BPartition Table: msdos
Number Start End Size Type File system Flags
1
1049kB 83.9GB 83.9GB primary ext4
boot, raid
2
83.9GB 92.3GB 8389MB primary
raid
(parted) mkpart primary ext4 92.3GB -1s
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sdb (Device or
resource busy). As a result, it may not reflect all of your changes until
after reboot.
After the reboot:
[root@localhost ~]# parted /dev/sdb
GNU Parted 2.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: ATA ST3500418AS (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End
1
1049kB 83.9GB
2
83.9GB 92.3GB
3
92.3GB 500GB
Size Type File system Flags
83.9GB primary ext4
boot, raid
8389MB primary
raid
408GB primary
(parted)
How to create a swap parttion?
-------------------------------------
(parted) mkpart primary linux-swap 92.3GB 100G
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or
resource busy). As a result, it may not reflect all of your changes until
after reboot.
(parted) p
Model: ATA ST500DM002-1BC14 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End
1
1049kB 83.9GB
2
83.9GB 92.3GB
3
92.3GB 100GB
(parted) quit
[root@localhost ~]#
Size Type File system Flags
83.9GB primary ext4
boot, raid
8389MB primary
raid
7724MB primaryHow to convert to LVM partition?
--------------------------------------------
(parted) p
Model: ATA ST3500418AS (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End
1
1049kB 83.9GB
2
83.9GB 92.3GB
3
92.3GB 500GB
Size Type File system Flags
83.9GB primary ext4
boot, raid
8389MB primary
raid
408GB primary
(parted) set 3 lvm on
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or
resource busy). As a result, it may not reflect all of your changes until
after reboot.
After the reboot:
[root@localhost ~]# parted /dev/sdb
GNU Parted 2.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: ATA ST3500418AS (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End
1
1049kB 83.9GB
2
83.9GB 92.3GB
3
92.3GB 500GB
Size Type File system Flags
83.9GB primary ext4
boot, raid
8389MB primary
raid
408GB primary
lvm
(parted)
How to create RAID partition using parted?
--------------------------------------------------------
Create an ext4 for partition with the desired space and set the raid flag on it.
Creating the partition:
[root@localhost ~]# parted /dev/sda
GNU Parted 2.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: ATA ST500DM002-1BC14 (scsi)Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End
1
1049kB 83.9GB
2
83.9GB 92.3GB
3
92.3GB 100GB
Size Type File system Flags
83.9GB primary ext4
boot, raid
8389MB primary
raid
7724MB primary
(parted) mkpart primary ext4 100G -1s
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or
resource busy). As a result, it may not reflect all of your changes until
after reboot.
(parted)
(parted)
(parted) p
Model: ATA ST500DM002-1BC14 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End
1
1049kB 83.9GB
2
83.9GB 92.3GB
3
92.3GB 100GB
4
100GB 500GB
Size Type File system Flags
83.9GB primary ext4
boot, raid
8389MB primary
raid
7724MB primary
400GB primary
How to set the raid flag?
(parted) set 4 raid on
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource
busy). As a result, it may not reflect all of your changes until
after reboot.
(parted) p
Model: ATA ST500DM002-1BC14 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1
1049kB 83.9GB 83.9GB primary ext4
boot, raid
2
83.9GB 92.3GB 8389MB primary
raid
3
92.3GB 100GB 7724MB primary
4
100GB 500GB 400GB primary
raid
(parted)How to Remove a partition?
-------------------------------------
You can remove the parttion using the parttion number.
(parted) p
Model: ATA ST500DM002-1BC14 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1
1049kB 83.9GB 83.9GB primary ext4
boot, raid
2
83.9GB 92.3GB 8389MB primary
raid
3
92.3GB 100GB 7724MB primary
4
100GB 500GB 400GB primary
(parted)
(parted) rm 3
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or
resource busy). As a result, it may not reflect all of your changes until
after reboot.
(parted) p
Model: ATA ST500DM002-1BC14 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End
1
1049kB 83.9GB
2
83.9GB 92.3GB
3
100GB 500GB
(parted)
Size Type File system Flags
83.9GB primary ext4
boot, raid
8389MB primary
raid
400GB primary

ARP with OpenVZ

Your OpenVZ VPS may got inaccessible due to the ARP conflict.   This problem is not a bug or a server configuration issue, its caused by the network configuration at your data-centre and the way that OpenVZ networking works.

OpenVZ VPS don't have their own network interfaces or mac addresses, instead it uses an internal Proxy/ARP based IP forwarding system, which forwards packets via the host machine.

The switch or router your node is connected to will have an ARP table which is a list of IP Addresses and the mac addresses they are routed to. This gets updated whenever an IP is accessed from a system.

When a VPS is initially created, the IP is brought up through the node and the ARP table is updated with the mac address of the node, which then forwards packets to the VPS.

If you have a VPS suspended or offline for some time, that entry in the ARP table on the switch/router will timeout and be removed. When you un-suspend or boot the VPS, the ARP table will not be updated because the VPS does not have its own mac address, and the router won't know what to do with that IP. 

This description may not be 100% accurate depending on how your datacentre has configured their network, but that's what's happening. When the VPS is offline, the router is losing it's entry of where it needs to route that IP Address.

The only way to get around the problem is to bring up the IP on the node's interface e.g. as eth0:0 or eth0:1, then ping it which will update the router's table. Then you can remove it from the node and boot the VPS.

A permanent solution would be to use a virtualization technology such as Xen or KVM, where each VPS has its own unique mac address, or find an alternate provider unless they can help you resolve this. 


(1) You can add the arp entries for the IPs on the actual virtual environment as follows

#arp -s [INSERT IP HERE] `ifconfig eth0 | grep eth0 | awk '{print $5}'` pub

Make sure you run the command above for every IP on the VPS

(2) To delete the entry from the ARP cache:

#arp -d <IP_ADDRESS>

If you get an error “SIOCDARP(pub): No such file or directory”, then you should provide an extra argument to the above command

# arp -d <IP_ADDRESS> -i <ethernet_interface>

Migrate the Emails using imapsync


To migrate an email account sales@example.com from server1.example.com to server2.example.com, please do the following.
server1.example.com (source)
server2.example.com (target)
First create the corresponding email account (sales@example.com) at the destination.
Install "imapsync" utility on your Linux machine.
Save the passwords of your email accounts in the corresponding files and change the permission to 600 as given below.
/etc/secret1 contains the password of the source email account.
/etc/secret2 contains the password of the destination email account.
Changing permission.
chmod 600 /etc/secret1
chmod 600 /etc/secret2
Initiate the following command and wait for the process to complete.
imapsync --host1 server1.example.com --user1 sales@example.com --passfile1 /etc/secret1 --host2 server2.example.com --user2 sales@example.com --passfile2 /etc/secret2

Read-only locking type set. Write locks are prohibited. (LVM)

If you receive the following error while creating the LVM, here is the fix
-----------------------------
Read-only locking type set. Write locks are prohibited.
Can't get lock for Xen1
-----------------------------
[root@test~]# grep locking_type /etc/lvm/lvm.conf
locking_type = 4
Check locking_type in the lvm config and change it to 1

Compile kernel source rpm and biuild with .spec file

Here we are recompiling source rpm with latest linux kernel(kernel.org)
(1) Download the source rpm
http://repo.smartservermanagement.com/el6/x86_64/kernel-xen-3.4.58-1.src.rpm
(2) Installed the source RPM
#rpm -ivh kernel-xen-3.4.58-1.src.rpm
This wil create rpbnild folder under /root

cd /root/rpmbuild/SPECS/
vi kernel-xen.spec
(Changed .58 to 80))
(3)Downloaded the kernel source from kernel.org(3.4.80) to /root/rpmbuild/SOURCES/
cd /root/rpmbuild/SPECS
(4)Replace the version in the spec file. Here the change is from .58 to .80
(5)Build the rpm using the .spc file as follows.
[root@test SPECS]# rpmbuild -ba kernel-xen.spec
The rpms will be available here(/root/rpmbuild/RPMS)
------------------------------------
[root@test rpmbuild]# ls RPMS/x86_64/
kernel-xen-3.4.80-1.x86_64.rpm kernel-xen-devel-3.4.80-1.x86_64.rpm kernel-xen-firmware-3.4.80-1.x86_64.rpm kernel-xen-headers-3.4.80-1.x86_64.rpm
[root@test rpmbuild]#
-------------------------------------
You can install the rpm using yum/rpm. here is the sample grub.conf after the installation.
[root@test ~]# cat /etc/grub.conf 
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd1,0)
# kernel /boot/vmlinuz-version ro root=/dev/sdb1
# initrd /boot/initrd-[generic-]version.img
#boot=/dev/sdc
default=0
timeout=5
splashimage=(hd1,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (3.4.80-1.el6xen.x86_64)
root (hd1,0)
kernel /boot/vmlinuz-3.4.80-1.el6xen.x86_64 ro root=UUID=2e3c5488-2950-4143-ad6c-b522fc689685 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /boot/initramfs-3.4.80-1.el6xen.x86_64.img
title CentOS (2.6.32-431.5.1.el6.x86_64)
[root@test ~]# uname -r
3.4.80-1.el6xen.x86_64
[root@test ~]#s