Category Archives: blog

PLAYING WITH USER LOGINS…

Playing with User logins
1) How to stop user:-
# skill -STOP -u username

2) How to resume already halted user:-
#skill -CONT -u username

3) Kill and Logout all users:-
# skill -KILL -v /dev/pts/*

4) To restart the session:-
# kill -9 `ps -u username | grep -v TTY, awk ‘{print $1}’`

KERNEL COMPILATION…

Kernel Compilation
# tar -zxf kernel.tar.gz

# cd kernel

# make menuconfig
(Now enable/disable the modules and save the settings)

# make
(compile the source file)

# make modules
(compile modules sourcefile)

# make modules_install
(install modules and create objects)

# make install
(install kernel i.e. above objects)

# make clean
(remove objects and binary files)

Note: Now confirm you /boot/grub/grub.conf file for correct boot option (choose the latest kernel)

CONFIGURE SIMPLE LDAP SERVER…

Configure simple LDAP server

A) Install openldap servers/client:
# yum install openldap*

B) Populate a new password for root admin and save hash value somewhere
# slappassword
New password: admin(say)
{SSHA}VjfLWaHxWztchr8w7cE0tJu9s33jr7R5

C) Now make changes in the configurations:
# vi /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/nis.schema

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
sockbuf_max_incoming 4194303

database bdb
suffix “dc=phldap,dc=com”
rootdn “uid=root,dc=phldap,dc=com”
rootpw {SSHA}0mixA/h9K7k5wcAYTJ7wMIGu7B79fD62

directory /var/lib/ldap/
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitor

# vi /etc/ldap.conf
base dc=phldap,dc=com

D) Copy DB_CONFIG file:
# cd /usr/share/doc/openldap-servers-2.4.15
# cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

E) Now restart the service:
# /etc/init.d/ldap restart; chkconfig ldap on
(On Fedora daemon name is slapd)

F) Confirm the server:
# ldapsearch -x -b “dc=phldap,dc=com” -D “uid=root,dc=phldap,dc=com” -w admin

G) Now try to add some files:
# ldapadd -x -D “uid=root,dc=phldap,dc=com” -w admin -f /tmp/testing1.ldif
# ldapadd -x -D “uid=root,dc=phldap,dc=com” -w admin -f /tmp/testing2.ldif
Here is the content:
====================================================================
# vi /tmp/testing1.ldif
dn: dc=phldap,dc=com objectclass: dcobject objectClass: organization o: PH Open Ldap LAB dc: phldap

# vi /tmp/testing2.ldif

dn: ou=People,dc=phldap,dc=com
ou: People
objectClass: organizationalUnit

dn: uid=bugsbunny,ou=People,dc=phldap,dc=com
uid: bugsbunny
cn: Bugs Bunny
displayName: Bugs Bunny
givenName: Bugs
sn: Bunny
objectClass: inetOrgPerson
userPassword: password
mail: bugsbunny@phldap.com

====================================================================
====================================================================
====================================================================
====================================================================
====================================================================

####################### Setting up ACL ############################

NETWORK DEBUGGING..

Network debugging….
A) Tcpdump:- is a packet analyzer
Note: tcpdump uses || (or), &&(and), !(not) concept
i) will show source and destination for 80 port through eth0 10 times:
# tcpdump -c 10 port 80 -i eth0

ii) # tcpdump dst 192.168.1.2 or dst 192.168.1.3 or dst 192.168.1.3 and tcp port 80

iii) You can use wireshark to get clear picture of tcpdump (using -w)
# tcpdump -w savingfile.txt
You can read the file using
# tcpdump -r savingfile.txt

iv) # tcpdump -n host 192.168.1.2 and src 122.53.66.20 and ! port 22
(-n = print IP not resolving.)

====================================================================

B) Network issues:
i) Trace the complete route:
# traceroute google.com
ii) add default gateway if not added (route -n):
# route add default gw 192.168.1.254 eth0
ii) add ip address/netmask:
# ifconfig eth0 192.168.1.13 netmask 255.255.255.0
iv) Lookup local ip address (equivalent to host `hostname`)
# hostname -i

REPLICATION: MYSQL..

Replication: Mysql
MYSQL Replication

Points:
1) Binary logs records all changes.
2) One dump thread occurs per slave which is started on request from slave. It read event from binary logs and send to slave.
3) I/O thread send dump request(creation) to master and copies events to relay logs. Relay logs is a disk based buffer for events.
4) SQL thread read events from relay logs. It decodes and applies events to database.

=====================================================================
Define things to replicate:
Master: bin-do-db, binlog-ignore-db
Slave: replicate-do-db(or table), replicate-ignore-db(or table)
=====================================================================

Scenario:
Master1: 192.168.1.1
Master2: 192.168.1.2
Slave1: 192.168.1.3
=====================================================================
##############################################################

Master1:-

# vi /etc/my.cnf
server-id = 1
log-bin = /var/log/mysql/var/bin.log
log-slave-updates
log-bin-index = /var/log/mysql/var/log-bin.index # index file for binary logs
bin-error = /var/log/mysql/var/error.log

relay-log = /var/log/mysql/var/relay.log
relay-log-info-file = /var/log/mysql/var/relay-log.info
relay-log-index = /var/log/mysql/var/relay-log.index

auto_increment_increment = 10
auto_increment_offset = 1
master-host = 192.168.1.2
master-user = user
master-password = pass

replicate-do-db = database1
replicate-do-db = database2

————————————————————————————————

Master2:- (For this server, use the same settings as above except below one)

# vi /etc/my.cnf
auto_increment_offset = 2
server-id = 2
master-host = 192.168.1.1
master-user = user
master-password = pass

———————————————————————————————

Slave1:- read only database (Do not use ‘auto_increment_offset’ or ‘auto_increment_increment’)

# vi /etc/my.cnf
server-id = 3
master-host = 192.168.1.1
master-user = user
master-password = pass

#################################################################
——————————————————————————————–

Note:
1) The master sets the “auto_increment” value in its binary log which the slave reads via replication
2) Set “auto_increment_increment” to 10, which will allow for 10 different servers, all of which could read-write masters if I wanted them to be
3) “auto_increment_offset” determines the starting point for “AUTO_INCREMENT” column values.
4) “auto_increment_increment” controls the increment between successive AUTO_INCREMENT values.

————————————————————————————————
Case 1:- You have just added a new slave:-

Step1 :-
Master1:-

# mysqldump -u root -p database1 > db.sql
and record bin log file name and position

mysql> show master status;
————–output——————
File Position Binlog_do_db ignoredb
bin.0002 1105
—————————————

Step2:-
Slave:-

(copy the above sql file from master over this server)
# mysql -u root -p database1 < db.sql Now do the following:-
mysql> stop slave;
mysql> stop slave status;
mysql> change master to MASTER_HOST=’master1.com’, Master_USER=’replication’, MASTER_PASSWORD=’replicationpass’, MASTER_LOG_FILE=’bin.0002′, MASTER_LOG_POS=1105;

mysql> start slave;
mysql> show slave status;

===========================================================================

Definition:-
1) Binary Logs:- It contains ‘events’ that describe database changes e.g table creation operation.
2) Slave Relay Logs:- During replication, a slave server creates several files that hold the binary log events relayed from master to slave, and to record information about the current status & location within the relay logs.
3) Index files:- are for indexing binary/relay log file names.

===================================================================

Questions:-
1: I want to replicate a new slave server from first position.
A: # mysqldump -u root -p –master-data-1 dbname > db.sql
Execute the below on slave server:
mysql> stop slave;
# mysql -u root -p dbname < db.sql mysql> start slave;

PROCESSOR 64-bit VS 32-bit

Differences:
32-bit and 64-bit OS:

A 64 bit processor is faster than a 32 bit processor. For 32 bits there is no need of any wide main bus to carry 32 bits at a time but for 64 bits its must that you should have a wider bus to carry 64bits.
On a 32-bit operating system, you are restricted to a maximum of 4 gigabytes of RAM. On a 64-bit operating system, you really do not have a limit. It can use 2^64 bits of space to address.
264 addresses, equivalent to approximately 17.2 billion gigabytes, 16.3 million terabytes, or 16 hexabytes of RAM.

MISCELLANEOUS…

Miscellaneous
1) Mount ISO image using loopback device (need to have loopback device support):
# mount -o loop -o rw Centos-5.6-i386.iso /mnt

——————————————————————————————–

2) Strace: strace lets you decipher what’s going on when you have no debugger nor the source code. strace often gives me answers much more quickly than a debugger, especially if the code is unfamiliar.
# strace -o strace.out rm -f /etc/yp.conf

———————————————————————————————

3) Time: The time command is useful for understanding your code’s performance. The most basic output consists of real, user and system time. Intuitively, real time is the amount of time between when the code started and when it exited. User time and system time are the amount of time spent executing application code versus kernel code, respectively.
# time curl http://google.com/somequery.sh

———————————————————————————————-

4) Hard Disk Cloning:

# dd if=/dev/hda of=/dev/hdb bs=455356

Note:
1) dd = disk to disk
2) hda=source disk; hdb=destination disk
3) It is recommended to format destination disk using fdisk utility.

———————————————————————————————–

WORKING WITH ”ACL” (setfacl & getfacl)..

Working with ACL (setfacl & getfacl)
ACL is for enhancing permission level on few directories/files. Sometimes your filesystem are not ACL enabled so you need to mount that partition with acl.
Here is the procedure:
# vi /etc/fstab
/dev/sda3 /var/www ext3 defaults,acl 0 0

# mount -o remount /var/www

A) Check the ACL being already applied:
# getfacl /tmp/direcotry

B) Set some user rw permission on some directory:
# setfacl -m u:axel:rw- directory
and moreover (for group):
# setfacl -m u:tippy:r–,g:lensmen:rwx directory
C) Delete all extended applied ACLs:
# setfacl -b directory
D) Change default permission level for newly created directories and files:
setfacl -d -m mask:007 /home/vicky/directory
setfacl -m default:g::rwx -R /home/vicky/directory #you can add u and o too

(you can add -R for recursive; -d = All operations apply to the Default ACL.)
Note: this is just a replica of umask but umask applies to complete user profile and through setfacl you can change the default behaviour on certain folders).

Identification: You can see + sign on ls -al.
Note: you can add here (-R) for recursive

NETWORK BONDING…

Network Bonding
Bonding:-Bonding allows you to aggregate multiple ports into a single group such that you can aggregate 3MB ports of 3 cards (1MB each). This provides faults tolerance as well as Load Balancing.
————————————————————————————————
Firstly check whether bonding driver is installed & ‘ifenslave’ user level control program installed. If not:- Configure kernel with ‘make menuconfig’ then select “configure drivers with modules” –> “Network device support”–> “Bonding driver support”
=====================================================================
Now enable the modules:-
# vi /etc/modprobe.conf
alias bond0 bonding
alias bond1 bonding
options bond0 max_bonds=2 miimon=100 mode=1
options bond1 miimon=100 mode=0

——————————————————————————————-
max_bonds= Specifies the no. of bonding devices to create for this bonding driver
miimon= Specifies the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failure. 0- disables MII link monitoring.
primary= Specifies which slave device will always be active
——————————————————————————————-
# modprobe bond0 bonding
(to load module without restart)

Configure the devices:
# cd /etc/sysconfig/network-scripts
# vi ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=NO

# vi ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=NO

# vi ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETWORK=192.168.1.0
NETMASK=255.255.255.0
IPADDR=192.168.1.2
USERCTL=NO

# vi ifcfg-bond1
DEVICE=bond1
BOOTPROTO=none
ONBOOT=yes
NETWORK=192.168.1.0
NETMASK=255.255.255.0
IPADDR=192.168.1.3
USERCTL=NO

Confirm: # cat /proc/net/bonding/bond0

————————————————————————————————

Modes:
i) balance-rr or 0 (Default):- Round Robin policy: Transmit packets in sequential manner. Provide load balancing & fault tolerance.
ii) active-backup or 1:- Only one slave in bond is active.
iii) balance-x or 1:- XOR policy. This selects the same slave for each destination MAC address. Provides fault tolerance and load balancing.
iv) Broadcast or 3:- Transmit everything on all slave interfaces. Provides fault tolerance.
v) 802.3ad or 4:- Only for IEEE 802.3ad links devices.
vi) balance-tlb or 5:- Transmit load balancing. The outgoing traffic is distributed according to current load on each slave. Incoming traffic is received by current slave. if receiving slave fails, another slave takes over the MAC address of the failed slave.
vii)balance-alb or 6:- adaptive LB = TLB + receive load balance. The bonding driver intercepts the APR replies sent by the local system on their way out and overwrites the source H/W address with the unique hardware address of one of the slaves in the bond such that different peers use different H/W address for the server.

XEN Networking: ”Bridging plus VLAN”

Xen Networking: Bridging plus VLAN
A bridge is a device that separates two or more network segments within one logical network (e.g. a single IP-subnet).The job of the bridge is to examine the destination of the data packets one at a time and decide whether or not to pass the packets to the other side of the Ethernet segment. The result is a faster, quieter network with less collisions.The bridging code decides whether to bridge data or to drop it not by looking at the protocol type (IP, IPX, NetBEUI), but by looking at the MAC-address unique to each NIC.

Preliminary steps:

>) Now first step is to remove libvirt default.xml file which creates a NAT bridge which we don’t recommend.
# rm -f /etc/libvirt/qemu/networks/autostart/default.xml
Now reboot to get rid of virtbr0 shows with ifconfig.

>) Since we are going to configure the network manually, we don’t want Xen to mess up with the configuration. In order to keep Xen from reconfiguring the network, simply make sure none of the following lines appear uncommented in the file /etc/xen/xend-config.sxp:
(network-script network-bridge)
(network-script network-route)
(network-script network-nat)

Configuration:
Well this can be accomplished with brctl command too(brctl addbr xenbr2) but let’s just do the configuration part ourselves to having us full control and making us independent from possible further naming changes in Xen.
————————–
# vi /etc/sysconfig/network-scripts/ifcfg-xenbr0
DEVICE=xenbr0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
DELAY=0
STP=off

# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BRIDGE=xenbr0
HWADDR=00:23:CD:B2:02:D1
ONBOOT=yes
BOOTPROTO=none
HOTPLUG=no
———————-

Setting up the VLAN interfaces and add them up to the existing bridging interfaces:
This can be done manually, by invoking vconfig add |ifname| |vlan| to configure VLAN number |vlan| by using 802.1q tagging on interface |ifname|. This will active a virtual interface named |ifname|.|vlan|:
# vconfig add eth0 2
# vconfig add eth0 10
Such that: > Any traffic sent to this interface will get tagged for VLAN |vlan|.
> Any traffic received from interface |ifname| carrying an 802.1q VLAN tag matching |vlan| will be untagged and received by this interface.

Once the VLAN interfaces are ready, we add them to their corresponding bridging interfaces by using brctl addif |brname| |ifname|.|vlan|. OR as earlier said:
—————————–
# /etc/sysconfig/network-scripts/ifcfg-xenbr0_2
DEVICE=xenbr0_2
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
DELAY=0
STP=off
[* Due to latest Xen incompatibility, you can't use .(dot) instead of _(underscore) in xenbr0_2 bridging interface.]

# vi /etc/sysconfig/network-scripts/ifcfg-eth0.2
DEVICE=eth0.2
ONBOOT=yes
BOOTPROTO=none
BRIDGE=xenbr0_24
HOTPLUG=no
VLAN=yes
—————————-

***JOB DONE***
=======================================================================

When working with networking, you usually asked to comment “network-bridge” and let “vif-bridge” uncommented. Below is the reason:

network-bridge:
When xend starts up, it runs the network-bridge script, which:
creates a new bridge named xenbr0
“real” ethernet interface eth0 is brought down
the IP and MAC addresses of eth0 are copied to virtual network interface veth0
real interface eth0 is renamed peth0
virtual interface veth0 is renamed eth0
peth0 and vif0.0 are attached to bridge xenbr0. Please notice that in xen 3.3, the default bridge name is the same than the interface it is attached to. Eg: bridge name eth0, eth1 or ethX.VlanID
the bridge, peth0, eth0 and vif0.0 are brought up.
It is good to have the physical interface and the dom0 interface separated; thus you can e.g. setup a firewall on dom0 that does not affect the traffic to the domUs (just for protecting dom0 alone).

vif-bridge:
When a domU starts up, xend (running in dom0) runs the vif-bridge script, which:
attaches vif.0 to xenbr0
vif.0 is brought up
=====================================================================
Extra:

a) Also sometimes UDP traffic gets stuck at the network stack and does not flow through unless we load the ip_conntrack.ko kernel module.
Failing to load the ip_conntrack.ko kernel module, even with an unconfigured, empty firewall, allows ICMP and TCP traffic to flow from and to the guest network stack, but UDP traffic, like DNS queries, gets stuck and doesn’t even touch the physical network interface.

b) The bridging interface, |brname| is named after the following convention: xenbr|vlan|:
e.g. xenbr2 is the bridging interface standing on VLAN2.

c) Xen manages several virtual network interfaces, named in the form of vif|X|.|Y|, where |X| equals the Xen domain numeric ID and |Y| is a sequential interface index.