• VMware

    Learn about VMware virtualization for its products like vsphere, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance...Its called tomorrow!!!

    Tuesday, August 26, 2014

    How to configure iscsi target using Red Hat Linux

    Before starting with the configuration let us understand some basics on iSCSI.

    Starting with the abbreviation iSCSI stands for Internet Small Computer System Interface which is a block level protocol for sharing your storage devices over an IP network. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet, and can enable location-independent data storage and retrieval.

    How is the iSCSI data transfer secure over network?

    This question can be arised since the data is getting transferred over IP network there might be a probability the this data can be compromised so to overcome this data in iSCSI is encapsulated at several layers of OS layer.

    The encapsulation architecture looks something like below


    • SCSI payload consists of read write data that gets sent to and from disks.
    • Then first layer of encapsulation is provided. iSCSI works at the session layer of the OSI model and encapsulates SCSI payloads into iSCSI PDU i.e. Protocol Data Unit
    • As the iSCSI PDU passes down the layers of the network stack it gets further and further encapsulated at each layer
    • into TCP segments of the network layer
    • into IP packets at network layer
    • into Ethernet frames at data link layer

    When it arrives at the other side of the network at the destination each of its layer is then ripped of one by one untill we are left with our original scsi payload.

    iSCSI Initiator is considered as the client and iSCSI traget as the server. There can be multiple targets available and owns the storage. The storage is divided into multiple LUNs(Logical Unit Number) and is mapped into iSCSI target which then is used by the client using iscsi initiator.

    Configure iSCSI target (server)

    # yum install scsi-target-utils -y
    Start the iscsi related service
    # service tgtd start

    # chkconfig tgtd on


    Creating LUN

    Let us create a new logical volume

    I have added a new hard disk to my virtual machine on which I will create a new logical volume.
    # fdisk /dev/sdb
    
    WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
             switch off the mode (command 'c') and change display units to
             sectors (command 'u').
    
    Command (m for help): n
    Command action
       e   extended
       p   primary partition (1-4)
    p
    
    Partition number (1-4): 1
    First cylinder (1-1305, default 1):1
    Using default value 1
    Last cylinder, +cylinders or +size{K,M,G} (1-1305, default 1305):[Press Enter]
    Using default value 1305
    
    Command (m for help): p
    
    Disk /dev/sdb: 10.7 GB, 10737418240 bytes
    255 heads, 63 sectors/track, 1305 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x398d6cc3
    
       Device Boot      Start         End      Blocks   Id  System
    /dev/sdb1               1        1305    10482381   83  Linux
    
    Command (m for help): t
    Selected partition 1
    Hex code (type L to list codes): 8e
    Changed system type of partition 1 to 8e (Linux LVM)
    
    Command (m for help): w
    The partition table has been altered!
    
    Calling ioctl() to re-read partition table.
    Syncing disks.

    # partprobe /dev/sdb

    # pvcreate /dev/sdb1
      Physical volume "/dev/sdb1" successfully created

    # vgcreate VolGroup1 /dev/sdb1
      Volume group "VolGroup1" successfully created

    # lvcreate -L 5G VolGroup1 -n work
      Logical volume "work" created

    So here I have create a new Logical Volume by the name of work. So next is to add this path as LUN to my iSCSI target
    # vi /etc/tgt/targets.conf
    (search for "default-driver iscsi" and add a next line as shown below)

    <target iqn.2014-09.com.example:target1>
        backing-store /dev/VolGroup1/work
    </target>

    Here backing-store <path> defines a logical unit (LUN) exported by the target. This may specify either a regular file, or a block device.
    # /etc/init.d/tgtd restart
    Stopping SCSI target daemon:                              
    [  OK  ]
    Starting SCSI target daemon:                               [  OK  ]

    To view the configure iscsi targets and LUN
    # tgtadm --mode target --op show
    Target 1: iqn.2014-09.com.example:target1
        System information:
            Driver: iscsi
            State: ready
        I_T nexus information:
        LUN information:
           
    LUN: 0
                Type: controller
                SCSI ID: IET     00010000
                SCSI SN: beaf10
                Size: 0 MB, Block size: 1
                Online: Yes
                Removable media: No
                Prevent removal: No
                Readonly: No
                Backing store type: null
                Backing store path: None
                Backing store flags:
            LUN: 1
                Type: disk
                SCSI ID: IET     00010001
                SCSI SN: beaf11
                Size: 5369 MB, Block size: 512
                Online: Yes
                Removable media: No
                Prevent removal: No
                Readonly: No
                Backing store type: rdwr
                Backing store path: /dev/VolGroup1/work
                Backing store flags:
        Account information:
        ACL information:
            ALL

    As you see two LUNs are visible when we had created only one. If you see nicely LUN 0 is a controller LUn that acts as an interface to the controller.

    LUN 1 is the disk type with the LVM which we just created.

    iptables rule on server

    # iptables -I INPUT -m state --state NEW -p tcp --dport 3260 -j ACCEPT
    # service iptables save

    On Client

    # yum -y install iscsi-initiator-utils
    Discover the iscsi target from your server
    # iscsiadm --mode discovery --type sendtargets --portal 192.168.1.11 --discover
    Starting iscsid:                                           [  OK  ]
    192.168.1.11:3260,1 iqn.2014-09.com.example:target1

    Now lets confirm the status of our newly discovered target
    # iscsiadm --mode node --op show | less
    # BEGIN RECORD 6.2.0-873.10.el6
    node.name = iqn.2014-09.com.example:target1
    node.tpgt = 1
    node.startup = automatic
    node.leading_login = No
    iface.hwaddress = <empty>
    iface.ipaddress = <empty>
    iface.iscsi_ifacename = default
    iface.net_ifacename = <empty>
    iface.transport_name = tcp
    iface.initiatorname = <empty>
    iface.bootproto = <empty>
    iface.subnet_mask = <empty>
    iface.gateway = <empty>
    iface.ipv6_autocfg = <empty>
    iface.linklocal_autocfg = <empty>
    iface.router_autocfg = <empty>
    iface.ipv6_linklocal = <empty>
    iface.ipv6_router = <empty>
    iface.state = <empty>
    iface.vlan_id = 0
    iface.vlan_priority = 0
    iface.vlan_state = <empty>
    iface.iface_num = 0
    iface.mtu = 0
    iface.port = 0
    node.discovery_address = 192.168.1.11
    node.discovery_port = 3260
    node.discovery_type = send_targets
    node.session.initial_cmdsn = 0
    node.session.initial_login_retry_max = 8
    node.session.xmit_thread_priority = -20
    node.session.cmds_max = 128
    node.session.queue_depth = 32
    node.session.nr_sessions = 1
    node.session.auth.authmethod = None
    node.session.auth.username = <empty>
    node.session.auth.password = <empty>
    node.session.auth.username_in = <empty>
    node.session.auth.password_in = <empty>
    node.session.timeo.replacement_timeout = 120
    node.session.err_timeo.abort_timeout = 15
    node.session.err_timeo.lu_reset_timeout = 30
    node.session.err_timeo.tgt_reset_timeout = 30
    node.session.err_timeo.host_reset_timeout = 60
    node.session.iscsi.FastAbort = Yes
    node.session.iscsi.InitialR2T = No
    node.session.iscsi.ImmediateData = Yes
    node.session.iscsi.FirstBurstLength = 262144
    node.session.iscsi.MaxBurstLength = 16776192
    node.session.iscsi.DefaultTime2Retain = 0
    node.session.iscsi.DefaultTime2Wait = 2
    node.session.iscsi.MaxConnections = 1
    node.session.iscsi.MaxOutstandingR2T = 1
    node.session.iscsi.ERL = 0
    node.conn[0].address = 192.168.1.11
    node.conn[0].port = 3260
    node.conn[0].startup = manual
    node.conn[0].tcp.window_size = 524288
    node.conn[0].tcp.type_of_service = 0
    node.conn[0].timeo.logout_timeout = 15
    node.conn[0].timeo.login_timeout = 15
    node.conn[0].timeo.auth_timeout = 45
    node.conn[0].timeo.noop_out_interval = 5
    node.conn[0].timeo.noop_out_timeout = 5
    node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
    node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
    node.conn[0].iscsi.HeaderDigest = None
    node.conn[0].iscsi.IFMarker = No
    node.conn[0].iscsi.OFMarker = No
    # END RECORD
    In our last steps we just discovered new targets but they are still not added to our server so lets go ahead and add them locally. But before that let us verify the block devices available on our system so that we can be check the differences
    # ls -l /dev/ | grep sd
    brw-rw----  1 root disk      8,   0 Aug 25 16:21 sda
    brw-rw----  1 root disk      8,   1 Aug 25 16:21 sda1
    brw-rw----  1 root disk      8,   2 Aug 25 16:21 sda2

    # iscsiadm --mode node --targetname iqn.2014-09.com.example:target1 --portal 192.168.1.11 --login
    Logging in to [iface: default, target: iqn.2014-09.com.example:target1, portal: 192.168.1.11,3260] (multiple)
    Login to [iface: default, target: iqn.2014-09.com.example:target1, portal: 192.168.1.11,3260] successful.
    As you see we have sucessfully logged in as we hadn't configured any sort of CHAP authentication so it didn't prompted for any user authentication details.

    Next lets recheck the list of block devices connected to the system
    # ls -l /dev/ | grep sd
    brw-rw----  1 root disk      8,   0 Aug 25 16:21 sda
    brw-rw----  1 root disk      8,   1 Aug 25 16:21 sda1
    brw-rw----  1 root disk      8,   2 Aug 25 16:21 sda2
    brw-rw----  1 root disk      8,  16 Aug 25 18:34 sdb

    So as you see a new block device sdb has been added to the system.

    Make sure iscsi services are set to start on reboot
    # chkconfig --list iscsi
    iscsi           0:off   1:off   2:off  
    3:on    4:on    5:on    6:off


    Related Articles:
    Disk Attachment Technology FC vs SAS vs iSCSI
    Configuring iSCSI storage using openfiler


    Follow the below links for more tutorials

    What is the difference/comparison between Unix and Linux ?
    What are the maximum and minimum limits for RHEL 4 vs 5 vs 6 ?
    Step by Step Linux Boot Process Explained In Detail
    What is the difference between ext3 and ext4 filesystem in Linux ?
    How to configure Private Network in VMware Workstation
    10 examples to help you understand top command usage in Unix/Linux
    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    Understanding Load Average in Linux and when to be worried about it?
    RAID levels 0, 1, 2, 3, 4, 5, 6, 0+1, 1+0 features explained in detail
    Understanding UMASK value in Linux
    How to keep a track of all the commands run by any user in Linux
    How do you check Linux machine is Physical or Virtual remotely?
    How to configure PXE boot server in Linux using Red Hat 6

    Wednesday, August 20, 2014

    What are the different types of Virtual Web Hosting in Apache

    Virtual Hosting is a method of hosting multiple domain names on a server using a single IP address. This allows one server to share its resources, such as memory and process cycles, in order to use its resources more efficiently.

    There are 3 types of Virtual Web Hosting possible in Apache
    1. Port based
    2. Name based
    3. IP based

    Port Based Virtual Web Hosting

    The default port for number for HTTP is 80. However most web servers can be configured to operate on almost any port number, provided the port number is not in use by any other program on the server.

    For example, a server may host the website www.example.com. However, if the owner wishes to operate a second site, and doesnot have access to the domain name configuration for their domain name, and/or owns no other IP addresses which could be used to server the site from they could instead use another port number, for example www.example.com:81 for port 81, www.example.com:8080 for port 8080, www.example.com:8000 for port 8000

    Steps to configure a port based wen hosting
    # mkdir /var/www/port
    # cd /var/www/port/

    Create a sample index file for testing purpose
    # vi index.html
    <h1> PORT BASED WEB HOSTING <h1>
    #### Welcome to Golinuxhub ####

    Edit the apache configuration file and make the below changes
    # vi /etc/httpd/conf/httpd.conf
    (Search for the "Listen 80" by using "/" and paste your port under it)
    Listen 80
    Listen 8080

    Add the below lines at the bottom of the page( make necessary changes as per your environment)
    <VirtualHost 192.168.1.6:8080>
        ServerAdmin root@server1.example.com
        DocumentRoot /var/www/port
        ServerName www.example.com
        ErrorLog logs/server1.example.com-error_log
        CustomLog logs/server1.example.com-access_log common
    </VirtualHost>

    Here "*" signifies your apache server will listen to any IP you have used for web server configuration on your machine. You should make an habbit of using proper IP or name instead of "*".

    ServerAdmin ==> sets the contact address that the server includes in any error messages it returns to the client.If the httpd doesn't recognize the supplied argument as an URL, it assumes, that it's an email-address and prepends it with mailto: in hyperlink targets. However, it's recommended to actually use an email address.

    ServerName ==> This directive sets the request scheme, hostname and port that the server uses to identify itself. This is used when creating redirection URLs.

    DocumentRoot ==> This directive specifies the root directory of the files you want to be visible on your web server

    Verify the configuration on your browser

    Name based virtual Web hosting

    Name based virtual hosts are multiple host names for the same web server IP address

    For example a server could be receiving request for two domains, www.example.com and www.example.net both of which resolve to the name IP address. The only thing is that for www.example.com the server would send the HTML file from the directory /var/www/user/deepak/site/ while request for www.example.net would make the server page from /var/www/user/amit/site/

    A Name based server can also be hosted using blog1.example.com and blog2.example.com and so on.

    Steps to configure name based virtual web hosting

    Create two different directories for different user like below
    # mkdir -p /var/www/user/deepak/site
    # mkdir -p /var/www/user/amit/site

    Next create two sample index.html inside both the directories
    # cd  /var/www/user/amit/site/
    # vi index.html
    <h1> NAME BASED WEB HOSTING <h1>

       #### Welcome Amit ####

    # cd  /var/www/user/deepak/site/
    # vi index.html
    <h1> NAME BASED WEB HOSTING <h1>

       #### Welcome Deepak ####

    Next edit your httpd.conf file
    # vi /etc/httpd/conf/httpd.conf
    (Add the below lines at the bottom of the page)
    <VirtualHost 192.168.1.6:80>
        ServerAdmin root@server1.example.com
        DocumentRoot /var/www/user/deepak/site
        ServerName deepak.example.com
        ErrorLog logs/server1.example.com-error_log
        CustomLog logs/server1.example.com-access_log common
    </VirtualHost>

    <VirtualHost 192.168.1.6:80>
        ServerAdmin root@server1.example.com
        DocumentRoot /var/www/user/amit/site
        ServerName amit.example.com
        ErrorLog logs/server1.example.com-error_log
        CustomLog logs/server1.example.com-access_log common
    </VirtualHost>

    Search for NameVirtualHost in the httpd.conf file and add the below line
    NameVirtualHost 192.168.1.6:80
    NOTE: Provide the IP address of your server instead of 192.168.1.6

    Save and exit the file

    IMPORTANT NOTE: Since we are configuring name based virtual hosting in a private network you will have to configure your own DNS server with proper records.

    You can follow the below link on
    How to configure BIND-9.8 DNS server in Red Hat Linux 6

    Here I will show you briefly the changes I have done

    I have created two CNAME records for my domain example.com
    # vi /var/named/example.com.zone
                    IN NS           example.com.
                    IN A            192.168.1.6
    server1         IN CNAME        example.com.
    www             IN CNAME        example.com.
    deepak          IN CNAME        example.com.
    amit            IN CNAME        example.com.

    As you see both amit and deepak are alias of my nameserver pointing to the same IP.

    Reload you dns services
    # service named reload
    Reloading named:                                          
    [  OK  ]

    Verify your CNAME records
    # nslookup deepak.example.com
    Server:         192.168.1.6
    Address:        192.168.1.6#53

    deepak.example.com      
    canonical name = example.com.
    Name:   example.com
    Address: 192.168.1.6

    # nslookup amit.example.com
    Server:         192.168.1.6
    Address:        192.168.1.6#53

    amit.example.com        
    canonical name = example.com.
    Name:   example.com
    Address: 192.168.1.6

    Restart apache services
    # service httpd restart
    Stopping httpd:                                            [  OK  ]
    Starting httpd:                                            [  OK  ]

    Make sure your resolv.conf is reflecting your DNS
    # cat /etc/resolv.conf
    search example.com
    nameserver 192.168.1.6

    You can also verify your apache configuration using CLI
    # curl amit.example.com
    <h1> NAME BASED WEB HOSTING <h1>

       #### Welcome Amit ####

    # curl deepak.example.com
    <h1> NAME BASED WEB HOSTING <h1>

       #### Welcome Deepak ####


    Verify the configuration on the browser



    IP based Virtual Web Hosting

    IP-based virtual hosting is a method to apply different directives based on the IP address and port a request is received on. Most commonly, this is used to serve different websites on different ports or interfaces.

    System requirements
    As the term IP-based indicates, the server must have a different IP address/port combination for each IP-based virtual host. This can be achieved by the machine having several physical network connections, or by use of virtual interfaces

    In my case I have added an extra NIC in my virtual machine. if you don't have extra INC you can always create a virtual ethernet card for this purpose
    # ifconfig
    eth1      Link encap:Ethernet  HWaddr 00:0C:29:51:AA:CD
              inet addr:
    192.168.1.7  Bcast:192.168.1.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fe51:aacd/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:41253 errors:0 dropped:0 overruns:0 frame:0
              TX packets:23317 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:60492500 (57.6 MiB)  TX bytes:1641927 (1.5 MiB)
              Interrupt:19 Base address:0x2424

    eth3      Link encap:Ethernet  HWaddr 00:0C:29:51:AA:E1
              inet addr:
    192.168.1.6  Bcast:192.168.1.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fe51:aae1/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:7614 errors:0 dropped:0 overruns:0 frame:0
              TX packets:5483 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:2438197 (2.3 MiB)  TX bytes:731907 (714.7 KiB)
              Interrupt:17 Base address:0x2024

    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:572 errors:0 dropped:0 overruns:0 frame:0
              TX packets:572 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:60978 (59.5 KiB)  TX bytes:60978 (59.5 KiB)

    As you see I have eth1 configured with 192.168.1.7 and eth3 with 192.168.1.6

    Steps to configure IP based virtual web hosting

    Let us configure out httpd.conf

    Copy the same Virtual hosting lines from name based virtual web hosting and make the below changes
    <VirtualHost 192.168.1.6:80>
        ServerAdmin root@server1.example.com
        DocumentRoot /var/www/user/deepak/site
        ServerName deepak.example.com
        ErrorLog logs/server1.example.com-error_log
        CustomLog logs/server1.example.com-access_log common
    </VirtualHost>

    <VirtualHost 192.168.1.7:80>
        ServerAdmin root@server1.example.com
        DocumentRoot /var/www/user/amit/site
        ServerName amit.example.com
        ErrorLog logs/server1.example.com-error_log
        CustomLog logs/server1.example.com-access_log common
    </VirtualHost>

    Search for "Listen" by using "/" and make sure the below line exists
    Listen 80
    Next save and exit the file

    Edit your respective index.html file to reflect IP based web hosting on the sample page

    Lastly restart apache services
    # service httpd restart
    Stopping httpd:                                            [  OK  ]
    Starting httpd:                                            [  OK  ]




    I hope I made my self clear

    Related Articles:
    How to secure Apache web server in Linux using password (.htaccess)
    Configure Apache server with SSL support
    YUM with APACHE configuration


    Follow the below links for more tutorials

    What is the difference/comparison between Unix and Linux ?
    What are the maximum and minimum limits for RHEL 4 vs 5 vs 6 ?
    Step by Step Linux Boot Process Explained In Detail
    What is the difference between ext3 and ext4 filesystem in Linux ?
    How to configure Private Network in VMware Workstation
    10 examples to help you understand top command usage in Unix/Linux
    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    Understanding Load Average in Linux and when to be worried about it?
    Disk Attachment Technology FC vs SAS vs iSCSI
    Understanding UMASK value in Linux
    How to keep a track of all the commands run by any user in Linux
    How do you check Linux machine is Physical or Virtual remotely?

    Tuesday, August 19, 2014

    How to check the lock status of any user account in Linux

    There are few commands which I know can be used to see if any user account on your Linux machine is locked.

    Case 1: Password Locked

    In this case the password of any account is locked using the below command

    To lock the password
    # passwd -l user1
    Locking password for user user1.
    passwd: Success

    Review the status in /etc/shadow
    # grep user1 /etc/shadow user1:!!$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::
    As you can see above two exclamation mark (!!) before the encrypted password which means that the password has been locked

    To unlock the password
    # passwd -u user1
    Unlocking password for user user1.
    passwd: Success

    Case 2: Account is Locked

    In this case the user account might have been locked by the administrator

    To lock an account
    # usermod -L user1
    Review your /etc/shadow file for the changes
    # grep user1 /etc/shadow
    user1:!$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

    As you see an extra single exclamation mark(!) appeared in the password section before the encrypted password starts which signifies that the user account is locked

    To unlock a user account
    # usermod -U user1

    Case 3: Password never set

    This can also be the scenario where the administrator has not assigned any password due to which the user is not able to login

    So to verify this again you need to check your /etc/shadow file
    # grep user1 /etc/shadow
    user1:
    !!:16299:0:99999:7:::

    As you see two exclamation mark(!!) is there but no encrypted password which means a password is not set.

    If the password was set without lock your /etc/shadow would look like something below
    # grep user1 /etc/shadow
    user1:$6$ciJaoDR9$Qpt9sctRLjbZ4/Agxy9UOvu/XQqNrFo9rpgfZ/xrF/8JphkEvF29ITpef0SVLdJcrpv8Q/.6mRAHee4tZT0r11:16299:0:99999:7:::

    Check the lock status of any Linux Account

    Now one single command to see the lock status of the user
    # passwd -S user1
    user1 LK 2014-08-17 0 99999 7 -1 (
    Password locked.)

    If the user account is unlocked you will output like below
    # passwd -S user1
    user1 PS 2014-08-17 0 99999 7 -1 (Password set, SHA512 crypt.)



    Related Articles
    How to keep a track of all the commands run by any user in Linux
    How to track all the successful and failed login attempts by users in Linux
    How to check last login time for users in Linux
    How to change user Password Expiry, Home Directory etc in Linux


    Follow the below links for more tutorials

    What is the difference/comparison between Unix and Linux ?
    What are the maximum and minimum limits for RHEL 4 vs 5 vs 6 ?
    Step by Step Linux Boot Process Explained In Detail
    What is the difference between ext3 and ext4 filesystem in Linux ?
    How to configure Private Network in VMware Workstation
    10 examples to help you understand top command usage in Unix/Linux
    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    Understanding Load Average in Linux and when to be worried about it?
    Disk Attachment Technology FC vs SAS vs iSCSI
    Understanding UMASK value in Linux
    How to keep a track of all the commands run by any user in Linux
    How do you check Linux machine is Physical or Virtual remotely?

    Thursday, August 07, 2014

    Comparison and Difference between VMFS 3 and VMFS 5

    New Unified 1MB File Block Size
    Earlier versions of VMFS used 1, 2, 4 or 8MB file blocks. These larger blocks were needed to create large files (>256GB). These different file blocks sizes are no longer needed to create large files on VMFS-5. Very large files can now be created on VMFS-5 using the new unified 1MB file blocks. Earlier versions of VMFS will still have to use larger file blocks to create large files.

    Large Single Extent Volumes
    In earlier versions of VMFS, the largest single extent was 2TB - 512 bytes. An extent is a partition on which one can place a VMFS. To create a 64TB VMFS-5, one needed to create 32 x 2TB extents/partitions and join them together. With VMFS-5, this limit for a single extent/partition has been increased to 64TB.

    Smaller Sub-Blocks
    VMFS-5 introduces smaller sub-blocks. Sub-blocks are now 8KB rather than 64KB as used in the earlier versions. With VMFS-5, small files (< 8KB, but > 1KB) in size will consume only 8KB rather than 64KB. This will reduce the amount of disk space stranded by small files. Also, there are many more sub-blocks in VMFS-5 than there were in VMFS-3 (32,000 on VMFS-5 compared to approximately 4,000 on VMFS-3).

    Small File Support
    VMFS-5 introduces support for very small files. For files less than or equal to 1KB, VMFS-5 uses the file descriptor location in the metadata for storage rather than file blocks. When these files grow beyond 1KB, they will then start to use the new 8KB sub-blocks.

    Increased File Count
    VMFS-5 introduces support for greater than 120,000 files, a four-fold increase when compared to the number of files supported on VMFS-3, which was approximately 30,000.

    GPT
    VMFS-5 now uses GPT partition table rather that MBR table as used by earlier version of VMFS extending the maximum partition size to 64TB which was limited to 2TB in earlier verions of VMFS.

    Limitation of upgrading filesystem from VMFS-3 to VMFS-5

    While a VMFS-3 which is upgraded to VMFS-5 provides you with most of the capabilities as a newly created VMFS-5, there are some differences.

    No Uniform Block Size
    VMFS-5 upgraded from VMFS-3 continues to use the previous file-block size, which may be larger than the unified 1MB file-block size.

    No New Sub-Block Size
    VMFS-5 upgraded from VMFS-3 continues to use 64KB sub-blocks and not the new 8KB sub-blocks. This can also lead to stranded/unused disk space. The upgraded VMFS-5 also continues to use the original number of sub-blocks from the VMFS-3.

    No Increase to the Maximum Number of Files per Datastore
    VMFS-5 upgraded from VMFS-3 continues to have a file limit of 30,720 rather than new file limit of > 100,000 for newly created VMFS-5.

    Uses MBR
    VMFS-5 upgraded from VMFS-3 continues to use MBR (Master Boot Record) partition type; when the VMFS-5 volume has grown beyond 2TB, it automatically and seamlessly switches from MBR to GPT (GUID Partition Table) with no impact on the running virtual machines.

    Starts on Sector 128
    VMFS-5 upgraded from VMFS-3 continues to have its partition starting on sector 128. Newly created VMFS-5 partitions will have their partition starting at sector 2048.


    References:
    VMFS 5 Upgrade from VMFS 3

    Related Articles:
    Configuration maximum comparison for VMware vSphere 5.0, 5.1 and 5.5
    Minimum H/W requirements for VMware vCenter Server 4.x and 5.x
    Comparison and Difference between vSphere 5.1 and 5.5

    Follow the below links for more tutorials

    What is the difference/comparison between Unix and Linux ?
    What are the maximum and minimum limits for RHEL 4 vs 5 vs 6 ?
    Step by Step Linux Boot Process Explained In Detail
    What is the difference between ext3 and ext4 filesystem in Linux ?
    How to configure Private Network in VMware Workstation
    10 examples to help you understand top command usage in Unix/Linux
    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    Understanding Load Average in Linux and when to be worried about it?
    Disk Attachment Technology FC vs SAS vs iSCSI
    Understanding UMASK value in Linux
    How to keep a track of all the commands run by any user in Linux
    How do you check Linux machine is Physical or Virtual remotely?

    Tuesday, August 05, 2014

    How to configure PXE boot server in Linux using Red Hat 6

    PXE is an abbreviation for Preboot eXecution Environment which describes a client server standardized environment to boot from a network a software assembly on a client i.e. an Operating System. It is also pronounced as "pixie" and is mostly used to boot the client machine with a installation media stored on the PXE server using network interface.

    In this article I will show you step by step guide to configure a PXE boot server using http and ftp in which you can use either one suiting your requirement.

    I will be using Red Hat Linux 6 (32-bit) for my purpose

    Server IP: 192.168.1.6

    Pre-requisites

    • dhcp
    • tftp-server
    • syslinux
    • http/ftp (any one)
    Install the required packages using yum
    # yum -y install dhcp tftp-server syslinux http ftp vsftpd

    Prepare installation media on PXE server

    Next we need to copy all the files from the installation media(CD/DVD,ISO) to our PXE server.

    You can also mount the media file on the PXE server in case you don't want to copy all the files but using that way you will only be able to configure your PXE server for one OS. For configuring multiple OS you will have to copy the OS files into separate directory for different OS.

    In my case I want to confiure a PXE server to install CentOS 6.2

    Let us create separate directory to save all the installation files
    # mkdir -p /var/lib/tftpboot/images/centos/6/i386/
    # mkdir -p /var/lib/tftpboot/images/centos/6/x86_64/

    Next copy the installation files from the installation media.If you have iso images of the OS you can use WinSCP(on windows) to copy all the files. If the image is mounted on your Linux machine then you can copy using scp command.

    To skip the lenghty process as of now we will just mount the dvd to relevant destination.
    # mount /dev/sr0 /var/lib/tftpboot/images/centos/6/i386/
    mount: block device /dev/sr0 is write-protected, mounting read-only

    NOTE: In my case the cdrom is mounted on /dev/sr0 which can be different for you.

    Configure HTTP/FTP server

    You can use either of the mentioned servers for your purpose. But I will show you the configuration of all three so that you can choose any one as per your requirement.

    HTTP server
    # vi /etc/httpd/conf/httpd.conf
    At the end of the file add the following lines
    <VirtualHost 192.168.1.6:80>
        ServerAdmin root@test.example.com
        DocumentRoot /var/lib/tftpboot/images
        ServerName test.example.com
        ErrorLog logs/test.example.com-error_log
        CustomLog logs/test.example.com-access_log common
    </VirtualHost>

    <Directory /var/lib/tftpboot/images>
    AllowOverride None
    Options Indexes FollowSymlinks
    Order allow,deny
    Allow from all
    </Directory>

    Restart the httpd services
    # service httpd restart
    Stopping httpd:                                            [  OK  ]
    Starting httpd:                                            [  OK  ]

    Manually browse to the server ip and verify if you can see all the files.
    http://192.168.1.6/centos/6/i386/

    FTP server
    # vi /etc/vsftpd/vsftpd.conf
    anonymous_enable=YES
    anon_root=/var/lib/tftpboot/images

    Manually browse to the server ip and verify if you can see all the files.
    ftp://192.168.1.6/centos/6/i386/

    Restart the services
    # /etc/init.d/vsftpd restart
    Shutting down vsftpd:                                      [  OK  ]
    Starting vsftpd for vsftpd:                                [  OK  ]

    Configure TFTP server

    Once these packages are installed copy the below files from the specified directory to /var/lib/tftpboot
    # cp /usr/share/syslinux/pxelinux.0     /var/lib/tftpboot/
    # cp /usr/share/syslinux/chain.c32     /var/lib/tftpboot/
    # cp /usr/share/syslinux/menu.c32     /var/lib/tftpboot/
    # cp /usr/share/syslinux/memdisk     /var/lib/tftpboot/
    # cp /usr/share/syslinux/mboot.c32     /var/lib/tftpboot/

    Next we will create the configuration file required for tftp server
    # mkdir /var/lib/tftpboot/pxelinux.cfg
    Create a new file "default" under "/var/lib/tftpboot/pxelinux.cfg" and add the below entry

    For HTTP server
    # vi /var/lib/tftpboot/pxelinux.cfg/default
    DEFAULT menu.c32
    PROMPT 0
    TIMEOUT 100
    ONTIMEOUT Local

    MENU TITLE PXE Menu

    MENU seperator
    LABEL CentOS 6.2
    KERNEL images/centos/6/i386/images/pxeboot/vmlinuz
    APPEND initrd=images/centos/6/i386/images/pxeboot/initrd.img method=http://192.168.1.6/centos/6/i386 devfs=nomount

    MENU seperator
    LABEL Local
    LOCALBOOT 0Here two things which you need to change

    KERNEL - defines the location from where the PXELINUX bootloader will load
    APPEND - defines the location for PXE initrd image file to load

    For FTP server
    There is not much change for ftp server just replace the below line in the above file
    APPEND initrd=images/centos/6/i386/images/pxeboot/initrd.img method=ftp://192.168.1.6/centos/6/i386 devfs=nomount

    Enable the tftp service in xinetd
    # vi /etc/xinetd.d/tftp
    service tftp
    {
            socket_type             = dgram
            protocol                = udp
            wait                    = yes
            user                    = root
            server                  = /usr/sbin/in.tftpd
            server_args             = -s
    /var/lib/tftpboot
            disable                 = no
            per_source              = 11
            cps                     = 100 2
            flags                   = IPv4
    }

    Restart the relevant services
    # /etc/init.d/xinetd restart
    Stopping xinetd:                                           [  OK  ]
    Starting xinetd:                                           [  OK  ]

    Configure DHCP server

    # vi /etc/dhcp/dhcpd.conf
    option domain-name "example.com";
    option domain-name-servers test.example.com;
    default-lease-time 600;
    max-lease-time 7200;
    authoritative;

    subnet 192.168.1.0 netmask 255.255.255.0 {
    range dynamic-bootp 192.168.1.20 192.168.1.25;
    option broadcast-address 192.168.1.255;
    option routers 192.168.1.1;

      allow booting;
            allow bootp;

            next-server
    192.168.1.6;
            filename "pxelinux.0";
    }

    IMPORTANT NOTE: In your dhcp server make sure you add these lines
            next-server 192.168.1.6;
            filename "pxelinux.0";
    as these define the address of your tftp server and the file to look for after getting the IP Address from dhcp server

    Restart the relevant services
    # service dhcpd restart
    Shutting down dhcpd:                                       [  OK  ]
    Starting dhcpd:                                            [  OK  ]

    Make sure the services start after reboot
    # chkconfig httpd on
    # chkconfig xinetd on
    # chkconfig dhcpd on

    Iptables rules

    For DHCP server
    # iptables -I INPUT -m state --state NEW -p udp --dport 69 -j ACCEPT
    For HTTP server
    # iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
    For FTP server
    # iptables -I INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
    You are all set to test your PXE server. Boot a machine and select the option of Network Boot from Bios. You should see the below screen


    Related Articles:
    What are the different types of Virtual Web Hosting in Apache
    VSFTPD configuration
    How to configure DHCP in Linux

    Follow the below links for more tutorials

    What is the difference/comparison between Unix and Linux ?
    What are the maximum and minimum limits for RHEL 4 vs 5 vs 6 ?
    Step by Step Linux Boot Process Explained In Detail
    What is the difference between ext3 and ext4 filesystem in Linux ?
    How to configure Private Network in VMware Workstation
    10 examples to help you understand top command usage in Unix/Linux
    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    Understanding Load Average in Linux and when to be worried about it?
    Disk Attachment Technology FC vs SAS vs iSCSI
    Understanding UMASK value in Linux
    How to keep a track of all the commands run by any user in Linux
    How do you check Linux machine is Physical or Virtual remotely?
    RAID levels 0, 1, 2, 3, 4, 5, 6, 0+1, 1+0 features explained in detail