How to reset iLO4 password remotely using Onboard Administrator

March 3, 2018, 7:36 am

≫ Next: Step by Step Guide to Install and configure VCSA 6.5 with Embedded Platform Service Controller

≪ Previous: Step by step tutorial guide with screenshots to Install and Configure VMware ESXi 6.5

Did you forgot password for your iLO4 web page?

You can reset the same using your OA, either using RIBCL script or by connecting to your iLO via OA and then resetting the same

Method 1

Using RIBCL scripts you can reset the password of your iLO web page

In the below script replace "2" with the blade number for which you wish to reset the password
Replace "Administrator" as highlighted to the username for which you wish to reset the password
Replace "password" with the password value for provided user
Once done

Login to your OA via ssh client and paste the entire script on your console

hponcfg 2<< eof
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="adminname" PASSWORD="password">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="password"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>
eof

Hit Enter to execute the script
You will get output similar to below if the script was executed successfully

Bay 2: Executing RIBCL request ...
Bay 2: Awaiting RIBCL results ...
Bay 2: RIBCL results retrieved.




<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.23">
<RESPONSE
STATUS="0x0000"
MESSAGE='No error'
/>
</RIBCL>

Method 2

Assuming you are not able to execute RIBCL script for some reason then you can try the alternate method
NOTE: This can also be done via GUI method

Login to the OA CLI using any ssh client for eg Putty

BlrSiteA1-01-01> connect server 2

Connecting to bay 2 ...
User:OAtmp-HPadmin-5A8FAE82 logged-in to Ban17-test-a.BlrSiteA(10.10.112.101 / FE80::7250:6FFF:FCE0:1526)

iLO 4 Advanced for BladeSystem 2.55 at Aug 16 2017
Server Name: Ban17-test-a
Server Power: On

</>hpiLO->

Next execute the below command to reset the password of your user. Here replace username and password with your username and password value.

</>hpiLO->set /map1/accounts1/HPadmin password=Passw0rd

status=0
status_tag=COMMAND COMPLETED
Fri Feb 23 11:33:49 2018

Now you can try to login back to your iLO page.

I hope the article was useful.

↧

Step by Step Guide to Install and configure VCSA 6.5 with Embedded Platform Service Controller

March 4, 2018, 8:31 pm

≫ Next: Best practices to harden and increase security with ssh (ciphers, MACs etc)

≪ Previous: How to reset iLO4 password remotely using Onboard Administrator

VCSA i.e. vCenter Server Appliance is pre-configured linux virtual machine which is bundled with VMware vCenter Server. Here we are deploying VCSA with embedded PSC.

Download the VCSA ISO from VMware website and then extract the files from ISO

Here I am going to show how to install VCSA using windows machine

Navigate to ~\vcsa-ui-installer\win32\ in it run the installer as administrator

Click install to start the process

Click Next

Accept End user License Agreement and click Next

Here I am installing vCenter server with Embedded PSA so keep it default and click Next

Enter the Esxi host or vCenter server details with credentials where you want to deploy VCSA then click Next

Click Yes for certificate warning.

NOTE: This certificate warning we are getting because I don't have valid certificate installed in my Esxi server. If you have valid certificate installed you will not get this warning

Once you click Yes it will validate the credentials and prompt to next window
Provide the VM name and assign the root password for VCSA and click Next

Select deployment size according to your requirement and click next.
NOTE : If you are not sure keep it as default

Select the datastore where you want to deploy VCSA and click Next.
NOTE: Check the box for Enable Thin Disk Mode if you want to use thin provisioning

Select the Network and fill all the networking parameters required. You can enter the System name if you have valid hostname entry in your DNS server or else you can leave it empty and it will be automatically field with your provided IP address.

Click Next

Review all the settings and for any mistakes go back and re enter. once you click Finish you will be not able to change some of the parameters. click Finish

Once you click Finish it will start deploying the VCSA in the provided host and it should be finished with below screen if everything goes well.

↧

Best practices to harden and increase security with ssh (ciphers, MACs etc)

March 27, 2018, 1:13 am

≫ Next: Sample autoyast example xml file for SLES 10, 11 and SLES 12

≪ Previous: Step by Step Guide to Install and configure VCSA 6.5 with Embedded Platform Service Controller

Below are some of the selected arguments which can be used in sshd_config to harden the ssh based security. There can be many more such arguments which you can find from man page of sshd_config

HostKey

A host key is a cryptographic key used for authenticating computers in the SSH protocol.
Host keys are key pairs, typically using the RSA, DSA, or ECDSA algorithms. Public host keys are stored on and/or distributed to SSH clients, and private keys are stored on SSH servers

For example:

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

UsePrivilegeSeparation

Specifies whether sshd separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The argument must be yes, no, or sandbox. If UsePrivilegeSeparation is set to sandbox then the pre-authentication unprivileged process is subject to additional restrictions. The default is sandbox.

For example:

UsePrivilegeSeparation sandbox

LoginGraceTime

The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. The default is 120 seconds.

For example:

LoginGraceTime 60

MaxStartups

Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10:30:100.

For example:

MaxStartups 200

PermitRootLogin

Specifies whether root can log in using ssh. The argument must be yes, prohibit-password, without-password,forced-commands-only, or no. The default is yes.

If this option is set to prohibit-password or without-password, password and keyboard-interactive authentication are disabled for root. If this option is set to forced-commands-only, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.

If this option is set to no, root is not allowed to log in.

For example:

PermitRootLogin without-password

StrictModes

Specifies whether sshd should check file modes and ownership of the user's files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is yes. Note that this does not apply to ChrootDirectory, whose permissions and ownership are checked unconditionally.

For example:

StrictModes yes

PermitEmptyPasswords

When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is no.

For example:

PermitEmptyPasswords no

PrintMotd

Specifies whether sshd should print /etc/motd when a user logs in interactively. (On some systems it is also printed by the shell, /etc/profile, or equivalent.) The default is yes.

For example:

PrintMotd no

PrintLastLog

Specifies whether sshd should print the date and time of the last user login when a user logs in interactively. The default is yes.

For example:

PrintLastLog yes

UsePAM

Enables the Pluggable Authentication Module interface. If set to yes this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types. Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either PasswordAuthentication or ChallengeResponseAuthentication.

If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user. The default is no.

For example:

UsePAM yes

Encryption hardening using Ciphers, MACs, KexAlgorithms

We can harden the underlying encryption mechanism used by ssh. For performing ssh we can define the security algorithms which must be considered and used by the ssh

SSH can be configured to utilize a variety of different symmetrical cipher systems, including AES, Blowfish, 3DES, CAST128, and Arcfour. The server and client can both decide on a list of their supported ciphers, ordered by preference. The first option from the client's list that is available on the server is used as the cipher algorithm in both directions.

For example:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

MAC is another form of data manipulation that SSH takes advantage of is cryptographic hashing. Each message that is sent after the encryption is negotiated must contain a MAC so that the other party can verify the packet integrity. The MAC is calculated from the symmetrical shared secret, the packet sequence number of the message, and the actual message content.

For example:

MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

KexAlgorithms are the key exchange methods that are used to generate per-connection keys. If the client and server are unable to agree on a mutual set of parameters then the connection will fail

For example:

KexAlgorithms diffie-hellman-group-exchange-sha256

PermitUserEnvironment

Specifies whether ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys are processed by sshd. The default is no. Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD

For example:

PermitUserEnvironment no

MaxSessions

Specifies the maximum number of open shell, login or subsystem (e.g. sftp) sessions permitted per network connection. Multiple sessions may be established by clients that support connection multiplexing. Setting MaxSessions to 1 will effectively disable session multiplexing, whereas setting it to 0 will prevent all shell, login and subsystem sessions while still permitting forwarding. The default is 10.

For example:

MaxSessions 10

TCPKeepAlive

Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. However, this means that connections will die if the route is down temporarily, and some people find it annoying. On the other hand, if TCP keepalives are not sent, sessions may hang indefinitely on the server, leaving "ghost" users and consuming server resources.

The default is yes (to send TCP keepalive messages), and the server will notice if the network goes down or the client host crashes. This avoids infinitely hanging sessions.

To disable TCP keepalive messages, the value should be set to no.

For example:

TCPKeepAlive yes

RekeyLimit

Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of time that may pass before the session key is renegotiated. The first argument is specified in bytes and may have a suffix of âKâ, âMâ, or âGâ to indicate Kilobytes, Megabytes, or Gigabytes, respectively. The default is between 1G and â4Gâ, depending on the cipher. The optional second value is specified in seconds and may use any of the units documented in the TIME FORMATS section. The default value for RekeyLimit is default none, which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done.

For example:

RekeyLimit 1G 1300

Banner

The contents of the specified file are sent to the remote user before authentication is allowed. If the argument is none then no banner is displayed. By default, no banner is displayed

For example:

Banner /etc/motd

ListenAddress

Specifies the local addresses sshd should listen on. The default is to listen on all local addresses. Multiple ListenAddress options are permitted.

For example:

ListenAddress 10.43.138.6
ListenAddress 192.150.20.6

AllowGroups

This keyword can be followed by a list of group name patterns, separated by spaces. If specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns.

For example:

AllowGroups wheel sdf root onends_group

AllowUsers

This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns.

For example:

AllowUsers deepak ankit

I hope the article was useful.

↧

Sample autoyast example xml file for SLES 10, 11 and SLES 12

April 7, 2018, 4:50 am

≫ Next: How to migrate (move) logical volumes and volume groups from one disk to another disk online without reboot in Linux

≪ Previous: Best practices to harden and increase security with ssh (ciphers, MACs etc)

<?xml version="1.0"?>
<!DOCTYPE profile SYSTEM "/usr/share/autoinstall/dtd/profile.dtd">
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">



<configure>
<ntp-client>
<configure_dhcp config:type="boolean">false</configure_dhcp>
<peers config:type="list">
<peer>
<address>10.43.22.96</address>
<initial_sync config:type="boolean">true</initial_sync>
<options></options>
<type>server</type>
</peer>
<peer>
<address>10.53.133.13</address>
<initial_sync config:type="boolean">true</initial_sync>
<options></options>
<type>server</type>
</peer>
</peers>
<start_at_boot config:type="boolean">true</start_at_boot>
<start_in_chroot config:type="boolean">true</start_in_chroot>
</ntp-client>

<networking>
<dns>
<dhcp_resolv config:type="boolean">true</dhcp_resolv>
<domain></domain>
<hostname>server-test1</hostname>
<nameserver>127.0.0.1</nameserver>
</dns>
<routing>
<ip_forward config:type="boolean">false</ip_forward>
<routes config:type="list">
<route>
<destination>default</destination>
<device>-</device>
<gateway>192.122.11.254</gateway>
<netmask>-</netmask>
</route>

</routes>
</routing>
<interfaces config:type="list">
<interface>
<device>bond0</device>
<startmode>onboot</startmode>
<bonding_master>yes</bonding_master>
<bonding_module_opts>arp_interval=1000 arp_ip_target=192.122.11.254 mode=1 arp_validate=all</bonding_module_opts>
<bonding_slave0>eth0</bonding_slave0>
<bonding_slave1>eth1</bonding_slave1>
<ipaddr>192.122.11.194</ipaddr>
<netmask>255.255.255.192</netmask>
</interface>

</interfaces>
</networking>

<scripts>
<pre-scripts config:type="list">
<script>
<filename>pre_install.sh</filename>
<interpreter>shell</interpreter>
<source><![CDATA[#!/bin/sh

echo "This is a test sctip which will be called before starting actual installation"

]]>
</source>
</script>
<aiPreScript/>
</pre-scripts>

<chroot-scripts config:type="list">

<script>
<chrooted config:type="boolean">true</chrooted>
<interpreter>shell</interpreter>
<filename>disable-ipv6_chrooted.sh</filename>
<source>
<![CDATA[
sysctl -w net.ipv6.conf.all.disable_ipv6=1;
echo "net.ipv6.conf.all.disable_ipv6=1">> /etc/sysctl.conf;
]]>
</source>
</script>

</chroot-scripts>

<post-scripts config:type="list">
<script>
<filename>post_install.sh</filename>
<source> <![CDATA[#!bin/sh

echo "This will be called after OS installation"

]]>
</source>
</script>
</post-scripts>

<init-scripts config:type="list">
</init-scripts>
</scripts>

<users config:type="list">
<user>
<encrypted config:type="boolean">true</encrypted>
<home>/root</home>
<shell>/bin/bash</shell>
<user_password>/.b.UDRjPGnig</user_password>
<username>root</username>
</user>
</users>

</configure>
<install>

<bootloader>
<activate config:type="boolean">false</activate>
<loader_type>grub</loader_type>
<repl_mbr config:type="boolean">false</repl_mbr>
<global>
<boot_mbr config:type="boolean">true</boot_mbr>
</global>
</bootloader>

<general>
<clock>
<hwclock>UTC</hwclock>
<timezone>Asia/Kolkata</timezone>
</clock>
<keyboard>
<keymap>english-us</keymap>
</keyboard>
<language>en_US</language>
<mode>
<confirm config:type="boolean">false</confirm>
<forceboot config:type="boolean">false</forceboot>
</mode>
<mouse>
<id>probe</id>
</mouse>
<report>
<messages>
<show config:type="boolean">true</show>
<timeout config:type="integer">10</timeout>
<log config:type="boolean">true</log>
</messages>
<errors>
<show config:type="boolean">true</show>
<timeout config:type="integer">10</timeout>
<log config:type="boolean">true</log>
</errors>
<warnings>
<show config:type="boolean">true</show>
<timeout config:type="integer">10</timeout>
<log config:type="boolean">true</log>
</warnings>
</report>
</general>

<partitioning config:type="list">
<drive>
<device>/dev/mapper/mpath0</device>
<initialize config:type="boolean">true</initialize>
<partitions config:type="list">

<partition>
<format config:type="boolean">false</format>
<partition_id config:type="integer">131</partition_id>
<filesystem config:type="symbol">ext3</filesystem>
<format config:type="boolean">true</format>
<mount>/boot</mount>
<size>512M</size>
</partition>


<partition>
<format config:type="boolean">false</format>
<partition_id config:type="integer">131</partition_id>
<filesystem config:type="symbol">ext3</filesystem>
<format config:type="boolean">true</format>
<mount>/</mount>
<size>4096M</size>
</partition>


<partition>
<format config:type="boolean">false</format>
<lvm_group>system</lvm_group>
<partition_id config:type="integer">142</partition_id>
<size>max</size>
</partition>


<partition>
<format config:type="boolean">false</format>
<partition_id config:type="integer">131</partition_id>
<filesystem config:type="symbol">swap</filesystem>
<format config:type="boolean">true</format>
<mount>swap</mount>
<size>4096M</size>
</partition>


</partitions>
<use>all</use>
</drive>

<drive>
<device>/dev/system</device>
<initialize config:type="boolean">false</initialize>
<is_lvm_vg config:type="boolean">true</is_lvm_vg>
<lvm2 config:type="boolean">true</lvm2>
<partitions config:type="list">

<partition>
<filesystem config:type="symbol">ext3</filesystem>
<format config:type="boolean">true</format>
<lv_name>var</lv_name>
<mount>/var</mount>
<partition_id config:type="integer">142</partition_id>
<size>4096m</size>
</partition>


<partition>
<filesystem config:type="symbol">ext3</filesystem>
<format config:type="boolean">true</format>
<lv_name>opt</lv_name>
<mount>/opt</mount>
<partition_id config:type="integer">142</partition_id>
<size>10240m</size>
</partition>


<partition>
<filesystem config:type="symbol">ext3</filesystem>
<format config:type="boolean">true</format>
<lv_name>system-usr</lv_name>
<mount>/usr</mount>
<partition_id config:type="integer">142</partition_id>
<size>20480m</size>
</partition>


<partition>
<filesystem config:type="symbol">ext3</filesystem>
<format config:type="boolean">true</format>
<lv_name>tmp</lv_name>
<mount>/tmp</mount>
<partition_id config:type="integer">142</partition_id>
<size>40960m</size>
</partition>


<partition>
<filesystem config:type="symbol">ext3</filesystem>
<format config:type="boolean">true</format>
<lv_name>system-var-log</lv_name>
<mount>/var/log</mount>
<partition_id config:type="integer">142</partition_id>
<size>max</size>
</partition>

</partitions>
<pesize>32M</pesize>
<use>all</use>
</drive>

</partitioning>
<software>
<kernel>kernel-default</kernel>
<patterns config:type="list">
<pattern>Minimal</pattern>
</patterns>
<packages config:type="list">
<package>update-alternatives</package>
<package>vim-base</package>
<package>vim-data</package>
<package>vim</package>
<package>audit</package>
<package>libltdl7</package>
<package>openssh</package>
<package>ksh</package>
<package>libgcc46-32bit</package>
<package>zypper</package>
<package>less</package>
<package>iptables</package>
<package>man</package>
<package>man-pages</package>
<package>groff</package>
<package>ntp</package>
<package>yast2-ntp-client</package>

<package>binutils</package>
<package>bc</package>
<package>openmotif22-libs</package>
<package>xorg-x11-libs</package>
<package>expect</package>
<package>supportutils</package>
<package>sudo</package>
<package>sysstat</package>
<package>netcat</package>
<package>ipmitool</package>
<package>rsync</package>
<package>libcap1</package>
<package>at</package>
<package>nscd</package>
<package>ethtool</package>
<package>suse-sam-data</package>
<package>perl-satsolver</package>
<package>suse-sam</package>
<package>pam_passwdqc</package>
<package>dos2unix</package>
<package>zip</package>
<package>hdparm</package>
<package>mailx</package>
<package>ifplugd</package>
<package>kernel-default-extra</package>
<package>recode</package>
<package>libstdc++33-32bit</package>
<package>libstdc++46</package>
<package>libgcc46</package>
<package>perl-Net-IP</package>
<package>libstdc++33</package>
<package>smartmontools</package>
<package>kdump</package>
<package>kexec-tools</package>
<package>makedumpfile</package>
<package>utempter</package>
<package>screen</package>
<package>openssl1</package>
<package>libopenssl1_0_0</package>
<package>quota</package>
</packages>
<remove-packages config:type="list">
<package>mpt-firmware</package>
</remove-packages>
</software>

</install>

<files config:type="list">
</files>

</profile>

↧

How to migrate (move) logical volumes and volume groups from one disk to another disk online without reboot in Linux

April 7, 2018, 10:35 am

≫ Next: How to configure Password-less authentication from Windows to Linux using Putty

≪ Previous: Sample autoyast example xml file for SLES 10, 11 and SLES 12

In this article I will show you two methods to migrate a logical volume /dev/rhel/lv1 from one disk to another without reboot assuming you have the extra disk already available on your system.

Below steps are validated on Red Hat Enterprise Linux 7

Also in the end of the article a quick example to migrate all my logical volumes to new partition (disk)

LVM Mirroring
LVM pvmove command

Method 1: LVM Mirroring

First of all let's check the mapped devices with the logical volumes, here as you see my logical volume lv1 is residing on /dev/sdb1

[root@golinuxhub-server ~]# lvs -o+devices
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices
lv1 rhel -wi-a----- 1.00g /dev/sdb1(0)
root rhel -wi-ao---- <13.10g /dev/sda2(401)
swap rhel -wi-ao---- <1.57g /dev/sda2(0)

This logical volume is mounted on /lv1

[root@golinuxhub-server ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 14G 7.0G 6.2G 54% /
devtmpfs 671M 0 671M 0% /dev
tmpfs 686M 0 686M 0% /dev/shm
tmpfs 686M 8.7M 678M 2% /run
tmpfs 686M 0 686M 0% /sys/fs/cgroup
/dev/sda1 1014M 160M 855M 16% /boot
tmpfs 138M 0 138M 0% /run/user/0
/dev/mapper/rhel-lv1 976M 2.6M 907M 1% /lv1

On this partition I have a single file which we will use to monitor our migration

[root@golinuxhub-server ~]# md5sum /lv1/myfile
5dd39cab1c53c2c77cd352983f9641e1 /lv1/myfile

[root@golinuxhub-server ~]# cat /lv1/myfile
This is a test file

Now introduce a new PV where we would like to move our new logical volume. Hence I added a new virtual disk /dev/sdc

[root@golinuxhub-server ~]# lsscsi
[0:0:0:0] cd/dvd VBOX CD-ROM 1.0 /dev/sr0
[1:0:0:0] cd/dvd VBOX CD-ROM 1.0 /dev/sr1
[2:0:0:0] disk ATA VBOX HARDDISK 1.0 /dev/sda
[3:0:0:0] disk ATA VBOX HARDDISK 1.0 /dev/sdb
[4:0:0:0] disk ATA VBOX HARDDISK 1.0 /dev/sdc

So lets create a partition /dev/sdc1 on my newly added disk with partition type as "Linux LVM"

[root@golinuxhub-server ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x046a1def.

Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-4194303, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-4194303, default 4194303):
Using default value 4194303
Partition 1 of type Linux and of size 2 GiB is set

Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to 'Linux LVM'

Command (m for help): p

Disk /dev/sdc: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x046a1def

Device Boot Start End Blocks Id System
/dev/sdc1 2048 4194303 2096128 8e Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Create a new physical volume using the new partition

[root@golinuxhub-server ~]# pvcreate /dev/sdc1
Physical volume "/dev/sdc1" successfully created.

Validate the newly created physical volume

[root@golinuxhub-server ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 rhel lvm2 a-- <14.67g 4.00m
/dev/sdb1 rhel lvm2 a-- <1.94g 960.00m
/dev/sdc1 lvm2 --- <2.00g <2.00g

Next extend the "rhel" volume group with the new physical volume

[root@golinuxhub-server ~]# vgextend rhel /dev/sdc1
Volume group "rhel" successfully extended

Use "-v" to enable the verbose option and see the list of partitions used for the "rhel" volume group

[root@golinuxhub-server ~]# vgdisplay rhel -v
--- Volume group ---
VG Name rhel
System ID
Format lvm2
Metadata Areas 3
Metadata Sequence No 6
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 3
Open LV 3
Max PV 0
Cur PV 3
Act PV 3
VG Size 18.60 GiB
PE Size 4.00 MiB
Total PE 4762
Alloc PE / Size 4010 / 15.66 GiB
Free PE / Size 752 / <2.94 GiB
VG UUID W9RBxy-be7G-7Mai-unE9-CU1P-os6O-1IrAwg

--- Logical volume ---
LV Path /dev/rhel/swap
LV Name swap
VG Name rhel
LV UUID 5y06cM-RBdD-bP9o-XyTn-vODc-OkdS-1DCCj4
LV Write Access read/write
LV Creation host, time localhost, 2017-08-20 12:35:44 +0530
LV Status available
# open 2
LV Size <1.57 GiB
Current LE 401
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:1

--- Logical volume ---
LV Path /dev/rhel/root
LV Name root
VG Name rhel
LV UUID 8XkPVc-spib-oNu8-3D5E-f1vT-6RpW-ivZvjL
LV Write Access read/write
LV Creation host, time localhost, 2017-08-20 12:35:44 +0530
LV Status available
# open 1
LV Size <13.10 GiB
Current LE 3353
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:0

--- Logical volume ---
LV Path /dev/rhel/lv1
LV Name lv1
VG Name rhel
LV UUID 1B3itY-r46q-LMrz-Cby0-YqCt-XV1G-TmsqMx
LV Write Access read/write
LV Creation host, time golinuxhub-server.example, 2018-04-07 21:22:45 +0530
LV Status available
# open 1
LV Size 1.00 GiB
Current LE 256
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:2

--- Physical volumes ---
PV Name /dev/sda2
PV UUID Qreqy9-GHr6-mlDN-D3ki-NU5k-3VUb-o2g34D
PV Status allocatable
Total PE / Free PE 3755 / 1

PV Name /dev/sdb1
PV UUID VqVvQi-I0BM-epGZ-lhpf-n48v-LM0u-yGGjgK
PV Status allocatable
Total PE / Free PE 496 / 240

PV Name /dev/sdc1
PV UUID 6Rzgfb-NOeK-MT5F-TrQ5-cM6i-si8v-192uWO
PV Status allocatable
Total PE / Free PE 511 / 511

So everything looks correct, next again before starting with our migration last time lets again validate the partition used by our lv1 which is /dev/sdb1

[root@golinuxhub-server ~]# lvs -o+devices
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices
lv1 rhel -wi-ao---- 1.00g /dev/sdb1(0)
root rhel -wi-ao---- <13.10g /dev/sda2(401)
swap rhel -wi-ao---- <1.57g /dev/sda2(0)

The same can be validated using below command

[root@golinuxhub-server ~]# dmsetup deps /dev/rhel/lv1
1 dependencies : (8, 17)

As you see we have only single dependency and it is mapped to 8,17 which you see below is for /dev/sdb1

[root@golinuxhub-server ~]# ls -l /dev/ | grep sd
brw-rw---- 1 root disk 8, 0 Apr 7 21:25 sda
brw-rw---- 1 root disk 8, 1 Apr 7 21:25 sda1
brw-rw---- 1 root disk 8, 2 Apr 7 21:31 sda2
brw-rw---- 1 root disk 8, 16 Apr 7 21:25 sdb
brw-rw---- 1 root disk 8, 17 Apr 7 21:31 sdb1
brw-rw---- 1 root disk 8, 32 Apr 7 21:30 sdc
brw-rw---- 1 root disk 8, 33 Apr 7 21:31 sdc1

Let's start with the migration

We will create a single mirror using the below command

[root@golinuxhub-server ~]# lvconvert -m 1 rhel/lv1 /dev/sdc1
Are you sure you want to convert linear LV rhel/lv1 to raid1 with 2 images enhancing resilience? [y/n]: y
Logical volume rhel/lv1 successfully converted.

Let's see if our file is still available

[root@golinuxhub-server ~]# cat /lv1/myfile
This is a test file

If we see the list of devices, it is a bit different because we are spanning two underlying devices as we are in a mirror formation

[root@golinuxhub-server ~]# lvs -o+devices
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices
lv1 rhel rwi-aor--- 1.00g 100.00 lv1_rimage_0(0),lv1_rimage_1(0)
root rhel -wi-ao---- <13.10g /dev/sda2(401)
swap rhel -wi-ao---- <1.57g /dev/sda2(0)

The dmsetup should also show similar output as expected

[root@golinuxhub-server ~]# dmsetup deps /dev/rhel/lv1
4 dependencies : (253, 6) (253, 5) (253, 4) (253, 3)

Now we can break the mirror and get rid of old device which we wanted to remove

[root@golinuxhub-server ~]# lvconvert -m 0 rhel/lv1 /dev/sdb1
Are you sure you want to convert raid1 LV rhel/lv1 to type linear losing all resilience? [y/n]: y
Logical volume rhel/lv1 successfully converted.

So the command executed sucessfully

Here you can see our logical volume lv1 is now residing on /dev/sdc1

[root@golinuxhub-server ~]# lvs -o+devices
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices
lv1 rhel -wi-ao---- 1.00g /dev/sdc1(1)
root rhel -wi-ao---- <13.10g /dev/sda2(401)
swap rhel -wi-ao---- <1.57g /dev/sda2(0)

Same can be validated using dmsetup

[root@golinuxhub-server ~]# dmsetup deps /dev/rhel/lv1
1 dependencies : (8, 33)

[root@golinuxhub-server ~]# ls -l /dev/ | grep sd
brw-rw---- 1 root disk 8, 0 Apr 7 21:25 sda
brw-rw---- 1 root disk 8, 1 Apr 7 21:25 sda1
brw-rw---- 1 root disk 8, 2 Apr 7 21:38 sda2
brw-rw---- 1 root disk 8, 16 Apr 7 21:25 sdb
brw-rw---- 1 root disk 8, 17 Apr 7 21:38 sdb1
brw-rw---- 1 root disk 8, 32 Apr 7 21:30 sdc
brw-rw---- 1 root disk 8, 33 Apr 7 21:38 sdc1

The final test is to validate our file and its content which looks same as it was before migration

[root@golinuxhub-server ~]# cat /lv1/myfile
This is a test file

[root@golinuxhub-server ~]# md5sum /lv1/myfile
5dd39cab1c53c2c77cd352983f9641e1 /lv1/myfile

Now since everything is done we don't need /dev/sdb1 anymore and can be safely removed from "rhel" volume group

[root@golinuxhub-server ~]# vgreduce rhel /dev/sdb1
Removed "/dev/sdb1" from volume group "rhel"

Validate the same, as you see we no more have /dev/sdb1

[root@golinuxhub-server ~]# vgs -o+devices
VG #PV #LV #SN Attr VSize VFree Devices
rhel 2 3 0 wz--n- 16.66g 1.00g /dev/sda2(0)
rhel 2 3 0 wz--n- 16.66g 1.00g /dev/sda2(401)
rhel 2 3 0 wz--n- 16.66g 1.00g /dev/sdc1(1)

Method 2: Using pvmove

Here I will migrate our logical volume "lv1" from /dev/sdc1 to /dev/sdb1

Let us again extend our volume group with /dev/sdb1

[root@golinuxhub-server ~]# vgextend rhel /dev/sdb1
Volume group "rhel" successfully extended

Next monitor the device id using dmsetup and below command

[root@golinuxhub-server ~]# ls -l /dev | grep sd
brw-rw---- 1 root disk 8, 0 Apr 7 21:25 sda
brw-rw---- 1 root disk 8, 1 Apr 7 21:25 sda1
brw-rw---- 1 root disk 8, 2 Apr 7 21:40 sda2
brw-rw---- 1 root disk 8, 16 Apr 7 21:25 sdb
brw-rw---- 1 root disk 8, 17 Apr 7 21:40 sdb1
brw-rw---- 1 root disk 8, 32 Apr 7 21:30 sdc
brw-rw---- 1 root disk 8, 33 Apr 7 21:40 sdc1

[root@golinuxhub-server ~]# dmsetup deps /dev/rhel/lv1
1 dependencies : (8, 33)

Now time to migrate our logical volume from /dev/sdc1 to /dev/sdb1, the below command may take some time

[root@golinuxhub-server ~]# pvmove -n lv1 /dev/sdc1 /dev/sdb1
/dev/sdc1: Moved: 1.56%
/dev/sdc1: Moved: 100.00%

So the migration is completed, validate this using dmsetup

[root@golinuxhub-server ~]# dmsetup deps /dev/rhel/lv1
1 dependencies : (8, 17)

[root@golinuxhub-server ~]# ls -l /dev | grep sd
brw-rw---- 1 root disk 8, 0 Apr 7 21:25 sda
brw-rw---- 1 root disk 8, 1 Apr 7 21:25 sda1
brw-rw---- 1 root disk 8, 2 Apr 7 21:40 sda2
brw-rw---- 1 root disk 8, 16 Apr 7 21:25 sdb
brw-rw---- 1 root disk 8, 17 Apr 7 21:40 sdb1
brw-rw---- 1 root disk 8, 32 Apr 7 21:30 sdc
brw-rw---- 1 root disk 8, 33 Apr 7 21:40 sdc1

[root@golinuxhub-server ~]# lvs -o+devices
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices
lv1 rhel -wi-ao---- 1.00g /dev/sdb1(0)
root rhel -wi-ao---- <13.10g /dev/sda2(401)
swap rhel -wi-ao---- <1.57g /dev/sda2(0)

Everything looks perfect..

Lastly again re-validate your file content

[root@golinuxhub-server ~]# cat /lv1/myfile
This is a test file

[root@golinuxhub-server ~]# md5sum /lv1/myfile
5dd39cab1c53c2c77cd352983f9641e1 /lv1/myfile

A quick example migrating all my lvms to a new device /dev/sdd

Currently as you see my root and swap partition reside on /dev/sda which I intend to move to /dev/sdd

[root@golinuxhub-server ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 15.7G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 14.7G 0 part
├─rhel-root 253:0 0 13.1G 0 lvm /
└─rhel-swap 253:1 0 1.6G 0 lvm [SWAP]
sdd 8:48 0 20G 0 disk
sr0 11:0 1 1024M 0 rom
sr1 11:1 1 1024M 0 rom

My volume group currently resides on /dev/sda2

[root@golinuxhub-server ~]# vgs -o+devices
VG #PV #LV #SN Attr VSize VFree Devices
rhel 2 3 0 wz--n- <16.61g 964.00m /dev/sda2(0)
rhel 2 3 0 wz--n- <16.61g 964.00m /dev/sda2(401)

Below are my two logical volumes which I intend to migrate

[root@golinuxhub-server ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root rhel -wi-ao---- <13.10g
swap rhel -wi-ao---- <1.57g

Extend our "rhel" volume group with the new disk /dev/sdd

[root@golinuxhub-server ~]# vgextend rhel /dev/sdd
Volume group "rhel" successfully extended

[root@golinuxhub-server ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 rhel lvm2 a-- <14.67g 4.00m
/dev/sdb1 rhel lvm2 a-- <1.94g 960.00m
/dev/sdd rhel lvm2 a-- <20.00g <20.00g

[root@golinuxhub-server ~]# pvmove -n root /dev/sda2 /dev/sdd
/dev/sda2: Moved: 0.03%
/dev/sda2: Moved: 2.15%
/dev/sda2: Moved: 4.18%
/dev/sda2: Moved: 6.38%
/dev/sda2: Moved: 8.89%
/dev/sda2: Moved: 25.80%
/dev/sda2: Moved: 28.48%
/dev/sda2: Moved: 30.72%
/dev/sda2: Moved: 33.28%
/dev/sda2: Moved: 36.00%
/dev/sda2: Moved: 38.74%
/dev/sda2: Moved: 41.40%
/dev/sda2: Moved: 44.32%
/dev/sda2: Moved: 51.95%
/dev/sda2: Moved: 54.61%
/dev/sda2: Moved: 57.20%
/dev/sda2: Moved: 59.89%
/dev/sda2: Moved: 62.75%
/dev/sda2: Moved: 65.64%
/dev/sda2: Moved: 68.39%
/dev/sda2: Moved: 75.57%
/dev/sda2: Moved: 78.53%
/dev/sda2: Moved: 100.00%

[root@golinuxhub-server ~]# pvmove -n swap /dev/sda2 /dev/sdd
/dev/sda2: Moved: 0.00%
/dev/sda2: Moved: 100.00%

As you see my root and swap logical volume is now residing on /dev/sdd

[root@golinuxhub-server ~]# lvs -o+devices
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices
root rhel -wi-ao---- <13.10g /dev/sdd(0)
swap rhel -wi-ao---- <1.57g /dev/sdd(3353)

Same for my volume group which now resides on /dev/sdd

[root@golinuxhub-server ~]# vgs -o+devices
VG #PV #LV #SN Attr VSize VFree Devices
rhel 4 3 0 wz--n- <38.60g 22.93g /dev/sdd(3353)
rhel 4 3 0 wz--n- <38.60g 22.93g /dev/sdd(0)

So both my root and swap partition are now migrated to /dev/sdd

[root@golinuxhub-server ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 15.7G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 14.7G 0 part
sdb 8:16 0 2G 0 disk
└─sdb1 8:17 0 2G 0 part
sdd 8:48 0 20G 0 disk
├─rhel-root 253:0 0 13.1G 0 lvm /
└─rhel-swap 253:1 0 1.6G 0 lvm [SWAP]
sr0 11:0 1 1024M 0 rom
sr1 11:1 1 1024M 0 rom

I hope the article was useful.

↧

How to configure Password-less authentication from Windows to Linux using Putty

April 8, 2018, 4:04 am

≫ Next: Sample kickstart partition example (RAID, LVM, Multipath, Simple,..)

≪ Previous: How to migrate (move) logical volumes and volume groups from one disk to another disk online without reboot in Linux

I have already written few articles to configure passwordless authentication between two Linux servers, here in this article I will share the steps to configure password less login from Windows to Linux box using Putty

My setup:
==========================
Windows Box: 192.168.1.2
Linux Box: 192.168.1.5
==========================

You can download and install Putty from their official page based on your Windows environment.

My Putty files are available at C:\Program Files\PuTTY as below

Here double click on "puttygen.exe" to open this tool which can be used to generate new private and public key

This tool is similar to Linux based ssh-keygen, next in the puttygen tool, select the key type and bit size which you would like use for the generated key.

Here for my example I am using 2048 bit size RSA-2 key

Once you click on "Generate" both private and public key will be generated.

Next change the comment to something which can be more meaningful and you can remember in future, like for me I have used root@192.168.1.5 since I plan to use this key for root user for my Linux node 192.168.1.5

Since we want to perform a password less authentication hence I will leave the password section blank, in case if you wish to assign a passphrase then provide the same here

Next save the private key to your machine.

I am saving it by below name
golinuxhub-server-id_rsa

Now it is time to copy the public key to the Linux box
Since I want to use this for root user I will append the public key to root user's authorized keys

The public key can be seen in the highlighted section, copy this and append the key to /root/.ssh/authorized_keys on 192.168.1.5 (my Linux box)

On my Linux box

NOTE: If /root/.ssh does not exists you can manually create this

# mkdir /root/.ssh

# chmod 700 /root/.ssh

as you see below I have appended my public key to the root user's authorized_keys file

[root@golinuxhub-server root :~]# ls -ld .ssh/
drwx------. 2 root root 80 Apr 8 16:18 .ssh/

[root@golinuxhub-server root :~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApAhmZgOtgHLjxbbpUkjvpTjhN9WaVMy7gUw1sH2Uo8P9hgdSoGzs1zhNG7o/D4xuSJ2JfmWAMSqhJHtmgeszRNerPvAWWVOq7F98sS1W2fhHH/kShDnP05QXcUQxZnm+97iQHDBLb280KkXwj48NmpZP722AKIL/qaYVwS5TRnpgTrOLpa7zv9y5MaeH6+MmMmV6n0U5A8+LFf0qYPQYJ4oSFolA0anHJDDM9Gqw3JVX2mgyEOR7+H6R36LE01Fy5kgSBSX8KjGyF6VsssiUF1aDWsB3KEO3eHRuRIgfBfMTXV0K+rjFLSqnVj/m0/+pLx9JngYaGSFZNEHe4/4Irw== root@192.168.1.5

Now since everything is done it is time to create and save a session for my Linux box in the Putty with the private key.

Open Putty and add the Linux box IP as shown below

Navigate to SSH ->Auth
and Browse to the private key which was created above

Next navigate back to "Session" as shown below and "save" the changes

This will create a new shortcut with the host name as shown below. Select the hostname and click on Load, next click on "Open" to open a new connection

Next attempt to login using root, as you see it does not prompts for password this time and logs in without and passphrase

I hope the article was useful.

↧

Sample kickstart partition example (RAID, LVM, Multipath, Simple,..)

April 7, 2018, 11:17 am

≫ Next: How to reset or change lost root password in RHEL / CentOS 7

≪ Previous: How to configure Password-less authentication from Windows to Linux using Putty

Below are some of the storage template examples which can be used in kickstart for various type of installation option

Simple Layout

Using below we do not give any requirement for any partition in terms of size and partition type, instea we only define the filesystem type. With this we will only get a root and boot partition

For setting an ext4 partition with a simple layout

# Disk Partitioning
autopart --type=plain --fstype=ext4

RAID 1 + LVM

For setting an ext4 partition with a software RAID 1 + LVM.

Here my setup is having two disk (each with 838GB space) hence I am create Physical Volume accordingly, you can modify the value based on your disk size. You can also use "--size 1 --grow" if you do not wish to restrictively define a size for your physical volume and this will take the maximum available space in your disks.

# The following is the partition information you requested
ignoredisk --only-use=sda,sdb

# -- raid part for boot --
part raid.sda0 --size 512 --asprimary --ondrive=sda
part raid.sdb0 --size 512 --asprimary --ondrive=sdb

# -- raid part for pv.1 --
part raid.sda2 --size 821616 --ondrive=sda
part raid.sdb2 --size 821616 --ondrive=sdb

# -- raid part for root --
part raid.sda1 --size 12288 --ondrive=sda
part raid.sdb1 --size 12288 --ondrive=sdb

# -- raid part for swap --
part raid.sda3 --size 12288 --ondrive=sda
part raid.sdb3 --size 12288 --ondrive=sdb

# Raid device creation
raid /boot --fstype ext4 --device md0 --level=RAID1 raid.sda0 raid.sdb0
raid pv.1 --device md2 --level=RAID1 raid.sda2 raid.sdb2
raid / --fstype ext4 --device md1 --level=RAID1 raid.sda1 raid.sdb1
raid swap --fstype swap --device md3 --level=RAID1 raid.sda3 raid.sdb3

# Volume group and logical volume creation
volgroup vg00 --pesize=65536 pv.1
logvol /var --fstype ext4 --vgname vg00 --size=16384 --name=var
logvol /tmp --fstype ext4 --vgname vg00 --size=24576 --name=tmp
logvol /home --fstype ext4 --vgname vg00 --size=8192 --name=home
logvol /opt --fstype ext4 --vgname vg00 --size=16384 --name=opt
logvol /usr --fstype ext4 --vgname vg00 --size=32768 --name=usr
logvol /var/log --fstype ext4 --vgname vg00 --size=1 --grow --name=log

Normal LVM Layout

For setting an ext4 partition with only LVM.

Here my setup has a single disk (sda) and my physical volume is configured to use all the available space on the disk to create and configure the partition layout

part /boot --size 512 --asprimary --fstype=ext4 --ondrive=sda
part pv.1 --size 1 --grow --fstype=ext4 --ondrive=sda

volgroup system --pesize=32768 pv.1

logvol / --fstype ext4 --vgname system --size=8192 --name=root
logvol /var --fstype ext4 --vgname system --size=16384 --name=var
logvol /tmp --fstype ext4 --vgname system --size=40960 --name=tmp
logvol swap --vgname system --size=4096 --name=swap
logvol /opt --fstype ext4 --vgname system --size=8192 --name=opt
logvol /opt/deep --fstype ext4 --vgname system --size=6144 --name=deep
logvol /opt/deep/log --fstype ext4 --vgname system --size=20480 --name=deeplog
logvol /var/opt/data--fstype ext4 --vgname system --size=1 --grow --name=mybackup

Multipath Layout

This one is tricky as you must know the list of mpath device available so that you can define them to be used for installation. In the below example I only had single LUN hence I have only used single mpath device

# The following is the partition information you requested
ignoredisk --only-use=mpatha

# Disk Partioning
clearpart --all --initlabel --drives=mpatha

# Disk partitioning information
part pv.1073 --fstype="lvmpv"--size 1 --grow --ondisk=mpatha
part swap --fstype="swap" --ondisk=mpatha --size=4096
part /boot --fstype="ext4" --ondisk=mpatha --size=512

volgroup system --pesize=32768 pv.1073

logvol /var --fstype ext4 --vgname system --size=8192 --name=var
logvol /tmp --fstype ext4 --vgname system --size=20480 --name=tmp
logvol /opt/mgtservices --fstype="ext4" --size=5120 --name=opt-mgtservices --vgname=system
logvol /opt --fstype="ext4" --size=1 --grow --name=opt --vgname=system
logvol /home --fstype="ext4" --size=4096 --name=home --vgname=system
logvol /export --fstype="ext4" --size=30720 --name=export --vgname=system
logvol /var/opt --fstype="ext4" --size=25600 --name=var-opt --vgname=system
logvol / --fstype="ext4" --vgname=system --size=8192 --name=root

↧

How to reset or change lost root password in RHEL / CentOS 7

April 14, 2018, 10:36 am

≫ Next: How to configure offline yum repository using DVD and HTTP or Apache server over the network in RHEL / CentOS 7

≪ Previous: Sample kickstart partition example (RAID, LVM, Multipath, Simple,..)

In Red Hat Enterprise Linux/Cent OS 6 changing root password was quiet easy (well it is easy if you know the steps and it is hard if you don't)

For RHEL / CentOS 7 the steps are completely different and a little trickier than it was in older RHEL versions.

In this article I will show you the steps to reset your root password using rd.break

NOTE: I hope you have console access to your Linux box as without this you cannot reset the password using an ssh client.
Reboot your Linux box to the boot menu as shown below

Edit the primary boot loader in the GRUB menu as for me you can see I only have one kernel installed to I will press "e" to enter into edit mode

which will bring you below menu

setparams 'Red Hat Enterprise Linux Server (3.10.0-693.el7.x86_64) 7.4 (Maipo)'

load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod xfs
set root='hd0,msdos1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' af0be92e-0721-46b8-affd-60f9baff3652
else
search --no-floppy --fs-uuid --set=root af0be92e-0721-46b8-affd-60f9baff3652
fi
linux16 /vmlinuz-3.10.0-693.el7.x86_64 root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet net.ifnames=0 systemd.unit=emergency.target
initrd16 /initramfs-3.10.0-693.el7.x86_64.img

Press Ctrl-x to start, Ctrl-c for a command prompt or Escape to
discard edits and return to the menu. Pressing Tab lists
possible completions.

Look out for the kernel line i.e. below one for me

linux16 /vmlinuz-3.10.0-693.el7.x86_64 root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet net.ifnames=0

Remove "rhgb quiet" and add "rd.break" in the last as shown below

linux16 /vmlinuz-3.10.0-693.el7.x86_64 root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap net.ifnames=0 rd.break

rd.break will stop the boot procedure before mounting the filesystem wherein all the supporting modules are loaded and with a valid shell.
Press "Ctrl +x" to boot your box with the new changes

As you see now you have a shell and you were not prompted for root password

Next you must remount your filesystem with read write permission as currently you have logged in with read only mode for root filesystem

switch_root:/# mount -o remount,rw /sysroot

Next we need to move the content of sysroot from chroot to normal root environment

switch_root:/# chroot /sysroot

Now you are ready to set your password. You can use below command to set the password. Replace "mynewpassword" with your new password followed by the username i.e. "root"

sh-4.2# echo mynewpassword | passwd --stdin root

Next we need to tell selinux that it needs to do relabelling or else our changes will be gone after reboot, for this create a new autolabel file using below command

sh-4.2# touch /.autorelabel

You are all done now. Next press "Ctrl +D" twice to exit the window followed by a reboot

Next once your node is UP, try to login with your new password

I hope the article was useful.

↧

How to configure offline yum repository using DVD and HTTP or Apache server over the network in RHEL / CentOS 7

April 14, 2018, 12:47 pm

≫ Next: How to set up password authentication in apache (httpd) with htpasswd and .htaccess on RHEL / CentOS 7

≪ Previous: How to reset or change lost root password in RHEL / CentOS 7

In this article I will show you the steps to configure an offline yum repository in your network using http server

IMPORTANT NOTE: I had already written an aticle to use yum with apache but that was tested and validated with RHEL 5 and 6, and with RHEL 7 some httpd configuration option have changed. If you are using older version of RHEL please follow below link

How to configure YUM with Apache server in Linux in RHEL/Centos 5 or 6

To make this work we would need a basic http server so install all the http related packages.
Now before creating a http based yum repository, create an offline repo using the RHEL/CentOS dvd.

Next install httpd rpm and its dependency using yum

# yum install httpd -y

Next it is time to configure our http server
Edit your main configuration file i.e. "/etc/httpd/conf/httpd.conf" and add below content at the end of the file

NOTE: Here I will use /var/www/html as my source path where the RHEL/CentOS dvd will be mounted. You can change the path accordingly as per your requirement

Alias /web"/var/www/html/"
<VirtualHost 192.168.1.6:80>
ServerAdmin root@server.golinuxhub.com
ServerName golinuxhub-server
DocumentRoot /var/www/html
ErrorLog logs/error_log
<Directory "/var/www/html/">
Options Indexes MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

If you have firewalld running on your system then you can run below command to add firewalld rules for httpd

# firewall-cmd --permanent --add-service=http
success

# firewall-cmd --reload
success

Next restart your httpd service

# systemctl restart httpd

Make sure the RHEL/CentOS dvd is mounted on your source directory i.e. /var/www/html

# mount /tmp/rhel-server-7.4-x86_64-dvd.iso /var/www/html/
mount: /dev/loop0 is write-protected, mounting read-only

# ls /var/www/html/
addons EFI EULA extra_files.json GPL images isolinux LiveOS media.repo Packages repodata RPM-GPG-KEY-redhat-beta RPM-GPG-KEY-redhat-release TRANS.TBL

Next try to access your http server using http://192.168.1.6/web/ on your browser
NOTE: Replace the host IP (192.168.1.6) with your node IP

If all is good proceed to next step or else if you face any issue follow "/etc/httpd/logs/error_log" for more information on the issue

It is time to re-configure our repo file which for me is "/etc/yum.repos.d/rhel.repo" with below content

[RHEL_Repo]
name=Red Hat Enterprise Linux 7.4
baseurl=http://192.168.1.6/web/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

NOTE: The gpg keys are by default installed on systems by a Red Hat release package for your type of installation hence you can use the above path and make sure that it exists

Here as you see my baseurl reflects my http server which contains the rpm from the rhel dvd.

Next save and exit the file

Next let's clean the cache

# yum clean all
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Cleaning repos: RHEL_Repo
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos

# rm -rf /var/cache/yum

Now let's see if our new repo is working as expected

# yum repolist all
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
RHEL_Repo | 4.1 kB 00:00:00
(1/2): RHEL_Repo/group_gz | 137 kB 00:00:00
(2/2): RHEL_Repo/primary_db | 4.0 MB 00:00:00
repo id repo name status
RHEL_Repo Red Hat Enterprise Linux 7.4 enabled: 4,986
repolist: 4,986

So as you see my repo "RHEL_Repo" is enabled and has 4,986 rpms.
Now you can use the same repo file in your network and use this offline repository.

How to use http or apache service running on a different port other than 80 with my yum repository?

By default we use port 80 for configuring http server but for some reason if you wish to use a different port number then also nothing should change and you can follow the same procedure.

You may need to do some conf changes for your httpd config file as below

Change

Listen 80
to
Listen 8080

and virtual hosting configuration as below

Alias /web "/var/www/html/"
<VirtualHost 192.168.1.6:8080>
ServerAdmin root@server.golinuxhub.com
ServerName golinuxhub-server
DocumentRoot /var/www/html
ErrorLog logs/error_log
<Directory "/var/www/html/">
Options Indexes MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

Add necessary firewalld rules for new port

# firewall-cmd --permanent --add-port=8080/tcp
success

# firewall-cmd --reload
success

Restart your httpd service

# systemctl restart httpd

Validate your httpd server on the browser

Next also change the yum repo file as below

[RHEL_Repo]
name=Red Hat Enterprise Linux 7.4
baseurl=http://192.168.1.6:8080/web/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

I hope the article was useful.

↧

How to set up password authentication in apache (httpd) with htpasswd and .htaccess on RHEL / CentOS 7

April 15, 2018, 5:06 am

≫ Next: How to synchronise hardware clock (hwclock) with NTP in RHEL / CentOS 7

≪ Previous: How to configure offline yum repository using DVD and HTTP or Apache server over the network in RHEL / CentOS 7

In this article I will show you step by step guide where in you apache server you can create protected directoties which can be accessed only by respectvie users with proper access.

I would assume you have http package installed on your setup, if not you can manually install them
If you do not have an active online yum repository then you can create an offline yum repository

next install httpd and all it's dependency packages

# yum -y install httpd

I have a directory under "/var/www/html/secret/" which must be only accessed by user "deepak"
So let us first create this directory

# mkdir /var/www/html/secret/

I will create a dummy index.html file inside /var/www/html/secret/ for deepak

# cat /var/www/html/secret/index.html
###########
## This is a secret file for Deepak only
###########

Before starting with our httpd configuration, we should create passwd file for user "deepak".

NOTE: Here deepak will not use the system's passwd file, instead we will have to create a new one which will be used by Apache for the authentication which will be created by htpasswd

htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users.
Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd.
htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine.
Files managed by htpasswd may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().

Use the below command syntax to create password for user "deepak"

# htpasswd -c /etc/httpd/.htpasswd deepak
New password:
Re-type new password:
Adding password for user deepak

NOTE: You can give any other secure path for the .htpasswd file. For me I am using /etc/httpd

If you see the content of this .htpasswd file

# cat /etc/httpd/.htpasswd
deepak:$apr1$2D7PPz82$cSP2lNCNmzE80dXrXakAI/

Here

-cCreate the passwdfile. If passwdfile already exists, it is rewritten and truncated. This option cannot be combined with the -n option.

Next, you'll need to configure the server to request a password and tell the server which users are allowed access.
You can do this either by editing the httpd.conf file or using an .htaccess file.

For example, if you wish to protect the directory /var/www/html/secret/, you can use the following directives, either placed in the file /var/www/html/secret/.htaccess, or placed in /etc/httpd/conf/httpd.conf inside a <Directory "/var/www/html/secret"> section.

Method 1: Using .htaccess file

If you plan to use .htaccess files, you will need to have a server configuration that permits putting authentication directives in these files. This is done with the AllowOverride directive, which specifies which directives, if any, may be put in per-directory configuration files.

Since we're talking here about authentication, you will need an AllowOverride directive like the following

AllowOverride AuthConfig

So let me append this in my /etc/httpd/conf/httpd.conf

NOTE: Comment all other Directory variable in your httpd.conf pointing to /var/www or /var/www/html or similar path. Or you must add AllowOverride AuthConfig to all those Directory variables for .htaccess to work since our secret directory lies under /var/www/html

Alias /web "/var/www/html/secret/"

<Directory "/var/www/html/secret">
AllowOverride AuthConfig
</Directory>

NOTE: I have used an alias here which is optional.

Next create a .htaccess file with below content at /var/www/html/secret/.htaccess

AuthType Basic
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak

We are all set up to start out httpd server

# systemctl restart httpd

# systemctl is-active httpd
active

Now you can try to access your page with an alias /web as we have used, it must prompt for username and password

Method 2: Using Directory in httpd.conf

Add below content at then end of "/etc/httpd/conf/httpd.conf".

NOTE: Here VirtualHosting is not needed mandatory, I have just added to add a custom error log and DocumentRoot which can come handy

Alias /web "/var/www/html/secret/"

<VirtualHost 192.168.1.6:80>
ServerAdmin root@server.golinuxhub.com
ServerName golinuxhub-server
DocumentRoot /var/www/html/secret
ErrorLog logs/error_log

<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak
</Directory>
</VirtualHost>

The AuthType directive selects that method that is used to authenticate the user. The most common method is Basic. It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl.

Save and exit the file followed by a service restart

# systemctl restart httpd

# systemctl is-active httpd
active

Now you can try to access your page with an alias /web as we have used, it must prompt for username and password.

How to provide authentication to multiple users?

The steps are similar and again can be done using both the methods as explained earlier. For the sake of this example I will use <Directory> method to give an example

Assign password to all other users using below command and the same password file as used earlier

# htpasswd /etc/httpd/.htpasswd ankit
New password:
Re-type new password:
Adding password for user ankit

# htpasswd /etc/httpd/.htpasswd amit
New password:
Re-type new password:
Adding password for user amit

Now if we check we have three entries for three difference users

# cat /etc/httpd/.htpasswd
amit:$apr1$//0qsYXA$b/YBtjYWNVnAq.ktus1yD.
deepak:$apr1$eAmlseNr$F8TRQZvqoxGn5TDmdrT311
ankit:$apr1$bEXxG.Wh$Ejavy56OHpFVBHs8ETah41

Next we will need to create a group file that associates group names with a list of users in that group. The contents of the file will look like this:

NOTE: You can create the group with any name and can be at any location, for me I am using below path.

# cat /etc/httpd/.groups
GroupName: deepak amit ankit

Here I have added three users to my group for which I will pass authentication using httpd.conf

Next update your httpd.conf with below content

Alias /web "/var/www/html/secret/"

<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile "/etc/httpd/.htpasswd"
AuthGroupFile "/etc/httpd/.groups"
Require group GroupName
</Directory>

IMPORTANT NOTE:
You can use the same content under "/var/www/html/secret/.htaccess" if you wish to use Method 1 from this article.i.e with htaccess

Here we are using "Require group" instead of "Require user" and added a new argument "AuthGroupFile" to point to the group file we have created

Next save and exit the file and restart the httpd service to activate our change

# systemctl restart httpd

# systemctl is-active httpd
active

So all looks good, give your change a trial to see if the browser prompts you for authentication

I hope the article was useful.

↧

How to synchronise hardware clock (hwclock) with NTP in RHEL / CentOS 7

April 27, 2018, 8:21 am

≫ Next: How to clear/delete all the partition table from a disk or partition in Linux

≪ Previous: How to set up password authentication in apache (httpd) with htpasswd and .htaccess on RHEL / CentOS 7

I have already written an article giving you details steps and examples on how can you make sure your hwclock displays correct time during boot up.

Here I will show you the NTP configurations which must be done to make sure NTP itself syncs the hwclock with local clock during system startup and you need not worry about any more manual configurations.

If you are using HP ProLiant Blade servers then it is always recommended to set the BIOS date and time using SNTP or else for all other hardware make sure your BIOS is pointing to correct date and time.

In Red Hat Enterprise Linux 6, the hwclock command was run automatically on every system shutdown or reboot, but it is not in Red Hat Enterprise Linux 7. When the system clock is synchronized by the Network Time Protocol (NTP) or Precision Time Protocol (PTP), the kernel automatically synchronizes the hardware clock to the system clock every 11 minutes.

Exit the below file and change SYNC_HWCLOCK to "yes"

# vim /etc/sysconfig/ntpdate
# Options for ntpdate
OPTIONS="-p 2"

# Number of retries before giving up
RETRIES=2

# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes

Next add the list of your NTP servers in the below file

# vim /etc/ntp/step-tickers
1.in.pool.ntp.org
1.asia.pool.ntp.org
2.asia.pool.ntp.org

This file will be referenced by ntpdate service , below is the content of ntpdate.service

# systemctl cat ntpdate.service
# /usr/lib/systemd/system/ntpdate.service
[Unit]
Description=Set time via NTP
After=syslog.target network.target nss-lookup.target
Before=time-sync.target
Wants=time-sync.target

[Service]
Type=oneshot
ExecStart=/usr/libexec/ntpdate-wrapper
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Here as you see the script calls "/usr/libexec/ntpdate-wrapper" which calls "ntpstep=/etc/ntp/step-tickers" to make sure ntp syncs hwclock

Next enable the ntpdate service to make sure it is called at next reboot

# systemctl enable ntpdate.service

NOTE: As long as NTPD daemon is running, you will not be able to start ntpdate service

If you wish to start ntpdate service runtime then you have two options
1. Disable ntpd service and then start ntpdate.service
2. Execute ntpdate using -u variable, with this the service will be called using random port number

To stop NTPD daemon

# systemctl stop ntpd.service

Next start ntpdate service

# systemctl start ntpdate.service

Next again start ntp service

# systemctl start ntpd.service

OR you can execute below command (Here replace the 1.in.pool.ntp.org with your NTP server)

# ntpdate -u 1.in.pool.ntp.org
27 Apr 20:38:59 ntpdate[13893]: adjust time server 1.in.pool.ntp.org offset -0.004723 sec

I hope the article was useful.

↧

How to clear/delete all the partition table from a disk or partition in Linux

May 6, 2018, 4:38 am

≫ Next: How to disable or restrict direct root login via console or ssh

≪ Previous: How to synchronise hardware clock (hwclock) with NTP in RHEL / CentOS 7

Below article is a must read to understand all about partition, partition scheme and partition table

Everything you need to know about a partition, types of partition, partition scheme

To clear a partition table, wipefs command can be used

Here I have a disk /dev/sdb which I have added to my Linux box for this article.
In this disk I have created two primary partitions

# fdisk -l /dev/sdb

Disk /dev/sdb: 17.2 GB, 17179869184 bytes, 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x1410600c

Device Boot Start End Blocks Id System
/dev/sdb1 2048 4196351 2097152 83 Linux
/dev/sdb2 4196352 10487807 3145728 83 Linux

Now I would like to clear the partition table from this disk
To do so below commands can be used

Check the partition table

# wipefs /dev/sdb
offset type
----------------------------------------------------------------
0x1fe dos [partition table]

Here I have a dos partition table

Clear the partition table

Using the below command you can wipe "dos" partition table

# wipefs -a -t dos -f /dev/sdb
/dev/sdb: 2 bytes were erased at offset 0x000001fe (dos): 55 aa
/dev/sdb: calling ioclt to re-read partition table: Success

If I had a GPT partition table then to clear the same

# wipefs -a -t gpt -f /dev/sdb

To clear all the partition tables

# wipefs -a -f /dev/sdb

You can also delete a partition table using the offset value as shown above

# wipefs -o 0x1fe /dev/sdb

Once the above command returns success, check the partition table using fdisk

As you both my partitions are cleared/deleted.

I hope the article was useful.

↧

How to disable or restrict direct root login via console or ssh

May 6, 2018, 4:54 am

≫ Next: How to reduce and/or add more columns or fields to top command in Linux (swap, memory, etc)

≪ Previous: How to clear/delete all the partition table from a disk or partition in Linux

Below article is a must read to harden your existing sshd configuration file

Best practices to harden and increase security with ssh (ciphers, MACs etc)

By default root user had direct login access to the Linux machine which can be dangerous and in most organisation it is restricted

But how do we restrict a direct root user login?
Firstly ssh based direct root login must be diabled which can be done via sshd_config

Modify your /etc/ssh/sshd_config and make sure PermitRootLogin is disabled as shown below

# grep -i PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin no

By default the value would be yes, so change it to "no" and save your file follwed by a sshd service restart to make the changes affect

# systemctl restart sshd.service

Using this you disabled ssh based direct root login but what if someone gets access to the GUI console, which can be iLO for a physical blade and a GUI console for VMware via vnc or some other tool?
The above changes will not restrict a direct root login via console as that is not ssh

Disable direct root login via console

To achieve this clear the contents of "/etc/securetty"
By default this file contains the content of all the terminals on which a direct root login would be allowed

# cat /dev/null > /etc/securetty

Now you can try to do a root login via console, and it should fail

I hope the article was useful.

↧

How to reduce and/or add more columns or fields to top command in Linux (swap, memory, etc)

May 6, 2018, 5:34 am

≫ Next: How to view and increase the default pipe buffer size in Linux (F_GETPIPE_SZ, F_SETPIPE_SZ)

≪ Previous: How to disable or restrict direct root login via console or ssh

I have already written an article explaining every field in the top command

10 examples to help you understand top command usage in Linux

In this article I will show you the steps using which you can control the list of columns you would like to see with the top command.

By default we see the below columns when top is executed without any arguments

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
11584 root 20 0 116376 1012 844 R 99.9 0.0 18716:08 agetty
1 root 20 0 133792 4156 2552 S 0.0 0.0 0:38.09 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.04 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:01.31 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0

Adding a new column

Here I would like to add one more field to monitor the "swap" memory usage per process
To do this, press "f" which will show you below list of options

Here if you see some of the options are bright white, these are the fields which are currently enabled by default, to which now we would like to add "SWAP" details

so navigate to the row which contains SWAP as shown below

and press "space" bar to select the highlighted option. Once you hit "space" bar, the highlighted option should turn to bright white color similar to other default options.

To go back to the home screen of top, press "Esc"
So now as you can see, a new column with "SWAP" has appeared at the last column

Similarly you can add any other column from the list of fields

Removing an existing column

To reduce or remove a column also similar steps can be followed as explained above

Press "f" to go to the list of fields and navigate to the option which you would like to remove from the default top home screen

Press "space" bar to un-select the field, by doing this the colour of the field would turn back to normal white colour similar to all other disabled sections as shown below, here I disabled "RES" memory column, press "Esc" to go back

So now the same has vanished from top home screen.

Save the changes permanently

To save the changes what you have made, so that the same is active when you execute top next time
press "Shift+w"

Once you press the same, you should see the above line as shown in the screenshot. The changes will be saved under your home folder using which top was executed

Below is the content of my /root/.toprc

top's Config File (Linux processes with windows)
Id:i, Mode_altscr=0, Mode_irixps=1, Delay_time=3.0, Curwin=0
Def fieldscur=Â¥Â¨Â³Â´Â»=ÃÃ
efghij Â·ÂºÂ¹Ã
&')*+,-.winflags=193844, sortindx=18, maxtasks=0, graph_cpus=0, graph_mems=0
summclr=1, msgsclr=1, headclr=3, taskclr=1
Job fieldscur=Â¥Â¦Â¹Â·Âº(Â³Â´Ã
efghij Â»Â½@<Â§Ã
)*+,-./0winflags=193844, sortindx=0, maxtasks=0, graph_cpus=0, graph_mems=0
summclr=6, msgsclr=6, headclr=7, taskclr=6
Mem fieldscur=Â¥ÂºÂ»<Â½Â¾Â¿ÃÃMBNÃD34Â·Ã
ghij*+,-./0125689FGHIJKLOPQRSTUVWXYZ[\]^_`abcdeff
winflags=193844, sortindx=21, maxtasks=0, graph_cpus=0, graph_mems=0
summclr=5, msgsclr=5, headclr=4, taskclr=5
Usr fieldscur=Â¥Â¦Â§Â¨ÂªÂ°Â¹Â·ÂºÃ
efghij Ã
)+,-./12winflags=193844, sortindx=3, maxtasks=0, graph_cpus=0, graph_mems=0
summclr=3, msgsclr=3, headclr=2, taskclr=3
Fixed_widest=0, Summ_mscale=0, Task_mscale=0, Zero_suppress=0

I hope the article was useful.

↧

How to view and increase the default pipe buffer size in Linux (F_GETPIPE_SZ, F_SETPIPE_SZ)

May 6, 2018, 7:07 am

≫ Next: How to build a signed rpm from scratch by building a source archive using Red Hat Linux

≪ Previous: How to reduce and/or add more columns or fields to top command in Linux (swap, memory, etc)

A pipe has a limited capacity. If the pipe is full, then a write(2) will block or fail. Applications should not rely on a particular capacity: an application should be designed so that a reading process consumes data as soon as it is available, so that a writing process does not remain blocked.

In Linux versions before 2.6.11, the capacity of a pipe was the same as the system page size (e.g., 4096 bytes on i386). Since Linux 2.6.11, the pipe capacity is 16 pages (i.e., 65,536 bytes in a system with a page size of 4096 bytes). Since Linux 2.6.35, the default pipe capacity is 16 pages, but the capacity can be queried and set using the fcntl(2) F_GETPIPE_SZ and F_SETPIPE_SZ operations.

F_SETPIPE_SZ (int; since Linux 2.6.35)
Change the capacity of the pipe referred to by fd to be at least arg bytes. An unprivileged process can adjust the pipe capacity to any value between the
system page size and the limit defined in /proc/sys/fs/pipe-max-size (see proc(5)). Attempts to set the pipe capacity below the page size are silently
rounded up to the page size. Attempts by an unprivileged process to set the pipe capacity above the limit in /proc/sys/fs/pipe-max-size yield the error
EPERM; a privileged process (CAP_SYS_RESOURCE) can override the limit.

When allocating the buffer for the pipe, the kernel may use a capacity larger than arg, if that is convenient for the implementation. (In the current
implementation, the allocation is the next higher power-of-two page-size multiple of the requested size.) The actual capacity (in bytes) that is set is
returned as the function result.

Attempting to set the pipe capacity smaller than the amount of buffer space currently used to store data produces the error EBUSY.

F_GETPIPE_SZ (void; since Linux 2.6.35)
Return (as the function result) the capacity of the pipe referred to by fd.

To validate this let us create a fifo pipe file

# mkfifo /tmp/testfifo

Next below python script (/tmp/change_fifo_size.py) can be used to get the default size and also to increase the pipe buffer size to any new value

#!/usr/bin/env python

import signal
import os
import fcntl
import sys

F_SETPIPE_SZ = 1031 # Linux 2.6.35+
F_GETPIPE_SZ = 1032 # Linux 2.6.35+

def open_fifo(fifo):
try:
print "Checking fifo file ..."
fifo_fd = open(fifo, "rb+")
print "Pipe size : "+str(fcntl.fcntl(fifo_fd, F_GETPIPE_SZ))
fcntl.fcntl(fifo_fd, F_SETPIPE_SZ, 1000000)
print "Pipe (modified) size : "+str(fcntl.fcntl(fifo_fd, F_GETPIPE_SZ))
return fifo_fd
except Exception, e:
print "Unable to create fifo, error: "+str(e)

fifo_fd = open_fifo("/tmp/testfifo")

Here you can replace the highlighted sections as per your requirement i.e. the location and size of the pipe file

Execute the above script

# /tmp/change_fifo_size.py
Checking fifo file ....
Pipe size : 65536
Pipe (modified) size : 1048576

So the default fifo file size was 64KB which is increased to 1MB.

I hope the article was useful.

↧

How to build a signed rpm from scratch by building a source archive using Red Hat Linux

May 13, 2018, 2:48 am

≫ Next: How to change rpmbuild (_tmppath) in a spec file (rpmbuild ignored directory) Linux

≪ Previous: How to view and increase the default pipe buffer size in Linux (F_GETPIPE_SZ, F_SETPIPE_SZ)

Below explains every field of an rpm in detail

Understanding an rpm package

There are two types of RPM packages:

source RPM (SRPM)
binary RPM

SRPMs and binary RPMs share the file format and tooling, but have different contents and serve different purposes. An SRPM contains source code, optionally patches to it, and a SPEC file, which describes how to build the source code into a binary RPM. A binary RPM contains the binaries built from the sources and patches.

1. Build Directory Layout

Install necessary rpms which will be used along the way for building our rpm

# yum install rpmdevtools rpm-build rpmsign

To set up a directory layout that is the RPM packaging workspace, use the rpmdev-setuptree utility

# rpmdev-setuptree

Next validate the directory structure

# tree /tmp/rpmbuild/
/tmp/rpmbuild/
├── BUILD
├── RPMS
├── SOURCES
├── SPECS
└── SRPMS

5 directories, 0 files

Below image explains each of the directory and its usage

So now our directory structure is ready, lets start preparing our spec file

2. Create SPEC file

To know in detail about the various arguments used in the spec file follow below link
https://docs.fedoraproject.org/quick-docs/en-US/creating-rpm-packages.html

# vim /tmp/rpmbuild/SPECS/deepak.spec
Name: deepak
Summary: Test Rpm

Version: 1.0.0
Release: 1

Group: GoLinuxHub
License: Not Applicable
URL: http://www.golinuxhub.com
SOURCE0: %{name}-%{version}-%{release}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

%description
This is a test rpm built by Deepak

%prep
%setup -q

%build
#Empty

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}
cp -a * %{buildroot}

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
/test1/file1
/test2/file2

%changelog
* Wed Feb 03 2016 Deepak Prasad - 1.0.0-1
- Created first draft

3. Create Source Directory and Content

Now it is time to create our source directory content which we want to get dumped once the rpm is installed.
Since this is a test rpm I will name it "deepak" and I will create some dummy directories and files which will be part of this rpm.

# cd /tmp

Below will be our source directory with base release number of 1.0.0

# mkdir deepak-1.0.0

Next lets create some dummy files and directories

# mkdir -p deepak-1.0.0/test1/file1
# mkdir -p deepak-1.0.0/test2/file2

4. Create archive file with source content

Create an archive with the above content with a format using planned version and release, for example my spec file contains below

Version: 1.0.0
Release: 1

So my archive name would be deepak-1.0.0-1.tar.gz

# cd /tmp
# tar -czvf /tmp/rpmbuild/SOURCES/deepak-1.0.0-1.tar.gz deepak-1.0.0/*

5. Build RPM

We are all done here, time to build our rpm

NOTE: If you have created your source directories in a different path other than home folder of the user then there are chances that rpmbuild will fail with below error
# rpmbuild -ba deepak.spec
error: File /root/rpmbuild/SOURCES/deepak-1.0.0-1.tar.gz: No such file or directory

Follow below article to change the rpmbuild directory

How to change rpmbuild (_tmppath) in a spec file (rpmbuild ignored directory) Linux

# rpmbuild -ba /tmp/rpmbuild/SPECS/deepak.spec
Executing(%prep): /bin/sh -e /tmp/rpmbuild/tmp/rpm-tmp.p63FqV
+ umask 022
+ cd /tmp/rpmbuild/BUILD
+ cd /tmp/rpmbuild/BUILD
+ rm -rf deepak-1.0.0
+ /usr/bin/gzip -dc /tmp/rpmbuild/SOURCES/deepak-1.0.0-1.tar.gz
+ /usr/bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd deepak-1.0.0
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
Executing(%build): /bin/sh -e /tmp/rpmbuild/tmp/rpm-tmp.Oekwnu
+ umask 022
+ cd /tmp/rpmbuild/BUILD
+ cd deepak-1.0.0
+ exit 0
Executing(%install): /bin/sh -e /tmp/rpmbuild/tmp/rpm-tmp.My9Zk3
+ umask 022
+ cd /tmp/rpmbuild/BUILD
+ '[' /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64 '!=' / ']'
+ rm -rf /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
++ dirname /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
+ mkdir -p /tmp/rpmbuild/BUILDROOT
+ mkdir /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
+ cd deepak-1.0.0
+ rm -rf /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
+ mkdir -p /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
+ cp -a test1 test2 /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
+ /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 110000000 /tmp/rpmbuild/BUILD/deepak-1.0.0
/usr/lib/rpm/sepdebugcrcfix: Updated 0 CRC32s, 0 CRC32s did match.
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-compress
+ /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1
+ /usr/lib/rpm/redhat/brp-python-hardlink
+ /usr/lib/rpm/redhat/brp-java-repack-jars
Processing files: deepak-1.0.0-1.x86_64
Provides: deepak = 1.0.0-1 deepak(x86-64) = 1.0.0-1
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Processing files: deepak-debuginfo-1.0.0-1.x86_64
Provides: deepak-debuginfo = 1.0.0-1 deepak-debuginfo(x86-64) = 1.0.0-1
Requires(rpmlib): rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
Wrote: /tmp/rpmbuild/SRPMS/deepak-1.0.0-1.src.rpm
Wrote: /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
Wrote: /tmp/rpmbuild/RPMS/x86_64/deepak-debuginfo-1.0.0-1.x86_64.rpm
Executing(%clean): /bin/sh -e /tmp/rpmbuild/tmp/rpm-tmp.OipO2Y
+ umask 022
+ cd /tmp/rpmbuild/BUILD
+ cd deepak-1.0.0
+ rm -rf /tmp/rpmbuild/BUILDROOT/deepak-1.0.0-1.x86_64
+ exit 0

All went well and our rpm is placed at

/tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm

Let us check the content of our rpm

# rpm -qlp /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
/test1/file1
/test2/file2

which is as we planned

6. Sign the rpm

Below article explains in detail with

Step by Step Guide on how to sign a key using gpg key (password or password-less) to an rpm in Linux

7. Install and Validate the rpm

Time to install the rpm

# rpm -ivh /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:deepak-1.0.0-1 ################################# [100%]

Below command will tell us the content of the rpm again

# rpm -ql deepak
/test1/file1
/test2/file2

Below command will query and give more information about our rpm

# rpm -qpi /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
Name : deepak
Version : 1.0.0
Release : 1
Architecture: x86_64
Install Date: (not installed)
Group : GoLinuxHub
Size : 0
License : Not Applicable
Signature : (none)
Source RPM : deepak-1.0.0-1.src.rpm
Build Date : Sat 12 May 2018 11:50:43 PM IST
Build Host : golinuxhub-server.example
Relocations : (not relocatable)
URL : http://www.golinuxhub.com
Summary : Test Rpm
Description :
This is a test rpm built by Deepak

I hope the article was useful.

↧

How to change rpmbuild (_tmppath) in a spec file (rpmbuild ignored directory) Linux

May 13, 2018, 2:52 am

≫ Next: How to sign a key using gpg key (password or password-less) to an rpm in Linux

≪ Previous: How to build a signed rpm from scratch by building a source archive using Red Hat Linux

Below article explains in detail

Step by Step Guide to build an rpm from scratch by building a source archive using Red Hat Linux

By default when we attempt to build an rpm, the rpmbuild command will look for the below directories under /root/ or the user home folder

drwxr-xr-x 4 root root 46 May 13 00:55 BUILD
drwxr-xr-x 2 root root 6 May 13 00:55 BUILDROOT
drwxr-xr-x 3 root root 20 May 12 21:07 RPMS
drwxr-xr-x 3 root root 84 May 13 00:32 SOURCES
drwxr-xr-x 2 root root 25 May 13 01:36 SPECS
drwxr-xr-x 2 root root 100 May 13 00:55 SRPMS

But if you have created these under some other path then rpmbuild will most likely fail with below error message

# rpmbuild -ba deepak.spec
error: File /root/rpmbuild/SOURCES/deepak-1.0.0-1.tar.gz: No such file or directory

which mean rpmbuild is looking at the wrong place for the source file

Solution:

To change the location of the sourcepath modify or create a new rpmmacros in the user home folder as shown below

Here I have changed my rpmbuild path

# vim /root/.rpmmacros
%_topdir /tmp/rpmbuild
%_tmppath %{_topdir}/tmp

Save and exit and re-attempt to build the rpm

I hope the article was useful.

↧

How to sign a key using gpg key (password or password-less) to an rpm in Linux

May 13, 2018, 2:55 am

≫ Next: How to execute a script at %pre, %post, %preun or %postun stage (spec file) while installing/upgrading an rpm

≪ Previous: How to change rpmbuild (_tmppath) in a spec file (rpmbuild ignored directory) Linux

In my last article I had shared the steps to build an rpm from scratch

How to build a signed rpm from scratch by building a source archive using Red Hat Linux

In this article I will share the steps to sign GPG key to an rpm

Step 1: Generate GPG key

Execute the below command to generate the key. You can select they key type and bit size as per your requirements.

The highlighted options will be prompted for an input

# gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N)

GnuPG needs to construct a user ID to identify your key.

Real name: GoLinuxHub
Email address: golinuxhub1@gmail.com
Comment: Test
You selected this USER-ID:
"GoLinuxHub (Test) <golinuxhub1@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 5CC4FA77 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/5CC4FA77 2018-05-12
Key fingerprint = 9CDE 27AC C1DD C0F9 8377 F5A9 A605 65CD 5CC4 FA77
uid GoLinuxHub (Test) <golinuxhub1@gmail.com>
sub 2048R/17D27D49 2018-05-12

Here below are the important details for me

GPG Name: GoLinuxHub
GPG Key:5CC4FA77

2. Export Public Key

Export your public key from your key ring to a text file

# gpg --export -a '5CC4FA77'> /root/RPM-GPG-KEY-deepak

3. Import your public key to your RPM DB

# rpm --import /root/RPM-GPG-KEY-deepak

4. Configure your rpmmacros file

Create (if not already exists) rpmmacros file in your home folder and add below content

# vim /root/.rpmmacros
%_gpg_path /root/.gnupg
%_gpg_name GoLinuxHub

5. Add Sign

Next you need to add signature to your rpm

# rpm --resign /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
/tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm:

OR you can also execute below command

# rpm --addsign /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
/tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm:

6. Check Signature

Next validate your signature on the rpm you just assigned

# rpm --checksig /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
/tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm: sha1 md5 OK

OR you can use below command to validate the same

# rpm -K /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
/tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm: sha1 md5 OK

7. Build rpm with signature

If you plan to build any more rpms then you can assign signature while building the same using below command

# rpmbuild -ba --sign /tmp/rpmbuild/SPECS/deepak.spec

Below article explains in detail with

Step by Step guide on how to build a signed rpm from scratch by building a source archive using Red Hat Linux

I hope the article was useful.

↧

How to execute a script at %pre, %post, %preun or %postun stage (spec file) while installing/upgrading an rpm

May 13, 2018, 3:33 am

≫ Next: Tutorial/Cheatsheet: Begineer's Guide to Understanding Device Mapper Multipath for Linux

≪ Previous: How to sign a key using gpg key (password or password-less) to an rpm in Linux

RPM spec files have several sections which allow packages to run code on installation and removal. These bits of code are called scriptlets and are mostly used to update the running system with information from the package.

When scriptlets are called, they will be supplied with an argument. This argument, accessed via $1 (for shell scripts) is the number of packages of this name which will be left on the system when the action completes

All scriptlets MUST exit with the zero exit status.

Ordering

The scriptlets in %pre and %post are respectively run before and after a package is installed. The scriptlets %preun and %postun are run before and after a package is uninstalled. The scriptlets %pretrans and %posttrans are run at start and end of a transaction. On upgrade, the scripts are run in the following order:

%pre of new package
(package install)
%post of new package
%preun of old package
(removal of old package)
%postun of old package

I have created two rpms with two different version having the below content in the spec file

%pre
echo "-------------"
echo "This is pre"
echo "Install Value: $1"
echo "Upgrade Value: $1"
echo "Uninstall Value: $1"
echo "-------------"

%post
echo "-------------"
echo "This is post"
echo "Install Value: $1"
echo "Upgrade Value: $1"
echo "Uninstall Value: $1"
echo "-------------"

%preun
echo "-------------"
echo "This is preun"
echo "Install Value: $1"
echo "Upgrade Value: $1"
echo "Uninstall Value: $1"
echo "-------------"

%postun
echo "-------------"
echo "This is postun"
echo "Install Value: $1"
echo "Upgrade Value: $1"
echo "Uninstall Value: $1"
echo "-------------"

Installing the rpm

Below are the scriplets values when an rpm is installed

# rpm -ivh /tmp/rpmbuild/RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
Preparing... ################################# [100%]
-------------
This is pre
Install Value: 1
Upgrade Value: 1
Uninstall Value: 1
-------------
Updating / installing...
1:deepak-1.0.0-1 ################################# [100%]
-------------
This is post
Install Value: 1
Upgrade Value: 1
Uninstall Value: 1
-------------

Updating the rpm

# rpm -Uvh /tmp/rpmbuild/RPMS/x86_64/deepak-2.0.0-1.x86_64.rpm
Preparing... ################################# [100%]
-------------
This is pre
Install Value: 2
Upgrade Value: 2
Uninstall Value: 2
-------------
Updating / installing...
1:deepak-2.0.0-1 ################################# [ 50%]
-------------
This is post
Install Value: 2
Upgrade Value: 2
Uninstall Value: 2
-------------
-------------
This is preun
Install Value: 1
Upgrade Value: 1
Uninstall Value: 1
-------------
Cleaning up / removing...
2:deepak-1.0.0-1 ################################# [100%]
-------------
This is postun
Install Value: 1
Upgrade Value: 1
Uninstall Value: 1
-------------

Removing an rpm

# rpm -e deepak
-------------
This is preun
Install Value: 0
Upgrade Value: 0
Uninstall Value: 0
-------------
-------------
This is postun
Install Value: 0
Upgrade Value: 0
Uninstall Value: 0
-------------

As as you see now we have the scriplets values which we must use. Below is the consolidated output

So lets use them to put in some scripting

Final Spec File

Time for the final spec file. here replace the respective space with the script content which you want to get executed

I have highlighted the print statements based on the action which will be performed. You can replace those print statements and place your scripts accordingly.

%pre
if [ $1 == 1 ];then
echo "-----------------------"
echo "RPM is getting installed"
echo "Put your script here"
echo "-----------------------"
elif [ $1 == 2 ];then
echo "-----------------------"
echo "RPM is getting upgraded"
echo "Put your script here"
echo "-----------------------"
fi

%post
if [ $1 == 1 ];then
echo "-----------------------"
echo "RPM is getting installed"
echo "Put your script here"
echo "-----------------------"
elif [ $1 == 2 ];then
echo "-----------------------"
echo "RPM is getting upgraded"
echo "Put your script here"
echo "-----------------------"
fi

%preun
if [ $1 == 1 ];then
echo "-----------------------"
echo"RPM is getting upgraded"
echo "Put your script here which will be called when this rpm is removed"
echo "-----------------------"
elif [ $1 == 0 ];then
echo "--------------------"
echo "RPM is getting removed/uninstalled"
echo "Put your script here which will be called before uninstallation of this rpm"
echo "--------------------"
fi

%postun
if [ $1 == 1 ];then
echo "-----------------------"
echo "RPM is getting upgraded"
echo "Put your script here which will be called when this rpm is removed"
echo "-----------------------"
elif [ $1 == 0 ];then
echo "--------------------"
echo "RPM is getting removed/uninstalled"
echo "Put your script here which will be called after uninstallation of this rpm"
echo "--------------------"
fi

Installing an rpm

# rpm -ivh ../RPMS/x86_64/deepak-1.0.0-1.x86_64.rpm
Preparing... ################################# [100%]
-----------------------
RPM is getting installed
Put your script here
-----------------------
Updating / installing...
1:deepak-1.0.0-1 ################################# [100%]
-----------------------
RPM is getting installed
Put your script here
-----------------------

Upgrading an rpm

# rpm -Uvh ../RPMS/x86_64/deepak-2.0.0-1.x86_64.rpm
Preparing... ################################# [100%]
-----------------------
RPM is getting upgraded
Put your script here
-----------------------
Updating / installing...
1:deepak-2.0.0-1 ################################# [ 50%]
-----------------------
RPM is getting upgraded
Put your script here
-----------------------
-----------------------
RPM is getting upgraded
Put your script here which will be called when this rpm is removed
-----------------------
Cleaning up / removing...
2:deepak-1.0.0-1 ################################# [100%]
-----------------------
RPM is getting upgraded
Put your script here which will be called when this rpm is removed
-----------------------

Removing an rpm

# rpm -e deepak
--------------------
RPM is getting removed/uninstalled
Put your script here which will be called before uninstallation of this rpm
--------------------
--------------------
RPM is getting removed/uninstalled
Put your script here which will be called after uninstallation of this rpm
--------------------

I hope the article was useful.

↧

Tutorial/Cheatsheet: Begineer's Guide to Understanding Device Mapper Multipath for Linux

May 24, 2018, 9:56 am

≫ Next: How to check the number of HBA cards or ports are available in my Linux setup ?

≪ Previous: How to execute a script at %pre, %post, %preun or %postun stage (spec file) while installing/upgrading an rpm

Before starting with going into the various commands we use for multipath let me give you a overview of multipath

Without DM Multipath, each path from a server node to a storage controller is treated by the system as a separate device, even when the I/O path connects the same server node to the same storage controller. DM Multipath provides a way of organizing the I/O paths logically, by creating a single multipath device on top of the underlying devices.

To make multipath work make sure below module is loaded

# lsmod | grep dm_multipath
dm_multipath 27427 4 dm_round_robin,dm_service_time

# modinfo dm_multipath
filename: /lib/modules/3.10.0-693.21.1.el7.x86_64/kernel/drivers/md/dm-multipath.ko.xz
license: GPL
author: Sistina Software <dm-devel@redhat.com>
description: device-mapper multipath target
retpoline: Y
rhelversion: 7.4
srcversion: 063067F9F167E7B653A4773
depends: dm-mod
intree: Y
vermagic: 3.10.0-693.21.1.el7.x86_64 SMP mod_unload modversions
signer: Red Hat Enterprise Linux kernel signing key
sig_key: B1:C3:31:09:FB:DA:94:AD:2F:E1:E8:E5:C1:E5:52:BD:22:57:60:FE
sig_hashalgo: sha256

Below is the main device mapper rpm

device-mapper-multipath
device-mapper

NOTE: These rpms will also bring in multiple dependencies so it is recommended to use yum for instaling these rpms

Main configuration file

/etc/multipath.conf

Viewing the connected and scanned multipath devices

# multipath -l

Get the WWID of the connected/scanned LUN

Each multipath device has a World Wide Identifier (WWID), which is guaranteed to be globally unique and unchanging.

You can get the WWID using below commands

# multipath -l | grep dm
3600c0ff00013b88f9058e35a01000000 dm-0 HP ,P2000 G3 FC
3600c0ff00013b88f9c58e35a01000000 dm-6 HP ,P2000 G3 FC

OR using below command

# ls -ld /dev/disk/by-id/scsi-*
lrwxrwxrwx 1 root root 9 May 22 18:29 /dev/disk/by-id/scsi-3600c0ff00013b88f9058e35a01000000 -> ../../sde
lrwxrwxrwx 1 root root 9 May 22 18:29 /dev/disk/by-id/scsi-3600c0ff00013b88f9c58e35a01000000 -> ../../sdd

Get the WWID of the disks

# lsscsi --scsi_id
[0:0:0:0] disk HP P2000 G3 FC T252 /dev/sda 3600c0ff00013b88f9058e35a01000000
[0:0:0:1] disk HP P2000 G3 FC T252 /dev/sdb 3600c0ff00013b88f9c58e35a01000000
[0:0:1:0] disk HP P2000 G3 FC T252 /dev/sdc 3600c0ff00013b88f9058e35a01000000
[0:0:1:1] disk HP P2000 G3 FC T252 /dev/sdd 3600c0ff00013b88f9c58e35a01000000
[1:0:0:0] disk HP P2000 G3 FC T252 /dev/sde 3600c0ff00013b88f9058e35a01000000
[1:0:0:1] disk HP P2000 G3 FC T252 /dev/sdf 3600c0ff00013b88f9c58e35a01000000
[1:0:1:0] disk HP P2000 G3 FC T252 /dev/sdg 3600c0ff00013b88f9058e35a01000000
[1:0:1:1] disk HP P2000 G3 FC T252 /dev/sdh 3600c0ff00013b88f9c58e35a01000000

To get the WWID of the disks you can also use below command

# /usr/lib/udev/scsi_id -g -u -d /dev/sda
3600c0ff00013b88f9058e35a01000000

Get the list of disks mapped via HBA to the Linux box

A node with two HBAs attached to a storage controller with two ports by means of a single unzoned FC switch sees four devices: /dev/sda, /dev/sdb, dev/sdc, and /dev/sdd. DM Multipath creates a single device with a unique WWID that reroutes I/O to those four underlying devices according to the multipath configuration.

For our case since we have two LUNs connected to the Linux box hence we see 8 devices

# ls -ld /sys/block/sd*/device
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sda/device -> ../../../0:0:0:0
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sdb/device -> ../../../0:0:0:1
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sdc/device -> ../../../0:0:1:0
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sdd/device -> ../../../0:0:1:1
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sde/device -> ../../../1:0:0:0
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sdf/device -> ../../../1:0:0:1
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sdg/device -> ../../../1:0:1:0
lrwxrwxrwx 1 root root 0 May 22 18:29 /sys/block/sdh/device -> ../../../1:0:1:1

The same can be seen via below command where LUN to device mapping does easier on the eyes

# ls -l /dev/disk/by-path/
total 0
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.2-fc-0x207000c0ff13d3a7-lun-0 -> ../../sda
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.2-fc-0x207000c0ff13d3a7-lun-1 -> ../../sdb
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.2-fc-0x247000c0ff13d3a7-lun-0 -> ../../sdc
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.2-fc-0x247000c0ff13d3a7-lun-1 -> ../../sdd
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.3-fc-0x217000c0ff13d3a7-lun-0 -> ../../sdg
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.3-fc-0x217000c0ff13d3a7-lun-1 -> ../../sdh
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.3-fc-0x257000c0ff13d3a7-lun-0 -> ../../sde
lrwxrwxrwx 1 root root 9 May 22 18:29 pci-0000:04:00.3-fc-0x257000c0ff13d3a7-lun-1 -> ../../sdf

Understanding the Device ID

In multipath output we see below highlighted entry being used

# multipath -l
3600c0ff00013b88f9058e35a01000000 dm-0 HP ,P2000 G3 FC
size=102G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=active
| |- 0:0:0:0 sda 8:0 active undef unknown
| `- 1:0:1:0 sdg 8:96 active undef unknown
`-+- policy='service-time 0' prio=0 status=enabled
|- 0:0:1:0 sdc 8:32 active undef unknown
`- 1:0:0:0 sde 8:64 active undef unknown
3600c0ff00013b88f9c58e35a01000000 dm-6 HP ,P2000 G3 FC
size=359G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=active
| |- 0:0:0:1 sdb 8:16 active undef unknown
| `- 1:0:1:1 sdh 8:112 active undef unknown
`-+- policy='service-time 0' prio=0 status=enabled
|- 0:0:1:1 sdd 8:48 active undef unknown
`- 1:0:0:1 sdf 8:80 active undef unknown

Below value explains what each field means

1:0:0:1
^ ^ ^ ^
| | | |

H C T L

Where H is the HBA number, C is the channel on the HBA, T is the SCSI target ID, and L is the LUN from the Storage.

Flush/Remove all the multipath device

# multipath -F

Flush/Remove selected multipath device.

First of all the the WWID of the multipath device which you want to flush using multipath -ll

# multipath -ll
3600c0ff00013b88fdc53e35a01000000 dm-0 HP ,P2000 G3 FC
size=186G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=50 status=active
| |- 1:0:0:0 sda 8:0 active ready running
| `- 2:0:1:0 sdd 8:48 active ready running
`-+- policy='service-time 0' prio=10 status=enabled
|- 1:0:1:0 sdb 8:16 active ready running
`- 2:0:0:0 sdc 8:32 active ready running

Next flush the selected multipath using below command

# multipath -f 3600c0ff000144876065be35a01000000

NOTE: This multipath must not be in used state

Show the existing configuration in detail

Below command will show the existing configuration loaded on your Linux box

# multipathd show config
defaults {
verbosity 2
polling_interval 5
max_polling_interval 20
reassign_maps "yes"
multipath_dir "/lib64/multipath"
path_selector "service-time 0"
path_grouping_policy "failover"
uid_attribute "ID_SERIAL"
prio "const"
prio_args ""
features "0"
path_checker "directio"
alias_prefix "mpath"
failback "immediate"
rr_min_io 1000
rr_min_io_rq 1
max_fds 1048576
rr_weight "uniform"
queue_without_daemon "no"
flush_on_last_del "no"
user_friendly_names "no"
fast_io_fail_tmo 5
bindings_file "/etc/multipath/bindings"
wwids_file /etc/multipath/wwids
prkeys_file /etc/multipath/prkeys
log_checker_err always
find_multipaths no
retain_attached_hw_handler no
detect_prio no
detect_path_checker no
hw_str_match no
force_sync no
deferred_remove no
ignore_new_boot_devs no
skip_kpartx no
config_dir "/etc/multipath/conf.d"
delay_watch_checks no
delay_wait_checks no
retrigger_tries 3
retrigger_delay 10
missing_uev_wait_timeout 30
new_bindings_in_boot no
remove_retries 0
disable_changed_wwids no
unpriv_sgio no
}
blacklist {
devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
devnode "^hd[a-z][[0-9]*]"
devnode "^cciss!c[0-9]d[0-9]*[p[0-9]*]"
devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
devnode "^(td|hd|vd)[a-z]"
devnode "^dcssblk[0-9]*"
device {
vendor "DGC"
product "LUNZ"
}
device {
vendor "EMC"
product "LUNZ"
}
device {
vendor "IBM"
product "Universal Xport"
}
device {
vendor "IBM"
product "S/390.*"
}
device {
vendor "DELL"
product "Universal Xport"
}
device {
vendor "SGI"
product "Universal Xport"
}
device {
vendor "STK"
product "Universal Xport"
}
device {
vendor "SUN"
product "Universal Xport"
}
device {
vendor "(NETAPP|LSI|ENGENIO)"
product "Universal Xport"
}
}
blacklist_exceptions {
}
devices {
device {
vendor "HP"
product "MSA2012sa|MSA23(12|24)(fc|i|sa)|MSA2000s VOLUME"
path_grouping_policy "group_by_prio"
path_checker "tur"
features "0"
hardware_handler "0"
prio "alua"
failback immediate
rr_weight "uniform"
no_path_retry 18
rr_min_io 100
}
device {
vendor "HP"
product "MSA (1|2)040 SA(N|S)"
path_grouping_policy "group_by_prio"
path_checker "tur"
features "0"
hardware_handler "0"
prio "alua"
failback immediate
rr_weight "uniform"
no_path_retry 18
rr_min_io 100
}
device {
vendor "HP"
product "HSVX700"
path_grouping_policy "group_by_prio"
path_checker "tur"
features "0"
hardware_handler "1 alua"
prio "alua"
failback immediate
rr_weight "uniform"
no_path_retry 12
rr_min_io 100
}
device {
vendor "HP"
product "LOGICAL VOLUME.*"
path_grouping_policy "multibus"
path_checker "tur"
features "0"
hardware_handler "0"
prio "const"
rr_weight "uniform"
no_path_retry 12
}
device {
vendor "HP"
product "P2000 G3 FC|P2000G3 FC/iSCSI|P2000 G3 SAS|P2000 G3 iSCSI"
path_grouping_policy "group_by_prio"
path_checker "tur"
features "0"
hardware_handler "0"
prio "alua"
failback immediate
rr_weight "uniform"
no_path_retry 18
rr_min_io 100
}
device {
vendor "IBM"
product "^1722-600"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "1 queue_if_no_path"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry 300
}
device {
vendor "IBM"
product "^1724"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "1 queue_if_no_path"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry 300
}
device {
vendor "IBM"
product "^1726"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "1 queue_if_no_path"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry 300
}
device {
vendor "IBM"
product "^1742"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "0"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry "queue"
}
device {
vendor "IBM"
product "^1745|^1746"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "2 pg_init_retries 50"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry 15
}
device {
vendor "IBM"
product "^1814"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "0"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry "queue"
}
device {
vendor "IBM"
product "^1815"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "0"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry "queue"
}
device {
vendor "IBM"
product "^1818"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "0"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry "queue"
}
device {
vendor "IBM"
product "^3526"
product_blacklist "Universal Xport"
path_grouping_policy "group_by_prio"
path_checker "rdac"
features "0"
hardware_handler "1 rdac"
prio "rdac"
failback immediate
rr_weight "uniform"
no_path_retry "queue"
}
device {
vendor "IBM"
product "^3542"
path_grouping_policy "group_by_serial"
path_checker "tur"
features "0"
hardware_handler "0"
prio "const"
rr_weight "uniform"
}
device {
vendor "IBM"
product "^2105800"
path_grouping_policy "group_by_serial"
path_checker "tur"
features "1 queue_if_no_path"
hardware_handler "0"
prio "const"
rr_weight "uniform"
}
device {
vendor "IBM"
product "2810XIV"
path_grouping_policy "multibus"
path_checker "tur"
features "1 queue_if_no_path"
hardware_handler "0"
prio "const"
failback 15
rr_weight "uniform"
rr_min_io 15
}
device {
vendor "AIX"
product "VDASD"
path_grouping_policy "multibus"
path_checker "directio"
features "0"
hardware_handler "0"
prio "const"
failback immediate
rr_weight "uniform"
no_path_retry 60
}
device {
vendor "PURE"
product "FlashArray"
path_grouping_policy "multibus"
path_selector "queue-length 0"
path_checker "tur"
features "0"
hardware_handler "0"
prio "const"
failback immediate
fast_io_fail_tmo 10
dev_loss_tmo 60
user_friendly_names no
}
device {
vendor "HUAWEI"
product "XSG1"
path_grouping_policy "multibus"
path_checker "tur"
features "0"
hardware_handler "0"
failback immediate
}
device {
vendor "Ceph"
product "RBD"
path_grouping_policy "failover"
path_checker "rbd"
no_path_retry "fail"
}
}
multipaths {
}

Get complete HBA details

systool uses APIs provided by libsysfs to gather information and will give detailed information about the available HBA and the LUN status

NOTE: systool is delivered with sysfsutils rpm so make sure it is installed before using this tool

# systool -c fc_host -v
Class = "fc_host"

Class Device = "host0"
Class Device path = "/sys/devices/pci0000:00/0000:00:02.0/0000:04:00.2/host0/fc_host/host0"
active_fc4s = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 "
dev_loss_tmo = "30"
fabric_name = "0x2003547fee1188d9"
issue_lip = <store method only>
max_npiv_vports = "255"
maxframe_size = "2048 bytes"
node_name = "0x50060b0000c2a67d"
npiv_vports_inuse = "0"
port_id = "0x310305"
port_name = "0x50060b0000c2a67c"
port_state = "Online"
port_type = "NPort (fabric via point-to-point)"
speed = "unknown"
supported_classes = "Class 3"
supported_fc4s = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 "
supported_speeds = "10 Gbit"
symbolic_name = "Emulex 554FLB FV11.1.183.23 DV11.2.0.6 HN:ban33-be002-2b OS:Linux"
tgtid_bind_type = "wwpn (World Wide Port Name)"
uevent =
vport_create = <store method only>
vport_delete = <store method only>

Device = "host0"
Device path = "/sys/devices/pci0000:00/0000:00:02.0/0000:04:00.2/host0"
uevent = "DEVTYPE=scsi_host"

Class Device = "host1"
Class Device path = "/sys/devices/pci0000:00/0000:00:02.0/0000:04:00.3/host1/fc_host/host1"
active_fc4s = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 "
dev_loss_tmo = "30"
fabric_name = "0x2003547fee357a81"
issue_lip = <store method only>
max_npiv_vports = "255"
maxframe_size = "2048 bytes"
node_name = "0x50060b0000c2a67f"
npiv_vports_inuse = "0"
port_id = "0x25030f"
port_name = "0x50060b0000c2a67e"
port_state = "Online"
port_type = "NPort (fabric via point-to-point)"
speed = "unknown"
supported_classes = "Class 3"
supported_fc4s = "0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 "
supported_speeds = "10 Gbit"
symbolic_name = "Emulex 554FLB FV11.1.183.23 DV11.2.0.6 HN:ban33-be002-2b OS:Linux"
tgtid_bind_type = "wwpn (World Wide Port Name)"
uevent =
vport_create = <store method only>
vport_delete = <store method only>

Device = "host1"
Device path = "/sys/devices/pci0000:00/0000:00:02.0/0000:04:00.3/host1"
uevent = "DEVTYPE=scsi_host"

This tool can also be used to get other values using below syntax

To get the port name

# systool -c fc_host -A port_name
Class = "fc_host"

Class Device = "host0"
port_name = "0x50060b0000c2a67c"

Device = "host0"

Class Device = "host1"
port_name = "0x50060b0000c2a67e"

Device = "host1"

To get the port id

# systool -c fc_host -A port_id
Class = "fc_host"

Class Device = "host0"
port_id = "0x310305"

Device = "host0"

Class Device = "host1"
port_id = "0x25030f"

Device = "host1"

Show the existing configuration in brief

This is an alternate command which can be used to check the loaded configuration for selected values as shown below.

# mpathconf
multipath is enabled
find_multipaths is disabled
user_friendly_names is enabled
dm_multipath module is loaded
multipathd is running

Using user friendly names for multipath

Each multipath device has a World Wide Identifier (WWID), which is guaranteed to be globally unique and unchanging. By default, the name of a multipath device is set to its WWID. Alternately, you can set the user_friendly_names option in the multipath configuration file, which sets the alias to a nodeunique name of the form mpathn

With user_friendly name disabled we will only see the WWID of the multipath connected

# multipath -l
3600c0ff000144876f85ae35a01000000 dm-0 HP ,P2000 G3 FC
size=102G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=active
| `- 2:0:0:0 sda 8:0 active undef unknown
`-+- policy='service-time 0' prio=0 status=enabled
`- 2:0:1:0 sdc 8:32 active undef unknown
3600c0ff000144876065be35a01000000 dm-6 HP ,P2000 G3 FC
size=359G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=active
| `- 2:0:0:1 sdb 8:16 active undef unknown
`-+- policy='service-time 0' prio=0 status=enabled
`- 2:0:1:1 sdd 8:48 active undef unknown

Next enable user_friendly name

# /sbin/mpathconf --user_friendly_names y

Check the multipath

# multipath -l
mpathb (3600c0ff000144876065be35a01000000) dm-6 HP ,P2000 G3 FC
size=359G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=active
| `- 2:0:0:1 sdb 8:16 active undef unknown
`-+- policy='service-time 0' prio=0 status=enabled
`- 2:0:1:1 sdd 8:48 active undef unknown
mpatha (3600c0ff000144876f85ae35a01000000) dm-0 HP ,P2000 G3 FC
size=102G features='1 queue_if_no_path' hwhandler='0' wp=rw
|-+- policy='service-time 0' prio=0 status=active
| `- 2:0:0:0 sda 8:0 active undef unknown
`-+- policy='service-time 0' prio=0 status=enabled
`- 2:0:1:0 sdc 8:32 active undef unknown

The mapping is done using /etc/multipath/bindings.

Check the number of HBA on your Linux box

# ls -l /sys/class/fc_host/
total 0
lrwxrwxrwx 1 root root 0 May 22 18:29 host0 -> ../../devices/pci0000:00/0000:00:02.0/0000:04:00.2/host0/fc_host/host0
lrwxrwxrwx 1 root root 0 May 22 18:29 host1 -> ../../devices/pci0000:00/0000:00:02.0/0000:04:00.3/host1/fc_host/host1

You can also check the same using

# lspci -nn |grep -i "Fibre"
04:00.2 Fibre Channel [0c04]: Emulex Corporation OneConnect 10Gb FCoE Initiator (be3) [19a2:0714] (rev 01)
04:00.3 Fibre Channel [0c04]: Emulex Corporation OneConnect 10Gb FCoE Initiator (be3) [19a2:0714] (rev 01)

On some Linux variant you can also grep for HBA

# lspci -nn |grep -i "HBA"

So here I have two HBA

Check the WWPN of the multipath

A worldwide port number (WWPN) is unique identifier for each FC port of any Fibre Channel device.

For server, we have a WWPN for each port of the HBA.
For a SAN switch, the WWPN is available for each port in the chassis.
For Storage, each host port has an individual WWPN

Here we have two HBA so each HBA will have unique World Wide Port Name (WWPN) which will be connected to the SAN switch then to the Storage Box.

From my Linux Box

# cat /sys/class/fc_host/host0/port_name
0x50060b0000c2a67c

# cat /sys/class/fc_host/host1/port_name
0x50060b0000c2a67e

These are the WWPN number.

Check the WWNN of the multipath

A worldwide node name (WWNN) is a globally unique 64-bit identifier that is assigned to each Fibre Channel node or device.

For servers and hosts, WWNN is unique for each HBA (host bus adapter), and in a case of a server with two HBAs, they have two WWNNs.
For a SAN switch, the WWNN is a common for the chassis.
For storage, the WWNN is common for each controller unit of midrage storage

Since here I have two HBA hence there are two WWNN for each HBA

From my Linux Box

# cat /sys/class/fc_host/host1/node_name
0x50060b0000c2a67f

# cat /sys/class/fc_host/host0/node_name
0x50060b0000c2a67d

Perform rescan of the connected HBA for new LUNs

If you have new LUNs connected to your Linux box then you will need to rescan the HBA

Assuming you know the WWPN for which the new LUN was added

# echo 1 > /sys/class/fc_host/host2/issue_lip

# systemctl reload multipathd

# multipath -v2

Next validate if the new LUN is visible using

# multipath -ll

Blacklist a device

Create a function like below in /etc/multipath.conf where you can give the list of devices which you wish to blacklist

Here I am blacklisting multiple devices which I do not wish to be created as multipath

blacklist {
devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"
devnode "^hd[a-z][[0-9]*]"
devnode "^cciss!c[0-9]d[0-9]*[p[0-9]*]"
}

To blacklist using WWID

You can get the WWID of a device using below command

# /usr/lib/udev/scsi_id -g -u -d /dev/sda
3600c0ff000144876f85ae35a01000000

Here we are blacklisting /dev/sda which is our internal disk and I donot want it to be a multipath

blacklist {
wwid 3600c0ff000144876f85ae35a01000000
}

Perform a multipathd reload to take the changes affect

# systemctl reload multipathd.service

Add blacklist exception for selected disks

Similar to blacklisting we can also add a blacklist exception so that these devices are not blacklisted

Add below function in /etc/multipath.conf with the list of wwid which you wish to add as an exception for blacklist

blacklist_exceptions {
wwid "3600d0230000000000e13955cc3757803"
}

Followed by reload of multipathd

# systemctl reload multipathd.service

Change configuration (path selector) of the multipath device

Add your choice of path_selector in /etc/multipath.conf as shown below

defaults {
user_friendly_names yes
failback immediate
path_selector "round-robin 0"
}

Either you add it under defaults function or you can add a device function if you wish to add to change path selector only for a selected device

devices {
device {
vendor "HP"
product "P2000 G3 FC|P2000G3 FC/iSCSI|P2000 G3 SAS|P2000 G3 iSCSI"
path_grouping_policy "failover"
path_selector "round-robin 0"
}
}

NOTE: You can get the device detail from "multipathd show config"

Add below changes

devices {
device {
vendor "HP"
product "P2000 G3 FC|P2000G3 FC/iSCSI|P2000 G3 SAS|P2000 G3 iSCSI"
user_friendly_names yes
}
}

I hope the article was useful

↧