Linux.com

Community Blogs



Simple Kexec example

Some time ago I was helping a friend with some kexec problems and written some notes on how to use it - here a CentOS based server was used, but the process should be pretty similiar also for other distributions. The main advantage is in skipping the BIOS init part which on servers takes quite some time. I personally use it for the gateway server (it has also other functions, like dns, dhcp, openvpn server) and testing servers reboots with minimal downtime. A nice kexec description is on its man page:

kexec is a system call that enables you to load and boot into another kernel from the currently running kernel. kexec performs the function of the boot loader from within the kernel. The primary difference between a standard system boot and a kexec boot is that the hardware initialization normally performed by the BIOS or firmware (depending on architecture) is not performed during a kexec boot. This has the effect of reducing the time required for a reboot.

CentOS, Fedora users can install it using yum:

[root@cent:~]# yum install kexec-tools

To switch between kernels you have to install a new one, here for example after running a ''yum update'' also a new kernel was installed - the 2.6.18-194.11.4.el5 version.

[root@cent:~]# yum update
[...]
Installed:
  kernel.x86_64 0:2.6.18-194.11.4.el5  kernel-devel.x86_64 0:2.6.18-194.11.4.el5
[...]

Current kernel is 2.6.18-194.11.3.el5

[root@cent:~]# uname -r
2.6.18-194.11.3.el5

For kexec, kernel and initrd path will be specified; paths (not full) can be found for example in the grub.conf file which was already updated.

[root@cent:~]# cat /etc/grub.conf
[...]
title CentOS (2.6.18-194.11.4.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-194.11.4.el5 ro root=LABEL=/
        initrd /initrd-2.6.18-194.11.4.el5.img
title CentOS (2.6.18-194.11.3.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-194.11.3.el5 ro root=LABEL=/
        initrd /initrd-2.6.18-194.11.3.el5.img
[...]

Also the arguments passed to the kernel at boot time are needed, you can look at your current arguments in the /proc/cmdline file. Later these same arguments will be given for the new kernel.

[root@cent:~]# cat /proc/cmdline
ro root=LABEL=/

Now to load the new kernel:

[root@cent:~]# kexec -l /boot/vmlinuz-2.6.18-194.11.4.el5 
--initrd=/boot/initrd-2.6.18-194.11.4.el5.img 
--command-line="$( cat /proc/cmdline )"

Start the magic and boot to the new loaded kernel:

[root@cent:~]# kexec -e

Hope this post will be helpful and inspire others to some kexec experiments :)

 

Midnight Commander Notes

Midnight commander is a popular file manager available from repositories in almost all major Linux distributions. Many new users find it difficult to work on servers only from command line so midnight commander is a welcomed help. Here are some tips and notes how to use this tool together with my most used shortcuts that I used to give users that never worked with it before. As always for a complete list of keyboard shortcuts and much more man mc or info mc should work.

 

Usage tips

To start midnight commander simply type mc.

[podlevak@55cent:~]$ mc

 

If you want the panels pointing to some specific directories append a path (or two) after the mc:

[podlevak@55cent:~]$ mc /etc/httpd/ /var/log/

 

To go back to command line you don't have to quit midnight commander with F10 - on most shells, here bash is used, ctrl-z will put mc into background and it can be put back to foreground with fg command.

[podlevak@55cent:~]$ mc /etc/httpd/ /var/log/

[1]+  Stopped                 /usr/bin/mc -P "$MC_PWD_FILE" "$@"

[podlevak@55cent:~]$ fg

Another way is using the ctrl-o shortcut for hiding the panels; to show them press ctrl-o again.

 

Midnight commander comes with an integrated editor and viewer - you can use them also directly:

[podlevak@55cent:~]$ mcview /etc/hosts

[podlevak@55cent:~]$ mcedit new_file

 

Shortcuts

I've divided the shortcuts into three groups according to their usage. A little note on how to use them:

  1. when using a shortcut like ctrl-r, hold down the control key and then press the r key
  2. for shortcut like ctrl-x-o hold down the control key and then press the x key, let go and press the o key

File manipulation and shell commands

  • ctrl-x-c change permissions
  • ctrl-x-o change owner
  • ctrl-x-s create symlink
  • ctrl-x-ctrl-s edit symlink
  • esc-tab completion, like tab in shell
  • alt-s search in active panel, after pressing keys just write
  • alt-p previous entered command
  • alt-n next entered command
  • ctrl-space show directory size
  • ctrl-x-i shows file / directory info, press again to return to panel
  • ctrl-x-q quick view - view content of files in a preview window (F7 for search works), press again to return to panel

Displaying content

  • ctrl-o turn off/hide the panels, 2x turns them on
  • ctrl-r rescan (refresh active panel)
  • ctrl-u flip panels
  • alt-o open path in other panel
  • ctrl- frequently used directories, directory hot-list

Selecting

  • Insert select single file
  • * (asterisk) select all files, 2x un-selects if all files were selected, or inverts selection if files were selected (using a mask or insert)
  • + (plus) select mask, regular expression can be used
  • - (minus) un-select mask, regular expression can be used
 

VPN-O-Rama : IPCop to PFSense with IPSec

Introduction

Here's another episode of my VPN saga, this time we'll connect IPCop to PFSense with IPSec.

Just few words about PFSense (http://www.pfsense.org/) if you don't know it; I've always used BSD and I'm a big fan of it, OK we're in a Linux site but many of you may possibly argue about BSD proof of scalability, stability, security, simplicity (IMHO) and networking capabilities (even after recent events, fake or not).

BSD PF (http://www.openbsd.org/faq/pf/) (Packet Filter) if a great technology and I totally love it, I don't want to start a flame war between Packet Filter and IPTables, this article is just focused on building an IPSec connection between Linux and a particular BSD distro (PFSense). I've done some research after dealing with M0n0wall, Smoothwall and so on and I've decided to give PFSense a try. It's one of my favorite firewall distributions, SOHO installations but even heavy duty connections and features (NAT traversal or load balancing for example), it's not a project for hobbyists, it may scale to business class installations easily.

Following this “VPN by examples” guide I'll connect PFSense to IPCop with an IPSec connection, both machines have static IP addresses, in later examples I'll use even dynamic IPs; I didn't find anything related to IPCop to PFSense available on the web so I've decided to publish my documentation with a lot of screenshots as usual.

 

This article will follow my previous “VPN-O-Rama: IPCop to IPCop with IPSec” (http://www.linux.com/community/blogs/vpn-o-rama-ipcop-to-ipcop-with-ipsec.html) and I'll add a new machine to the same network, so it will be:

 

Network topology:

 

Office

Network

Subnet

Headquarter (Coruscant)

10.0.2.0

255.255.255.0

Subsidiary 1 (Alderaan)

10.0.3.0

255.255.255.0

Subsidiary 1 (Tatooine)

10.0.4.0

255.255.255.0

 

 

Firewalls:

 

Location/Name

Firewall Distro

Private IP (LAN)

Public IP (WAN)

Coruscant

IPCop v1.4.21

10.0.2.94

10.0.0.94

Alderaan

IPCop v1.4.21

10.0.3.95

10.0.0.95

Tatooine

PFSense v1.2.3

10.0.4.96

10.0.0.96

 

 

I've skipped PFSense installation process to focus on a ready new installed PFSense machine named Tatooine, let me know if you need an article on it.

 

My Goal

 

I'd like to achieve an IPSec connection between two static machines (Tatooine and Coruscant), no firewalls or other port blocking rules on public WAN between these two firewalls, variations on this task may follow on following articles

 

PFSense Configuration

Here's PFSense main GUI in the private network example:

 

WARNING:

Before every configuration please consider we're creating an example and we're using private networks (10.0.0.0 Class A IPs on WAN), on PFSense there's an option made for blocking private network traffic on WAN, before starting with our example you need to disable this rule ! Under Menu Interfaces / WAN there's an option named “Block private networks”. Just forget it if you're using a real network on public classes (on WAN), see screenshot and disable this rule if you're in my case

 

Now go under VPN menu, option IPSec

Enable “Enable IPSec” check box and hit “Save” button, see:

 

then click the “Add tunnel” icon on the right side of the page, now you've a new page where you can specify VPN tunnel options. Here's what I've done:

General parameters (PFSense related)

  • Tunnel enabled, so disable this tunnel check box is unchecked

  • Interface WAN, in my case I need to use WAN to reach remote subnet

  • DPD interval (dead peer detection), in my case 60 seconds (it should be enough for everyone)

  • Remote Subnet, in this example is 10.0.2.0 (Coruscant network) with a 24 bit mask (255.255.255.0)

  • Remote Gateway, in this example is 10.0.0.94 (Coruscant firewall on public network)

 

VPN Phase 1 Authentication (VPN Parameters for phase 1)

  • Negotiation Mode, set to “main

  • My Identifier, left as it is (my IP address). In my case I've a quite easy network connection with two static IP addresses, no NAT traversal or other stuff around. We'll see advanced configurations with NAT and dynamic IP addresses the next time

  • Encryption algorithm, I'm using Blowfish, much better than 3DES. Please remember all your parameters, they must match settings chosen on the remote side

  • Hash algorithm, MD5 for hashing, I've chosen MD5 here and on IPCop side

Let me show you first page with parameters from above

 

Let's go on with:

  • DH key group, select option “5” (on IPCop I've chosen 1536 bits)

  • Lifetime, set it to 3600 seconds (1 hour)

  • Authentication Method, I'm now using “pre-shared key”, CA (Certification Authorities) are not available as native services on PFSense. Developers are focusing their software on firewall features and I respect their ideas related on keeping CAs outside even if it would be great to have something inside (like IPCop and other Linux distros). Creating a CA from scratch on an another PC requires a lot of time and it's out of this article tasks, I'll write down some notes on it if you need it. To keep things as simple as I can I've chosen to use Pre Shared Key, this is not a roadwarrior connection but a connection between two offices so it's something a common user never see

  • Pre-Shared Key, I'm using “12345” (“I've got the same combination on my luggage” cit.: http://en.wikiquote.org/wiki/Spaceballs )

And here's another shot:

 

VPN Phase 2 proposal (SA/Key Exchange)

Here's the second round of a VPN connection: key proposal and exchange, here are my parameters:

  • Protocol: ESP, encryption

  • Encryption algorithms, I'm using Blowfish, I've disabled everything else to avoid confusion so VPN server avoids even their proposal

  • Hash algorithms, SHA1 and MD5, keep them as they are

  • PFS key group, we're using 1536 bit so option “5” is the way to go

  • Lifetime, is 28800 (8 hours)

No keep alive host, use something if you detect drops on your line

Here's my shot:

I'll repeat it again, please keep in mind all these parameters are mandatory , you need to fill them even if PFSense tells you they're optionals and even more important: write them to a notepad and report them as they are on the IPCop side.

 

Finally hit SAVE button to create your VPN connection, now on the VPN:IPSec page hit Apply Changes button to confirm your new VPN connection.

 

IPCop Configuration

Now it's time to create the VPN connection on the IPCop side, back again on Coruscant, you'll probably see past article information (http://www.linux.com/community/blogs/vpn-o-rama-ipcop-to-ipcop-with-ipsec.html) but we don't care.

On VPNs menu, VPNs option here's the situation:

now press “Add” button in the middle of the screen to create a new PSK VPN connection with IPSec and select Net-to-Net Virtual Private Network to continue, we want to connect these two nets, then press Add to go on (see screenshot)

Here are the parameters for this VPN connection:

  • Name, Tatooine. The name of your VPN connection, choose the name you want, it really doesn't matter

  • Host IP Address: 10.0.0.94. Where VPN starts: red interface, WAN (see previous information about it)

  • Remote Host/IP: 10.0.0.96. Where your remote firewall (Tatooine) is, static IP address in my case

  • Local Subnet: 10.0.2.0/255.255.255.0 It should be already set to your own subnet LAN on Coruscant network

  • Remote Subnet: 10.0.4.0/255.255.255.0 Tatooine network information for our example

  • Check “Edit advanced settings when done” check box because you need to deal with Phase 1 & 2 advanced parameters for VPN settings, important

  • In authentication window below select “Use a Pre-Shared key” and enter “12345” as the PSK password (please choose a different one on real cases, we already have Spaceballs http://en.wikiquote.org/wiki/Spaceballs)

Here's another shot

 

Then hit Save on the bottom of the page to edit advanced settings.

Now You're in the advanced settings page where you can specify connection parameters for phase 1 & 2 (VPN)

Here you need to set:

Phase 1

  • IKE Encryption to Blowfish (both 256bit and 128bit)

  • IKE Integrity to SHA1 and MD5

  • IKE Grouptype to MODP-1536 (remember 1536 bit above ???)

  • IKE Lifetime to 1 hour

Phase 2

  • ESP Encryption to Blowfish (both 256bit and 128bit)

  • ESP Integrity to SHA1 and MD5

  • ESP Grouptype to MODP-1536

  • ESP Keylife to 8 hours

Keep additional parameters (checkboxes below) as they are, so everything unchecked except "Perfect Forward Secrecy (PFS)"

See screenshot for details

Now under main VPN menu on IPCop wait for a while (how much ? a while...) and you'll probably see something like that (open status is green)


 

On PFSense side you need to go to Status menu, IPSec option and in the Overview tab you'll see this (status with green arrow is for the on line link):

 

As you may see from this example all efforts are related to match proper VPN parameters, phase 1 and phase 2 settings needs to have same values on both sides, it's also important to mention IKE lifetime and keylife, if they don't match you don't even have the connection.

 

I hope this guide could be pretty clear for anyone, I've tried to search something like that when I was dealing with my first connection but unlikely I didn't found anything on the web.

 

Please let me know if you need further details on this connection, in the next episodes I'll show you some variations of this Config and I'll connect new distros as well, share your comments if any

 

Previous:
VPN-O-Rama: VPNs intro, practical HOWTOs
VPN-O-Rama: IPCop to IPCop with IPSec

Next:
IPSec connection between a static and dynamic IP Address



Regards

Andrea (Ben) Benini

 

 

HOWTO MySQL: Reset root password

Few days ago I've had in front of me a Gentoo installation with a MySQL Daemon, no documentation provided with the machine and absolutely no root password for the DB. I've tried to obtain the root password for MySQL and that's what I've done. These instructions are valid for every linux distro, no matter about the release or flavor.

First of all, you need to stop mysql daemon and all running instances of mysql, something like that:

~# /etc/init.d/mysql stop
* Stopping mysql ...
* Stopping mysqld (0)                                                    [ ok ]

Starting/stopping services may vary according to your linux distribution documentation, make a double check to remove even zombie processes or mysql opened instances (ps aex|grep mysql) and kill them if any

Now you can run this command to start the daemon with full privileges and no authentication:

mysqld_safe --skip-grant-tables &

Even if not reported in the man page or not documented with:

~# mysqld_safe --help
Usage: /usr/bin/mysqld_safe [OPTIONS]
  --no-defaults              Don't read the system defaults file
  --defaults-file=FILE       Use the specified defaults file
  --defaults-extra-file=FILE Also use defaults from the specified file
  --ledir=DIRECTORY          Look for mysqld in the specified directory
  --open-files-limit=LIMIT   Limit the number of open files
  --core-file-size=LIMIT     Limit core files to the specified size
  --timezone=TZ              Set the system timezone
  --mysqld=FILE              Use the specified file as mysqld
  --mysqld-version=VERSION   Use "mysqld-VERSION" as mysqld
  --nice=NICE                Set the scheduling priority of mysqld
  --skip-kill-mysqld         Don't try to kill stray mysqld processes
  --syslog                   Log messages to syslog with 'logger'
  --skip-syslog              Log messages to error log (default)
  --syslog-tag=TAG           Pass -t "mysqld-TAG" to 'logger'

All other options are passed to the mysqld program.

you can find more info on it at http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html (wish to have this link or just read the doc before doing it...)

Now enter in the DB with root privileges:

mysql -u root

and locate mysql default schema

use mysql;

"user" table is where you can find/reset/update information related to mysql users (not that strange...)

mysql> show columns from user;
+-----------------------+-----------------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------------+-----------------------------------+------+-----+---------+-------+
| Host | char(60) | NO | PRI | | |
| User | char(16) | NO | PRI | | |
| Password | char(41) | NO | | | |
| Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Reload_priv | enum('N','Y') | NO | | N | |
| Shutdown_priv | enum('N','Y') | NO | | N | |
| Process_priv | enum('N','Y') | NO | | N | |
| File_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Show_db_priv | enum('N','Y') | NO | | N | |
| Super_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Repl_slave_priv | enum('N','Y') | NO | | N | |
| Repl_client_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Create_user_priv | enum('N','Y') | NO | | N | |
| ssl_type | enum('','ANY','X509','SPECIFIED') | NO | | | |
| ssl_cipher | blob | NO | | NULL | |
| x509_issuer | blob | NO | | NULL | |
| x509_subject | blob | NO | | NULL | |
| max_questions | int(11) unsigned | NO | | 0 | |
| max_updates | int(11) unsigned | NO | | 0 | |
| max_connections | int(11) unsigned | NO | | 0 | |
| max_user_connections | int(11) unsigned | NO | | 0 | |
+-----------------------+-----------------------------------+------+-----+---------+-------+
37 rows in set (0.00 sec)

Now update your password with something like that:

update user set password=PASSWORD("rememberyournewpassword") where User='root';

And don't forget to flush privileges to have everything updated

flush privileges;

and quit from DB

quit;

then stop/kill the running daemon and restart it in "normal" mode

/etc/init.d/mysql stop
## Even stop running daemons if any
ps aex |grep mysqld # to find sockets
kill -SIGKILL <pid> # to kill running mysqld pid's

Now test your new password with something like that

mysql --host=127.0.0.1 --user=root -p

and insert your new password

 

that's it

Ben

 

 

Error: Could not stat() command file '/var/lib/nagios3/rw/nagios.cmd'!

Here's a viable solution on my debian server:

dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3

And... et voilà!

The proper permissions have been set and everything should work as expected

Regards
 

2 Cent Tip - Extend (resize) a whole device partition.

Occasionally I have to resize partitions on iSCSI or Fiber-Channel attached SAN storage.  Both technologies allow you to easily extend the available storage for a host by extending LUNs, or volumes.  A common problem after extending the size of the LUN, or volume, is resizing partitions to fill out the new size.

 

For the most part, I usually fire up PartedMagic  and its a snap, even with Fiber-Channel attached enterprise storage.  Once the HBA's have been zoned to Fiber-Channel switches, then the HBAs do all the heavy lifting.  In other words on Fiber-Channel, it doesn't matter if you're using PartedMagic, or Knoppix, the server just knows where the storage is, and that its certainly attached.  The only dependency for this working on a Live boot disk are drivers for the HBA cards.

 

iSCSI is a bit different.  Because, iSCSI relies on commodity Network Interface Cards, this technology is largely implemented in software.  One perceived advantage is iSCSI may seem less complicated to use than Fiber-Channel storage.  Unfortunately, in this case, PartedMagic did not have open-iscsi software, and I could install open-iscsi in the Knoppix Live ramdisk. However, because Knoppix came with an outdated iSCSI kernel module, it was not new enough to inter-operate with the open-iscsi software.

 

Furthermore, the version of parted that shipped with RHEL 5 threw an incompatible filesystem error, refusing to modify the filesystem. So, in the end, I twiddled some bits on the partition table with fdisk, and used resize2fs to extend the partition.

 

Assuming you have a backup of the filesystem you are working on, you can proceed with the following steps to extend a single partition to the end of the extended volume.  If you have multiple partitions on a volume, you may want to stick to more reliable methods of resizing and extending.  If you screw up the cylinder boundaries on a device with multiple partitions, you'll definitely lose data.  A single partition, in this example, is a much simpler scenario.

 

The device name in this example is /dev/mapper/u02, the first partition is /dev/mapper/u02p1:

  • Run fdisk -l /dev/mapper/u02 to get the starting cylinder.
Disk /dev/mapper/u02: 100.9 GB, 108340550042 bytes

255 heads, 63 sectors/track, 13171 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/mapper/u02p1 1 13171 26450329 83 Linux

  • Reboot the server, after extending the volume or LUN on your SAN, and before proceeding to extend the partition in your Operating System.  The Operating System needs to re-read sector 0 on the extended SAN volume, before continuing. Note, that fdisk will report 26109 cylinders instead of 13171, after I rebooted the server.
  • Next, we will run: fdisk /dev/mapper/u02, and then hit the keys: d, n, p, 1, [enter], [enter], w
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').

Command (m for help): d
Selected partition 1

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-26109, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-26109, default 26109):
Using default value 26109

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
  • Finally, run resize2fs on /dev/mapper/u02p1. If you are using ext3, you can do an on-line resize while the volume is mounted.  It is probably safest to umount the partition to be re-sized, however.
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/mapper/u02p1 is mounted on /u02; on-line resizing required
Performing an on-line resize of /dev/mapper/u02p1 to 52430127 (4k) blocks.
The filesystem on /dev/mapper/u02p1 is now 52430127 blocks long.


Refer to the resize2fs for more information on the command, and its proper usage.

 

Analyzing Apache Logs interactively from the terminal with GoAccess

I have always been analyzing my Apache logs with the popular tail -f, which to a certain point is quite neat that you can see the whole request in real time. However, there is a point where you may be interested to know more details about your web logs.

Here it is where I find really interesting GoAccess. Whilst Awstats, Analog, Webalizer all generate HTML statistics, this application will let you analyze your Apache Web server logs straight from the terminal. It generates statistics really fast and it displays them in a nice ncurses interface.

More information about this project at: http://goaccess.prosoftcorp.com/

 

RAID Disk Configuration (mdadm.conf)

Back again with a very quick tip: RAID disk array configuration.

After few articles like:
Installing GRUB on the other disks
Replacing faulted raid drive
I'm just adding my configuration related to one of my RAID installations on a linux server.

Machine has Gentoo Linux (current portage, AMD64 arch) and a RAID system with only two SATA drives with a simple RAID1 config. Nothing more, nothing less

Quite easy config to have a virtual disk composed like this:

Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/md2 4806824 997012 3809812 21% /
tmpfs 449108 0 449108 0% /lib/init/rw
udev 10240 144 10096 2% /dev
tmpfs 449108 0 449108 0% /dev/shm
/dev/md0 90195 11088 79107 13% /boot
/dev/mapper/storage-storage 306966528 82096984 224869544 27% /home

I've a boot partition (md0), a swap partition (md1), root partition (md2) and a logical volume manager (LVM) on /dev/md3

Nothing strange, nothing spectacular, every configuration is maded by hand, no fancy graphical tools involved. Config related to RAID5 installations have the same layout

Here's the array configuration file (mdadm.conf)

# scan all partitions (/proc/partitions) for MD superblocks.
DEVICE partitions

# auto-create devices
CREATE owner=root group=disk mode=0660 auto=yes

# tag arrays as belonging to the local system
HOMEHOST
# Monitoring daemon instructions
MAILFROM FileServer Administrator
MAILADDR This e-mail address is being protected from spambots. You need JavaScript enabled to view it

# MD array
ARRAY /dev/md0 level=raid1 num-devices=2 UUID=d4eb97cf:da422dd0:36eb05f3:bbd531f4
ARRAY /dev/md1 level=raid1 num-devices=2 UUID=a614ae3f:a9afcbfc:91f980c8:762e06bc
ARRAY /dev/md2 level=raid1 num-devices=2 UUID=19d6f845:358ff0a9:188cf822:397115dc
ARRAY /dev/md3 level=raid1 num-devices=2 UUID=24346f3b:bad36d8b:961a4a14:4eae9079

# Modified by Ben

Again, nothing strange here, hope it helps newbies or contributors interested in a RAID installation, please share your thoughts if this simple config can be better

Next step: LVM configuration sample

 

Hope it helps you
Glad to read your comments

 

Andrea (Ben) Benini

 

Creating XLS file on the fly from a PHP application

Here's a quick and dirty solution for a common problem, if you've a web application used by common Windows users and you publish data on it sometimes you receive this kind of question:

"Are your information exportable into an XLS (Excel) file ?"

For example I've an accounting application exporting some data on a web page, the user just wants to download an Excel file or open it directly from the web page, there's no rocket science here, this is just what I've done, let's roll some php code:

Create an header section (adapted from http://www.php.net/manual/en/function.header.php):

$export_file = "my_name.xls";
ob_end_clean();
ini_set('zlib.output_compression','Off');
header('Pragma: public');
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
header("Pragma: no-cache");
header("Expires: 0");
header('Content-Transfer-Encoding: none');
header('Content-Type: application/vnd.ms-excel;'); // This should work for IE & Opera
header("Content-type: application/x-msexcel"); // This should work for the rest
header('Content-Disposition: attachment; filename="'.basename($export_file).'"');

Put your data in a string (of course init it first):

$sBuffer = "";

Then start adding your data in a loop

for (...your loop statement goes here...) {
    $sBuffer .= "column1column2column3column4 ";
}

Example above creates 4 columns with your raw data, quite easy to adapt to your own needs. Then finally output your data with this:

echo($sBuffer);

put this final part after the header section expressed above and that's it ! nothing spectacular I mean but it works fine with every computer with an office automation suite. When the user press your button it gets an XLS sheet and he can open it with Office or OpenOffice as well, it doesn't matter client or server operating system, this trick follows just Excel v1 and v2 specs (very acient but still working).

Please don't deal with ActiveX, proprietary grids or closed source solutions, this is just what you need to keep it simple

 

Hope it helps
Glad to hear your comments

 

Andrea (Ben) Benini

 

Management and economics issues of hosting virtual private email servers

After I published "Wanted: Virtual Personal Email Servers (VPES)" I got lots of feedback. Among others, John made very interesting comments, for example:

  • ... The most user friendly free email management interface is from Zimbra, but the setup is a bear and the system requirements are huge for what it provides
  • ...I (John) spent 20 min earlier today considering whether I could make any profit creating an easy VPES setup script with a fairly low monthly price point.
  • ... BTW, the laws for email metadata retention are different in the EU than in the USA...

The summary of this discussion is at Virtual Personal Email Servers: legal, management and economics issues.

 

Installing rssh in Linux Server

Here are the steps to install rssh in the linux server :
Follow the below steps to install if your linux os is 32 bit :
Step 1: cd /usr/src
Step 2: wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el4.rf.i386.rpm
Step 3: rpm -ivh rssh-2.3.2-1.2.el4.rf.i386.rpm
If your linux os is 64 bit then follow these steps:
Step 1: cd /usr/src
Step 2: wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.x86_64.rpm
Step 3: rpm -ivh rssh-2.3.2-1.2.el5.rf.x86_64.rpm

For queries @ Linux Server

 
Page 5 of 10

Upcoming Linux Foundation Courses

  1. LFD211 Introduction to Linux for Developers
    08 Dec » 09 Dec - Virtual
    Details
  2. LFS220 Linux System Administration
    08 Dec » 11 Dec - Virtual
    Details
  3. LFS520 OpenStack Cloud Architecture and Deployment
    08 Dec » 11 Dec - Virtual
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board