Linux tips & techniques for developers and system administrators.


1,575 views

How to recreate a directory structure

By jbayer - Last updated: Tuesday, September 6, 2011

While cloning a system into a virtual machine, I needed to recreate a fairly large directory structure with identical attributes.  Since there aren’t any specific commands I wrote the following script.

What it does is to use find to find all directories and print out a series of commands which are needed to recreate each directory.  I put the mkdir, chown and chmod onto separate lines for clarity, but you can combine them if you like.

The script is short enough that I’m listing it here.  Just copy and paste it into an editor, save it, and run it.

To run, you need to specify the initial directory at the only parameter on the command line, and redirect the output into a file.

#!/bin/bash
#
# Given a directory path, find all subdirectories and create
# script which will recreate the directory structure identically, owners, groups and permissions
#

if [ "$1" = "" ]; then
        echo "Enter a directory to scan on the command line"
        exit
fi

function create_mkdir()
{
        owner=$1
        group=$2
        dir=$3

        perms=`stat -c "%a" $dir`

        echo "mkdir -p $dir"
        echo "chown $owner.$group $dir"
        echo "chmod $perms $dir"
}

find $1 -type d -exec ls -ld {} \;  | sed "s/  / /g" | cut -f3,4,9 -d" " |
while read line
do
        set -- $line
        create_mkdir $1 $2 $3
        echo -ne "\n"
done
Filed in Administration
999 views

Setting up a private RPM repo

By jbayer - Last updated: Tuesday, August 9, 2011

I had a local need for a private repo, for some of our locally-built RPMS.

Since I’ve previously set up a private mirror, I decided to write a script which would both setup the directory structure I needed, and to do whatever rsyncing would be needed for a mirror.

  privaterepo.sh (2.8 KiB, 553 hits)

To install, just copy it into /usr/local/bin, and update the variables in the beginning to support what you want.  The variables and their explanations are:

VERSIONS=”5.5 5.6 6 6.0 6.1″  Put the versions of the OS you want to be a repo for
DIRS=”os updates”  The directories you want to mirror
OS=CentOS  OS this is a repo for
ARCH=”x86_64 i386″  Architectures
ROOT=/var/www/html  Document root for the repository, as referred to by Apache
MIRROR=rsync://mirror.trouble-free.net/centosr  Rsync mirror
 sync=0  Set to 1 if you want to rsync

 

The first time you run it, it will create all the necessary directories and the initial repo files.  If you are rsyncing as well, it will take a while to sync all the files.

The script will also create a repo file which you can install into /etc/yum.repos.d.  Call it as follows:

/usr/local/bin/privaterepo.sh  releasever basearch serverip

where:

releasever    OS release the repo file is for
basearch     Architecture the repo file is for
serverip     Either the IP address or the DNS name of the server

For example:

# /usr/local/bin/privaterepo.sh 5.6 x86_64 192.168.100.91

would produce the following output:

[os]
name=CentOS-5.6 - Base
baseurl=http://192.168.100.91/centos/5.6/os/x86_64/

gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

[updates]
name=CentOS-5.6 - Updates
baseurl=http://192.168.100.91/centos/5.6/updates/x86_64/

gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

You could either redirect it into a file, or simply do a copy/paste.

Finally, add the following to cron to automatically run it once a day:

0 * * * *     /usr/local/bin/privaterepo.sh

Filed in Administration, Bash, Open Source
2,463 views

Installing Zabbix on a CentOS/Scientific Linux/RedHat 6 system

By jbayer - Last updated: Monday, August 8, 2011

This is a followup to my previous post about installing Zabbix.  The previous script was configured to install Zabbix to a 5.5 or 5.6 system.  Now that 6 has been out for a while, I’ve updated the script to install Zabbix on a 6.0 or 6.1 system.

The previous instructions are still valid.  Just download this script onto the 6.0 system and run it.  When done, you will have Zabbix running nicely on the system.

The only thing the script needs is a working network connection.  It will work fine with a totally minimal install, it detects and installs everything that it needs.

The script has been renamed to differentiate it from the older script.

 

JBB

Filed in Building packages, Linux Installations, Zabbix
969 views

Simple port redirection

By jbayer - Last updated: Wednesday, August 3, 2011

The mail provider where I work is an Exchange-only provider, and refuses to have anything to do with anything else.  What this means from a security perspective is that they have none, at least in regards to IMAP or SMTP.  From a practical point, in addition to the Exchange ports, they only have the standard port open:  25,110,143, 993 and 995.  Note that while they do provide secure ports for IMAP and POP3, they do NOT provide a secure SMTP port.

Before you ask, they do use NTLM security, so at least the communications, once established, are secure.

Our problem came in because most if not all ISPs block port 25 for outgoing except to their own servers.  This is an attempt to block spammers; and actually not a bad idea.

Our mail provider refused to open any other port for SMTP, so those employees who actually use email clients other than Outlook were screwed.

So we decided to create our own port-forwarder at our data center.  My first thought was to simply create a secure mail relay system using Postfix, TLS and SASL.  While successfully created, it did not solve the problem because I would have had to add each employee to the server, creating double work.  So after a little searching, I found this little gem called:  redir

This gem was written by Sam Creasey, you can get in touch with him at: sammy_AT_sammy.net

This link takes you to his home page:  http://sammy.net/~sammy/

This is a simple redirector which works very well.  I installed it into the mail server I had previously created, started it up and voila, we had a working smtp relay which simply relayed all incoming on port 587 to port 25 at our mail provider.

Note that this does NOT do any encryption;  I simply used port 587 because I know it is always open at the ISP level.

usage:
        redir --lport=<n> --cport=<n> [options]
        redir --inetd --cport=<n>

        Options are:-
                --lport=<n>             port to listen on
                --laddr=IP              address of interface to listen on
                --cport=<n>             port to connect to
                --caddr=<host>          remote host to connect to
                --inetd                 run from inetd
                --debug                 output debugging info
                --timeout=<n>           set timeout to n seconds
                --syslog                log messages to syslog
                --name=<str>            tag syslog messages with 'str'
                --connect=<str>         CONNECT string passed to proxy server
                --bind_addr=IP          bind() outgoing IP to given addr
                --ftp=<type>            redirect ftp connections
                                        where type is either port, pasv, both
                --transproxy            run in linux's transparent proxy mode
                --bufsize=<octets>      size of the buffer
                --maxbandwidth=<bit-per-sec>    limit the bandwidth
                --random_wait=<millisec>        wait before each packet
                --wait_in_out=<flag>    1 wait for in, 2 out, 3 in&out

        Version 2.2.1.

And here is the actual command I used.  The system is in a VM on a private network; I opened up the firewall to route port 587 on the external address to this VM to make it work.

/usr/local/sbin/redir  –lport=587 –laddr=192.168.101.131 –cport=25 –caddr=smtp.hostingprovider.com

The program is also available here:

  Redir (41.3 KiB, 203 hits)

Filed in Administration, Networking
3,697 views

Error with checkinstall on 64 bit system

By jbayer - Last updated: Friday, July 15, 2011

The following error can occur on 64 bit systems when trying to use the checkinstall program:

ERROR: ld.so: object ‘/usr/local/lib64/installwatch.so’ from LD_PRELOAD cannot be preloaded: ignored.

The problem occurs because the loader can’t find the shared object file.  The solution is very simple.  Assuming that the installwatch.so is located in /usr/local/lib, just type the following commands:

echo "/usr/local/lib64" >/etc/ld.so.conf.d/installwatch.conf
ldconfig
ln -s /usr/local/lib/installwatch.so /usr/local/lib64/installwatch.so
Filed in Building packages, Open Source
5,634 views

How to setup a bridge on Redhat, CentOS, or Scientific Linux

By jbayer - Last updated: Thursday, July 14, 2011

This has been tested on a RHEL 5.6 system.  These instructions should work on any clone.  While not tested, they should work on any 6.0 system as well.

 

These instructions are taken from the following page, with some additions:

http://www.linux-kvm.org/page/Networking

 

 

Assuming that the NIC the bridge is to connect to is eth0:

 

  1. Update the /etc/sysconfig/network-scripts/ifcfg-eth0 file:
    1. Change  the BOOTPROTO to:

BOOTPROTO=none

 

  1. Add the following line to the same file:

BRIDGE=br0

 

  1. Create /etc/sysconfig/network-scripts/ifcfg-br0
    1. The content should be:

DEVICE=br0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Bridge

IPV6INIT=no

USERCTL=no

 

  1. To assign a static IP address, change the BOOTPROTO line in the ifcfg-br0 file to:

BOOTPROTO=static

 

  1. And add the following lines, with the appropriate IP info set:

GATEWAY=10.0.2.2

NETMASK=255.255.255.0

IPADDR=10.0.2.15

  1. If you have any aliases on the device you are bridging to, you will rename the aliases to refer to the bridge instead of the device.  For example, if in normal mode you have:
Eth0 192.168.100.20
Eth0:0 192.168.100.41
Eth0:1 192.168.100.42

 

In bridging mode you will have:

 

Eth0
Br0 192.168.100.20
Br0:0 192.168.100.41
Br0:0 192.168.100.42

 

  1. The gatewaydev in /etc/sysconfig/network will need to be updated to:

 

GATEWAYDEV=br0

 

  1. When using VLANs on a setup like this and no traffic is getting through to your guest(s), you might want to do:

 

# cd /proc/sys/net/bridge
# ls
bridge-nf-call-arptables  bridge-nf-call-iptables
bridge-nf-call-ip6tables  bridge-nf-filter-vlan-tagged
# for f in bridge-nf-*; do echo 0 > $f; done

Filed in Administration, Networking, Virtulization
1,027 views

Speeding up a Zabbix installation

By jbayer - Last updated: Thursday, July 7, 2011

The Zabbix dashboard uses a lot of javascript.  Javascript isn’t cached, so this is a way to force it to be cached.

This script assumes that Zabbix is installed in /usr/local/share/zabbix, if it is elsewhere you will have to modify the first few lines.

This script will rename the javascript files to PHP files, and then modify the Zabbix code to properly load them.

This works for Zabbix 1.8.3, but not yet for 1.8.5.

You will need to install the file:  js.header.php  in the zabbix directory.

 

  js-to-php-convert.sh (795 bytes, 447 hits)

  js.header.php (577 bytes, 567 hits)

Filed in Administration, Linux Installations, Zabbix
2,574 views

Run virt-manager remotely without logging in as root

By jbayer - Last updated: Thursday, July 7, 2011

The following little script will allow a normal user to run virt-manager (used for KVM, Xen and Qemu) without having to log in as root.

This assumes that the user is allowed to sudo;  while the topic of the sudoers file is a whole article by itself, the following is an example which should allow the user “fred” to run virt-manager:

========== Sudoer entry below ==========================
# Allow fred to run virt-manager
fred		ALL = /usr/bin/virt-manager
=================== Script follows =====================

#! /bin/bash

xauth list | while read line; do
 sudo -i xauth add $line
done
sudo -i virt-manager
Filed in Administration, Virtulization
5,270 views

Proxmox VE

By jbayer - Last updated: Tuesday, June 7, 2011

This article will cover the Proxmox VE product in some depth.

1.  Intro
2.  Initial install
3.  Setting up a cluster
4.  Convert server to RAID-1
5. Template Naming Conventions
6. Installing a Lucid container
7. Installing a RedHat, Centos or Scientific Linux container
8. Add additional storage to Proxmox VE
9. Available templates
10. Additional reference

 

1.  Intro

Proxmox VE is a great product.  It allows you to get the fullest advantage of your hardware, by allowing you to have both a fully-virtualized environment, and a container-based environment for those servers which don’t need a complete environment.  Using Proxmox VE enables you to take an existing system and repurpose it without any significant expense.

However, IMHO it has a major flaw, in that it doesn’t support any sort of software RAID.  RAID is absolutely critical in a production environment, and given the low costs of hardware these days, there is no excuse not to protect your systems with a minimal RAID 1 setup.

The Proxmox team does not support any type of software raid.  Following these instructions will essentially make your system ineligible for support.  One way around this is to go with a true hardware raid solution.  Unfortunately, most good hardware raid adds significantly to the cost of a system.

To address this, I’ve written the attached script which will take a basic Procmox VE installation and convert it to a RAID-1 setup.

 

2.  Initial Install

When doing the initial install, you can specify the size of the root and swapspace by typing:

linux maxroot=15gb swapspace=4gb

This line would create a root partition of 15 GB, and 4 GB of swapspace.

The Proxmox VE install is very simple, and needs no additional explanation.  I would suggest that if you have multiple drives in the system, that you do the initial install with only the boot drive connected.  I’ve seen some cases where the installer seems to get confused regarding the boot sectors.

When the install is completed, you are ready to go.  However, if  you want to be able to migrate  containers,  you will need to downgrade the kernel to version 2.6.18 using the following instructions:

http://pve.proxmox.com/wiki/Proxmox_VE_Kernel

aptitude update
aptitude safe-upgrade
aptitude install proxmox-ve-2.6.18

Then modify /boot/grub/menu.lst to make sure the new kernel is the default.

sed -i 's/default.*0/default 1/g' /boot/grub/menu.lst

3. Setting up a cluster

These instructions are taken from the Proxmox site at:

http://pve.proxmox.com/wiki/Proxmox_VE_Cluster

Install  Proxmox on all systems to be contained in the cluste.  Make sure that each Proxmox server has a unique host name.  Once installed, first create the cluster on the master by using:

pveca -c

To check the state of the cluster:

pveca -l

On the slave nodes, use the following command to add them to the cluster:

pveca -a -h IP-ADDRESS-MASTER

These instructions are summarized in this download:

  Basic installation & configuration of a Proxmox cluster (1.2 KiB, 905 hits)

 

4.  Convert server to RAID-1

I relied extensively on the following two webpages:

http://www.petercarrero.com/content/2010/07/31/adding-software-raid-proxmox-ve-install

http://layer0.de/~kai/howto/proxmox/howto_proxmox_raid.html

However, those pages only gave the basic commands, and didn’t take any oddball situations into account, such as if the boot drives weren’t sda and sdb, other drives, etc.

My script also checks to see if you want to be able to migrate containers.  The migration doesn’t work for any kernel later than 2.6.18, so the script will install it for you if you like.

  Convert Proxmox to RAID-1 (5.0 KiB, 725 hits)

 

5. Template Naming Conventions

In addition to the templates available from the Proxmox website, there are quite a number of usable templates available from the OpenVZ website:  http://wiki.openvz.org/Download/template/precreated.  However, the naming conventions used by Proxmox are different from the naming conventions used by OpenVZ.  To solve this problem, I’ve written a simple script which will take as input the name of an OpenVZ template and rename it with the Proxmox naming conventions.

  Convert OpenVZ template name to Proxmox VE (1.7 KiB, 668 hits)

 

6. Installing a Lucid container

Ubuntu  is currently the most popular desktop distribution.  Ubuntu also has a server version, which is quite popular as well.  For production environments, the LTS version of Ubuntu is usually used for stability.  The most recent LTS version of Ubuntu is 10.04, also known as Lucid.

This script will take a basic Lucid container, and set it up for the most popular components:  Apache, MySql, Postgresql 8.3 and Postgresql 8.4.  Each is optional.  To use, simply copy the script to the container, log in as root and run it.  If desired, you can have both versions of Postgresql installed at the same time.

  Script to set up a Lucid container, with optional components (3.6 KiB, 589 hits)

 

7. Installing a RedHat, Centos or Scientific Linux container

Redhat and it’s derivatives are among the most popular distributions in large production environments.  This script will take a basic RH container, and set it up for the most popular components:  Apache, MySql, Postgresql 8.3 and Postgresql 8.4.  You can only install one version of Postgresql on the system.  Each is optional.  To use, simply copy the script to the container, log in as root and run it.

  Set up a RH-based container, with optional components (3.9 KiB, 671 hits)

 

8. Add additional storage to Proxmox VE

Proxmox doesn’t have any special tools to help add additional storage to the system.  However, it uses LVM, which makes adding the additional storage fairly easy.

This script walks you through adding additional storage.  It is meant to be run after the physical storage has been added or made available.  It also assumes that any additional drives are not in use, and it will use the entire drive, so don’t use it to add storage from an existing drive.

It can also set up two new drives in a RAID-1 setup.  In this case, both drives must be identical in size.

Note that additional volume groups are only usable for virtual disks, aka KVM instances.  If you wish to add this additional storage for OpenVZ containers, do not add it as a new volume group.  The script will take care of adding it to the standard volume group pve and resizing the filesystem.  If the filesystem is formatted as either ext3 or reiserfs, you will have to shut down all instances before running this script so that the filesystem can be resized.  If, however, you are using xfs or jfs, you don’t have to shutdown the instances.

Important:  If you add additional storage to the system and add it to the standard volume group pve, you must be aware of the fact that if any of the logical drives goes bad or is missing, the system will refuse to boot.  Raid will protect you to some extent, in that if one raid drive goes bad the other should keep things running.  Raid is not an alternative to backups;  I’ve seen many cases where multiple raid drives go bad at the same time.  If you aren’t monitoring the raid system and one drive goes bad, then you would be in a degraded mode until you replace the bad drive.  If you aren’t aware of the bad drive, and then the other goes bad, you lose your entire system.

  Add additional storage to a Proxmox server (5.2 KiB, 764 hits)

 

9. Additional templates

In addition to the templates available from the proxmox site via the Download tab, there are a lot of container templates available on the OpenVZ site at:

http://wiki.openvz.org/Download/template/precreated

As stated before, they all work, but will need to be renamed.  Use this script to rename any downloaded templates to Proxmox naming standards:

  Convert OpenVZ template name to Proxmox VE (1.7 KiB, 668 hits)

 

10.  Additional reference

For additional reference for using Proxmox with DRBD, see:

https://188.165.145.220/mediawiki/index.php?title=DRBD&redirect=no

Filed in Virtulization
1,131 views

Virtualization

By jbayer - Last updated: Monday, June 6, 2011

Virtulization is all the rage these days.  It makes a lot of sense for many reasons.  Allocation of resources, compartmentalisation of services, security, etc.

One of the things that have enabled the explosion in virtualization is the inclusion of hardware virtulization on the modern CPUs.  These days, most (not all) CPUs have either Intel-VT or AMD-V hardware included.  Both are good, and both will allow the following products to work at their best.

Most people have heard about VMWare.  This is a commercial product, extremely well supported and with a lot of power.  However, it is expensive.  VMWare is available for desktop virtualization as well as server virtualization.

Oracle/Sun has a free product called VirtualBox.  It runs on Windows, OSX and Linux.  While not as powerful as VMWare, it is free, and for most people, it does a good job.

Microsoft has a product called Hyper-V for the server environment.  I don’t know much about it.  Microsoft also has a large suite of products for the desktop, among them are Microsoft VDI Suite, Remote Desktop Services, Windows Thin PC, App-V, and User State Virtualization, and others.

On Linux, there are two different full virtualization products.  They are called the Xen Hypervisor, and KVM (for Kernel-based Virtual Machine).  Both are good, although KVM seems to be gaining the upper hand.  However, the changes that Xen needs in the Linux kernel has recently been fully accepted.

For desktop virtualization, there are products available from Parallels.  Parallels has products for virtualization on both Windows and Mac OSX.  Parallels also has full server virtualization products.

Another type of virtualization is a container-based approach.  The big difference between full virtualization and the container-based approach is that the container-based approach doesn’t create a full virtual machine; rather it creates a container which appears to be a unique machine, but which shares memory, disk, the kernel, etc.  The big advantage is that there is virtually (no pun intended) no overhead in this approach.  The disadvantage is that the only systems which can run on this must be able to use the same kernel as the host OS.  Essentially, on a container-based Linux system, it can only run Linux guest systems.

OpenVZ is a free container solution on Linux.  OpenVZ is supported by Parallels, and is the basis of their Virtuozzo products.

LXC is another container solution, however LXC is still somewhat immature.  Among other things, there is no easy way to manage LXC containers with virt-manager, although that is currently planned for the July release of virt-manager.

Another free product is from a company called Proxmox.    Proxmox supplies a free server install called Proxmox VE, which is based on Debian Linux, and uses both KVM and OpenVZ for a very complete virtualization product.

There is also FluidVM.  FluidVM, while not free, is not too reasonable.  They have license costs of both per server, and per VM per month.  They also provide support contracts at a reasonable price.  FluidVM supports Xen, OpenVZ and KVM.  FluidVM also includes Drag & Drop live migration, IP pool management, networking management, mail alerts, cloning of virtual servers, firewall management and VM templatization support.

 

Filed in Virtulization
asd