Remove LUNS From Linux Safely

This post uses the QLogic Dynamic Target and LUN Discovery utilities. The steps below apply to SLES 10 and RHEL 5 servers using QLogic HBAs and PowerPath. This post also assumes that you have put the qlogic utilities into /tmp/ql_utils.


To remove a LUN and all associated PowerPath and Linux devices from the host environment follow these steps. 

Note: that it is critical to follow the procedures in exact order because deviating from the procedures can cause the host to panic

These steps were put together using steps from QLogic KB articles.

Scan and Configure New SAN disks on Linux

The steps below are to scan for new LUNs from SAN after the LUNs have been presented from the storage side. And the steps below is when you are using QLogic HBA's . 


This post uses the QLogic Dynamic Target and LUN Discovery utilities which can be downloaded from:

http://driverdownloads.qlogic.com/QLogicDriverDownloads_UI/SearchByProduct.aspx?ProductCategory=39&Product=935&Os=126

The steps below will work on SUSE Linux Enterprise Server (SLES) 10 and Red Hat Enterprise Linux (RHEL) 5.


Create a directory to hold the utilites. In this examle we will use the /tmp/ql_utils directory:

mkdir /tmp/ql_utils

Clear Swap Space in Linux

There have been times where it has been necessary for UNIX Admins to clear out the swap space on a Linux system. In order to do this, you must first make sure that you have enough free memory to hold what is being used by swap.


First we want to see what is currently being used.

free

Then I run the actual commands that empty the swap:

swapoff -a and then swapon -a

Then I check what is being used after doing this.

free

Using NTP in VMware Virtual Machine

Timekeeping on Linux VMware guests can be a is difficult to handle and frustrating. This post shows the various settings required to make things work. More information can be found at http://kb.vmware.com/kb/1006427.

VMware recommends using NTP and turning off VMware Tools periodic time synchronization in the guest. 


To turn off Time Synchronization between Virtual machine (Guest) and Host (ESX server) , there are three options:


  1. Set tools.syncTime = "False" in the configuration file (.vmx file) of the virtual machine.

Linux SAN Multi path for HP EVA Storage

Instead of installing the original device-mapper-multipath package there is a simillar package from HP called HPDMmultipath-[version].tar.gz that has already a configuration for HP EVA and XP storage devices. The HPDMmultipath-[version].tar.gz can be downloaded from www.hp.com

# tar -zxvf HPDMmultipath-3.0.0.tar.gz
 # cd HPDMmultipath-3.0.0/RPMS
 # rpm -ivh HPDMmultipath-tools[version]-[Linux-Version]-[ARCH].rpm

 # vim /etc/multipath.conf

defaults {
        udev_dir                /dev
        polling_interval        10
        selector                "round-robin 0"
        path_grouping_policy    failover
        getuid_callout          "/sbin/scsi_id -g -u -s /block/%n"
        prio_callout            "/bin/true"
        path_checker            tur
        rr_min_io               100
        rr_weight               uniform
        failback                immediate
        no_path_retry           12
        user_friendly_names     yes
}

Linux SAN Multipathing using device mapper

There are a lot of SAN multipathing solutions on Linux at the moment. Two of them are discussesed in this blog. The first one is device mapper multipathing that is a failover and load balancing solution with a lot of configuration options. The second one (mdadm multipathing) is just a failover solution with manuel re-anable of a failed path. The advantage of mdadm multiphating is that it is very easy to configure.
Before using a multipathing solution for a production environment on Linux it is also important to determine if the used solution is supportet with the used Hardware. For example HP doesn’t support the Device Mapper Multipathing solution on their servers yet.

Device Mapper Multipathing

Procedure for configuring the system with DM-Multipath:
  1. Install device-mapper-multipath rpm
  2. Edit the multipath.conf configuration file:
    • comment out the default blacklist
    • change any of the existing defaults as needed
  3. Start the multipath daemons
  4. Create the multipath device with the multipath

Password and Account ageing on Linux Server

The following is a brief overview of password and account ageing for Linux based servers.

chage is used to list and modification on the expiration parameters of an account.

Each individual user can view their account settings as shown below.

testuser@testServer:~$ chage -l testuser

Last password change : Aug 07, 2009
Password expires : Nov 05, 2009
Password inactive : never
Account expires : Aug 05, 1992
Minimum number of days between password change : 90
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

Clean up Buffer Cache in Linux

CLEANING UP THE LINUX BUFFER CACHE

When you write data, it doesn’t necessarily get written to disk right then. The kernel maintains caches of many things, and disk data is something where a lot of work is done to keep everything fast and efficient.

That’s great for performance, but sometimes you want to know that data really has gotten to the disk drive. This could be because you want to test the performance of the drive, but could also be when you suspect a drive is malfunctioning: if you just write and read back, you’ll be reading from cache, not from actual disk platters.

Moving volume group to another Server in Linux

Moving a VG to another server:

To do this we use the vgexport and vgimport commands.

vgexport and vgimport is not necessary to move disk drives from one server to another. It is an administrative policy tool to prevent access to volumes in the time it takes to move them.

1. Unmount the file system
First, make sure that no users are accessing files on the active volume, then unmount it

# unmount /appdata

2.Mark the volume group inactive
Marking the volume group inactive removes it from the kernel and prevents any further activity on it.

# vgchange -an appvg
vgchange -- volume group "appvg" successfully deactivate

Activating VG when quorum lost in Linux

Normally, volume groups are automatically activated during system startup. Unless you intentionally deactivate a volume group using vgchange, you will probably not need to reactivate a volume group.
However, LVM does require that a "quorum" of disks in a volume group be available. During normal system operation, LVM needs a quorum of more than half of the disks in a volume group for activation. If, during run time, a disk fails and causes quorum to be lost, LVM alerts you with a message to the console, but keeps the volume group active.

If there is no other way to make a quorum available, the -q option to the vgchange command will override the quorum check.

EXAMPLE:

Configuring TCP Wrappers for Linux Security

The TCP Wrappers package is installed by default on Fedora Linux and provides host-based security separate from that provided by a firewall running on the server itself or elsewhere.
The application relies on two main files:


/etc/hosts.allow: Defines the hosts and networks allowed to connect to the server. The TCP Wrappers enabled application searches this file for a matching entry, and if it finds one, then the connection is allowed.


/etc/hosts.deny: Defines the hosts and networks prohibited from connecting to the server. If a match is found in this file, the connection is denied. No match means the connection proceeds normally.


The /etc/hosts.allow file is always read first and both files are always read from top to bottom, therefore the ordering of the entries is important.

Configuring NIS Services in Linux Server

This article shows how to Configure NIS Services in a Linux server

What is NIS?

Network Information Service (NIS) is used for keeping a centralized repository of users, hostnames and other useful information in a computer network. In single server UNIX environments, the list of users and groups is usually kept in a file such as /etc/passwd. Using NIS adds a "global" directory which is used for authenticating users from any host on the network.

Install the Packages:

Install the yp-tools, ypbind and  ypserv rpm packages on the server.

[root@nissrv1 /]# rpm -qa |grep ypbind
ypbind-1.12-5.21.6
[root@ nissrv1 /]# rpm -qa |grep ypserv
ypserv-2.8-7
[root@ nissrv1 /]# rpm -qa |grep yp-tools
yp-tools-2.8-6