THE LINUX STUFF: 2016

Wednesday, 28 December 2016

How to check swappiness value on Linux Box.

[root@sankar-test ~]# cat /proc/sys/vm/swappiness

60 -- default value

FYI,
swappiness can have a value of between 0 and 100

swappiness=0 tells the kernel to avoid swapping processes out of physical memory for as long as possible

swappiness=1 tells the kernel to Minimum swappiness without disabling it entirely

swappiness=100 tells the kernel to aggressively swap processes out of physical memory and move them to swap cache

swappiness=60 (default) the swap file will be used fairly often if the memory usage is around half of my RAM.

Wednesday, 21 December 2016

NFS Service Error(Starting NFS quotas: Cannot register service:..)

[root@sankar-test ~]# service nfs status
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped

[root@sankar-test ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused
rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp).
[FAILED]
Starting NFS daemon:

[1]+ Stopped service nfs start

[root@sankar-test ~]# service rpcbind status
rpcbind: unrecognized service

[root@sankar-test ~]# service portmap status
portmap is stopped

[root@sankar-test~]# service portmap start
Starting portmap: [ OK ]

[root@sankar-test ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
Starting RPC idmapd: [ OK ]
[root@sankar-test ~]#

Tuesday, 20 December 2016

PGP installation Steps on Linux

$ pwd
/home/zhsuasp

-bash-4.1$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: zhsuasp
Email address: nocinf@thelinuxstuff.com
Comment: Drinkfinity-PepsiCo
You selected this USER-ID:
"zhsuasp (Drinkfinity-PepsiCo) <nocinf@thelinuxstuff.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

==================================== error =====================================
Real name: NOC
Name must be at least 5 characters long
Real name: Drinkfinity
Email address: nocinf@thelinuxstuff.com
Comment: Drinkfinity-PepsiCo
You selected this USER-ID:
"Drink (DrinkPepCo) <nocinf@thelinuxstuff.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

can't connect to `/home/zhsuasp/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[60524]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: Key generation canceled.
============================================================================
-bash-4.1$ export GPG_TTY=/dev/tty
-bash-4.1$ gpg --gen-key
-------------------------------------
-------------------------------------

+-----------------------------------------------------+
| Enter passphrase |
| |
| |
| Passphrase *******_________________________________ |
| |
| <OK> <Cancel> |
+-----------------------------------------------------+

+--------------------------------------------------------------------+
| Warning: You have entered an insecure passphrase. |
| A passphrase should be at least 8 characters long. |
| |
| <Take this one anyway> <Enter new passphrase> |
+--------------------------------------------------------------------+

+--------------------------------------------------------------------+
| Warning: You have entered an insecure passphrase. |
| A passphrase should contain at least 1 digit or |
| special character. |
| |
| <Take this one anyway> <Enter new passphrase> |
+--------------------------------------------------------------------+

+-----------------------------------------------------+
| Please re-enter this passphrase |
| |
| Passphrase *******_________________________________ |
| |
| <OK> <Cancel> |
+-----------------------------------------------------+

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 2FF6EEA2 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/2FF6EEA2 2016-12-20
Key fingerprint = 47BF 878C B758 E3A3 AC30 1E94 56B3 BE4C 2FF6 EEA2
uid zhsuasp (Drinkfinity-PepsiCo) <nocinf@thelinuxstuff.com>
sub 2048R/095B75BE 2016-12-20

You have new mail in /var/spool/mail/zhsuasp
-bash-4.1$

======================
gpg --export ${ID} > public.key
gpg --export-secret-key ${ID} > private.key
Move files to new machine, and then:

gpg --import public.key
gpg: nyckel [ID]: public key [Name, e-mail] was imported
gpg: Total number of treated keys: 1
gpg: imported: 1 (RSA: 1)

gpg --allow-secret-key-import private.key
sec [?]/[ID] [Creation date] [Name, e-mail]
ssb [?]/[SUB-ID] [Creation date]
All looks good to me, but then:

$ gpg -d [file].gpg
gpg: encrypted with 4096-bit RSA-key, id [SUB-ID], created [Creation date]
[Name, e-mail]
gpg: decryption failed: secret key not accessible
=========================================

gpg --output Dkfinity_pub.gpg --armor --export 2FF6EEA2

[sankar@localhost ~]$ gpg --import Dkfinity_pub.gpg
gpg: key 2FF6EEA2: public key "zhsuasp (Dkfinity) <nocinf@thelinuxstuff.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
[sankar@localhost ~]$ echo $?
0
[sankar@localhost ~]$ gpg -k
/home/sankar/.gnupg/pubring.gpg
-------------------------------
pub 2048R/2FF6EEA2 2016-12-20
uid zhsuasp (Dkfinity) <nocinf@thelinuxstuff.com>
sub 2048R/095B75BE 2016-12-20

$gpg -e -r zhsuasp result1.txt (encryption)

Wednesday, 13 April 2016

How to configure High Availability(Heartbeat Cluster) on Redhat 5.x/6.x with Apache web Server

Requirements :-

2 linux nodes, RHEL 5.11
Node-1: 192.168.0.1
Node-2: 192.168.0.2
epel repo enable on both node's
LAN & Internet connection.
A yum server setup.
Virtaul IP Address (VIP) :- 192.168.0.200

Step 1. Set the fully qualified hostnames and give corresponding entries as below files
/etc/hosts and
/etc/sysconfig/network

node-1 :- 192.168.0.1 - node1.ha.com
node-2 :- 192.168.0.2 - node2.ha.com

[root@node1 ~]# hostname
node1.ha.com
[root@node1 ~]# uname -n
node1.ha.com

[root@node2 ~]# hostname
node2.ha.com
[root@node2]# uname -n
node2.ha.com

Edit /etc/hosts file on node1 as below

192.168.0.1 node1.ha.com node1
192.168.0.2 node2.ha.com node2

Edit /etc/hosts file on node2 as below

192.168.0.1 node1.ha.com node1
192.168.0.2 node2.ha.com node2

Configuration :

Step 2. Verifiy the below list of packages are installed if not yet, Install the following packages in both nodes:

# yum install glibc* gcc* lib* flex* net-snmp* OpenIPMI* python-devel perl* openhpi*

Step 3. Save the repo file for online repository in both nods. Its available in http://download.fedoraproject.org/pub/epel/5/i386/repoview/epel-release.html

Step 4. install epel repo
[root@node1 ~]#wget http://download.fedoraproject.org/pub/epel/5/i386/repoview/epel-release.html
[root@node1 ~]#rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

[root@node2 ~]#wget http://download.fedoraproject.org/pub/epel/5/i386/repoview/epel-release.html
[root@node2 ~]#rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

# cd /etc/yum.repos.d/
(Note : Add latest EPEL repository )

Step 5. Then install heartbeat packages on both nodes:
[root@node1 ~]# yum install heartbeat*
[root@node1 ~]# rpm -qa |grep heartbeat
heartbeat-2.1.4-11.el5
heartbeat-pils-2.1.4-11.el5
heartbeat-pils-2.1.4-11.el5
heartbeat-stonith-2.1.4-11.el5
heartbeat-2.1.4-11.el5
heartbeat-stonith-2.1.4-11.el5

[root@node2 ~]# yum install heartbeat*
[root@node2 ~]# rpm -qa |grep heartbeat
heartbeat-2.1.4-11.el5
heartbeat-pils-2.1.4-11.el5
heartbeat-pils-2.1.4-11.el5
heartbeat-stonith-2.1.4-11.el5
heartbeat-2.1.4-11.el5
heartbeat-stonith-2.1.4-11.el5

Step 6. Setting Configuration files:
We can do all configuration in one system and copy the /etc/ha.d to anthoer node(node2).

[root@node1 ~]#cd /etc/ha.d

[root@node1 ha.d]# ll
-rwxr-xr-x 1 root root 745 Mar 20 2010 harc
drwxr-xr-x 2 root root 4096 Apr 12 07:15 rc.d
-rw-r--r-- 1 root root 692 Mar 20 2010 README.config
drwxr-xr-x 2 root root 4096 Apr 12 07:15 resource.d
-rw-r--r-- 1 root root 7862 Mar 20 2010 shellfuncs

[root@node1 ~]#cat README.config

Step 7. But there is one more thing to do, that is to copy as below files to the /etc/ha.d directory.

authkeys : It contains information for Heartbeat to use when authenticating cluster members. It cannot be readable or writable by anyone other than root.
ha.cf
haresources

Step 8. The details about configuration files are explained in this file. We have to copy three
configuration files to this directory (/etc/ha.d/)

[root@node1 ~]#cp /usr/share/doc/heartbeat-2.1.2/authkeys /etc/ha.d/
[root@node1 ~]#cp /usr/share/doc/heartbeat-2.1.2/ha.cf /etc/ha.d/
[root@node1 ~]#cp /usr/share/doc/heartbeat-2.1.2/haresources /etc/ha.d/

Step 9. Now let's start configuring heartbeat. First we will deal with the authkeys file, we will use authentication method 2 (sha1).
For this we will make changes in the authkeys file as below.

[root@node1 ~]#vi /etc/ha.d/authkeys

#Then add the following lines:

auth 2
2 sha1 ha-testing

:wq!

[root@node1 ~]#

Change the permission of the authkeys file:

[root@node1 ~]#chmod 600 /etc/ha.d/authkeys

Step 10. Moving to our second file (ha.cf) which is the most important. So edit the ha.cf

Add the following lines in the ha.cf file:

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01 // node1.ha.com
node node02 // node2.ha.com

Step 11. haresources :- This file contains the information about resources which we want to highly enable.

[root@node1 ~]# vi /etc/ha.d/haresources

node1.ha.com 192.168.0.200 httpd
:wq!
[root@node1 ~]#

Step 12. Copy the /etc/ha.d/ directory from node01 to node02:

[root@node1 ~]#scp -r /etc/ha.d/ root@node02.ha.com:/etc/

Step 13. Configuring Apache on both nodes(node1,node2)

[root@node1 ~]#yum install httpd mod_ssl

On Node1:
[root@node1 ~]#vim /var/www/html/index.html
This is test page of node1.ha.com of Heartbeat HA cluster
:wq!
[root@node1 ~]#

On Node2:
[root@node2 ~]# vim /var/www/html/index.html
This is test page of node2.ha.com of Heartbeat HA cluster
:wq!
[root@node2 ~]#

On both nodes:(NODE1 & NODE2)
[root@node1 ~]#vim /etc/httpd/conf/httpd.conf
Listen 192.168.0.200:80

[root@node2 ~]# vim /etc/httpd/conf/httpd.conf
Listen 192.168.0.200:80

Note:- You dont have to create an interface and set this IP or make a IP alias in network-scripts. Heartbeat will take care of it Automatically.

Now start the service in both nodes.
[root@node1 ~]#/etc/init.d/httpd restart // errorr

Note:- It won’t work until heartbeat is started. So don’t worry

Step 14. Now exchange and save authorized keys between node1 and node2
[root@node1 ~]#ssh-keygen -t rsa
[root@node1 ~]#ssh-copy-id -i ~/.ssh/id_rsa.pub node2.ha.com

[root@node2 ~]#ssh-keygen -t rsa
[root@node2 ~]#ssh-copy-id -i ~/.ssh/id_rsa.pub node1.ha.com

Step 15. Start Heartbeat service on both nodes:
[root@node1 ~]#/etc/init.d/heartbeat start
[root@node1 ~]#chkconfig heartbeat on

[root@node1 ~]#/etc/init.d/heartbeat start
Starting High-Availability services:
2016/04/12_08:07:51 INFO: Resource is stopped
[ OK ]
[root@node1 ha.d]# service heartbeat status
heartbeat OK [pid 25356 et al] is running on testnoc.system.com [node1.ha.com]...

[root@node1 ha.d]# netstat -antlpu|grep heartbeat
udp 0 0 0.0.0.0:694 0.0.0.0:* 25362/heartbeat: wr
udp 0 0 0.0.0.0:34021 0.0.0.0:* 25362/heartbeat: wr
[root@node1 ha.d]#

[root@node2 ~]#/etc/init.d/heartbeat status
Starting High-Availability services:
2016/04/12_17:39:08 INFO: Resource is stopped
[ OK ]

[root@node2 ~]#/etc/init.d/heartbeat start
Starting High-Availability services:
2016/04/12_08:07:51 INFO: Resource is stopped
[ OK ]

[root@node2 ~]#/etc/init.d/heartbeat status
heartbeat OK [pid 12065 et al] is running on zeta-install-dlp [node2.ha.com]...

Step 16. Open web-browser and type in the URL:

http://192.168.0.200

This is test page of node1.ha.com (NODE 1) of Heartbeat HA cluster

Step 17. Now stop the hearbeat daemon on node01:

[root@node1 ~]#/etc/init.d/heartbeat stop

In your browser type in the URL http://192.168.0.200 and press enter.

This is test page of node2.ha.com (NODE 2) of Heartbeat HA cluster

#######
FYI,

Note:- You dont have to create an interface and set this IP or make a IP alias in network-scripts. Heartbeat will take care of it Automatically.

[root@node1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr E1:C5:6D:62:4A:84
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::e0c5:6dff:fe6d:4a86/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0:0 Link encap:Ethernet HWaddr E1:C5:6D:62:4A:84
inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:185 Base address:0xc000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3362894 errors:0 dropped:0 overruns:0 frame:0
TX packets:3362894 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

[root@node1 ~]# /usr/share/heartbeat/hb_takeover ##### Use this command to takover the service on live env Manually