Linux – ICT-Freak.nl

November 2, 2010November 2, 2010 afokkema Linux

Linux: Disk Timeout settings not increased by VMware Tools

Recently I had some issues with Linux VM’s which became read-only. In my earlier post about disk-timeout settings I wrote about the timeout value being increased during the VMware Tools installation. But how does the VMware Tools install change this value. I though the solution can be found within the vmware-config-tools.pl script. So to find the vmware-config-tools.pl script just run:

[root@linuxvm1 ~]# type vmware-config-tools.pl
vmware-config-tools.pl is /usr/bin/vmware-config-tools.pl

No run the less commmand:

less /usr/bin/vmware-config-tools.pl

press / and type 180 now you see the info we are looking for:

The disk timeout value can only be changed with Linux kernel 2.6.13 or higher. Ok so what if you use a Linux distribution with a kernel older than 2.6.13? From KB51306:

VMware has identified a problem wherein file systems may become read-only after encountering busy I/O retry or SAN or iSCSI path failover errors.

The same behavior is expected even on a native Linux environment, where the time required for the file system to become read-only depends on the number of paths available to a particular target, the multi-path software installed on the operating system, and whether the failing I/O was to an EXT3 Journal. However, the problem is aggravated in an ESX Server environment because ESX Server manages multiple paths to the storage target and provides a single path to the guest operating system, which effectively reduces the number of retries done by the guest operating system.

These guest operating systems are affected:

RHEL5 (RedHat)

RHEL4 U6

RHEL4 U4

RHEL4 U3

SLES10

SLES9 SP3
Note: This issue may affect other Linux distributions based on early 2.6 kernels as well, such as Ubuntu 7.04.

This situation can lead to serious issues and can only be solved with a reboot of the VM. But there is a workaround. From KB1009465:

Increasing the timeout value

The timeout value for a Linux block device can be set using sysfs.
Note: This is usually increased automatically when deploying VMware-Tools, but if it is not installed, you will need increase it manually.

Check the current values using the following command:

for a in /sys/class/scsi_generic/*/device/timeout; do echo -n "$a "; cat "$a" ; done;

Increase the timeout value for an individual disk using the following command. For example to change the values for device sdc, run:

echo 180 > /sys/block/sdc/device/timeout

Run the following command to change the timeout values for all devices to 180:

for i in /sys/class/scsi_generic/*/device/timeout; do echo 180 > "$i"; done

you can add the following command:

for i in /sys/class/scsi_generic/*/device/timeout; do echo 180 > "$i"; done

to the /etc/rc.d/rc.local file to make sure the disk timeout is changed during startup.

Source:
KB1009465	http://kb.vmware.com/
KB51306	http://kb.vmware.com/
VMTN communities	http://communities.vmware.com/thread/257251

May 18, 2010May 19, 2010 afokkema CentOS, Linux, Virtualization, VMware

CentOS: How To Create a Local VMware Repository

The first step is to configure the repository server. Before you can start, you have to install the createrepo package. Just run the following command:

yum install createrepo

If you didn’t already, also install Apache on the Server that’s hosting the repository.

Let’s create a folder structure so we can place the rpm’s on the server. In case you want create a repository for 32 bit and 64 bit CentOS. You have to create a i386 and a x86_64 directory.

i368:

/var/www/html/repo/centos/5/i386/vmware

Upload your rpm files to the vmware directory and run the createrepo command:

createrepo /var/www/html/repo/centos/5/i386/vmware/

x86_x64

/var/www/html/repo/repo/centos/5/x86_64/vmware

Upload your rpm files to the vmware directory and run the createrepo command:

createrepo /var/www/html/repo/centos/5/x86_64/vmware/

The next step is to test the repository. Just open your favorite web browser and browse to the url. In my case this is: http://distribution.ict-freak.local/repo/centos/5/i386/vmware.

If this works, your local vmware repository is ready for action. But first we need to add the repository on the client side.

Open the following file in your favorite text editor

/etc/yum.repos.d/vmware_local.repo

Add the following lines and edit the baseurl so it will match your environment.

[vmware_local]
name=Uniserver CentOS-$releasever-$basearch
baseurl=http://distribution.ict-freak.local/repo/centos/$releasever/$basearch/vmware/
gpgcheck=0
enabled=1

Save the vmware_local.repo file and run the yum update command.

Now you’re ready to install packages from the vmware_local repository. Let’s install VMware server 2.0.2-203138 by running the following command:

yum install VMware-server

The install process will start:

When you also upload the VMware Tools rpm file, you can install or update the package with the following commands:

Install:

yum install VMwareTools

Update:

yum update VMwareTools

When you need to upgrade de VMware Tools, the only thing you have to do is upload the new rpm file and run the yum update command. The finals step is to run the vmware-config-tools.pl script. But this step can be replaced by the check-vmware-tools script. More info about this script can be found here: http://bit.ly/97fpcD

April 7, 2009April 7, 2009 afokkema Linux

Debian: Samba with AD Authentication

This tutorial is a mix-up of other tutorials I found on the net. You’ll find the other sites in the source list at the bottom of this post.

Remember:

Just change ICT-FREAK.LOCAL to your own domain and Debian5srv1 to the name of your Debian server.

Step 1: Update / Upgrade your Debain setup

apt-get update && apt-get upgrade

Step 2: Install the following packages:

apt-get install krb5-config krb5-user libkrb53 libpam-krb5
samba-common samba winbind smbclient

Step 3: Create a backup of the krb5.conf file.

mv /etc/krb5.conf /etc/krb5.conf.org

edit the /etc/krb5.conf file with you favorite editor (nano or vi /etc/krb5.conf):

[logging]

default = FILE:/var/log/krb5.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

[libdefaults]

default_realm = ICT-FREAK.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
clock_skew = 300
ticket_lifetime = 24h
forwardable = yes

[realms]

ICT-FREAK.LOCAL = {
kdc = dc01.ICT-FREAK.LOCAL
admin_server = dc01.ICT-FREAK.LOCAL
default_domain = ICT-FREAK.LOCAL
}

Step 4: Check if you can Authenticate a user against the Active Directory

debian5srv1:~# kinit administrator
Password for administrator@ICT-FREAK.LOCAL:

Step 5: Create a backup of the krb5.conf file.

mv /etc/samba/smb.conf /etc/samba/smb.conf.org

edit the /etc/samba/smb.conf file with you favorite editor (nano or vi /etc/samba/smb.conf):

[global]

workgroup = ICT-FREAK
realm = ICT-FREAK.LOCAL
load printers = no
preferred master = no
local master = no
server string = fileserver
password server = <ip-address from your DC>
encrypt passwords = yes
security = ADS
netbios name = debian5srv1
client signing = Yes
dns proxy = No
wins server = <ip-address from your DC>
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
auth methods = winbind

Step 6: Start Winbind and test the connection

/etc/init.d/winbind start

You can query the AD with the command wbinfo. The –u parameter returns all users. The –g parameter returns all groups.

debian5srv1:~# wbinfo -u
administrator
guest
support_388945a0
krbtgt

debian5srv1:~# wbinfo -g
BUILTIN+administrators
BUILTIN+users
helpservicesgroup
telnetclients
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
dnsadmins
dnsupdateproxy
dhcp users
dhcp administrators
wins users

Step 7: Add the Debian box to the Windows domain

debian5srv1:~# kinit administrator
Password for administrator@ICT-FREAK.LOCAL

debian5srv1:~# net ads join -U administrator
Joined ‘debian5srv1’ to realm ‘ICT-FREAK.LOCAL’

Step 8: Now tell PAM that samba requires authentication and account from winbind. Add the following lines to /etc/pam.d/samba

auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so

We also need to edit the /etc/nsswitch.conf file so it will look like this:

passwd: compat winbind
group: compat winbind
shadow: compat

Test the new settings with: getent passwd If everything is configured as it should be, you’ll see the AD users.

Step 9: Create a share. First we need to create a folder

mkdir –p /data/share

Change the permissions so the folder is writable

chmod 777 /data/share

Open the /etc/samba/smb.conf file and paste the following lines:

[Share]
comment = Test Share
read only = no
path = /data/share
valid users = @"ICT-FREAK+domain users"

Restart the Samba service via:

/etc/init.d/samba restart

Step 10: Test the new share. Go to your Windows box and browse to the Debian box via \\debian5srv1

If everything is configured as it should be, you will see the following screen:

Sources:
http://www.simsonlai.org/samba-and-active-directory-authentication/
http://rubenleusink.com/debian-samba-filesharing-with-microsoft-active-directory-authentication-2008-10-07/

March 18, 2009 afokkema Linux

Debian: Add a new hard disk via cli

These are the steps to add a new hard drive using the cli:

run fdisk –l. in this how toI will add device: /dev/sdb
use cfdisk /dev/sdb to create a new partition:
     3. Then again, run the fdisk –l commando to see the new patition. It has been changed to /dev/sdb1.
4. format the drive with EXT3: mkfs.ext3 /dev/sdb1

5. next you create a mount folder: mkdir –p /media/newdisk
6. mount the drive: mount /dev/sdb1 /media/newdisk/
7. the final step, add the new mount point to the /etc/fstab. If you don’t do this step, the new disk will not mounted at boottime. Open the /etc/fstab in your favorite editor. Add the following line: /dev/sdb1 /media/newdisk ext3 defaults 0 2
8. Reboot the debian machine to see if everything works as expected.
as you can see, everything went smooth.

Source: http://rblondon.blogspot.com/2007/09/installing-new-hard-disk-on-debian.html

February 18, 2009February 18, 2009 afokkema Ubuntu

How To: Install Webmin on Ubuntu 8.04

This post is an upgrade to an earlier post from September 2006.

Before you can install Webmin, you have to install some other packages first:

sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl

Go to the /tmp dir

cd /tmp

Download the deb file via wget:

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.450_all.deb

The final step:

sudo dpkg -i webmin_1.450_all.deb

/tmp$ sudo dpkg -i webmin_1.450_all.deb
Selecting previously deselected package webmin.
(Reading database … 38179 files and directories currently installed.)
Unpacking webmin (from webmin_1.450_all.deb) …
Setting up webmin (1.450) …
Webmin install complete. You can now login to https://server:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.

Open your favorite browser and go to: https://server:10000/

February 18, 2009February 18, 2009 afokkema Ubuntu

How To: iSCSI Target 0.4.17 op Ubuntu 8.04 Server

Hier even een korte handleiding over het installeren en configureren van de iSCSI target software op Ubuntu Server versie 8.04. De handleiding is gebasseerd op een eerdere post van Frederik Vos op http://www.l4l.be.

Download en installeer Ubuntu 8.04 Server zoals jij het wilt hebben. De ISO kun je hier downloaden: http://www.ubuntu.com/getubuntu/download. Hoe de installatie in zijn werk gaat, lees je hier: http://www.ubuntugeek.com/ubuntu-804-hardy-heron-lamp-server-setup.html

Na de installatie update je de server via de volgende twee commando’s:

sudo apt-get update

sudo apt-get upgrade

De volgende stap is het installeren van build-essential software

sudo apt-get install build-essential linux-headers-`uname -r` libssl-dev

Nadat de bovenstaande stap klaar is, kunnen we gaan beginnen met de installatie van de iscsitarget.

Open de /tmp directory:

cd /tmp

Download het installatie bestand:

sudo wget http://heanet.dl.sourceforge.net/sourceforge/iscsitarget/iscsitarget-0.4.17.tar.gz

Pak het bestand uit:

sudo tar xzvf iscsitarget-0.4.17.tar.gz

Open de nieuwe map:

cd iscsitarget-0.4.17

Via de volgende twee commando’s wordt de iSCSI target software geïnstalleerd:

sudo make

sudo make install

Om te achterhalen welke hardeschijven je in je systeem hebt, voer je het volgende commando uit:

sudo fdisk –l

Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x28781a14

   Device Boot      Start         End      Blocks   Id System
/dev/sda1   *           1          31      248976   83 Linux
/dev/sda2              32       24321   195109425    5 Extended
/dev/sda5              32       24321   195109393+ 8e Linux LVM

Disk /dev/sdb: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00004688

   Device Boot      Start         End      Blocks   Id System
/dev/sdb1               1       38913   312568641    5 Extended
/dev/sdb5               1       38913   312568609+ 8e Linux LVM

Disk /dev/sdc: 750.1 GB, 750156374016 bytes
255 heads, 63 sectors/track, 91201 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x10a711d3

   Device Boot      Start         End      Blocks   Id System
/dev/sdc1               1       91201   732572001    5 Extended
/dev/sdc5               1       91201   732571969+ 8e Linux LVM

Zoals je ziet, heb ik drie hardeschijven in deze machine. Ik ga de /dev/sdc gebruiken voor de iSCSI target.

De laatste stap is het configureren van het configuratie bestand.

Open het bestand in je favoriete editor:

sudo nano /etc/ietd.conf of sudo vi /etc/ietd.conf

Pas hier de iqn aan. Meer informatie vind je hier: http://en.wikipedia.org/wiki/ISCSI. Daarnaast moet je een LUN configureren. Hieronder zie je hoe ik /dev/sdc5 aankoppel. Het is ook mogelijk om een file te koppelen als LUN. Hoe dit in zijn werk gaat, lees je hier: http://www.l4l.be. Meer informatie over het ietd.conf bestand vind je hier: http://manpages.ubuntu.com/manpages/hardy/man5/ietd.conf.5.html

Target iqn.2009-02.local.ict-freak:storage.disk2.750.xyz
        # Users, who can access this target. The same rules as for discovery
        # users apply here.
        # Leave them alone if you don’t want to use authentication.
        #IncomingUser joe secret
        #OutgoingUser jim 12charpasswd
        # Logical Unit definition
        # You must define one logical unit at least.
        # Block devices, regular files, LVM, and RAID can be offered
        # to the initiators as a block device.
        Lun 0 Path=/dev/sdc5,Type=fileio

Sla het bestand op en sluit je editor.

Via de volgende twee commando’s start je de iscsi-target en bekijk je de status:

sudo /etc/init.d/iscsi-target start

sudo /etc/init.d/iscsi-target status

Deze target gebruik ik nu binnen VMware ESX 3.5u3.

Via het volgende commando kun je zien of de volume gebruikt word:

cat /proc/net/iet/volume

tid:1 name:iqn.2009-02.local.ict-freak:storage.disk2.750.xyz
lun:0 state:0 iotype:fileio iomode:wt path:/dev/sdc5

op de ubuntu server kun je de iscsi target monitoren via:

cat /proc/net/iet/session

tid:1 name:iqn.2009-02.local.ict-freak:storage.disk2.750.xyz
sid:564049469047296 initiator:iqn.1998-01.com.vmware:esx35srv1-673995f2
cid:0 ip:172.1.1.211 state:active hd:none dd:none

Bron: http://www.l4l.be/docs/server/storage/iscsi/iscsitarget_ubuntu.php

November 18, 2008November 18, 2008 afokkema Linux, Ubuntu

Ubuntu: cdrom0 Permission Denied

Nadat ik de VMware Tools had geïnstalleerd in een VM met daarop Ubuntu 8.10 desktop. Kreeg ik een melding over “Overwrite lock of zoiets” ik heb met mijn slaperige hoofd op Yes geklikt met als gevolg dat ik de cd-rom drive niet meer kon gebruiken.

Zodra ik de cdrom wilde benaderen, kwam er een Permission denied melding.

Dit kun je gelukkig eenvoudig oplossen door het bestandje /etc/fstab aan te passen.

Nano /etc/fstab

Verwijder udf uit de onderstaande regel en sla het bestandje op. Daarna werkt de cd-rom werkt weer.

/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec 0 0

bron: http://ubuntuforums.org/archive/index.php/t-649889.html

October 28, 2008October 28, 2008 afokkema Linux, Microsoft, Ubuntu, Windows

Tool: Nmap for Windows

Soms heb je de behoefte om te kijken welke tcp/udp porten er open staan op een server. Binnen linux gaat dit eenvoudig via de tool nmap (in Ubuntu installeer je deze via sudo apt-get install nmap). Ik was benieuwd of deze tool ook voor Windows beschikbaar was.

Download eerst nmap-4.76-win32.zip en pak deze uit in bijvoorbeeld C:\Program Files\Nmap.

Installeer vervolgens:

winpcap-nmap-4.02.exe (Mocht je Wireshark geïnstalleerd hebben dan kun je deze stap overslaan).
vcredist_x86.exe
en als laatste voeg je nmap_performance.reg toe aan het register.

Daarna kun je een portscan uitvoeren door naar het commandprompt te gaan en het volgende commando uit te voeren:

nmap ip-adres

Zo kun je heel eenvoudig kijken welke porten er open staan op de server.

Via het commando: nmap -sS 1.1.1.* –p3389 kun je alle pc’s / servers zoeken die de port 3389 open hebben staan.

Meer info over nmap vind je hier: http://nmap.org/ en op de volgende site vind je allerlei tutorials: http://www.nmap-tutorial.com/ en nog een pagina met een quickstart guide: http://blog.fourthirty.org/?p=112

October 26, 2008October 26, 2008 afokkema Linux, Ubuntu

Ubuntu: DHCP Release and Renew

Via het commando: sudo dhclient -r release je het huidige ip-adres

Via het commando sudo dhclient vraag je weer een nieuw ip-adres aan.

October 26, 2008October 26, 2008 afokkema Active Directory, Linux, Microsoft, Ubuntu, Windows

How To: Ubuntu in a Windows Domain

In deze “How To” lees je hoe eenvoudig het is geworden om een Ubuntu 8.04 machine in een Windows domain toe te voegen.

Als eerste dien je likewise-open te installeren en te configureren. Dit gaat als volgt:

sudo apt-get update
sudo apt-get install likewise-open
sudo domainjoin-cli join ubuntu.lnx.lab Administrator
fqdn Administrator account binnen AD.
sudo update-rc.d likewise-open defaults
sudo /etc/init.d/likewise-open start
sudo reboot -n