Linux How-To: Expand an LVM volume

Practical Scenario: We have the following CentOS 6.4 Linux server, and we want to increase the size of the “/u01″ file system.

Pre-caution must be taken, don’t do this activity without taking backup first.

[root@centos ~]# df -h /u01
Filesystem                      Size  Used Avail Use% Mounted on
/dev/mapper/vg_data-u01          2.0G   35M  1.9G   2% /u01
[root@centos ~]# 

The server is utilizing the LVM volume manager as we can see from the “df -h” output, so let’s check the volume groups:

[root@centos ~]# vgscan 
  Reading all physical volumes.  This may take a while...
  Found volume group "vg_data" using metadata type lvm2
  Found volume group "vg_centos" using metadata type lvm2
[root@centos ~]# 

As we can see, there are two volume groups “vg_data” and “vg_centos”, the volume group used by “/u01″ is “vg_data” as we saw from the “df -h” output. Let’s explore the “vg_data” volume group further using the “vgdisplay” command:

[root@centos ~]# vgdisplay vg_data
  --- Volume group ---
  VG Name               vg_data
  System ID             
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               1.98 GiB
  PE Size               4.00 MiB
  Total PE              508
  Alloc PE / Size       508 / 1.98 GiB
  Free  PE / Size       0 / 0   
  VG UUID               gYjLlH-Y4eg-rwa1-MvDd-PgKd-3p3o-acEFYf
   
[root@centos ~]# 

The size of the volume group is 1.98 GB, and it’s all being used by the volume “u01″. We can further confirm that we lvdisplay:

[root@centos ~]# lvdisplay /dev/vg_data/u01 
  --- Logical volume ---
  LV Path                /dev/vg_data/u01
  LV Name                u01
  VG Name                vg_data
  LV UUID                ibqxiV-22t1-tBBX-khm9-VQUP-9aE6-nMfDGX
  LV Write Access        read/write
  LV Creation host, time centos, 2013-06-20 00:44:26 +0300
  LV Status              available
  # open                 1
  LV Size                1.98 GiB
  Current LE             508
  Segments               2
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2
   
[root@centos ~]# 

Next, we need to see the physical disks used by the volume group “vg_data”, we can see that using the “pvdisplay” command:

[root@centos ~]# pvdisplay 
  --- Physical volume ---
  PV Name               /dev/sdb1
  VG Name               vg_data
  PV Size               1019.72 MiB / not usable 3.72 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              254
  Free PE               0
  Allocated PE          254
  PV UUID               L1nW8o-Bgrt-ESaa-05li-p2z8-uHVY-IRcmww
   
  --- Physical volume ---
  PV Name               /dev/sdc1
  VG Name               vg_data
  PV Size               1019.72 MiB / not usable 3.72 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              254
  Free PE               0
  Allocated PE          254
  PV UUID               xxPaXl-xOgG-eRtS-VSuL-S9eX-pOl4-HzOQGL
   
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               vg_centos
  PV Size               14.51 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              3714
  Free PE               0
  Allocated PE          3714
  PV UUID               AsEY8c-aMi8-wjC4-qen5-ZEK8-Ma8J-EP0myk
   
[root@centos ~]# 

From the output above, we can see that the disks “sdb1″ and “sdc1″ are used by the volume group “vg_data”.

Now to increase the space, we need to add a new disk to the volume group “vg_data”, so the next step is to add a new disk, for the purpose of this example I added a 1GB disk “/dev/sdd” to the server. The first step in configuring this disk is to format it and create an LVM filesystem:

[root@centos ~]# fdisk /dev/sdd
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x47a11a25.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-130, default 1): 
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-130, default 130): 
Using default value 130

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
[root@centos ~]# 

Using the “fdisk” utility, I partitioned the disk, and created an LVM partition on partition number one.

The next step is to create a physical volume to be used by LVM:

[root@centos ~]# pvcreate /dev/sdd1
  Physical volume "/dev/sdd1" successfully created
[root@centos ~]# 
[root@centos ~]# 
[root@centos ~]# pvdisplay /dev/sdd1
  "/dev/sdd1" is a new physical volume of "1019.72 MiB"
  --- NEW Physical volume ---
  PV Name               /dev/sdd1
  VG Name               
  PV Size               1019.72 MiB
  Allocatable           NO
  PE Size               0   
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               GpT8oe-zrlW-ak2R-vUpX-gtY2-w1xn-5cfTO0
   
[root@centos ~]# 

Now we can see a 1GB physical volume. The physical volume must be added to the volume group “vg_data”, to do that we will use the “vgextend” command to extend the volume group:

[root@centos ~]# vgextend vg_data /dev/sdd1
  Volume group "vg_data" successfully extended
[root@centos ~]# 
[root@centos ~]# vgdisplay vg_data
  --- Volume group ---
  VG Name               vg_data
  System ID             
  Format                lvm2
  Metadata Areas        3
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                3
  Act PV                3
  VG Size               2.98 GiB
  PE Size               4.00 MiB
  Total PE              762
  Alloc PE / Size       508 / 1.98 GiB
  Free  PE / Size       254 / 1016.00 MiB
  VG UUID               gYjLlH-Y4eg-rwa1-MvDd-PgKd-3p3o-acEFYf
   
[root@centos ~]# 

The command was successful because the size of the volume has indeed been increased to 2.98 GB. Now we have to increase the size of the logical volume using the “lvextend” command, but first we will unmount the filesystem for safety. After the “lvextend”, the ext4 filesystem must be checked and resized using the “e2fsck” and “resize2fs” commands respectively:

[root@centos ~]# umount /u01
[root@centos ~]#
[root@centos ~]# lvextend -L 2.97G /dev/vg_data/u01 
    Rounding size to boundary between physical extents: 2.97 GiB
  Extending logical volume u01 to 2.97 GiB
  Logical volume u01 successfully resized
[root@centos ~]# 
[root@centos ~]# e2fsck -f /dev/vg_data/u01
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/vg_data/u01: 32/130048 files (0.0% non-contiguous), 17128/520192 blocks
[root@centos ~]# resize2fs -p /dev/vg_data/u01 
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/vg_data/u01 to 779264 (4k) blocks.
Begin pass 1 (max = 8)
Extending the inode table     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/vg_data/u01 is now 779264 blocks long.

[root@centos ~]# 
[root@centos ~]# mount /dev/vg_data/u01 /u01
[root@centos ~]# df -h /u01
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_data-u01
                      3.0G   35M  2.8G   2% /u01
[root@centos ~]# 

Posted in CentOS, Disks, HOW-To, Linux, LVM, Open Source, Red Hat, RHCE, Storage, System Administration, Volume Manager | Tagged | 1 Comment

Perl and Bash scripts to rename multiple files

Say you have many files in a directory called “filename.txt” and you want to rename them to “filename.doc”. For demonstration purposes, I will create the files f1.txt, f2.txt, and f3.txt and then rename them to f1.doc, f2.doc, and f3.doc respectively. This is a simple task , and I will demonstrate it using both Bash and Perl scripts.

First, we will create the files:

[root@station1]# touch f{1,2,3}.txt
[root@station1]# ls *txt
f1.txt  f2.txt  f3.txt
[root@station1]#

Now we will do this using Bash, we will call our script “name.sh” :

## name.sh script to rename files from *.txt to *.doc 
#!/bin/bash
FILES=`ls *.txt`
for VAR in $FILES
do
mv $VAR ${VAR/txt/doc}
done

the script will simply “mv” any file that ends with “txt” to the same file name but ending with “doc”. Let’s execute it and test it:

[root@station1 scripts]# ls *txt
f1.txt  f2.txt  f3.txt
[root@station1]# ./name.sh 
[root@station1]# ls *txt
ls: *txt: No such file or directory
[root@station1]# ls *doc
f1.doc  f2.doc  f3.doc
[root@station1]

So the script successfully renamed the files with “.txt” extension to “.doc”. Now let’s rename the files back from “.doc” to “.txt”, but this time let’s do it using a Perl script.

We will use the perl function “rename” (see “perldoc -f rename” for more information). We will call it “name.pl” :

## script to rename *.doc files to *.txt files
#!/usr/bin/perl
use warnings;
use strict;
my @arr = `ls *doc`;
my $var;
foreach (@arr)
{
        chomp;
        $var = "$1.doc" if (/(\w+)\.doc/);
        print "Error: $!\n" if (! rename "$_","$var");
}

We used the “chomp” function to get rid of whitespaces, and we trapped the “rename” function to see if any rename failed and captured the error in the “$!” variable. Let’s test the script now:

[root@station1]# ls *doc
f1.doc  f2.doc  f3.doc
[root@station1]# ./name.pl 
[root@station1]# ls *doc
[root@station1 scripts]# ls *doc
ls: *doc: No such file or directory
[root@station1 scripts]# ls *txt
f1.txt  f2.txt  f3.txt
[root@station1 scripts]# 

The script renamed back all files from “*.doc” to “*.txt”. This scripts are not perfect, and there is definitely more than one way to accomplish the same task. This is just to demonstrate one way to do it ;)

Posted in Bash, Perl, scripting | Tagged , , , , , , , , | Leave a comment

What kind of Unix Administrator are you?

I’ve read this few years ago, and it made me laugh so hard. According to the article, there are three types of Unix Administrators: The technical thug, the administrative fascist, the maniac, and the idiot. If you worked with Unix admins, chances are you’ve met all those Admins (at least I did ;) )

This is the post, courtesy of GNU:
http://www.gnu.org/fun/jokes/know.your.sysadmin.html

GNU

So read on, and let us know which one is you!

Posted in community, humor, Linux, System Administration, Unix, User Administration | Tagged , , , , , , , , | Leave a comment

Linux and UNIX: Understanding and modifiying File timestamps

In UNIX, there is a record of three timestamps with every file/directory: mtime (last modification time),atime (last access time), and ctime (last change time of the inode).

Unfortunately, there’s no way in UNIX/Linux to know the creation time of the file.

We will explore how to read the different timestamps, and understand when they get updated.

1. mtime (last modification time).

root@hamdan # ls -l testFile
-rw-r--r--   1 root     root          23 Oct 22 09:46 testFile
root@hamdan #

Note that if the year is not showing, this means that the modification happened this year.

The last modification time is 09:46, 22-October-2012.

if we edit the file, this time will be updated. For example:

root@hamdan # echo "hello" > testFile
root@hamdan # ls -l testFile
-rw-r--r--   1 root     root           6 Oct 22 10:50 testFile
root@hamdan # date 
Mon Oct 22 10:50:46 AST 2012
root@hamdan #

The modification time has been updated to current time.

2. atime (last access time).

This timestamp gets updated each time the contents of the file is accessed (read).

root@hamdan # ls -lu testFile
-rw-r--r--   1 root     root          6 Oct 22 09:51 testFile
root@hamdan # cat testFile
hello
root@hamdan # ls -lu testFile
-rw-r--r--   1 root     root           6 Oct 22 10:59 testFile
root@hamdan # date
Mon Oct 22 10:59:20 AST 2012

3. ctime (last change to inode information (metadata)).

The ctime timestamp gets updated with there’s a modification to the contents of the file OR when there’s a change on the file’s information (such as a permission change). While the atime gets updated only when there’s a change to the contents of the file.

For example:

root@hamdan # ls -l testFile 
-rw-r--r--   1 root     root           0 Oct 22 10:30 testFile
root@hamdan # chmod g+x testFile 
root@hamdan # ls -l testFile 
-rw-r-xr--   1 root     root           0 Oct 22 10:30 testFile
root@hamdan # 
root@hamdan # ls -lc testFile 
-rw-r-xr--   1 root     root           0 Oct 22 11:15 testFile
root@hamdan #

Those time stamps can be altered manually using the “touch” utility. For example, if you changed a file and you want to hide your tracks, you can change the time stamp ;)

For example, let’s modify our file “testFile”:

root@hamdan # ls -l testFile 
-rw-r--r--   1 root     root           0 Oct 22 10:30 testFile
root@hamdan # echo "We are modifying the file" > testFile
root@hamdan # ls -l testFile 
-rw-r--r--   1 root     root           26 Oct 22 11:21 testFile
root@hamdan # touch -t 201210221030 testFile 
root@hamdan # ls -l testFile 
-rw-r-xr--   1 root     root          26 Oct 22 10:30 testFile
root@hamdan # 

the format of the touch command is : touch -t YYYYMMDDhhmm (yearMonthDayHourMinute).

Posted in Digital Forensics, forensics, HOW-To, security, Unix | Tagged | 1 Comment

Solaris 10: Verify the integrity of OS Executable and Linkable Format files

Starting from Solaris 10, most operating system ELF (Executable and Linkable Format) objects have been digitally signed. To verify that a file hasn’t been tampered with, we can use the command “elfsign”. Note that this utility verifies that contents of the file only. It doesn’t verify the path of the file, so if the name of the file has changed, this utility can’t detect that.

For example, to verify the integrity of the command “ls”:

root@hamdan # which ls
/usr/bin/ls
root@hamdan # 
root@hamdan # elfsign verify -e /usr/bin/ls 
elfsign: verification of /usr/bin/ls passed.
root@hamdan # 
root@hamdan #

The verification of the file = passed. This means that the file hasn’t been tampered. If the verification shows “failed”, then it means that the file has been tampered with. If the verification result shows “no signature found” or “unable to open file”, then the file hasn’t been signed by Sun.

This is a quick and useful way to verify the integrity of ELF objects.

Note: The digital certificates used for verification are under the directory “/etc/certs”.

Posted in Cryptography, security, Solaris | Tagged , , , | Leave a comment

How- To: The Concept of exe Crack

It was 6 years back when i cracked the first exe in my life, it was an application i programmed that had a window form skin component “TSkin” maybe, that gives your application window themes or shapes (non necessarily rectangular).

The thing was, the skin is loaded, but whenever i ran my application, it showed a message that this is a demo version of the skin, so i had to crack it, just to remove that message.

 So what is a Crack and how Crackers do it?

Quoting Wikipedia:

“The most common software crack is the modification of an application’s binary to cause or prevent a specific key branch in the program’s execution. This is accomplished by reverse engineering the compiled program code using a debugger such as SoftICE, OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). The binary is then modified using the debugger or a hex editor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it”

A simple example:

I wrote this simple program using C++ builder:

#include <iostream.h>
void main (){
int a,b;
cout<<"Enter the first Integer"<<endl;
cin>>a;
cout<<"Enter the second Integer"<<endl;
cin>>b;
if(a>5 || b>5){
cout<<"Trial version can't sum numbers more than 5"<<endl;
return;
}
cout<<"Sum of A + B ="<<a+b;
return;
}

This program simply asks for two integers as input, and output the summation of them; but if any of the operands were greater than 5, the program outputs a message that this is trial version, then returns.

I will be using Ollydbg in order to debug this exe and view its assembly code, you can get ollydbg from here http://www.ollydbg.de/

Step 1: load the exe into the debugger

 Step 2: look for assembly code that makes sense.

Step 3: Analyze

you need sufficient assembly language knowledge in order to understand this step.

Step 4: do your alteration:

There are many ways to do this, i can’ recall two:

  • Reveres the condition (so that if the number is more than 5 it will summ it)
  • Fill the condition and it’s following branch code with nop’s (no operation assembly instruction which actually does nothing)

The filling NOP method is more accurate, as you can completely have the functional program without limitations.

I’ll go with the NOP’s, while someone can ask why to fill with NOP’s, why don’t you just delete that portion of code?

You simply can’t for a couple of reasons:

1. Sometimes the program do a CRC check of its self, deleting portion of codes (and thus binary data) will result in a different CRC.

2. It will result into pointing to different segment of code.

Step 5: save your changes and export the .exe binary.

Step 6: test the cracked .exe

 

Elite crackers use more professional tools, mostly tools of their own; sometimes there is a windows kernel level of debugging to have more information about how to crack the software.

of course this tutorial is useful of you are dealing with an application that has a single .exe file, sometimes you have also to crack the .dll file in order to bypass the restriction.

Assembly terms used:

JMP: jump to specific address and starts executing
CMP: compare two registers, or register with value
JG: jump if greater than
JLE: jump if less or equal to
NOP: no operation, idle CPU instruction
CALL: call a function located at a specific address, pushes current registers to stack
PUSH: save registers to stack
POP:  retrieves registers from stack

Hope it was helpful.

Posted in HOW-To | Tagged , , , , , , , , , , | 2 Comments

Linux and UNIX HOW-TO: Setup a basic OpenLDAP Client and Server

The topic of LDAP seems to be little bit complicated at the beginning, so we will start with a simple example to for demonstration purposes.

We will use two machines in this example: a client and a server, both running Red Hat Enterprise Linux 5.4. We will use the OpenLDAP rpm package that’s available with Red Hat. The setup is:

Server: station1.example.com 192.168.0.1

Client: station2.example.com 192.168.0.2

To demonstrate some of the functionality of an LDAP server, we will add local users to “station1.example.com” (our Server) BEFORE we configure it as an LDAP server. Then, we will configure it as an LDAP Server so that all the users (i.e. /etc/passwd and /etc/shadow and /etc/group contents) will be imported to the LDAP database, and finally after configuring “station2.example.com” as an LDAP client, we will verify our configuration by listing the users that the system can see which should include the users that we created on “station1.example.com”.

We will break out configuration into a very simple steps. We will start with the server “station1.example.com”:

1. Create test users:

[root@station1 ~]# useradd user1
[root@station1 ~]# useradd user2
[root@station1 ~]# useradd user3

2. Install the following packages (rpms):

[root@station1 ~]# yum install openldap-servers-2.3.43-3.el5
[root@station1 ~]# yum install openldap-2.3.43-3.el5
[root@station1 ~]# yum install openldap-clients-2.3.43-3.el5

3. Edit the LDAP config file to add the name of our suffix (in this case, it’s dc=example,dc=com). Edit only three lines:

[root@station1 ~]# vi /etc/openldap/slapd.conf 
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"

...
rootpw          123

[root@station1 ~]# 

In the above file, we only edited three lines to make “dc=example,dc=com” because that’s our suffix in this demo. We also made the root password (rootpw) = 123, that’s the root admin for LDAP. Password is store in text format here for simplicity.

4. The next step is to migrate the local files (/etc/passwd, /etc/shadow, and /etc/group) contents to an LDIF file. This is done using scripts that are ready with the packages we installed at the beginning

[root@station1 migration]# cd /usr/share/openldap/migration/
[root@station1 migration]# ./migrate_base.pl > a.ldif
[root@station1 migration]# ./migrate_passwd.pl  /etc/passwd >> a.ldif
[root@station1 migration]# ./migrate_group.pl /etc/group >> a.ldif

The resulting file “a.ldif” is a text file, you can read the file to verify that the contents were migrated properly.

5. Since the LDIF file is ready, we can now build the LDAP database:

First check the existing LDAP database (it should be empty):

[root@station1 ~]# ls /var/lib/ldap/
openldap-severs-update.log
[root@station1 ~]#

There’s only one empty log file, that’s fine. Now we can build the database:

[root@station1 ~]# slapadd -v -d3 -l  /usr/share/openldap/migration/a.ldif

6. Verify that the database has been successfully created:

[root@station1 ~]# ls -l /var/lib/ldap
total 1880
-rw-r--r-- 1 root root     2048 Oct 21 12:28 alock
-rw------- 1 root root    36864 Oct 21 12:25 cn.bdb
-rw------- 1 root root    24576 Oct 21 12:25 __db.001
-rw------- 1 root root   278528 Oct 21 12:25 __db.002
-rw------- 1 root root   270336 Oct 21 12:25 __db.003
-rw------- 1 root root    98304 Oct 21 12:25 __db.004
-rw------- 1 root root   352256 Oct 21 12:25 __db.005
-rw------- 1 root root    24576 Oct 21 12:25 __db.006
-rw------- 1 root root    36864 Oct 21 12:25 dn2id.bdb
-rw------- 1 root root     8192 Oct 21 12:25 gidNumber.bdb
-rw------- 1 root root   114688 Oct 21 12:25 id2entry.bdb
-rw------- 1 root root 10485760 Oct 21 12:25 log.0000000001
-rw------- 1 root root     8192 Oct 21 12:25 loginShell.bdb
-rw------- 1 root root     8192 Oct 21 12:25 memberUid.bdb
-rw------- 1 root root     8192 Oct 21 12:25 nisMapName.bdb
-rw------- 1 root root    20480 Oct 21 12:25 objectClass.bdb
-rw-r--r-- 1 root root       37 Oct 21 11:54 openldap-severs-update.log
-rw------- 1 root root     8192 Oct 21 12:25 ou.bdb
-rw------- 1 root root    20480 Oct 21 12:25 uid.bdb
-rw------- 1 root root     8192 Oct 21 12:25 uidNumber.bdb
[root@station1 ~]# 

As we can see, the database files have been created. We can check that the database is actually true to the LDIF we created by executing this command:

[root@station1 ~]# slapcat

The output should match the contents of the LDIF file generated earlier.

7. Change permissions of the LDAP database files. Since they will be accessed by the LDAP daemon, then they shouldn’t have “root” as owner and group.

[root@station1 ~]# chown ldap.ldap * /var/lib/ldap
[root@station1 ~]# ls -l /var/lib/ldap
total 1880
-rw-r--r-- 1 ldap ldap     2048 Oct 21 12:28 alock
-rw------- 1 ldap ldap    36864 Oct 21 12:25 cn.bdb
-rw------- 1 ldap ldap    24576 Oct 21 12:25 __db.001
-rw------- 1 ldap ldap   278528 Oct 21 12:25 __db.002
-rw------- 1 ldap ldap   270336 Oct 21 12:25 __db.003
-rw------- 1 ldap ldap    98304 Oct 21 12:25 __db.004
-rw------- 1 ldap ldap   352256 Oct 21 12:25 __db.005
-rw------- 1 ldap ldap    24576 Oct 21 12:25 __db.006
-rw------- 1 ldap ldap    36864 Oct 21 12:25 dn2id.bdb
-rw------- 1 ldap ldap     8192 Oct 21 12:25 gidNumber.bdb
-rw------- 1 ldap ldap   114688 Oct 21 12:25 id2entry.bdb
-rw------- 1 ldap ldap 10485760 Oct 21 12:25 log.0000000001
-rw------- 1 ldap ldap     8192 Oct 21 12:25 loginShell.bdb
-rw------- 1 ldap ldap     8192 Oct 21 12:25 memberUid.bdb
-rw------- 1 ldap ldap     8192 Oct 21 12:25 nisMapName.bdb
-rw------- 1 ldap ldap    20480 Oct 21 12:25 objectClass.bdb
-rw-r--r-- 1 ldap ldap       37 Oct 21 11:54 openldap-severs-update.log
-rw------- 1 ldap ldap     8192 Oct 21 12:25 ou.bdb
-rw------- 1 ldap ldap    20480 Oct 21 12:25 uid.bdb
-rw------- 1 ldap ldap     8192 Oct 21 12:25 uidNumber.bdb
[root@station1 ~]# 

8. Now the LDAP server is ready! Start the service:

[root@station1 ~]# service ldap start
Checking configuration files for slapd:  bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=example,dc=com.
config file testing succeeded
                                                           [  OK  ]
[root@station1 ~]#

Next, we will configure “station2.example.com” as an LDAP client. It’s very simple, we will use the GUI for simplicity:

Execute this command to lunch the GUI tool:

[root@station2 ~]# system-config-authentication

Choose “Enable LDAP Support”, then click “configure LDAP”:

Enter the settings as follows then click “OK” :

Now that the system “station2.example.com” should be configured as an LDAP client, we can test our configuration with LDAP Search commands:

1. To use LDAP commands, we should have this pacakge installed in the clients:

[root@station2 ~]# rpm -qa|grep ldap-clients
openldap-clients-2.3.43-3.el5
[root@station2 ~]

2. Execute ldapsearch commands to retrieve information about the users we configured on the LDAP server:

 [root@station2 ~]# ldapsearch -x uid=user1
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=user1
# requesting: ALL
#

# user1, People, example.com
dn: uid=user1,ou=People,dc=example,dc=com
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJHlIUGxDcWk2JGJnbHFKSVpaUlFIbGFrSzFwNzlvby8=
shadowLastChange: 15268
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/user1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@station2 ~]# 

This means that both the client and server are working fine.

For more information please check:
www.openldap.org/

Posted in authentication, Directory Services, HOW-To, LDAP, Linux, network, Open Source, OpenLDAP, Red Hat, RHCE, RHEL, Unix, User Administration | Tagged , , , , , , , , , , , , , , , | 6 Comments

Linux and UNIX HOW-TO: Create simple master and slave DNS Servers

The procedure below can be used with any UNIX/LINUX flavor. All the machines in this example are using Red Hat Enterprise Linux 5.

For simplicity purposes, we will assume the server will resolve names on the LAN: 192.168.0.1/24, and the LAN has 4 workstations connected:
station1.example.com: 192.168.0.1
station2.example.com: 192.168.0.2
station3.example.com: 192.168.0.3
station4.example.com: 192.168.0.4

We will configure “station1.example.com” as a master DNS server, and “station2.example.com” as a slave DNS Server.

We will start by configuring the master DNS Server:

1. The package needed for this configuration is “BIND”. Check if it’s available:

[root@station1 named]# rpm -qa|grep bind
ypbind-1.19-12.el5
bind-libs-9.3.6-4.P1.el5
bind-utils-9.3.6-4.P1.el5
bind-9.3.6-4.P1.el5
[root@station1 named]# 

2. Edit “/etc/named.conf” as follows:

[root@station1 ~]# vi /etc/named.conf
options {
directory "/var/named";
};

zone "example.com" {
type master;
file "forward.zone";
};

zone "0.168.192.in-addr.arpa" {
type master;
file "reverse.zone";
};
[root@station1 ~]#

In the file above, we first specified that the Host Name to IP records will be stored in files under the directory “/var/named”, and then we created a zone for forward mapping (Host Name to IP mapping), and a zone for reverse mapping ( IP to Host Name mapping). Since we only have one LAN (one domain: example.com), so we need two zones only.

3. Create the forward zone file “forward.zone” under “/var/named” :

[root@station1 ~]# cd /var/named
[root@station1 named]# vi forward.zone 
$TTL    86400
@               IN      SOA     station1.example.com.   root    (
                                                42      ; serial (d. adams)
                                                3H      ; refresh
                                                15M     ; retry
                                                1W      ; expiry
                                                1D )    ; minimum
                IN      NS      station1.example.com.
station1        IN      A       192.198.0.1
station2        IN      A       192.168.0.2
station3        IN      A       192.198.0.3
station4        IN      A       192.168.0.4

[root@station1 named]#

In the file above, we specified that the “SOA” (start of authority) is “station1.example.come”, and that error messages be sent to “root”.

Then we specified that the “NS” (Domain Name Server) is “station1.example.com.” Then we added the “A” (Address) of each machine on the network.

4. Create the forward zone file “reverse.zone” under “/var/named” :

[root@station1 ~]# cd /var/named
[root@station1 named]# vi reverse.zone 
$TTL    86400
@               IN      SOA     station1.example.com    root    (
                                                42      ; serial (d. adams)
                                                3H      ; refresh
                                                15M     ; retry
                                                1W      ; expiry
                                                1D )    ; minimum
                IN      NS      station1.example.com.
1               IN      PTR     station1.example.com.
2               IN      PTR     station2.example.com.
3               IN      PTR     station3.example.com.
4               IN      PTR     station4.example.com.

[root@station1 named]# 

In the reverse file, again we specified the same “SOA” and “NS”. After that, we specified the “PTR” (pointer), so that it will be appended to “0.168.192.in-addr.arpa”. For example, the record “192.168.0.4″ when queried to the DNS Server, it will be translated as “4.0.168.192.in-addr.arpa”, and then mapped to “station4.example.com.”

5. Make the sure that “forward.zone” and “reverse.zone” have the right owner/permission:

[root@station1 named]# ls -l
total 24
drwxrwx--- 2 named named 4096 Jul 29  2009 data
-rw-r--r-- 1 root  root 239 Oct 17 16:57 forward.zone
-rw-r--r-- 1 root  root  250 Oct 17 16:55 reverse.zone
drwxrwx--- 2 named named 4096 Jul 29  2009 slaves
[root@station1 named]#

Since the daemon “named” will be using these file, the permission should be changed accordingly:

[root@station1 named]# chgrp named *.zone
[root@station1 named]# ls -l
total 24
drwxrwx--- 2 named named 4096 Jul 29  2009 data
-rw-r--r-- 1 root  named  239 Oct 17 16:57 forward.zone
-rw-r--r-- 1 root  named  250 Oct 17 16:55 reverse.zone
drwxrwx--- 2 named named 4096 Jul 29  2009 slaves
[root@station1 named]#

6. Configure all the clients to use “station1″ as a DNS Server by editing “/etc/resolv.conf”:

[root@station1 ~]# vi /etc/resolv.conf 
search example.com
nameserver 192.168.0.1
[root@station1 ~]#

Make sure to configure the same on all the machines: station2, station3, and station4.

7. Start the service:

[root@station1 ~]# service named start
Starting named:                                            [  OK  ]
[root@station1 ~]#

Make the sure the service starts automatically after each reboot:

[root@station1 ~]# chkconfig named on
[root@station1 ~]# chkconfig named --list
named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@station1 ~]# 

8. Test the DNS functionality:

From Station3, for example, we can run the following tests:

[root@station3 ~]# nslookup station2
Server:         192.168.0.1
Address:        192.168.0.1#53

Name:   station2.example.com
Address: 192.168.0.2

[root@station3 ~]# 
[root@station3 ~]# nslookup station1
Server:         192.168.0.1
Address:        192.168.0.1#53

Name:   station1.example.com
Address: 192.198.0.1

[root@station3 ~]# nslookup 192.168.0.4
Server:         192.168.0.1
Address:        192.168.0.1#53

4.0.168.192.in-addr.arpa        name = station4.example.com.

[root@station3 ~]# 

Now we have successfully configured “station1″ as a master (primary) DNS Server. The next step is to configure “station2″ as a slave (secondary) DNS Server. It’s very easy to do so, as only one file needs to be edited on “station2″:

1. Configure “/etc/named.conf” on “station2″ :

[root@station2 ~]# vi /etc/named.conf 
options {
directory "/var/named/slaves";
};

zone "example.com" {
type slave;
file "forward.zone";
masters { 192.168.0.1; };
};

zone "0.168.192.in-addr.arpa" {
type slave;
file "reverse.zone";
masters { 192.168.0.1; };
};

[root@station2 ~]# 

In “/var/named.conf”, we simply specified that the files should go under “/var/named/slaves”, and the the master DNS server is “192.168.0.1″ (i.e. station1) .

2. The next step is start the DNS Service on “station2″:

[root@station2 ~]# service named start
Starting named:                                            [  OK  ]
[root@station2 ~]# 
[root@station2 ~]# chkconfig named on
[root@station2 ~]# chkconfig named --list
named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@station2 ~]# 

3. Check that all the configuration files have been automatically copied from the master DNS Server:

[root@station2 ~]# ls /var/named/slaves/
forward.zone  reverse.zone
[root@station2 ~]# 
[root@station2 ~]# cat /var/named/slaves/forward.zone 
$ORIGIN .
$TTL 86400      ; 1 day
example.com             IN SOA  station1.example.com. root.example.com. (
                                42         ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      station1.example.com.
$ORIGIN example.com.
station1                A       192.198.0.1
station2                A       192.168.0.2
[root@station2 ~]# cat /var/named/slaves/reverse.zone 
$ORIGIN .
$TTL 86400      ; 1 day
0.168.192.in-addr.arpa  IN SOA  station1.example.com.0.168.192.in-addr.arpa. root.0.168.192.in-addr.arpa. (
                                42         ; serial
                                10800      ; refresh (3 hours)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      station1.example.com.
$ORIGIN 0.168.192.in-addr.arpa.
1                       PTR     station1.example.com.
2                       PTR     station2.example.com.
[root@station2 ~]# 

4. Now, on all the clients (station1, station2, station3, and station4 ), Edit the file “/etc/resolv.conf” to specify that “station2″ is a slave DNS Server:

[root@station1 ~]# cat /etc/resolv.conf 
search example.com
nameserver 192.168.0.1
nameserver 192.168.0.2
[root@station1 ~]# 

I hope DNS is clear now … :)

Posted in DNS, DNS Server, HOW-To, Master DNS, network, Red Hat, RHCE, RHEL, Slave DNS, Unix | Tagged , , , , , , , , , , , | 9 Comments

Data Migration using EMC OpenReplicator Hot PULL

HOW TO: OpenReplicator Hot PULL  step by step

 

 

1.Environment:

 Destination VMAX,
Source :CX4   ,
 OS=Window 2008 ,
 Application: Exchange
, Cluster: Window CCR Cluster , replication cluster

 

*Control Device: VMAX,  control device the one who manage the OpenReplicator Session

Remote Device:CX4

* both Control and Remote  should have prober HA power and SAN connectivity

No Power or SAN failure can be acceptable during migration .

*PULL  , Control is the Destination and Remote is the Source

*Push , Control is the Source , and Remote is the Destination

*Control Always Symmetrix Storage System

*the Below notes are regarding Hot PULL

*Remove SCSI reservation flag if u have it on lun

2-Connectivity

 

2.a.  Zone VMAX ports to CX4 ports:

each ports on vmax that have access for Destination LUN , should be zoned to both SPA and SPB ( in hot pull or hot push ), symcfg list -fa all -sid 2221 # show wwpn for fa

in our case LUN on VMAX mapped to 7F0 and 10F0

so zoning was like

7F0 to SPA2

7F0 to SPB0

10F0 to SPA0

10F0 to SPB2

Now check that VMAX is able to see CX4

Display Remote Ports WWNs:

?? symsan –sanports –sid <Symid> -dir <# | ALL> -port <# | ALL>

this should display all storage ports that connected to VMAX

 

2.b, Discover CLARiiON by SYMCLI

add authorization for both SPA SPB

DMX800SUN1/> symcfg authorization add -host 10.127.38.41 -username navisphere_mosa

-password ***

DMX800SUN1/> symcfg authorization add -host 10.127.38.42 -username navisphere_mosa

-password ***

DMX800SUN1/> symcfg authorization list

 

 

cat calr.txt

SPA-IP  SPB-IB

10.127.38.41 10.127.38.42

 

symcfg disc -clariion -file clar.txt  ( u need to run this , before u start OR session again )

symdev -list -clariion

 

 

2.c. Masking Source LUN to VMAX:

Vmax port act as target not as initiator  , so can’t be seen in Navisphere –> Connectivity status

and we need to create this entry for FA manually

so

from connectivity status

create initiator record by entering in HBA wwn :WWNN:WWPN of the FA port.

symcfg -sid xxxx list -dir ALL -v ( for VMAX WWNN and WWPN have different value as emc226479)

 Vmax You will create 4 initiator records (7f0 to registered to SPA2 , and SPB0 … etc)

and all these initiator records to be registered for one host ( name vmax-host-sg)

Now Mask CX4 LUN to VMax by creating New Storage Group that have Cx4 LUN and  vmax-host-sg

Double Check that VMAX is able to see CLARiiON LUNs

symsan -sanluns –wwn <san_port_wwn> –sid <Symid> -dir <# | ALL> -port <# | ALL>

or From SMC

Right Click on VMAX – Replication – OpenReplicator – Remote Report

 

 

 

3. Add License to symcli , symlmf

Open Replicator/DM — for all functions except Online Pull.

Open Replicator/LM — for Online Pull only.

 

 

4. do some checking

4.a symdev show 1c5, get  number of blocks on vmax

right click lun on navipshere – properties and check number of blocks

Destination should be equal or greater , although we can use force_copy if destination is smaller than source , such as if somebody push data from 64 GB LUN to 96 GB LUN and he want to pull it back , then we use -force_copy since in that case destiniation LUN is smaller

4.b. for cold to make device on control vmax unready

symdev not_ready 1c5 -sid 58 -noprompt

to make deivec ready after migration

symdev ready 1c5 -sid 58 -noprompt

 

 

 

5. Create OpenReplicator Session

5.a unmask LUN from CLARiiON ( No IO allowed ) , before that u need umount the disks, unassigned drive letter .

5.b create file that have Control and Remote LUNS
example1: VMAX and Non-EMC storage file format

symdev=VMAX ID:LUN CID      wwn= for the remote LUN on HP , u can get wwn  From SMC Right Click on VMAX – Replication – OpenReplicator – Remote Report

vi elian

symdev=000187430917:07A0 wwn=60060160F2810D00281B2B093212D911

symdev=000187430917:07A1 wwn=60060160F2810D004AD5205A3212D911

 

example2: left column is the control storage system, clariion should be discovered and u need to run symcfg disc -clariion -file clar.txt

symdev=VMAX iD : LUN CID   clardev=Cx4 serial number : Lun ID  ( as appear on SMC Right Click on VMAX – Replication – OpenReplicator – Remote Report)

vi elian

symdev=000187430917:07A0 clardev=APM00034801589:0063

symdev=000187430917:07A1 clardev=APM00034801589:0064

 

 

5.c CX4 LUNs are unmasked from the host ( Source LUN) , while VMAX LUn masked to the hosts but not mounted , not assigned drive letter and there is no partition on these disk (Destination LUN).

 

5.d. symrcopy create -copy -name mosa  -pull -hot -donor_update -file elian

donor_updaet necessary for online

for cold use

symrcopy create -copy -name mosa -pull -cold -file elian

 

5.e symrcopy query -detail -file  elian

session is create but still not activated

 

5.f. symrcopy activate -file elian

 

5.g symrcopy query -detail -file  elian

now CopyInProg

 

 

5.h  tune the speed

take care , and OpenReplicator should be done with Minimal IO activity

Copy On Access have some performance issue

if application have heavy IO that will slow OpenReplicator

 

pace 0 fastes , 5 default

do not change celing and change only pace

symrcopy –file elian  set pace 0

symrcopy list ceiling -dir all -sid 2221

To set a bandwidth ceiling of 100% for all directors on Symmetrix 6190, use the

following example:

symrcopy set ceiling 100 -dir all -sid 6190

You can view the new ceiling setting by using the list ceiling command, as follows:

symrcopy list ceiling

 

5.i Now we can Run our application (while Copy run in background )

since hot pull use CopyOnAccess

so in window rescan disk

after sometime ( Window is a bitch and need some time)

you will found that VMAX disks have Partitions and Same Volume Labels

assign Drive Letter to these Volume

and RUN ur application.

note:cx4 disk should be unmasked , so in this step you don’t have Duplicated Disk or Duplicated disk ID

 

 

on Linux

scan scsi bus

pvscan

vgscan

lvscan

mount new voulmes

or just reboot

 

unix > vgimport, better to reboot before importing

You do not need to wait for the copy operation to

complete

 

 

5.j symrcopy query -detail -file  elian

keep checking status

once done

5.k

symrcopy terminate -file elian  -force

use -force if u used donor_update in hot pull

 

 

5.l

Clean Up

delete vmax-host-sg

delete zone between vmax and clariion

 

 

5.m

R007 NAm ( go and have a nap ) but first take a shower alone :D

 

Posted in EMC, HOW-To, Linux, Migration | Tagged | 7 Comments

Android HOW-TO:Setting up the enviroment.

Since a long time and am dreaming of android development, i’ve tried to encourage my self by setting up the environment everywhere i go even on my brother’s wife Laptop !

a step I’ve done many times that i can give a lesson about :P

here what you’ll need to have an android development environment ready on your system (supposing windows – actually common in all OS’s):

*hint: to make things neat, create a folder say “Android” on your D:\ Drive that will contain all the development elements.

  1. JDK, download the JDK from Oracle Website at the date of writing this document this is the  x86 version for 32bit OS and the x64  for the 64bit OS and install it.
  2. Download Eclipse, the IDE that you’ll be using for the android development, Google has provided a plug-in that will make things easier on it,  here goes the 32bit edition and here goes the 64bit edition depends on your OS.
  3. Extract the zip to D:\Android so you’ll have Eclipse under D:\Android\eclipse\eclipse.exe
  4. run Eclipse, choose your workspace (D:\Android\workspace\), set it as default.
  5. go to Help->Install New Software-> paste the following link and click add https://dl-ssl.google.com/android/eclipse/ (it will take some time to fetch)
  6. you will get Developer Tools and NDK Plugins in the window, tick them and click Next
  7. do all the Next and Accept and Next, it will start downloading installing the ADT plugin for Eclipse
  8.  Meanwhile, download  the Android SDK from http://developer.android.com/sdk/index.html and install it to get D:\Android\android-sdk-windows
  9. Back to Eclipse, you might get warning during ADT installation, that’s normal, click continue.
  10. after ADT installation, you’ll be asked to restart Eclipse.
  11. On restarting, you might get an Warning message that “SDK Platform tools components is missing”, to double confirm we are in the right path close the warning and go to Windows->preferences->Android choose the SDK location as D:\Android\android-sdk\
  12. now go to Windows-> Android SDK Manager
  13. in the window that appears, first select the tools (both Android SDK tools, and Android SDK platform-tools)
  14. in order to start developing we need at least one platform to develop against,pick the platform you would like to develop against, i suggest 2.2, as most mobiles nowadays are at least version 2.2 (you may want also to download the corresponding google API for the same API level from third party category, and the sample code for the API
  15. note that if you build the app on the old platform, it will be forward compatible with the new platforms.
  16. to create a virtual device to test your code against (android device emulator), go to Windows-> AVD Manager.
  17. choose the name and target level of the emulator (will emulate the OS-API Level you have downloaded).
  18. pick the screen resolution as WQVGA400 as i find it suitable for my screen, 800 would be bulky and fill up your screen

your have now a ready enviroment for Android development

try starting the emulator, try opening the browser of the mobile phone, it should work like a real phone !

tip: the emulator is very slow, even on a super computers, its recommended to keep the emulator running while developing, booting time may take so much time !

have a good Android Development !

*****

Hello world:

  1. Go to File->New->Project
  2. select Android Application Project, click next
  3. Select Application Name as “Hello World”, Project name as “Hello World” and Package Name as “example.hello.world”, click next
  4. next window is to configure launcher icon, we can change this later, click next
  5. select Blank activity and click next
  6. click finish
  7. click on the project folder, and click run-> run or Ctrl+F11, choose run as Android Application
  8. if you don’t have the emulator running, it will take time to load, it’s recommended to keep the emulator opened as long as you are developing, loading time sucks.
  9. in the end, you should see the android loading, be patient, it will launch the application automatically, you should have a blank screen with Hello World text in it.
Posted in HOW-To | Leave a comment