LINUX

Saturday, January 11, 2014

mirror root disk

=============================================================
==========================================
RHEL5.5 x86_64 tested documentation version:1.0
=============================================================
==========================================
Requiremnt:
1) two disk with same size:like 20GB hear
2) mdadm package is required if not then install it
#rpm -qa mdadm
3)
#####
If VM then you have to be a sufficient space for the disk becz when it sysc first time it will
take space from the physical disk
###
when disk fail & then we add new disk at that time it required more space becz at that
time also sync happen between the disk
######========================================================
=====================================
testing have to be done at 20GB at list becz that will justify the production
environment
=============================================================
==========================================
########------------------------------------------------------------------
#############################
=============================================================
============================
Checking the disk structure & partition assign at which mount point
=============================================================
===========================
[root@pant ~]# fdisk -l
^[[A
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1925 15358140 83 Linux
/dev/sda3 1926 2056 1052257+ 82 Linux swap / Solaris
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
[root@pant ~]#
[root@pant ~]#
=============================================================
=========================
same partition structure assign to another disk which is also the same in size like sda
sda structure print over sdb
=============================================================
=========================
[root@pant ~]# sfdisk -d -f /dev/sda > mirror
[root@pant ~]# sfdisk /dev/sdb < mirror
Checking that no-one is using this disk right now ...
OK
Disk /dev/sdb: 2610 cylinders, 255 heads, 63 sectors/track
Old situation:
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sdb1 0 - 0 0 0 Empty
/dev/sdb2 0 - 0 0 0 Empty
/dev/sdb3 0 - 0 0 0 Empty
/dev/sdb4 0 - 0 0 0 Empty
New situation:
Units = sectors of 512 bytes, counting from 0
Device Boot Start End #sectors Id System
/dev/sdb1 * 63 208844 208782 83 Linux
/dev/sdb2 208845 30925124 30716280 83 Linux
/dev/sdb3 30925125 33029639 2104515 82 Linux swap / Solaris
/dev/sdb4 0 - 0 0 Empty
Successfully wrote the new partition table
Re-reading the partition table ...
If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)
to zero the first 512 bytes: dd if=/dev/zero of=/dev/foo7 bs=512 count=1
(See fdisk(8).)
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1925 15358140 83 Linux
/dev/sda3 1926 2056 1052257+ 82 Linux swap / Solaris
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 83 Linux
/dev/sdb2 14 1925 15358140 83 Linux
/dev/sdb3 1926 2056 1052257+ 82 Linux swap / Solaris
=============================================================
==========================================
partition assign as raid identification number "FD"
=============================================================
==========================================
[root@pant ~]# fdisk /dev/sdb
The number of cylinders for this disk is set to 2610.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): fd
Changed system type of partition 2 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): fd
Changed system type of partition 3 to fd (Linux raid autodetect)
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@pant ~]# partprobe /dev/sdb
=============================================================
=========================
creating raid with missing in a order as per the system partition
=============================================================
=========================
[root@pant ~]# mdadm --create /dev/md0 --level=1 --raid-disks=2 missing /dev/sdb1
v/sdb1
mdadm: array /dev/md0 started.
[root@pant ~]# mdadm --create /dev/md1 --level=1 --raid-disks=2 missing /dev/sdb2
v/sdb2
mdadm: array /dev/md1 started.
[root@pant ~]# mdadm --create /dev/md2 --level=1 --raid-disks=2 missing /dev/sdb3
v/sdb3
mdadm: array /dev/md2 started.
[root@pant ~]# cat /proc/mdstat
Personalities : [raid1]
md2 : active raid1 sdb3[1]
1052160 blocks [2/1] [_U]
md1 : active raid1 sdb2[1]
15358016 blocks [2/1] [_U]
md0 : active raid1 sdb1[1]
104320 blocks [2/1] [_U]
unused devices: <none>
[root@pant ~]# mkfs.ext3 /dev/md0
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
26104 inodes, 104320 blocks
5216 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
2008 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 35 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1925 15358140 83 Linux
/dev/sda3 1926 2056 1052257+ 82 Linux swap / Solaris
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 fd Linux raid aut
/dev/sdb2 14 1925 15358140 fd Linux raid aut
/dev/sdb3 1926 2056 1052257+ fd Linux raid aut
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
[root@pant ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 15G 2.2G 12G 17% /
/dev/sda1 99M 12M 83M 13% /boot
tmpfs 501M 0 501M 0% /dev/shm
/dev/hdc 3.5G 3.5G 0 100% /media/RHEL_5.5 x86_64 DVD
=============================================================
=============================
root partition of raid formatted
=============================================================
=============================
[root@pant ~]# mkfs.ext3 /dev/md1
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
1921984 inodes, 3839504 blocks
191975 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=3934257152
118 block groups
32768 blocks per group, 32768 fragments per group
16288 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632,
2654208
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
=============================================================
=======================
boot partition in raid formatted
=============================================================
=======================
[root@pant ~]# mkfs.ext3 /dev/md0
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
26104 inodes, 104320 blocks
5216 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
2008 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 35 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
=============================================================
================================
swap raid partition assign to md2
=============================================================
================================
[root@pant ~]# mkswap /dev/md2
Setting up swapspace version 1, size = 1077407 kB
=============================================================
=====================
UUID of raid register mdadm file for booting
=============================================================
=====================
[root@pant ~]# mdadm --examine --scan > /etc/mdadm.conf
[root@pant ~]# cat /etc/mdadm.conf
ARRAY /dev/md0 level=raid1 num-devices=2 UUID=2bd2f52c:0a0fd464:8fd6fb
ARRAY /dev/md1 level=raid1 num-devices=2 UUID=3c983aa9:4ff137c0:699a7e
ARRAY /dev/md2 level=raid1 num-devices=2 UUID=d7464ff4:568cef5a:d82924
=============================================================
====================
create & mounting the directory & filesystem to take backup of /,/boot,swap
=============================================================
=====================
[root@pant ~]# mkdir /mnt/mdo
[root@pant ~]# mkdir /mnt/md1
[root@pant mnt]# mount /dev/md0 /mnt/md0
[root@pant mnt]# mount /dev/md1 /mnt/md1
=============================================================
=====================
Mount point check & ideal to change as per raid disk installed
=============================================================
======================
[root@pant mnt]# mount
/dev/sda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/hdc on /media/RHEL_5.5 x86_64 DVD type iso9660 (ro,noexec,nosuid,
nodev,uid=0)
/dev/md0 on /mnt/md0 type ext3 (rw)
/dev/md1 on /mnt/md1 type ext3 (rw)
=============================================================
====================
Now we will change the partition name which is mounted in /,boot,swap
=============================================================
====================
[root@pant mnt]# vi /etc/fstab
[root@pant ~]# cat /etc/fstab
/dev/md1 / ext3 defaults 1 1
/dev/md0 /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/md2 swap swap defaults 0 0
[root@pant ~]#
=============================================================
same has to be done in mtab
============================================================
[root@pant ~]# vi /etc/mtab
/dev/md1 / ext3 rw 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
/dev/md0 /boot ext3 rw 0 0
tmpfs /dev/shm tmpfs rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0
~~
=============================================================
=====================================
enter the line grub/menu.1st fallback=1 entry
first kernel is 0 (default=0) & second (fallback=1)is 1 when it fail from o disk go to 1
=============================================================
=======================================
[root@pant mnt]# vi /boot/grub/menu.lst
=============================================================
=======================================
default=0
fallback=1
timeout=5
=============================================================
========================================
=============================================================
========================================
now change the disk booting disk & root disk inforation root=LABEL=/ with
root=/dev/md2 and root (hd0,0)
with root (hd1,0):
hd1,0=/dev/sdb
hd0,0=/dev/sda
Mean now "sda" fail then it will boot from "sdb"
=============================================================
========================================
title Red Hat Enterprise Linux Server (2.6.18-194.el5)
root (hd1,0)
kernel /vmlinuz-2.6.18-194.el5 ro root=/dev/md1 rhgb quiet
initrd /initrd-2.6.18-194.el5.img
title Red Hat Enterprise Linux Server (2.6.18-194.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-194.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-194.el5.img
=============================================================
===================
initrd back & reconstruct
=============================================================
====================
[root@pant mnt]# mv /boot/initrd-`uname -r`.img /boot/initrd-`uname -r`.img_orig
[root@pant mnt]# mkinitrd /boot/initrd-`uname -r`.img `uname -r`
=============================================================
========================
now / & boot disk copy to the respective raid disk
=============================================================
========================
[root@pant mnt]# cp -dpRx / /mnt/md1
cp: preserving permissions for `/mnt/md1/var/run/cups/certs/0': Operation not
supported
cp: preserving ACL for `/mnt/md1/var/run/cups/certs/0': Operation not supported
[root@pant mnt]# cd /boot/
[root@pant boot]# ls
config-2.6.18-194.el5 initrd-2.6.18-194.el5.img_orig System.map-2.6.18-194.el5
grub lost+found vmlinuz-2.6.18-194.el5
initrd-2.6.18-194.el5.img symvers-2.6.18-194.el5.gz
[root@pant boot]# cp -dpRx . /mnt/
md0/ md1/ q
[root@pant boot]# cp -dpRx . /mnt/md0
=============================================================
==================================
=============================================================
===================================
Now grub load install in "sdb" second disk which is used as raid mirror disk
=============================================================
======================================
=============================================================
======================================
[root@pant boot]# grub
\Probing devices to guess BIOS drives. This may take a long time.
GNU GRUB version 0.97 (640K lower / 3072K upper memory)
[ Minimal BASH-like line editing is supported. For the first word, TAB
lists possible command completions. Anywhere else TAB lists the possible
completions of a device/filename.]
grub> root (hd0,0)
\root (hd0,0)
Error 27: Unrecognized command
=============================================================
=================================
grub> root (hd0,0)
root (hd0,0)
Filesystem type is ext2fs, partition type 0x83
grub> setup (hd0)
setup (hd0)
Checking if "/boot/grub/stage1" exists... no
Checking if "/grub/stage1" exists... yes
Checking if "/grub/stage2" exists... yes
Checking if "/grub/e2fs_stage1_5" exists... yes
Running "embed /grub/e2fs_stage1_5 (hd0)"... 15 sectors are embedded.
succeeded
Running "install /grub/stage1 (hd0) (hd0)1+15 p (hd0,0)/grub/stage2
/grub/grub.conf"... succeed ed
Done.
=============================================================
===================================
grub> root (hd1,0)
root (hd1,0)
Filesystem type is ext2fs, partition type 0xfd
grub> setup (hd1)
setup (hd1)
Checking if "/boot/grub/stage1" exists... no
Checking if "/grub/stage1" exists... yes
Checking if "/grub/stage2" exists... yes
Checking if "/grub/e2fs_stage1_5" exists... yes
Running "embed /grub/e2fs_stage1_5 (hd1)"... 15 sectors are embedded.
succeeded
Running "install /grub/stage1 (hd1) (hd1)1+15 p (hd1,0)/grub/stage2
/grub/grub.conf"... succeed ed
Done.
=============================================================
==================================
grub> quit
quit
=============================================================
========================================
check the system whether is come up after reboot
=============================================================
=========================================
[root@pant boot]# reboot
Broadcast message from root (pts/3) (Sat Jun 9 00:12:38 2012):
The system is going down for reboot NOW!
=============================================================
=========================================
system is up now check the status of the raid disk
=============================================================
========================================
[root@pant ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md1 15G 2.2G 12G 16% /
/dev/md0 99M 15M 80M 16% /boot
tmpfs 501M 0 501M 0% /dev/shm
[root@pant ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdb1[1]
104320 blocks [2/1] [_U]
md2 : active raid1 sdb3[1]
1052160 blocks [2/1] [_U]
md1 : active raid1 sdb2[1]
15358016 blocks [2/1] [_U]
unused devices: <none>
=============================================================
========================================
so Now we can change the main disk of OS "sda" into raid convention for Raid
autodetect
=============================================================
========================================
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 1925 15358140 83 Linux
/dev/sda3 1926 2056 1052257+ 82 Linux swap / Solaris
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect
/dev/sdb2 14 1925 15358140 fd Linux raid autodetect
/dev/sdb3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
[root@pant ~]# fdisk /dev/sda
The number of cylinders for this disk is set to 2610.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): fd
Changed system type of partition 2 to fd (Linux raid autodetect)
Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): fd
Changed system type of partition 3 to fd (Linux raid autodetect)
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
=============================================================
=========================================
Now we have to add disk in mirror raid in a same respective order
=============================================================
========================================
[root@pant ~]# mdadm --add /dev/md0 /dev/sda1
mdadm: added /dev/sda1
[root@pant ~]# mdadm --add /dev/md1 /dev/sda2
[root@pant ~]# mdadm --add /dev/md1 /dev/sda2
mdadm: added /dev/sda2
[root@pant ~]# mdadm --add /dev/md2 /dev/sda3
mdadm: added /dev/sda3
=============================================================
=========================================
now check the online status of the disk sync
=============================================================
=========================================
[root@pant ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sda1[0] sdb1[1]
104320 blocks [2/2] [UU]
md2 : active raid1 sda3[2] sdb3[1]
1052160 blocks [2/1] [_U]
resync=DELAYED
md1 : active raid1 sda2[2] sdb2[1]
15358016 blocks [2/1] [_U]
[>....................] recovery = 2.0% (313984/15358016) finish=19.1min
speed=13082K/sec
=============================================================
=========================================
=============================================================
=========================================
Now a after add disk now the uuid also have some change so we have to change it as
current status
=============================================================
=======================================
[root@pant ~]# mdadm --examine --scan > /etc/mdadm.conf
[root@pant ~]# cat /etc/mdadm.conf
ARRAY /dev/md0 level=raid1 num-devices=2
UUID=2bd2f52c:0a0fd464:8fd6fba9:1a717394
ARRAY /dev/md1 level=raid1 num-devices=2
UUID=3c983aa9:4ff137c0:699a7e3d:917ceacb
ARRAY /dev/md2 level=raid1 num-devices=2
UUID=d7464ff4:568cef5a:d8292475:d04e25bb
=============================================================
=======================================
Now we have to change the boot order when sdb fail then sda should boot or viseversa,
delted the previous
entry
=============================================================
========================================
title Red Hat Enterprise Linux Server (2.6.18-194.el5)
root (hd1,0)
kernel /vmlinuz-2.6.18-194.el5 ro root=/dev/md1 rhgb quiet
initrd /initrd-2.6.18-194.el5.img
title Red Hat Enterprise Linux Server (2.6.18-194.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-194.el5 ro root=/dev/md1 rhgb quiet
initrd /initrd-2.6.18-194.el5.img
=============================================================
===========================================
deleted the given below entry
=============================================================
==========================================
title Red Hat Enterprise Linux Server (2.6.18-194.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-194.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-194.el5.img
=============================================================
===========================================
after that initrd also change so get the backup of initrd & restucture it
=============================================================
=========================================
[root@pant ~]# mv /boot/initrd-`uname -r`.img /boot/initrd-`uname -r`.img_orig2
[root@pant ~]# mkinitrd /boot/initrd-`uname -r`.img `uname -r`
=============================================================
==========================================
Now reboot the server & check whether it come up or fail
=============================================================
==========================================
[root@pant ~]# reboot
Broadcast message from root (pts/1) (Sat Jun 9 00:59:24 2012):
The system is going down for reboot NOW!
=============================================================
==========================================
[root@pant ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md1 15G 2.2G 12G 16% /
/dev/md0 99M 17M 77M 19% /boot
tmpfs 501M 0 501M 0% /dev/shm
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 fd Linux raid autodetect
/dev/sda2 14 1925 15358140 fd Linux raid autodetect
/dev/sda3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect
/dev/sdb2 14 1925 15358140 fd Linux raid autodetect
/dev/sdb3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
[root@pant ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdb1[1] sda1[0]
104320 blocks [2/2] [UU]
md2 : active raid1 sdb3[1] sda3[0]
1052160 blocks [2/2] [UU]
md1 : active raid1 sdb2[1] sda2[0]
15358016 blocks [2/2] [UU]
unused devices: <none>
[root@pant ~]#
=============================================================
=========================================
TESTING THE RAID IF SOME DISK FAILS THEN
RAID WILL WORK OR NOT
=============================================================
=========================================
NOW testing if we remove disk from the raid what happen the system wakeup
of or not
=============================================================
===========================================
check the state of the disk & partition
=============================================================
===========================================
[root@pant ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md1 15G 2.3G 12G 17% /
/dev/md0 99M 17M 77M 19% /boot
tmpfs 501M 0 501M 0% /dev/shm
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 fd Linux raid autodetect
/dev/sda2 14 1925 15358140 fd Linux raid autodetect
/dev/sda3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect
/dev/sdb2 14 1925 15358140 fd Linux raid autodetect
/dev/sdb3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
[root@pant ~]#
[root@pant ~]# mdadm --manage /dev/md0 --fail /dev/sdb1
mdadm: set /dev/sdb1 faulty in /dev/md0
[root@pant ~]# mdadm --manage /dev/md1 --fail /dev/sdb2
mdadm: set /dev/sdb2 faulty in /dev/md1
[root@pant ~]# mdadm --manage /dev/md2 --fail /dev/sdb3
mdadm: set /dev/sdb3 faulty in /dev/md2
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 fd Linux raid autodetect
/dev/sda2 14 1925 15358140 fd Linux raid autodetect
/dev/sda3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect
/dev/sdb2 14 1925 15358140 fd Linux raid autodetect
/dev/sdb3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
[root@pant ~]# [root@pant ~]# df -h
-bash: [root@pant: command not found
/dev/md1 15G 2.2G 12G 16% /
/dev/md0 99M 17M 77M 19% /boot
tmpfs 501M 0 501M 0% /dev/shm
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 fd Linux raid autodetect
/dev/sda2 14 1925 15358140 fd Linux raid autodetect
[root@pant ~]# Filesystem Size Used Avail Use% Mounted on
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
-bash: Filesystem: command not found
[root@pant ~]# /dev/md1 15G 2.2G 12G 16% /
-bash: /dev/md1: Permission denied
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect
/dev/sdb2 14 1925 15358140 fd Linux raid autodetect
/dev/sdb3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
=============================================================
=========================================
DISK "SDB" is removing from the raid
=============================================================
=========================================
[root@pant ~]# mdadm --manage /dev/md0 --remove /dev/sdb1
mdadm: hot removed /dev/sdb1
[root@pant ~]# mdadm --manage /dev/md1 --remove /dev/sdb2
mdadm: hot removed /dev/sdb2
[root@pant ~]# mdadm --manage /dev/md2 --remove /dev/sdb3
mdadm: hot removed /dev/sdb3
=============================================================
=========================================
Now system have to reboot to check whether is will come back or not
=============================================================
=========================================
[root@pant ~]# reboot
=============================================================
=========================================
##ESC###
when system reboot it will show the fist booting promt where u select the hdd from
which you
want to boot or leave it
#####################################################################
##################################
=============================================================
==========================================
system is up & running now check the status of disk & the raid at which it will boot
now
it running from the sda disk which is add in raid.
=============================================================
==========================================
[root@pant ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md1 15G 2.2G 12G 16% /
/dev/md0 99M 17M 77M 19% /boot
tmpfs 501M 0 501M 0% /dev/shm
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 fd Linux raid autodetect
/dev/sda2 14 1925 15358140 fd Linux raid autodetect
/dev/sda3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect
/dev/sdb2 14 1925 15358140 fd Linux raid autodetect
/dev/sdb3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
=============================================================
==========================================
SDA disk which run the OS of the system After removing or can say fault of sdb disk
the system is good
=============================================================
==========================================
[root@pant ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sda1[0]
104320 blocks [2/1] [U_]
md2 : active raid1 sda3[0]
1052160 blocks [2/1] [U_]
md1 : active raid1 sda2[0]
15358016 blocks [2/1] [U_]
unused devices: <none>
=============================================================
==========================================
RECOVERY OF DISK & ADD TO RAID TO BEHAVE AS
MIRROR
=============================================================
==========================================
=============================================================
===========================================
copy the partition table of /dev/sda to /dev/sdb so that both disks have same layout
=============================================================
==========================================
[root@pant ~]# sfdisk -d /dev/sda |sfdisk -f /dev/sdb
Checking that no-one is using this disk right now ...
OK
Disk /dev/sdb: 2610 cylinders, 255 heads, 63 sectors/track
Old situation:
Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sdb1 * 0+ 12 13- 104391 fd Linux raid autodetect
/dev/sdb2 13 1924 1912 15358140 fd Linux raid autodetect
/dev/sdb3 1925 2055 131 1052257+ fd Linux raid autodetect
/dev/sdb4 0 - 0 0 0 Empty
New situation:
Units = sectors of 512 bytes, counting from 0
Device Boot Start End #sectors Id System
/dev/sdb1 * 63 208844 208782 fd Linux raid autodetect
/dev/sdb2 208845 30925124 30716280 fd Linux raid autodetect
/dev/sdb3 30925125 33029639 2104515 fd Linux raid autodetect
/dev/sdb4 0 - 0 0 Empty
Successfully wrote the new partition table
Re-reading the partition table ...
If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)
to zero the first 512 bytes: dd if=/dev/zero of=/dev/foo7 bs=512 count=1
(See fdisk(8).)
=============================================================
==========================================
First remove the previous superblock, means the stucture of disk is reassign
=============================================================
==========================================
[root@pant ~]# mdadm --zero-superblock /dev/sdb1
[root@pant ~]# mdadm --zero-superblock /dev/sdb2
[root@pant ~]# mdadm --zero-superblock /dev/sdb
=============================================================
==========================================
Now disk is add in a order
=============================================================
==========================================
[root@pant ~]# mdadm -a /dev/md0 /dev/sdb1
mdadm: added /dev/sdb1
[root@pant ~]# mdadm -a /dev/md1 /dev/sdb2
mdadm: added /dev/sdb2
[root@pant ~]# mdadm -a /dev/md2 /dev/sdb3
mdadm: added /dev/sdb3
=============================================================
==========================================
NOW the recovery is under process it will take a time
=============================================================
==========================================
[root@pant ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdb1[1] sda1[0]
104320 blocks [2/2] [UU]
md2 : active raid1 sdb3[2] sda3[0]
1052160 blocks [2/1] [U_]
resync=DELAYED
md1 : active raid1 sdb2[2] sda2[0]
15358016 blocks [2/1] [U_]
[>....................] recovery = 1.1% (170816/15358016) finish=22.2min
speed=11387K /sec
unused devices: <none>
[root@pant ~]# watch cat /proc/mdstat
[root@pant ~]# watch cat /proc/mdstat
[root@pant ~]#
=============================================================
==========================================
=============================================================
==========================================
NOW Recreating the GRUB because we all ready removed the partition & also zero
the superblock
=============================================================
==========================================
[root@pant ~]# grub
Probing devices to guess BIOS drives. This may take a long time.
GNU GRUB version 0.97 (640K lower / 3072K upper memory)
[ Minimal BASH-like line editing is supported. For the first word, TAB
lists possible command completions. Anywhere else TAB lists the possible
completions of a device/filename.]
grub> root (hd0,0)
root (hd0,0)
Filesystem type is ext2fs, partition type 0xfd
grub> setup (hd0)
setup (hd0)
Checking if "/boot/grub/stage1" exists... no
Checking if "/grub/stage1" exists... yes
Checking if "/grub/stage2" exists... yes
Checking if "/grub/e2fs_stage1_5" exists... yes
Running "embed /grub/e2fs_stage1_5 (hd0)"... 15 sectors are embedded.
succeeded
Running "install /grub/stage1 (hd0) (hd0)1+15 p (hd0,0)/grub/stage2
/grub/grub.conf"... succ eeded
Done.
grub> root (hd1,0)
root (hd1,0)
Filesystem type is ext2fs, partition type 0xfd
grub> setup (hd1)
setup (hd1)
Checking if "/boot/grub/stage1" exists... no
Checking if "/grub/stage1" exists... yes
Checking if "/grub/stage2" exists... yes
Checking if "/grub/e2fs_stage1_5" exists... yes
Running "embed /grub/e2fs_stage1_5 (hd1)"... 15 sectors are embedded.
succeeded
Running "install /grub/stage1 (hd1) (hd1)1+15 p (hd1,0)/grub/stage2
/grub/grub.conf"... succ eeded
Done.
grub> quit
quit
[root@pant ~]#
=============================================================
==========================================
NOW reboot & check erverything work fine
=============================================================
==========================================
[root@pant ~]# reboot
Broadcast message from root (pts/1) (Sat Jun 9 14:57:43 2012):
The system is going down for reboot NOW!
[root@pant ~]#
=============================================================
=========================================
[root@pant ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdb1[1] sda1[0]
104320 blocks [2/2] [UU]
md2 : active raid1 sdb3[1] sda3[0]
1052160 blocks [2/2] [UU]
md1 : active raid1 sdb2[1] sda2[0]
15358016 blocks [2/2] [UU]
unused devices: <none>
[root@pant ~]#
=============================================================
=========================================
[root@pant ~]# df -hHT
Filesystem Type Size Used Avail Use% Mounted on
/dev/md1 ext3 16G 2.4G 13G 16% /
/dev/md0 ext3 104M 18M 81M 19% /boot
tmpfs tmpfs 526M 0 526M 0% /dev/shm
=============================================================
=========================================
[root@pant ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 fd Linux raid autodetect
/dev/sda2 14 1925 15358140 fd Linux raid autodetect
/dev/sda3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 13 104391 fd Linux raid autodetect
/dev/sdb2 14 1925 15358140 fd Linux raid autodetect
/dev/sdb3 1926 2056 1052257+ fd Linux raid autodetect
Disk /dev/md1: 15.7 GB, 15726608384 bytes
2 heads, 4 sectors/track, 3839504 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md1 doesn't contain a valid partition table
Disk /dev/md2: 1077 MB, 1077411840 bytes
2 heads, 4 sectors/track, 263040 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md2 doesn't contain a valid partition table
Disk /dev/md0: 106 MB, 106823680 bytes
2 heads, 4 sectors/track, 26080 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk /dev/md0 doesn't contain a valid partition table
[root@pant ~]#
=============================================================
===========================================
Now testing is complete everything work fine
Regards
Deepak Pant
=============================================================
===========================================
=============================================================
===========================================

Tuesday, September 24, 2013

NIC BONDING 5.7

NIC BONDING 5.7

[root@pant ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
MII_NOT_SUPPORTED=yes

[root@pant ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
USERCTL=0
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
MIIT_NOT_SUPPORTED=yes

[root@pant ~]# vi /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
IPADDR=192.168.0.20
NETWORK=192.168.0.0
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
BROADCAST=192.168.0.255
USERCTL=no
BOOTPROTO=none
ONBOOT=yes
MII_NOT_SUPPORTED=yes

[root@pant ~]# vi /etc/modprobe.conf (Entry at the top of the file)

alias bond0 bonding
options bonding miimon=100 mode=active-backup

SECURE FTP VSFTPD RHEL 5

######################################################################################################
SECURE FTP vsftpd RHEL 5
######################################################################################################

[root@pant ~]# yum install vsftpd

[root@pant ~]# rpm -ivh db4-utils-4.3.29-10.el5.x86_64.rpm

[root@pant ~]# cd /etc/vsftpd/

[root@pant ~]# touch virtual-users.txt

[root@pant ~]# cat /etc/vsftpd/virtual-users.txt
pant
12
spant
12

[root@pant ~]# db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
[root@pant ~]# rm -f virtual-users.txt (if you want)

[root@pant ~]# rpm -ivh db4-utils-4.3.29-10.el5.x86_64.rpm

[root@pant ~]# vi /etc/vsftpd/vsftpd.conf
[root@pant ~]# grep -v "^#" /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO
ftpd_banner=Welcome to the world of dk
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
###vIRTUAL USER SETTING#######
pam_service_name=vsftpd-virtual
userlist_enable=YES
tcp_wrappers=YES
background=YES
guest_enable=YES
virtual_use_local_privs=YES
user_sub_token=$USER
local_root=/var/www/virtual/$USER
anon_root=/var/www/ftp
hide_ids=YES
listen=YES
listen_port=21
pasv_min_port=65500
pasv_max_port=65535
max_clients=20
max_per_ip=10
secure_chroot_dir=/usr/share/empty
chroot_local_user=YESA
##### AFTER THE VIRTUAL USER SETTING NOW PUT SSL SETTING##
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
rsa_cert_file=/etc/vsftpd/vsftpd.pem

[root@pant ~]

#######Now, create a PAM file /etc/pam.d/vsftpd-virtual which uses your database:########

[root@pant ~]# cat /etc/pam.d/vsftpd-virtual
auth required pam_userdb.so db=/etc/vsftpd/virtual-users
account required pam_userdb.so db=/etc/vsftpd/virtual-users
session required pam_loginuid.so
[root@pant ~]#
###########################################################################################

Create /usr/share/empty and /var/www/ftp :

##########################################################################################

[root@pant ~]# mkdir -p /usr/share/empty4. Creating home directories

Create home directories in /var/www/virtual, and change the owner of the directory to the user "ftp" :

[root@pant ~]# mkdir -p /var/www/ftp
#################################################################################################

# mkdir /var/www/virtual/pant
# mkdir /var/www/virtual/naveen
# chown ftp:ftp /var/www/virtual
Change the home directory of the ftp user to /var/www/virtual (or /var/www):
# usermod -d /var/www/virtual ftp

# service vsftpd start

# touch /etc/vsftpd/chroot_list

###################################################################################################
ssl on VSFTPD (After the virtual user configuration put these setting on vi /etc/vsftpd/vsftpd.conf
###################################################################################################
[root@pant ~]# vi /etc/vsftpd/vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
rsa_cert_file=/etc/vsftpd/vsftpd.pem

#####################################################################################################################
SSL Key generate from this command
#####################################################################################################################

[root@pant ~]# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

[root@pant ~]# service vsftpd restart

RHEL6 Yum Repo

make a directory
# mkdir /rhel6/data

mount the cdrom/dvd

# mount /dev/cdrom /rhel6/data

install required rpm

# rpm -ivh /rhel6/data/Packages/deltarpm-3.5-0.5.2009git.el6.i686.rpm

#rpm -ivh /rhel6/data/Packages/Python-deltarpm-3.5-0.520090913git.el6.i686rpm

# rpm -ivh rpm -ivh /rhel6/data/Packages/createrepo-0.9.8.4.el6.noarch.rpm

# cd /rhel6/data
# createrepo --database /rhel6/

yum repo file

# vi /etc/yum.repos.d/test.repo
[local]
home=rhel6
baseurl = file:///rhel6
gpgcheck = 0

# yum list

How to Upgrade RHEL Server

Before Performing the OS upgrade we have to take the OS BACKUP so below are the tool which are more effective in production environment.

For Physical server we can take backup through mondo or we can take dump tool for the server.

Mondo is a open source tool for complete back of OS Apart from other file system .

mondo will create a iso of the current OS in running environment without down time.

Dump is the most effective tool for the restore of OS But it take too much time.

How to Upgrade RHEL 6.1 to 6.3

Update YUM repo configuration:
sudo yum clean all
cd /etc/yum.repos.d
sudo vi test.repo

[rhel6.3]
name=Local RHEL 6.3 repo
baseurl=file:///rhel6
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[rhel6.3 patches]
name=Local RHEL 6.3 repo
baseurl=file:///rhel/pkg
gpgcheck=1
enabled=1

If you want to exclude some pkg not to update then

vi /etc/yum.conf
add exclude
exclude=mysql

Updated yum first:
sudo yum update yum

Updated all packages w/dependencies:
sudo yum update

Verified the kernel installed
rpm -qa | grep kernel

In rhel 5.4 to 5.8 we disabled these services but now in rhel6.3 this is not present

sudo /sbin/chkconfig --list |grep -i kudzu
sudo /sbin/chkconfig --list |grep -i iscsi
sudo /sbin/chkconfig --list |grep -i iscsid
sudo /sbin/chkconfig --list |grep -i firstboot
sudo /sbin/chkconfig --list |grep -i yum-updatesd
sudo /sbin/chkconfig --list |grep -i setroubleshoot
sudo /sbin/chkconfig --list |grep -i mcstrans

Disabled unneeded services per current build standard:
sudo /sbin/chkconfig kudzu off
sudo /sbin/chkconfig iscsi off
sudo /sbin/chkconfig iscsid off
sudo /sbin/chkconfig firstboot off
sudo /sbin/chkconfig yum-updatesd off
sudo /sbin/chkconfig setroubleshoot off
sudo /sbin/chkconfig mcstrans off

Enabled kdump:check wheather the crashkernel=auto or not
sudo vi /etc/kdump.conf

#added the following lines - make sure to change path to include correct hostname

###crashed kernel dump######NFS Server Ip where this crash log stores######
net 192.168.1.100:/server/storage
path /dkserver
core_collector makedumpfile -c --message-level 1 -d 31

sudo /sbin/chkconfig kdump on

Reboot the server, verify kernel and kdump:
sudo /sbin/reboot
uname -r

cat /etc/redhat-release
/sbin/service kdump status

If u have the virtual machine then this required for the kernel & intird work perfectly

Re-run VMWare Tools config to rebuild initrd against new kernel:
sudo /usr/bin/vmware-config-tools.pl --default

Reboot off new initrd:
sudo /sbin/reboot

multiple wan connections failover in squid proxy.

As i have only one wan connection. so i have created two wan connection on my VM machine for that i chose two rhel5.5 64bit machine & 1 rhel6.4 machine

The actual wan Ip starts from 192.168.1.0 series

Server 1

we haven to apply iptable rules here

eth0 is a internet connect here in this server

eth2 is proxy lan ip in which internet is working for lan user

[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:0c:29:b3:3a:aa
ONBOOT=yes
#DHCP_HOSTNAME=server
IPADDR=192.168.1.51
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
TYPE=Ethernet
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth2
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:b3:3a:b4
IPADDR=192.168.2.51
NETMASK=255.255.255.0

[root@server ~]#

eth0 Link encap:Ethernet HWaddr 00:0C:29:B3:3A:AA
inet addr:192.168.1.51 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb3:3aaa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:65325 errors:0 dropped:0 overruns:0 frame:0
TX packets:19490 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7121317 (6.7 MiB) TX bytes:2306883 (2.2 MiB)

eth2 Link encap:Ethernet HWaddr 00:0C:29:B3:3A:B4
inet addr:192.168.2.51 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb3:3ab4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15587 errors:0 dropped:0 overruns:0 frame:0
TX packets:2616 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1571151 (1.4 MiB) TX bytes:1185761 (1.1 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:7230 errors:0 dropped:0 overruns:0 frame:0
TX packets:7230 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2285959 (2.1 MiB) TX bytes:2285959 (2.1 MiB)

[root@server ~]#

the ip table rule is used in this server & also enable the port forwarding also added the dns entry in resolve.conf

iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

[root@server ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

[root@server ~]# cat /etc/resolv.conf
nameserver 203.94.243.70
nameserver 59.179.243.70
[root@server ~]#

[root@server ~]# cat /etc/squid/squid.conf | grep -v "^#" |grep -v "^$"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl internet src 192.168.2.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow internet
http_access deny all
icp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
visible_hostname server
[root@server ~]#

Server 2

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

[root@loadbalance ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:94:E1:C4
inet addr:192.168.1.50 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe94:e1c4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:88565 errors:0 dropped:0 overruns:0 frame:0
TX packets:82687 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7463961 (7.1 MiB) TX bytes:7414865 (7.0 MiB)

eth0:0 Link encap:Ethernet HWaddr 00:0C:29:94:E1:C4
inet addr:172.16.11.161 Bcast:172.16.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth1 Link encap:Ethernet HWaddr 00:0C:29:94:E1:CE
inet addr:192.168.45.50 Bcast:192.168.45.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe94:e1ce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21226 errors:0 dropped:0 overruns:0 frame:0
TX packets:4699 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2002661 (1.9 MiB) TX bytes:1042120 (1017.6 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5184 errors:0 dropped:0 overruns:0 frame:0
TX packets:5184 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1014766 (990.9 KiB) TX bytes:1014766 (990.9 KiB)

virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:9832 (9.6 KiB)

[root@loadbalance ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0c:29:94:e1:c4
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.50
GATEWAY=192.168.1.1
TYPE=Ethernet
[root@loadbalance ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:94:e1:ce
IPADDR=192.168.45.50
NETMASK=255.255.255.0
[root@loadbalance ~]#

[root@loadbalance ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

[root@loadbalance ~]# cat /etc/squid/squid.conf | grep -v "^#" |grep -v "^$"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl internet src 192.168.45.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow internet
http_access deny all
icp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
visible_hostname loadbalance
[root@loadbalance ~]#

[root@loadbalance ~]# cat /etc/resolv.conf
nameserver 203.94.243.70
nameserver 59.179.243.70
[root@loadbalance ~]#

PROXY SERVER RHEL6.4

172.16.11.0 is proxy lan network internet

[root@Proxy ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=253 time=1.40 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=253 time=1.21 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=253 time=1.14 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2869ms
rtt min/avg/max/mdev = 1.145/1.254/1.405/0.117 ms
[root@Proxy ~]# ping 192.168.2.51
PING 192.168.2.51 (192.168.2.51) 56(84) bytes of data.
64 bytes from 192.168.2.51: icmp_seq=1 ttl=64 time=1.17 ms
64 bytes from 192.168.2.51: icmp_seq=2 ttl=64 time=0.416 ms
^C
--- 192.168.2.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1406ms
rtt min/avg/max/mdev = 0.416/0.793/1.170/0.377 ms
[root@Proxy ~]# ping 192.168.45.50
PING 192.168.45.50 (192.168.45.50) 56(84) bytes of data.
64 bytes from 192.168.45.50: icmp_seq=1 ttl=64 time=0.361 ms
64 bytes from 192.168.45.50: icmp_seq=2 ttl=64 time=0.393 ms
64 bytes from 192.168.45.50: icmp_seq=3 ttl=64 time=0.404 ms
^C
--- 192.168.45.50 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2248ms
rtt min/avg/max/mdev = 0.361/0.386/0.404/0.018 ms
[root@Proxy ~]#

[root@Proxy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.16.11.131
NETMASK=255.255.255.0
HWADDR=00:0C:29:8E:31:DF
[root@Proxy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.45.100
NETMASK=255.255.255.0
HWADDR=00:0C:29:8E:31:E9
#GATEWAY=192.168.45.50
[root@Proxy ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.2.52
NETMASK=255.255.255.0
HWADDR=00:0C:29:8E:31:F3
#GATEWAY=192.168.2.51
[root@Proxy ~]#

[root@Proxy ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

[root@Proxy ~]# cat /etc/squid/squid.conf | grep -v "^#" |grep -v "^$"
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl internet src 172.16.11.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow internet
http_access allow localhost
http_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname proxy
[root@Proxy ~]#

[root@Proxy ~]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
######rules for neting#############################
ip route add 192.168.45.0/24 dev eth1 src 192.168.45.100 table First_ISP
ip route add default via 192.168.45.50 table First_ISP
ip route add 192.168.2.0/24 dev eth2 src 192.168.2.52 table Second_ISP
ip route add default via 192.168.2.51 table Second_ISP
ip rule add from 192.168.45.100 table First_ISP
ip rule add from 192.168.2.52 table Second_ISP
ip route add default scope global nexthop via 192.168.45.50 dev eth1 weight 1 nexthop via 192.168.2.51 dev eth2 weight 1
[root@Proxy ~]#

[root@Proxy ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com

# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
nameserver 4.2.2.2
[root@Proxy ~]#

Password Policy Rules in RHEL 6

Requirement:

Minimum length Eight (8) characters with
At least 1 Upper-case Letter
AND, at least 1 Lower-case Letter
AND, at least 1 Special Character
AND, at least 1 Digit
Maximum number of failed attempts before blocking account: Five (5)
History of old passwords that cannot be reused: Five (5)
Maximum duration of password validity: Six (6) months
Minimum duration of validity: 24 hours:

[root@deepak security]# cat /etc/login.defs |grep -v -n "^#" |grep -v "^$"

15:MAIL_DIR /var/spool/mail

17:

25:PASS_MAX_DAYS 180

26:PASS_MIN_DAYS 1

27:PASS_MIN_LEN 8

28:PASS_WARN_AGE 1

29:

33:UID_MIN 500

34:UID_MAX 60000

35:

39:GID_MIN 500

40:GID_MAX 60000

41:

48:

54:CREATE_HOME yes

55:

58:UMASK 077

59:

62:USERGROUPS_ENAB yes

63:

65:ENCRYPT_METHOD SHA512

66:

[root@deepak security]# cat /etc/pam.d/system-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth sufficient pam_unix.so nullok try_first_pass

auth required pam_tally2.so deny=5 unlock_time=36000 audit

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so

account required pam_unix.so

account required pam_tally2.so reset

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=5 type= minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5

password required pam_deny.so

session optional pam_keyinit.so revoke

session required pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so

[root@deepak security]#

[root@deepak security]# cat /etc/pam.d/password-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_tally2.so deny=5

auth required pam_env.so

auth sufficient pam_unix.so nullok try_first_pass

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so

account required pam_tally2.so

account required pam_unix.so

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 500 quiet

account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=5 type=

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password required pam_deny.so

session optional pam_keyinit.so revoke

session required pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so

[root@deepak security]#

To check the faillog & reset the user account

[root@deepak security]# pam_tally2 -u test

test 0

[root@deepak security]# pam_tally2 -u test --reset