I've had a pesky sort of problem for a couple months now that my CEO's computer can only see our wireless network but not our neighbors and couldn't see any in the city of Manhattan from his tower-high hotel room. Another contractor could see every other wireless network except ours; ditto for three new contractors that started this week.
But all the Dell Latitude D630s with (Dell Wireless 1490 Dual Band WLAN Mini-Cards) in the office could see all wireless access points including ours and the upstairs neighbors.
After many fruitless google searches, I finally extracted a clue.
The Cisco Aironet 1131AG in my office was only broadcasting over 802.11A, whereas the wireless network adapters of various makes and models including an Intel Wireless Wifi 4965AGN in a Sony Vaio and an undocumented card in an Acer were only listening on networks other than 802.11A.
So did two things:
I enabled 802.11G on the Cisco Aironet.
Then on the CEO's Vaio, I went into the properties of the wireless adapter
On Vista - Network and Sharing Center > Manage network connections > right click on the wireless adapter, select properties > select Configure > Advanced
in the list, look for something that goes by various names like Wireless Mode, Band Preference, or just search through the list until you see something that makes you choose whether you want 802.11 a/b/g or some combination.
On the Vaio, I could choose 802.11a/b/g and voila! CEO's vaio could suddenly see everyone's WAPs. I haven't tested on the other machines, but I'll repost if it doesn't solve the issue.
Thursday, February 21, 2008
Tuesday, February 19, 2008
Issue deleting MS SQL Server Maintenance Plans and Jobs
I was contemplating running around in circles, as that's what my brain was doing trying to figure out this inane error with Microsoft SQL Server 2005 Maintenance Plans and associated jobs (subtasks).
I had a brand new install of SQL server and used the Maintenance Plan wizard to create a series of jobs for full backup, differential backup, and transaction log backup.
Seemed to be working just fine, until someone else changed the 'sa' password and all the jobs failed left right and center.
It took me a while to figure out that was the cause, and the last day to figure out how to delete a maintenance plan and associated jobs once the sa password was changed. Couldn't delete them manually, I got an error saying the login failed for user 'sa'.
I could delete all but one of the subplans by listing them first under maintenance plans, but one could never be deleted.
This turned out to be the major error:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
The DELETE statement conflicted with the REFERENCE constraint "FK_subplan_job_id". The conflict occurred in database "msdb", table "dbo.sysmaintplan_subplans", column 'job_id'.
The statement has been terminated. (Microsoft SQL Server, Error: 547)
And at long last, after many, many searches, I found this marvelous post on how to manually delete the jobs and maintenance plans with TSQL code:
MS Forums
and this one, which was inordinately useful:
sql-server-2005-delete-maintenance-plan-error
And here's pretty much what I did in TSQL to delete the subplan and the maintenance plan 'SystemDB-MaintenancePlan':
USE [msdb]
declare @job_name varchar(100)
set @job_name = N'SystemDB-MaintenancePlan.Subplan_1'
delete sysmaintplan_log
FROM sysmaintplan_subplans AS subplans INNER JOIN
sysjobs_view AS syjobs ON subplans.job_id = syjobs.job_id INNER JOIN
sysmaintplan_log ON subplans.subplan_id = sysmaintplan_log.subplan_id
WHERE (syjobs.name = @job_name)
USE [msdb]
declare @job_name varchar(100)
set @job_name = N'SystemDB-MaintenancePlan.Subplan_1'
delete sysmaintplan_subplans
FROM sysmaintplan_subplans AS subplans INNER JOIN
sysjobs_view AS syjobs ON subplans.job_id = syjobs.job_id
WHERE (syjobs.name = @job_name)
declare @job_name varchar(100)
set @job_name = N'SystemDB-MaintenancePlan.Subplan_1'
delete
from msdb.dbo.sysjobs_view where name = @job_name
delete
FROM msdb.dbo.sysmaintplan_plans
where name = 'SystemDB-MaintenancePlan'
other commands I find useful:
select * FROM sysmaintplan_subplans
select * FROM sysmaintplan_plans
Happy deleting! Thanks so much Gedzuks!
I had a brand new install of SQL server and used the Maintenance Plan wizard to create a series of jobs for full backup, differential backup, and transaction log backup.
Seemed to be working just fine, until someone else changed the 'sa' password and all the jobs failed left right and center.
It took me a while to figure out that was the cause, and the last day to figure out how to delete a maintenance plan and associated jobs once the sa password was changed. Couldn't delete them manually, I got an error saying the login failed for user 'sa'.
I could delete all but one of the subplans by listing them first under maintenance plans, but one could never be deleted.
This turned out to be the major error:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
The DELETE statement conflicted with the REFERENCE constraint "FK_subplan_job_id". The conflict occurred in database "msdb", table "dbo.sysmaintplan_subplans", column 'job_id'.
The statement has been terminated. (Microsoft SQL Server, Error: 547)
And at long last, after many, many searches, I found this marvelous post on how to manually delete the jobs and maintenance plans with TSQL code:
MS Forums
and this one, which was inordinately useful:
sql-server-2005-delete-maintenance-plan-error
And here's pretty much what I did in TSQL to delete the subplan and the maintenance plan 'SystemDB-MaintenancePlan':
USE [msdb]
declare @job_name varchar(100)
set @job_name = N'SystemDB-MaintenancePlan.Subplan_1'
delete sysmaintplan_log
FROM sysmaintplan_subplans AS subplans INNER JOIN
sysjobs_view AS syjobs ON subplans.job_id = syjobs.job_id INNER JOIN
sysmaintplan_log ON subplans.subplan_id = sysmaintplan_log.subplan_id
WHERE (syjobs.name = @job_name)
USE [msdb]
declare @job_name varchar(100)
set @job_name = N'SystemDB-MaintenancePlan.Subplan_1'
delete sysmaintplan_subplans
FROM sysmaintplan_subplans AS subplans INNER JOIN
sysjobs_view AS syjobs ON subplans.job_id = syjobs.job_id
WHERE (syjobs.name = @job_name)
declare @job_name varchar(100)
set @job_name = N'SystemDB-MaintenancePlan.Subplan_1'
delete
from msdb.dbo.sysjobs_view where name = @job_name
delete
FROM msdb.dbo.sysmaintplan_plans
where name = 'SystemDB-MaintenancePlan'
other commands I find useful:
select * FROM sysmaintplan_subplans
select * FROM sysmaintplan_plans
Happy deleting! Thanks so much Gedzuks!
Tuesday, January 22, 2008
Installing Java / JDK and Tomcat with jpackage
Periodically, when amnesia strikes and I can't recall how I made this work the last 20 or so times I did it before, I get baffled, and start all over from the beginning.
I could be talking about anything, I suppose, but in this case I'm installing Java or the JDK as it's fondly called, and Tomcat and twelve billion dependencies it has on a server, in this case Linux.
Do yourself a favor here that I forgot when I was writing this blog ... see if java is already installed. If it's some antiquated version before 1.5, remove it, unless you know you need it. rpm -qa | grep on java and on jdk to make sure you're not missing anything.
In the past I've used the works and packages of the fine jpackage.org folks. This time is no exception.
First, dig deep in Sun's website until I find a 1.5.0 binary for Linux. I downloaded the Linux RPM in self-extracting file: jdk-1_5_0_14-linux-i586-rpm.bin.
For the uninitiated, it's easiest to use wget to get the binary right onto the server without any intermediate file saving, scp-ing, and the like, but since Sun's URLs are about 5 miles long, they fail wonderfully with the error: blahblahblah "File name too long."
So to make this work, use:
wget -O jdk-1_5_0_14-linux-i586-rpm.bin http://reallylongurlfromsuncopiedandpastedfromtheRPMinselfextractingfilelinkthatendsin/jdk-1_5_0_14-linux-i586-rpm.bin
and then, to our wonder and amazement, it will work. I also often forget this and the reminder is really for me, but if it helps you, all the better.
then, extract the .bin file:
./jdk-1_5_0_14-linux-i586-rpm.bin
which dumps a rpm in your pwd.
then install the RPM, do I need to say how to do this, well okay then:
rpm -i jdk-1_5_0_14-linux-i586.rpm
but then the fun begins, like finding out an older 1.4.2 version was installed already and I didn't delete it before I began this process so installing the rpm gave the message:
[root@server jdk]# rpm -i jdk-1_5_0_14-linux-i586.rpm
package jdk-1.5.0_14-fcs is already installed
and look, rpm -qa | grep jpp gives a whole big list of pkgs, do I need to remove them all? (yes, is the answer you'll see later)
[root@server yum.repos.d]# rpm -qa | grep jpp
bsh-manual-1.3.0-9jpp.1
bsh-javadoc-1.3.0-9jpp.1
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5
xalan-j2-2.7.0-6jpp.1
jakarta-commons-logging-1.0.4-6jpp.1
java-1.4.2-gcj-compat-javadoc-1.4.2.0-40jpp.112
jpackage-utils-1.7.3-1jpp.2.el5
xmlrpc-javadoc-2.0.1-3jpp.1
java-1.4.2-gcj-compat-1.4.2.0-40jpp.112
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5
bsf-2.3.0-11jpp.1
bsh-1.3.0-9jpp.1
jakarta-commons-codec-1.3-7jpp.2
jakarta-commons-httpclient-3.0-7jpp.1
java-1.4.2-gcj-compat-devel-1.4.2.0-40jpp.112
ldapjdk-4.18-2jpp.3.el5
antlr-2.7.6-4jpp.2
junit-3.8.2-3jpp.1
xmlrpc-2.0.1-3jpp.1
java-1.4.2-gcj-compat-src-1.4.2.0-40jpp.112
Okay, so to begin, let's update /etc/yum.repos.d to include the jpackage repository:
in the /etc/yum.repos.d do:
wget http://www.jpackage.org/jpackage17.repo
but do you see the problem ... I don't want 1.7, I want 1.5, so how do I get that?
What I did was create my own jpackage50.repo file containing this:
[jpackage50-generic]
name=JPackage 5.0, generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/free/
gpgkey=http://www.jpackage.org/jpackage.asc
gpgcheck=1
enabled=1
[jpackage50-generic-nonfree]
name=JPackage (non-free), generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/non-free/
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
enabled=1
and now I'll go hunting to remove the jpps:
deleted all the jpp rpms except these:
bsh-manual-1.3.0-9jpp.1
bsh-javadoc-1.3.0-9jpp.1
jpackage-utils-1.7.3-1jpp.2.el5
xmlrpc-javadoc-2.0.1-3jpp.1
now reinstall jdk:
rpm -ev jdk-1.5.0_14-fcs
rpm -iv jdk-1.5.0_14-fcs
install java-compat from jpp:
rpm -iv java-1.5.0-sun-compat-1.5.0.14-1jpp.src.rpm
which seemed to work, but rpm isn't listed with rpm -qa | grep java
but what did work:
yum install java-1.5.0-sun-compat-1.5.0.14-1jpp
and now it's in the rpm list. yay!
and java -version shows the new version - yay yay!
[root@quinoa jdk]# java -version
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
figured out I need tomcat 5.5, not 6.0, and a handy
yum list *tomcat*
gave me a list of all tomcat options, giving me a choice between tomcat5 (which was really 5.5.23) and tomcat6.
ran
yum install tomcat5
and away it went, installing the 37 dependencies and tomcat5 from jpackage.
it ended with this error:
/usr/bin/build-jar-repository: error: Could not find xml-commons-apis Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm
and when I started tomcat I got the same error. So I installed xml-commons-apis
yum install xml-commons-apis
which inconveniently uninstalled the jdk, why, I'm not sure, so I installed it back again from the rpm I got from sun.
restarting tomcat didn't get that error this time.
Credits to:
Sun
jpackage.org
Bart Busschotts
I could be talking about anything, I suppose, but in this case I'm installing Java or the JDK as it's fondly called, and Tomcat and twelve billion dependencies it has on a server, in this case Linux.
Do yourself a favor here that I forgot when I was writing this blog ... see if java is already installed. If it's some antiquated version before 1.5, remove it, unless you know you need it. rpm -qa | grep on java and on jdk to make sure you're not missing anything.
In the past I've used the works and packages of the fine jpackage.org folks. This time is no exception.
First, dig deep in Sun's website until I find a 1.5.0 binary for Linux. I downloaded the Linux RPM in self-extracting file: jdk-1_5_0_14-linux-i586-rpm.bin.
For the uninitiated, it's easiest to use wget to get the binary right onto the server without any intermediate file saving, scp-ing, and the like, but since Sun's URLs are about 5 miles long, they fail wonderfully with the error: blahblahblah "File name too long."
So to make this work, use:
wget -O jdk-1_5_0_14-linux-i586-rpm.bin http://reallylongurlfromsuncopiedandpastedfromtheRPMinselfextractingfilelinkthatendsin/jdk-1_5_0_14-linux-i586-rpm.bin
and then, to our wonder and amazement, it will work. I also often forget this and the reminder is really for me, but if it helps you, all the better.
then, extract the .bin file:
./jdk-1_5_0_14-linux-i586-rpm.bin
which dumps a rpm in your pwd.
then install the RPM, do I need to say how to do this, well okay then:
rpm -i jdk-1_5_0_14-linux-i586.rpm
but then the fun begins, like finding out an older 1.4.2 version was installed already and I didn't delete it before I began this process so installing the rpm gave the message:
[root@server jdk]# rpm -i jdk-1_5_0_14-linux-i586.rpm
package jdk-1.5.0_14-fcs is already installed
and look, rpm -qa | grep jpp gives a whole big list of pkgs, do I need to remove them all? (yes, is the answer you'll see later)
[root@server yum.repos.d]# rpm -qa | grep jpp
bsh-manual-1.3.0-9jpp.1
bsh-javadoc-1.3.0-9jpp.1
tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5
xalan-j2-2.7.0-6jpp.1
jakarta-commons-logging-1.0.4-6jpp.1
java-1.4.2-gcj-compat-javadoc-1.4.2.0-40jpp.112
jpackage-utils-1.7.3-1jpp.2.el5
xmlrpc-javadoc-2.0.1-3jpp.1
java-1.4.2-gcj-compat-1.4.2.0-40jpp.112
tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5
bsf-2.3.0-11jpp.1
bsh-1.3.0-9jpp.1
jakarta-commons-codec-1.3-7jpp.2
jakarta-commons-httpclient-3.0-7jpp.1
java-1.4.2-gcj-compat-devel-1.4.2.0-40jpp.112
ldapjdk-4.18-2jpp.3.el5
antlr-2.7.6-4jpp.2
junit-3.8.2-3jpp.1
xmlrpc-2.0.1-3jpp.1
java-1.4.2-gcj-compat-src-1.4.2.0-40jpp.112
Okay, so to begin, let's update /etc/yum.repos.d to include the jpackage repository:
in the /etc/yum.repos.d do:
wget http://www.jpackage.org/jpackage17.repo
but do you see the problem ... I don't want 1.7, I want 1.5, so how do I get that?
What I did was create my own jpackage50.repo file containing this:
[jpackage50-generic]
name=JPackage 5.0, generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/free/
gpgkey=http://www.jpackage.org/jpackage.asc
gpgcheck=1
enabled=1
[jpackage50-generic-nonfree]
name=JPackage (non-free), generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/non-free/
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
enabled=1
and now I'll go hunting to remove the jpps:
deleted all the jpp rpms except these:
bsh-manual-1.3.0-9jpp.1
bsh-javadoc-1.3.0-9jpp.1
jpackage-utils-1.7.3-1jpp.2.el5
xmlrpc-javadoc-2.0.1-3jpp.1
now reinstall jdk:
rpm -ev jdk-1.5.0_14-fcs
rpm -iv jdk-1.5.0_14-fcs
install java-compat from jpp:
rpm -iv java-1.5.0-sun-compat-1.5.0.14-1jpp.src.rpm
which seemed to work, but rpm isn't listed with rpm -qa | grep java
but what did work:
yum install java-1.5.0-sun-compat-1.5.0.14-1jpp
and now it's in the rpm list. yay!
and java -version shows the new version - yay yay!
[root@quinoa jdk]# java -version
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
figured out I need tomcat 5.5, not 6.0, and a handy
yum list *tomcat*
gave me a list of all tomcat options, giving me a choice between tomcat5 (which was really 5.5.23) and tomcat6.
ran
yum install tomcat5
and away it went, installing the 37 dependencies and tomcat5 from jpackage.
it ended with this error:
/usr/bin/build-jar-repository: error: Could not find xml-commons-apis Java extension for this JVM
/usr/bin/build-jar-repository: error: Some specified jars were not found for this jvm
and when I started tomcat I got the same error. So I installed xml-commons-apis
yum install xml-commons-apis
which inconveniently uninstalled the jdk, why, I'm not sure, so I installed it back again from the rpm I got from sun.
restarting tomcat didn't get that error this time.
Credits to:
Sun
jpackage.org
Bart Busschotts
Monday, January 21, 2008
Postfix useful queue commands
Two Postfix commands I discovered by accident while trying to figure out how to delete mail out of the queue:
postqueue -d
list all mail in the queue currently
postqueue -f
flush mail from the queue; will attempt to deliver all mail
postsuper
superuser postfix command
and the command:
postsuper -d ALL
will delete all messages from the queue
Credit:
Seaglass Postfix FAQ
man postsuper
man postqueue
postqueue -d
list all mail in the queue currently
postqueue -f
flush mail from the queue; will attempt to deliver all mail
postsuper
superuser postfix command
and the command:
postsuper -d ALL
will delete all messages from the queue
Credit:
Seaglass Postfix FAQ
man postsuper
man postqueue
Wednesday, January 16, 2008
Setting up a new server - ntp
Super brief notes on configuring NTP
Make sure ntp is installed
rpm -qa | grep ntp
yum install ntp
Edit /etc/ntp.conf
Add stratum servers from www.ntp.org - check the server pool for your locale.
I added these:
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
And this to restrict access from those servers:
restrict 0.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 3.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
And permit any host in my private network to get time from my server:
restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
check if ntpd is currently running:
ps -ef | grep ntp
no dice, so configure it to start at boot
chkconfig --list ntpd
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Check to see if the server time is reasonably close to ntp time (within 2 minutes), if not run:
ntpdate pool.ntp.org
to synchronize.
Run:
chkconfig ntpd on
service start ntpd
Check for log messages in /var/log/messages and check the time on the server to see if it's accurate. Also check status with:
[root@server etc]# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
64.73.32.134 64.73.0.9 2 u 30 64 1 72.596 4.418 0.001
66.250.45.2 209.51.161.238 2 u 29 64 1 92.327 -8.728 0.001
66.36.239.127 129.6.15.29 2 u 28 64 1 86.409 1.150 0.001
82.165.184.7 74.208.4.166 3 u 27 64 1 88.581 -7.514 0.001
127.127.1.0 .LOCL. 10 l 26 64 1 0.000 0.000 0.001
Tip of the keyboard to:
ntp.org
linuxhomenetworking.com
Make sure ntp is installed
rpm -qa | grep ntp
yum install ntp
Edit /etc/ntp.conf
Add stratum servers from www.ntp.org - check the server pool for your locale.
I added these:
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
And this to restrict access from those servers:
restrict 0.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 3.north-america.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
And permit any host in my private network to get time from my server:
restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
check if ntpd is currently running:
ps -ef | grep ntp
no dice, so configure it to start at boot
chkconfig --list ntpd
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Check to see if the server time is reasonably close to ntp time (within 2 minutes), if not run:
ntpdate pool.ntp.org
to synchronize.
Run:
chkconfig ntpd on
service start ntpd
Check for log messages in /var/log/messages and check the time on the server to see if it's accurate. Also check status with:
[root@server etc]# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
64.73.32.134 64.73.0.9 2 u 30 64 1 72.596 4.418 0.001
66.250.45.2 209.51.161.238 2 u 29 64 1 92.327 -8.728 0.001
66.36.239.127 129.6.15.29 2 u 28 64 1 86.409 1.150 0.001
82.165.184.7 74.208.4.166 3 u 27 64 1 88.581 -7.514 0.001
127.127.1.0 .LOCL. 10 l 26 64 1 0.000 0.000 0.001
Tip of the keyboard to:
ntp.org
linuxhomenetworking.com
Setting up a new server - logwatch & logrotate
A couple hints so that you get logwatch emails and include other log files you want to monitor.
Logwatch depends on having the email address set for root to forward somewhere, otherwise the emails will sit in the local mailbox for root.
Change this line in /etc/aliases - works for either sendmail or postfix:
# Person who should get root's mail
root: validuser@yourdomain.com
Then run 'newaliases' (for sendmail) so this will be in use.
You may run into issues if the hostname for your box isn't in public DNS because of actions to cut down spam, so set it to masquerade if needed (see last post).
Then to have logwatch check other logfiles besides the defaults, which on my CentOS box are listed in /usr/share/logwatch/default.conf/logfiles
in my case, I'm going to add monitors for the syslog alerts for my network equipment that I have set to go to /var/log/network and also for a newly created mysql backup log file /var/log/mysqlbackup
Defaults are fine, so I created the file /etc/logwatch/conf/logfiles/network.conf
#######################################################
# Defile log file group for /var/log/network
# syslog output for network equipment
# created by JAR 1/16/08
#######################################################
# Actual file
LogFile = network
#EOF
We'll see if this works.
Also a quick note about logrotate - when I configured syslog to accept messages from my network gear, I configured the new log file "network" in logrotate so that it would follow the normal rotation.
I added to the /etc/logrotate.d/syslog file:
/var/log/network
Logwatch depends on having the email address set for root to forward somewhere, otherwise the emails will sit in the local mailbox for root.
Change this line in /etc/aliases - works for either sendmail or postfix:
# Person who should get root's mail
root: validuser@yourdomain.com
Then run 'newaliases' (for sendmail) so this will be in use.
You may run into issues if the hostname for your box isn't in public DNS because of actions to cut down spam, so set it to masquerade if needed (see last post).
Then to have logwatch check other logfiles besides the defaults, which on my CentOS box are listed in /usr/share/logwatch/default.conf/logfiles
in my case, I'm going to add monitors for the syslog alerts for my network equipment that I have set to go to /var/log/network and also for a newly created mysql backup log file /var/log/mysqlbackup
Defaults are fine, so I created the file /etc/logwatch/conf/logfiles/network.conf
#######################################################
# Defile log file group for /var/log/network
# syslog output for network equipment
# created by JAR 1/16/08
#######################################################
# Actual file
LogFile = network
#EOF
We'll see if this works.
Also a quick note about logrotate - when I configured syslog to accept messages from my network gear, I configured the new log file "network" in logrotate so that it would follow the normal rotation.
I added to the /etc/logrotate.d/syslog file:
/var/log/network
Tuesday, January 15, 2008
Setting up a new server - sendmail/postfix
Someday I will create a checklist of things to do to a new unix server to make it behave as I'd like. Until that someday comes, I'll write bits and pieces of things to do to remind myself.
Here's one.
When setting up a new system that has Logwatch enabled, remember by default it's going to email "root@localhost" all the logs. This is fine, except that if you're like me, you seldom check email for root and would prefer that the logfiles get sent to an email address, probably Internet routable, that you check more frequently.
This is how to make that happen, or perhaps what to do first:
Edit the /etc/aliases file
notice that everything is going to root, either directly or indirectly.
At the very bottom of the file, see the line that is commented out:
# Person who should get root's mail
#root: marc
make it a real email address that goes to a real human somewhere.
then run command 'newaliases' so the change you made goes into a file that's read.
Or, if you are, in fact, not a fan of sendmail, you can quickly switch to postfix (or qmail for the diehards) which has the reputation of being more secure and easier to work with.
In fact, I recommend this:
yum install postfix
service sendmail stop
yum erase sendmail
and then, if you want your host to pretend to be a different name (masquerade), edit this line:
myhostname = hostname.outsidedomain.com
and uncomment this line:
myorigin = $mydomain
so that email sent from this box will appear as username@outsidedomain.com.
a quick
service postfix restart
and you're good to go.
Here's one.
When setting up a new system that has Logwatch enabled, remember by default it's going to email "root@localhost" all the logs. This is fine, except that if you're like me, you seldom check email for root and would prefer that the logfiles get sent to an email address, probably Internet routable, that you check more frequently.
This is how to make that happen, or perhaps what to do first:
Edit the /etc/aliases file
notice that everything is going to root, either directly or indirectly.
At the very bottom of the file, see the line that is commented out:
# Person who should get root's mail
#root: marc
make it a real email address that goes to a real human somewhere.
then run command 'newaliases' so the change you made goes into a file that's read.
Or, if you are, in fact, not a fan of sendmail, you can quickly switch to postfix (or qmail for the diehards) which has the reputation of being more secure and easier to work with.
In fact, I recommend this:
yum install postfix
service sendmail stop
yum erase sendmail
and then, if you want your host to pretend to be a different name (masquerade), edit this line:
myhostname = hostname.outsidedomain.com
and uncomment this line:
myorigin = $mydomain
so that email sent from this box will appear as username@outsidedomain.com.
a quick
service postfix restart
and you're good to go.
Monday, January 14, 2008
CVS Setup on Linux
I know, in this fast paced modern world that SVN is thought to be superior to CVS, but for some of my studio audience, and myself, here are my notes from configuring CVS.
I'm using CentOS rel 5, but should be similar on RH or Fedora (now please tell me you're not surprised about that).
check if you have cvs already:
rpm -qa | grep cvs
if not ...
yum install cvs
then add CVSROOT as a variable for everyone using bash ... if they're not using bash, they're on their own ...
add to /etc/bashrc:
CVSROOT=/home/cvsrep
export CVSROOT
create initial repository:
cvs -d /home/cvsrep init
Edit the file /etc/xinetd.d/cvs which starts the service in the xinetd server - this was created by "yum install cvs"
# default: off
# description: The CVS service can record the history of your source \
# files. CVS stores all the versions of a file in a single \
# file in a clever way that only stores the differences \
# between versions.
service cvspserver
{
disable = yes
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
env = HOME=/var/cvs
server_args = -f --allow-root=/var/cvs pserver
# bind = 127.0.0.1
}
but note the "disable=yes" line
if you want cvs to work ... change to:
disable=no
and restart xinetd after you make all configuration changes necessary
tip of the keyboard to:
http://personal.vsnl.com/sureshms/linuxindex.html
I'm using CentOS rel 5, but should be similar on RH or Fedora (now please tell me you're not surprised about that).
check if you have cvs already:
rpm -qa | grep cvs
if not ...
yum install cvs
then add CVSROOT as a variable for everyone using bash ... if they're not using bash, they're on their own ...
add to /etc/bashrc:
CVSROOT=/home/cvsrep
export CVSROOT
create initial repository:
cvs -d /home/cvsrep init
Edit the file /etc/xinetd.d/cvs which starts the service in the xinetd server - this was created by "yum install cvs"
# default: off
# description: The CVS service can record the history of your source \
# files. CVS stores all the versions of a file in a single \
# file in a clever way that only stores the differences \
# between versions.
service cvspserver
{
disable = yes
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
env = HOME=/var/cvs
server_args = -f --allow-root=/var/cvs pserver
# bind = 127.0.0.1
}
but note the "disable=yes" line
if you want cvs to work ... change to:
disable=no
and restart xinetd after you make all configuration changes necessary
tip of the keyboard to:
http://personal.vsnl.com/sureshms/linuxindex.html
Tuesday, January 08, 2008
Using Syslog to get network device logs
Because I always forget how to do this ...
To configure syslog on a CentOS Linux box to receive logs from my network gear; examples below for Cisco ASA/PIX, Foundry SI, Cisco Catalyst 3500XL, and Netscreen-50 firewall. This will also work for Fedora and RedHat, in case you were curious.
If you want names to display instead of IP addresses in the log file, add names to /etc/hosts.
On the Linux host, add these lines to /etc/syslog:
I've set all the network gear to log to local3 - you can choose different local values for each if you want to log to different files.
local3.* /var/log/network
To keep the logging from the network gear *out* of the /var/log/messages file, I added this "local3.none" to this line in /etc/syslog.conf, as below:
*.info;mail.none;authpriv.none;cron.none;local3.none /var/log/messages
And have syslog listen for remote requests by changing this line in /etc/sysconfig/syslog -OR- /etc/init.d/syslog - check the /etc/init.d/syslog file to see if it checks the /etc/sysconfig file.
Add the "-r" option to listen to remote requests
SYSLOGD_OPTIONS="-m 0 -r"
then
service syslog restart
a couple quick checks:
netstat -a | grep syslog
check that the file /var/log/netlog was created
and now configure the network devices:
on the ASA/PIX, facility 19 = local3
logging enable
logging timestamp
logging trap notifications
logging facility 19
logging host inside 10.1.1.10
On a Catalyst 3500 switch:
service timestamps log datetime localtime #this displays the timestamp in the syslog file
logging trap notifications
logging facility local3
logging 10.1.1.10
remember to set the clock to the right time, or use ntp
clock set ...
For a Foundry SI:
logging 10.1.1.10
logging facility local3
For a Netscreen 50:
set syslog config "10.1.1.10"
set syslog config "10.1.1.10" facilities local3 local3
set syslog src-interface ethernet1
set syslog enable
For Dell switches (poweredge something or other)
logging 10.1.1.10 facility local3
And don't forget if you want the new netlog rotated - add to /etc/logrotate.d/syslog
/var/log/netlog
Tip of the keyboard to:
http://www.linuxhomenetworking.com/wiki/index.php/
Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog#Configuring_the_Linux_Syslog_Server
To configure syslog on a CentOS Linux box to receive logs from my network gear; examples below for Cisco ASA/PIX, Foundry SI, Cisco Catalyst 3500XL, and Netscreen-50 firewall. This will also work for Fedora and RedHat, in case you were curious.
If you want names to display instead of IP addresses in the log file, add names to /etc/hosts.
On the Linux host, add these lines to /etc/syslog:
I've set all the network gear to log to local3 - you can choose different local values for each if you want to log to different files.
local3.* /var/log/network
To keep the logging from the network gear *out* of the /var/log/messages file, I added this "local3.none" to this line in /etc/syslog.conf, as below:
*.info;mail.none;authpriv.none;cron.none;local3.none /var/log/messages
And have syslog listen for remote requests by changing this line in /etc/sysconfig/syslog -OR- /etc/init.d/syslog - check the /etc/init.d/syslog file to see if it checks the /etc/sysconfig file.
Add the "-r" option to listen to remote requests
SYSLOGD_OPTIONS="-m 0 -r"
then
service syslog restart
a couple quick checks:
netstat -a | grep syslog
check that the file /var/log/netlog was created
and now configure the network devices:
on the ASA/PIX, facility 19 = local3
logging enable
logging timestamp
logging trap notifications
logging facility 19
logging host inside 10.1.1.10
On a Catalyst 3500 switch:
service timestamps log datetime localtime #this displays the timestamp in the syslog file
logging trap notifications
logging facility local3
logging 10.1.1.10
remember to set the clock to the right time, or use ntp
clock set ...
For a Foundry SI:
logging 10.1.1.10
logging facility local3
For a Netscreen 50:
set syslog config "10.1.1.10"
set syslog config "10.1.1.10" facilities local3 local3
set syslog src-interface ethernet1
set syslog enable
For Dell switches (poweredge something or other)
logging 10.1.1.10 facility local3
And don't forget if you want the new netlog rotated - add to /etc/logrotate.d/syslog
/var/log/netlog
Tip of the keyboard to:
http://www.linuxhomenetworking.com/wiki/index.php/
Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog#Configuring_the_Linux_Syslog_Server
Monday, January 07, 2008
PHP Note To Self
Things to install for PHP, Drupal, and SugarOS to be happy:
yum install curl-devel
yum install gd-devel
yum install gd-progs
and also because I got errors that ./configure couldn't find libgd because it's not in the same place as gd.h:
ln -s gd.h /usr/lib/gd.h
and the final ./configure line:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs --lib-dir=/usr/lib --with-gd=/usr/lib --with-curl=/usr/bin/curl --enable-mbstring --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/lib
make
make test
make install
good to go
addendum:
to get ldap to work with SugarOS, more than likely I need to install all these, if they aren't already installed:
openldap
openldap-clients
openldap-servers (this adds the file /etc/init.d/ldap)
openldap-devel
but I haven't tried it yet, so we'll see
yum install curl-devel
yum install gd-devel
yum install gd-progs
and also because I got errors that ./configure couldn't find libgd because it's not in the same place as gd.h:
ln -s gd.h /usr/lib/gd.h
and the final ./configure line:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs --lib-dir=/usr/lib --with-gd=/usr/lib --with-curl=/usr/bin/curl --enable-mbstring --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/lib
make
make test
make install
good to go
addendum:
to get ldap to work with SugarOS, more than likely I need to install all these, if they aren't already installed:
openldap
openldap-clients
openldap-servers (this adds the file /etc/init.d/ldap)
openldap-devel
but I haven't tried it yet, so we'll see
Friday, January 04, 2008
What I've been waiting for: ISP redundancy on PIX/ASA
I don't know how long I've wanted this...but by chance searching I found it exists as of the middle of last year:
ISP redundancy/tracking on the Cisco PIX and ASA as of the 7.2(x) release!
You can now use a second, inexpensive ISP (like DSL or cable) as a backup to a primary ISP - it's implemented with "tracking" a downstream IP address with ICMP, and if ICMP fails, the default static route is replaced with a backup.
More here:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
ISP redundancy/tracking on the Cisco PIX and ASA as of the 7.2(x) release!
You can now use a second, inexpensive ISP (like DSL or cable) as a backup to a primary ISP - it's implemented with "tracking" a downstream IP address with ICMP, and if ICMP fails, the default static route is replaced with a backup.
More here:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
Friday, June 08, 2007
Installing PHP on RedHat ES4 with Apache 2
Apache 2 was installed during the system build of this RHEL ES4 system. Now, the task, to get MySQL 5.0 and PHP 5.2.3 installed. Here are some things I learned along the way.
First things first,
Remove any old MySQL versions with rpm -ev.
Also check for and remove any old php versions (rpm -qa | grep php)
Download the tar/gz bundle from php.net.
Download and install these packages from MySQL - I used community server:
MySQL-client-community-5.0.41-0.rhel4 (Client)
MySQL-shared-community-5.0.41-0.rhel4 (Shared Libraries - this may not be needed)
MySQL-server-community-5.0.41-0.rhel4 (Server)
MySQL-devel-community-5.0.41-0.rhel4 (Headers and Libraries)
Note that if you don't install the devel RPM you'll get this error on ./configure of PHP:
configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!
It goes away after you install the devel RPM.
Then, it's time to ./configure PHP
I'm loosely following this doc: http://us.php.net/manual/en/install.unix.php
and Example 4.1 although I have Apache 2.0 instead of 1.3.
(the Apache 2.0 example gives some useful info also, but isn't strictly accurate either)
Prerequisites, per this page:
gcc
flex
bison
I installed these with up2date which may not give the latest versions, but hopefully good enough.
up2date gcc also installed:
cpp
glibc2
glibc-devel
glibc-headers
libgcc
glibc-common
I checked if PHP was currently loaded in the /etc/httpd/conf/httpd.conf file - looking for php in the "LoadModule" section. Not there. Keep going.
Noticed that in the example on php.net the ./configure specifies "with-apxs" so I wanted to see what apxs was and if I already had it.
What it is - tip of the keyboard to http://www.onlamp.com/pub/a/php/2001/03/15/php_admin.html
it's used to build and install Apache extension modules. After a few random searches, I found it's installed in the httpd-devel RPM. Of course it's not an apache-devel RPM, because RedHat prefers to disguise Apache with the httpd name. You tell me why, I'll give you a quarter.
up2date httpd-devel
and apxs magically appeared in the /usr/sbin directory.
httpd-devel said it depended on a bunch of other things too:
apr-devel
apr-util-devel
cyrus-sasl-devel
db4-devel
expat-devel
openldap-devel
pcre-devel
compat-openldap
First time I ran ./configure in the PHP directory (ignoring the example that says to install Apache first, since it's already installed) - I got this error:
./configure --with-mysql --with-apxs=/usr/sbin/apxs
...
checking for Apache 1.x module support via DSO through APXS... configure: error: You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2
Maybe we should tell the php folks how to spell "appropriate" except then I'd have to admit I didn't read the instructions first....oh well.
next run:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs
next error:
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.
Oh where, oh where do I find xml2-config?
It's in libxml2-devel, of course! Now why didn't I know that???
up2date libxml2-devel
also installed this dependency:
zlib-devel
now this file exists: /usr/bin/xml2-config ...yay!checking for MySQL UNIX socket location... /var/lib/mysql/mysql.sock
configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!
But if you already installed the MySQL-community-devel package (see note at beginning), you didn't get this right?
next run:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs
got this error:
checking for gcc... gcc
checking whether the C++ compiler (gcc ) works... no
configure: error: installation or configuration problem: C++ compiler cannot create executables.
this web page gave me the next clue - to check the config.log in the directory where I'm doing the ./configure -
in the last few lines of config.log:
gcc: installation problem, cannot exec `cc1plus': No such file or directory
So now I'm on the hunt for cc1plus.
I found it through hints on random websites...it's in the gcc-c++ package.
up2date gcc-c++
which also installed:
libstdc++
libstdc++-devel
./configure --with-mysql --with-apxs2=/usr/sbin/apxs ... again
Oh my Dog...it actually worked:
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
Thank you for using PHP.
Now...back to the php.net install on unix page.
make
which had a friendly reminder to run "make test"
make test
{sudo} make install
gave this reminder:
libtool: install: warning: remember to run `libtool --finish /home/julie/php-5.2.3/libs'
Since libtool doesn't exist on my system, so I installed it:
up2date libtool
which also installed
autoconf
automake
and running this:
libtool --finish /home/me/php-5.2.3/libs
said this:
PATH="$PATH:/sbin" ldconfig -n /home/julie/php-5.2.3/libs
----------------------------------------------------------------------
Libraries have been installed in:
/home/julie/php-5.2.3/libs
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
But otherwise php installed fine with a new module in /etc/httpd/conf/modules:
libphp5.so
and added this to /etc/httpd/conf/httpd.conf:
LoadModule php5_module /usr/lib/httpd/modules/libphp5.so
service httpd stop
service httpd start
And I should be good to go!
First things first,
Remove any old MySQL versions with rpm -ev.
Also check for and remove any old php versions (rpm -qa | grep php)
Download the tar/gz bundle from php.net.
Download and install these packages from MySQL - I used community server:
MySQL-client-community-5.0.41-0.rhel4 (Client)
MySQL-shared-community-5.0.41-0.rhel4 (Shared Libraries - this may not be needed)
MySQL-server-community-5.0.41-0.rhel4 (Server)
MySQL-devel-community-5.0.41-0.rhel4 (Headers and Libraries)
Note that if you don't install the devel RPM you'll get this error on ./configure of PHP:
configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!
It goes away after you install the devel RPM.
Then, it's time to ./configure PHP
I'm loosely following this doc: http://us.php.net/manual/en/install.unix.php
and Example 4.1 although I have Apache 2.0 instead of 1.3.
(the Apache 2.0 example gives some useful info also, but isn't strictly accurate either)
Prerequisites, per this page:
gcc
flex
bison
I installed these with up2date which may not give the latest versions, but hopefully good enough.
up2date gcc also installed:
cpp
glibc2
glibc-devel
glibc-headers
libgcc
glibc-common
I checked if PHP was currently loaded in the /etc/httpd/conf/httpd.conf file - looking for php in the "LoadModule" section. Not there. Keep going.
Noticed that in the example on php.net the ./configure specifies "with-apxs" so I wanted to see what apxs was and if I already had it.
What it is - tip of the keyboard to http://www.onlamp.com/pub/a/php/2001/03/15/php_admin.html
it's used to build and install Apache extension modules. After a few random searches, I found it's installed in the httpd-devel RPM. Of course it's not an apache-devel RPM, because RedHat prefers to disguise Apache with the httpd name. You tell me why, I'll give you a quarter.
up2date httpd-devel
and apxs magically appeared in the /usr/sbin directory.
httpd-devel said it depended on a bunch of other things too:
apr-devel
apr-util-devel
cyrus-sasl-devel
db4-devel
expat-devel
openldap-devel
pcre-devel
compat-openldap
First time I ran ./configure in the PHP directory (ignoring the example that says to install Apache first, since it's already installed) - I got this error:
./configure --with-mysql --with-apxs=/usr/sbin/apxs
...
checking for Apache 1.x module support via DSO through APXS... configure: error: You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2
Maybe we should tell the php folks how to spell "appropriate" except then I'd have to admit I didn't read the instructions first....oh well.
next run:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs
next error:
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.
Oh where, oh where do I find xml2-config?
It's in libxml2-devel, of course! Now why didn't I know that???
up2date libxml2-devel
also installed this dependency:
zlib-devel
now this file exists: /usr/bin/xml2-config ...yay!checking for MySQL UNIX socket location... /var/lib/mysql/mysql.sock
configure: error: Cannot find MySQL header files under yes.
Note that the MySQL client library is not bundled anymore!
But if you already installed the MySQL-community-devel package (see note at beginning), you didn't get this right?
next run:
./configure --with-mysql --with-apxs2=/usr/sbin/apxs
got this error:
checking for gcc... gcc
checking whether the C++ compiler (gcc ) works... no
configure: error: installation or configuration problem: C++ compiler cannot create executables.
this web page gave me the next clue - to check the config.log in the directory where I'm doing the ./configure -
in the last few lines of config.log:
gcc: installation problem, cannot exec `cc1plus': No such file or directory
So now I'm on the hunt for cc1plus.
I found it through hints on random websites...it's in the gcc-c++ package.
up2date gcc-c++
which also installed:
libstdc++
libstdc++-devel
./configure --with-mysql --with-apxs2=/usr/sbin/apxs ... again
Oh my Dog...it actually worked:
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
Thank you for using PHP.
Now...back to the php.net install on unix page.
make
which had a friendly reminder to run "make test"
make test
{sudo} make install
gave this reminder:
libtool: install: warning: remember to run `libtool --finish /home/julie/php-5.2.3/libs'
Since libtool doesn't exist on my system, so I installed it:
up2date libtool
which also installed
autoconf
automake
and running this:
libtool --finish /home/me/php-5.2.3/libs
said this:
PATH="$PATH:/sbin" ldconfig -n /home/julie/php-5.2.3/libs
----------------------------------------------------------------------
Libraries have been installed in:
/home/julie/php-5.2.3/libs
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
But otherwise php installed fine with a new module in /etc/httpd/conf/modules:
libphp5.so
and added this to /etc/httpd/conf/httpd.conf:
LoadModule php5_module /usr/lib/httpd/modules/libphp5.so
service httpd stop
service httpd start
And I should be good to go!
Friday, June 01, 2007
FSCK and a 4TB filesystem
It's not like I had a choice, the 4TB filesystem made of 10 x 500Gb SATA disks in RAID5 lost a disk and did a funky dance, and now it won't let anyone mount it except read only.
So I had to unmount it, with umount -l because when I tried plain old umount /name it said "device is busy". I don't know how it could be busy, I was the only person connected to the machine and no other server had it mounted...so I ran "umount -l /name" and that did the trick in about 20 seconds.
Then on to the fsck of the unmounted filesystem...did I mention it's 4 terabytes? What I would love to know...LOVE to know....is how long it takes to fsck a 4TB filesystem? A couple hours, a day, a weekend, or until eternity and the disks stop spinning?
I guess too if I had another wish it would be that there was some kind of moving blinking cursor to let me know fsck was doing something. After I said "yes" to a few dozen errors about block bitmaps, inode bitmaps, and inode tables with their ominous message "warning: severe data loss possible" then it spit out:
/dev/sdb contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
where it has sat for the last hour, completely unresponsive.
Am I missing something? Did I miss the prompt for verbose output???
Answers:
- there is a prompt for verbose output but it didn't help much
- fsck on a 4TB disk took about 6 hours with lots of errors
- there is a progress bar using -C but I couldn't get it to display, probably missed something
Finally I ran it as root in the background, sent output to a log file, and went to sleep.
So I had to unmount it, with umount -l because when I tried plain old umount /name it said "device is busy". I don't know how it could be busy, I was the only person connected to the machine and no other server had it mounted...so I ran "umount -l /name" and that did the trick in about 20 seconds.
Then on to the fsck of the unmounted filesystem...did I mention it's 4 terabytes? What I would love to know...LOVE to know....is how long it takes to fsck a 4TB filesystem? A couple hours, a day, a weekend, or until eternity and the disks stop spinning?
I guess too if I had another wish it would be that there was some kind of moving blinking cursor to let me know fsck was doing something. After I said "yes" to a few dozen errors about block bitmaps, inode bitmaps, and inode tables with their ominous message "warning: severe data loss possible" then it spit out:
/dev/sdb contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
where it has sat for the last hour, completely unresponsive.
Am I missing something? Did I miss the prompt for verbose output???
Answers:
- there is a prompt for verbose output but it didn't help much
- fsck on a 4TB disk took about 6 hours with lots of errors
- there is a progress bar using -C but I couldn't get it to display, probably missed something
Finally I ran it as root in the background, sent output to a log file, and went to sleep.
Thursday, March 01, 2007
Disk partitioning, note to self
Next time I have to partition a *nix filesystem, I solemnly swear to read this post and adhere to the lessons.
This is what I've done recently, based on how the servers I've inherited were configured:
/ 512MB
/home 2Gb
/usr 2Gb
/boot 250MB
swap 2Gb
/var remaining space on 36GB disk.
The problems...running out of space on /home when I try to put a bunch of new rpms for RedHat that need to be installed. That /opt, which some apps like to use as the default path, is part of / and at a measly 512MB it goes too quickly.
This is what I plan to do next time...
/ 1GB
/home 4GB
/usr 4GB
/boot 500MB
swap 2 -4 GB dep on physical memory
/var less of the 36 GB remaining, but still a lot for mostly log files
This is what I've done recently, based on how the servers I've inherited were configured:
/ 512MB
/home 2Gb
/usr 2Gb
/boot 250MB
swap 2Gb
/var remaining space on 36GB disk.
The problems...running out of space on /home when I try to put a bunch of new rpms for RedHat that need to be installed. That /opt, which some apps like to use as the default path, is part of / and at a measly 512MB it goes too quickly.
This is what I plan to do next time...
/ 1GB
/home 4GB
/usr 4GB
/boot 500MB
swap 2 -4 GB dep on physical memory
/var less of the 36 GB remaining, but still a lot for mostly log files
Thursday, January 11, 2007
APC Smart UPS and Red Hat Linux
I am forever amazed at how documentation on how to install products on Linux which were primarily made for Windows is sufficiently lacking in every respect. Okay, I'm not that amazed. But I came into the Unix world through the back door - I started with Novell NetWare 3.x and Windows for Workgroups 3.51 (remember those!) and then meandered through the world of Windows NT Server and found myself in the networking world of Cisco routers and such.
Then, a few years later, I met Unix. I can't say it was love at first sight, in fact it was more like chaos and insanity, but now, Unix and I, we understand each other.
So today I was figuring out how to install the server agent on the APC Smart UPS SC 1500 I just bought. It's a RHEL ES 3 server with a serial interface, so I connected it and didn't expect any sort of miracle that the server would know it had something new attached. It didn't, of course.
Unix agent, I told myself, I need to find the Unix agent. I found this in the instructions on how to install on Unix - basically I needed to find the RPM.
Now, of course, that I'm looking for the info I found a handy text doc on how to do this:
RPM is on the cdrom.
rpm -i pbeagent-7.0.4-114.i386.rpm
will get the agent installed.
The install puts a file PBEAgent in /etc/init.d - this is what I used to figure out where the installation was.
Agent installs to /opt/APC/PowerChuteBusinessEdition (of course! that's so obvious!)
then by chance I found this file:
config.sh
which I thought I'd run just to see what happens.
Turns out, this is a good thing, because I chose "simple" for the install and it prompted me to create username/password, select the com port (I guessed it was com1).
Then, I wondered, what next?
Ah, install the Windows server software. Somehow, autotragically, the server s/w install discovered my server running the powerchute agent. Somehow it's all working, and as with a lot of windows originated software, how is still a mystery.
Then, a few years later, I met Unix. I can't say it was love at first sight, in fact it was more like chaos and insanity, but now, Unix and I, we understand each other.
So today I was figuring out how to install the server agent on the APC Smart UPS SC 1500 I just bought. It's a RHEL ES 3 server with a serial interface, so I connected it and didn't expect any sort of miracle that the server would know it had something new attached. It didn't, of course.
Unix agent, I told myself, I need to find the Unix agent. I found this in the instructions on how to install on Unix - basically I needed to find the RPM.
Now, of course, that I'm looking for the info I found a handy text doc on how to do this:
RPM is on the cdrom.
rpm -i pbeagent-7.0.4-114.i386.rpm
will get the agent installed.
The install puts a file PBEAgent in /etc/init.d - this is what I used to figure out where the installation was.
Agent installs to /opt/APC/PowerChuteBusinessEdition (of course! that's so obvious!)
then by chance I found this file:
config.sh
which I thought I'd run just to see what happens.
Turns out, this is a good thing, because I chose "simple" for the install and it prompted me to create username/password, select the com port (I guessed it was com1).
Then, I wondered, what next?
Ah, install the Windows server software. Somehow, autotragically, the server s/w install discovered my server running the powerchute agent. Somehow it's all working, and as with a lot of windows originated software, how is still a mystery.
Friday, December 29, 2006
Wonderful easy ftp server
Back again in my daily drama, I am sorting out the hows and whys of an ftp server called VSFTPD
I'm growing to love this charming and easy, yet powerful and secure FTP server. It has one config file that spells out options in nice, plain English. It can run in an inetd server (like xinetd) or in standalone mode.
It's configurable, it's tidy, and I recommend it.
I'm growing to love this charming and easy, yet powerful and secure FTP server. It has one config file that spells out options in nice, plain English. It can run in an inetd server (like xinetd) or in standalone mode.
It's configurable, it's tidy, and I recommend it.
Thursday, December 28, 2006
RedHat: command of the day: chkconfig
I'm administering a few Red Hat ES 3 servers now, after a lapse of in the Windows system admin world, and I was delighted to find this command:
chkconfig
It's my hero. Whomever thought up this command is my hero. For those of us who got tired of having to add a new service to all of the rc directories, set up all the symbolic links back to init.d services, this is the command for you.
Take it out for a test drive with
chkconfig --list sshd
and it will tell you which run levels it's configured for. Is it on, is it off?
And if you want to add a new service, once it's in the init.d directory, run this:
chkconfig --add newservicename
and
chkconfig --level 2 httpd on
to add httpd to run level 3.
There. Consider that my contribution to sharing useful things that may be common knowledge to some, and not to others.
Reference: run levels, init scripts, rc, init.d, services
chkconfig
It's my hero. Whomever thought up this command is my hero. For those of us who got tired of having to add a new service to all of the rc directories, set up all the symbolic links back to init.d services, this is the command for you.
Take it out for a test drive with
chkconfig --list sshd
and it will tell you which run levels it's configured for. Is it on, is it off?
And if you want to add a new service, once it's in the init.d directory, run this:
chkconfig --add newservicename
and
chkconfig --level 2 httpd on
to add httpd to run level 3.
There. Consider that my contribution to sharing useful things that may be common knowledge to some, and not to others.
Reference: run levels, init scripts, rc, init.d, services
Wednesday, December 27, 2006
Zimbra and the art of mail troubleshooting
Things I learned today about the Zimbra mail server I inherited that could send me over the edge. Zimbra is an open source mail server that wraps itself around postfix, tomcat, and mysql. It seemed to be working just fine until there was a power blink in my office and I realized the mail server wasn't on a UPS.
Login to mail server and 'su - zimbra'
Useful commands to figure out what is happening with Zimbra.
zmcontrol status
zmcontrol start
This will start tomcat, mysql, AND zimbra. You don't start these solo, in fact, they don't even live in normal places, they live in /opt/zimbra, even the bin files. Por que? I ask, in unaccented spanish, por que?
zmcontrol stop
Stops everything, including mysql and tomcat.
Mysql is installed in zimbra's home directory, also /opt/zimbra/mysql
Check logfile in /opt/zimbra/log/mysql.log
Also check /var/log/zimbra.log and /opt/zimbra/log/zimbra.log.
Today my issue was that when starting zimbra mysql didn't start also.
Tried zmcontrol stop and start - didn't change
Checked logfile and saw:
[zimbra@mail log]$ more mysqld.log
061227 11:17:19 mysqld started
061227 11:17:20 [ERROR] Can't start server: cannot resolve hostname!: Success
061227 11:17:20 mysqld ended
Found this on google search: http://bugs.mysql.com/bug.php?id=1200
Checked /opt/zimbra/conf/my.cnf file - saw
[mysqld]
basedir = /opt/zimbra/mysql
datadir = /opt/zimbra/db/data
socket = /opt/zimbra/db/mysql.sock
pid-file = /opt/zimbra/db/mysql.pid
bind-address = localhost
port = 7306
user = zmbra
But localhost wasn't listed in /etc/hosts - must have been removed prior.
Added this to /etc/hosts:
127.0.0.1 localhost.localdomain localhost
192.168.1.17 mail.omn.org mail # this was already there
Zmcontrol stop
Zmcontrol start
Zimbra started just fine. Then I figured out that I couldn't receive mail. The server was receiving mail and storing it in /opt/zimbra/store/0/ with a numeric folder for each user (if you know what date you created the user account, that date stamp will give you a clue to the folder for your mail).
That problem got nailed down to DNS - I guess the server wanted DNS to spit back it's private IP address when it asked, which it wouldn't, and so it got upset about the whole thing. this is not the first time I wondered how the darned thing was working in the first place.
Mail and DNS, they are like a divorced couple with kids - never to be separated no matter how hard you try.
Something else that was useful:
http://www.zimbra.com/forums/showthread.php?t=340
p.s. turned out the very big little issue was that named didn't start when the box rebooted. Started named, which was needed by zimbra to resolve the IP correctly, and life got better. Still kept the localhost entry in /etc/hosts because heaven knows why my coworker thought it was a good idea to take it out. Sheesh.
Reference: zimbra mail mysql mysql.server tomcat
Login to mail server and 'su - zimbra'
Useful commands to figure out what is happening with Zimbra.
zmcontrol status
zmcontrol start
This will start tomcat, mysql, AND zimbra. You don't start these solo, in fact, they don't even live in normal places, they live in /opt/zimbra, even the bin files. Por que? I ask, in unaccented spanish, por que?
zmcontrol stop
Stops everything, including mysql and tomcat.
Mysql is installed in zimbra's home directory, also /opt/zimbra/mysql
Check logfile in /opt/zimbra/log/mysql.log
Also check /var/log/zimbra.log and /opt/zimbra/log/zimbra.log.
Today my issue was that when starting zimbra mysql didn't start also.
Tried zmcontrol stop and start - didn't change
Checked logfile and saw:
[zimbra@mail log]$ more mysqld.log
061227 11:17:19 mysqld started
061227 11:17:20 [ERROR] Can't start server: cannot resolve hostname!: Success
061227 11:17:20 mysqld ended
Found this on google search: http://bugs.mysql.com/bug.php?id=1200
Checked /opt/zimbra/conf/my.cnf file - saw
[mysqld]
basedir = /opt/zimbra/mysql
datadir = /opt/zimbra/db/data
socket = /opt/zimbra/db/mysql.sock
pid-file = /opt/zimbra/db/mysql.pid
bind-address = localhost
port = 7306
user = zmbra
But localhost wasn't listed in /etc/hosts - must have been removed prior.
Added this to /etc/hosts:
127.0.0.1 localhost.localdomain localhost
192.168.1.17 mail.omn.org mail # this was already there
Zmcontrol stop
Zmcontrol start
Zimbra started just fine. Then I figured out that I couldn't receive mail. The server was receiving mail and storing it in /opt/zimbra/store/0/ with a numeric folder for each user (if you know what date you created the user account, that date stamp will give you a clue to the folder for your mail).
That problem got nailed down to DNS - I guess the server wanted DNS to spit back it's private IP address when it asked, which it wouldn't, and so it got upset about the whole thing. this is not the first time I wondered how the darned thing was working in the first place.
Mail and DNS, they are like a divorced couple with kids - never to be separated no matter how hard you try.
Something else that was useful:
http://www.zimbra.com/forums/showthread.php?t=340
p.s. turned out the very big little issue was that named didn't start when the box rebooted. Started named, which was needed by zimbra to resolve the IP correctly, and life got better. Still kept the localhost entry in /etc/hosts because heaven knows why my coworker thought it was a good idea to take it out. Sheesh.
Reference: zimbra mail mysql mysql.server tomcat
Subscribe to:
Posts (Atom)