Techhell

Change Hostname on Linux box

When I kick start a server I wind up with a bit of clean up to do, change hostnames, reset ip’s, move to vlan’s, link to nfs share, or setup db access. For a s*lar*s box this is easy, for some flavors of linux it can be a bit annoying.

Normally one will set the hostname of a system during the installation process. It is important to see on each one of the ssh screens I will have open at any time a different hostname that is relevant and will give me quickly the information on what system I am logged in.

Change the hostname on a running system

On any Linux system you can change its hostname with the command ‘hostname‘

Here are some quick usages of the command line hostname:

hostname

without any parameter it will output the current hostname of the system.

hostname –fqd

it will output the fully qualified domain name (or FQDN) of the system.

hostname NEW_NAME

will set the hostname of the system to NEW_NAME. This is active right away and will remain like that until the system will be rebooted (because at system boot it will set this from some particular file configurations – see bellow how to set this permanently). You will most probably need to exit the current shell in order to see the change in your shell prompt.

Permanent hostname change on Debian based systems

Debian based systems use the file /etc/hostname to read the hostname of the system at boot time and set it up using the init script /etc/init.d/hostname.sh

/etc/hostname

So on a Debian based system we can edit the file /etc/hostname and change the name of the system and then run:

/etc/init.d/hostname.sh start

to make the change active. The hostname saved in this file (/etc/hostname) will be preserved on system reboot (and will be set using the same script we used hostname.sh).

Permanent hostname change on RedHat based systems

RedHat based system use the file /etc/sysconfig/network to read the saved hostname at system boot. This is set using the init script /etc/rc.d/rc.sysinit

/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=”hostname.domainname.tla”
GATEWAY=”192.168.1.1″
FORWARD_IPV4=”yes”

So in order to preserve your change on system reboot edit this file and enter the appropriate name using the HOSTNAME variable.

PXE + TFTP + Kickstart = Jumpstart

Spoken Prior:

In a the badwolf cluster project I need to build a kickstart server to automate the deployment of new servers that wil be needed. The key to making this project function will be keeping the build identical, and the only way to do that is with an automated build.

Being a “legacy Sun / Solaris guy”, (Thanks Oracle), I have had many years with jump start and automated installs of specific images, now I get to find or build that functionality in Cento

I’ve chosen a simple kickstart server installing over HTTP. The most difficult part will be writing the custom scripts to execute after installation. We will however be using a “LiveCD” to start the install process

Really the next step is to sort out the Linux / Centos equivalent of DHCP, and automate the install start up process.

Again I will say, This little project was actually quiet easy, (thanks to Damian Tommasino @ the Security Nut Blog.)

From my last little experiment I have a working kickstart server, with a working disk partition and initial software load for a xen dom0 build.
To review the install web server directory structure :
Read the rest of this entry »

Centos Kick Start Server for Bad Wolf Cluster…

In a the badwolf cluster project I need to build a kickstart server to automate the deployment of new servers that wil be needed. The key to making this project function will be keeping the build identical, and the only way to do that is with an automated build.

Being a “legacy Sun / Solaris guy”, (Thanks Oracle), I have had many years with jump start and automated installs of specific images, now I get to find or build that functionality in Cento

I’ve chosen a simple kickstart server installing over HTTP. This little project was actually quiet easy, (thanks to Damian Tommasino @ the Security Nut Blog). The most difficult part will be writing the custom scripts to execute after installation. We will however be using a “LiveCD” to start the install process

Read the rest of this entry »

Strange Experiments in Storage Space – OpenFiler

Openfiler, also come highly recommended by a number of friends.

There is no “commercial” or “enterprise” version, one can by a pre-install on a usb key or one can buy a support incident, one can even buy a nicely printed Administrator’s guide, but one can not buy the software. One does download it, and I did, all 328mb of the X86-64 .iso. And it downloaded quite snappyly …

Hardware requirements, (I do learn eventually):

• 64-bit 1.6GHz or higher performance processor

(I have 8 ea @ 2.8GHz)

• 2GB or higher of RAM

(I have 16GB)

• 2GB disk space for memory swap area

(I have a mirrored 73gb 15K disk, and will set up 16GB Swap)

• 8GB disk space for Openfiler OS installation

(I have a mirrored 73gb 15K disk)

• 1Gb Ethernet network interface

(8 Each)

• Separate storage volumes/disks for data export

(32x750GB-FC)

• Supported Disk Controller

(two Qlogic 2310F’s)

• Hardware RAID controller

(I do hope that software raid thingy works)

• CDROM / DVD for local installs

(DVD)

The install was fairly painless, the most complicated was dealing with my base hardware to set up the hardware mirroring for the OS disk(s). Partitioning for the OS disk(s) is performed by way of disk druid, if one examines the “How-To-Install“, this becomes easy enough that a S*l*r*i*s admin can do it.
Read the rest of this entry »

Strange Experiments in Storage Space – Nexenta Build

Nexenta comes highly recommended by some good friends, and by some clients who have used it in production environments.

I’ll try the community version, as I am looking to “open source” and “community software” to use in support of the various not-for-profits this cloud and storage environment will hold / support. I.E. Community projects SHOULD be able to make use of “community software” with out a lot of begging and pleading to get license keys, serial numbers, special dispensation from sales, marketing and who knows …

My first impression is that this thing is rather large ~600mb, but then again it is a full Unix kernel, and userland. (I DO WISH they had bandwidth. And no ours is not clogged, I just downloaded visio stencils @ ~225kps.)

While I am waiting, I’ll do a photo gallery of the test rig. Note some of these photos are rather large so be warned.

[Show as slideshow]

[View with PicLens]

On my first attempt with the Nexenta Core 3.0 package, the install was terminated as there were no drivers for my Saturn 10/100/1000 network cards, (while rather surprising as these are SUN cards and the core of this is Open Solaris 5.11, I can accept this), but the real kicker is that the QLA2312 cards have no drivers as well.

On the plus side the installer ran quite nicely, without a lot of attention.

I’ll try to download the community edition, and install that.

After reviewing the Hardware compatibility list, I see that I am probably just wasting my time as there is support for 1 fiber HBA, and a sparse handful of high end network cards. But since I have already wasted the bulk of the evening in setting up for this test, I’ll go ahead and drop the community edition onto my test platform and see if it will actually install.

I really can not be upset as I did not read the HCL, but I am disappointed as this was the most complete and professional looking of the packages I’ve examined and it just will not work for me.

I am quite sure, I’ve missed some trick, or failed to read some release note, or apply some update. When I have a chance I’ll come back and look at all those, but in the mean time I really must move forward as I need to get this portion of the overall project set and start actually building out the cloud.

For those who wish to share their thoughts, register and leave comments.

Strange Experiments in Storage Space

As the great BadWolf I.T. infrastructure upheaval continues, one must consider the repository of all things. Storage.

How do we make more efficient use of it, achieve rapid deployment, provide for resizing, replication, data dedup

Storage virtualization is a concept in IT System Administration, referring to the abstraction (separation) of logical storage from physical storage so that it may be accessed without regard to physical storage or heterogeneous structure. This separation allows the Systems Admin increased flexibility in how they manage storage for physical servers and virtualized systems.

Given that I have a collection of storage systems, 4 fiber channel array ranks, (16x750gb), and several healthy servers, (4×2.8ghzx2 with 16gb Ram), I suspect one could just load one of the various S*l*r*s, (pardon I do not know when Oracle will start charging to use the name of the former OS from S*N), based os’s and create ZFS pools to export as nfs/cfis / iSCSI, but I am looking to provide a bit more flexibility in this, as well as a disk, rank, and server level redundancy. Consider the old IBM level 4 redundancy, where there are no single points of failure.

In looking at the number of “open source”, one must examine these things very closely now, and “community edition” packages available, three really stick in my mind, Nexenta, FreeNas, and Openfiler.

All of these come highly recommended by associates whose options I respect. One supposes that I will need to build and test each one to find the various strengths and weaknesses of each.

Items that I should be looking for :

• File based volume support, (CIFS, NFS, AFS)
• Block based volume support, (iSCSI)
• Replication
• Multi-Pathing
• Clustering
• Security / Authentication
• Raid (Sw/Hw Support)
• Caching
• Management
• Snapshots
• Quotas
• Virtual Machine Support
• Support for multiple Fiber Interfaces
• Support for multiple NIC’s

(Before anyone asks: Support for multiple = Support for the gear I have in-house)

One can register and leave comments as to other items to consider as well. Do expect to see notes on builds and tests and other forms of techno-fumbling as this progresses…

A layout of the testing network is as below:

A larger version is here…

Add a little Fiber

Some very basics for adding a device to a SAN Fabric. In this case I’m adding a server to a SAN via a Brocade Silkworm.

But first some basic Terminology…

HBA – Host Bus Adapter, which in this case, refers to the Fibre Channel Card. In LAN networking, it’s analogous to an Ethernet card.
WWN – World Wide Name, a unique 8-byte number identifying the HBA. In Ethernet networking, it’s analogous to the MAC address.
FC Zone – Fibre Channel Zone, a partitioned subset of the fabric. Members of a zone are allowed to communicate with each other, but devices are not allowed to communicate across zones. An FC Zone is loosely analogous to a VLAN.

Zones:

In storage networking, Fibre Channel zoning is the partitioning of a Fibre Channel fabric into smaller subsets to restrict interference, add security, and to simplify management. While a SAN makes available several virtual disks (LUNs), each system connected to the SAN should only be allowed access to a controlled subset of the LUNs. Zoning applies only to the switched fabric topology (FC-SW), it does not exist in simpler Fibre Channel topologies.

Types Of Zones:

There are two main methods of zoning, the two methods being hard and soft, that combine with two sets of attributes, name and port.

Soft and Hard zoning

The fabric name service allows each device to query the addresses of all other devices. Soft zoning restricts only the fabric name service, to show only an allowed subset of devices. Therefore, when a server looks at the content of the fabric, it will only see the devices it is allowed to see. However, any server can still attempt to contact any device on the network by address. In this way, soft zoning is similar to the computing concept of security through obscurity.

In contrast, hard zoning restricts actual communication across a fabric. This requires efficient hardware implementation (frame filtering) in the fabric switches, but is much more secure.

Port and WWN zoning

Zoning can also be applied to either switch ports or end-station names. Port zoning restricts specific switch ports from seeing unauthorized ports. WWN zoning (also called name zoning) restricts access by a device’s World Wide Name (WWN). With port zoning, even when a device is unplugged from a switch port and a different one is plugged in, the new device has access to the zone instead of the old one – i.e. the fact that a device’s WWN changed is ignored. With WWN zoning, when a device is unplugged from a switch port and plugged into a different port (perhaps on a different switch) it still has access to the zone, because the switches check only a device’s WWN – i.e. the specific port that a device connects to is ignored. This is more flexible, but WWNs can be easily spoofed, reducing security.

Currently, the combination of hard and WWN zoning is the most popular.

Read the rest of this entry »

NTP on Solaris 10

For a NTP server …

cp /etc/inet/ntp.server /etc/inet/ntp.conf

Replace the server lines  with

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org

touch /var/ntp/ntp.drift
svcadm enable svc:/network/ntp

For a client :

cp /etc/inet/ntp.client /etc/inet/ntp.conf
svcadm enable svc:/network/ntp

To test:
# ntpq -p
# svcs ntp

3Com Vlan to Vlan Routing / ACL’s

system-view – to enter system-view
interface vlan-interface X – to change into the VLAN to interface
ip address X.X.X.X X.X.X.X – To assign an IP address with subnet mask.

The corresponding static routes were automatically created for the VLAN interface which can be checked using.

display ip routing-table

Then I had to add routes for the subnets on my VLANs.

Finally I set up an advanced ACL filter to block the new VLANs from accessing anything on my primary VLAN 1.

from system-view
acl number (ACL # – 3000 range) match-order config
rule deny IP source X.X.X.X(Address of source) X.X.X.X(Wildcard of source) destination X.X.X.X(Address of destination) X.X.X.X(Wildcard of destination) time-range allday(My named time range.)  - This blocks the entire subnet on VLAN 1 from being access from the subnet on VLAN 3.

Then create rules to unblock specific IPs for access from the VLAN 3 subnet which are on the VLAN 1 subnet.

rule permit IP source X.X.X.X(Address of source) X.X.X.X(Wildcard of source) destination X.X.X.X(Address of destination) 0.0.0.0(Wildcard of destination 0.0.0.0 signifies a host IP) time-range allday(My named time range.)  - This allows access from the VLAN 3 subnet to one specific IP on the other subnet in my first case the Internet router(default gateway of the other subnet.)

Then I repeated that for the other few IPs that I needed to open access up for.

Finally I applied the new ACL as a packet-filter from the system view.

So quit back out the system-view.

Type
packet-filter vlan X(Mine is 3) inbound ip-group (ACL # – mine is 3000)

Can   test this and if there are problems or you need to make changes you can use the undo command in from of it to remove it.

We need to ingnore stp. and all units must have point to the vlan interface as a gateway

System Password Recovery from mirrored disks

Root password recovery from mirrored (disk suite/lvm/slvm/what ever sun marketing wants to call it today) disks

Root metadevice is D10, made up of D11 (c1t0d0s0) and D12 (c1t1d0s0).

1) boot off Solaris 10 CD into single user mode
2) mount /dev/dsk/c1t0d0s0 /a
3) cd /a/etc
4) vi shadow and remove the encrypted password
5) cd /, then umount /a
6) dd if=/dev/rdsk/c1t0d0s2 of=/dev/rdsk/c1t1d0s2 bs=512k
7) reboot (from the root disk metadevice)