This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

All versions prior to those listed as updates for this issue are vulnerable to some degree.

My infected OS version is CentOS-6 and bash version 4.1.2

[root@host75 ~]# lsb_release -a
lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.4 (Final)
Release: 6.4
Codename: Final

[root@host75 ~]# bash --version
bash --version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Diagnostic Steps:

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

hmm, I got infected!

[root@host75 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If your system is vulnerable, update to the most recent version of the Bash package by running the following command:

$yum update bash

This fix my bash ??????

[root@host75 ~]# yum update bash
Loaded plugins: fastestmirror, security, tmprepo
Loading mirror speeds from cached hostfile
epel/metalink | 15 kB 00:00
* base: centos.eecs.wsu.edu
* epel: mirrors.kernel.org
* extras: centos.chi.host-engine.com
* updates: mirror.raystedman.net
base | 3.7 kB 00:00
epel | 4.4 kB 00:00
epel/primary_db | 6.3 MB 00:05
extras | 3.3 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 5.3 MB 00:04
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.1.2-14.el6 will be updated
---> Package bash.x86_64 0:4.1.2-15.el6_5.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================
Updating:
bash x86_64 4.1.2-15.el6_5.1 updates 905 k

Transaction Summary
================================================================================================================================================
Upgrade 1 Package(s)

Total download size: 905 k
Is this ok [y/N]: y
Downloading Packages:
bash-4.1.2-15.el6_5.1.x86_64.rpm | 905 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : bash-4.1.2-15.el6_5.1.x86_64 1/2
Cleanup : bash-4.1.2-14.el6.x86_64 2/2
Verifying : bash-4.1.2-15.el6_5.1.x86_64 1/2
Verifying : bash-4.1.2-14.el6.x86_64 2/2

Updated:
bash.x86_64 0:4.1.2-15.el6_5.1

Complete!

Test if update fixed to patch your bash

[root@host75 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

How does this impact systems:
This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

All versions prior to those listed as updates for this issue are vulnerable to some degree.

See the appropriate remediation article for specifics.

Functions written in Bash itself do not need to be changed, even if they are exported with “export -f”. Bash will transparently apply the appropriate naming when exporting, and reverse the process when importing function definitions.

Ref:
http://www.bbc.com/news/technology-29361794
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
https://access.redhat.com/articles/1200223
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html
https://rhn.redhat.com/errata/RHSA-2014-1306.html

(0) Comments    Read More   

Introduction-
To access virtual disks, a virtual machine uses virtual SCSI controllers. Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the VMFS datastore, NFS-based datastore, or on a raw disk. The choice of SCSI controller does not affect whether your virtual disk is an IDE or SCSI disk.

Following virtual SCSI controllers commonly used…

A) BusLogic
– This was one of the first emulated vSCSI controllers available in the VMware platform.
– No updates and considered as legacy or for backward compatibility…

B) LSI Logic Parallel
– This was the other emulated vSCSI controller available originally in the VMware platform.
– Most operating systems had a driver that supported a queue depth of 32 and it became a very common choice, if not the default
– Default for Windows 2003/Vista and Linux

C) LSI Logic SAS
– This is an evolution of the parallel driver to support a new future facing standard.
– It began to grown popularity when Microsoft required its use for MCSC within Windows 2008 ore newer.
– Default for Windows 2008 or newer
– Linux guests SCSI disk hotplug works better with LSI Logic SAS
– Personally I use this
D) VMware Paravirtual (aka PVSCSI)
– This vSCSI controller is virtualization aware and was been designed to support very high throughput with minimal processing cost and is therefore the most efficient driver.
– In the past, there were issues if it was used with virtual machines that didn’t do a lot of IOPS, but that was resolved in vSphere 4.1.

* PVSCSI and LSI Logic Parallel/SAS are essentially the same when it comes to overall performance capability.
* Total of 4 vSCSI adapters are supported per virtual machine.  To provide the best performance, one should also distribute virtual disk across as many vSCSI adapters as possible
* Why not IDE? – IDE adapter completes one command at a time while SCSI can queue commands. So SCSI adapter is better optimized for parallel performance. Also Maximum of 4 IDE Devices per VM (includes CDROM) but SCSI allows 60 devices.

Thank You,
Arun

(0) Comments    Read More   

Difference between (Extended) ext2/3 and ext4 File System

* Ext2
-It was introduced in 1993. Developed by Remy Card.
-ext2 stands for second extended file system.
-This was developed to overcome the limitation of the original ext file system.
-ext2 does not have journaling feature.
-ext2 is recommended for flash drives, usb drives etc
-Maximum individual file size can be from 16GB to 2TB (depends on block size)
-Overall ext2 FS size can be from 2TB to 32TB

* Ext3
-It was introduced in 2001. Developed by Stephen Tweedie.
-ext3 stands for third extended file system.
    -The main benefit of ext3 is that it allows journaling.
-Journaling has a dedicated area in the file system, where all the changes are tracked. When the system crashes,file system
corruption chances are less because of journaling.
-Maximum individual file size can be from 16GB to 2TB
-Overall ext3 FS size can be from 2TB to 32TB
-There are three types of journaling available in ext3 file system.
1) Journal – both Metadata and Content are saved in the journal.
2) Ordered – Only metadata is saved in the journal. Metadata are journaled only after writing the content to disk. This is the default.
3) Writeback – Only metadata is saved in the journal. Metadata might be journaled either before or after the
content is written to the disk.
    -You can convert a ext2 file system to ext3 file system directly (without backup/restore).

* Ext4
-It was introduced in 2008.
-Ext4 stands for fourth extended file system.
-Starting from Linux Kernel 2.6.19 ext4 was available.
-Maximum individual file size can be from 16 GB to 16TB
-Overall maximum ext4 FS size is 1024PB (petabyte), 1PB = 1024TB (terabyte)
-Directory can contain a maximum of 64,000 subdirectories (as opposed to 32,000 in ext3)
-You can also mount an existing ext3 FS as ext4 fs (without having to upgrade it)
    -ext4 default inode size is 256 bytes.(in ext3 inode size is 128 bytes)
-Several other new features are introduced in ext4: multiblock allocation, delayed allocation, journal checksum. fast fsck, etc. All you need to know is that these new features have improved the performance and reliability of the filesystem when compared to ext3
-In ext4, you also have the option of turning the journaling feature “off”.
-Faster file system checking as Unallocated blocks are skipped during FS checking
-Improved timestamps- Up to the nanosecond. Which will defer the year 2038 problem
-Online Defragmentation

What is Extents?
-Ext3 uses a block mapping scheme (block 4Kb), the bigger the file needs huge block mapping will lead to slower handling.
-Ext4 introduces the concept of Extents. An extent is basically a “Bunch of blocks”.
Basically it say “write the data is in the next N blocks ie extent” instead of mapping each individual block separately.
-Ext4 will support up to 128Mb extents,This improve performance and also help in reducing fragmentation.

Multiblock Allocation-
-Ext3 uses a block allocator that decides which free blocks will be used to write the data. But this allocator
can only allocate one block at a time.
-Ext4 will support multi-block allocation, which allocates many blocks in a single call and avoids a lot of overhead.

Thank you,
Arun Bagul

(1) Comment    Read More   
Feb
13
Posted on 13-02-2012
Filed Under (Debian & Ubuntu, UNIX/Linux) by Arun Bagul

Introduction –
Packages generally contain all of the files necessary to implement a set of related commands or features. There are two types of Debian packages:
1) Binary packages, which contain executables, configuration files, man/info pages, copyright information, and other documentation.
These packages are distributed in a Debian-specific archive format they are usually distinguished by having a ‘.deb’ file extension.
Binary packages can be unpacked using the Debian utility dpkg (possibly via a frontend like aptitude).

2) Source packages, which consist of a .dsc file describing the source package (including the names of the following files), a .orig.tar.gz file that contains the original unmodified source in gzip-compressed tar format and usually a .diff.gz file that contains the Debian-specific changes to the original source. The utility dpkg-source packs and unpacks Debian source archives.
Installation of software by the package system uses “dependencies” which are carefully designed by the package maintainers.  These dependencies are documented in the control file associated with each package.

Step 1) Please install few deb packages as pre-requirement –

arunb@laptop:~# apt-get install fakeroot build-essential

Step 2) Create directory where you will be putting your build data –

arunb@laptop:~# mkdir /var/create-deb-pkg/
arunb@laptop:~# chown arunb:arunb /var/create-deb-pkg/

Step 3) extract source and manually compile your software –

I compiled my software ie openlsm as shown below…

# cd /var/src/
tar xvfz openlsm-0.99-r51.tar.gz
cd openlsm-0.99-r51/
./configure –prefix=/usr/local/openlsm –with-mysql=/usr/bin/mysql_config –enable-internal-pcre –with-geoip=/usr –with-ldap=/usr
make
make install

Step 4) Create directory structure for creating deb package and copy build code/data –

arunb@laptop:~$ cd  /var/create-deb-pkg/

arunb@laptop:/var/create-deb-pkg$ mkdir openlsm-0.99-r51
arunb@laptop:/var/create-deb-pkg$ mkdir -p openlsm-0.99-r51/usr/local/
arunb@laptop:/var/create-deb-pkg$ mkdir openlsm-0.99-r51/DEBIAN/

** copying my build code here

arunb@laptop:/var/create-deb-pkg$ cp -fr /usr/local/openlsm/  openlsm-0.99-r51/usr/local/

arunb@laptop:/var/create-deb-pkg$ ll openlsm-0.99-r51/
drwxr-xr-x 2 arunb arunb 4096 2012-01-19 16:34 DEBIAN/
drwxr-xr-x 3 arunb arunb 4096 2012-01-19 16:31 usr/

Step 5) Define/Create deb package control files in DEBIAN directory –

arunb@laptop:/var/create-deb-pkg$ ll openlsm-0.99-r51/DEBIAN/
-rw-r–r– 1 arunb arunb   179 2012-01-19 16:34 changelog
-rw-r–r– 1 arunb arunb   139 2012-01-19 16:34 conffiles
-rw-r–r– 1 arunb arunb   419 2012-01-19 16:34 control
-rw-r–r– 1 arunb arunb 17696 2012-01-19 16:34 md5sums
-rwxr-xr-x 1 arunb arunb   535 2012-01-19 16:34 postinst
-rwxr-xr-x 1 arunb arunb   227 2012-01-19 16:34 postrm
-rwxr-xr-x 1 arunb arunb   303 2012-01-19 16:34 preinst
-rw-r–r– 1 arunb arunb     0 2012-01-19 16:34 rules

* DEBIAN/rules – file is empty

* DEBIAN/changelog file –

arunb@laptop:/var/create-deb-pkg$ cat openlsm-0.99-r51/DEBIAN/changelog
openlsm (0.99) stable; urgency=low

* openlsm web server for admin panel
+ 0.99 released – Jun 2009

— Arun Bagul <arunbagul@indiangnu.org>  Tue, 01 Jun 2009 01:31:52 -0530
arunb@laptop:/var/create-deb-pkg$

* DEBIAN/control file –

arunb@laptop:/var/create-deb-pkg$ cat openlsm-0.99-r51/DEBIAN/control
Package: openlsm
Version: 0.99-r51
Architecture: i386
Maintainer: Arun Bagul <arunbagul@indiangnu.org>
Provides: httpd, httpd-cgi
Section: httpd
Priority: optional
Homepage: http://openlsm.sourceforge.net/
Description: openlsm is web-based control panel for Unix/Linux systems
openlsm is web-based control panel for Unix/Linux systems
and Web Hosting! openlsm handles all aspects of administration in its interface.

* DEBIAN/postinst file (perform after installing package) –

arunb@laptop:/var/create-deb-pkg$
arunb@laptop:/var/create-deb-pkg$ cat openlsm-0.99-r51/DEBIAN/postinst
#!/bin/sh

set -e
SOFT=”openlsm”
echo “Copying pam.d/openlsm and init.d/openlsm file”
cp -fv /usr/local/${SOFT}/etc/pam.d/openlsm   /etc/pam.d/openlsm
cp -fv /usr/local/${SOFT}/etc/init.d/openlsm  /etc/init.d/openlsm
test -f /etc/init.d/openlsm && chmod 755 /etc/init.d/openlsm

update-rc.d openlsm defaults

echo “Changing permission of ‘/usr/local/openlsm/'”
chown openlsm:openlsm -R /usr/local/openlsm/
echo “Please run this cmd to generate Certificate for openlsm ~ ‘/usr/local/openlsm/bin/openlsm-create-certificate'”
exit 0

* DEBIAN/postrm file (take action before removing package) –

arunb@laptop:/var/create-deb-pkg$ cat openlsm-0.99-r51/DEBIAN/postrm
#! /bin/sh

set -e

echo “postrm step -”

update-rc.d -f openlsm remove
rm -vf /etc/init.d/openlsm /etc/pam.d/openlsm
echo “Deleting user & group – ‘openlsm’…”
userdel openlsm
getent group openlsm && groupdel openlsm

exit 0
arunb@laptop:/var/create-deb-pkg$

* DEBIAN/md5sums –

arunb@laptop:/var/create-deb-pkg$ head openlsm-0.99-r51/DEBIAN/md5sums
2129ba0e98dd77e8879e0912abe432a3  /usr/local/openlsm/sbin/openlsm-worker
a1dbdafadefd74bac29c8fd229dd1c01  /usr/local/openlsm/bin/openlsm-panic
e57e75853b52caf9569c922b7c404129  /usr/local/openlsm/bin/openlsm-tweak
..

arunb@laptop:/var/create-deb-pkg$

* DEBIAN/conffiles file –

arunb@laptop:/var/create-deb-pkg$ cat openlsm-0.99-r51/DEBIAN/conffiles
/usr/local/openlsm/etc/openlsm/openlsm.conf
/usr/local/openlsm/etc/openlsm/openlsm.conf.perf_sample
arunb@laptop:/var/create-deb-pkg$

Step 6) Create deb package now –

arunb@techops-i-arunb:/var/create-deb-pkg$ ls -l
drwxr-xr-x 4 arunb arunb 4096 2012-01-19 16:43 openlsm-0.99-r51

* creating deb package now…

arunb@techops-i-arunb:/var/create-deb-pkg$ fakeroot dpkg-deb –build openlsm-0.99-r51/
dpkg-deb: building package `openlsm’ in `openlsm-0.99-r51.deb’.

arunb@techops-i-arunb:/var/create-deb-pkg$ ls -l
drwxr-xr-x 4 arunb arunb    4096 2012-01-19 16:43 openlsm-0.99-r51
-rw-r–r– 1 arunb arunb 3491738 2012-01-19 16:52 openlsm-0.99-r51.deb

* rename your package if required like arch etc

arunb@techops-i-arunb:/var/create-deb-pkg$ mv openlsm-0.99-r51.deb openlsm-0.99-r51_i386.deb

arunb@techops-i-arunb:/var/create-deb-pkg$ ls -l
drwxr-xr-x  4 arunb arunb    4096 2012-01-19 16:43 openlsm-0.99-r51/
-rw-r–r–  1 arunb arunb 3491738 2012-01-19 16:52 openlsm-0.99-r51_i386.deb
arunb@techops-i-arunb:/var/create-deb-pkg$

* That’s it, enjoy Debian/Ubuntu!

Thank you,
Arun Bagul

(1) Comment    Read More   
Feb
06
Posted on 06-02-2012
Filed Under (Linux commands, Redhat & Fedora, UNIX/Linux) by Arun Bagul

Introduction –
Sometime to gain performance, physical ram can be used as disk space which is very fast compare to normal hard disk.
So, how I can use RAM is disk ? go through this steps.

Step 1) Create directory as shown below where you want to mount RAM as disk

root@arunbagul:~# mkdir -p /tmp/ram
root@arunbagul:~# ls /tmp/ram
root@arunbagul:~#

Step 2) mount RAM ie tmpfs at mount point “/tmp/ram” directory-

root@arunbagul:~#  mount -t tmpfs -o size=10M tmpfs /tmp/ram/

* check mounted on not ?

root@arunbagul:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
tmpfs                  10M     0   10M   0% /tmp/ram

** to mount this permanently add entry in /etc/fstab as shown below.

root@arunbagul:~#  cat /etc/fstab

….

tmpfs        /tmp/ram    tmpfs    defaults,size=10m    0    0

root@arunbagul:~#

– To mount this use mount command (this will mount all mount points mentioned in fstab)

root@arunbagul:~# mount -a

Thank you,
Arun Bagul

(0) Comments    Read More   
Aug
12
Posted on 12-08-2011
Filed Under (Nagios Monitoring, UNIX/Linux) by Arun Bagul

Introduction – We wrote perl script for Nagios daily and weekly Reporting. This script is parsing nagios.log for all alerts notification and generating nagios report in CSV format…

** How to use?

arunb@arunb:~$ perl /home/arunb/nagios-log-parsing.pl
* Usage: /home/arunb/nagios-log-parsing.pl { <nagios_log file>  [ –summary ] }
arunb@arunb:~$

** To Generate Daily Nagios Report –
arunb@arunb:~$ perl /home/arunb/nagios-log-parsing.pl  /usr/local/nagios/var/nagios.log
arunb@arunb:~$ perl /home/arunb/nagios-log-parsing.pl  /usr/local/nagios/var/nagios.log  –summary

arunb@arunb:~$ perl /home/arunb/nagios-log-parsing.pl  /usr/local/nagios/var/nagios.log  –summary  > /tmp/NAGIOS-daily.csv

** To Generate Weekly Nagios Report –

Add all weeks nagios.log files absolute path (per line) in file say “/tmp/nagios-logfile”

arunb@arunb:~$  for i in `cat /tmp/nagios-logfile`; do  perl /home/arunb/nagios-log-parsing.pl  $i; done | grep -v ^$ > /tmp/NAGIOS-weekly.csv

* Want to see the script ?

arunb@arunb:~$ cat /home/arunb/nagios-log-parsing.pl

#!/usr/bin/perl

my $file = $ARGV[0];
my $stime = 0;
my $htime = 0;
my ($s_alert,$h_alert ) = (undef,undef);

my $STATE_OK;
my $STATE_WARNING;
my $STATE_CRITICAL;
my $STATE_UNKNOWN;
my %STATE_COUNTER;
my %ALERT;

############################

if ($ARGV[0]) {
#my $file = "/usr/local/nagios/var/nagios.log";

open (MYFILE, "<$file" ) or die "Can;t open nagios file";
while(<MYFILE>) {
chomp;
my $line = $_;
##print "\n".$line;
#if ($line =~ m/[(.*)].*;(.*);(.*);(.*);.*/) {
#if ($line =~ m/\[(.*)\]\s+(HOST|SERVICE)\sNOTIFICATION:\s\w+;(.*);.*/) {
if ($line =~ m/\[(.*)\]\s+SERVICE\sNOTIFICATION:\s\w+;(.*);.*/) {
my $time = $1;
my $mydate = scalar(localtime($time));
my ($host,$service,$alert)  = split(';',$2);
#print "\nARUN=>$1 = $host,$service,$alert";
if ($s_alert eq $service) {
my $time_diff = $time - $stime;
if ($time_diff > 600 ) {
if ($alert ne "OK") {
if (exists $ALERT{"$service"}) { $ALERT{"$service"} = $ALERT{"$service"} + 1;}
else { $ALERT{"$service"} = 1 ; }
$STATE_COUNTER{"$alert"} = $STATE_COUNTER{"$alert"} + 1;
print "\n$mydate [$time],$host,$service,$alert";
}
}
} else {
if ($alert ne "OK") {
if (exists $ALERT{"$service"}) { $ALERT{"$service"} = $ALERT{"$service"} + 1;}
else { $ALERT{"$service"} = 1 ; }
$STATE_COUNTER{"$alert"} = $STATE_COUNTER{"$alert"} + 1;
print "\n$mydate [$time],$host,$service,$alert";
}
}
$stime = $time;
$s_alert = $service;

} elsif ($line =~ m/\[(.*)\]\s+HOST\sNOTIFICATION:\s\w+;(.*);.*/) {
my $time = $1;
my $mydate = scalar(localtime($time));
my ($host,$hdown,$alert)  = split(';',$2);
#print "\nARUN=>$1 = $host,$hdown";
if ($hdown eq "DOWN") {
if ($h_alert eq $host) {
my $time_diff = $time - $htime;
if ($time_diff > 600 ) {
$STATE_COUNTER{"$hdown"} = $STATE_COUNTER{"$hdown"} + 1;
print "\n$mydate [$time],$host,$hdown";
}
} else {
$STATE_COUNTER{"$hdown"} = $STATE_COUNTER{"$hdown"} + 1;
print "\n$mydate [$time],$host,$hdown";
}
}
$htime = $time;
$h_alert = $host;
}
}
## summary
my $total_counter = 0;
my $total_service = keys(%ALERT);
if ($ARGV[1] eq "--summary") {
print "\n\n"."-" x 20;
print "\nSummary Report\n";
print "-" x 20 . "\n";
print "\nAlert_Type,Total_Count";
while (my ($key,$value)=  each(%STATE_COUNTER)) {  print "\n$key,$value"; }
print "\n\nService_Name,Total_Count";
while (my ($key,$value)=  each(%ALERT)) { print "\n$key,$value"; $total_counter = $total_counter + $value; }
print "\n\nTotal Alerts = $total_counter";
print "\nTotal Service Failed = $total_service";
}

} else { print " * Usage: $0 { <nagios_log file>  [ --summary ] }";}

#end
print "\n";

** To download the script “http://www.indiangnu.org/wp-content/uploads/2011/nagios-log-parsing-pl.txt

Thank You,
Arun Bagul

(1) Comment    Read More   

Steps needed to create LUN and to make accessible by windows ISCSI initiators.

  • mohit_netapp02*> lun setup

This setup will take you through the steps needed to create LUNs
and to make them accessible by initiators. You can type ^C (Control-C)
at any time to abort the setup and no unconfirmed changes will be made
to the system.

  • Do you want to create a LUN? [y]: y
  • Multiprotocol type of LUN (solaris/windows/hpux/aix/linux/netware/vmware/windows_gpt)[linux]: windows

A LUN path must be absolute. A LUN can only reside in a volume or
qtree root. For example, to create a LUN with name “lun0” in the
qtree root /vol/vol1/q0, specify the path as “/vol/vol1/q0/lun0”.

  • Enter LUN path: /vol/test_vol/test_lun0

A LUN can be created with or without space reservations being enabled.
Space reservation guarantees that data writes to that LUN will never
fail.

  • Do you want the LUN to be space reserved? [y]: Object action: admin.util.true

Size for a LUN is specified in bytes. You can use single-character
multiplier suffixes: b(sectors), k(KB), m(MB), g(GB) or t(TB).

  • Enter LUN size: 55g

You can add a comment string to describe the contents of the LUN.
Please type a string (without quotes), or hit ENTER if you don’t
want to supply a comment.

  • Enter comment string:

The LUN will be accessible to an initiator group. You can use an
existing group name, or supply a new name to create a new initiator
group. Enter ‘?’ to see existing initiator group names.

  • Name of initiator group [windows]: Test_windows

Type of initiator group Test_windows (FCP/iSCSI) [iSCSI]: iSCSI
An iSCSI initiator group is a collection of initiator node names.Each
node name can begin with either ‘eui.’ or ‘iqn.’ and should be in the
following formats: eui.{EUI-64 address} or iqn.yyyy-mm.{reversed domain
name}:{optional string composed of alphanumeric characters, ‘-‘, ‘.’
and ‘:’}
Eg: iqn.2001-04.com.acme:storage.tape.sys1.xyz or eui.02004567A425678D
You can separate node names by commas. Enter ‘?’ to display a list of
connected initiators. Hit ENTER when you are done adding node names to
this group.

  • Enter comma separated nodenames: ?

Initiators connected on adapter ism_sw1:
iSCSI Initiator Name                  Group
iqn.1991-05.com.microsoft:appoms2   windows
iqn.1991-05.com.microsoft:colodc1.projecty.com   windows
iqn.1991-05.com.microsoft:appoff1
Enter comma separated nodenames: iqn.1991-05.com.microsoft:appoms2
Enter comma separated nodenames:
The initiator group has an associated OS type. The following are
currently supported: solaris, windows, hpux, aix, linux, netware
or vmware.

  • OS type of initiator group “Test_windows” [windows]: windows

The LUN will be accessible to all the initiators in the
initiator group. Enter ‘?’ to display LUNs already in use
by one or more initiators in group “Test_windows”.

  • LUN ID at which initiator group “Test_windows” sees “/vol/test_vol/test_lun0” [0]: 1

LUN 1 is already mapped to by initiator iqn.1991-05.com.microsoft:appoms2
in group windows
LUN ID at which initiator group “Test_windows” sees “/vol/test_vol/test_lun0” [0]: 2
LUN Path                : /vol/test_vol/test_lun0
OS Type                 : windows
Size                    : 55.0g (59057510400)
Initiator Group         : Test_windows
Initiator Group Type    : iSCSI
Initiator Group Members : iqn.1991-05.com.microsoft:appoms2
Mapped to LUN-ID        : 2

  • Do you want to accept this configuration? [y]: y
  • Do you want to create another LUN? [n]: n
  • mohit_netapp02*> lun showq

lun: unrecognized command “showq”
The following commands are available; for more information
type “lun help <command>”
aluadb              destroy             move                set
attribute           df                  offline             setup
clone               geometry            online              share
comment             help                rescan              show
config              hist                resize              snap
config_check        map                 select              stats
create              maxsize             serial              unmap
dbedit

  • mohit_netapp02*> lun show

/vol/bod_iscsi/asm1            5g (5368709120)    (r/w, online, mapped)
/vol/mohitsnap/lun0         502.0g (539019048960)  (r/w, online, mapped)
/vol/test_vol/test_lun0     55.0g (59057510400)   (r/w, online, mapped)

 

 

Maximum LUN resize limits on NetApp

Be aware there are some limits to resize the Netapp size. Due to the geometry of the LUN at the time it was created it can only be resized to a maximum of ~10 times the original size of the LUN.

One way to see this is at the command line, for the command to be available you need to run ‘priv set diag‘ and then you will have access to the ‘lun geometry‘ command. From there you can see the LUN size as well as the maximum LUN size that is available.

 

Here is a table of some of the results:

LUN Size Maximum Resize
< 50g 502g
51-100g 1004g
101-150g 1506g
151-200g 2008g
201-251g 2510g
252-301g 3012g
302-351g 3514g
352-401g 4016g

etc..

(1) Comment    Read More   

Hello Everyone,
In day to day System Admin activities many times, you stuck to connect to any remote server, due to non-supporting timeout setting, here is the perfect solution for that ‘hatools’ – Thanks ‘MARKUS WINAND’, You can find this tool at http://www.fatalmind.com/software/hatools/

This tool will help you to manage your application and code with the specific timeout and lock, and you will be assure and go for sleep  😀

Download hatools from www.fatalmind.com (http://www.fatalmind.com/software/hatools/hatools-2.14.tar.bz2)

[root@testbed ~]# wget http://www.fatalmind.com/software/hatools/hatools-2.14.tar.bz2

[root@testbed ~]# tar xjvf hatools-2.14.tar.bz2 && cd hatools-2.14

The installation should be very seamless by just doing (Find the doc ‘README’)

[root@testbed hatools-2.14]# ./configure
[root@testbed hatools-2.14]#  make && make install

Now test the hatimerun command

[root@testbed ~]# hatimerun -h
usage: hatimerun [-a] [-e exitcode] [-k signame] -t secs command [args]
hatimerun [-l|-h|-?]
Options:
-a           Async mode. Starts hatimerun in the background
-e exitcode  Changes the exitcode returned by hatimerun on fail
-k signame   Specifies the signal witch will be sent to the process group
if a timeout occures
-t secs      Specifies the timeout in seconds
-l           Print list of available signals on this platform and exit.

Version:
V2.00
Copyright (c) 2001,2003,2005-2007 by Markus Winand <mws@fatalmind.com>
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

[root@testbed ~]# hatimerun -k TERM -t 15 -t 1 ssh testbed140 uptime
04:36:23 up  3:24,  0 users,  load average: 0.51, 0.40, 0.31

Check with wrong or any ssh port blocked server and get timeout watch. 🙂

Here I am written small script for testing purpose, you can change and use as you want.

#!/bin/bash

# if you want to check and debug , run this script in following way
# bash -x script name <servername> <cmd>

server=$1  # server name or IP
cmd=$2   # command
sec=15      #Timeout seconds change as per your need

test -z $server && echo “server not found ” && echo “Usage: $0 {servername} {command}” && exit 1
test -z $cmd &&  echo “command not found ” && echo “Usage: $0 {servername} {command}” && exit 1
echo “connecting to $server, timewait set for connection is $sec Sec…….”

hatimerun -k TERM -t $sec -t 1 ssh $server $cmd
if [ $? != 0 ] ; then
echo “$server connection timeout …”
fi

 

 

-Ravi

(0) Comments    Read More   

Yesterday, I experienced very strange problem, that comes first time (for me), so checked things with apache and modules as diff way, but at the end got it fixed with the help of apache wiki 🙂  Thanks to make it perfect !!

There was something bad going with the apache and I was trying to fix it, as I need to restart it to first fix, but It can’t started, just popup message “[FAILED]”, surprised, ran twice to start it, then checked the error logs for debugging it and found the new error logged into messages.

[Thu Mar 10 00:58:59 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Mar 10 00:58:59 2011] [error] (28)No space left on device: Cannot create SSLMutex
Configuration Failed

I found the page where all the related errors are listed by Apache http://wiki.apache.org/httpd/Logs , this helps me to fix this error.

“This error indicates that the server has run out of available slots for “inter-process communication“. This can occur when a process crashes before cleaning up after itself.The ipcs command will list semaphores and shared memory slots in use. If there is a large number of entries in use by the apache user use ipcrm to remove them. Then, check your server’s error log (possibly with LogLevel debug set) to figure out why it’s crashing, or see: http://httpd.apache.org/dev/debugging.html

[root@testbed ~]# ipcs -s |grep apacheuser
—— Semaphore Arrays ——–
key        semid      owner      perms      nsems
0x00000000 26836992   apacheuser 600        1
0x00000000 26902529   apacheuser 600        1
0x00000000 26935298   apacheuser 600        1
0x00000000 27361283   apacheuser 600        1
0x00000000 27426820   apacheuser 600        1
0x00000000 27459589   apacheuser 600        1
0x00000000 22937608   apacheuser 600        1
0x00000000 23003145   apacheuser 600        1
0x00000000 23035914   apacheuser 600        1
0x00000000 33456140   apacheuser 600        1
0x00000000 34308109   apacheuser 600        1
0x00000000 34340878   apacheuser 600        1
0x00000000 48791567   apacheuser 600        1
0x00000000 49053712   apacheuser 600        1
0x00000000 49086481   apacheuser 600        1

[root@testbed ~]# ipcs -s |grep apacheuser | awk ‘{print $2}’
26836992
26902529
26935298
27361283
27426820
27459589
22937608
23003145
23035914
33456140
34308109
34340878
48791567
49053712
49086481

[root@testbed ~]# ipcs -s |grep apacheuser | awk ‘{print $2}’| xargs ipcrm sem
resource(s) deleted

[root@testbed ~]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]

Ref:
http://wiki.apache.org/httpd/Logs
http://wiki.apache.org/httpd/IPCExhaustion

-Ravi

(0) Comments    Read More   

Hello Guy’s,

Every System Admin and technical person who is working or doing any kind of High Availability stuff, He really needs bench marking to check and verify system health under development, here I am very beginner in this kind of system benchmarking to know how server/CPU/memory and network reacts when doing this and given load (purposely) on system to use or run the service or process. I will explain how I have done this in the part -2 😉

Memory Util

 

CPU Util

 

-Ravi

(1) Comment    Read More   

www.flickr.com
arunbagul's photos More of arunbagul's photos
Get Adobe Flash player
-->