Thursday, October 28, 2010

Rsync Explained !!!!

Rsync is a free software computer program for Unix and Linux like systems which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate.

How do I install rsync?

Use any one of the following commands to install rsync.

If you are using Debian or Ubuntu Linux, type the following command

# apt-get install rsync
OR
$ sudo apt-get install rsync

Always use rsync over ssh

Since rsync does not provide any security while transferring data it is recommended that you use rsync over ssh . This allows a secure remote connection. Now let us see some examples of rsync.

rsync command common options

  • --delete : delete files that don't exist on sender (system)
  • -v : Verbose (try -vv for more detailed information)
  • -e "ssh options" : specify the ssh as remote shell
  • -a : archive mode
  • -r : recurse into directories
  • -z : compress file data

Task : Copy file from a local computer to a remote server

Copy file from /www/backup.tar.gz to a remote server called openbsd.nixcraft.in
$ rsync -v -e ssh /www/backup.tar.gz jerry@openbsd.nixcraft.in:~Output:
Password:
sent 19099 bytes  received 36 bytes  1093.43 bytes/sec
total size is 19014  speedup is 0.99
Please note that symbol ~ indicate the users home directory (/home/jerry).


Task : Copy file from a remote server to a local computer

Copy file /home/jerry/webroot.txt from a remote server openbsd.nixcraft.in to a local computer /tmp directory:
$ rsync -v -e ssh jerry@openbsd.nixcraft.in:~/webroot.txt /tmp
Password

Task: Synchronize a local directory with a remote directory

$ rsync -r -a -v -e "ssh -l jerry" --delete openbsd.nixcraft.in:/webroot/ /local/webroot

Task: Synchronize a remote directory with a local directory

$ rsync -r -a -v -e "ssh -l jerry" --delete /local/webroot openbsd.nixcraft.in:/webroot 

Task: Synchronize a local directory with a remote rsync server

$ rsync -r -a -v --delete rsync://rsync.nixcraft.in/cvs /home/cvs

Task: Mirror a directory between my "old" and "new" web server/ftp

You can mirror a directory between my "old" (my.old.server.com) and "new" web server with the command (assuming that ssh keys are set for password less authentication)
$ rsync -zavrR --delete --links --rsh="ssh -l vivek" my.old.server.com:/home/lighttpd /home/lighttpd

Tuesday, August 3, 2010

How do I set-up Red Hat Cluster Suite 4?


First install all of the required packages for Red Hat Cluster Suite 4.  Once all Cluster Suite packages are installed, execute the following command to launch the cluster configuration interface:

system-config-cluster
This tool provides the capability to configure the cluster members, fencing, resources and services for this cluster.
First, configure the cluster nodes. Click on the Cluster Nodes label. A button will show up in the bottom right hand corner that says Add a Cluster Node (Figure 1). Click on this button. Add the hostname for the cluster nodes. Use the output from uname -n on the nodes for the member names. Give each node 1 quorum vote, unless there is a large system that needs to be weighted more (Figure 2).

Fencing set-up. Fencing is what reboots the nodes if there is a failure. This is absolutely required in Red Hat Cluster Suite 4, since fencing keeps data corruption from happening. First, there must be a power switch that the nodes are plugged into. Click on the Fence Devices label and then click on the Add a Fence Device button in the bottom right hand corner of the interface. Select the make of the power switch and enter the power switch specific information here (Figure 3). Once this is complete the host specific fencing information can be configured.

Select the individual nodes under the Cluster Nodes label. Click the Manage Fencing For This Node button to bring up the fencing configuration dialog (Figure 4). Click on the Add a New Fence Level button. This will create Fence-Level-1. Click on the Fence-Level-1 label and then click the Add a New Fence to this Level button. Select the fence device that was configured in the previous step. Enter any node specific information, such as which power socket this node is plugged into, then click OK (Figure 5).


Services set-up. First, add resources. The available resources are:
  • GFS – This is a Global File System resource, create this if you are mounting a GFS file system
  • File System – The shared partition the service’s data will be on
  • IP Address – The IP address that clients will connect to the service through
  • NFS Mount – Use this option if there is no shared storage and instead the system is using an NFS mount for the service’s shared data
  • Script – This is the init scrip that will control the service
Note: There are other NFS options, but they will be changing as of Red Hat Enterprise Linux 4 Update 3, so they will not be described here.
A service will generally use a few of the above resources, not all. For example, if I were to setup Apache as a service, I would first create an IP address resource for the clients to connect to, then a Script resource that would point to /etc/init.d/httpd and then a File System that would point to my shared storage where the web pages are held. The File System resource could in this case be replaced with an NFS mount of the web page. Once the resources are created, you would want to create a service and add the resources to that service. You can do this by clicking on the Orange Services label, and then clicking the Create a Service button.
Once you are satisfied with your configuration, navigate to the File->Save option in the menu. This will save the configuration in /etc/cluster/cluster.conf. In case something else is wrong that may have missed, it is best to use scp to copy the configuration over to the other nodes in the cluster when the cluster is initially set-up. Once this is complete, start the cluster services with the following commands:





service ccsd start

service cman start

service fence start

service rgmanager start

If there are problems with this step, ensure any firewalls are off and all of the nodes can ping each other.

Ubuntu 10.10 Maverick Meerkat schedule changed !!



The release schedule of Ubuntu 10.10 Maverick Meerkat has changed again.
As per Ubuntu official website, the following dates has been finalized:
Alpha 1 -> June 3rd 2010
Alpha 2 -> July 1st 2010
Alpha 3 -> August 5th 2010
Beta -> September 2nd 2010
Release candidate -> October 1st 2010
Final Release(GA) -> October 10th 2010

Source:https://wiki.ubuntu.com/MaverickReleaseSchedule

Monday, August 2, 2010

Fedora 14 Release Schedule Finalized !!

Fedora 14 “Laughlin” is scheduled to be released in late October or early-to-mid November. The first alpha release of Red Hat’s Fedora 14 is expected in mid-August. Fedora 14 is expected to ship with X.Org Server 1.9, GCC 4.5, and offer many other package updates and new features.
2010-05-25     Fedora 13 Release
2010-07-13     Feature Submission Deadline
2010-07-27     Feature Freeze–Planning & Development Ends
2010-07-27     Branch Fedora 14 from Rawhide
2010-08-03     Software String Freeze
2010-08-03     Alpha Change Deadline
2010-08-17    Alpha Release
2010-08-31     Software Translation Deadline
2010-09-07     Beta Change Deadline
2010-09-21     Beta Release
2010-10-11     Final Change Deadline
2010-10-12     Compose Release Candidate
2010-10-26     Fedora 14 Final Release

Thursday, May 27, 2010

How to access ILOM from within Linux Host ?

1) Check for below packages
#rpm -q hpasm
#rpm -q hprsm
#rpm -q hponcfg

if they are not installed follow below instructions to install those packages

Install latest version of
hpasm, hprsm and hponcfg packages from below hp web url for specified model and OS version

http://h18000.www1.hp.com/support/files/server/us/index.html


3)Then start hpasm service followed by hprsm.

#servce hpasm start
#service hprsm start
#hponcfg -?
if it throws any firmware related error
then download latest firmware (ILO online firmware) from above link
#sh


wait for 2 minutes to get ILO reset

4)Then execute below command to view the ILO configuration

#hponcfg -w /tmp/ilo -l /tmp/ilo_log

#cat /tmp/ilo output contains ILO configuration

5)To add user to the ILO.

#hponcfg -f add_user.xml -l /tmp/ilo_log

Below is the add_user.xml customized script. keep this script in current working directory


















Below is the command for to change the network parameters
#hponcfg -f network_mod.xml -l /tmp/ilo_log

Below is the network_mod.xml customized script. keep this script in current working directory and change the
ipaddress, netmask,gateway,speed and duplex parameters in the below script as per your requirement.





Note:In HP web site u will get ILO driver for ESX and Linux for each server model.

Install it and run following commands to see the ILO IP of the machine. No need of reboot.

#hponcfg -w /tmp/ilo -l /tmp/ilo_log
#cat /tmp/ilo

Tuesday, April 20, 2010

Fedora 13 Beta Released Last Week !!

Anyone who gave a try to the new Fedora 13 Beta.
Few new features which I appreciate:

1. NetworkManager Command Line
2.Enhanced NFS Client IPv6
3.System Rollback With Btrfs
4.Zarafa - Zarafa Outlook Sharing is a Microsoft Exchange replacement

Sunday, April 18, 2010

Installing Mac Fonts on Ubuntu 10.04

Installing the fonts:

1. From the Linux terminal, download Mac fonts with this command:

$ wget http://ubuntu-debs.googlecode.com/files/macfonts.tar.gz

2. Untar or extract the downloaded file:

$ tar zxvf macfonts.tar.gz

3. Move macfonts folder to the /fonts directory:

$ sudo mv macfonts /usr/share/fonts/

4. Reload the font cache:

$ sudo fc-cache -f -v

Using the fonts:

You can now test or use the fonts by going to System --> Preferences --> Appearance, and then clicking on the "Fonts" tab. Here is a sample setup on using theMac fonts:

Application font: Lucida MAC 10
Document font: Lucida MAC 10
Desktop font: Lucida MAC 10
Window title font: LucidaMacBold 10
Fixed width font: Lucida Console 10

Minimum RAM for Fedora 13 beta?

As a rule of thumb, I wouldn't go one byte less than 512MB for 32-bit, or 1GB for 64-bit.

More realistically, 1GB is a probably a good "minimum RAM" to start with for any GUI OS (32- or 64-bit), then increase as-needed. People might disagree, but it's honestly my experience that if you really need to have less than 1GB RAM ... then you probably shouldn't be considering a Gnome or KDE desktop. If you don't have enough RAM, you should probably consider a server (e.g. text-mode) environment, or a distro like Puppy Linux (which supports REALLY tiny memory footprints!), or Ubuntu Remix.

Wednesday, March 31, 2010

How to test Multicast Packet Filtering?

Today morning I started my day testing with Multicast Packet Filtering. I had Ubuntu 9.10 and CentOS 5.4 in my VM running over ESX 4.1.I decided to make CentOS as Client and Ubuntu as server for the setup.

First of all, I downloaded iperf as yum was not feeling well today(just kidding).
Its simple to install,download the package and install. Luckily, I dint get any dependency hell.

On Ubuntu Box:

SERVER MACHINE
=====================================

sudo iperf -s -u -B 224.0.65.68 -i 1
--------------------------------------

server listening on UDP port 5001
Binding to local address 224.0.65.68
Joining multicast group 224.0.65.68
UDP Buffer size: 120 Kbytes(default)
------------------------------------------

[ 3] local 224.0.65.688 port 5001 connected with 10.112.173.86 port 38577
[ 3] 0.0.-1.0 sec 128 KBytes 1.05 Mbits/sec 0.228 ms 0/ 89 (0%)
...
...

On CenTOS Box(Client):



iperf -c 224.0.65.68 -u -T 5 -t 5
----------------------------------
Client connecting to 224.0.65.68, UDP port 5001
sending 1470 byte datagrams
setting multicast TTL to 5
UDP buffer size: 126 KBytes(default)
------------------------------------------
[ 3] local 10.112.173.86 port 38577 connected with 224.0.65.68 port 5001
[ 3] 0.0- 5.0 sec 642 Kbytes 1.05 Mbits/sec
[ 3] Sent 447 datagrams


1.It clearly shows that multicast address is 224.0.65.68.
e.g. server> iperf -s -u -B -i 1

This will have the iperf servers listening for datagram (-u) from the address (-B multicast address), with a periodic interval of 1s (-i 1)

2. Configure the client VM, connecting to the multicast group address and setting the TTL (-T, --ttl) as needed
e.g. client> iperf -c -u -T 5 -t 5

This will have the client connected to the multicast address (-c multicast address), with a TTL of 5 (-T 5), sending data for 5 seconds
NOTE: Use tcpdump or ethereal on server VMs to capture and analyze IP packets and ensure its validity.

Run the test for 120 sec.

That's it..
You Have just finally tested Multicast packet Filtering.

Have a Cool Rainy Weather in Bangalore.

Tuesday, March 30, 2010

Quick Command Reference: List Loaded Drivers on Linux?

driverquery is the command on Windows to get list of drivers. In the same way, on Linux we have lsmod which lists the drivers installed on the box.

lsmod is a program to show the status of modules in the Linux Kernel. lsmod is a trivial program which nicely formats the contents of the /proc/modules, showing what kernel modules are currently loaded.

Example: lsmod of a typical ESX 4.1 Box could show:

[root@esx]# lsmod
Module Size Used by
nfs 245688 2
lockd 68016 2 nfs
nfs_acl 3904 1 nfs
edd 10696 0
ppdev 10056 0
parport_pc 28584 0
i2c_dev 10696 0
i2c_core 23128 1 i2c_dev
sunrpc 162248 11 nfs,lockd,nfs_acl
ipt_REJECT 6080 0
xt_tcpudp 3520 0
ipt_LOG 6656 0
x_tables 17096 3 ipt_REJECT,xt_tcpudp,ipt_LOG
parport 41100 2 ppdev,parport_pc
nvram 8456 0
sg 36520 0
vmxnet_console 23360 1
vmnixmod 789052 56 vmxnet_console

Sunday, March 28, 2010

Understanding Jumbo Frames !!

Whether or not Gigabit Ethernet (and beyond) should support frame sizes (i.e. packets) larger than 1500 bytes has been a topic of great debate. With the explosive growth of Gigabit ethernet, the impact of this decision is critically important and will affect Internet performance for years to come.

Most of the debate about jumbo frames has focused on local area network performance and the impact that frame size has on host processing requirements, interface cards, memory, etc. But what is less well known, and of critical concern for high performance computing, is the impact that frame size has on wide area network performance. This document discusses why you should care, and about the largely ignored but important impact that frame size has on the wide area performance of TCP.

How jumbo is a jumbo frame anyway?

Ethernet has used 1500 byte frame sizes since it was created (around 1980). To maintain backward compatibility, 100 Mbps ethernet used the same size, and today "standard" gigabit ethernet is also using 1500 byte frames. This is so a packet to/from any combination of 10/100/1000 Mbps ethernet devices can be handled without any layer two fragmentation or reassembly.

"Jumbo frames" extends ethernet to 9000 bytes. Why 9000? First because ethernet uses a 32 bit CRC that loses its effectiveness above about 12000 bytes. And secondly, 9000 was large enough to carry an 8 KB application datagram (e.g. NFS) plus packet header overhead. Is 9000 bytes enough? It's a lot better than 1500, but for pure performance reasons there is little reason to stop there. At 64 KB we reach the limit of an IPv4 datagram, while IPv6 allows for packets up to 4 GB in size. For ethernet however, the 32 bit CRC limit is hard to change, so don't expect to see ethernet frame sizes above 9000 bytes anytime soon.

How can jumbo frames and 1500 byte frames coexist?

Two basic approaches exist:

* On a port by port basis, where everything "downstream" from a given port is known to support jumbo frames.
* Using 802.1q Virtual LANs, where jumbo frame and non-jumbo frame devices are segregated to different VLANs.

Jumbo frames bad for multimedia?

For applications that are sensitive to burst drops, delay jitter, etc., it can be argued that large frames are a bad idea. No application has to use large frames however, so the question is really whether other application's large frames will negatively impact your application's small ones. This is primarily an issue of slot time, i.e. how much will a large packet delay (or quantize) the time(s) available to transmit the small packets.

A 9000 byte GigE packet takes the same amount of time to transmit as a 900 byte fast ethernet packet or a 90 byte 10 Mbps ethernet packet. So jumbo frames on gigabit ethernet at worse add less delay variation than 1500 byte frames do on slower ethernets. And no one is suggesting that slower ethernets use 9000 byte frames. As for queueing delay concerns, that could happen whether packets are large or small. If delivery QoS is required, then the routers need to implement some kind of priority or expedited forwarding, regardless of the packet sizes. Tiny frames (including 53 byte ATM cells) may be helpful when multiplexing lower bit rate streams, but they become increasingly ridiculous on gigabit and beyond links.

Understanding iperf?

Iperf is a tool to measure the bandwidth and the quality of a network link. Jperf can be associated with Iperf to provide a graphical frontend written in Java.

The network link is delimited by two hosts running Iperf.

The quality of a link can be tested as follows:

- Latency (response time or RTT): can be measured with the ping command.
- Jitter (latency variation): can be measured with an Iperf UDP test.
- Datagram loss: can be measured with an Iperf UDP test.

The bandwidth is measured through TCP tests.

To be clear, the difference between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) is that TCP use processes to check that the packets are correctly sent to the receiver whereas with UDP the packets are sent without any checks but with the advantage of being quicker than TCP.
Iperf uses the different capacities of TCP and UDP to provide statistics about network links.

Finally, Iperf can be installed very easily on any UNIX/Linux or Microsoft Windows system. One host must be set as client, the other one as server.


Here is a diagram where Iperf is installed on a Linux and Microsoft Windows machine.
Linux is used as the Iperf client and Windows as the Iperf server. Of course, it is also possible to use two Linux boxes.

screenshot Iperf bandwidth measure client server

Iperf tests:

no arg.
-b
-r
-d
-w
Default settings
Data format
Bi-directional bandwidth
Simultaneous bi-directional bandwidth
TCP Window size
-p, -t, -i
-u, -b
-m
-M
-P
-h Port, timing and interval
UDP tests, bandwidth settings
Maximum Segment Size display
Maximum Segment Size settings
Parallel tests
help
Jperf:

no arg.
-d
-u, -b Default settings
Simultaneous bi-directional bandwidth
UDP tests, bandwidth settings


Default Iperf settings:
Also check "Jperf section.

By default, the Iperf client connects to the Iperf server on the TCP port 5001 and the bandwidth displayed by Iperf is the bandwidth from the client to the server.
If you want to use UDP tests, use the -u argument.
The -d and -r Iperf client arguments measure the bi-directional bandwidths. (See further on this tutorial)

Client side:

#iperf -c 10.1.1.1
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 16384 Byte (default)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 33453 connected with 10.1.1.1 port 5001
[ 3] 0.0-10.2 sec 1.26 MBytes 1.05 Mbits/sec

Server side:

#iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 33453
[ ID] Interval Transfer Bandwidth
[852] 0.0-10.6 sec 1.26 MBytes 1.03 Mbits/sec


Data formatting: (-f argument)

The -f argument can display the results in the desired format: bits(b), bytes(B), kilobits(k), kilobytes(K), megabits(m), megabytes(M), gigabits(g) or gigabytes(G).
Generally the bandwidth measures are displayed in bits (or Kilobits, etc ...) and an amount of data is displayed in bytes (or Kilobytes, etc ...).
As a reminder, 1 byte is equal to 8 bits and, in the computer science world, 1 kilo is equal to 1024 (2^10).
For example: 100'000'000 bytes is not equal to 100 Mbytes but to 100'000'000/1024/1024 = 95.37 Mbytes.

Client side:

#iperf -c 10.1.1.1 -f b
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 16384 Byte (default)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 54953 connected with 10.1.1.1 port 5001
[ 3] 0.0-10.2 sec 1359872 Bytes 1064272 bits/sec

Server side:

#iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 33453
[ ID] Interval Transfer Bandwidth
[852] 0.0-10.6 sec 920 KBytes 711 Kbits/sec

Top of the page


Bi-directional bandwidth measurement: (-r argument)

The Iperf server connects back to the client allowing the bi-directional bandwidth measurement. By default, only the bandwidth from the client to the server is measured.
If you want to measure the bi-directional bandwidth simultaneously, use the -d keyword. (See next test.)

Client side:

#iperf -c 10.1.1.1 -r
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 5] local 10.6.2.5 port 35726 connected with 10.1.1.1 port 5001
[ 5] 0.0-10.0 sec 1.12 MBytes 936 Kbits/sec
[ 4] local 10.6.2.5 port 5001 connected with 10.1.1.1 port 1640
[ 4] 0.0-10.1 sec 74.2 MBytes 61.7 Mbits/sec

Server side:

#iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 54355
[ ID] Interval Transfer Bandwidth
[852] 0.0-10.1 sec 1.15 MBytes 956 Kbits/sec
------------------------------------------------------------
Client connecting to 10.6.2.5, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[824] local 10.1.1.1 port 1646 connected with 10.6.2.5 port 5001
[ ID] Interval Transfer Bandwidth
[824] 0.0-10.0 sec 73.3 MBytes 61.4 Mbits/sec

Top of the page


Simultaneous bi-directional bandwidth measurement: (-d argument)
Also check the "Jperf" section.

To measure the bi-directional bandwidths simultaneousely, use the -d argument. If you want to test the bandwidths sequentially, use the -r argument (see previous test).
By default (ie: without the -r or -d arguments), only the bandwidth from the client to the server is measured.

Client side:

#iperf -c 10.1.1.1 -d
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 5] local 10.6.2.5 port 60270 connected with 10.1.1.1 port 5001
[ 4] local 10.6.2.5 port 5001 connected with 10.1.1.1 port 2643
[ 4] 0.0-10.0 sec 76.3 MBytes 63.9 Mbits/sec
[ 5] 0.0-10.1 sec 1.55 MBytes 1.29 Mbits/sec

Server side:

#iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 60270
------------------------------------------------------------
Client connecting to 10.6.2.5, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[800] local 10.1.1.1 port 2643 connected with 10.6.2.5 port 5001
[ ID] Interval Transfer Bandwidth
[800] 0.0-10.0 sec 76.3 MBytes 63.9 Mbits/sec
[852] 0.0-10.1 sec 1.55 MBytes 1.29 Mbits/sec

Top of the page


TCP Window size: (-w argument)

The TCP window size is the amount of data that can be buffered during a connection without a validation from the receiver.
It can be between 2 and 65,535 bytes.
On Linux systems, when specifying a TCP buffer size with the -w argument, the kernel allocates double as much as indicated.

Client side:

#iperf -c 10.1.1.1 -w 2000
WARNING: TCP window size set to 2000 bytes. A small window size
will give poor performance. See the Iperf documentation.
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 3.91 KByte (WARNING: requested 1.95 KByte)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 51400 connected with 10.1.1.1 port 5001
[ 3] 0.0-10.1 sec 704 KBytes 572 Kbits/sec

Server side:

#iperf -s -w 4000
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 3.91 KByte
------------------------------------------------------------
[852] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 51400
[ ID] Interval Transfer Bandwidth
[852] 0.0-10.1 sec 704 KBytes 570 Kbits/sec

Top of the page


Communication port (-p), timing (-t) and interval (-i):

The Iperf server communication port can be changed with the -p argument. It must be configured on the client and the server with the same value, default is TCP port 5001.
The -t argument specifies the test duration time in seconds, default is 10 secs.
The -i argument indicates the interval in seconds between periodic bandwidth reports.

Client side:

#iperf -c 10.1.1.1 -p 12000 -t 20 -i 2
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 12000
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 58316 connected with 10.1.1.1 port 12000
[ 3] 0.0- 2.0 sec 224 KBytes 918 Kbits/sec
[ 3] 2.0- 4.0 sec 368 KBytes 1.51 Mbits/sec
[ 3] 4.0- 6.0 sec 704 KBytes 2.88 Mbits/sec
[ 3] 6.0- 8.0 sec 280 KBytes 1.15 Mbits/sec
[ 3] 8.0-10.0 sec 208 KBytes 852 Kbits/sec
[ 3] 10.0-12.0 sec 344 KBytes 1.41 Mbits/sec
[ 3] 12.0-14.0 sec 208 KBytes 852 Kbits/sec
[ 3] 14.0-16.0 sec 232 KBytes 950 Kbits/sec
[ 3] 16.0-18.0 sec 232 KBytes 950 Kbits/sec
[ 3] 18.0-20.0 sec 264 KBytes 1.08 Mbits/sec
[ 3] 0.0-20.1 sec 3.00 MBytes 1.25 Mbits/sec

Server side:

#iperf -s -p 12000
------------------------------------------------------------
Server listening on TCP port 12000
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[852] local 10.1.1.1 port 12000 connected with 10.6.2.5 port 58316
[ ID] Interval Transfer Bandwidth
[852] 0.0-20.1 sec 3.00 MBytes 1.25 Mbits/sec

Top of the page


UDP tests: (-u), bandwidth settings (-b)
Also check the "Jperf" section.

The UDP tests with the -u argument will give invaluable information about the jitter and the packet loss. If you don't specify the -u argument, Iperf uses TCP.
To keep a good link quality, the packet loss should not go over 1 %. A high packet loss rate will generate a lot of TCP segment retransmissions which will affect the bandwidth.

The jitter is basically the latency variation and does not depend on the latency. You can have high response times and a very low jitter. The jitter value is particularly important on network links supporting voice over IP (VoIP) because a high jitter can break a call.
The -b argument allows the allocation if the desired bandwidth.

Client side:

#iperf -c 10.1.1.1 -u -b 10m
------------------------------------------------------------
Client connecting to 10.1.1.1, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 108 KByte (default)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 32781 connected with 10.1.1.1 port 5001
[ 3] 0.0-10.0 sec 11.8 MBytes 9.89 Mbits/sec
[ 3] Sent 8409 datagrams
[ 3] Server Report:
[ 3] 0.0-10.0 sec 11.8 MBytes 9.86 Mbits/sec 2.617 ms 9/ 8409 (0.11%)

Server side:

#iperf -s -u -i 1
------------------------------------------------------------
Server listening on UDP port 5001
Receiving 1470 byte datagrams
UDP buffer size: 8.00 KByte (default)
------------------------------------------------------------
[904] local 10.1.1.1 port 5001 connected with 10.6.2.5 port 32781
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[904] 0.0- 1.0 sec 1.17 MBytes 9.84 Mbits/sec 1.830 ms 0/ 837 (0%)
[904] 1.0- 2.0 sec 1.18 MBytes 9.94 Mbits/sec 1.846 ms 5/ 850 (0.59%)
[904] 2.0- 3.0 sec 1.19 MBytes 9.98 Mbits/sec 1.802 ms 2/ 851 (0.24%)
[904] 3.0- 4.0 sec 1.19 MBytes 10.0 Mbits/sec 1.830 ms 0/ 850 (0%)
[904] 4.0- 5.0 sec 1.19 MBytes 9.98 Mbits/sec 1.846 ms 1/ 850 (0.12%)
[904] 5.0- 6.0 sec 1.19 MBytes 10.0 Mbits/sec 1.806 ms 0/ 851 (0%)
[904] 6.0- 7.0 sec 1.06 MBytes 8.87 Mbits/sec 1.803 ms 1/ 755 (0.13%)
[904] 7.0- 8.0 sec 1.19 MBytes 10.0 Mbits/sec 1.831 ms 0/ 850 (0%)
[904] 8.0- 9.0 sec 1.19 MBytes 10.0 Mbits/sec 1.841 ms 0/ 850 (0%)
[904] 9.0-10.0 sec 1.19 MBytes 10.0 Mbits/sec 1.801 ms 0/ 851 (0%)
[904] 0.0-10.0 sec 11.8 MBytes 9.86 Mbits/sec 2.618 ms 9/ 8409 (0.11%)

Top of the page


Maximum Segment Size (-m argument) display:

The Maximum Segment Size (MSS) is the largest amount of data, in bytes, that a computer can support in a single, unfragmented TCP segment.
It can be calculated as follows:
MSS = MTU - TCP & IP headers
The TCP & IP headers are equal to 40 bytes.
The MTU or Maximum Transmission Unit is the greatest amount of data that can be transferred in a frame.
Here are some default MTU size for different network topology:
Ethernet - 1500 bytes: used in a LAN.
PPPoE - 1492 bytes: used on ADSL links.
Token Ring (16Mb/sec) - 17914 bytes: old technology developed by IBM.
Dial-up - 576 bytes

Generally, a higher MTU (and MSS) brings higher bandwidth efficiency

Client side:

#iperf -c 10.1.1.1 -m
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 41532 connected with 10.1.1.1 port 5001
[ 3] 0.0-10.2 sec 1.27 MBytes 1.04 Mbits/sec
[ 3] MSS size 1448 bytes (MTU 1500 bytes, ethernet)

Here the MSS is not equal to 1500 - 40 but to 1500 - 40 - 12 (Timestamps option) = 1448

Server side:

#iperf -s
Top of the page


Maximum Segment Size (-M argument) settings:

Use the -M argument to change the MSS. (See the previous test for more explanations about the MSS)

#iperf -c 10.1.1.1 -M 1300 -m
WARNING: attempt to set TCP maximum segment size to 1300, but got 536
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 41533 connected with 10.1.1.1 port 5001
[ 3] 0.0-10.1 sec 4.29 MBytes 3.58 Mbits/sec
[ 3] MSS size 1288 bytes (MTU 1328 bytes, unknown interface)

Server side:

#iperf -s
Top of the page


Parallel tests (-P argument):

Use the -P argument to run parallel tests.

Client side:

#iperf -c 10.1.1.1 -P 2
------------------------------------------------------------
Client connecting to 10.1.1.1, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 10.6.2.5 port 41534 connected with 10.1.1.1 port 5001
[ 4] local 10.6.2.5 port 41535 connected with 10.1.1.1 port 5001
[ 4] 0.0-10.1 sec 1.35 MBytes 1.12 Mbits/sec
[ 3] 0.0-10.1 sec 1.35 MBytes 1.12 Mbits/sec
[SUM] 0.0-10.1 sec 2.70 MBytes 2.24 Mbits/sec

Server side:

#iperf -s
Top of the page


Iperf help:

#iperf -h
Usage: iperf [-s|-c host] [options]
iperf [-h|--help] [-v|--version]

Client/Server:
-f
-i
-l
-m
-p
-u
-w
-B
-C
-M
-N
-V --format
--interval
--len
--print_mss
--port
--udp
--window
--bind
--compatibility
--mss
--nodelay
--IPv6Version [kmKM]
#
#[KM]

#

#[KM]
"host"

#

format to report: Kbits, Mbits, KBytes, MBytes
seconds between periodic bandwidth reports
length of buffer to read or write (default 8 KB)
print TCP maximum segment size (MTU - TCP/IP header)
server port to listen on/connect to
use UDP rather than TCP
TCP window size (socket buffer size)
bind to "host", an interface or multicast address
for use with older versions does not sent extra msgs
set TCP maximum segment size (MTU - 40 bytes)
set TCP no delay, disabling Nagle's Algorithm
Set the domain to IPv6
Server specific:
-s
-U
-D --server
--single_udp
--daemon

run in server mode
run in single threaded UDP mode
run the server as a daemon
Client specific:
-b
-c
-d
-n
-r
-t
-F
-I
-L
-P
-T --bandwidth
--client
--dualtest
--num
--tradeoff
--time
--fileinput
--stdin
--listenport
--parallel
--ttl #[KM]
"host"

#[KM]

#
"name"

#
#
# for UDP, bandwidth to send at in bits/sec (default 1 Mbit/sec, implies -u)
run in client mode, connecting to "host"
Do a bidirectional test simultaneously
number of bytes to transmit (instead of -t)
Do a bidirectional test individually
time in seconds to transmit for (default 10 secs)
input the data to be transmitted from a file
input the data to be transmitted from stdin
port to recieve bidirectional tests back on
number of parallel client threads to run
time-to-live, for multicast (default 1)
Miscellaneous:
-h
-v --help
--version
print this message and quit
print version information and quit

Demystify Your Linux Box !!: vmxnet3 :A New Para-Virtualized NIC from Vmware

Demystify Your Linux Box !!: vmxnet3 :A New Para-Virtualized NIC from Vmware

vmxnet3 :A New Para-Virtualized NIC from Vmware

VMXNET3, the newest generation of virtual network adapter from VMware, offers performance on par with or better than its previous generations in both Windows and Linux guests. Both the driver and the device have been highly tuned to perform better on modern systems. Furthermore, VMXNET3 introduces new features and enhancements, such as TSO6 and RSS.

TSO6 makes it especially useful for users deploying applications that deal with IPv6 traffic, while RSS is helpful for deployments requiring high scalability. All these features give VMXNET3 advantages that are not possible with previous generations of virtual network adapters.
Moving forward, to keep pace with an ever‐increasing demand for network bandwidth, Vmware recommend customers migrate to VMXNET3 if performance is of top concern to their deployments.

The VMXNET3 driver is NAPI‐compliant on Linux guests. NAPI is an interrupt mitigation mechanism that improves high‐speed networking performance on Linux by switching back and forth between interrupt mode and polling mode during packet receive. It is a proven technique to improve CPU efficiency and allows the
guest to process higher packet loads. VMXNET3 also supports Large Receive Offload (LRO) on Linux guests.However, in ESX 4.0 the VMkernel backend supports large receive packets only if the packets originate from another virtual machine running on the same host.

VMXNET3 supports larger Tx/Rx ring buffer sizes compared to previous generations of virtual network devices. This feature benefits certain network workloads with bursty and high‐peak throughput. Having a larger ring size provides extra buffering to better cope with transient packet bursts.

VMXNET3 supports three interrupt modes:

MSI‐X,
MSI, and
INTx.

Normally the VMXNET3 guest driver will attempt to use the interrupt modes in the order given above, if the guest kernel supports them. With VMXNET3, TCP Segmentation Offload (TSO) for IPv6 is supported for both Windows and Linux guests now, and TSO support for IPv4 is added for Solaris guests in addition to Windows and Linux guests.

To use VMXNET3, the user must install VMware Tools on a virtual machine with hardware version 7.

Friday, March 26, 2010

How to Upgrade to Fedora 12?

Last night I thought of upgrading my Fedora 11 to Fedora 12.I went through Fedora Official website and came across a new tool called preupgrade.It went fine and so wanted to share it with you all.

Here we go...

In most cases, the simplest way to upgrade an existing Fedora installation is with the preupgrade tool. When a new version of Fedora is available, preupgrade downloads the packages necessary to upgrade your installation, and initiates the upgrade process.

Install preupgrade with your graphical package manager, or

type yum install preupgrade at the command line and press Enter.

To run preupgrade, type preupgrade at the command line and press Enter.

Note:
If the contents of your /etc/fedora-release file have been changed from the default, your Fedora installation may not be found when attempting an upgrade to Fedora 12.
You can relax some of the checks against this file by booting with the following boot command:

linux upgradeany

Use the linux upgradeany command if your Fedora installation was not given as an option to upgrade.

To perform an upgrade, select Perform an upgrade of an existing installation. Click Next when you are ready to begin your upgrade.

To re-install your system, select Perform a new Fedora installation and refer to Chapter 6, Installing on Intel® and AMD Systems for further instructions.

Understanding /proc/cpuinfo?

A hyperthreaded processor has the same number of function units as an older, non-hyperthreaded processor. It just has two execution contexts, so it can maybe achieve better function unit utilization by letting more than one program execute concurrently. On the other hand, if you're running two programs which compete for the same function units, there is no advantage at all to having both running "concurrently." When one is running, the other is necessarily waiting on the same function units.

A dual core processor literally has two times as many function units as a single-core processor, and can really run two programs concurrently, with no competition for function units.

A dual core processor is built so that both cores share the same level 2 cache. A dual processor (separate physical cpus) system differs in that each cpu will have its own level 2 cache. This may sound like an advantage, and in some situations it can be but in many cases new research and testing shows that the shared cache can be faster when the cpus are sharing the same or very similar tasks.

In general Hyperthreading is considered older technology and is no longer supported in newer cpus. Hyperthreading can provide a marginal (10%) for some server workloads like mysql, but dual core technology has essentially replaced hyperthreading in newer systems.

A dual core cpu running at 3.0Ghz should be faster then a dual cpu (separate core) system running at 3.0Ghz due to the ability to share the cache at higher bus speeds.

The examples below details how we determine what kind of cpu(s) are present.

The kernel data Linux exposes in /proc/cpuinfo will show each logical cpu with a unique processor number. A logical cpu can be a hyperthreading sibling, a shared core in a dual or quad core, or a separate physical cpu. We must look at the siblings, cpu cores and core id to tell the difference.

If the number of cores = the number of siblings for a given physical processor, then hyperthreading is OFF.

/bin/cat /proc/cpuinfo | /bin/egrep 'processor|model name|cache size|core|sibling|physical'

Example 1: Single processor, 1 core, no Hyperthreading

processor : 0
model name : AMD Duron(tm) processor
cache size : 64 KB

Example 2: Single processor, 1 core, Hyperthreading is enabled.

Notice how we have 2 siblings, but only 1 core. The physical cpu id is the same for both: 0.

processor : 0
model name : Intel(R) Pentium(R) 4 CPU 2.80GHz
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
processor : 1
model name : Intel(R) Pentium(R) 4 CPU 2.80GHz
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1


Example 3. Single socket Quad Core

Notice how each processor has its own core id. The number of siblings matches the number of cores so there are no Hyperthreading siblings. Also notice the huge l2 cache - 6 MB. That makes sense though, when considering 4 cores share that l2 cache.

processor : 0
model name : Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
cache size : 6144 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 4
processor : 1
model name : Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
cache size : 6144 KB
physical id : 0
siblings : 4
core id : 1
cpu cores : 4
processor : 2
model name : Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
cache size : 6144 KB
physical id : 0
siblings : 4
core id : 2
cpu cores : 4
processor : 3
model name : Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
cache size : 6144 KB
physical id : 0
siblings : 4
core id : 3
cpu cores : 4

Example 3a. Single socket Dual Core

Again, each processor has its own core so this is a dual core system.

processor : 0
model name : Intel(R) Pentium(R) D CPU 3.00GHz
cache size : 2048 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
processor : 1
model name : Intel(R) Pentium(R) D CPU 3.00GHz
cache size : 2048 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2

Example 4. Dual Single core CPU, Hyperthreading ENABLED

This example shows that processer 0 and 2 share the same physical cpu and 1 and 3 share the same physical cpu. The number of siblings is twice the number of cores, which is another clue that this is a system with hyperthreading enabled.

processor : 0
model name : Intel(R) Xeon(TM) CPU 3.60GHz
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
processor : 1
model name : Intel(R) Xeon(TM) CPU 3.60GHz
cache size : 1024 KB
physical id : 3
siblings : 2
core id : 0
cpu cores : 1
processor : 2
model name : Intel(R) Xeon(TM) CPU 3.60GHz
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
processor : 3
model name : Intel(R) Xeon(TM) CPU 3.60GHz
cache size : 1024 KB
physical id : 3
siblings : 2
core id : 0
cpu cores : 1

Example 5. Dual CPU Dual Core No hyperthreading

Of the 5 examples this should be the most capable system processor-wise. There are a total of 4 cores; 2 cores in 2 separate socketed physical cpus. Each core shares the 4MB cache with its sibling core. The higher clock rate (3.0 Ghz vs 2.3Ghz) should offer slightly better performance than example 3.

processor : 0
model name : Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
cache size : 4096 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
processor : 1
model name : Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
cache size : 4096 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2
processor : 2
model name : Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
cache size : 4096 KB
physical id : 3
siblings : 2
core id : 0
cpu cores : 2
processor : 3
model name : Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
cache size : 4096 KB
physical id : 3
siblings : 2
core id : 1
cpu cores : 2

Friday, March 19, 2010

Shell Script: Quick Look into Command-Line Arguments

Following script is used to print command line argument and will show you how to access them:
$ vi demo

#!/bin/sh
#
# Script that demos, command line args
#
echo "Total number of command line argument are $#"
echo "$0 is script name"
echo "$1 is first argument"
echo "$2 is second argument"
echo "All of them are :- $* or $@"


Run it as follows

Set execute permission as follows:

$ chmod 755 demo

Run it & test it as follows:

$ ./demo Hello World

If test successful, copy script to your own bin directory (Install script for private use)
$ cp demo ~/bin

Check whether it is working or not (?)

$ demo
$ demo Hello World

NOTE: After this, for any script you have to used above command, in sequence, I am not going to show you all of the above command(s) for rest of Tutorial.

Shell Script: How to use GREP utility?

The grep command selects and prints lines from a file (or a bunch of files) that match a pattern. Let's say your friend Bill sent you an email recently with his phone number, and you want to call him ASAP to order some books. Instead of launching your email program and sifting through all the messages, you can scan your in-box file, like this:

The most useful grep flags are shown here:

-i Ignore uppercase and lowercase when comparing.
-v Print only lines that do not match the pattern.
-c Print only a count of the matching lines.
-n Display the line number before each matching line.

When grep performs its pattern matching, it expects you to provide a regular expression for the pattern. Regular expressions can be very simple or quite complex, so we won't get into a lot of details here. Here are the most common types of regular expressions:

abc Match lines containing the string "abc" anywhere.
^abc Match lines starting with "abc."
abc$ Match lines ending with "abc."
a..c Match lines containing "a" and "c" separated by any two characters (the dot matches any single character).
a.*c Match lines containing "a" and "c" separated by any number of characters (the dot- asterisk means match zero or more characters).


Regular expressions also come into play when using vi, sed, awk, and other Unix commands. If you want to master Unix, take time to understand regular expressions. Here is a sample poem.txt file and some grep commands to demonstrate regular-expression pattern matching:

Mary had a little lamb
Mary fried a lot of spam
Jack ate a Spam sandwich
Jill had a lamb spamwich

To print all lines containing spam (respecting uppercase and lowercase), enter

grep 'spam' poem.txt
Mary fried a lot of spam
Jill had a lamb spamwich

To print all lines containing spam (ignoring uppercase and lowercase), enter

grep -i 'spam' poem.txt
Mary fried a lot of spam
Jack ate a Spam sandwich
Jill had a lamb spamwich

To print just the number of lines containing the word spam (ignoring uppercase and lowercase), enter

grep -ic 'spam' poem.txt
3

To print all lines not containing spam (ignoring uppercase and lowercase), enter

grep -i -v 'spam' poem.txt
Mary had a little lamb

To print all lines starting with Mary, enter

grep '^Mary' poem.txt
Mary had a little lamb
Mary fried a lot of spam

To print all lines ending with ich, enter

grep 'ich$' poem.txt
Jack ate a Spam sandwich
Jill had a lamb spamwich

To print all lines containing had followed by lamb, enter

grep 'had.*lamb' poem.txt
Mary had a little lamb
Jill had a lamb spamwich

Shell Script: A Simple Cut Command

Today is a sunny day outside and lets tweak with shell scripting.
We will carry on this episode throughout this year. I can assure you will surely be interested with this new episode.

Lets start it from scratch:

Consider a slight variation on the company.data file we've been playing with in this section:

406378:Sales:Itorre:Jan
031762:Marketing:Nasium:Jim
636496:Research:Ancholie:Mel
396082:Sales:Jucacion:Ed


If you want to print just columns 1 to 6 of each line (the employee serial numbers), use the -c1-6 flag, as in this command:

cut -c1-6 company.data
406378
031762
636496
396082

If you want to print just columns 4 and 8 of each line (the first letter of the department and the fourth digit of the serial number), use the -c4,8 flag, as in this command:

cut -c4,8 company.data
3S
7M
4R
0S

And since this file obviously has fields delimited by colons, we can pick out just the last names by specifying the -d: and -f3 flags, like this:

cut -d: -f3 company.data
Itorre
Nasium
Ancholie
Jucacion

Here is a summary of the most common flags for the cut command:

-c [n | n,m | n-m] Specify a single column, multiple columns (separated by a comma), or range of columns (separated by a dash).
-f [n | n,m | n-m] Specify a single field, multiple fields (separated by a comma), or range of fields (separated by a dash).
-dc Specify the field delimiter.
-s Suppress (don't print) lines not containing the delimiter.

Friday, March 12, 2010

Linux RAM Disk: Creating A Filesystem In RAM

Software RAM disks use the normal RAM in main memory as if it were a partition on a hard drive rather than actually accessing the data bus normally used for secondary storage such as hard disk. How do I create and store a web cache on a RAM disk to improve the speed of loading pages under Linux operating systems?

You can create the ram disk as follows (8192 = 8M, no need to format the ramdisk as a journaling file system) :

# mkfs -q /dev/ram1 8192
# mkdir -p /ramcache
# mount /dev/ram1 /ramcache
# df -H | grep ramcache

Sample outputs:

/dev/ram1 8.2M 1.1M 6.7M 15% /ramcacheNext you copy images or caching objects to /ramcache

# cp /var/www/html/images/*.jpg /ramcache
Now you can edit Apache or squid reverse proxy to use /ramcache to map to images.example.com:



ServerAdmin admin@example.com
ServerName images.example.com
DocumentRoot /ramcache
#ErrorLog /var/logs/httpd/images.example.com_error.log
#CustomLog /var/logs/httpd/images.example.com_access.log combined

Reload httpd:

# service httpd reload
Now all hits to images.example.com will be served from the ram. This can improve the speed of loading pages or images. However, if server rebooted all data will be lost. So you may want to write /etc/init.d/ script to copy back files to /ramcache. Create a script called initramcache.sh:

#!/bin/sh
mkfs -t ext2 -q /dev/ram1 8192
[ ! -d /ramcache ] && mkdir -p /ramcache
mount /dev/ram1 /ramcache
/bin/cp /var/www/html/images/*.jpg /ramcacheCall it from /etc/rc.local or create softlink in /etc/rc3.d/

# chmod +x /path/to/initramcache.sh
# echo '/path/to/initramcache.sh' >> /etc/rc.local

A Note About tmpfs
tmpfs is supported by the Linux kernel from version 2.4+. tmpfs (also known as shmfs) is a little different from the Linux ramdisk. It allocate memory dynamically and by allowing less-used pages to be moved onto swap space. ramfs, in contrast, does not make use of swap which can be an advantage or disadvantage in many cases. See how to use tmpfs under Linux.

Friday, February 26, 2010

Quick LVM commands

May be you are not aware of these LVM commands..
You must be bore of running these commands:

pvdisplay
vgdisplay
lvdisplay

Lets learn the quick LVM commands:

[root@localhost ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/sda9 VolGroup lvm2 a- 95.97G 0
[root@localhost ~]# vgs
VG #PV #LV #SN Attr VSize VFree
VolGroup 1 2 0 wz--n- 95.97G 0
[root@localhost ~]# lvs
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
lv_root VolGroup -wi-ao 92.05G
lv_swap VolGroup -wi-ao 3.92G

Hope you will definitely like these stuffs.
Happy LVMing !!!

OpenSSH: In-sight into OpenSSH on Linux?

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

Default Config Files and SSH Port

* /etc/ssh/sshd_config - OpenSSH server configuration file.
* /etc/ssh/ssh_config - OpenSSH client configuration file.
* ~/.ssh/ - Users ssh configuration directory.
* ~/.ssh/authorized_keys or ~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into the user’s account

* /etc/nologin - If this file exists, sshd refuses to let anyone except root log in.
* /etc/hosts.allow and /etc/hosts.deny : Access controls lists that should be enforced by tcp-wrappers are defined here.
* SSH default port : TCP 22



SSH Session in Action

#1: Disable OpenSSH Server

Workstations and laptop can work without OpenSSH server. If you need not to provide the remote login and file transfer capabilities of SSH, disable and remove the SSHD server. CentOS / RHEL / Fedora Linux user can disable and remove openssh-server with yum command:

# chkconfig sshd off
# yum erase openssh-server

Debian / Ubuntu Linux user can disable and remove the same with apt-get command:

# apt-get remove openssh-server

You may need to update your iptables script to remove ssh exception rule. Under CentOS / RHEL / Fedora edit the files /etc/sysconfig/iptables and /etc/sysconfig/ip6tables. Once done restart iptables service:

# service iptables restart
# service ip6tables restart

#2: Only Use SSH Protocol 2

SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. SSH-1 is obsolete and should be avoided at all cost. Open sshd_config file and make sure the following line exists:

Protocol 2

#3: Limit Users' SSH Access

By default all systems user can login via SSH using their password or public key. Sometime you create UNIX / Linux user account for ftp or email purpose. However, those user can login to system using ssh. They will have full access to system tools including compilers and scripting languages such as Perl, Python which can open network ports and do many other fancy things. One of my client has really outdated php script and an attacker was able to create a new account on the system via a php script. However, attacker failed to get into box via ssh because it wasn't in AllowUsers.

Only allow root, vivek and jerry user to use the system via SSH, add the following to sshd_config:

AllowUsers root vivek jerry

Alternatively, you can allow all users to login via SSH but deny only a few users, with the following line:

DenyUsers saroj anjali foo

You can also configure Linux PAM allows or deny login via the sshd server. You can allow list of group name to access or deny access to the ssh.

#4: Configure Idle Log Out Timeout Interval

User can login to server via ssh and you can set an idel timeout interval to avoid unattended ssh session. Open sshd_config and make sure following values are configured:

ClientAliveInterval 300
ClientAliveCountMax 0

You are setting an idle timeout interval in seconds (300 secs = 5 minutes). After this interval has passed, the idle user will be automatically kicked out (read as logged out). See how to automatically log BASH / TCSH / SSH users out after a period of inactivity for more details.

#5: Disable .rhosts Files

Don't read the user's ~/.rhosts and ~/.shosts files. Update sshd_config with the following settings:

IgnoreRhosts yes

SSH can emulate the behavior of the obsolete rsh command, just disable insecure access via RSH.

#6: Disable Host-Based Authentication

To disable host-based authentication, update sshd_config with the following option:

HostbasedAuthentication no

#7: Disable root Login via SSH

There is no need to login as root via ssh over a network. Normal users can use su or sudo (recommended) to gain root level access. This also make sure you get full auditing information about who ran privileged commands on the system via sudo. To disable root login via SSH, update sshd_config with the following line:

PermitRootLogin no

However, bob made excellent point:

Saying "don't login as root" is h******t. It stems from the days when people sniffed the first packets of sessions so logging in as yourself and su-ing decreased the chance an attacker would see the root pw, and decreast the chance you got spoofed as to your telnet host target, You'd get your password spoofed but not root's pw. Gimme a break. this is 2005 - We have ssh, used properly it's secure. used improperly none of this 1989 will make a damn bit of difference. -Bob

#8: Enable a Warning Banner

Set a warning banner by updating sshd_config with the following line:

Banner /etc/issue

Sample /etc/issue file:

----------------------------------------------------------------------------------------------
You are accessing a XYZ Government (XYZG) Information System (IS) that is provided for authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:

+ The XYZG routinely intercepts and monitors communications on this IS for purposes including, but not limited to,
penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM),
law enforcement (LE), and counterintelligence (CI) investigations.

+ At any time, the XYZG may inspect and seize data stored on this IS.

+ Communications using, or data stored on, this IS are not private, are subject to routine monitoring,
interception, and search, and may be disclosed or used for any XYZG authorized purpose.

+ This IS includes security measures (e.g., authentication and access controls) to protect XYZG interests--not
for your personal benefit or privacy.

+ Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching
or monitoring of the content of privileged communications, or work product, related to personal representation
or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work
product are private and confidential. See User Agreement for details.
----------------------------------------------------------------------------------------------

Above is standard sample, consult your legal team for exact user agreement and legal notice details.

#8: Firewall SSH Port # 22

You need to firewall ssh port # 22 by updating iptables or pf firewall configurations. Usually, OpenSSH server must only accept connections from your LAN or other remote WAN sites only.
Netfilter (Iptables) Configuration

Update /etc/sysconfig/iptables (Redhat and friends specific file) to accept connection only from 192.168.1.0/24 and 202.54.1.5/29, enter:

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -s 202.54.1.5/29 -m state --state NEW -p tcp --dport 22 -j ACCEPT

If you've dual stacked sshd with IPv6, edit /etc/sysconfig/ip6tables (Redhat and friends specific file), enter:

-A RH-Firewall-1-INPUT -s ipv6network::/ipv6mask -m tcp -p tcp --dport 22 -j ACCEPT

Replace ipv6network::/ipv6mask with actual IPv6 ranges.
*BSD PF Firewall Configuration

If you are using PF firewall update /etc/pf.conf as follows:

pass in on $ext_if inet proto tcp from {192.168.1.0/24, 202.54.1.5/29} to $ssh_server_ip port ssh flags S/SA synproxy state

#9: Change SSH Port and Limit IP Binding

By default SSH listen to all available interfaces and IP address on the system. Limit ssh port binding and change ssh port (by default brute forcing scripts only try to connects to port # 22). To bind to 192.168.1.5 and 202.54.1.5 IPs and to port 300, add or correct the following line:

Port 300
ListenAddress 192.168.1.5
ListenAddress 202.54.1.5

A better approach to use proactive approaches scripts such as fail2ban or denyhosts (see below).

#10: Use Strong SSH Passwords and Passphrase

It cannot be stressed enough how important it is to use strong user passwords and passphrase for your keys. Brute force attack works because you use dictionary based passwords. You can force users to avoid passwords against a dictionary attack and use john the ripper tool to find out existing weak passwords. Here is a sample random password generator (put in your ~/.bashrc):

genpasswd() {
local l=$1
[ "$l" == "" ] && l=20
tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs } Run it: genpasswd 16 Output: uw8CnDVMwC6vOKgW #11: Use Public Key Based Authentication Use public/private key pair with password protection for the private key. See how to use RSA and DSA key based authentication. Never ever use passphrase free key (passphrase key less) login. #12: Use Keychain Based Authentication keychain is a special bash script designed to make key-based authentication incredibly convenient and flexible. It offers various security benefits over passphrase-free keys. See how to setup and use keychain software. #13: Chroot SSHD (Lock Down Users To Their Home Directories) By default users are allowed to browse the server directories such as /etc/, /bin and so on. You can protect ssh, using os based chroot or use special tools such as rssh. With the release of OpenSSH 4.8p1 or 4.9p1, you no longer have to rely on third-party hacks such as rssh or complicated chroot(1) setups to lock users to their home directories. See this blog post about new ChrootDirectory directive to lock down users to their home directories. #14: Use TCP Wrappers TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet. OpenSSH does supports TCP wrappers. Just update your /etc/hosts.allow file as follows to allow SSH only from 192.168.1.2 172.16.23.12 : sshd : 192.168.1.2 172.16.23.12 See this FAQ about setting and using TCP wrappers under Linux / Mac OS X and UNIX like operating systems. #15: Disable Empty Passwords You need to explicitly disallow remote login from accounts with empty passwords, update sshd_config with the following line: PermitEmptyPasswords no #16: Thwart SSH Crackers (Brute Force Attack) Brute force is a method of defeating a cryptographic scheme by trying a large number of possibilities using a single or distributed computer network. To prevents brute force attacks against SSH, use the following softwares: * DenyHosts is a Python based security tool for SSH servers. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. * Explains how to setup DenyHosts under RHEL / Fedora and CentOS Linux. * Fail2ban is a similar program that prevents brute force attacks against SSH. * security/sshguard-pf protect hosts from brute force attacks against ssh and other services using pf. * security/sshguard-ipfw protect hosts from brute force attacks against ssh and other services using ipfw. * security/sshguard-ipfilter protect hosts from brute force attacks against ssh and other services using ipfilter. * security/sshblock block abusive SSH login attempts. * security/sshit checks for SSH/FTP bruteforce and blocks given IPs. * BlockHosts Automatic blocking of abusive IP hosts. * Blacklist Get rid of those bruteforce attempts. * Brute Force Detection A modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format. * IPQ BDB filter May be considered as a fail2ban lite. #17: Rate-limit Incoming Port # 22 Connections Both netfilter and pf provides rate-limit option to perform simple throttling on incoming connections on port # 22. Iptables Example The following example will drop incoming connections which make more than 5 connection attempts upon port 22 within 60 seconds: #!/bin/bash inet_if=eth1 ssh_port=22 $IPT -I INPUT -p tcp --dport ${ssh_port} -i ${inet_if} -m state --state NEW -m recent --set $IPT -I INPUT -p tcp --dport ${ssh_port} -i ${inet_if} -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP Call above script from your iptables scripts. Another config option: $IPT -A INPUT -i ${inet_if} -p tcp --dport ${ssh_port} -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT $IPT -A INPUT -i ${inet_if} -p tcp --dport ${ssh_port} -m state --state ESTABLISHED -j ACCEPT $IPT -A OUTPUT -o ${inet_if} -p tcp --sport ${ssh_port} -m state --state ESTABLISHED -j ACCEPT # another one line example # $IPT -A INPUT -i ${inet_if} -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 22 -m limit --limit 5/minute --limit-burst 5-j ACCEPT See iptables man page for more details. *BSD PF Example The following will limits the maximum number of connections per source to 20 and rate limit the number of connections to 15 in a 5 second span. If anyone breaks our rules add them to our abusive_ips table and block them for making any further connections. Finally, flush keyword kills all states created by the matching rule which originate from the host which exceeds these limits. sshd_server_ip="202.54.1.5" table persist
block in quick from
pass in on $ext_if proto tcp to $sshd_server_ip port ssh flags S/SA keep state (max-src-conn 20, max-src-conn-rate 15/5, overload flush)

#18: Use Port Knocking

Port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A sample port Knocking example for ssh using iptables:

$IPT -N stage1
$IPT -A stage1 -m recent --remove --name knock
$IPT -A stage1 -p tcp --dport 3456 -m recent --set --name knock2

$IPT -N stage2
$IPT -A stage2 -m recent --remove --name knock2
$IPT -A stage2 -p tcp --dport 2345 -m recent --set --name heaven

$IPT -N door
$IPT -A door -m recent --rcheck --seconds 5 --name knock2 -j stage2
$IPT -A door -m recent --rcheck --seconds 5 --name knock -j stage1
$IPT -A door -p tcp --dport 1234 -m recent --set --name knock

$IPT -A INPUT -m --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 5 --name heaven -j ACCEPT
$IPT -A INPUT -p tcp --syn -j doo

* fwknop is an implementation that combines port knocking and passive OS fingerprinting.
* Multiple-port knocking Netfilter/IPtables only implementation.

#19: Use Log Analyzer

Read your logs using logwatch or logcheck. These tools make your log reading life easier. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Make sure LogLevel is set to INFO or DEBUG in sshd_config:

LogLevel INFO

#20: Patch OpenSSH and Operating Systems

It is recommended that you use tools such as yum, apt-get, freebsd-update and others to keep systems up to date with the latest security patches.
Other Options

To hide openssh version, you need to update source code and compile openssh again. Make sure following options are enabled in sshd_config:

# Turn on privilege separation
UsePrivilegeSeparation yes
# Prevent the use of insecure home directory and key file permissions
StrictModes yes
# Turn on reverse name checking
VerifyReverseMapping yes
# Do you need port forwarding?
AllowTcpForwarding no
X11Forwarding no
# Specifies whether password authentication is allowed. The default is yes.
PasswordAuthentication no

Verify your sshd_config file before restarting / reloading changes:
# /usr/sbin/sshd -t

Tighter SSH security with two-factor or three-factor (or more) authentication.

Interview Questions for Linux Hardware !!

One of the most asked interview questions is related to Linux Hardware.
Like:

1. Which command you should run on linux to know its architecture alternative to uname?
2. How you gonna list RAM size?
3. What products have been used in motherboard?
4. How will you know what processor is running on your linux box?

and so on...

Then comes dmidecode for the rescue.

DMIDECODE display the system hardware components that you currently use on your Linux computer system.The dmidecode dump the computer DMI or SMBIOS table contents in a human readable format. This DMI or SMBIOS contains a description of the system hardware components and other useful information such as serial numbers and BIOS revision. The step by step command example below show the use of dmidecode command to show the list of computer hardware system components on Linux Fedora.


The SMBIOS specification defines the following DMI types:

Type Information

0 BIOS

1 System

2 Base Board

3 Chassis

4 Processor

5 Memory Controller

6 Memory Module

7 Cache

8 Port Connector

9 System Slots

10 On Board Devices

11 OEM Strings

12 System Configuration Options

13 BIOS Language

14 Group Associations

15 System Event Log

16 Physical Memory Array

17 Memory Device

18 32-bit Memory Error

19 Memory Array Mapped Address

20 Memory Device Mapped Address

21 Built-in Pointing Device

22 Portable Battery

23 System Reset

24 Hardware Security

25 System Power Controls

26 Voltage Probe

27 Cooling Device

28 Temperature Probe

29 Electrical Current Probe

30 Out-of-band Remote Access

31 Boot Integrity Services

32 System Boot

33 64-bit Memory Error

34 Management Device

35 Management Device Component

36 Management Device Threshold Data

37 Memory Channel

38 IPMI Device

39 Power Supply

Type dmidecode and you could collect each and every information.
Here is an example of my Dell Inspiron Machine running Fedora new Kernel 2.6.33.

e 0x1000, DMI type 16, 15 bytes
Physical Memory Array
Location: System Board Or Motherboard
Use: System Memory
Error Correction Type: None
Maximum Capacity: 4 GB
Error Information Handle: Not Provided
Number Of Devices: 2

Handle 0x1100, DMI type 17, 27 bytes
Memory Device
Array Handle: 0x1000
Error Information Handle: Not Provided
Total Width: 64 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: None
Locator: DIMM_A
Bank Locator: Not Specified
Type: DDR
Type Detail: Synchronous
Speed: 800 MHz
Manufacturer: AD00000000000000
Serial Number: 00004021
Asset Tag: 000845
Part Number: HYMP112S64CP6-S6

Handle 0x1101, DMI type 17, 27 bytes
Memory Device
Array Handle: 0x1000
Error Information Handle: Not Provided
Total Width: 64 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: None
Locator: DIMM_B
Bank Locator: Not Specified
Type: DDR
Type Detail: Synchronous
Speed: 800 MHz
Manufacturer: AD00000000000000
Serial Number: 00003030
Asset Tag: 000845
Part Number: HYMP112S64CP6-S6

Handle 0x1301, DMI type 19, 15 bytes
Memory Array Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x0007FFFFFFF
Range Size: 2 GB
Physical Array Handle: 0x1000
Partition Width: 0

Handle 0x1401, DMI type 20, 19 bytes
Memory Device Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x0007FFFFFFF
Range Size: 2 GB
Physical Device Handle: 0x1100
Memory Array Mapped Address Handle: 0x1301
Partition Row Position: 1
Interleave Position: 1
Interleaved Data Depth: 8

Handle 0x1411, DMI type 126, 19 bytes
Inactive

Handle 0x1402, DMI type 20, 19 bytes
Memory Device Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x0007FFFFFFF
Range Size: 2 GB
Physical Device Handle: 0x1101
Memory Array Mapped Address Handle: 0x1301
Partition Row Position: 1
Interleave Position: 2
Interleaved Data Depth: 8

Handle 0x1412, DMI type 126, 19 bytes
Inactive

Handle 0x1500, DMI type 21, 7 bytes
Built-in Pointing Device
Type: Touch Pad
Interface: Bus Mouse
Buttons: 2

Handle 0x1600, DMI type 22, 26 bytes
Portable Battery
Location: Sys. Battery Bay
Manufacturer:
Name: DELL X409G8A
Design Capacity: 37000 mWh
Design Voltage: 11100 mV
SBDS Version: 1.0
Maximum Error: 4%
SBDS Serial Number: 3A58
SBDS Manufacture Date: 2008-10-06
SBDS Chemistry: LION
OEM-specific Information: 0x00000001

Handle 0x1B00, DMI type 27, 12 bytes
Cooling Device
Type: Fan
Status: OK
OEM-specific Information: 0x0000DD00

Handle 0x1C00, DMI type 28, 20 bytes
Temperature Probe
Description: CPU Internal Temperature
Location: Processor
Status: OK
Maximum Value: 127.0 deg C
Minimum Value: 0.0 deg C
Resolution: 1.000 deg C
Tolerance: 0.5 deg C
Accuracy: Unknown
OEM-specific Information: 0x0000DC00

Handle 0x2000, DMI type 32, 11 bytes
System Boot Information
Status: No errors detected

Handle 0xB000, DMI type 176, 5 bytes
OEM-specific Type
Header and Data:
B0 05 00 B0 00

Handle 0xB100, DMI type 177, 12 bytes
OEM-specific Type
Header and Data:
B1 0C 00 B1 02 00 00 00 00 00 00 00

Handle 0xD000, DMI type 208, 10 bytes
OEM-specific Type
Header and Data:
D0 0A 00 D0 01 04 FE 00 2F 02

Handle 0xD800, DMI type 216, 9 bytes
OEM-specific Type
Header and Data:
D8 09 00 D8 01 03 01 F0 03
Strings:
Intel Corp.

1566

Handle 0xD900, DMI type 217, 8 bytes
OEM-specific Type
Header and Data:
D9 08 00 D9 01 02 01 03
Strings:
US-101
Proprietary

Handle 0xDB00, DMI type 219, 9 bytes
OEM-specific Type
Header and Data:
DB 09 00 DB 03 01 02 03 FF
Strings:
System Device Bay
Floppy, Battery, CD-ROM, CD-RW, DVD, DVD+RW, DVD+/-RW, Hard Disk, BLU-RAY
DVD+/-RW

Handle 0xDC00, DMI type 220, 22 bytes
OEM-specific Type
Header and Data:
DC 16 00 DC 01 F0 00 00 02 F0 00 00 00 00 03 F0
04 F0 00 00 00 00

Handle 0xDD00, DMI type 221, 19 bytes
OEM-specific Type
Header and Data:
DD 13 00 DD 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00

Handle 0xD400, DMI type 212, 37 bytes
OEM-specific Type
Header and Data:
D4 25 00 D4 74 00 75 00 00 10 2D 2E 5C 00 78 BF
40 5D 00 78 BF 00 08 00 1D DF 00 03 00 1D DF 00
FF FF 00 00 00

Handle 0xD401, DMI type 212, 17 bytes
OEM-specific Type
Header and Data:
D4 11 01 D4 74 00 75 00 03 40 49 4A FF FF 00 00
00

Handle 0xDE00, DMI type 222, 16 bytes
OEM-specific Type
Header and Data:
DE 10 00 DE 01 02 FF FF 00 00 00 00 00 00 00 01

Handle 0x7F00, DMI type 127, 4 bytes
End Of Table

[root@localhost ~]# dmidecode -q
BIOS Information
Vendor: Dell Inc.
Version: A16
Release Date: 10/16/2008
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 2048 kB
Characteristics:
ISA is supported
PCI is supported
PC Card (PCMCIA) is supported
PNP is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
3.5"/720 kB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
CGA/mono video services are supported (int 10h)
ACPI is supported
USB legacy is supported
AGP is supported
Smart battery is supported
BIOS boot specification is supported
Function key-initiated network boot is supported
Targeted content distribution is supported
BIOS Revision: 1.6
Firmware Revision: 1.6

System Information
Manufacturer: Dell Inc.
Product Name: Inspiron 1525
Version: Not Specified
Serial Number: GHRM2BS
UUID: 44454C4C-4800-1052-804D-C7C04F324253
Wake-up Type: Power Switch
SKU Number: Not Specified
Family:

Base Board Information
Manufacturer: Dell Inc.
Product Name: 0U990C
Version:
Serial Number: .GHRM2BS.CN701668A70TCK.
Asset Tag:

Chassis Information
Manufacturer: Dell Inc.
Type: Portable
Lock: Not Present
Version: Not Specified
Serial Number: GHRM2BS
Asset Tag: Not Specified
Boot-up State: Safe
Power Supply State: Safe
Thermal State: Safe
Security Status: None

Processor Information
Socket Designation: Microprocessor
Type: Central Processor
Family: Core 2 Duo
Manufacturer: Intel
ID: FD 06 00 00 FF FB EB BF
Signature: Type 0, Family 6, Model 15, Stepping 13
Flags:
FPU (Floating-point unit on-chip)
VME (Virtual mode extension)
DE (Debugging extension)
PSE (Page size extension)
TSC (Time stamp counter)
MSR (Model specific registers)
PAE (Physical address extension)
MCE (Machine check exception)
CX8 (CMPXCHG8 instruction supported)
APIC (On-chip APIC hardware supported)
SEP (Fast system call)
MTRR (Memory type range registers)
PGE (Page global enable)
MCA (Machine check architecture)
CMOV (Conditional move instruction supported)
PAT (Page attribute table)
PSE-36 (36-bit page size extension)
CLFSH (CLFLUSH instruction supported)
DS (Debug store)
ACPI (ACPI supported)
MMX (MMX technology supported)
FXSR (Fast floating-point save and restore)
SSE (Streaming SIMD extensions)
SSE2 (Streaming SIMD extensions 2)
SS (Self-snoop)
HTT (Hyper-threading technology)
TM (Thermal monitor supported)
PBE (Pending break enabled)
Version: Not Specified
Voltage: 3.3 V
External Clock: 200 MHz
Max Speed: 2000 MHz
Current Speed: 2000 MHz
Status: Populated, Enabled
Upgrade: None
Serial Number: Not Specified
Asset Tag: Not Specified
Part Number: Not Specified
Core Count: 2
Core Enabled: 2
Thread Count: 2
Characteristics:
64-bit capable

Cache Information
Socket Designation: Not Specified
Configuration: Enabled, Not Socketed, Level 1
Operational Mode: Write Back
Location: Internal
Installed Size: 32 kB
Maximum Size: 32 kB
Supported SRAM Types:
Unknown
Installed SRAM Type: Unknown
Speed: Unknown
Error Correction Type: None
System Type: Data
Associativity: 4-way Set-associative

Cache Information
Socket Designation: Not Specified
Configuration: Enabled, Not Socketed, Level 2
Operational Mode: Varies With Memory Address
Location: Internal
Installed Size: 2048 kB
Maximum Size: 2048 kB
Supported SRAM Types:
Pipeline Burst
Installed SRAM Type: Pipeline Burst
Speed: 15 ns
Error Correction Type: None
System Type: Unified
Associativity: Other

Port Connector Information
Internal Reference Designator: USB
Internal Connector Type: None
External Reference Designator: Not Specified
External Connector Type: Access Bus (USB)
Port Type: USB

Port Connector Information
Internal Reference Designator: MONITOR
Internal Connector Type: None
External Reference Designator: Not Specified
External Connector Type: DB-15 female
Port Type: Video Port

Port Connector Information
Internal Reference Designator: FireWire
Internal Connector Type: None
External Reference Designator: Not Specified
External Connector Type: IEEE 1394
Port Type: Firewire (IEEE P1394)

Port Connector Information
Internal Reference Designator: Modem
Internal Connector Type: None
External Reference Designator: Not Specified
External Connector Type: RJ-11
Port Type: Modem Port

Port Connector Information
Internal Reference Designator: Ethernet
Internal Connector Type: None
External Reference Designator: Not Specified
External Connector Type: RJ-45
Port Type: Network Port

System Slot Information
Designation: PCMCIA 0
Type: 32-bit PC Card (PCMCIA)
Current Usage: Available
Length: Other
ID: Adapter 0, Socket 0
Characteristics:
5.0 V is provided
3.3 V is provided
PC Card-16 is supported
Cardbus is supported
Zoom Video is supported
Modem ring resume is supported

On Board Device Information
Type: Video
Status: Enabled
Description: Intel Crestline Graphics

On Board Device Information
Type: Sound
Status: Enabled
Description: Sigmatel 9205

OEM Strings
String 1: Dell System
String 2: 5[0003]
String 3: 13[PP22L]

BIOS Language Information
Installable Languages: 1
en|US|iso8859-1
Currently Installed Language: en|US|iso8859-1

Physical Memory Array
Location: System Board Or Motherboard
Use: System Memory
Error Correction Type: None
Maximum Capacity: 4 GB
Number Of Devices: 2

Memory Device
Total Width: 64 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: None
Locator: DIMM_A
Bank Locator: Not Specified
Type: DDR
Type Detail: Synchronous
Speed: 800 MHz
Manufacturer: AD00000000000000
Serial Number: 00004021
Asset Tag: 000845
Part Number: HYMP112S64CP6-S6

Memory Device
Total Width: 64 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: None
Locator: DIMM_B
Bank Locator: Not Specified
Type: DDR
Type Detail: Synchronous
Speed: 800 MHz
Manufacturer: AD00000000000000
Serial Number: 00003030
Asset Tag: 000845
Part Number: HYMP112S64CP6-S6

Memory Array Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x0007FFFFFFF
Range Size: 2 GB
Partition Width: 0

Memory Device Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x0007FFFFFFF
Range Size: 2 GB
Partition Row Position: 1
Interleave Position: 1
Interleaved Data Depth: 8

Memory Device Mapped Address
Starting Address: 0x00000000000
Ending Address: 0x0007FFFFFFF
Range Size: 2 GB
Partition Row Position: 1
Interleave Position: 2
Interleaved Data Depth: 8

Built-in Pointing Device
Type: Touch Pad
Interface: Bus Mouse
Buttons: 2

Portable Battery
Location: Sys. Battery Bay
Manufacturer:
Name: DELL X409G8A
Design Capacity: 37000 mWh
Design Voltage: 11100 mV
SBDS Version: 1.0
Maximum Error: 4%
SBDS Serial Number: 3A58
SBDS Manufacture Date: 2008-10-06
SBDS Chemistry: LION
OEM-specific Information: 0x00000001

Cooling Device
Type: Fan
Status: OK
OEM-specific Information: 0x0000DD00

Temperature Probe
Description: CPU Internal Temperature
Location: Processor
Status: OK
Maximum Value: 127.0 deg C
Minimum Value: 0.0 deg C
Resolution: 1.000 deg C
Tolerance: 0.5 deg C
Accuracy: Unknown
OEM-specific Information: 0x0000DC00

System Boot Information
Status: No errors detected

[root@localhost ~]#

Saturday, February 20, 2010

LVM: How to recover deleted LVM?

Guys,
This could be something very informative for all LVM experts !!

The lvm system maintains backup copies of the lvm configuration in the /etc/lvm/archive folder. I found the backup copy from just before my lvm volume was deleted. By using "vgcfgrestore" and the archive file i was able to restore the lvm configuration as it was before the lvm volume was deleted.

The command:

"vgcfgrestore -l VolGroup00"

shows a list of backed up configurations.

I found that the correct configuration was in the file "/etc/lvm/archive/VolGroup00_00054.vg".

Running "vgcfgrestore -f /etc/lvm/archive/VolGroup00_00054.vg" did the trick.

Thursday, February 18, 2010

Automounting on Linux !!

Let's learn the concept of automounting quickly.
To enable a Samba share to be mounted when a machine boots,
edit the /etc/fstab file to include the following:


//server/share /mount/point smbfs username=[username],password=[password] 0 0



Where server is the Samba server name, share is the Samba share and /mount/point is the directoy on the local machine to mount to. The username and password options are of a valid user on the Samba server who has access to the Samba share you are trying to access.



Edit the /etc/fstab file





LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda3 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
//server/share /mount/point smbfs username=[username],password=[password] 0 0




Substitue [username] and [password] with the appropriate credentials of a valid user on the Samba server.



If you want to use the autofs service to mount SMB shares then follow the instructions below.



Edit the /etc/auto.master file





# $Id: auto.master,v 1.2 1997/10/06 21:52:03 hpa Exp $
# Sample auto.master file
# Format of this file:
# mountpoint map options
# For details of the format look at autofs(8).
/misc /etc/auto.misc --timeout=60




Edit the /etc/auto.misc file





# $Id: auto.misc,v 1.2 1997/10/06 21:52:04 hpa Exp $
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# Details may be found in the autofs(5) manpage

cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom

samba -fstype=smbfs,username=[username],password=[password] ://server/share

# the following entries are samples to pique your imagination
#linux -ro,soft,intr ftp.example.org:/pub/linux
#boot -fstype=ext2 :/dev/hda1
#floppy -fstype=auto :/dev/fd0
#floppy -fstype=ext2 :/dev/fd0
#e2floppy -fstype=ext2 :/dev/fd0
#jaz -fstype=ext2 :/dev/sdc1
#removable -fstype=ext2 :/dev/hdd




Issue the command service autofs restart so that the new changes will take effect.



Browsing to the /misc/samba directory should reveal the Samba mount.