Blogs

List threads with ps and top

Submitted by sandip on Thu, 10/28/2010 - 10:04

The "H" option in both ps and top lists the threads:

Examples:

ps auxwH

top H

»

Redirect ports inside OpenVZ containers

Submitted by sandip on Sat, 10/16/2010 - 23:14

For port redirection to work inside OpenVZ containers, ipt_REDIRECT kernel module needs to be loaded in the host. Edit "/etc/sysconfig/vz" and add it to the IPTABLES list.

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_owner ipt_length ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_recent ipt_REDIRECT"

This should then allow to redirect ports. So if you need to proxy existing apache via nginx or lighttpd and you do not want to switch apaches' default port 80, then the below rules will do the appropriate redirection to port 81 where nginx/lighttpd server is listening, serving static content and proxying to apache for dynamic content:

# Redirect external web traffic to port 81
iptables -t nat -A PREROUTING -s ! 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 81

# Redirect internal port 80 to 81
iptables -t nat -A OUTPUT -s 0/0 -d 192.168.10.2 -p tcp --dport 80 -j REDIRECT --to-ports 81

Where 192.168.10.2 is the internal IP resolver of domain/host.

»

clear out nginx cache

Submitted by sandip on Wed, 10/13/2010 - 16:15

nginx

If you are switching out static content that have gotten cached in nginx, the head of the cached files usually stores the file path that can be greped for and the file removed. One you hit the url again, it will recreate the new cached file at the same location.

find /var/cache/nginx -type f -exec grep -l /path/to/oldfile.css {} \;

»

Clean up config files

Submitted by sandip on Tue, 10/12/2010 - 21:53

Bash

Below are one liners to clean out all comment and blank lines with grep and sed, usually in config files.

grep -v "^#\|^$" <conf_file>

or

grep -v "^\#" <conf_file> | sed '/^$/d'

»

Enabling md5 shadow password with authconfig

Submitted by sandip on Sat, 10/02/2010 - 14:44

If you notice that /etc/shadow file password is using DES encryption, MD5 encryption can be enabled via:

authconfig --enablemd5 --enableshadow --update

If authconfig is not present edit, "/etc/pam.d/system-auth" and add "md5 shadow" to line starting with "password sufficient pam_unix.so" so it looks like below:

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok

»

Migrating Sendmail Mail Server

Submitted by sandip on Sat, 10/02/2010 - 00:13

Below is how I have migrated mail server with minimum downtime and routing mail to the new server via mailertable, if IP is still pointing to the old server and has not resolved for some ISPs.

48 hours prior to migration, set the TTL value for the mail server DNS A record to a short time like 15 minutes.
Prepare for the migration, rsycing the mail spool folder and the user home mail folders.

rsync --progress -a -e "ssh -i /root/.ssh/key -p 22" old.mailserver:/var/spool/mail/ /var/spool/mail/ rsync --progress -a -e "ssh -i /root/.ssh/key -p 22" old.mailserver:/var/www/web1/mail/ /var/www/web1/mail/ rsync --progress -a -e "ssh -i /root/.ssh/key -p 22" --exclude='*/bak' --exclude='*/web' old.mailserver:/var/www/web1/user/ /var/www/web1/user/
At the time of migration, firewall incoming port 25 on the old mail server and update the DNS A record to point to the new server.
Run rsync the final time.
Setup Sendmail with mailertable to relay mail coming in to the old server over to the new mail server. This is a similar setup for secondary mail servers.
Add "FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl" to "/etc/mail/sendmail.mc" if it does not already exist.
Create "/etc/mail/mailertable" file with contents of the routing table:

domain.tld esmtp:[xxx.xxx.xxx.xxx]

The square brackets skips checking MX records, so IP can be used instead.
Remove domain name from "/etc/mail/local-host-names" so mails do not get delivered locally.
Edit "/etc/mail/access" to relay mail for the domain.

TO:domain.tld RELAY
Rebuild the access and mailertable databases.

cd /etc/mail makemap hash access.db < access makemap hash mailertable.db < mailertable
Restart sendmail and open up the firewall.
Test by telneting to port 25 on the old servers' IP and sending email. This should get relayed over to the new server.
Use a new subdomain and redirect existing webmail url to the new server.

»

Check glue record for domain

Submitted by sandip on Tue, 09/14/2010 - 08:56

If you've just made any changes to the nameservers, you can verify if this has propagated at the root level.

Check root servers for the corresponding tld first. So for .com domains:

dig ns com

The output is as below:

;; ANSWER SECTION:
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.

Now query the root servers for the corresponding domain:

dig ns edices.com @g.gtld-servers.net

The additional section from the result with the IP address show the glue records.

;; AUTHORITY SECTION:
edices.com.             172800  IN      NS      ns1.edices.com.
edices.com.             172800  IN      NS      ns2.edices.com.
edices.com.             172800  IN      NS      ns3.edices.com.

;; ADDITIONAL SECTION:
ns1.edices.com.         172800  IN      A       207.44.207.121
ns2.edices.com.         172800  IN      A       207.44.206.16
ns3.edices.com.         172800  IN      A       67.228.161.76

»

Speed up SSH

Submitted by sandip on Thu, 09/09/2010 - 17:04

ssh
sshfs

Try setting up ssh client with compression and use arcfour/blowfish encryption instead. Also avoid ipv6 lookup and reuse connections using
socket:

Add below to ~/.ssh/config

Host *
 Ciphers arcfour,blowfish-cbc
 Compression yes
 AddressFamily inet
 ControlMaster auto
 ControlPath ~/.ssh/socket-%r@%h:%p

»

Troubleshooting device or resource busy

Submitted by sandip on Tue, 09/07/2010 - 15:40

In order to extend an lvm partition, I had to unmount the mounted volume.

When I tried to umount the volume, it complained about device being busy.

When I tried to find the process using the device with, `fuser -m /dev/vg0/lv0` it returned nothing. So did a lazy umount with:

umount -l /dev/vg0/lv0

However, after extending the partition with lvextend and running e2fsck on the volume, it then complained that the device was still busy and failed to check the volume.

I then realized that most probably caused by nfs mounts. Once I stopped the nfs service, I was successfully able to check the volume.

»

vzdump of CentOS

Submitted by sandip on Sun, 08/29/2010 - 15:01

Current versions of vzdump has dependency for cstream and perl-LockFile-Simple, both available via rpmforge. Below is how I got it to install and run on CentOS-5.5 x86_64 architecture.

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
yum --enablerepo=rpmforge install cstream perl-LockFile-Simple
rpm -ivh http://download.openvz.org/contrib/utils/vzdump/vzdump-1.2-4.noarch.rpm

It's necessary to export the location of the PVE libraries that vzdump requires. This can be added to ".bash_profile":

export PERL5LIB=/usr/share/perl5/

»