VelcroHurts

Sunday, October 13, 2013

Playing in the SAN

Today we are going to use TGT Project to do an iSCSI mapping of some raw storage on a Linux box.
This is a quick and dirty setup, being that it I would not recommend using this in a high production environment or for an extended period of time if you do. In my head, this is just something to do a stop gap on your storage needs.
Also, I highly recommend separating your iSCSI traffic from by different VLANs, as well as using a dedicated iSCSI initiator card instead of the Windows/Linux iSCSI initiator. But this is just my two cents, and its your network.

Verify that your iSCSI network card is present in the system and that you know what device it is, in my example here it is NIC 3, eth2.
[root@CentOS03 ~]# ifconfig -a
eth1 Link encap:Ethernet HWaddr 00:50:56:98:2A:95
inet addr:172.17.1.67 Bcast:172.17.1.255 Mask:255.255.255.0
inet6 addr: 2601:9:1400:11c:250:56ff:fe98:2a95/64 Scope:Global
inet6 addr: fe80::250:56ff:fe98:2a95/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:79145 errors:0 dropped:0 overruns:0 frame:0
TX packets:5167 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18240397 (17.3 MiB) TX bytes:756186 (738.4 KiB)

eth2 Link encap:Ethernet HWaddr 00:50:56:98:50:F1
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Next we want to set an IP for it, and if it is possible I like my iSCSI NIC to match my servers last octet. My servers IP is 172.17.1.67 so for iSCSI on the separate subnet I will be using 192.168.1.67, just for consistency.

[root@CentOS03 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth2

Disk /dev/sdb: 107.4 GB, 107374182400 bytesvim /etc/sysconfig/network-scripts/ifcfg-eth2

DEVICE=eth2

HWADDR=00:50:56:98:50:F1

TYPE=Ethernet

ONBOOT=yes

IPADDR=192.168.1.67

NETMASK=255.255.255.0

NM_CONTROLLED=yes

BOOTPROTO=none

~
~
~

As you can see above, I just copied the eth1 config for eth2. There is no issues with my shortcuts here, just make sure you rename the parts in orange to match your settings, and remove the gateway.

And turn on the second NIC.

[root@CentOS03 ~]# service network restart

Shutting down interface eth1: [ OK ]

Shutting down loopback interface: [ OK ]

Bringing up loopback interface: [ OK ]

Bringing up interface eth1: [ OK ]

Bringing up interface eth2: [ OK ]

If you do not see eth2 come active, your config has an issue. Try removing the UUID line as well as verify your settings.

Next verify the storage is present, I still like to use fdisk -l shows all the disks in the system, and that is a lower case L

[root@CentOS03 ~]# fdisk -l

My drive is showing as /dev/sdb, so note yours for use in a few moments.

Disk /dev/sdb: 107.4 GB, 107374182400 bytes

Now is when we start the magic, we install the TGT Project tools via YUM.

[root@CentOS03 ~]# yum install scsi-target-utils

This will take about a minute, and you will have to approve all the dependance packages. My video shows more detail, but the files are in the same location. You want to edit the targets.conf for your device. There are a lot of options available in the configuration, but I was going for a quick functional, not secure.

[root@CentOS02 terminfo]# cd /etc/tgt/

[root@CentOS02 tgt]# ls

targets.conf

[root@CentOS02 tgt]# vim targets.conf

Give the target an iSCSI ID, and a target ID and then the path to the storage. direct-store is full access to the unformatted disk.

direct-store /dev/sdb

</target>

The server that I wanted it mapped to is a Windows Server 2008 R2. So I have a second NIC installed, on the same subnet.

I fired up the iSCI initiator and put my IP in the Target field in the Target tab and it connected.

Your milage may vary.

Saturday, October 5, 2013

Kingdom of the blind

Before we start, here is a video link to the installation process.

With the introduction of Windows 2012 there was a large change with how to deploy domain controllers. There is no more DCPromo, it sends you to a link to here that tells you to install Active Directory with the Server Manager.

In the server manager select Manage > Add Roles and Features

This will open the Add Roles and Features Wizard, on the first screen it will ask you to make sure your server is updated, has a stronger admin password, and has been updated.

You want to select Role-based or Feature-based installation and then Next

On the Sever Selection page verify the host name and the IP address and then select Next

In the Server Roles page you want to select Active Directory Domain Servers, then choose Add Feature, and then DNS and Add Feature and then Next

On the Features page verify that Group Policy Management is selected and then click Next.

There is nothing really to select on the AD DS page so select Next

The DNS Server page will give an error across the top saying that no DNS server has been authenticated for the domain, at this point it is an OK warning, so select Next.

On the Confirmation page select install.

It will take a few moments to install the features and afterwards you will see a message that the installation was successful, so select Close.

After clicking Close, go back to the Server Manager page, there will be a new exclamation point there, it will be claiming that the server needs to have the roles and features you just installed configured.

Select the box for Promote this server to a domain controller

If this is the first domain controller in your forest, select Add New Forest and type the name of your domain.

You want to select the domain functionality level for your domain, if you are going to have 2008 or even 2003 domain controllers, select the functionality accordingly.

You will also want to type a password for the Directory Services Restore Mode, this is handy incase you ever have any problems with the server.

When you click next, you will get a warning about DNS not being configured for this domain. This is the step that will allow for DNS configuration for your domain, so go ahead and click next

The Additional Options will install the NetBIOS name services on the domain controller. This should come populated with the top level of your domain name, but you can change it to be something different

Next it will prompt you for the location of the AD DS Database, the AD log files and the SYSVOL. I usually leave these defaulted to C:\Windows\ but again, you can change the paths to suit your needs or environment.

Then we get to the Review Options stage, and that is where we verify all of the settings we just set.

Just review and make sure everything is how you set it and where you want it then select Next

* Note: There is a View Script button here, you can use this to create a PowerShell script to deploy the next domain controller from the command line.

At this point we will be at the Prerequisites Check and this stage will take a few minutes to run, and it should come back with some warnings.

The warnings I received were for the domain controller encrpytion level being compatible with Windows NT 4, for the DNS server not being installed, and for having DHCP enabled on my IPv6 interface on my single NIC.

At this point we want to install.

This will take more than a few minutes and there will be a reboot that is required with this.

After the server reboots make sure you logon with the domain\Administrator user and verify that you can manage things with Active Directory Users and Computers.

And you are set.

Saturday, September 28, 2013

And then we connected

One of the first things I ever learned with RedHat systems was the file /etc/sysconfig/network-scripts/ifcfg-eth0 is used to configure the primary network adapter.
I say that I cannot always remember these settings off the top of my head, because I really don't remember all of them.
I remember that it should look something like this

DEVICE=eth0
HWADDR=00:00:00:00:00:00
TYPE=Ethernet
ONBOOT=YES
IP{something}=10.10.10.100
GATEWAY=10.10.10.1
NETMASK=255.255.255.0
BOOTPROTO=none

but there are so many more flags, that is just all i remember from the top of my head. Is this good enough to get by? Sure, but honestly, at this stage I should know all the command options available, like how to create a NIC bonding (ifcfg-bond0), or what NW_CONTROLLED=yes/no means.
So lets write this out in a little detail and get those brain cells firing and review the bulk of the options and what they are.

Device=eth0
This one should be obvious, it is the name of the network card, it should be the same as the device listed in ifconfig, so if the device is eth1 the file name should be ifcfg-eth1 and be listed as DEVICE=eth1

HWADDR=00:00:00:00:00:00
This is the mac address of the adapter. If you need to compare it do an ifconfig -a and it will show you all the details of all interfaces. Since I am currently working within a VM, I have two adapters, lo and eth0

[root@CentOS01 ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0C:29:6E:8C:BD
inet addr:10.10.10.100 Bcast:10.10.10..255 Mask:255.255.255.0
inet6 addr: 2601:9:1400:11c:20c:29ff:fe6e:8cbd/64 Scope:Global
inet6 addr: fe80::20c:29ff:fe6e:8cbd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:452 errors:0 dropped:0 overruns:0 frame:0
TX packets:93 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:41651 (40.6 KiB) TX bytes:12272 (11.9 KiB)

The HWaddr I happen to have landed is 00:0C:29:6E:8C:BD so this would be my MAC address.

TYPE=Ethernet
If it is a network adapter the the type is Ethernet, in general though, the TYPE= can be left out or matched to the type of device.

ONBOOT=yes
This means it will be enabled when the system reboots

IP{something}=10.10.10.100
This turns out to be IPADDR= and this would be the IP address of the system. You can enter any acceptable IP address in this value, just make sure its on your network/subnet

NETMASK=255.255.255.0
Without going into too much detail this is the subnet mask of your network. It is generally a 255.255.255.0 for a /24 and is adjusted with that range.

GATEWAY=10.10.10.1
I have noticed that the Gateway can live in different locations on the system, and can even be set manually with the route command. ( route add default gw 10.10.10.1 netmask 255.255.255.0)
I just like to put it in the ifcfg-eth0 file out of habit.

BOOTPROTO=none
This is mainly used to control if the server is on DHCP or static IP address. If you want to use DHCP change the BOOTPROTO=dhcp and this will overwrite all the IP Address settings you have configured. Don't believe me, try it out.

Now we get to the parts that I dont have fully commited to memory.

USERCTL=NO
This allows the standard user to interact with the interface. On servers it should be NO but on workstations YES is fine.

UUID=e89cd5ff-22ff-49b4-9d77-94777e90e6d3

This is just a unique identification number for the NIC, because sometimes you can run across a MAC address that is duplicated, think LARGE VMware environment. This number can be created and changed by running uuidgen and then copying the new number into its place.

NM_CONTROLLED=no

By enabling this you give the Network Manager daemon control of the network device.

This can be good or bad, but if you are having random issues, say the network card does not work on system boot, switch this to NO and setup the IP manually here.

Ok so it turns out I do remember most of the options for making a network adapter work.

Also, do not forget to edit your /etc/resolve.conf with your DNS settings or else you will not get out.

Tuesday, August 13, 2013

Multiple NICs and You

Have you tried to configure more than one network card on more than one network in CentOS 6.x or RedHat 6.x yet? Well I did, and I was in for a surprise!
Turns out, that you cannot do it on CentOS easily. I tried this one several servers and even though the IP shows up, I could not ping it from the second network. It was a pain.
Working example is I have interface one configured as 10.20.0.100 netmask 255.255.255.0
I wanted interface two configured on 10.200.0.100 netmask 255.255.255.0
After going crazy verifying every setting in my /etc/sysconfig/network-scripts/ifgcfg-eth0 and ifcfg-eth1 files I found this blog post http://www.virtualizationteam.com/cloud/how-to-get-redhat-6-2-linux-second-nic-to-ping.html that was an unrelated product, but the same root cause.
So after reading it i tried the settings they recommended and it worked, i did have to reboot to get it working fully, but that was all.

I then had another server we needed this on and I wanted to dig a little deeper, and make less edits, so i view the file /etc/sysctl.conf and this line stuck out to me

# Controls source route verification

net.ipv4.conf.default.rp_filter = 1

As an experiment I changed the 1 to a 0 for

# Controls source route verification

net.ipv4.conf.default.rp_filter = 0

Reboot and POOF!! Both networks pingable from their respective subnets.

So long story short, it wasnt a routing issue exactly but an issue with reverse packet filtering and how it routes packets out.

Monday, August 12, 2013

Installing Cacti because I want to believe

This is how I installed Cacti for CentOS 6.4
Install all the dependancies first
yum install mysql mysql-server httpd httpd-devel php-mysql php-pear php-common php-gd php-devel php-mbstring php php-cli php-snmp net-snmp-utils net-snmp-libs php-pear-Net-SNMP rrdtool

Make sure that apache and MySQL are set to load on boot.
[root@cacti01 ~]# chkconfig --list | grep -i mysql
mysqld 0:off   1:off   2:off 3:off   4:off 5:off   6:off

Well lets fix this
[root@cacti01 ~]# chkconfig mysqld on
[root@cacti01 ~]# chkconfig --list | grep -i mysql
mysqld 0:off   1:off   2:on   3:on 4:on 5:on   6:off

And the same thing for apache
[root@cacti01 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off   4:off 5:off 6:off
[root@cacti01 ~]# chkconfig httpd on
[root@cacti01 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

And one shot check and startup for SNMP service
[root@cacti01 ~]# /etc/init.d/snmpd status
snmpd is stopped
[root@cacti01 ~]# chkconfig snmpd on
[root@cacti01 ~]# /etc/init.d/snmpd start
Starting snmpd: [ OK ]

Start the web services.
[root@cacti01 ~]# /etc/init.d/httpd start
root@cacti01 ~]# /etc/init.d/httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for cacti01
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]

This error is ok for the moment, i just need to install Cacti and setup a domain name for it, so moving on to MySQL
To start the database took a little more than I was expecting...
[root@cacti01 ~]# /etc/init.d/mysqld start
Initializing MySQL database: WARNING: The host 'cacti01' could not be looked up with resolveip.
[... Edited down ..]
Starting mysqld: [ OK ]

Part of the message with the first run of the MySQL was to set a root password with the following command, so i did
[root@cacti01 ~]# /usr/bin/mysqladmin -u root password 'SuperDuperMultiSystemPasswordForBlog'

I verified that i could connect to the database.
I also created a Cacti user for the local host
[root@cacti01 ~]# mysql -u root -p

mysql> create user 'cacti'@'localhost' identified by 'SuperDuperMultiSystemPasswordForBlog' ;
Query OK, 0 rows affected (0.00 sec)
mysql> create database cacti ;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on cacti.* to 'cacti'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
[root@cacti01 ~]#

Now then whats next...
Oh yeah the download of the magical mystical Cacti software
Because I didnt feel like spending the night compiling cacti from source, I cheated slightly. Hey its a RedHat I am allowed to...
I added the rpmforge release of it. Instructions can be found here http://www.tecmint.com/install-and-enable-rpmforge-repository-in-rhel-centos-6-5-4/

[root@cacti01 ~]# yum install cacti
[... EDIT ...]
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
cacti noarch 0.8.8a-1.el6.rf rpmforge 2.0 M

[... more Edit ...]
Is this ok [y/N]: Y
and wiz bang installed!

Find out where the database template for Cacti was put
[root@cacti01 conf]# rpm -ql cacti | grep cacti.sql
/var/www/cacti/cacti.sql

and install it
[root@cacti01 conf]# mysql -u cacti -p cacti < /var/www/cacti/cacti.sql

Next locate the config file and set your database parameters
[root@cacti01 include]# vim /var/www/cacti/include/config.php

All i had to change were the following lines

$database_username = "cacti";
$database_password = "cacti";

Allow your network to access the web server
[root@cacti01 cacti]# vim /etc/httpd/conf.d/cacti.conf
Add the Allow line but make sure it matches your subnet
deny from all
Allow from 10.0.0.0/8

Don't forget to make the IP Tables exception, or just turn it off. For my example off it went
[root@cacti01 cacti]# /etc/init.d/iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@cacti01 cacti]# chkconfig iptables off

Now we get to the GUI side of it, and you can do the web based install.
You want to select New Install
On the next section everything should be green, if it isnt, you missed a step so go back and find your missing dependancies.
SNMP Utility Version - NET-SNMP 5.x
RRDTool Utility Version - RRDTool 1.3.x
And then Finish, login, and change your password.

Now you are on your own for finding your device MIPs and configuring them

Wednesday, May 1, 2013

Exchange Mobile Devices

I have been traveling a lot for work, and have not had a chance to make a post, but here we go tonight.
I have seen a few people who work for companies that use Microsoft Exchange, and I can only hope that it is Exchange 2010. But they do not force the users to password the mobile devices, they should.
In my elitest view of things I believe that your mobile phone should be guarded at all costs, it is your lifeline to your friends, your family, your bank accounts, and I am willing to bet a reminder for your next doctors appointment. So why not at least password it?
This is an admin guide on how to force users to password their phones if you are on Exchange 2010, anything else, you need to figure out yourself.

You want to start by going to the Exchange Management Console (EMC) and going to Organization Configuration > Client Access
Then select the Exchange ActiveSync Mailbox Policies tab

Once you can create a new policy to deploy to select users, or a global policy that is defaulted on for all users.

If you want to test it out on a few select users, you can create a new policy. It prompts you for a name, and you can choose the options you want to enforce here as well.

When you hit New it will give you a timer and then a completed.
Once your new policy displays in the EMC, you should open it up and review all the settings it did not show you when you were creating. You can do things like prevent users from accessing their camera or their bluetooth devices.

Now that you have the policy it is time to apply it to some users, for your testing.

!!!NO SCREEN SHOTS FOR THIS SECTION!!!

This is done in under the Recipient Configuration > Mailbox.
Select your user then properties> Mailbox Feature tab > Exchange ActiveSync and then the arrow above it for properties.
This will let you select from one of the existing Exchange ActiveSync Policies that you have, or the test on your have just created.

Alternatively you can change the policy via PowerShell script.
Get-CASMailbox -Identity smcgroarty@velcrohurts.net -ActiveSyncMailboxPolicy "StephenTestPolicy"

After your testing, you can switch this over to the default policy by right clicking on it under Exchange ActiveSync Mailbox Policies and selecting "Set as Default"

Sunday, April 14, 2013

HP Touchpad - All Space

I just posted how to Factory Refresh your HP TouchPad. That guide does not include the steps for recovering all space and deleting all data. That is this post.

Downloaded items you will need:

PalmWebOS SDK - here
Recovery uImage - here
WebOS Doctor 3.00 - From Palm.com

Mount the Palm WebOS SDK.dmg and install the mpkg file, it will install under /opt/nova/bin/

You want to boot into the recovery by either of the following steps

Power off the device, then power it back on by holding Volume UP and Power
Your moboot menu and selectin 'boot weOS Recovery'

Once you have booted into recover, you want to run the following command, this is the full path but you can shortcut it.

/opt/nova/bin/novaterm boot mem:// < /Users/smcgroarty/Downloads/nova-installer-image-topaz.uimage

This will load you into a boot prompt that looks something like this

root§webos-device:/#

Once at this prompt you want to delete all the partitions and re-create them required system once.

You can either copy and paste the following or type them all out manually.

If you cut and paste them do it one line at a time, some lines have a prompt.

lvm.static vgscan --ignorelockingfailure

lvm.static vgchange -ay --ignorelockingfailure

lvm.static vgremove store

lvm.static vgscan --ignorelockingfailure

lvm.static vgchange -ay --ignorelockingfailure

lvm.static vgcreate -s 8M store /dev/mmcblk0p14

lvm.static vgscan --ignorelockingfailure

lvm.static vgchange -ay --ignorelockingfailure

lvm.static lvcreate -l 71 -i 1 -M y --major 254 --minor 0 -n root store

lvm.static lvcreate -l 8 -i 1 -M y --major 254 --minor 1 -n var store

lvm.static lvcreate -l 2 -i 1 -M y --major 254 --minor 2 -n update store

lvm.static lvcreate -l 3 -i 1 -M y --major 254 --minor 3 -n log store

lvm.static lvcreate -l 32 -i 1 -M y --major 254 --minor 4 -n mojodb store

lvm.static lvcreate -l 17 -i 1 -M y --major 254 --minor 5 -n filecache store

lvm.static lvcreate -l 1618 -i 1 -M y --major 254 --minor 6 -n media store

lvm.static lvcreate -l 64 -i 1 -M y --major 254 --minor 7 -n swap store

lvm.static vgscan --ignorelockingfailure

lvm.static vgchange -ay --ignorelockingfailure

mkdosfs -f 1 -s 64 /dev/store/media

Once you have recreated the file system, hold the home button and the power button to turn off the tablet.

Turn it back on and hold the Volume Up+Power to get back into recovery mode.

Once in recovery mood, click on the webosdoctorp300hstnhwifi.jar file, WebOS Doctor 3.04 will not work for this part.

Follow the on screen prompts, and when you get to the install drivers, you want to skip that part that installs the drivers, and it will still install.

It will take about 10 minutes to install the software, and about 5 minutes to boot afterwards.

Once you have booted and sighed in you can verify and the free space should be around 13GB.

Extras:

After you do the install of 3.0 you can login and do the update to 3.05. It will take about 15 minutes to do the update.