Tuesday, 23 April 2013

IT the importance of planing

IT the importance of a planning

I am going to touch on a subject which I have been bragging for long time. The importance of a plan.

I have come across many IT professionals, who start a task, to find thenselves in the middle without being able to a) proceed b) to go back.
That indicates a clear lack of planning.

I'll tell you a story, I am not going to name people and I am not going to give too many details, but the point will be made.
I asked one of the Sys Admins to move a server. It is a simple task, but depending on how the server is configured and how the network is configured, it may require some thought.

Let's say each server has 6 NICs.
Each pair of NICs is bonded and connects to different networks, separeted by VLANs.
Each NIC must be plugged onto a specific switch port and specific switch.

If you have knowledge of the network and has moved servers around many times, it is probably a simple task.

But lets say, you don't have much knowledge of the netwok, then you power the server off, unplug all cables, just to find yourself stuck trying to guess where each cable should be plugged.

What could be done differently in this case scenario is
  1. Take a picture of the back of the server.
  2. Take note of how many cables are connected
  3. Where each cable is connected to
  4. Familiarise yourself with the network
  5. Try and get a Network diagram
  6. A spread sheet with all the connections
Now think about if it is in the middle of the night, you cannot contact anyone and the server must be avilable by morning?

Things can be easier, if before you start doing the work:
  1. You make a plan
  2. Break down the task into steps
  3. Gather necessary information to do your work
  4. Get someone available in case you need help.
  5. Think of what you need and prepare before starting the work
  6. Check which services were running on the server
  7. check the disks, lights, power supplies connected
  8. Test the cables or just have spare cables available
  9. If for any reason, halfway through, you cannot proceed just make sure you can at least get the server back where it was and how it was.
Let me make an analogy; if you borrow a phone from a friend, I think it is your duty to make sure you give your fried's phone back the way you received it.

Planning does take a bit of time, but in the end it will save you a lot of headaches.

Hope you enjoy this post

by Renato de Oliveira








Juniper Chassi Cluster - Connect from Node 0 to Node 1 and vice versa

 If you run a Juniper cluster, from time to time you need to connect from one note to another.
To reboot the second node, or to simply check the system status.

Let's say you log onto node 0 and you want to reboot node 1.


Connect to to node 1
root@firewall> request routing-engine login node 1

Once you are connected to node 1, you can just request a system reboot.

root@firewall> request system reboot

I hope you enjoy this command, it made my life easier few times.

by Renato de Oliveira

Tuesday, 16 April 2013

How DNS works on Linux


How DNS works on Linux

Whenever we contact a server by its name whether by ping, browsing for example, this is what happens.



The resolver’s libraries get invoked (Resolvers are just C libraries, which look up IP addresses and map them to names). These libraries read the configuration files /etc/hosts.conf (older Linux) or /etc/nsswitch.conf (newer Linux) each time they are called.

Depending on how these libraries - /etc/hosts.conf and /etc/nsswitch.conf - are configured, the resolvers will choose to use /etc/hosts FILE, DNS or NIS for mapping IPs to names.

My Linux servers use the new glibc, so the configuration file they will check is the /etc/nsswitch.confm see a snippet of this file below:

# hosts: db files nisplus nis dns

hosts: files dns

 

This is telling us:

Check first /etc/hosts file. If the address is not found on the /etc/hosts file, check DNS.

If DNS is requested, another configuration file gets read: /etc/resolv.conf. The /etc/resolv.conf should be set with the nameservers for the network. See an example below:

 

# cat /etc/resolv.conf

domain adlinux.int

search adlinux.int

nameserver 192.168.1.22

 

The resolver’s libraries will extract the ‘nameserver’ from the resolv.conf file and query them, to map www.google.com to its IP address.

 

The nameserver in turn, if authoritative for the DNS zone where www.google.com resides, will look the name up in its own database and return Google’s IP. If the nameserver is not authoritative for the zone, which is most likely, then it will return another IP for another nameserver, which can resolve .com.

 

Then the .com nameservers will be queried and they will look up in their own databases, and return an IP address for the authoritative nameserver for google.com domain.

 

Another query will be initiated to the google.com authoritative DNS server, and this time, it will look in its own database and find an IP address which matches a host named www.

Guys, this is the first version of this post. I will try and correct the mistakes and improve it.
This should give you a good idea how names are resolved on Linux.

I hope it will be useful to you

by Renato de Oliveira

Juniper SRX: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE


Juniper SRX: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE
 Today I looked at my Juniper firewall and I saw an amber light. This means an alarm!.
I logged to it, and I was greeted by the Warning message below:
root@192.168.1.1's password:
--- JUNOS 11.2R4.3 built 2011-11-24 08:11:51 UTC
**********************************************************************
**                                                                   **
**   WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE     **
**                                                                   **
** It is possible that the primary copy of JUNOS failed to boot up   **
** properly, and so this device has booted from the backup copy.     **
**                                                                   **
** Please re-install JUNOS to recover the primary copy in case       **
** it has been corrupted.                                            **
**                                                                   **
***********************************************************************
 
I started investigating it and this is the reason.
If your SRX Firewall is unable to boot from the primary JUNOS OS image, and instead boots from tha backup root partition, you will see this messsage.
 
The way to solve this problem is by issueing the command below:
 
root@192.168.1.1> request system snapshot slice alternate
 
Note:  After the procedure, the primary root partition will contain the same version of JUNOS as the backup root partition.
 
This will clear the alarm and make your SRX boot successfuly from the root partition.
 
Hope you enjoy this post
 
by Renato de Oliveira
 

Monday, 15 April 2013

Eu olho pela janela

Eu olho pela janela
Vejo o ceu escuro
As estrelas sapiscam o ceu
Parecem manchas no escuro veludo
sao tao pequenas
Tao distantes
Brilham
Num ceu escuro e intrigante
Quando eu olho pro ceu
Eu penso no meu passado
Parece tao distante
Mas tao presente
Memorias
Cheiros
Cores
Fotos tiradas pelos meus olhos
Eu olho pela janela
Vejo o ceu
Pensamentos correm pela cabeca
Onde eu estou
Porque estou aqui
Quando sera que vou partir?
Nada faz sentido
Tudo se move rapido
Num constante agito
As estrelas gritam a luz
O ceu grita a escuridao
a Noite pede calma
pessoas passam pelas ruas
Acordam o silencio
mes pensamentos nunca dormem
estao sempre a passsear
correm e saltam pela minha memoria
sera que eu existo
como foi que eu vim parar aqui?
Sera que eu nao sou so um pensamento?
Eu olho pela janela
Ja nao vejo as estrelas
O ceu ta escuro e nublado
Uma neblina fina
Que cobre tudo devagar
Eu ja nao pensao mais
Talvez ja nem sinta
as horas passam
e nada muda
tudo muda,
Sera que eu nao percebi?
Nem vejo mais estrelas,
Nem sei se olho mais pela janela
Sera que a janela existe?
Sera que nao e tudo um sonho
ou um pesadelo
Atormentado
a procura de uma janela
por onde eu vejo
um ceu estrelado
que me acalma e da tranquilidade
O que e tranquilidade?

by Renato de Oliveira

Fim de Tarde


Fim de tarde
A luz comeca a morrer
Todas as cores se suavisam
Num tom tranquilo de pastel
O ceu vai se alaranjando
O sol devagar vai se escondendo
No horizonte suavizado de rosa
A lua vai despontando
Devagar vai surgindo
O dia vai escurecendo
Os passaros ainda cantam
Num tom meio melancolico
Como se sentissem saudades
Do dia que diz adeus
Sao tantas cores suaves
De um fim de tarde
que comeca a morrer
Morre a luz tristemente
No horizonte melado de rosa
Morre os cantos dos passaros
Que se agasalham nos seus ninhos
Tudo vai ficando devagar
Se preparando pra dormir
As estrelas comecam a pontilhar
e o dia vai morrendo
as cores desaparecendo
tudo vai escurecendo
o fim de tarde
vai acordando a noite
e a noite vai cobrindo o dia
e tanta magia
tanta beleza
Tanta tranquilidade
que nos da a natureza
um magestoso fim de tarde
Coberto de alegria e tristeza

by Renato de Oliveira

How to Install and configure Apache on Red Hat/Centos 6.x


How to Install and configure Apache on Red Hat/Centos 6.x

Apache is the most used web server on the Internet. It is reliable, fast, easy to set up, relatively secure and the Apache Foundation is on top of patches.

I thought you might want to see how easy and nice it is to work with it, so I decided to write a post.
I’ll show you how to get it installed, configured and set up a Name Based Virtual Host.

Packages Dependencies

·         httpd.x86_64

·         apr.x86_64                                   

·         apr-util.x86_64                                                      

·         apr-util-ldap.x86_64

·         httpd-tools.x86_64                      

·         mailcap.noarch

Install all packages

[root@centos63 dhcp]# yum install httpd.x86_64 apr.x86_64 apr-util.x86_64 apr-util-ldap.x86_64 httpd-tools.x86_64 mailcap.noarch –y

Once all the packages above have been installed, we can start configuring Apache.

Apache Configuration File

Apache main configuration files, reside on /etc/httpd/conf.

On Red Hat based distributions, Apache is named ‘httpd’, and its configuration files are located on /etc/httpd, its logs are stored on /var/log/httpd and the actual content or the root directory is located on /var/www/html.

Let’s explore it

[root@centos63 dhcp]# cd /etc/httpd/conf

[root@centos63 conf]# ls -l

-rw-r--r-- 1 root root 34418 Dec  5 08:59 httpd.conf

[root@centos63 conf]# vi httpd.conf
 

Note: Apache config file is very extensive; it has directives for many things. I’ll show you how to get it up and running quickly. I’ll show you more complex things on other posts i.e. mod proxy and mod rewrite which are quite useful, I think.
 

Directives to set

Email

ServerAdmin root@localhost

Change it to your email address, for example:


Server Name

#ServerName www.example.com:80

Uncomment the line above and change it to your Server’s name. For example:

ServerName www.renpippa.co.uk

That is how easy it is to get it up and running.

Setting up a virtual host

If you have multiple websites being hosted on the same server and the server only has a single public IP address, virtual hosts will help you immensely. This is also called ‘Named-Based Virtual Hosts’

 
[root@centos63]# cd /etc

[root@centos63 etc]# vi /etc/hosts
192.168.1.34  centos63 centos63.adlinux.int www.centos63.co.uk www.renpippa.co.uk

[root@centos63]# mkdir /var/www/www.centos63.co.uk

[root@centos63]# touch /var/www/www.centos63.co.uk/index.html

[root@centos63]# echo “Welcome to WWW.CENTOS63.CO.UK
> /var/www/www.centos63.co.uk/index.html

Note: Replace the names above with your Virtual Hosts Names, the name of the domains you with to host.

[root@centos63 conf]# vi /etc/httpd/conf/httpd.conf

Add the lines below to the bottom of the httpd.conf file, save and quit.

# Virtual Hosts Configuration
NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin webmaster@www.centos63.co.uk
    DocumentRoot /var/www/www.centos63.co.uk
    ServerName www.centos63.co.uk
    ErrorLog logs/www.centos63.co.uk-error_log
    CustomLog logs/www.centos63.co.uk-access_log common
</VirtualHost>

Restart Apache
[root@centos63]# service httpd restart

Open your browser and test teh configuration. If you are using a different PC, you need to add the Domain name to your DNS, or edit your hosts file. If your PC is Linux, all you need is to edit /etc/hosts. If your PC is Windows based, you need to edit c:\windows\system32\drivers\etc\hosts.
 
I hope you enjoy it.

 

By Renato de Oliveira

Sunday, 14 April 2013

How to Setup a DHCP Server on Red Hat/Centos 6.x


How to Setup a DHCP Server on Red Hat/Centos 6.x

DHCP stands for (Host Configuration Protocol). It is used to assign IP addresses automatically at boot time to network clients.
There are basically two ways of assigning IPs to Hosts or devices on any given network; manually or by using an automated method (DHCP Server).

This is my opinion based on past experience.
I think if your network is relatively small, between 10-50 hosts/devices, I would recommend using static IPs instead of a DHCP server. There are pros and cons in doing so.

For example if you need resiliency for your network you will need to start to think about redundancy for your DHCP server. There are options, but things start to become unnecessary complex. I know some sys admins; they use DHCP for everything, including servers. I just think it is not a good idea.

Package requirement
      ·         dhcp.x86_64
      ·         dhcp-common.x86_64

Installing packages
[root@centos63 ~]# yum install dhcp.x86_64 dhcp-common.x86_64 –y

Start-up DHCP service at boot time
[root@centos63 ~]# chkconfig --level 2345 dhcpd on
 
Use the sample configuration to start with

[root@centos63 ~]# vi /etc/dhcp/dhcpd.conf

Note: Copy and paste the lines below:

# Sample DHCP generated by Renato de Oliveira
# http://ukaying.blogspot.co.uk
# option definitions (Domain Name)
option domain-name "adlinux.int";

# Lease time and expiration
default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# DHCP netwok and mask decalaration
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.160;
  option routers 192.168.1.1;
  option domain-name-servers "192.168.1.22";
  option domain-name "adlinux.int";
}

# Fixed IP addresses can also be specified for hosts.  
host linadws01 {
  hardware ethernet 00:0c:29:eb:dc:90;
  fixed-address 192.168.1.160;
}

Note: Make sure you change this file to suit your needs. For example, remember to change Domain Name, IP Addresses, and Name Servers etc.

Start the DHCP Server Service
[root@centos63 ~]# service dhcpd start

Note: If the service fails to start, check /var/log/messages, it will give you a very good idea on what is wrong. Most the time it is syntax or typos.

Testing

On another Linux Server, change the file /etc/sysconfig/network-scripts/ifcfg-eth0 to use DHCP, see below:

[root@centos63 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=”eth0”
BOOTPROTO=dhcp
ONBOOT=yes

Reboot the Client

 
Watch the logs on the server

[root@centos63 ~]# tail –f /var/log/messages

You should see an output similar to the one below:

Apr 14 17:26:44 centos63 dhcpd: DHCPDISCOVER from 00:0c:29:eb:dc:90 via eth0
Apr 14 17:26:44 centos63 dhcpd: DHCPOFFER on 192.168.1.160 to 00:0c:29:eb:dc:90 via eth0
Apr 14 17:26:44 centos63 dhcpd: Dynamic and static leases present for 192.168.1.160.
Apr 14 17:26:44 centos63 dhcpd: Remove host declaration linadws01 or remove 192.168.1.160
Apr 14 17:26:44 centos63 dhcpd: from the dynamic address pool for 192.168.1.0/24
Apr 14 17:26:44 centos63 dhcpd: DHCPREQUEST for 192.168.1.160 (192.168.1.34) from 00:0c:29:eb:dc:90 via eth0
Apr 14 17:26:44 centos63 dhcpd: DHCPACK on 192.168.1.160 to 00:0c:29:eb:dc:90 via eth0

Still on the client, check:

 1.    Its IP address

[root@centos63 ~]# ifconfig

2.    Check its default gateway

[root@centos63 ~]# route –n

3.  Check the /etc/resolv.conf

[root@centos63 ~]#cat /etc/resolv.conf
; generated by /sbin/dhcpclient-script
search adlinux.int
nameserver 192.168.1.22

If you can confirm the results above, then you have successfully setup a DHCP server for your network. If you have problems, just keep an eye on /var/log/messages.

Hope you enjoyed this post.

By Renato de Oliveira  

How to set up an NFS server (Red Hat/Centos 6.x)


How to Install NFS Server on Red Hat/Centos 6.x

NFS stands for (Network File System) it is a mechanism used by UNIX like hosts to share files across networks. There are two versions mostly used NVFv3 and NFSv4 – there are many differences between both. I am not going to cover them.

NFS used to be dependent on a service called portmap and used port 111, which was a bit flaky. NFS is much more reliable and faster than it used to be; we can run it over TCP and across firewalls. I am not going to demonstrate it on this post.

I am not going to go over discussions about security, and how to lock down your NFS server, or open iptables ports. I assume your iptables will be off. Security is a very complex and deep subject. My intention is only to give you the knowledge to set up an NFS quickly and start using it.

Perhaps I’ll write another post on how to secure your NFS server.

Packages requirement

·         nfs

·         nfslock

·         rpcbind

The following RPC processes facilitate NFS services:

·         rpc.mountd

·         rpc.nfsd

·         lockd

·         rpc.statd

·         rpc.rquotad

·         rpc.idmapd


Installing Packages

·         nfs-utils.x86_64

·         nfs-utils-lib.x86_64

·         rpcbind.x86_64


[root@centos63 ~]# yum install nfs-utils.x86_64 nfs-utils-lib.x86_64 rpcbind.x86_64 –y

Services to start at boot time

You need to make sure some important services are running.
 

[root@centos63 ~]# chkconfig --level 2345 rpcbind on

[root@centos63 ~]# chkconfig --level 2345 nfs on

[root@centos63 ~]# service rpcbind start

[root@centos63 ~]# service nfs start

 
Setting up the NFS export

[root@centos63 ~]# mkdir /nfs

[root@centos63 ~]# vi /etc/exports   

 

Add the line below, save and quite the file

/nfs    *(rw)

 
Note: The line about means - export /nfs folder to any client with read and write permissions.

I advise locking it down a bit and export it to your subnet, or single IPs.

[root@centos63 ~]# exportfs –a

[root@centos63 ~]# exportfs

/nfs            <world>

Note: The above command will export your folder configuration.

 
Let’s test it?!

[root@centos63 ~]# mount -t nfs localhost:nfs /media/

[root@centos63 ~]# df -h

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/VolGroup-lv_root

                       47G  1.2G   44G   3% /

tmpfs                 499M     0  499M   0% /dev/shm

/dev/sda1             485M   73M  387M  16% /boot

localhost:nfs          47G  1.2G   44G   3% /media

It works; see the line in red above. This tells us that the file system /nfs is mounted on /media from host ‘localhost’, which is just the same server.

I hope you enjoy this post.

I will at some point write about more complex scenarios, but I would like to give you the initial knowledge, so you can get up and running quickly.

 

By Renato de Oliveira

Saturday, 13 April 2013

Exchange 2010 (mailbox move) and Blackberry Enterprise

Exchange 2010 (mailbox move) and Blackberry Enterprise

We have a group of users which use Blackberry phones at work, to manage these devices we have a Blackberry Enterprise Server or simple BES.

The other day we were moving some users to a new database, and for my surprise some of the Blackberries just stopped communicating with the BES server.

I started to look into this problem it was around 5:30pm, looked at all the logs, eventviewer, firewalls etc.
I looked at space on the BES server, I applied all patches, applied SP2 for Exchange 2010 and no results.

I started to look into the BES service account "BESAdmin" and its permissions. I looked at the registry keys and this is what I found.

If you moved some users to a different Exchange 2010 Database, you need to give the "BESAdmin" permissions to the new Database, see below:

Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible

As a work around you can also do the following:

Create the following  DWORD Reg key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\

- Maximum Allowed Sessions Per User

Note: Just set it to as many connections you need
 
Once you have added the reg key "Maximum Allowed Sessions Per User", you need to restart the service "MSExchange Information Store"

Note: Sometimes this service does not restart properly and you may need to reboot the Exchange 2010 Server.
I would strongly suggest doing this out of hours and make sure you have a back up of your registry.

by Renato de Oliveira

Thursday, 11 April 2013

How to upgrade Exchange 2010 Standard to Enterprise

How to upgrade Exchange 2010 Standard to Enterprise


Recently I was looking at our Exchange 2010 and it was just growing wildly.
I had to introduce some measures to prevent things from escalating to a red alert.
I checked all mailboxes and which users were the culprit, but it is just the way most businesses use their mail system now a day. It is used for pretty much everything.

I thought about defragging the databases (we had 5 databases) and this is the limit for Standard Edition. I though, these databases must be fragmented.
I had a look at each database size and they were each larger than 100GB. To defrag a database that size it would take around 8 hours. I can’t have the server down for 8 hours.

I could create a new database, but I have used all 5 database limit for the Standard version.
I could move all users to a single database, but again this takes a long time, as each mailbox is over 8GB.

I had a look at the price to upgrade to Enterprise edition (it supports over 5 Databases), the cost was not prohibitive, and so I bought it.
Now I can create one database per department, I can move each user to their respective departmental database, empty the old databases and just delete them.

Once you create a new database and move few mailboxes, the new database will be smaller and faster, so no need to defrag and you can simply delete the old database.

Note: Be careful when moving mailboxes, Exchange 2010 generates a lot of logs, for each mailbox moved.  I would suggest keep an eye on your disk, the one which hosts the logs.
It is very easy to change from Exchange Standard to Enterprise. Just run the command below:

Command
Set-ExchangeServer -Identity “your server name” -ProductKey “your Enterprise key”

You will need to restart the information store service.

Note: I would recommend doing this out of hours, so the business does not suffer from a negative impact and downtime.
by Renato de Oliveira