NFS read write access to normal user (permit root read write)

July 16th, 2018

Assume that on SUN ZFS server, you want to create a NFS share which can only be RW to a normal user on a client machine (even root user can not read/write), then you can follow below steps:

  • when creating project, enter the normal user UID/GID and select 755

 

  • in NFS share Protocols tab, set "anonymous user mapping" to nobody, Enter the FQDN of the host you want to mount, and uncheck "Root access"

  • Now have a test on the host, you would find root cannot write, but the user corresponding to the UID/GID specified can.
Categories: IT Architecture, Linux, Systems Tags:

ssh passwordless login with private key

June 7th, 2018

On Server Side:

su - username

cd .ssh/

cat id_rsa.pub >> authorized_keys #if there is no id_rsa/id_rsa.pub, then generate them using "ssh-keygen -t rsa". When prompt for password, leave it empty

On Server Side:

Make sure "RSAAuthentication yes", "PubkeyAuthentication yes" is there in /etc/ssh/sshd_config (restart ssh if modified)

Make sure .ssh is 700, authorized_keys is 600

Copy id_rsa to client side, rename it as "private.key"

On client side:

chmod 600 private.key

ssh -i private.key username@server

Categories: IT Architecture, Linux, Systems, Unix Tags:

resolved – ipmitool Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

January 16th, 2018
If you met below error on physical servers (not VMs, as VM do not support IPMI)

    [root@localhost ~]# ipmitool
    Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

Then firstly you need make sure your server systemboard supports IPMI. 
Old system-boards might not support IPMI technology.

    [root@localhost ~]# dmidecode | grep -A 6 -i ipmi
    IPMI Device Information
        Interface Type: KCS (Keyboard Control Style)
        Specification Version: 1.5
        I2C Slave Address: 0x10
        NV Storage Device: Not Present
        Base Address: 0x0000000000000CA8 (I/O) #if not all zeros, then it supports IPMI
        Register Spacing: 32-bit Boundaries

If it's supported, then you need enable IPMI related modules:

    modprobe ipmi_devintf
    modprobe ipmi_si

Then add it to /etc/modules to have them loaded automatically:

    ipmi_devintf
    ipmi_si

To start IPMI:
    
    /etc/init.d/ipmi start
    /etc/init.d/ipmi status

PS:
    1. If there's no ipmitool command, try install it by "yum install -y OpenIPMI ipmitool"
    2. You may need add more modules

        [root@localhost ~]# modprobe ipmi_devintf
        [root@localhost ~]# modprobe ipmi_si
        [root@localhost ~]# modprobe ipmi_watchdog
        [root@localhost ~]# modprobe ipmi_poweroff
        [root@localhost ~]# modprobe ipmi_msghandler
Categories: IT Architecture, Kernel, Linux, Systems, Unix Tags:

google chrome installation on rhel7 oel7 centos7 linux

January 8th, 2018
  • Setup root VNC on OEL7
  • Enable NetworkManager

chkconfig --list NetworkManager

service NetworkManager status

cd /etc/sysconfig/network-scripts/ #add or edit below line in ifcfg-eth0/1

NM_CONTROLLED=yes

chkconfig NetworkManager on

service NetworkManager status

service NetworkManager start

  • In root VNC

search "network" in "Activities", select "Network proxy",

Configure proxy with Automatic, use the url fit to your env (if needed)

Configure DNS for NICs in this same dialogue (in IPv4, DNS uncheck "Automatic", and enter DNS servers)

  • Reboot
  • After host is up

wget https://dl.google.com/linux/linux_signing_key.pub

rpm --import linux_signing_key.pub

wget https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm

yum -y localinstall google-chrome-stable_current_x86_64.rpm

rpm -qa|grep chrome

#If you are running chrome as root

google-chrome --no-sandbox &

Categories: IT Architecture, Linux, Systems Tags:

xfs tips

January 5th, 2018

Before growing an XFS file system with -D size, ensure that the underlying block device is of an appropriate size to hold the file system later (e.g. pvcreate/vgextend/lvextend).

xfs_growfs /partition/name

xfs_growfs /mount/point -D size

The -D size option grows the file system to the specified size (expressed in file system blocks). Without the -D size option, xfs_growfs will grow the file system to the maximum size supported by the device.

While XFS file systems can be grown while mounted, their size cannot be reduced at all.

Categories: IT Architecture, Linux, Systems Tags:

autofs option to support nfsv3 on linux 7 host (oel7/rhel7/centos7)

December 22nd, 2017

It's found that on linux 7 hosts, accessing autofs will default to use nfsv4, so if the NFS server do not support nfsv4, then we can change at NFS client side to force use of nfsv3:

/net -hosts -intr,rsize=32768,wsize=32768,hard,nolock,timeo=14,noacl,mountvers=3,vers=3

Restart autofs (systemctl restart autofs) and you should be able to access now.

Categories: IT Architecture, Linux, Systems Tags:

vncserver setup on OEL7 linux

November 29th, 2017
#more info about vncserver on OEL7 is here

#disable firewalld
systemctl stop firewalld
systemctl disable firewalld

yum groupinstall "server with gui" -y
yum install tigervnc-server -y
yum install gnome-terminal gnome-session -y

su - root
vncpasswd

cat ./vnc/xstartup #no need to modify

#!/bin/sh

unset SESSION_MANAGER

unset DBUS_SESSION_BUS_ADDRESS

exec /etc/X11/xinit/xinitrc

 

vi ~/.vnc/xstartup

    #!/bin/sh
    [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
    [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
    xsetroot -solid grey
    vncconfig -iconic &
    gnome-terminal &
    gnome-session &

chmod 755 ~/.vnc ; chmod 600 ~/.vnc/passwd ; chmod 755 ~/.vnc/xstartup
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver-root@\:1.service

vi /etc/systemd/system/vncserver-root@\:1.service

    [Unit]
    Description=Remote desktop service (VNC)
    After=syslog.target network.target

    [Service]
    Type=forking
    User=root

    # Clean any existing files in /tmp/.X11-unix environment
    ExecStartPre=-/usr/bin/vncserver -kill %i
    ExecStart=/usr/bin/vncserver %i
    PIDFile=/root/.vnc/%H%i.pid
    ExecStop=-/usr/bin/vncserver -kill %i

    [Install]
    WantedBy=multi-user.target

#Optionally, you can add command-line arguments for the VNC server 
    (only accepts connections from localhost, and change size of the window)

ExecStart=/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i -geometry 1600x900" #this is only for root user

ExecStart=/usr/bin/vncserver %i -geometry 1600x900 #this is for normal user

systemctl daemon-reload #if changing vnc config, must run this afterwards

systemctl start vncserver-root@\:1.service
systemctl enable vncserver-root@\:1.service

systemctl get-default #make sure it's multi-user.target

PS:

Here is more info about vncserver usage:

To create a session

    vncserver -geometry 1600x900 :4

Edit .vnc/xstartup: Replace twm with gnome-session

Then kill the current VNC session and create a new one (run as the user who starts the session)

    vncserver -kill :4
vncserver -geometry 1600x900 :4

 

Categories: IT Architecture, Linux, Systems Tags:

Resolved – ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device eth0 does not seem to be present, delaying initialization.

November 7th, 2017

If you met error "ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device eth0 does not seem to be present, delaying initialization" on linux, then one possibility is udev cannot detected the Ethernet device, you should follow below steps to resolve this:

  • get Mac address of eth0 from ilom

-> show /System/Networking/Ethernet_NICs/Ethernet_NIC_0

/System/Networking/Ethernet_NICs/Ethernet_NIC_0
Targets:

Properties:
health = OK
health_details = -
location = NET0 (Ethernet NIC 0)
manufacturer = INTEL
part_number = X540
serial_number = Not Available
mac_addresses = 00:10:e0:0d:b4:f0

  • configure udev rule, and change mac address according to result above

[root@test network-scripts]# cat /etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:10:e0:0d:b4:f0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

  • configure network

[root@test network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO=static
IPV6INIT="yes"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
DOMAIN=example.com
IPADDR=192.168.20.20
NETMASK=255.255.248.0

[root@test network-scripts]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=test.example.com
GATEWAY=10.240.192.1

[root@test network-scripts]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.20.20 test.example.com test

 

python module cx_Oracle installation on OEL/RHEL/CENTOS 6

May 23rd, 2017

I've installed cx_Oracle-5.2.1 on the newly provided server with below steps:

1. Extracted SDK instantclient-sdk-linux.x64-11.2.0.4.0.zip to directory - /usr/lib/oracle/11.2/client64/bin/.

2. Added below to /etc/ld.so.conf

/opt/rh/python27/root/usr/lib64/
/opt/rh/python27/root/usr/lib/
/opt/rh/python27/root/usr/lib64/python2.7/config/
/usr/lib/oracle/11.2/client64/lib/

3. Compiled and installed the cx_Oracle from souce using 'python2.7 setup.py build; python2.7 setup.py install'.

Categories: IT Architecture Tags:

VM shutdown stuck in “mount: you must specify the filesystem type, please stand by while rebooting the system”

November 16th, 2016

When you issue "shutdown" or "reboot" on linux box and found "mount: you must specify the filesystem type, please stand by while rebooting the system":

Then one possible reason is that you have specified wrong mount options for nfs shares in /etc/fstab. For example, for nfsv3, please make sure to use below nfs options when you mount shares:

<share name> <mount dir> nfs rsize=32768,wsize=32768,hard,nolock,timeo=14,noacl,intr,mountvers=3,vers=3 0 0

And using below option will make VM shutdown stuck in "mount: you must specify the filesystem type". DO NOT use below:

<share name> <mount dir> nfs vers=3,rsize=32768,wsize=32768,hard,nolock,timeo=14,noacl,intr 0 0

Categories: IT Architecture, Kernel, Linux, Systems, Unix Tags: