Install Tomcat 7 and Java 1.7 on CentOS 6 RHEL 6

In this post we will cover how to install the Apache Tomcat 7 and jre 1.7 on CentOS 6 and RHEL 6. This process doesn’t use the rpm’s from the Redhat repositories, but uses the latest tar balls from Apache and Oracle. We will also be using service accounts to control Tomcat and its processes.

Download latest Tomcat from http://tomcat.apache.org/download-70.cgi. Version 7.0.40 is the curent version at the time of this post.
Download the latest Java 1.7 jdk from http://www.oracle.com/technetwork/java/javase/downloads/index.html, click on the JDK download buton. You will want jdk-7u21-linux-x64.tar.gz tarball.
Copy the downloaded tarballs to /tmp directory on your server.

Change directory to /opt or the directory of your choice on the server. I am using /opt for this post to contain Java and Tomcat.

$ cd /opt

Make the tomcat directory and change to it.

$ mkdir tomcat
$ cd tomcat

This step is optional to create individual instances by name for tomcat. Doing this allows you to run multiple instances of tomcat on a server. For this example tomcat-inst1 is what we will be using.

$ mkdir tomcat-inst1
$ cd tomcat-inst1

untar Tomcat in the instance you will be running.

$ tar -xvzf /tmp/apache-tomcat-7.0.40.tar.gz

Create a symlink called tomcat-current. This will allow you to untar newer versions of Tomcat and juwst update the symlink.

$ ln -sf apache-tomcat-7.0.40 tomcat-current

Create tomcat service account and set the UID to 520

$ useradd -u 520 -c “Tomcat Service Account” -d /opt/tomcat -m -s /bin/bash tomcat

Change ownership of the tomcat directory to the tomcat user.

$ cd /opt
$ chown -R tomcat:tomcat tomcat

Create an init.d script to start the Tomcat instance at reboot. There is not one available when using Apache supplied tarball install. Copy the below code and save as tomcat-inst1 in /etc/init.d directory, modify the instance name variable.

#!/bin/bash
#
# Startup script for the Tomcat 7.0 Servlet/JSP Container
#
# chkconfig: 345 98 02
# description: Tomcat is the servlet container that is used in the
#              official Reference Implementation for the Java Servlet
#              and JavaServer Pages technologies.

# Source function library.
. /etc/rc.d/init.d/functions

INSTANCE=tomcat-inst1
export INSTANCE
CATALINA_HOME=/app/tomcat/${INSTANCE}/tomcat-current

# Source configuration.
[ -f /etc/sysconfig/${INSTANCE} ] && . /etc/sysconfig/${INSTANCE}

RETVAL=0


start() {
    if [ -f /var/run/${INSTANCE}_restart ]
        then
        /bin/rm /var/run/${INSTANCE}_restart
    fi
    echo -n $"Starting $prog: "

    if [ ! -f /var/lock/subsys/${INSTANCE} ]; then
        
            su - tomcat -c "INST_NAME=${INSTANCE} $CATALINA_HOME/bin/startup.sh"
        

        if [ $RETVAL = 0 ]; then
            success $"$prog startup"
            touch /var/lock/subsys/${INSTANCE}
        else
            failure $"$prog startup"
        fi
    fi

    echo
    return $RETVAL
}

stop() {
    /bin/touch /var/run/${INSTANCE}_restart
    echo -n $"Stopping $prog: "

    if [ -f /var/lock/subsys/${INSTANCE} ]; then
        su - tomcat -c "$CATALINA_HOME/bin/shutdown.sh -force"

        if [ $RETVAL = 0 ]; then
            success $"$prog shutdown"
            rm -f /var/lock/subsys/${INSTANCE}
        else
            failure $"$prog shutdown"
        fi
    fi

    echo
    return $RETVAL
}

stopforce() {
    /bin/touch /var/run/${INSTANCE}_restart
    echo -n $"Forcefully Stopping $prog: "

    if [ -f /var/lock/subsys/${INSTANCE} ]; then
        su - tomcat -c "$CATALINA_HOME/bin/shutdown.sh -force"

        if [ $RETVAL = 0 ]; then
            success $"$prog shutdown"
            rm -f /var/lock/subsys/${INSTANCE}
        else
            failure $"$prog shutdown"
        fi
    fi

    echo
    return $RETVAL
}

status() {
    local base=${1##*/}
    if [ -f /var/lock/subsys/${base} ]; then
        echo $"${base} is running..."
        return 0
    else
        echo $"${base} is stopped."
        return 3
    fi
}

getpid() {
        tomcatpid=`ps auwwwx | grep -v grep |grep -i /${INSTANCE}/ | awk '{print $2}'`
        echo "The PID for ${INSTANCE} is ${tomcatpid}."
        echo
}

threaddump() {
        getpid
        kill -3 ${tomcatpid}
        echo "Thread dump has been sent to where stdout is logged."
        echo
}

# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  stopforce)
        stopforce
        ;;
  status)
        status ${INSTANCE}
        ;;
  restart|reload)
        stopforce
        start
        ;;
  condrestart)
        if [ -f /var/lock/subsys/${INSTANCE} ] ; then
                stop
                start
        fi
        ;;
  getpid)
        getpid
        ;;
  threaddump)
        threaddump
        ;;
  *)
        echo $"Usage: $prog {start|stop|stopforce|restart|condrestart|reload|status|getpid|threaddump}"
        exit 1
esac

exit $RETVAL

Make the following changes
# Source function library.
. /etc/rc.d/init.d/functions

INSTANCE=tomcat-inst1
export INSTANCE
CATALINA_HOME=/app/tomcat/${INSTANCE}/tomcat-current

Set init script to run at startup.

$ chkconfig --levels 345 tomcat-inst1 on

Setup Java jdk 1.7

$ cd /opt
$ mkdir java
$ cd java

Untar the tarball

$ tar -xzvf /tmp/jdk-7u21-linux-x64.tar.gz

Create the symlink

$ ln -sf jdk1.7.0_21 current

Create setenv.sh in /opt/tomcat/tomcat-inst1/tomcat-current/bin/ . In this exaple there is a ENV_LEVEL which you can omit the two lines or use them. This is for maintaining different developement levels set to correct environment (DEV, INT, CERT, PROD) if you want to use them.

#Java Home for this Tomcat Instance
JAVA_HOME=/app/java/current

#Set Java Options (Memory minimum/maximum?
JAVA_OPTS="-server -Xms1024m -Xmx1024m"

#Modify umask so that group has r+w
umask 02
CATALINA_PID=${CATALINA_HOME}/bin/catalina.pid

ENV_LEVEL=DEV
export ENV_LEVEL

$ chmod 755 setenv.sh
$ chown tomcat:tomcat setenv.sh

Modify tomcat-users.xml to set password and roles access.

$ cd /opt/tomcat/tomcat-inst1/tomcat-current/conf

Make a backup of the current file.

$ mv tomcat-users.xml tomcat-users.xml.orig

Create a new file with the following contents and set the passwords to your liking.

$ vi tomcat_users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager-gui"/>
  <role rolename="tomcat"/>
  <role rolename="admin"/>
  <user username="manager" password="tommgr" roles="manager-gui,admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>

chmod 600 tomcat-users.xml
chown tomcat:tomcat tomcat-users.xml

Now we can start Tomcat up and should be working.

How To Fix RHEL / CentOS 6.4 LDAP MD5 Cert Error

Recently we updated to the latest RHEL 6.4 which caused LDAP to stop using our MD5 signed certificate. This was due to the nss-3.14.0 update that now deems MD5 as unsecure. This change caused authentication of users using LDAP to fail. If the account had a local password (such as root), they were able to login.

Since creating / updating the MD5 certificate was not an immediate solution for us we had to find a way to use what we have while we work on a permanent solution Here are a few of the workarounds.

Option 1

The first option involves modifying each kernel line in /etc/grub.conf and adding support for MD5 as well as creating a file in /etc/profile.d exporting this variable. In our situation this option did not work, but others on the Internet it worked.

Add in /etc/grub.conf to the end of kernel lines
systemd.setenv=NSS_HASH_ALG_SUPPORT=+MD5

Create /etc/profile.d/nss.sh
export NSS_HASH_ALG_SUPPORT=+MD5

Reboot the server

Option 2

The second option adds the export option to /etc/sysconfig/init. This option worked for allowing users to connect via ssh, but it did not allow authentication when accessing via a console, like Open Console option in vSphere.

Add to /etc/sysconfig/init
export NSS_HASH_ALG_SUPPORT=+MD5

Reboot the server

Option 3

The third option involves downgrading nss packages to 3.13 and adding an exclusion in /etc/yum.conf to not allow an update to nss 3.14 or higher. This was the option that worked for our situation.

You will need to downgrade nss, nss-tools, nss-sysinit and nss-util.

yum downgrade nss nss-tools nss-sysinit nss-util

Next open /etc/yum.conf and add / change:

exclude=nss*

Reboot the server

I hope one of these options helps you in your situation.

How To Change the default MySQL data directory on RHEL 6

You’ve been using MySQL for sometime now and the database has been growing and you are at the point where it is time to move to another location or to newly added storage that is in a different location.

Stopping the MySQL server

# service mysqld stop

Create a new data diretory and move the content from the old one
Creating a new data directory

# mkdir /app/mysql/

# chown mysql:mysql /app/mysql

Moving the original data files

# mv /var/lib/mysql/* /app/mysql/

Correct the MySQL configuration file

Edit the /etc/my.cnf file.

# vi /etc/mysql/my.cnf

Change

datadir=/var/lib/mysql

datadir=/app/mysql

and

socket=/var/lib/mysql/mysql.sock

socket=/app/mysql/mysql.sock

and save the file.
If you are using SELinux, adjust parameters to accept the change

Should the following command output “Permissive” or “Disabled” then you may skip the details for SELinux.

# getenforce

Run the semanage command to add a context mapping for /app/mysql.

# semanage fcontext -a -t mysqld_db_t "/app/mysql(/.*)?"

Now use the restorecon command to apply this context mapping to the running system.

# restorecon -Rv /app/mysql

Starting the MySQL server

# service mysqld start

Verifying access and connectivity

$ mysql -u root -p

mysql> show databases;

If this is working, you’re up and running. It is possible you could get a message that says

Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’

then add the following to your /etc/my.cnf

[client]
 socket = /app/mysql/mysql.sock

Optionally you can just use

$ mysql -u root -p --protocol tcp

You have successfully moved your MySQL database.

How To Install MySQL Community Edition on RHEL 6 x86_64

Recently had the need to install the latest Community edition of MySQL on a RHEL 6.3 x86_64 server. For most purposes the included version of MySQL works but if you want the latest version you will need to install the Community edition.

First download the latest Community Edition MySQL from here. At the time of this post 5.6.10 is the current version. From the drop down select Oracle & RedHat Linux 6. Download the following four packages.

MySQL-server
MySQL-client
MySQL-shared
MySQL-shared-compat

Now that we have the downloads we will need to update the current mysql-libs.

$ sudo yum update mysql-libs
$ sudo yum install MySQL-server MySQL-client MySQL-shared MySQL-shared-compat

Now that we have MySQL installed we will need to create the base tables and start the service.

$ sudo /usr/bin/mysql_install_db --user=mysql
$ cd /usr
$ sudo /usr/bin/mysqld_safe &

Next step is to login and set the mysql root password and we are done.

# mysqladmin -u root -p password newpassword

That’s all we need to do.

How to Create RPM’s from CPAN modules using Cpan2rpm

You know how it is sometimes working on corporate servers that are in DMZ’s and have firewalls blocking them from accessing Internet and getting to modules, programs and such. You can’t directly and you find ways around to get the files to the systems, that’s a good thing and just part of being an admin.

Thus is the case in this instance with installing a CPAN program on an RHEL server. I recently ran into a situation where I needed an RPM of a specific CPAN module that none of the usual repositories had and with a bit of searching found a handy little application called cpan2rpm.

The trick for using cpan2rpm is that is needs to be installed on the same version you need to create the package for, for example RHEL 6 x64 for a cpan package, etc… Easy enough if you have a full stack for the environments for a server assuming one of th lower environments has Internet access to get the needed packages to create.

Download from http://perl.arix.com/cpan2rpm/

Install the CPAN with the module you need on the build system. You may need rpm-build installed as well. Once installed you can create.

Installed:
rpm-build.x86_64 0:4.9.1.3-1.fc16

Dependency Installed:
patch.x86_64 0:2.6.1-9.fc16

Complete!

 $ sudo rpm -ivh cpan2rpm-2.028-1.noarch.rpm
 warning: cpan2rpm-2.028-1.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID de770456: NOKEY
 Preparing...                ########################################### [100%]
 1:cpan2rpm               ########################################### [100%]

Now install the CPAN module locally on your system using CPAN and make sure any dependent rpms are installed. Once done you can create the rpm.

cpan> install GD::Thumbnail

Now we can create the RPM we need

$ cpan2rpm --no-sign GD::Thumbnail

If cpan2rpm cannot determine the version you can assist it by using –version

 $ cpan2rpm --no-sign --version 1.41 GD::Thumbnail

Now we have an RPM that can be installed on the system.

How To Setup and Use NFS on RHEL 5/6

I know this is probably old hat for a many out there but there are many newbies out there and even a few crusty admins that need to know, or be reminded how to setup NFS (Network File Sharing) to export and share files / directories on Linux systems.

There are several services that need to be running for NFS to work properly. They are portmap, nfs and nfslock. Enable the services and start them using chkconfig.

$ sudo chkconfig portmap on
 $ sudo chkconfig nfs on
 $ sudo chkconfig nfslock on

Now let’s fire them up!

$ sudo service portmap start
 $ sudo service nfs start
 $ sudo service nfslock start

So let’s see if they are running and running correctly. We can achieve this by running rpcinfo -p command.

$ sudo rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100011    1   udp    624  rquotad
    100011    2   udp    624  rquotad
    100011    1   tcp    627  rquotad
    100011    2   tcp    627  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  10180  nlockmgr
    100021    3   udp  10180  nlockmgr
    100021    4   udp  10180  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   tcp  26899  nlockmgr
    100021    3   tcp  26899  nlockmgr
    100021    4   tcp  26899  nlockmgr
    100005    1   udp    639  mountd
    100005    1   tcp    642  mountd
    100005    2   udp    639  mountd
    100005    2   tcp    642  mountd
    100005    3   udp    639  mountd
    100005    3   tcp    642  mountd
    100024    1   udp    796  status
    100024    1   tcp    799  status

Now that things are running, it’s time to add the export. Open /etc/exports file and add the directory and access parameters. In this case I am adding rw and sync and only allowing a specific IP to access the share. This is ok for your home systems, but for an environment that it secure you will need to restrict this access further. We achieve this with /etc/hosts.allow, /etc/hosts.deny. First we deny them all and allow who we want.

Open /etc/hosts.deny and add:

portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL

As of now no one can get to your NFS server so lets grant some access. Open /etc/hosts.allow and use the following format for the entries.

daemon list : user pattern@host pattern

Since I want to give to a single system I could just add the IP so the entry would be:

portmap : 192.168.1.30
lockd   : 192.168.1.30
mountd  : 192.168.1.30
rquotad : 192.168.1.30
statd   : 192.168.1.30

But I would like to allow all of 192.168.1.0 subnet to to have access to the server and limit access to the share. This is accomplished by adding 192.168.1.0/255.255.255.

portmap : 192.168.1.0/255.255.255
lockd   : 192.168.1.0/255.255.255
mountd  : 192.168.1.0/255.255.255
rquotad : 192.168.1.0/255.255.255
statd   : 192.168.1.0/255.255.255

Now lets create the export.

$ sudo vi /etc/exports

/myfiles        192.168.1.30(rw,root squash)

This is a good setting for the export. We have set set it to be accessed by a specific system and set to read write access and protected files from client root access. What this means is after having successfully cracked the client root password, may become root but still cannot access or change files that only root can. With squash it means that the root user will have the same access as user nobody. Restart nfs service.

$ sudo service nfs restart

Ok, now we go to the target server and create the mount point and directory. For the mount I want to stay with /myfiles. So create the directory on the system. Change the permissions on the directory the person accessing them can get to them.As with the source server you need to make sure portmap and nfslok are running and set to run at restart. Follow the same process to enable and start the services.

Now lets test the mount.

$ sudo mount -t nfs -o rw srcsvr:/myfiles /myfiles

You should now be able to access any files in the directory. That will work for short term and it tests the connection. Un-mount the nfs mount and lets make an entry in /etc/fstab to make this permanent.

$ sudo vi /etc/fstab

 srcsver:/myfiles /myfiles nfs _netdev,rw,tcp,intr,hard,rsize=65536,wsize=65536

So what does this all mean? Well there are up to six options in fstab in which a minimum of four are required. They are:

device
mount point
fs type
options
dump
check order

The minimum 4 are device, mount point, fs type and check order. here are the options used in the example above.

_netdev – The device holding the filesystem requires network access. Do not mount until the network has been enabled.
tcp — Specifies for the NFS mount to use the TCP protocol
rsize=num and wsize=num — These settings speed up NFS communication for reads (rsize) and writes (wsize) by setting a larger data block size, in bytes, to be transferred at one time. Be careful when changing these values; some older Linux kernels and network cards do not work well with larger block sizes. For NFSv2 or NFSv3, the default values for both parameters is set to 8192. For NFSv4, the default values for both parameters is set to 32768.
hard or soft — Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft). If hard is specified, the user cannot terminate the process waiting for the NFS communication to resume unless the intr option is also specified. If soft is specified, the user can set an additional timeo=<value> option, where <value> specifies the number of seconds to pass before the error is reported.
intr — Allows NFS requests to be interrupted if the server goes down or cannot be reached.

Save the changes and see if the mount works.

$ sudo mount /myfiles

Ok, that wasn’t so painful and us crusty admin’s now remember and the up and coming admin’s now have another tool in their arsenal.

How To Disable fsck at boot on RHEL

Recently ran into the need to disable fsck on a large filesystem at boot. This is not recommended to do by RedHat but in this case it was a evil that had to be put in place with the caveat of making sure to manually run fsck at a later time.

According to RedHat:

Red Hat does not typically suggest disabling the on-boot fsck except in situations where the machine does not boot, the file system is extremely large, or the file system is on remote storage.

With that in mind here is how to make it so the filesystem does not run fsck on reboot.

Open /etc/fstab with your favorite editor.

sudo vi /etc/fstab

Find the filesystem you want to stop from getting checked and change the last entry to 0.

/dev/mapper/vg_mhlinux3-lv_root /       ext4    defaults        1 0
                                                                  ^ change

Save the file and you are done. Pretty simple and straight forward. Let’s explore a bit more on fsck and settings. The default is check every 180 days and or 23 mounts. say we would want to tweak a few of these settings.

Let’s put the shoe on the other foot and say we want to force an fsck on a filesystem at next boot. Change directory into the filesystem you want to check as root user and create a file called forcefsck.

# cd /mnt
# touch forcefsck

Next reboot the fsck will run and the forcefsck file will be deleted. Say you want to take that to the next level and have it check it every reboot. We do this with tune2fs command and pass -c max-mount-counts option.

tune2fs allows the system administrator to adjust various tunable filesystem parameters on Linux ext2, ext3, or ext4 filesystems.

In this example /dev/sda3 is being told to check everytime.

sudo tune2fs -c 1 /dev/sda3

Now say we want to change the number of days from 180 to 200, we do this with the -i interval-between-checks[d|m|w] option. If we set the value to 0 it will disable the interval, which is not recommended.

sudo tune2fs -i 200 /dev/sda3

So we have covered how to disable and a few tweaks for fsck. Be sure to use the man tune2fs command to see what else is possible!

Gathering System Statistics for Linux using SAR

You know how it happens, you are working on a killer bash script and all of the sudden your manager is standing at your cube asking you to look at slow performing server. It happens all of the time, but luckily we have many tools at our disposal and one such tool is Sar.

If you are needing I/O, CPU stats and other data from today or several days back, then sar is the tool to use for Linux. If you are needing graphing and alerting then Sar is not the tool you are wanting, for that you need to look at Nagios or other monitoring tools. But, for an administrator needing data to troubleshoot and gauge what the server is doing, then Sar is the tool. Sar is part of the sysstat package and can be installed in Fedora or RHEL, it i also available on almost all distributions.

$ sudo yum install sysstat

Once installed, it will be enabled by default. Sar will log seven days of statistics by default and compress after 10 days. If you want to log more than that, you can edit /etc/sysconfig/sysstat and change the HISTORY option. You can also set compression for the logs after so many days. History and compression settings come in handy for managing log rotations.

# sysstat-10.0.3 configuration file. # How long to keep log files (in days)./etc/cron.d/0hourly # If value is greater than 28, then log files are kept in # multiple directories, one for each month. HISTORY=7

# Compress (using gzip or bzip2) sa and sar files older than (in days): COMPRESSAFTER=10

Once sysstat is configured and enabled, it will collect statistics about your system every ten minutes and store them in a logfile under /var/log/sa via a cron job in /etc/cron.d/sysstat. There is also a daily cron job that will run right before midnight and rotate out the day’s statistics, this is in /etc/cron.d/0hourly. By default, the logfiles will be date-stamped with the current day of the month, so the logs will rotate automatically and overwrite the log from a month ago.
By typing sar with no parameters it will display the current day’s CPU statistics, if you have just installed it you will need to wait sometime for stats to be gathered.

$ sar 07:00:01 AM CPU %user %nice %system %iowait %steal %idle 07:10:01 AM all 0.60 0.02 0.76 3.17 0.00 95.45 07:20:01 AM all 0.03 0.03 0.54 3.90 0.00 95.51 07:30:02 AM all 2.75 0.00 1.72 6.99 0.00 88.53 07:40:01 AM all 0.02 0.00 0.07 0.02 0.00 99.89 07:50:01 AM all 0.02 0.00 0.08 0.02 0.00 99.88 08:00:01 AM all 0.13 0.01 0.18 0.35 0.00 99.34 08:10:01 AM all 0.07 0.00 0.13 0.03 0.00 99.76 08:20:01 AM all 0.01 0.00 0.06 0.02 0.00 99.91 08:30:01 AM all 0.01 0.00 0.06 0.02 0.00 99.91 08:40:01 AM all 0.01 0.00 0.05 0.02 0.00 99.92 08:50:01 AM all 0.01 0.00 0.06 0.03 0.00 99.89 09:00:01 AM all 0.01 0.00 0.05 0.04 0.00 99.90

Using the -r option sar will display RAM statistics.
$ sar -r07:00:01 AM kbmemfree kbmemused %memused kbbuffers kbcached kbcommit   %commit kbactive   kbinact
07:10:01 AM    402912   1096168     73.12     45204    618888   1143864     25.34    492336    486420
07:20:01 AM    310780   1188300     79.27     92672    628116   1126108     24.95    524772    509792
07:30:02 AM    216740   1282340     85.54     87036    697792   1172404     25.97    494168    631360
07:40:01 AM    237720   1261360     84.14     87068    697820   1134920     25.14    474132    630852
07:50:01 AM    237844   1261236     84.13     87116    697824   1134920     25.14    474140    630896

Using -b option you can get disk I/O data from the past

$ sar -b 07:00:01 AM tps rtps wtps bread/s bwrtn/s 07:10:01 AM 15.73 13.77 1.97 1701.20 22.60 07:20:01 AM 44.80 38.04 6.76 367.22 123.17 07:30:02 AM 26.66 21.74 4.92 1188.71 992.72 07:40:01 AM 0.19 0.01 0.18 0.08 2.49 07:50:01 AM 0.20 0.00 0.20 0.00 2.67 08:00:01 AM 1.63 0.77 0.86 49.86 9.96 08:10:01 AM 0.27 0.02 0.25 0.48 3.15 08:20:01 AM 0.19 0.00 0.19 0.00 2.56

Retrieving Older Data

Using -s (start) and -e (end) options you can retrieve data from past days.If you want to get information a few days in the past. For example if you want data from 12:00 to 12:30 your syntax would be:

$ sar -s 12:00:00 -e 12:30:00
12:00:01 PM     CPU     %user     %nice   %system   %iowait    %steal     %idle
12:10:01 PM     all      0.05      0.00      0.10      0.02      0.00     99.83
12:20:01 PM     all      0.02      0.00      0.06      0.03      0.00     99.89
Average:        all      0.03      0.00      0.08      0.02      0.00     99.86

You also can add all of the normal sar options when pulling from past logfiles, so you could run the same command and add the -r argument to get RAM statistics:

$ sar -s 17:00:00 -e 17:30:00 -f /var/log/sysstat/sa01 -r

This just covers a few of the options available with Sar. Be sure to use and add this powerful tool to your bag of tricks in getting your systems to run to peak performance and find those trouble areas.

Install and Setup Samba on CentOS / RHEL

It is a fact of life,, there are Windows clients that need to access shared data and as admins we like to have control and secure way to deliver the data from Linux to Windows and this is where Samba comes into play.

A basic Samba share on a Linux server is not very hard to implement and in this post we will be using CentOS to deliver the goods.

Install Samba package

$ sudo yum install samba samba-client samba-common

Next configure the samba service, so that, it will start automatically at boot.

$ sudo chkconfig smb on $ sudo chkconfig nmb on $ sudo service smb start $ sudo service nmb start

Disable the SELinux, or put in exceptions

$ sudo vi /etc/selinux/config

Change SELinux from enforcing to disabled:

SELINUX=disabled

If you want to use SELinux complete the following.

a. disable the samba domain transition
$ sudo setsebool -P smbd_disable_trans on $ sudo setsebool -P winbind_disable_trans on $ sudo setsebool -P nmbd_disable_trans on

This is the preferred option, besides the possibility of some labelling and denial problem if some other confined domain need to talk with samba (example squid)

b. Label /etc/init.d/ so that init transition it to the unconfined_t domain

$ sudo chcon -t unconfined_exec_t /etc/init.d/winbind chcon -t unconfined_exec_t /etc/init.d/smb
c. use semanage fscontext if you want to survive to a autorelabel two survive an rpm update

Next lets add these Iptables rules, for samba to work
$ sudo iptables -I INPUT 4 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT $ sudo iptables -I INPUT 5 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT $ sudo iptables -I INPUT 6 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT $ sudo service iptables save

Edit samba config file
$ sudo vi/etc/samba/smb.conf

Add these lines, in your smb.conf file (or change it according to your requirement):

#======================= Global Settings ===========
[global]
workgroup = WORKGROUP
security = share
map to guest = bad user
#================ Share Definitions ========================
[share]
path = /smb/share
browsable =yes
writable = yes
guest ok = yes
read only = no

Save the smb.conf file and restart the service:

$ sudo service smb restart $ sudo service nmb restart

Change it, in such a way that everyone can read and write it(Check if it is allowed in your environment or not):

$ sudo chmod -R 0777 /smb/share

Add and manage users and groups

Add a group to your server (example: samba).

$ sudo groupadd samba

Add winusers id

$ sudo useradd winusers

Create a new share, set the permission on the share:

cd /smb/ $ sudo mkdir files $ sudo chown -R winusers:samba files/ ls -l $ sudo chmod -R 0770 files/ ls -l

Add the user to the samba group and create samba password:

$ sudo usermod -a -G samba winusers $ sudo smbpasswd -a winusers

Edit the smb.conf file:

$ sudo vi /etc/samba/smb.conf

Add the newly created samba share in smb.conf file:

[Files]
path = /samba/files
valid users = @samba
guest ok = no
writable = yes
browsable = yes

Restart the samba service:
$ sudo service smb restart $ sudo service nmb restart

Now you have a basic Samba share that you can connect your Windows systems to. There is alot more you can do and with Samba, but this is a start.

Using Dell racadm on RedHat / CentOS

Recently have had the pleasure of using part of the the Dell Server Administrator tools to manage their hardware on RHEL 5 and 6 servers. The servers had been built and shipped out but the DRAC’s were un-configured. With RACADM command this is not an issue and can be done with command line tools and the use of configuration files. This is assuming the Server Admin tools have been installed on the system. If they have not, all is not lost.

All you need to do is download OM-SrvAdmin-Dell-Web-LX-7.0.0-4614_A00.tar.gz or the latest from Dell’s support site, untar it and run linux/supportscripts/srvadmin-install.sh. The screen will change and you will be presented with installation options. Enter 5 and press enter, when you are returned back press “I” and the installation will begin. Once the installation has completed you will be prompted to start the services, press Y and complete the installation.

Now we can set a few parameters such as:

root password
DRAC nic config
Rac DNS servers
DRAC DNS Domain
DNS Rac name

So let’s get started setting them up! In the examples below I am ssh into the servers running the commands.

Set the password for the drac root user using racadm command.
# racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 "newpassword"

Set DRAC nic
# racadm setniccfg -s 192.168.1.50 255.255.255.0 192.168.1.1

Get the current nic config
# racadm getniccfg

NIC Enabled     = 1
DHCP Enabled    = 0
IP Address      = 192.168.1.50
Subnet Mask     = 255.255.255.0
Gateway         = 192.168.1.1
Set DNS servers
# racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.1.200 # racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.1.201

Set DNS Rac Name
# racadm config -g cfgLanNetworking -o cfgDNSRacName myserver

Set DRAC DNS Domain
# racadm config -g cfgLanNetworking -o cfgDNSDomainName drac.mydomain.com

This is just a small piece of what you can do with racadm command. If you want to export the current settings to a file this can be done with getconfig sub-command.

# racadm getconfig –f config.txt

Now you can use this as a template and make changes to use on other systems to set DRAC’s. This also is a good way to see all the settings and parameter names for making more command line changes. Once you have made the changes you can copy the file to the server and use:

# racadm config -f config.txt

and the settings will be imported into the system.

Other useful commands are:

Reset DRAC configuration to factory defaults
# racadm racresetcfg

power off / power on / reboot
# racadm serveraction [powerdown|powerup|powercycle]

View system event log (this will let you see why the orange light is blinking)
# racadm getsel

Clear system event log (this will clear the blinking orange light)
# racadm clear

Get service tag
# racadm getsvctag

Get current system information
# racadm getsysinfo

Hope this helps you to manage your Dell hardware as it does for me!

Life of a Geek Admin

The Daily adventures of a true geek administrator

Tag Archives: RHEL

Install Tomcat 7 and Java 1.7 on CentOS 6 RHEL 6

How To Fix RHEL / CentOS 6.4 LDAP MD5 Cert Error

How To Change the default MySQL data directory on RHEL 6

How To Install MySQL Community Edition on RHEL 6 x86_64

How to Create RPM’s from CPAN modules using Cpan2rpm

How To Setup and Use NFS on RHEL 5/6

How To Disable fsck at boot on RHEL

Gathering System Statistics for Linux using SAR

Install and Setup Samba on CentOS / RHEL

Using Dell racadm on RedHat / CentOS