NFS Server Configuration

Notes

  • vmLS1 ⇒ Server
  • vmLS2 ⇒ Client

NFS Server

Installation von vmLS1

NFS is using the rpc calls, to communicate between server and client, on the client a simple

shows the rpc ports and services that are listining on the nfs server. It is hightly recomandaet to restrict this with iptables or tcp wrapper.

The /etc/exports file is for the nfs export directories:

Restart nfs server

NFS Client

On the nfs client, create directory for mount point:





Installation on nfs client

Mount directory

All files or directory created by root, will converted automatic in ownershop nobody:nogroup.
Show mounts on nfs server

 

iSCSI

Notes

  • vmLS1 ⇒ iSCSI target
  • vmLS2 ⇒ iSCSI initiator

Target

Installation on vmLS1

Configuration files

ietd.conf

Configure authentication for auto discovery, IncomingUser is the initiator and OutgoingUser is the target.

The initiator init the authentication and waits for the authentication from the target. Configure targets

Configure authentication for target.





The initiator init the authentication and waits for the authentication from the target.

Lun number is the ID of target, multiple targets are allowed, but they need different ID’s. In the example the target is an image file, that is the reason for the Type=fileio on the end of line. Of course is also possible to export a block device like /dev/sda7
Create image file

Use image file as block device

Enable iSCSI target on boot

Start iSCSI target

Show exported block device

Initiator

Configuration files

iscsid.conf

Configure auth for target

Configure auth for discovery

Restart initiator

Run discovery

Run target login

iqn.1993-08.org.debian:01:597ed3f953ca is the name of the initiator server srv2, debian uses a random name, because the name should be uniq for each iscsi node. You can change the name on the initiator server in the file /etc/iscsi/initiatorname.iscsi.
Show block device on the initiator

Create a filesystem on the iscsi device

The access for the targets can be configured in /etc/initiators.allow and /etc/targets.allow.

encrypted filesystems

Block devices can be crypted with dm-crypt and a master password. It is also possible to protect the crypt with more than 1 passwortd, this method is called LUKS.
Encrypt blockdevice sda12:

Now you see a new block device in the mapper directory called crypt1. You can write a filesystem on it

after that you can mount it as normal block device

Show status

Umount it

Close crypted block device

Open crypted block device again:

Encrypt with LUKS





Close encrypted block device

Show infos

Add additional key (max 8):

ecryptfs

Mount encrypted filesystem from directory /home/tn06/ecryptfs-input

AutoFS

Notes

  • vmLS1 = Server
  • vmLS2 = Client

Installation on nfs client





Add a nfs automount config file for directory /nfs

Automount will mount the directories only if an access is happen, automount will umount it automatic on inactivity.
With this configuration in /etc/auto.master

automount will mount nfs directories automatic on access like this

 

Logical Volume Manager

Notes

  • LVM paritions system type has hex code 8E
  • Under /etc/lvm are the LVM configurations

LVM

Create physical volumes

Show physical volumes

Create volume group

Show volume groups





Extend volume group

Create logical volume named lv1 in volume group vg1 with 10G space

Show logical volumes

Now we can see the logical volume named lv1 in /dev/vg1

Create filesystem on the logical volume

Mount filesystem

Extend logical volume lv1 with 3G

Extend als filesystem on logical volume

Create 5G snapshot named lv1-ss1 of logical volume lv1

The snapshot volume is now located at /dev/vg1/lb1-ss1, we can mount it and recover files

To remove snapshot, make sure that snapshot is not mounted and deactivated (with lvchange -an, -ay is for activate the logical volume (shanpshot))

 

Configuring RAID

Notes

The name md comes from multiple disk, the filesystem type of md (RAID) devices is FD. The Kernel need to know which device is a RAID partition to automatic configure the RAID over the devices, we can also call it autodetect. You need to run manually mdadm –assemble after a reboot if the filesystem type for RAID devices are not FD.

RAID





Create RAID device /dev/md0, md0 is the name, you can choice whatever you want, level is the RAID level, in this example RAID1, -n is the count of devices to build the RAID, at the end the two devices, sda5 and sda6

Another example for RAID5

You need also to know, that the software RAID writes meta data on the devices, the meta data block will overwrite the bootloader (if a bootloader is present on the devices sda5, sda6, sda7)
The kernel does a sync job on the background (between the devices in the raid array md0) with a low priority, but that’s not a problem, we can use the RAID device already, also if the sync is still running.

Get information about the RAID array

Get some more information from dmesg

Create filesystem on RAID array

The chunksize on the RAID devices is 512k (default), we can tell the filesystem the chunkfilesize, this is helpfully for RAID0 and RAID5 arrays. Blocksize 4096 (maximum blocksize) you can also choose also a smaller blocksize, 2048 or 1024, as example if you need to manage tiny files. The stride is the count of chunks, you need to calculate it with the blocksize of the RAID devices (512k), (512*1024)/4096 = 128:

The -E option was in the past -R, -R is also still working.

Stop RAID array

Start RAID array

Add a device to the RAID array

The /etc/mdadm/mdadm.conf is for the mdadmd deamon, it reads this file and send notification if something on the RAID array is wrong

META information from devices

Remove device from RAID array

raidtools

Raidtools was the raid configuration utility from previous versions is not out of date, the configuration was in /etc/raidtab, the tools mkraid and raidstart are no more in use.

motd SSH Login Banner Text




Recompile RedHat / CentOS packages

Download and recompile package

Install rpm-build meta package and yum-utils for yumdownloader

Download source code of syslog-ng, file will saved in the current directory

Install build dependencies for syslog-ng

Install source package, source files will be placed in ~/rpmbuild





Go into the rpmbuild working directory

Modify syslog-ng for ssl support and change release version:

Install openssl-devel to compile syslog-ng with ssl

Build rpm package

Install package

 

Recompile Debian / Ubuntu packages

Download and recompile package

Install build essential meta package

Change working directory

Download Debian source package, in this example rsync

The package source and patches should be downloaded in the current directory, show downloaded files

rsync_3.0.9.orig.tar.gz: source code from project upstream (rsync.samba.org)

rsync_3.0.9-1ubuntu1.ds:  description

rsync_3.0.9-1ubuntu1.diff.gz: modification from distribution maintainer (Ubuntu)

rsync-3.0.9: source code with applied patches, is 1:1 the source of the .deb package




Install build dependencies

Change into the rsync source directory

Recompile package

Create binary (deb package)

On finish the deb package should be created in our the working directory (/usr/local/src)

Install package

Modify and recompile package

Install developer scripts

Modify some configure options, as example add –disable-acl-support –disable-ipv6 –disable-xattr-support

Update changelog file and give the name mypackage for the local name part

Recompile modified package

Create binary (deb package)

On finish the deb package should be created in our the working directory (/usr/local/src)

Install package

If you install a package with a local part, apt will no more update this package with apt-get upgrade.

Upgrade from Debian Squeeze to Debian Wheezy

Upgrade Squeeze

Change source.list to Wheezy




Wheezy minimal upgrade

Kernel Installation

Update grup

udev Installation

Wheezy main upgrade