Friday, 24 September 2010

sendmail and sm-client very slow to start

After changing the IP address of a server, at the time of booting up sendmail and sm-client took a very long time (about 5 minutes each) to start.


 

Usually when sendmail is sluggish starting - it's because it can't figure out hostname details.

# cat /etc/hosts

127.0.0.1 localhost.localdomain localhost


 

above needs to be the very first line of /etc/hosts

if you are accepting email for a domain then it would help if you have

the fully qualified domain name set in /etc/sysconfig/network and that

name resolves via dns or at least is listed with an ip address

in /etc/hosts...

i.e.


 

# hostname

linuxserver.mydomain.com


 

# cat /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=linuxserver.mydomain.com


 

# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

192.168.0.1 linuxserver.mydomain.com linuxserver

# host linuxserver.mydomain.com

linuxserver.mydomain.com has address 192.168.0.1


 

# cat /etc/mail/local-host-names

mydomain.com

linuxserver.mydomain.com

www.mydomain.com

localhost

localhost.localdomain


 

That's it !

Tuesday, 21 September 2010

Linux LVM tips


 

LVM Tools

LVM Tool

Description

pvcreate

Create physical volume from a hard drive

vgcreate

Create logical volume group from one or more physical volumes

vgextend

Add a physical volume to an existing volume group

vgreduce

Remove a physical volume from a volume group

lvcreate

Create a logical volume from available space in the volume group

lvextend

Extend the size of a logical volume from free physical extents in the logical volume group

lvremove

Remove a logical volume from a logical volume group, after unmounting it

vgdisplay

Show properties of existing volume group

lvdisplay

Show properties of existing logical volumes

pvscan

Show properties of existing physical volumes

Operations on Logical Volumes

Among typical operations:

A Walkthrough of the LVM for Linux

Adding a disk to the Volume Group

Next, we'll add /dev/hda6 to the Volume Group. Just type vgextend vg01 /dev/hda6 and you're done! You can check this out by using vgdisplay -v vg01. Note that there are now a lot more PEs available!

Moving Creating a striped Logical Volume

Note that LVM created your whole Logical Volume on one Physical Volume within the Volume Group. You can also stripe an LV across two Physical Volumes with the -i flag in lvcreate. We'll create a new LV, lv02, striped across hda5 and hda6. Type lvcreate -l4 -nlv02 -i2 vg01 /dev/hda5 /dev/hda6. Specifying the PV on the command line tells LVM which PEs to use, while the -i2 command tells it to stripe it across the two.

You now have an LV striped across two PVs!

Moving data within a Volume Group

Up to now, PEs and LEs were pretty much interchangable. They are the same size and are mapped automatically by LVM. This does not have to be the case, though. In fact, you can move an entire LV from one PV to another, even while the disk is mounted and in use! This will impact your performance, but it can prove useful.

Let's move lv01 to hda6 from hda5. Type pvmove -n/dev/vg01/lv01 /dev/hda5 /dev/hda6. This will move all LEs used by lv01 mapped to PEs on /dev/hda5 to new PEs on /dev/hda6. Effectively, this migrates data from hda5 to hda6. It takes a while, but when it's done, take a look with lvdisplay -v /dev/vg01/lv01 and notice that it now resides entirely on /dev/hda6!

Removing a Logical Volume from a Volume Group

Let's say we no longer need lv02. We can remove it and place its PEs back in the empty pool for the Volume Group. First, unmounting its filesystem. Next, deactivate it with lvchange -a n /dev/vg01/lv02. Finally, delete it by typing lvremove /dev/vg01/lv02. Look at the Volume Group and notice that the PEs are now unused.

Removing a disk from the Volume Group

You can also remove a disk from a volume group. We aren't using hda5 anymore, so we can remove it from the Volume Group. Just type vgreduce vg01 /dev/hda5 and it's gone!

A file system on logical volume may be extended. Also more space may be added to a VG by adding new partitions or devices  with the command: vgextend. For example:

lvextend -L +4G /dev/VolGroup00/LogVol04

The command pvmove can be used in several ways to move any LV elsewhere. There are also many more commands to rename, remove, split, merge, activate, deactivate and get extended information about current PV's, VG's and LV's.

Here is a typical du map of a server with volume manager installed. As you can see all partitions except /boot partition are referred vi path /dev/mapper/VolGroup00-LogVolxx where xx is two digit number:

                

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

4128448 316304 3602432 9% /

/dev/sda3 194449 22382 162027 13% /boot

none 2020484 0 2020484 0% /dev/shm

/dev/mapper/VolGroup00-LogVol05

4128448 42012 3876724 2% /home

/dev/mapper/VolGroup00-LogVol03

4128448 41640 3877096 2% /tmp

/dev/mapper/VolGroup00-LogVol02

8256952 3189944 4647580 41% /usr

/dev/mapper/VolGroup00-LogVol04

8256952 174232 7663344 3% /var

/dev/hde 594366 594366 0 100% /media/cdrecorder

                

Resiliency to renumbering of physical hard disks

LVM identifies PVs by UUID, not by device name.

Each disk (PV) is labeled with a UUID, which uniquely identifies it to the system. 'vgscan' identifies this after a new disk is added that changes your drive numbering. Most distros run vgscan in the lvm startup scripts to cope with this on reboot after a hardware addition. If you're doing a hot-add, you'll have to run this by hand I think. On the other hand, if your vg is activated and being used, the renumbering should not affect it at all. It's only the activation that needs the identifier, and the worst case scenario is that the activation will fail without a vgscan with a complaint about a missing PV.

The failure or removal of a drive that LVM is currently using will cause problems with current use and future activations of the VG that was using it.

How to get information about free space

vgdisplay shows logical volumes one by one and provides the information about free disk space on each:

vgdisplay volume_group_one | grep "Total PE"

How to create a new volume

# vgcreate vg01 /dev/hda2 /dev/hda10
  Volume group "vg01" successfully created

How to create and mount a partition

  1. # lvcreate -L 5G -n data vg02
      Logical volume "data" created

     

  2. # mkfs -t ext3 /dev/vg02/data
     

  3. # mkdir /data
    # mount /dev/vg02/data /data/

  4. # df -h /data
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/mapper/test--volume-data
                          50.0G   33M  5.0G   1% /data

  5. Add it to /etc/fstab

How to extend the partition

If one wishes to use all the free physical extents on the volume group one can achieve this using the lvm
lvextend command :

lvm lvextend -L +4G /dev/VolGroup00/LogVol04 # extend /var

ext2online /dev/VolGroup00/LogVol04

Option -l operates with free extents . This adds the 7153 free extents to the logical volume:

# lvm lvextend -l+7153 /dev/TestVG/TestLV

Extending logical volume TestLV to 30.28 GB

Logical volume TestLV successfully resized

 "lvextend -L +54 /dev/vg01/lvol10 /dev/sdk3" tries to extend the size of that logical volume by 54MB on physical volume /dev/sdk3. This is only possible if /dev/sdk3 is a member of volume group vg01.

Then the pvcreate command is used to create the new physical volume using the new partition, and the pvs again to verify the new physical volume. See  redhat.com Knowledgebase

How to remove LVM partionon

Use lvremove to Remove a logical volume from a logical volume group, after unmounting it

syntax:

lvremove [-A/--autobackup y/n] [-d/--debug] [-f/--force] [-h/-?/--help] [-t/--test] [-v/--verbose] LogicalVolumePath [LogicalVolumePath...]

lvremove removes one or more logical volumes. Confirmation will be requested before deactivating any active logical volume prior to removal. Logical volumes cannot be deactivated or removed while they are open (e.g. if they contain a mounted filesystem).
 

Options.

-f, --force
Remove active logical volumes without confirmation.


EXAMPLES
Remove the active logical volume lvol1 in volume group vg00 without
asking for confirmation:

lvremove -f vg00/lvol1

Remove all logical volumes in volume group vg00:

lvremove vg00


 

TIPS:

Missing drives in a volume group have caused me a lot of problems. If you just want to excommunicate the drive from your vg, the following works:


 

vgreduce --removemissing vg00


 


 

# pvscan

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

PV unknown device VG milan lvm2 [30.00 GB / 29.90 GB free]

PV /dev/sdg VG milan lvm2 [30.00 GB / 29.90 GB free]


 

# vgscan

Reading all physical volumes. This may take a while...

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Volume group "milan" not found


 

# lvscan

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Couldn't find device with uuid 'pQMQJ3-Rq3M-kQD9-M6DB-UWLi-Dyk4-3pWoa7'.

Couldn't find all physical volumes for volume group milan.

Volume group "milan" not found


 


 

LINKS:


 

More information about LVM at http://www.softpanorama.org/Commercial_linuxes/logical_volume_manager.shtml

Wednesday, 15 September 2010

How to restore a pending request in IIS 6.0 if it was deleted

To install a Web server certificate that lacks a pending certificate request:


1. Click Start >  point to Run >  type cmd > click OK.


2. Navigate to the directory where Certutil.exe is stored;  by default, this is %windir%\system32.


3. Type the following command at the command prompt: certutil -addstore my certnew.cer 

 
 

where certnew.cer is the name of the certificate you received from the certification authority (CA).

 
 

You should see the following message:

 
 

CertUtil: -addstore command completed successfully.


4. Navigate to the directory where you stored the certificate you received from the CA. Double click the saved certificate.


5. Click the Details tab and select <All> in the Show drop-down list.


6. In the Field list, select Thumbprint to display its value in the view pane.


7. Select the Thumbprint value in the view pane and then click CTRL+C.


8. Return to the command prompt window and type the following command: certutil -repairstore my "thumbprint"


where thumbprint is the value of the Thumbprint field. Be sure to type the double quotes as part of the command.

 
 

If the command is successful, the following message is displayed: "Encryption test passed CertUtil: = repairstore command completed successfully." 

 
 

Install the server certificate on your Web server.

 
 

IMPORTANT:

 
 

If the certutil command does not complete successfully, the following error message is displayed:

 
 

"Certutil: -repairstore command FAILED: 0x80090011 (-2146893807) Certutil: Object was not found."

 
 

This message indicates that the private key for the certificate does not exist in the certificate store. You cannot install the certificate you obtained from the CA. Instead, you must generate a new certificate request, obtain the new certificate, and install that new certificate on your Web server.


IIS stores the private key for a certificate as the pending request. Deleting the pending request deletes the association of the private key with IIS, but the private key still exists in the certificate store.

 
 

To install the certificate without having the pending request available, you can use version 5.2.3718.0 of the Certutil.exe command-line tool that is available through the Certificate Services MMC snap-in in Windows Server 2003.

How-to enable web access in ESX 4 vSphere

If you need to access your ESX 4.0 server through your web browser via HTTPS, you might not succeed at first try. You will receive an error "503 Service unavailable". So what to do?


 


01.) You first I check for the service if it's running or not. Go to the console and log in. Then type in following command to see if the service is running : (it's case sensitive)

service vmware-webAccess status

02.) Start the service:  service vmware-webAccess start

It seems that this service is disabled by default. Then, if you need to have web access enabled every time your start your ESX Server, then you can do it by executing folowing command:

chkconfig --level 345 vmware-webAccess on

or simply: chkconfig vmware-webAccess on



Changing the IP address, default gateway, and hostname of the Service Console in ESX


 

This article provides steps to change the Service Console IP address, gateway address, and hostname on an ESX 3.x and 4.x host

Changing settings from the physical or remote console connection

 
 

Changing the IP for the Service Console must be done from the physical console or through a remote console session. If you make changes through a network connection such as SSH, network connectivity to the Service Console disconnects because the Service Console's network interface changes.

  1. Run the following command to set the IP address:

    [root@server root]# esxcfg-vswif -i <a.b.c.d> -n <w.x.y.z> vswif0 , where <a.b.c.d> is the IP address and <w.x.y.z> is the subnet mask.

    Note: In this example,
    v
    swif0 is the Service Console adapter that is the interface to which you are applying the IP address change.

  2. Open the /etc/hosts file with a text editor and modify it so that it reflects the correct IP address and hostname.
  3. To change the default gateway address and the hostname, edit the /etc/sysconfig/network file and change the GATEWAY and HOSTNAME parameters to the proper values.
  4. For the changes to take place, reboot the host or restart the network service with the command:

    [root@server root]# service network restart


    Note: This command breaks any current network connections to the Service Console.

Changing the hostname without rebooting

To dynamically change the hostname, run the command:

 
 

[root@server root]# hostname newname

Note: This command creates a temporary hostname change. This change is lost when the system is rebooted.

 
 

Changing the DNS server settings

 
 

To change the DNS server settings, update the nameserver IPs and search domain the /etc/resolv.conf file.

 
 

Changing settings in VMware vSphere or Infrastructure Client

 
 

To change the hostname, domain, DNS servers, and default gateway in VMware vSphere or Infrastructure (VI) Client:

  1. Highlight the ESX host and click the Configuration tab.
  2. Click DNS and Routing.
  3. Click Properties.
  4. To change the hostname, domain, and DNS servers, click the DNS Configuration tab and enter the appropriate values.

    Note: Disable VMware High Availability if you do not want virtual machines to failover during the hostname IP change.

  5. To change the default gateway, click the Routing tab and enter the appropriate value.
  6. Reboot the ESX host for the changes to take effect.
  7. Reconnect the ESX host to vCenter Server with the new IP address.

Thursday, 9 September 2010

How to fix: This file is invalid for use as the following: Security Certificate

Solution:

This file is invalid for use as the following: Security Certificate



This is not an error, it simply means you cannot open the file.

I've got the file with .txt extension and changed it to .cer, but that message appeared when I double click on it.

To view the certificates in the file, change the file extension from .cer to .p7b

Now, when you open the file and open the branch on the left of the window you will see 'Certificates'.
By clicking on 'Certificates' you will see all the certificates contained in the single .cer format file.

You can right click on every single .cer file and export it.

If you want to install it, you might use the .p7b file instead of the single .cer file as this could be a cross certificate.

Generate Certificate Signing Request in Microsoft IIS 6.0 without removing the current certificate

Problem

Change CSR information without losing the current certificate
Generate CSR without overwriting the current certificate
Create renewal CSR with changes

Resolution

This article describes how you can create a new Certificate Signing Request (CSR) or generate a Renewal Request without having to remove the existing certificate from your web site.

 
 

To Generate Certificate Signing Request in Microsoft IIS 6.0 without removing the current certificate, requires you to do the following: 

 
 

A. Generate a temporary web site.

 
 

NOTE:  When you create the temporary web site, you do not need to assign an IP address and port number. You only have to give it read and write permissions and create a temporary folder in your hard drive and save it there.


B. Generate the pending request and CSR on the Temporary web site.

C. After receiving the certificate, install the certificate to the Temporary web site.

D. On the actual web site, replace the certificate with the newly installed certificate.

 
 

Instructions for 'work around': 

 
 

1. In IIS right click the Default Web Site and click on New --> Web Site

 
 

2. Create a new site. You can give it a temporary name. 

 
 

3. Right click on this new site and go to Properties --> Directory Security --> Server certificate

 
 

4. Select Create a new certificate and follow the wizard to create a new CSR

 
 

5. Backup the Private Key file. Very important: if no backup is made and the Private Key is lost, the certificate issued will not work.

 
 

Although a new csr was generated, you are still required to go through the normal renewal process with that new csr. 

 
 

6. When you receive the certificate back, right click on this temporary site and go to Properties --> Directory --> Security --> Server certificate and follow the wizard to process the pending request.

 
 

7. Once the certificate has been installed, go to the correct website and right click Properties --> Directory Security --> Server certificate.

 
 

8. Select the option Replace the current certificate

 
 

9. You will then be able to select the certificate that you have just installed. 

 
 

10. Once installed we strongly advise you to make a backup of your certificate with its corresponding private key. 

11. You can now delete the temporary site that you created previously. 

 
 

The official Microsoft article explaining this process can be found at Microsoft Knowledge Base Article: "How To Renew or Create New Certificate Signing Request While Another Certificate Is Currently Installed" utilizing this URL: http://support.microsoft.com/kb/295281