Sunday, 17 April 2022

Linux Interview questions 2022

Q1. How to scan newly luns in linux?

1. Identify the existing disks 
fdisk -l 2>/dev/null | egrep '^Disk' | egrep -v 'dm-' | wc -l

2. 2. Identify the number of adapters

# ls /sys/class/fc_host
 host0  host1  host2  host3

 
scan the LUNs
 echo "- - -" > /sys/class/scsi_host/host0/scan

 echo "- - -" > /sys/class/scsi_host/host1/scan

 
3. Identify the new disks 
fdisk -l 2>/dev/null | egrep '^Disk' | egrep -v 'dm-' | wc -l

Q2. How to create Software RAID 1 array?

1. Identify disks in system. I have used  /dev/sdd /dev/sde disk for raid1 array.
RAID 1 uses redundancy with mirroring.
[root@linux01 ~]# fdisk -l



Disk /dev/sdd: 2147 MB, 2147483648 bytes
255 heads, 63 sectors/track, 261 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sdd doesn't contain a valid partition table

Disk /dev/sde: 2147 MB, 2147483648 bytes
255 heads, 63 sectors/track, 261 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sde doesn't contain a valid partition table

2. Create raid array using mdadm command
[root@linux01 ~]# mdadm --create /dev/md0 --level=raid1 --raid-devices=2 /dev/sdd /dev/sde
mdadm: array /dev/md0 started.
[root@linux01 ~]#

To verify raid status:
[root@linux01 ~]# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sde[1] sdd[0]
      2097088 blocks [2/2] [UU]

unused devices: <none>

We can format and mount disk /dev/md0

Q3. How to create LVM  partition Software RAID 1 array?
We can create LVM partition on /dev/md0. Refer Q2 for creating raid 1 array.
[root@linux01 ~]# pvcreate /dev/md0
  Physical volume "/dev/md0" successfully created
[root@linux01 ~]# pvs
  /dev/hdc: open failed: No medium found
  PV         VG         Fmt  Attr PSize PFree
  /dev/md0              lvm2 a-   2.00G 2.00G
  /dev/sda2  VolGroup00 lvm2 a-   9.88G    0
[root@linux01 ~]# vgcreate -n raidvg /dev/md0
vgcreate: invalid option -- n
  Error during parsing of command line.
[root@linux01 ~]# vgcreate raidvg /dev/md0
  Volume group "raidvg" successfully created
[root@linux01 ~]# lvs
  LV       VG         Attr   LSize Origin Snap%  Move Log Copy%  Convert
  LogVol00 VolGroup00 -wi-ao 7.88G
  LogVol01 VolGroup00 -wi-ao 2.00G
[root@linux01 ~]# vgs
  VG         #PV #LV #SN Attr   VSize VFree
  VolGroup00   1   2   0 wz--n- 9.88G    0
  raidvg       1   0   0 wz--n- 2.00G 2.00G
[root@linux01 ~]# pvs
  PV         VG         Fmt  Attr PSize PFree
  /dev/md0   raidvg     lvm2 a-   2.00G 2.00G
  /dev/sda2  VolGroup00 lvm2 a-   9.88G    0
[root@linux01 ~]# lvcreate -L 500M -n raidlv01 /dev/raidvg
  Logical volume "raidlv01" created
[root@linux01 ~]# lvs
  LV       VG         Attr   LSize   Origin Snap%  Move Log Copy%  Convert
  LogVol00 VolGroup00 -wi-ao   7.88G
  LogVol01 VolGroup00 -wi-ao   2.00G
  raidlv01 raidvg     -wi-a- 500.00M
[root@linux01 ~]# mkfs -t ext3 /dev/raidvg/raidlv01
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
128016 inodes, 512000 blocks
25600 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67633152
63 block groups
8192 blocks per group, 8192 fragments per group
2032 inodes per group
Superblock backups stored on blocks:
        8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409

Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 28 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@linux01 ~]# lvs
  LV       VG         Attr   LSize   Origin Snap%  Move Log Copy%  Convert
  LogVol00 VolGroup00 -wi-ao   7.88G
  LogVol01 VolGroup00 -wi-ao   2.00G
  raidlv01 raidvg     -wi-a- 500.00M
[root@linux01 ~]# mount /dev/raidvg/raidlv01 /mnt
[root@linux01 ~]# df -hP
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00  7.7G  6.4G  915M  88% /
/dev/sda1              99M   14M   81M  15% /boot
tmpfs                 440M     0  440M   0% /dev/shm
none                  440M  104K  440M   1% /var/lib/xenstored
/dev/mapper/raidvg-raidlv01  485M   11M  449M   3% /mnt
Apache Web Server Tutorial for Linux Requirements Unix based Operating System Apache HTTP Server mod_ssl Apache Interface PHP Scripting Language Contents Introduction Installing Apache HTTP Web Server Installing mod_ssl for Secure Sockets Layer (SSL) Support Installing PHP for Dynamic Web Pages Setting Apache to Start on Bootup with chkconfig Configuring Apache Server Settings (httpd.conf) Creating the Web Site Directory Structure Creating VirtualHost Configuration Files Starting Apache and Viewing the Web Site Other Things to Know for Using Apache Conclusion Introduction The Apache Web Server is one of the most popular open-source HTTP Servers that exists today. It's a powerful, secure, and fully featured web server that can be found hosting anything from personal web sites to corporate domains. If you have a DSL or Cable connection with a static IP then you can use the Apache web server to host your web site (as long as your ISP doesn't have a problem with you running a server on their network). This tutorial will teach you how to set up your own Apache web server on Linux so you can host your own web sites either at home or work. You'll learn how to install the Apache HTP Server with SSL and PHP support, use chkconfig to set Apache to auto-start on boot, edit the Apache httpd.conf configuration file for your server settings, create a directory structure for your web site, create the VirtualHost configuration file for your web site, start the Apache service, verify your site is working, go over the init script options, and finally show you some additional options and settings for Apache such as graceful restarts, htaccess usage, user name and password directory protection, and custom error pages. The two things I won't be covering are setting up DNS for your domain and configuring your firewall to open ports 80 and 443 for HTTP and SSL respectively, however you can read my Bind DNS tutorial and iptables firewall tutorial for information on how to do it. I'll be using CentOS 4.2 and Apache 2.x will be installed using yum instead of source. Let's get started. Installing Apache HTTP Web Server We'll be using yum to download and install the Apache RPM's from the CentOS repository. Apache shouldn't be loaded on your server unless you selected it during the operating system installation process. If you know you have Apache installed then you can skip this section, but if it's not or you're not sure then you should perform the following tests to see if the Apache web server is on your system. To do this we'll use the which command to look for the httpd binary in the environment variable PATH. which httpd If you see something similar to the above image then the Apache binary doesn't seem to be found on the server. Our next step is to install Apache by using yum. Issue the next command. yum install httpd Two RPM packages will be downloaded from the CentOS repository (httpd-2.0.52-22.ent.centos4.i386.rpm and httpd-suexec-2.0.52-22.ent.centos4.i386.rpm) and installed automatically. If everything goes well you should now have the Apache web server on your system. You might also want to load the Apache documentation so you'll have the man pages available. This is optional but highly recommended. Use yum again and download the Apache manual (yum install httpd-manual). Next we'll use yum to install mod_ssl for Secure Sockets Layer (SSL) support. Installing mod_ssl for Secure Sockets Layer (SSL) Support Secure Sockets Layer, also known as SSL for short, provides encrypted commnications between hosts. SSL can be found in e-commerce web sites and any other site that requires sensitive information being transmitted protected from eavesdropping. In a nutshell, the hosts negotiate a protocol they both can understand and then switch to secure communications. The data passed back and forth between the hosts is encrypted with a 128-bit key (hence 128-bit SSL). In a typical SSL setup, the web server has SSL support enabled and a certificate that verifies the company's identity. These certificates are initially generated as Certificate Signing Requests (CSR) by the server's administrator. The CSR is then signed by a third party, a Certificate Authority (CA), that validates the company's identity and makes the CSR into a full certificate. There are many CA's like VeriSign, Thawte, GeoTrust, InstantSSL (aka The Comodo Group), FreeSSL, and many others that sign CSR's. Prices vary from company to company, but as long as they support the mainstream browsers you shouldn't run into any problems. If you'd like to learn more about Secure Sockets Layer then you should check out the Wikipedia Transport Layer Security page. You may be wondering where does mod_ssl fits into all of this? On Linux and Unix distributions, there is a software package called OpenSSL that performs all the cryptography and mod_ssl is the Apache interface to OpenSSL. It's mod_ssl that makes it possible for Apache to have SSL capability. We'll now install the mod_ssl RPM (mod_ssl-2.0.52-22.ent.centos4.i386.rpm) for Apache using yum. yum install mod_ssl mod_ssl should now be installed. If you didnt have OpenSSL installed then it should have been picked up as a dependency and was installed as well. We have one more package to install and that's the PHP scripting language. Installing PHP for Dynamic Web Pages PHP is a scripting language for creating dynamic web pages. PHP allows you to include code in your web pages to be processed server-side and the resulting HTML is sent to the user's web browser. With PHP you can add database access, read and write files to the server's filesystem, generate dynamic graphics like graphs and security image codes, and create security control mechanisms for fencing off parts of your web site. PHP has many other uses and that's what makes it a powerful tool for creating dynamic web pages. If you're not a programmer or will only he hosting a static HTML web pages, then PHP won't be of any use to you. However, if you want to learn PHP then you should install the PHP modules for Apache. We'll use yum one last time to install PHP on our server. There are many PHP RPM modules, one being the actually binary and modules for Apache and the rest are support features for MySQL, XML, ODBC, and others to tie those subsystems into PHP. It's a good idea to install all the PHP modules since you never know what you'll need now or in the future. Now we'll use yum to install PHP. yum install php* As you can see above, we used a wildcard to tell yum to install anything starting with the word 'php'. On my server yum downloaded and installed fifteen packages, however yours may be different depending on its configuration. Now that PHP is installed we can move on to setting the Apache service to automatically start on bootup or in the event of a reboot. Setting Apache to Start on Bootup with chkconfig The Apache web server will need to be set to autostart when the server boots. The Apache RPM didn't set this up for us so we'll have to do it ourselves using chkconfig (Note: you can also use setup to turn on the Apache service). We're going to have Apache start on run levels 2, 3, and 5. chkconfig --level 235 httpd on chkconfig --list httpd The second chkconfig command lists the run levels Apache is configured to start on. If you don't have X Windows installed then you may want to omit run level 5 (Multi-User Mode - boot up in X Windows). To learn more about Linux Run Levels you may want to check out this page on NetworkClue. Now that Apache is installed and set to start up we'll move on to configuring the Apache web server by editing httpd.conf, the Apache server configuration file. Configuring Apache Server Settings (httpd.conf) Apache's main configuration file is called httpd.conf and is located in /etc/httpd/conf/. The default httpd.conf will work without any changes, however we want to customize Apache a little bit. Our main focus is to setup the use of Virtual Hosts so we can run as many web sites as we want using a single IP address. Also, we want to simplify the management of our Virtual Hosts without cluttering httpd.conf with our entries. Before we get to any of that we will first configure our Apache web server. I will make the assumption that you have a single WAN based IP address. For this example I'm using 192.168.1.210 with a hostname of node2.centos (yes, it's a LAN IP but pretend it's WAN). You can use your IP or hostname from /etc/hosts, but I suggest using your hostname because if you ever change IP's all you have to do is update /etc/hosts with the new address. If you do use an IP then you'll have to change all instances of it in httpd.conf. If you don't know what your IP address is or never set up /etc/hosts, you can find your address by using ifconfig (look at the number to the right of 'inet addr:'). We'll start with opening httpd.conf in the nano text editor, but before that you should make a copy of your existing httpd.conf file. If you encounter any problems you'll still have the original to fall back to. cd /etc/httpd/conf cp httpd.conf httpd.conf.old nano httpd.conf Apache's httpd.conf is filled with many helpful comments to tell you what each configuration directive does. Scroll down to line 133 as shown in the picture below. FYI, if you ever want to know what line number you're on in nano, press CTRL-C and nano will show you. We're looking for the line that says 'Listen 80'. We won't be changing this directive since we want Apache listen on all IP addresses set up on the server. I wanted to show you where to change it if you needed to bind Apache to only one address. Move on down to line number 235 where it says 'ServerAdmin root@localhost'. The Apache ServerAdmin directive is for the administrator's email address of the server. End users encountering any problems with the server would use this email address to notify the sysadmin. Comment out the existing ServerAdmin line with a pound symbol and enter a new line below with your email address. For this example I used admin@node2.centos. #ServerAdmin root@localhost ServerAdmin admin@your-domain.com Below the ServerAdmin directive is ServerName. The Apache ServerName directive is for Apache to identify itself which is typically the hostname of the server. You'll want to specify your hostname or IP address instead of a valid DNS name especially if you're hosting many web sites. There are some people that may disagree with this method but I think it's better to keep all the generic information in httpd.conf and use specifics in the VirtualHost configuration files. Add a new blank line below the commented ServerName directive and add your hostname or IP. For this server I used my hostname node2.centos. #ServerName new.host.name:80 ServerName yourhostname The next directive we'll edit is very close to the end of the file. Scroll all the way down to line number 1005 (tip: use the Page Down key on your keyboard) and look for '#NameVirtualHost *:80'. The NameVirtualHost directive tells Apache that we want to use name-based virtual hosting, or in simpler terms, a bunch of web sites all using the same IP address. Virtual hosting is made possible because when a web browser goes to a site, for example www.xenocafe.com, the web site address is passed as part of the HTTP header (Host: www.xenocafe.com). This allows Apache to distinguish between different hosts sharing the same IP address. Add a couple blank lines underneath '#NameVirtualHost *:80' and on the line right below put NameVirtualHost and your hostname or IP address followed by a :80. The ':80' means we're using name-based virtual hosting for the HTTP protocol. SSL will be configured through VirtualHost configuration files due to its nature. You'll learn why when we create our virtual hosts. For this server I used my hostname node2.centos. #NameVirtualHost *:80 NameVirtualHost yourhostname:80 We're almost done. The last thing we need to do is create a default virtual host to respond to requests when someone vists our IP address and not our domain name. You may or may not want to add this virtual host and it's totally up to you, but I personally don't want anyone going directly to my IP address. I prefer they visit my web site by name only. A VirtualHost entry can have many directives which I'll explain later, but what you need to know for now is the example I provide responds by IP address visits. At the very end of the file there is a line that instructs Apache to load any configuration files found in the /etc/httpd/conf/vhosts/ directory (which we'll create later). This is my way of keeping the virtual hosts separate from httpd.conf and most importantly, making hosts easier to manage. ServerAdmin you@your-domain.com ServerName your_ip_address DocumentRoot /www ErrorLog logs/error_log CustomLog logs/access_log combined # include VirtualHosts config files Include conf/vhosts/*.conf We're done editing httpd.conf. Let's save our changes (CTRL-O) and exit nano (CTRL-X). Now we'll move on to creating a web site directory structure and user account for SSH access and S/FTP file uploads. Creating the Web Site Directory Structure Our web site directory schema should be simple yet structured. The common approach would be to use /home as the root but we won't be doing that. Our web site parent root will be /www and from within it create a directory for each domain we'll be hosting. Within each domain directory there will be a set of common directories (html, html/cgi-bin, databases, and logs). Reading what I wrote doesn't make much sense so here it is visually. For this example and the rest of the tutorial, we'll say we acquired the domain your-domain.com and will be configuring our server for it. /www (root for all hosted domains) /www/your-domain (domain directory) /www/your-domain/html (directory for your web site files) /www/your-domain/html/cgi-bin (CGI directory for executing Perl scripts) /www/your-domain/databases (databases for this web site stored on a per site basis) /www/your-domain/logs (web site access and error logs are stored here) The databases directory is optional. If you read my mapping mysql databases tutorial then you can migrate your databases outside the default /var/lib/mysql into the databases directory. This will allow you to store your databases on a per site basis in the web site's home directory. Creating the Directory Root (one-time only) We'll start creating our web site directory structure by making /www. Creating this directory is a one-time process and will be home to all our domains we're hosting (any domains we add will be stored in the /www directory). mkdir /www chown root.root /www After we create the directory we chown it to uid:root gid:root. Creating Web Site Domain Directories For each web site you're hosting you'll create a directory structure within the parent /www. The directory should be named the same as the domain name with or without the TLD (.com, .net, etc). I'll let you decide which way you want your directories to be named, but I tend to prefer them without the TLD. Now we'll create our domain's directories. cd /www mkdir your-domain cd your-domain mkdir html mkdir html/cgi-bin mkdir databases mkdir logs Now that the directory structure is created we'll need to add a system user that owns the directory base and can log in to upload files. Adding a Linux User Account for the Web Site The user account will be able to FTP or Secure FTP (SFTP) into the server to upload and download web site content files like HTML, CGI scripts, and PHP pages. This user account will have ownership of the domain's directory base and be locked into it. The user name we'll assign will be the same as the domain name (your-domain) to make it easier to distinguish between it and the other Linux accounts, however you can use any name you want for your account. One thing to keep in mind is when you create this account you'll have to make a choice whether this account will be granted SSH access. If you want to disallow SSH access then you'll need to change the shell to /sbin/nologin. SSH login attempts will fail when you use /sbin/nologin as the account's shell (valid login credentials will be accepted but the connection will be terminated). To create the web site system account, use one of the following commands. useradd -d /www/your-domain/ domain_user or useradd -d /www/your-domain/ -s /sbin/nologin domain_user The first command will set the account's home directory (-d path) to /www/your-domain and creates a new system account with the user name of domain_user (last parameter of the command). The shell will be set to the default, which is typically bash unless you changed it. The second command is identical to the first except that the shell (-s shell) is set to /sbin/nologin to prevent SSH logins. After the account has been created you'll need to set a password using the passwd command. passwd domain_user [enter password] [confirm password] Now that the system account is ready we'll move on to changing the directory base ownership. Changing Web Site Directory Ownership & Permissions We've created the directories, added the account, the only thing left to do is change the ownership of the directories to the new user account. Right now the directories are owned by root and if you were to try using FTP to upload some files you'd get the dreaded Permission Denied error. To change ownership of the domain directory and all its subdirectories we'll use the chown command with the -R flag for recursive. cd /www chown -R domain_user:domain_user your-domain If you created the databases directory then you'll need to change the owner to the mysql user otherwise MySQL won't be able to write to the database files. All directories, subdirectories, and files starting from databases should be owned by the mysql user (or whatever user account you have the MySQL server running as). cd your-domain chown -R mysql:mysql databases That's it for creating our directory structure. If you have more domains to add then repeat the steps we went through except for the first one of creating the /www directory root. Next we'll create the VirtualHost configuration files to let Apache know the details of our web site. Creating VirtualHost Configuration Files A VirtualHost configuration file tells Apache the specifics about your web site. It contains information like what IP and port number your site runs on, the server name and any aliases, the local filesystem path (or document root) of your web pages, location of your cgi-bin, file names and paths of your access and error logs, custom error documents for HTTP errors like 404 File Not Found, and can have many other items. For every web site you want Apache to host you must create a virtual host configuration. You've already gotten a taste of a virtual host config when we added the default VirtualHost for handling IP address requests in httpd.conf, so what we're going to be doing now is nothing new. I'm now going to show you an easy way of managing all your virtual hosts. The VirtualHost Configuration File Directory (/etc/httpd/conf/vhosts) When I first learned Linux from a friend some years ago, he showed me how to configure Apache so I could set up my web server. I looked at his httpd.conf and he had all his virtual hosts in there, so I figured there was nothing unusual about that as I'm sure there are many people that did the same thing. He hosted a lot of domains for friends, his business, and his own stuff, and I noticed that trying to locate a web site in his massive httpd.conf file was nothing short of a headache. Although I didn't doubt his knowledge of Apache I kept thinking there had to be an easier way of managing virtual hosts. Through reading the online Apache Web Server documentation I came across the Include directive. The Include directive, much like in C/C++, PHP, and other languages, allows you to insert the contents of another file into the calling file. However, in the case of Apache, the contents of a single file or of several files located in a directory that match the Include statement would be included. If you remember when we were editing httpd.conf, at the very end we added the line 'Include conf/vhosts/*.conf'. That line tells Apache to look in /etc/httpd/conf/vhosts for any *.conf files and include their contents as part of httpd.conf. This allows us to separate out our VirtualHost definitions as their own unique files, on a per domain basis, from the main httpd.conf file. This makes administration easy for several reasons. Finding a virtual host is easy because all you do is look in the vhosts directory for its file, disabling a domain is as simple as renaming the file so it doesn't end in .conf, and adding new domains is accomplished by creating a new virtual host file (copy an exisiting file and edit the changes). Include makes virtual host management a piece of cake. We'll now create the /etc/httpd/conf/vhosts directory (this is a one-time process). cd /etc/httpd/conf mkdir vhosts cd vhosts We can start creating VirtualHost configuration files now. I'll show you how to create one for the HTTP protocol as well as one for Secure Sockets Layer (SSL). Creating a HTTP Virtual Host When creating virtual host config files we should use a good naming convention that's as descriptive as possible. What's worked for me is the format of host.domain.tld.port.conf or in simple terms your-domain.com.80.conf. You may have noticed I excluded host from the file name. When you visit a domain such as redhat.com, or www.redhat.com, they most likely take you to the same web site, so www as a host can be excluded. The only time I use host as part of the file name is when I am adding a subdomain such as forum.example.com or blog.example.com and so forth. Let's create the HTTP virtual host file. nano your-domain.com.80.conf Type in or copy/paste the configuration data below. Be sure to replace yourhostname with your system's hostname or IP address, ServerAdmin with your email address, ServerName and ServerAlias with your real domain name, and your-domain with the directory name you created earlier for your web site. When you're done, save your changes (CTRL-O) and exit nano (CTRL-X). ServerAdmin admin@your-domain.com ServerName your-domain.com ServerAlias www.your-domain.com DocumentRoot /www/your-domain/html ScriptAlias /cgi-bin/ /www/your-domain/html/cgi-bin/ ErrorLog /www/your-domain/logs/error_log CustomLog /www/your-domain/logs/access_log combined I'll clarify what each line does in the virtual host configuration file between the tags. • ServerAdmin is used to specify the server administrator's email address. User's will see this address on server generated error pages. • ServerName is the name of the server or DNS name. Apache will match this name against the HTTP host header sent by the user's browser. If it's a match then this is the configuration data used to process the request. • ServerAlias is identical to ServerName except ServerName is used once and ServerAlias can be used many times. If your web site will respond to more than one DNS name, make sure you use one ServerName directive and all other names are specified using ServerAlias. DNS names can be separated by commas for a single ServerAlias directive (ServerAlias dns_name1,dns_name2,dns_name3) or you can use many ServerAlias directives for each DNS name placed on a line each their own. • DocumentRoot defines the file system path to where the web page files are located. This is the same directory where you will place your HTML, PHP, and image files. For our setup, this is the /www/your-domain/html directory. • ScriptAlias defines the directory for executing cgi scripts, commonly known as cgi-bin. It takes two parameters with the first being the cgi-bin directory from your web site root path and the second being the full physical directory path on the filesystem. You can have as many cgi-cin directories as you need and they don't need to be called cgi-bin. • ErrorLog defines the file to log any errors Apache encounters. Errors can include PHP script failures and files that don't exist. • CustomLog defines the file to log any requests to the server. Requests include accessing pages, images, and other files like robots.txt. The second parameter sets the log entry format. We use the combined format since it is used by many Web Server Log Analysis scripts like Awstats. You should read the online Apache 2.0 documentation for more information on these directives as well as other Apache web server features. Creating a SSL Virtual Host When we installed mod_ssl, a file called ssl.conf was written to /etc/httpd/conf.d that contains basic SSL configuration information. We're going to use this as our template for adding a SSL based virtual host. What we'll do is make a copy of it to our vhosts directory and remove the non-website specific information since it should only be loaded once by Apache. This non-website specific information pertains to loading the mod_ssl Apache module among other things while everything else in the file relates to configuring the SSL web site (what we're interested in). Let's make a copy of ssl.conf to the vhosts directory which you should still be in (cd /etc/httpd/conf/vhosts). Following the same format for our virtual host config files (host.domain.tld.port.conf) as before, we will be naming our SSL virtual host file as your-domain.com.443.conf. The port number for SSL is 443 so we'll use that as opposed to port 80 when we created the HTTP VirtualHost. After that we'l open the config file in nano so we can begin editing it. cp /etc/httpd/conf.d/ssl.conf ./your-domain.com.443.conf nano your-domain.com.443.conf Now comes the fun part. We need to delete a good portion of this file starting from the top and all the way down to the part that says '### SSL Virtual Host Context' (roughly 83 lines total). Instead of using the DEL key, you can use CTRL-K to cut the text line by line in nano. Starting from the top of the file, remove the lines of text until you reach the blank line above '### SSL Virtual Host Context'. Your file should look like the image below when you're done. Next we'll edit the default web site specific directives to mold them to our web site. They're actually the same directives we used when creating our HTTP virtual host, so you can see how easy this will be. I should point out that we have been using our hostname for the VirtualHost tag, but in the case of SSL I'd advise against unless you want to set up each host and their binding IP address in /etc/hosts (it's a good idea if you have many IP's). Secure Sockets Layer doesn't work at the Application layer of the OSI model like HTTP does, so the Host part of the HTTP header doesn't apply. So in regards to name-based virtual hosting with SSL, it's non-existent. Replace '_default_' with your IP address when editing your-domain.com.443.conf. The same rules apply as before with ServerName, ServerAlias, and the your-domain directory. Here is a stripped down version of our SSL VirtualHost file minus the comments. DocumentRoot "/www/your-domain/html" ServerName your-domain.com ServerAlias www.your-domain.com ScriptAlias /cgi-bin/ /www/your-domain/html/cgi-bin/ ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" This configuration uses mod_ssl's default SSL certificate and private key for encrypted communications. It's not signed by a trusted authority nor does it have your personal or company credentials. Your web browser will complain about the certificate and throw up a dialog box when you visit your web site (unless you instruct the browser to save the certificate). If you're thinking about doing e-commerce then you'll need to invest in a real SSL certificate because nothing kills a customer's confidence level like a warning screen while making a purchase online. What you would do is generate your Certificate Signing Request (CSR) on your server and then send the data to a Certificate Authority (CA) like Verisign. Once you pay the fees and prove your identity, they'll sign your certificate to make it legitimate and then you can replace the values of SSLCertificateFile and SSLCertificateKeyFile with your files (in the case of Comodo SSL, you'd have to set the SSLCACertificateFile directive with their Bundle Certificate file as well). On the other hand, if you're setting up SSL for your own personal use or for an intranet at work, self-signed SSL certificates work just fine. There is no difference between legitimate and self-signed certs except for the CA taking your money and stamping it with their sign of approval. The encryption protection is the same either way. Save your changes (CTRL-O) to your-domain.com.443.conf and exit nano (CTRL-X). I don't have a tutorial up for generating SSL certificates using OpenSSL, but I will soon. You can check Google for a site that details those instructions or wait for mine to be posted. Also, you should read up on the Apache SSL/TLS Encryption documention for more information about the directives and virtual host configurations for Apache SSL. Starting Apache and Viewing the Web Site Apache is set up, our directories have been created, and the VirtualHost config files are done, now is the time to start the Apache web server and see if everything worked. It's taken us a long time to get here and if all goes well then Apache should start without any errors and your HTTP and SSL web sites should be available. service httpd start If Apache failed to start for you, you should double check httpd.conf, your directories, and your virtual host configs for any typos or syntax mistakes. Apache can be cryptic at times when errors occur. You can verify virtual host files using httpd -S (or for older an older Apache version use httpd -t -D DUMP_VHOSTS). In the next section I'll show you some tips for tracking down Apache errors. httpd -S With the Apache web server running you should have already opened ports 80 and 443 on your firewall so you can connect to Apache with a web browser to view your web site. Open up your favorite browser and navigate to your site. You should get the default CentOS Apache 2 Test Page unless you have already logged in and uploaded your content via S/FTP. Standard HTTP works so how about our SSL version of the web site? Change the http:// to https:// in the address bar of your browser. You should be prompted by the security dialog I mentioned before. This is just a warning about your self-signed SSL certificate not being trusted by your browser. Click OK in FireFox or Yes in Internet Explorer to continue to the secure web site. As you can see up in the FireFox address bar, there is a little yellow padlock icon that informs us that we are on a secure web site. All communications with this site will be 128-bit encrypted. At this time you may want to log in to your web site via Secure FTP (SFTP) or regular FTP to upload your web site files to the html directory using the system account you created earlier. You're done! You've successfully configured the Apache web server on Linux. Other Things to Know for Using Apache Here are some common questions that users new to the Apache HTTP Server may ask (well, the questions I could think of at the time). How can I restart Apache so that it sees the changes I made to httpd.conf and/or virtual hosts? The Apache init script (/etc/init.d/httpd) accepts a number of options, four of the important ones being start, stop, restart, and graceful. • start tells the init script to start the Apache process and spawns the child processes. • stop tells the init script to terminate the Apache's running process and in turn kills off the child processes. Any existing connections to the server will be terminated. • restart tells the init script to stop the Apache process and start it back up. Any changes to httpd.conf or virtual hosts will be read back in. Any existing connections will be terminated, so if users are in the middle of a download the transfers will stop. • graceful tells the init script to alert Apache to reload httpd.conf and virtual hosts. Existing connections will not be terminated but changes won't be noticed until a new connection is established (pulling up another page or file from the server). Requests are handled by Apache child workers. There are two ways of using these options. You can use the init script or the service command. To use the init script, enter this on the prompt /etc/init.d/httpd option, such as to restart the Apache server use /etc/init.d/httpd restart from the command line. To use the service command, which is what I showed when we started the Apache service, it's service httpd option, such as to do a graceful restart use service httpd graceful from the command line. Apache won't start. It keeps saying FAILED when I try and start the service. What can I do to fix it? This is probably one of the most difficult tasks to do since sometimes Apache doesn't give an error or it's too cryptic when it does. Errors usually occur when something has changed, either there is a problem with httpd.conf or your virtual hosts. One of my friends enountered an Apache failure and it turned out to be one of its modules got deleted somehow. So the best course of action is to make a copy of your httpd.conf and virtual hosts before you ever change them. If you mess them up you can always replace the old copy to get Apache back up and running. • To try and troubleshoot Apache failures, you should take a look in syslog (tail -n 100 /var/log/messages). See if there are any messages from the httpd process, and if so, does it give you an idea of what may be wrong? I've been able to track down errors by doing this one thing. Get the error and look for it on Google. It's unlikely you're the first person to experience it. • If it's a config file error, you can test your httpd.conf and virtual hosts with httpd -S (or on older Apache versions use httpd -t -D DUMP_VHOSTS). If there is a problem with your files, Apache will tell you when you run the test. • Another useful hint is to try starting Apache in debug mode using httpd -e debug and see what it prints to the screen. If there is an error it should be shown to you. Once again, if you see the error, use Google to find an answer. • If all else fails, there is trial and error. Move your httpd.conf and virtual host files to another directory and reinstall the Apache RPM's. Once Apache is back up with default settings, start making changes to the new httpd.conf and virtual hosts from the old files. Each time you make a change, save your changes and restart Apache. Like I said, it's trial and error and you may be able to track down the problem.

Wednesday, 28 November 2018

Setting Up The Kickstart Server



Kickstart can be configured on an FTP, NFS or Apache server. Each method is explained below, but my experience has been that the Apache server has a number of advantages over the other two.
Using a web server for kickstart is generally easier because:
  • Sometimes a kickstart server has to be located on a remote network, often passing through a firewall. Strict firewall rules for HTTP are generally easier to configure than those for FTP or NFS.
  • The http:// nomenclature used by kickstart for accessing files is more familiar to users than that used for NFS and FTP. This may be important for you when configuring files for automated kickstart installation.

Basic Preparation

In this example we are going to set up a kickstart server that will be used in Fedora Core installations. All the necessary files will be placed in the /data/network-install directory.

Create the Installation Directories

We'll first create the directories /data/network-install/RPM and /data/network-install/ISO in which we will copy the necessary files.
[root@bigboy tmp]# mkdir -p /data/network-install/RPM
[root@bigboy tmp]# mkdir -p /data/network-install/ISO

You now need to place the network installation driver files into the base directory.

Copying The Files

The HTTP, NFS and FTP kickstart methods all require the base set of Fedora files to be installed on the kickstart server. Here's how to do it:
1) Create a mount point for your CD ROM drive.
[root@bigboy tmp]# mkdir /mnt/cdrom

2) Mount your first Fedora CD ROM.
[root@bigboy tmp]# mount /dev/cdrom /mnt/cdrom
3) Copy the files from the CD ROM base directory to the hard disk
[root@bigboy tmp]# cp -r /mnt/cdrom/* /data/network-install/RPM
4) Unmount your CD ROM and use the eject command to retrieve it from the drive bay.
[root@bigboy tmp]# umount /dev/cdrom
[root@bigboy tmp]# eject cdrom
5) Repeat steps 2 to 4 with all your CDROMs. Overwrite files when prompted.
Note: Note: You also have the option to FTP all the files of the desired version of Fedora from the Fedora website to the /data/network-install/RPM directory.

HTTP & FTP Preparation

Copy all the contents of each installation CD to the /data/network-install/RPM directory. This will require about 3-5 GB of space. When this is completed, your /data/network-install/RPM directory should look like this:
[root@bigboy tmp]# ls -1 /data/network-install/RPM
eula.txt
Fedora
fedora.css
GPL
images
index.html
isolinux
README-Accessibility
RELEASE-NOTES-en_US.html
repodata
RPM-GPG-KEY
RPM-GPG-KEY-beta
RPM-GPG-KEY-fedora
RPM-GPG-KEY-fedora-extras
RPM-GPG-KEY-fedora-legacy
RPM-GPG-KEY-fedora-rawhide
RPM-GPG-KEY-fedora-test
RPM-GPG-KEY-rawhide
stylesheet-images 
[root@bigboy tmp]#





NFS Preparation

Create ISO images of the installation CDs and place them in the /data/network-install/ISO directory. This will require about 3-5 GB of space as well. You can download the ISO images from the Fedora website or use the Fedora CDs as shown below. If you create the ISOs files from CDs, make sure they have the same file names as the ones you can download from the Fedora Web site.
Follow these steps for each CD, substituting the filename where necessary:
[root@bigboy tmp]# cd /data/network-install/ISO
[root@bigboy ISO]# dd if=/dev/cdrom of=filename.iso bs=32k
...
...
[root@bigboy ISO]# eject cdrom
Note: Here is a sample procedure to make ISO files with the older mkisofs command. You may have to install the mkisofs RPM on newer Fedora versions. The command requires a mounted CDROM drive, so don't forget the mount command.
[root@bigboy ISO]# mount /mnt/cdrom
[root@bigboy ISO]# mkisofs -J -r -T -o filename.iso /mnt/cdrom
[root@bigboy ISO]# eject cdrom

Setup Your Webserver

You will now have to setup Apache to give the file listings of your /data/network-install/RPM and /data/network-install/ISO directories by pointing your browser to the URL http://192.168.1.100/network-install/RPM/ or http://192.168.1.100/network-install/ISO/ respectively. A sample /etc/httpd/conf.d/kickstart.conf configuration is below. Remember to restart Apache to make these settings take effect.
NameVirtualHost 192.168.1.100
 
#
# For HTTP Installations
#
<VirtualHost 192.168.1.100>
  ServerName 192.168.1.100
  DocumentRoot /data/
</VirtualHost>
 
<Directory /data/network-install>
   Options +Indexes
   AllowOverride AuthConfig
   order allow,deny
   allow from all
</Directory>

Setup Your FTP Server

You'll also have to set up your VSFTPD server to make incoming anonymous FTP connections log in to the /data/network-install/RPM directory by default. You will also want to enable the correct logging. Here is a sample snippet of the vsftpd.conf file. Remember to restart VSFTPD to make these settings take effect
#
# File: vsftpd.conf
#
 
#
# Anonymous FTP Root Directory
#
 
anon_root=/data/network-install/RPM
 
#
# Log file definition
#
 
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

Create A Special FTP User

You can also create a special user for non anonymous FTP installations with its home directory as "/". You must also make sure that the user has read access to the /data/network-install directory. An example is below.
[root@bigboy tmp]# useradd -g users ftpinstall
[root@bigboy tmp]# passwd ftpinstall
Changing password for user ftpinstall.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@bigboy tmp]#
[root@bigbot tmp]# usermod -d / ftpinstall
[root@bigbot tmp]#

Setup Your NFS Server

The steps for setting up an NFS server are more complicated.
1) Create a /etc/exports file with the following entry in it. You must use tabs, not spaces between the entries
/data/network-install    *(ro,sync)
2) Make sure that the rpcbind (portmap on older versions of Linux) , nfs, nfslock and netfs daemons are all running to create an NFS server. The startup scripts for these are found in the /etc/init.d directory. Chapter 29, "Remote Disk Access with NFS", will explain this in more detail.
3) Run the exportfs command to add this directory to the NFS database of network available directories.
[root@bigboy tmp]# exportfs -ra
4) The installation client must have a matching pair of forward and reverse DNS entries on your DNS server. In other words, a DNS lookup on the IP address of the installation client must return a server name that will map back to the original IP address when a DNS lookup is done on that same server name.
[root@bigboy tmp]# host 192.168.1.96
96.1.168.192.in-addr.arpa domain name pointer 192-168-1-96.my-site.com.
[root@bigboy tmp]#
 
[root@bigboy tmp]# host 192-168-1-96.my-site.com
192-168-1-96.my-site.com has address 192.168.1.96
[root@bigboy tmp]#
This may mean that you will have to create entries for all your DHCP IP addresses if you choose to use a DHCP method of assigning IP addresses during installation.

Configure Your DHCP Server

During the installation procedure, the installation client will prompt you for the IP address it should use for the installation process. I recommend selecting the option that makes the Installation Client get its address via DHCP. This will automate the installation more and will therefore make it faster. It will also reduce the possibility of human error.
Setting up the Installation Server as a DHCP server is fairly straight forward and can be found in Chapter 8, "Configuring the DHCP Server".

Creating A Kickstart Boot CD

Creating a kickstart boot CD is easy to do. Here are the steps:
1. Your RPM directory should have a subdirectory named images in it. There will be a file there named boot.iso which is used in booting your system when installing Linux from DVD or CD. Fedora mirror sites that have directory structures similar to that of the DVD also have a boot.iso file located in the <fedora-version>/Fedora/i386/os/images/ directory. This file is different in both size and function to that on your DVD. It usually larger than 10 MB in size and it is the boot file you need for kickstart. Download the boot.iso file from your favorite mirror site using a utility like wget.
[root@bigboy tmp]# wget http://website.org/8/Fedora/i386/os/images/boot.iso
2. You will now need the device name of your CDROM device. This can be obtained using the wodim command. In this case it is called /dev/scd0.
[root@bigboy tmp]# wodim --devices
wodim: Overview of accessible drives (1 found) :
-------------------------------------------------------------
 0  dev='/dev/scd0'     rwr--- : 'LITE-ON' 'DVDRW LH-20A1P'
-------------------------------------------------------------
[root@bigboy tmp]#
3. Insert a blank CD. The wodim command can now be used again to burn the boot.iso ISO image file to the CD.
[root@bigboy tmp]# wodim dev=/dev/scd0 driveropts=burnfree,noforcespeed \
fs=14M -dao -eject -overburn -v boot.iso
...
...
...
BURN-Free was never needed.
wodim: fifo had 6 puts and 6 gets.
wodim: fifo was 0 times empty and 0 times full, min fill was 100%.
[root@bigboy RPM]# 
Keep the CD. You will soon need it for your kickstart client machine.

The Network Installation

From here on, the installation procedure mimics the regular Linux installation, except for the first couple steps.
  • Connect your client Linux box to the DHCP network.
  • Boot your system using the kickstart boot CD. This is the only CD you'll need for future network installations.
  • A menu will appear. Select “Install or upgrade an existing system”.
  • Go through the usual steps until the process prompts for the "Installation Method". You will see a number of choices
Local CDROM
Hard Drive
NFS Image
FTP
HTTP
  • Select the network option of your choice (NFS, FTP, HTTP)
  • Select the Ethernet device to which the installation client is connected to the installation server network. This would most likely be interface "eth0".
  • Select "DHCP" in the following "Configure TCP/IP" screen. This will make the Installation client use DHCP during the installation.

If You Selected The NFS Method

You will now reach the "NFS setup" menu. Enter the IP address of the installation server as the "NFS Server Name". The "Red Hat directory" will be "/data/network-install/ISO". The following menus will be the usual Fedora GUI installation screens.

If You Selected The HTTP Method

You will now reach the "HTTP Setup" menu. Enter the IP address of the installation server when prompted for a "Web site name".The "Red Hat directory" will be /network-install/RPM. The following menus will be text based versions of the usual Fedora installation screens.
During the installation, issue the following command on the server to check the Apache logs. It will help to verify whether the kickstart client is accessing the files correctly. You should get a status code of 200<code> after each GET statement. You should retrace your steps if you are not.
[root@bigboy tmp]# tail -f /var/log/httpd/access_log
192.168.1.247 - - [12/Nov/2006:12:01:04 -0800] "GET /network-install/RPM/repodata/repomd.xml HTTP/1.1" 200 1140 "-" "urlgrabber/2.9.9"
192.168.1.247 - - [12/Nov/2006:12:01:05 -0800] "GET /network-install/RPM/repodata/primary.xml.gz HTTP/1.1" 200 844228 "-" "urlgrabber/2.9.9"
192.168.1.247 - - [12/Nov/2006:12:01:19 -0800] "GET /network-install/RPM/repodata/comps.xml HTTP/1.1" 200 853899 "-" "urlgrabber/2.9.9"

If You Selected The FTP Method

You will now reach the "FTP Setup" menu. Enter the IP address of the installation server as the "FTP Site Name".
  • "Not Selecting" The Non-Anonymous FTP Box
The "Red Hat directory" will be "/". The following menus will be text based versions of the usual Fedora installation screens.
  • "Selecting" The Non-Anonymous FTP Box
The "Red Hat directory" will be "/data/network-install/RPM". Enter the username and password of your special FTP user account. The following menus will be text based versions of the usual RedHat installation screens.
Note: During the installation, issue the following command on the server to check the FTP logs. It will help to verify whether the kickstart client is accessing the files correctly.
[root@bigboy ~]# tail -f /var/log/vsftpd.log 
Sun Nov 12 20:53:12 2006 1 192.168.1.231 1140 /data/network-install/RPM/repodata/repomd.xml b _ o r ftp-install ftp 0 * c
Sun Nov 12 20:53:21 2006 2 192.168.1.231 844228 /data/network-install/RPM/repodata/primary.xml.gz b _ o r ftp-install ftp 0 * c
Sun Nov 12 20:53:40 2006 2 192.168.1.231 853899 /data/network-install/RPM/repodata/comps.xml b _ o r ftp-install ftp 0 * c

Troubleshooting The Network Installation

You can do some basic troubleshooting by accessing the various installation status screens available.
  • The installation logs can always be viewed by hitting <CTRL-ALT-F3>
  • Kernel messages can be seen by hitting <CTRL-ALT-F4>
  • Access to a limited BASH shell Kernel can be gained by hitting <CTRL-ALT-F2>
  • You can return to the main installation screen at any time by hitting <CTRL-ALT-F1> for text based installations and <CTRL-ALT-F7> when the GUI is used.
  • Examine your server's <code>/var/log/httpd/access_log, /var/log/httpd/error_log files for the HTTP method; the /var/log/vsftpd.log file for the FTP method; and your /var/log/messages file for the NFS method.

Automating Installation With Kickstart

Both Fedora and RedHat Linux save all the parameters you used during installation in the /root/anaconda-ks.cfg kickstart configuration file. You can use this file to create an automated installation of a duplicate system which can be useful if you have a large number of servers to install.
This section shows you how to automate network installations using the kickstart application and NFS. You can use HTTP and FTP but they have been omitted to keep the discussion brief.

How To Create New Kickstart Configuration Files

You can create a customized kickstart configuration file by using the "ksconfig" command from a GUI console. It will bring up a menu from which you can select all your installation options. When finished, you save the configuration with the filename of your choice.
You may want to then edit the configuration file and comment out certain parameters that may change from system to system with a "#". These could include things like the system's name and IP address. During the kickstart process you will be prompted for these unspecified values.
Note: Do not change the order of the entries in the kickstart configuration file.
Note: The IP address you assign must be on the same subnet as that of the DHCP server for kickstart to work. If the server is going to reside on a different network after the installation, then you'll have to run a separate script to change the IP addressing information after the installation is complete.

Adding Post Installation Commands

You may want to run some commands on the newly created Linux installation after kickstart is complete. Some processes that are activated by default by Fedora may not be suitable for your server and may need to be disabled.
This can be done by placing a %post section at the end of the kicksrart file with all the post installation commands you wish to run. Here is an example:
%post
chkconfig isdn off
chkconfig pcmcia off
chkconfig portmap off
chkconfig apmd off
chkconfig nfslock off
chkconfig nfs off

A Note About Using anaconda-ks.cfg

It is possible to use the /root/anaconda-ks.cfg file as a template for future installations. RedHat comments out the partitioning information in this file, so you will either have to uncomment it and then make your partitioning modifications or be prepared to be prompted for your portioning information.

How To Run A Kickstart Installation

It is best to place your kickstart files in a subdirectory under the /data/network-install directory. The examples below assume the subdirectory is called /data/network-install/kickstart.
Remember that you may want to remove the "#" comments from the partition section of the file. If not, you will be prompted for this information.

Using a NFS Server

Verify that the first two lines of the file look like this or else you may be prompted for NFS ISO file location information.
install
nfs --server=192.16.1.100 --dir=/data/network-install/ISO

Using a Web Server

Verify that the first two lines of the file look like this or else you may be prompted for RPM base file location information.
install
url --url http://192.168.1.100/network-install/RPM

Booting With Your Kickstart Files

There are two ways to specify the name of the kickstart file to use. The first is to enter it manually from the LILO boot: prompt when you insert the boot CD. The second is to have your DHCP server automatically tell the Kickstart client about the name of the kickstart file to use when it assigns the IP address. Both methods are listed below:
Manually Specifying the Kickstart Filename
Once you have booted from your boot CDROM, you'll need to use the following command at the lilo boot: prompt to continue with the installation. The ks.cfg file is the kickstart configuration file we want to use.
NFS Method
boot: linux ks=nfs:192.168.1.100:/kickstart/ks.cfg
HTTP Method
boot: linux ks=http://192.168.1.100/network-install/kickstart/ks.cfg
Configuring The Filename Automatically
Whenever you have to create lots of cloned Linux servers, then you may want to configure your DHCP server to specify the single kickstart configuration file you wish to use. Here is how it's done:
1) Place your kickstart file in the /data/network-install/kickstart directory.
2) Edit your dhcpd.conf file and add the following lines to the section for the interface that will be serving DHCP IP addresses. The next-server value is the IP address of the kickstart server.
filename "/data/network-install/kickstart/ks.cfg";
next-server 192.168.1.100;
3) Insert the boot CD into the kickstart client Linux box and connect it to the DHCP network. At the boot: prompt type in the following command:
boot: linux ks
Kickstart will first search for a configuration file named ks.cfg on either the boot CD. It will then automatically attempt to get a DHCP IP address and see if the DHCP server will specify a configuration file.
Kickstart will then use NFS to get both the configuration file and the installation ISOs. The rest should be automatic.

Conclusion

The Kickstart method of Fedora Linux installation can greatly reduce the length of time it takes to install the operating system. Time is saved not only because a network connection can be faster than using CDs, but also because it can be left unattended to install a predetermined Linux configuration. A Kickstart server connected to an isolated wireless network dedicated to the purpose may be a good idea for data centers with hundreds of Linux servers.
A recent standard called PXE allows you to run kickstart without a CD ROM if you configure the NIC card to do a network boot from a specially configured DHCP server. The topic is beyond the scope of this book, but it may be interesting for readers with more complex projects to research this option more.

Saturday, 29 September 2012

Parallels Plesk Panel for Windows 10

To enable the power user:
++++++++++++++++++++++++++++
In order to enable the Power User view, run the command:
C:\> "%plesk_cli%\poweruser.exe" --on

To switch the Power User view off and return to the standard panel, use this command:
C:\> "%plesk_cli%\poweruser.exe" --off


panel:- Tools & settings -->Interface Management --> Power User view or Service Provider view

++++++++++++++++++++++++++++

Directory Structure

+++++++++++++++++++++++++++++
Parallels Plesk Panel and its components are installed by default in the directory C:\Program
Files\Parallels\Plesk\ on a physical server, or C:\Program Files\Plesk\ in the
Parallels Containers environment. The default directory is referred to as %plesk_dir% in the
following list. Some of the subdirectories with corresponding components are listed below.
• %plesk_dir%\admin\ - Parallels Plesk Panel service administrator (psa) files
• %plesk_dir%\admin\plib\ - Parallels Plesk Panel PHP files
• %plesk_dir%\admin\bin\ - Binary utilities
• %plesk_dir%\bin\ - Binary utilities
• %plesk_dir%\admin\htdocs\ - Administrative site document root
• %plesk_dir%\etc\ - Configuration files
• %plesk_dir%\MailServer\ - Mail servers
• %plesk_dir%\backup\ - Domain backup files
• %plesk_dir%\dns\ - BIND name server files
• %plesk_dir%\MySql\ - admin MySQL database server
• %plesk_dir%\Databases\ -
• %plesk_dir%\admin\repository\keys\ - License key files
• %plesk_dir%\admin\logs - Log files.


++++++++++++++++++++++++++++++

Windows Registry

+++++++++++++++++++++++++++++
The Parallels Plesk Panel branch in the Registry is
• HKEY_LOCAL_MACHINE\SOFTWARE\PLESK for 32-bit system and
• HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PLESK for 64-bit system.
The configuration is located under \PLESK\PSA Config\Config
These are important registry parameters:
• IIsConfigured - REG_DWORD = 1
• mySQLDBName - REG_SZ = psa
• PLESK_DATABASE_LOGIN - REG_SZ = admin
• PLESK_DATABASE_PROVIDER_NAME - REG_SZ = may be MySQL, or MSSQL
• PLESKCP_PROVIDER_NAME - REG_SZ = iis
• PRODUCT_FULLVERSION - REG_SZ
• DEBUG - REG_DWORD = 0 or 1
++++++++++++++++++++++++++++++
Parallels Plesk Panel - Supported Databases
++++++++++++++++++++++++++++++
--- MySQL
--- Microsoft SQL

To determine database provider, you need to run regedit.exe and go to:
• HKEY_LOCAL_MACHINE\SOFTWARE\PLESK\PSA Config\Config for 32-bit system
• HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\PLESK\PSA Config\Config for
64-bit system
The value of the key "PLESK_DATABASE_PROVIDER_NAME" is the database provider which
the Panel uses for database storage.

+++++++++++++++++++++++++++++++++

MySQL Database

+++++++++++++++++++++++++++++++++
Parallels Plesk Panel uses the following locations to administer the MySQL database:

• "%plesk_dir%"\MySQL admin MySQL instance main folder.
• "%plesk_dir%"\MySQL\Data\my.ini admin MySQL configuration file.
The following command can be used to log in into the MySQL console:
C:\>"%plesk_dir%"\MySQL\bin\mysql.exe -uadmin -p<password> -P8306 psa

Useful parameters of the my.ini configuration file are:
• skip-grant-tables - log in without password.
• log=C:\\Temp\\mysql.log - enable MySQL log (you can specify another file name and
path.)
++++++++++++++++++++++++++++++++

my.ini

+++++++++++++++++++++++++++++++
C:\Program Files (x86)\Parallels\Plesk\MySQL\Data>type my.ini
[PleskSQLServer]
port=8306
basedir=C:\\Program Files (x86)\\Parallels\\Plesk\\MySQL
datadir=C:\\Program Files (x86)\\Parallels\\Plesk\\MySQL\\Data
default-character-set=latin1
default-storage-engine=INNODB
query_cache_size=8M
table_cache=32
tmp_table_size=7M
thread_cache=32
myisam_max_sort_file_size=100G
myisam_max_extra_sort_file_size=100G
myisam_sort_buffer_size=2M
key_buffer_size=2M
read_buffer_size=1M
read_rnd_buffer_size=256K
sort_buffer_size=256K
innodb_additional_mem_pool_size=2M
innodb_flush_log_at_trx_commit=1
innodb_log_buffer_size=1M
innodb_buffer_pool_size=16M
innodb_log_file_size=10M
innodb_thread_concurrency=8
max_connections=300
key_buffer=4M
max_allowed_packet=1M
sort_buffer=256K
net_buffer_length=4K
old_passwords=0
tmpdir=C:\\Program Files (x86)\\Parallels\\Plesk\\MySQL\\Data
connect_timeout=20
[client]
port=8306
+++++++++++++++++++++++++++++++++++++

MS SQL Database
+++++++++++++++++++++++++++++++++++++

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\osql –E

The osql utility allows you to enter Transact-SQL statements, system procedures, and script
files. This utility uses ODBC to communicate with the server.
To change the MSSQL administrator's password, start the command prompt session.
• For local server use:
C:\>osql -E -Q "exec sp_password NULL,'new_password','sa'"
• For remote server use:
C:\>osql -S servername_or_address -E -Q "exec sp_password NULL,'new_password','sa'"

Managing Databases

+++++++++++++++++++++++++++++++++++++++

%plesk_cli% contains database-server.exe  and database.exe

For example, in order to create the MySQL database server available at 10.0.20.30, with the
database server administrator's login admin and password password, enter:

C:\>database-server.exe --create-server 10.0.20.30 -type mysql -admin admin -passwd password

In order to set a new password password for the database server administrator with login
admin on the remote Microsoft SQL database server mssqlserver available at 10.0.20.40:3838,
enter:

C:\>database-server.exe --update-server 10.0.20.40:3838 -type mssql -admin admin -reset-passwd password

++++++++++++++++++++++++++++++++++++++
create a MySQL database on the domain.tst

++++++++++++++++++++++++++++++++++++++

For example, to create a MySQL database on the domain.tst domain, enter:

C:\>database.exe --create jsmithdb -domain domain.tst -type mysql

To assign the setup password for the database user jsmithdb with the login name of
JohnSmith, enter:

C:\>database.exe --update jsmithdb -update_user JohnSmith -passwd setup

+++++++++++++++++++++++++++++++++++++

Cannot Configure Client MySQL Server in Parallels Plesk Panel

++++++++++++++++++++++++++++++++++++

Failed to connect to database: Access denied for user admin@localhost

Diagnostics
• This problem occurs when Parallels Plesk Panel's connection to the MySQL server that
houses its user databases is incorrectly configured.

To configure the settings, follow the next steps.
1. Edit the MySQL configuration file my.ini located within %plesk_dir%\mysql\data.
Add parameter skip-grant-tables into the [PleskSQLServer] section.
2. Restart SQL Server.
3. Log into MySQL.
4. Type the following command.


1. Edit the MySQL configuration file my.ini located within %plesk_dir%\mysql\data.
Add parameter skip-grant-tables into the [PleskSQLServer] section.
2. Restart SQL Server.
3. Log into MySQL.
4. Type the following command.
mysql> update user set password=password('admin_password') where
user='admin';
5. Remove skip-grant-tables from within the [PleskSQLServer] section from
%plesk_dir%\mysql\data\my.ini.
6. Restart MySQL Server.
++++++++++++++++++++++++++++++++++++++


Passwords Synchronization

When trying to log in to Parallels Plesk Panel, you get an error message.
This happens if the password for admin in Parallels Plesk Panel does not match the one set in MySQL
First, you need to retrieve your current Parallels Plesk Panel password:

C:\>"%plesk_dir%\admin\bin\plesksrvclient.exe" -get

Then, you should set it up within MySQL. To do this, follow these steps:


+++++++++++++++++++++++++++++++++++++++++

How to get the plesk verion:

%plesk_dir%--> Type version


++++++++++++++++++++++++++++++++++++++

Initial  Plesk Panel Installation
++++++++++++++++++++++++++++++++++++++

There are several ways to install Parallels Plesk Panel:
• Use the Web Interface
• Use the Command Line Interface
• Use the Parallels Containers VZ Template to install the product in a container

• Downloaded packages
• The *.inf3 files
• The log file is autoinstaller3.log
• The error log file is %plesk_dir%\admin\logs\php_error.log.

The repository URL is located at: http://autoinstall-win.pp.parallels.com

If you want to specify any custom locations such as the vhosts location for the Parallels Plesk
Panel, before the installation add into the \PLESK\PSA Config\Config registry key the
following string values:

• PRODUCT_ROOT_D - panel installation path
• PRODUCT_DATA_D - panel data storage path
• HTTPD_VHOSTS_D - vhosts path



Monday, 17 September 2012

Parallels Virtuozzo Containers for Windows FAQ

Parallels Virtuozzo Containers for Windows:

http://kb.parallels.com/en/112514

How do I update Parallels Virtuozzo Containers?

Use the interactive update wizard by running the following command:
"%vz_installdir%\bin\vzupdate.exe"

Which tool manages bridged networks?

To see available bridged networks:
C:\>vznetcfg net list
To create a new bridged network:
C:\> vznetcfg net new %NETWORK_NAME% %HOST_IFACE_MAC%
To add the host interface to a bridged network:
C:\> vzctl set %CTID% --save --ipadd %IPADDR%/%NETMASK% --network %NETWORK_NAME% --nettype bridged

Which log files are available on the Parallels Virtuozzo Containers server?

Container start, stop, migration, creation, deletion, and configuration changes are logged in the main vzlog: C:\vzlog\YYYY.MM.DD-vzlog.log
Template-related operations and package installation via vzpkg are logged in the vzpkg.log: C:\vzlog\vzpkg.log
Parallels Virtuozzo Containers and template update operations are logged in the vzupdate.log: C:\vzlog\vzupdate.log
XML API, SOAP API, backup, and other PVA Agent-related operations are logged in the vzagent.log: C:\vzlog\PVA\Agent\YYYY.MM.DD-vzagent.log

How do I manage Power Panel service?

To start, stop, or restart this service, use the "pvapp" tool:
C:\> net stop pvapp
C:\> net start pvapp
To troubleshoot Power Panel-related issues, check these logs:

Application log in Event Viewer
"%USERPROFILE%\PVA\Power Panel\log\YYYY.MM.DD-agent.log"
"%USERPROFILE%\PVA\Power Panel\log\YYYY.MM.DD-vzagent.log"
"%USERPROFILE%\PVA\Power Panel\log\YYYY.MM.DD-cpcon.log"
C:\vzlog\PVA\Agent\YYYY.MM.DD-vzagent.log

How do I manage PVA Agent service?

To start, stop, or restart the service, use the "pvaagent" tool:
C:\> net stop pvaagent
C:\> net start pvaagent
To troubleshoot PVA Agent-related issues, check these logs:

C:\vzlog\PVA\Agent\YYYY.MM.DD-vzagent.log

What is the service container needed for?

On Parallels Virtuozzo Containers for Windows with PVA Agent installed, there should not be a service container instance because offline management and SOAP API services are served by corresponding sites in IIS.

How do I manage Parallels Virtuozzo Containers service?

On a non-clustered Parallels Virtuozzo Containers installation, it is not advisable to start or stop Virtuozzo management service.
To start, stop, or restart the service, use the "net" tool:
C:\> net stop vzsrv
C:\> net start vzsrv
Containers will be restarted during this procedure.

What is the difference between vzbackup and vzabackup?

There is no difference between vzbackup and vzabackup on Parallels Virtuozzo Containers for Windows. These are two different command-line interfaces for the single backup engine. The vzbackup tool is kept for backward compatibility purposes.

How do I create, enlist, and restore backups stored on a remote Parallels Virtuozzo Containers node?

To create a backup for a container and place the backup in remote storage, run the "vzabackup" command:
C:\> vzabackup --storage %USERNAME%:"%PASSWORD%"@%REMOTE_SERVER_HOSTNAME% -F localhost -e %CTID%
To enlist a container backup available in remote storage, use the "vzarestore" command:
C:\> vzarestore --list --full -e %CTID% --storage %USERNAME%:"%PASSWORD%"@%REMOTE_SERVER_HOSTNAME%
To restore a backup of a container using remote backup storage, use the "vzarestore" command:
C:\> vzarestore -B -e %BACKUP_ID% --storage %USERNAME%:"%PASSWORD%"@%REMOTE_SERVER_HOSTNAME%

How do I migrate a container and protect the source container from deletion?

Use the "vzmigrate" command with appropriate options to keep the source and destination containers:
C:\> vzmigrate --remove-area no Administrator@%DESTINATION_NODE% %CTID%

How can I check the Parallels Virtuozzo Containers version?

Check the version of Parallels Virtuozzo Containers using the "vzctl" tool:
C:\> vzctl --version

How do I check the exact PVA Agent version?

Check the version of ProductBuild in the registry:
C:\>reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Parallels\PVA /v ProductBuild

How do I check whether a node is registered in PVA Management Node?

Use the "vzagroup" tool:
C:\> vzagroup list
A node is not registered in PVA Management Node if the output contains this line:
host is a slave in vzgroup, which master node address is local
If a node is a member of a PVA group, the output will show the IP address of the PVA Management Node it is registered in:
host is a slave in vzgroup, which master node address is %PVA_MN_IP_ADDRESS%

 Where can I find the PVA Agent configuration file?

All PVA Agent configuration files are located in the etc_folder defined in pva.conf.

Check "C:\Program Files (x86)\Parallels\Parallels Virtual Automation\Agent\bin\pva.conf" and find the etc_folder section:

etc_folder
C:\vz\PVA\Agent\Data\etc
This output above means that the main configuration file vzagent.conf is located in C:\vz\PVA\Agent\Data\etc.

Where can I change PVA Agent timeouts and limits?

Locate the vzagent.conf file and adjust the required limits and timeouts there.
 

Is it safe to install Microsoft updates on the Hardware Node?

Due to the design of Parallels Virtuozzo Containers for Windows, only approved Microsoft Windows updates should be installed on the Node.
To assure that only approved updates are installed, verify that the WSUS server is set to "vzwinupdate.sw-soft.com":
C:\>reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate /v WUServer
Never install Windows updates inside containers!

Is .NET Framework needed for Parallels Virtuozzo Containers?

Parallels Virtuozzo Containers for Windows does not need .NET Framework for proper functioning; thus, if some particular container software needs .NET Framework, it should be installed directly from inside the container.

  .NET Framework
OS 1.x 2.0.x 3.0.x 3.5.x 4.0.x
Windows 2003 REDIST REDIST REDIST REDIST REDIST
Windows 2008 REDIST BUILTIN FEATURE REDIST REDIST
Windows 2008 R2 REDIST BUILTIN BUILTIN FEATURE REDIST

REDIST - Install via .msi package (redistributable) downloaded from the Microsoft website or create the template from this package.
BUILTIN - Some versions of .NET are built-in to the current version of Windows and MUST NOT be re-installed via .msi/redistributable package installation.
FEATURE - Install via server roles and features (as of Windows 2008).