Archivi tag: sysadmin

Importare una virtual machine dal formato di VMware in RHEV

Posted on by

Per prima cosa non si può fare direttamente, bisogna prima convertire la macchina virtuale per KVM e poi successivamente migrarla in RHEV.

Da VMWare a KVM

Cosa serve:

  • yum install fuse-devel
  • yum install qemu-img
  • installare VMware-vix-disklib-5.0.0-614080.x86_64.tar.gz da scaricare dal sito di VMWare

È bene prima di migrare la macchina disinstallare le guest additions di VMWare.

l’immagine di vmware e composta da piu file .vmdk. Bisogna convertirli con il tool vmware-vdiskmanager

export LD_LIBRARY_PATH=/usr/lib/vmware-vix-disklib/lib64:$LD_LIBRARY_PATH
vmware-vdiskmanager -r Ubuntu.vmdk -t 0 Ubuntu-2.vmdk

è preferibile usare il tool della stessa vmware su cui girava la macchina virtuale, altrimenti potrebbe dare degli errori.

Ora si dovrà importare l’immagine nel formato di kvm/qemu:

qemu-img convert Ubuntu-2.vmdk -O qcow2 Ubuntu-2.qemu

Con il comando:

vmware2libvirt -f Ubuntu.vmx > Ubunut-2.xml

viene generato un file xml che definisce la macchina virtuale. Se necessario modificare i path all’interno del file.

Per ora abbiamo finito, la migrazione verso KVM non e terminata, manca l’import della macchina virtuale (virsh -c qemu:///system define Ubuntu-2.xml) ma non e necessario per la migrazione verso RHEV.

Da KVM a RHEV

Per la migrazione da KVM a RHEV si usa la stessa procedura per le altre macchine virtuali. Il file Ubuntu-2.xml e` quello generato precedentemente. Modificare il file XML, settare il disco con l’immagine qemu.

virt-v2v -f /etc/virt-v2v.conf -o rhev -i libvirtxml -os whale.babel.it:/mnt2/EXPORT_Domain Ubunut-2.xml

Per maggiori informazioni consultare il manuale Red_Hat_Enterprise_Virtualization-3.0-V2V_Guide

News for juniors, Stuff that matters

Posted on by

I’ve been asked where a junior sysadmin should start for working with Red Hat stuff. The first thing that comes to my mind is this nice book.

Red Hat System Administration Primier:  explains what’s the sysadmin job, principles of security and social engineering, how an operating system works and how to monitor: processes, I/O, memory. I would skip the printer part ;)

An experienced admin knows where and how to find. An apprentice should fastly learn that too.

While the man is a great source, I would recommend a glimpse to the Red Hat Deployment Guide – mainly to be used as a reference.  If you don’t know how to use Yum and RPM, configure Network Interfaces, start Services and Daemons at boot, configure Web Servers and use Monitoring Tools that’s the right place to go.

This book is divided in several independent chapters. Unless you need to prepare for a certification you could skip the web interface way ;).

Gnuplot for postfix

Posted on by

After wasting time with spreadsheets I decided to return back to the univeristy times and use Gnuplot.

The result was this nice script - bb-queue.pl – that monitors postfix queues and uses Little’s Law to print queues thruput. Running with -g plots immediatly the graph on your X display.

Now our gnuplot fast-track. Run #gnuplot and type

# don't have to write the file name: gnuplot uses variables ;)
f = "/tmp/data.csv"

# format graph, show grid and titles
set xlabel "time"
set key outside bottom
set ylabel "%"
set grid
set ylabel "items"
set title "Postfix Queue Stats"

# Use a logarithmic scale on y axis, so that
# we can plot graphs based on different
# units (eg. mail/sec and kB/s)
set autoscale
set log y

# Our csv has a human-readable timestamp for
# x axis, so we tell gnuplot how to read the data:
# parse a time using a given format
set xdata time
set timefmt "%d-%m-%Y %H:%M:%S"

# ...and set the x label output to be
# for our graph
set format x "%H:%M"

# the boxes in the plot should be filled
# with a 0.5 transparency factor
set style fill solid 0.5 border

# now let's plot our csv (we assigned it to the "f" variable, remember?)
# first the 3rd column (using 1:3), then the 4th and 5th
# We started at 3 because 1:1 and 1:2 are used for the x axis.
# Gnuplot columns are space-separated, and the date format contains a space
# so covers 2 column (1:1 is for the date, 1:2 for the hour)
# For each column, we set a title
# and a style (eg boxes aka histograms)
# with a color 1 (lc 1)
#
plot f using 1:3 title "tot" with boxes lc 1, \\
f using 1:4 title "active" with boxes, \\
f using 1:5 title "kB" with lines

Serving ACL on Samba

Posted on by

I was playing a bit with samba, and I guess if I was able to serve files using access control list (aka ACL).

Posix ACL

While standard unix permissions allow one owner, one group and everybody – with some tweekings like directory sticky bit – new filesystems like ext3 and xfs gave us a bit control more.

They implement POSIX ACL. This is an old but widely used standard. To enable ACL we should firstly ask to the filesystem to set them up.

#mount /home -o remouont,acl,user_xattr

Then we can start playing: create a file and get its unix permission.
First of all let’s use umask to disable other user access to newly created files

# umask 077
# touch  /home/rpolli/sample_acl.txt
# ls -la  /home/rpolli/sample_acl.txt
 -rw------- 1 rpolli rpolli 0 2011-10-13 17:28 /home/rpolli/sample_acl.txt

Thanks to umask nobody but the owner can access this file.
Then we get its acl with #getfacl and check that everything matches!

# getfacl  /home/rpolli/sample_acl.txt
getfacl: Removing leading '/' from absolute path names
# file:  home/rpolli/sample_acl.txt
# owner: rpolli
# group: rpolli
user::rw-
group::---
other::---

Now let’s give write permission to this file to the caldavd user, which is not in the rpolli group

#setfacl -m u:caldavd:rw /home/rpolli/sample_acl.txt
#getfacl /home/rpolli/sample_acl.txt
getfacl: Removing leading '/' from absolute path names
# file: home/rpolli/sample_acl.txt
# owner: rpolli
# group: rpolli
user::rw-
user:caldavd:rw-
group::---
mask::rw-
other::---

So, to our common sense, file permissions are no more 600, as there’s somebody that can read it. Let’s look at the ls output

# ls -l /home/rpolli/sample_acl.txt
-rw-rw----+ 1 rpolli rpolli 0 2011-10-13 17:35 sample_acl.txt

There’s an indicator that somebody can read it, and a “+” flag at the end of unix permissions, stating that this file uses some more security mechanism.

You can exclaim now “Very impressive, Kowalski, but…can it fly?”.

rpolli# sudo su - caldavd
caldavd$ ls /home/rpolli/
ls: cannot open directory /home/rpolli/: Permission denied
caldavd$ ls /home/rpolli/sample_acl.txt -la
-rw-rw----+ 1 rpolli rpolli 0 2011-10-13 17:35 /home/rpolli/sample_acl.txt

and finally

caldavd$ echo pippo>/home/rpolli/sample_acl.txt
caldavd$ cat /home/rpolli/sample_acl.txt
pippo

Serving it with samba

To serve a directory with Samba 3 we just have to add the following stanza to the smb.conf

[share]
   comment = Ioggstream Samba share
   read only = no
   path = /home/share/
   guest ok = no
   nt acl support = yes

First of all we need to share a folder. Disabling guests is optional, but to change ACL you have to authenticate: so no guests this time!
The compulsory statement is to allow “nt acl”.

Once we restart samba, we can browse our folder using a Windows Vista. Strangely enough the WindowsXP file browser doesn’t detect ACL on my server.

So open your client and go to \\192.168.0.7\ (that’s my samba ip, use yours :P) and insert your credential.
Right click on your folder and select “Security” (Protezione in Italiano) and..voilà! You will be able to see and edit your files .permission!

Send that message, quickly! (SystemV)

Posted on by

Thanks to ffiore I discovered a nice way for communicating data between processes and thread: Message Queues. MQs are a Linux feature that implement a kernel-based push-pop stack. Linux has two types of MQs: Posix and SystemV. This post is about SystemV.

Instead of reading/writing data to a standard pipe/socket where you have to manage the split of the messages and other issues, you can simply use MQs with the following pseudocode procedure:

# pusher thread

struct mq_msg msg;

msg.mtext = “my message”

mq = mq_create()

msgsnd(mq, msg, ..)

while the pop-er thread gets messages

# popper thread

msg = msgrcv(mq,..)

print msg.mtext

Linux provides some command line tools to manage the queue, while queue size is managed by sysctl and ulimit.

ananke # sysctl -a | grep msg

kernel.msgmnb = 65536 # max queue size = (msgsize*#msgs)

kernel.msgmni = 16

kernel.msgmax = 65536 # maximum  number  of  messages  in  a  queue.

fs.mqueue.msgsize_max = 8192 # maximum message size.

fs.mqueue.msg_max = 10

If we want to queue 10k messages of 12kbytes each, we should set:

# sysclt -w fs.mqueue.msgsize_max=12000

# sysclt -w kernel.msgmnb=120000000

You can view message queues with the #ipcs command:

ananke# sudo apt-get install util-linux

an MQ follows, containing 12 messages summing up 390 bytes

ananke #  ipcs -q

—— Message Queues ——–

key        msqid      owner      perms      used-bytes   messages

0x00000000 0          rpolli     666        390          13

For further info on System V and Posix MQs

#man svipc mq_overview