Wednesday, July 20, 2011

Howto:Reduce LVM Root Partition

In this short tutorial I'll demonstrate how to reduce the size of LVM (/dev/VolGroup00/LogVol00) mounted on "/" (aka root partition).
Since the procedure cannot be done on the run (you will need to unmount the root partition...) , you will have to boot your machine either with some sort of Linux LiveCD or either with the original CentOS DVD/ISO which offers special rescue mode.

I didn't have a LiveCD so I used the original CentOS DVD for this task.

Boot the machine with a CentOS DVD/ISO (v 5.5 in my case) and enter the rescue mode by typing:
#linux rescue

CentOS will boot in rescue mode when a menu pops up and asks you if you want to mount your old partitions, chose "SKIP" (otherwise your original disk partitions will be mounted under /mnt/sysimage - in that case umount it before proceeding).

After you made sure your original disk partitions are not mounted you will have to activate the LVM in Rescue Mode:
# lvm vgchange -a y

Check the LVM for any filesystem errors, this is crucial for next step:
# e2fsck -f /dev/VolGroup00/LogVol00

It's time to resize the filesystem to a new size ,note that you should leave enough space for current data on the root partition or you will suffer a data loss.
In our case we are reducing the partition to a new size of 20GB.
Note that the procedure may take some time (depending on your root partition size, so do not panic!):
# resize2fs -f /dev/VolGroup00/LogVol00 20G

Finally, resize the LVM to the new size (20 GB):
#lvm lvreduce -L20G /dev/VolGroup00/LogVol00

You should boot your OS into regular mode and cross your fingers ...

Disclaimer: Do at your own risk, I'm not responsible for any data loss which may be caused to your system.

Monday, July 18, 2011

Basic LDAP Configuration on CentOS

LDAP today is a standard for central authentication solution, it is a very complex subject with hundreds of features and configurable options. In this short tutorial I will not try to explain the concepts of LDAP but rather demonstrate a quick way of setting up & configuring LDAP server (OpenLDAP in our case) on CentOS 6 machine, so lets start:

1)Installation:
#yum -y install openldap openldap-servers openldap-clients migrationtools

2)Configure administrator password:
#slappasswd

Copy the hashed password into:
/etc/openldap/slapd.conf
Uncomment the line starts with rootpw and paste the output hashed password like this:
rootpw {SSHA}NJWxZ6g/z9tCJZWZzuPFAN4Uo1AQokU8

3)Next in the same file, set your DN:
suffix"dc=yourdomain,dc=com"
rootdn"cn=Manager,dc=yourdomain,dc=com"

Save changes and exit.

4)Open /etc/openldap/ldap.conf

... and add the following lines:
HOST 127.0.0.1
BASE dc=yourdomain,dc=com

Save changes and exit.

5)Copy the example DB file to your DIT directory:
#cp /usr/share/doc/openldap-servers-2.4.19/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

6)Make sure ldap is started on desired run-levels + start the server:
#chkconfig slapd on
#/etc/init.d/slapd start

7)Edit /usr/share/migrationtools/migrate_base.ph
Rename the following lines with your credentials:
$DEFAULT_MAIL_DOMAIN = "dc=yourdomain,dc=com";
$DEFAULT_BASE = "dc=yourdomain,dc=com";

Save the file.


8)Generate LDIF file with the previously edited perl script:
/usr/share/migrationtools/migrate_base.pl > /etc/openldap/yourdomain.ldif

9)Configure LDAP server logging in syslog configuration, open:/etc/syslog.conf



...and add the following lines:
#LDAP Logging
local4.debug          /var/log/slapd.log



Hup the syslog service:
#kill -HUP $(cat /var/run/syslog.pid)


Restart LDAP service:
#/etc/init.d/slapd restart


Basic configuration is done, let's try to add an object and make a search:

#ldapadd -x -a -W -D  "cn=Manager,dc=yourdomain,dc=com" -f /etc/openldap/yourdomain.ldif

*lots of objects being added*


Restart the service:
#/etc/init.d/slapd restart


Next, make a general search (for any objectclass):
#ldapsearch -x -b "dc=yourdomain,dc=com" "objectclass=*" 

# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: cn=Manager,dc=yourdomain,dc=com
# requesting: objectclass=*
#

# search result
search: 2
result: 0 Success

# numResponses: 1


You should be able to see all the object classes of your LDAP DB.


Well this is just the basics to  get you going, feel free to explore further...

Cheers.

Tuesday, July 12, 2011

Enable SNMP on Cisco Devices (part 1)

In this short tutorial I'll demonstrate how to quickly configure SNMP on your Cisco appliance and test it's working.


There will be another tutorial dealing with how to configure the SNMP manager side.


1) Let's start by logging in to your Cisco appliance (In my case I used 851 series Cisco router with IOS version 12.3).

2) Enter configuration mode:
cisco851#configure terminal

3) Set your community string and the mode (read only, read write):
cisco851(config)#snmp-server community myComunity1 RW

4) Point the appliance to the SNMP manager (in our case 192.168.2.4) , with the same community string you've set before: 

 cisco851(config)#snmp-server host 192.168.2.4 version 2c myComunity1


5) Enable the trap types you wish to monitor, for example:

cisco851(config)#snmp-server enable traps snmp linkdown linkup coldstart warmstart

6) Save the configuration:
cisco851(config)#do wr

At this point the basic configuration on the Cisco appliance is done, let's see if we able to querry the appliance from our server.

I have used Ubuntu 11.04 x64 box with "snmp" package installed.

Check it's indeed installed with:
root@ubuntu:~#dpkg --list |grep snmp
If not get it with:
root@ubuntu:~#apt-get install snmp

After snmp package has been succefully installed it's time test the configuration.

Issue the following command and see if you're able to retrieve the SNMPv1 agent  or our Cisco appliance (192.168.2.1) MIB tree list :

root@ubuntu:~#snmpwalk -v 1 -c myComunity1 192.168.2.1

At this point you should be able to list the entire tree (output was ommited), means Cisco side is configured successfully.

You can now get the desired info for monitoring purposes, like the system uptime:

root@ubuntu:~#snmpget -v 1 -c myComunity1 192.168.2.1 iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0


DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (490514418) 56 days, 18:32:24.18
 
Or our appiance hostname:

root@ubuntu:~#snmpget -v 1 -c myComunity1 192.168.2.1 iso.org.dod.internet.mgmt.mib-2.system.sysName.0


SNMPv2-MIB::sysName.0 = STRING: gw1.slsphr.net.il
 
Mission accomplished.
 
In the next SNMP article I will touch the server side configuration.
 
Cheers.