Wednesday, November 5, 2014
Linux : List Ethernet Network Card Hardware and kernel driver information
# lspci | grep -i ether
03:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
03:00.1 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
03:00.2 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
03:00.3 Ethernet controller: Broadcom Corporation NetXtreme BCM5719 Gigabit Ethernet PCIe (rev 01)
24:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
24:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
# grep -i "10 Gigabit" /var/log/messages
Nov 2 19:22:00 localhost kernel: ixgbe: Intel(R) 10 Gigabit PCI Express Network Driver - version 3.15.1-k
Nov 2 19:22:00 localhost kernel: ixgbe 0000:24:00.0: Intel(R) 10 Gigabit Network Connection
Nov 2 19:22:00 localhost kernel: ixgbe 0000:24:00.1: Intel(R) 10 Gigabit Network Connection
Nov 3 09:41:46 localhost kernel: ixgbe: Intel(R) 10 Gigabit PCI Express Network Driver - version 3.15.1-k
# lsmod | grep ixgbe
ixgbe 243936 0
mdio 4769 1 ixgbe
ptp 9614 2 ixgbe,tg3
dca 7101 2 ixgbe,ioatdma
Friday, October 31, 2014
Linux : Boot Kernel to Single User Mode or Emergency Mode
http://www.linuxsv.org/training/l1_linux_boot.html
The way that uses GRUB to load the Linux Kernel can be customized directly at the console typing "e" following the instructions of the GRUB graphical menu showed at startup or directly modifying the file /etc/grub.conf:
kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup01/LogVol00 rhgb quiet s
Single user mode "s" that provides a root shell without root password check. Very useful for root password recovery.
Single user mode "s" that provides a root shell without root password check. Very useful for root password recovery.
kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup01/LogVol00 rhgb quiet emergency
Emergency mode provides a maintenance root shell after root password check.
Emergency mode provides a maintenance root shell after root password check.
kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup01/LogVol00 rhgb quiet init=/bin/sh
With this configuration you can startup the system skipping the init process. It provides a root shell after root password check.
With this configuration you can startup the system skipping the init process. It provides a root shell after root password check.
kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup01/LogVol00 rhgb quiet 5
Graphical mode startup, the default behaviour.
Graphical mode startup, the default behaviour.
kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup01/LogVol00 rhgb quiet selinux=0
SElinux can be disabled at kernel boot time with this configuration.
SElinux can be disabled at kernel boot time with this configuration.
Thursday, October 23, 2014
Linux : NFS : Some NFS file systems are not mounted after reboot
Problem : Some NFS file systems are not mounted after reboot
Solution : Add options to /etc/fstab
Original fstab :
10.11.200.101:/test /test nfs rw 0 0
After :
10.11.200.101:/test /test nfs rw,bg,hard,rsize=32768,wsize=32768,vers=3 0 0
Also the following services need to be turned on
chkconfig nfs on
chkconfig portmap on
chkconfig netfs on
Solution : Add options to /etc/fstab
Original fstab :
10.11.200.101:/test /test nfs rw 0 0
After :
10.11.200.101:/test /test nfs rw,bg,hard,rsize=32768,wsize=32768,vers=3 0 0
Also the following services need to be turned on
chkconfig nfs on
chkconfig portmap on
chkconfig netfs on
Wednesday, October 22, 2014
Oracle VM Manager : VMPinfo3
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=393004587073657&id=1521931.1
Login as root
/u01/app/oracle/ovm-manager-3/ovm_tools/support/vmpinfo3.sh --username=admin
Enter OVM Manager Password:
Gathering files from all servers. This process may take some time.
Gathering OVM Model Dump files
:
:
:
Login as root
/u01/app/oracle/ovm-manager-3/ovm_tools/support/vmpinfo3.sh --username=admin
Enter OVM Manager Password:
Gathering files from all servers. This process may take some time.
Gathering OVM Model Dump files
:
:
:
Saturday, October 18, 2014
SDN NFV readling list
http://www.nec-labs.com/~lume/sdn-reading-list.html
http://portal.etsi.org/Portals/0/TBpages/NFV/Docs/NFV_White_Paper3.pdf
http://portal.etsi.org/Portals/0/TBpages/NFV/Docs/NFV_White_Paper3.pdf
Wednesday, October 15, 2014
VMWare : Virtual Networking Concepts
http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf
VLANs in VMware Infrastructure
VLANs provide for logical groupings of stations or switch ports, allowing communications as if all stations or ports were on the same physical LAN segment. Confining broadcast traffic to a subset of the switch ports or end users saves significant amounts of network bandwidth and processor time.
In order to support VLANs for VMware Infrastructure users, one of the elements on the virtual or physical network has to tag the Ethernet frames with 802.1Q tag, as shown in Figure 3. There are three different configuration modes to tag (and untag) the packets for virtual machine frames.
• Virtual switch tagging (VST mode) — This is the most common configuration. In this mode, you provision one port group on a virtual switch for each VLAN, then attach the virtual machine’s virtual adapter to the port group instead of the virtual switch directly. The virtual switch port group tags all outbound frames and removes tags for all inbound frames. It also ensures that frames on one VLAN do not leak into a different VLAN.
Use of this mode requires that the physical switch provide a trunk.
Virtual machine guest tagging (VGT mode) — You may install an 802.1Q VLAN trunking driver inside the virtual machine, and tags will be preserved between the virtual machine networking stack and external switch when frames are passed from or to virtual switches. The format for the header of a packet tagged in this way is shown in Figure 3.
Use of this mode requires that the physical switch provide a trunk.
• External switch tagging (EST mode) — You may use external switches for VLAN tagging. This is similar to a physical network, and VLAN configuration is normally transparent to each individual physical server.
There is no need to provide a trunk in these environments.
For details on using VLANs with VMware Infrastructure, see the white paper titled VMware ESX Server 3 802.1Q VLAN Solutions, available from the VMTN Web site (http://www.vmware.com/vmtn/).
VLANs in VMware Infrastructure
VLANs provide for logical groupings of stations or switch ports, allowing communications as if all stations or ports were on the same physical LAN segment. Confining broadcast traffic to a subset of the switch ports or end users saves significant amounts of network bandwidth and processor time.
In order to support VLANs for VMware Infrastructure users, one of the elements on the virtual or physical network has to tag the Ethernet frames with 802.1Q tag, as shown in Figure 3. There are three different configuration modes to tag (and untag) the packets for virtual machine frames.
• Virtual switch tagging (VST mode) — This is the most common configuration. In this mode, you provision one port group on a virtual switch for each VLAN, then attach the virtual machine’s virtual adapter to the port group instead of the virtual switch directly. The virtual switch port group tags all outbound frames and removes tags for all inbound frames. It also ensures that frames on one VLAN do not leak into a different VLAN.
Use of this mode requires that the physical switch provide a trunk.
Virtual machine guest tagging (VGT mode) — You may install an 802.1Q VLAN trunking driver inside the virtual machine, and tags will be preserved between the virtual machine networking stack and external switch when frames are passed from or to virtual switches. The format for the header of a packet tagged in this way is shown in Figure 3.
Use of this mode requires that the physical switch provide a trunk.
• External switch tagging (EST mode) — You may use external switches for VLAN tagging. This is similar to a physical network, and VLAN configuration is normally transparent to each individual physical server.
There is no need to provide a trunk in these environments.
For details on using VLANs with VMware Infrastructure, see the white paper titled VMware ESX Server 3 802.1Q VLAN Solutions, available from the VMTN Web site (http://www.vmware.com/vmtn/).
Thursday, October 9, 2014
netcat cheat sheet
http://alexandreborgesbrazil.files.wordpress.com/2013/10/netcat_cheat_sheet_v1.pdf
Oracle VM Manager document
http://www.biztech.com/collateral/CollaborateSessions/ConfiguringMultipleVLAN%27s.pdf
http://mokumsolutions.com/chapter-7-oracle-vm-networking-8021q
http://alexandreborges.org/2013/12/09/fundamental-concepts-for-vlan-networkswith-oracle-vm-server-for-x86/
http://www.oracle.com/technetwork/articles/servers-storage-admin/vlan-networking-2047178.html
http://oraclevmsig.wordpress.com/2013/05/26/oracle-vm-useful-mos-ids/
http://linuxtechres.blogspot.com/2012/08/how-to-build-oracle-vm-manager-311.html
Tuesday, October 7, 2014
Linux : brctl
# brctl show
bridge name bridge id STP enabled interfaces
104dcfa38e 8000.a0d3c1f34980 no eth0
vif19.0
vif19.0-emu
vif21.0
108b829071 8000.a0d3c1f34983 no eth3
vif19.1
vif19.1-emu
vif21.1
# brctl showstp 108b829071
108b829071
bridge id 8000.a0d3c1f34983
designated root 8000.a0d3c1f34983
root port 0 path cost 0
max age 20.00 bridge max age 20.00
hello time 2.00 bridge hello time 2.00
forward delay 0.00 bridge forward delay 0.00
ageing time 300.00
hello timer 0.27 tcn timer 0.00
topology change timer 0.00 gc timer 8.36
hash elasticity 4 hash max 512
mc last member count 2 mc init query count 2
mc router 1 mc snooping 0
mc last member timer 1.00 mc membership timer 260.00
mc querier timer 255.00 mc query interval 125.00
mc response interval 10.00 mc init query interval 31.25
flags
eth3 (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 4
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
vif19.1 (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 100
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8003 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
vif19.1-emu (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 100
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8004 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
vif21.1 (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 100
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8002 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
# brctl showmacs 108b829071
bridge name bridge id STP enabled interfaces
104dcfa38e 8000.a0d3c1f34980 no eth0
vif19.0
vif19.0-emu
vif21.0
108b829071 8000.a0d3c1f34983 no eth3
vif19.1
vif19.1-emu
vif21.1
# brctl showstp 108b829071
108b829071
bridge id 8000.a0d3c1f34983
designated root 8000.a0d3c1f34983
root port 0 path cost 0
max age 20.00 bridge max age 20.00
hello time 2.00 bridge hello time 2.00
forward delay 0.00 bridge forward delay 0.00
ageing time 300.00
hello timer 0.27 tcn timer 0.00
topology change timer 0.00 gc timer 8.36
hash elasticity 4 hash max 512
mc last member count 2 mc init query count 2
mc router 1 mc snooping 0
mc last member timer 1.00 mc membership timer 260.00
mc querier timer 255.00 mc query interval 125.00
mc response interval 10.00 mc init query interval 31.25
flags
eth3 (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 4
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
vif19.1 (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 100
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8003 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
vif19.1-emu (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 100
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8004 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
vif21.1 (0)
port id 0000 state forwarding
designated root 8000.a0d3c1f34983 path cost 100
designated bridge 8000.a0d3c1f34983 message age timer 0.00
designated port 8002 forward delay timer 0.00
designated cost 0 hold timer 0.00
mc router 1
flags
# brctl showmacs 108b829071
Linux : tcpdump
# tcpdump -D
1.eth0
2.nflog (Linux netfilter log (NFLOG) interface)
3.nfqueue (Linux netfilter queue (NFQUEUE) interface)
4.usbmon1 (USB bus number 1)
5.eth2
6.usbmon2 (USB bus number 2)
7.usbmon3 (USB bus number 3)
8.usbmon4 (USB bus number 4)
9.usbmon5 (USB bus number 5)
10.usbmon6 (USB bus number 6)
11.any (Pseudo-device that captures on all interfaces)
12.lo
Now we ping from server A to server B
On Server A :
# ping (IP of server B)
On Server A :
# tcpdump -i 5 host (IP of server A) and (IP of server B)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
17:18:34.267810 (IP ServerA) > (IP of server B) : ICMP echo request, id 29773, seq 86, length 64
17:18:34.268159 IP (IP of server B) > (Server A): ICMP echo reply, id 29773, seq 86, length 64
1.eth0
2.nflog (Linux netfilter log (NFLOG) interface)
3.nfqueue (Linux netfilter queue (NFQUEUE) interface)
4.usbmon1 (USB bus number 1)
5.eth2
6.usbmon2 (USB bus number 2)
7.usbmon3 (USB bus number 3)
8.usbmon4 (USB bus number 4)
9.usbmon5 (USB bus number 5)
10.usbmon6 (USB bus number 6)
11.any (Pseudo-device that captures on all interfaces)
12.lo
Now we ping from server A to server B
On Server A :
# ping (IP of server B)
On Server A :
# tcpdump -i 5 host (IP of server A) and (IP of server B)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
17:18:34.267810 (IP ServerA) > (IP of server B) : ICMP echo request, id 29773, seq 86, length 64
17:18:34.268159 IP (IP of server B) > (Server A): ICMP echo reply, id 29773, seq 86, length 64
Thursday, October 2, 2014
Tuesday, September 30, 2014
Linux : Multipath
Server A :
# multipath -ll
3600a098044316b37365d436b476e564f dm-2 NETAPP,LUN C-Mode
size=15G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:0:2 sdd 8:48 active ready running
| |- 1:0:1:2 sdg 8:96 active ready running
| |- 2:0:0:2 sdp 8:240 active ready running
| `- 2:0:1:2 sds 65:32 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:2:2 sdj 8:144 active ready running
|- 1:0:3:2 sdm 8:192 active ready running
|- 2:0:2:2 sdv 65:80 active ready running
`- 2:0:3:2 sdy 65:128 active ready running
3600a098044316b37305d44353075674e dm-1 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:1 sdi 8:128 active ready running
| |- 1:0:3:1 sdl 8:176 active ready running
| |- 2:0:2:1 sdu 65:64 active ready running
| `- 2:0:3:1 sdx 65:112 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:1 sdc 8:32 active ready running
|- 1:0:1:1 sdf 8:80 active ready running
|- 2:0:0:1 sdo 8:224 active ready running
`- 2:0:1:1 sdr 65:16 active ready running
3600a098044316b37305d44353075674d dm-0 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:0 sdh 8:112 active ready running
| |- 1:0:3:0 sdk 8:160 active ready running
| |- 2:0:2:0 sdt 65:48 active ready running
| `- 2:0:3:0 sdw 65:96 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:0 sdb 8:16 active ready running
|- 1:0:1:0 sde 8:64 active ready running
|- 2:0:0:0 sdn 8:208 active ready running
`- 2:0:1:0 sdq 65:0 active ready running
Server B:
# multipath -ll
3600a098044316b37365d436b476e564f dm-2 NETAPP,LUN C-Mode
size=15G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:0:2 sdd 8:48 active ready running
| |- 1:0:1:2 sdg 8:96 active ready running
| |- 2:0:0:2 sdp 8:240 active ready running
| `- 2:0:1:2 sds 65:32 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:2:2 sdj 8:144 active ready running
|- 1:0:3:2 sdm 8:192 active ready running
|- 2:0:2:2 sdv 65:80 active ready running
`- 2:0:3:2 sdy 65:128 active ready running
3600a098044316b37305d44353075674e dm-1 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:1 sdi 8:128 active ready running
| |- 1:0:3:1 sdl 8:176 active ready running
| |- 2:0:2:1 sdu 65:64 active ready running
| `- 2:0:3:1 sdx 65:112 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:1 sdc 8:32 active ready running
|- 1:0:1:1 sdf 8:80 active ready running
|- 2:0:0:1 sdo 8:224 active ready running
`- 2:0:1:1 sdr 65:16 active ready running
3600a098044316b37305d44353075674d dm-0 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:0 sdh 8:112 active ready running
| |- 1:0:3:0 sdk 8:160 active ready running
| |- 2:0:2:0 sdt 65:48 active ready running
| `- 2:0:3:0 sdw 65:96 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:0 sdb 8:16 active ready running
|- 1:0:1:0 sde 8:64 active ready running
|- 2:0:0:0 sdn 8:208 active ready running
`- 2:0:1:0 sdq 65:0 active ready running
# multipath -ll
3600a098044316b37365d436b476e564f dm-2 NETAPP,LUN C-Mode
size=15G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:0:2 sdd 8:48 active ready running
| |- 1:0:1:2 sdg 8:96 active ready running
| |- 2:0:0:2 sdp 8:240 active ready running
| `- 2:0:1:2 sds 65:32 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:2:2 sdj 8:144 active ready running
|- 1:0:3:2 sdm 8:192 active ready running
|- 2:0:2:2 sdv 65:80 active ready running
`- 2:0:3:2 sdy 65:128 active ready running
3600a098044316b37305d44353075674e dm-1 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:1 sdi 8:128 active ready running
| |- 1:0:3:1 sdl 8:176 active ready running
| |- 2:0:2:1 sdu 65:64 active ready running
| `- 2:0:3:1 sdx 65:112 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:1 sdc 8:32 active ready running
|- 1:0:1:1 sdf 8:80 active ready running
|- 2:0:0:1 sdo 8:224 active ready running
`- 2:0:1:1 sdr 65:16 active ready running
3600a098044316b37305d44353075674d dm-0 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:0 sdh 8:112 active ready running
| |- 1:0:3:0 sdk 8:160 active ready running
| |- 2:0:2:0 sdt 65:48 active ready running
| `- 2:0:3:0 sdw 65:96 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:0 sdb 8:16 active ready running
|- 1:0:1:0 sde 8:64 active ready running
|- 2:0:0:0 sdn 8:208 active ready running
`- 2:0:1:0 sdq 65:0 active ready running
Server B:
# multipath -ll
3600a098044316b37365d436b476e564f dm-2 NETAPP,LUN C-Mode
size=15G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:0:2 sdd 8:48 active ready running
| |- 1:0:1:2 sdg 8:96 active ready running
| |- 2:0:0:2 sdp 8:240 active ready running
| `- 2:0:1:2 sds 65:32 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:2:2 sdj 8:144 active ready running
|- 1:0:3:2 sdm 8:192 active ready running
|- 2:0:2:2 sdv 65:80 active ready running
`- 2:0:3:2 sdy 65:128 active ready running
3600a098044316b37305d44353075674e dm-1 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:1 sdi 8:128 active ready running
| |- 1:0:3:1 sdl 8:176 active ready running
| |- 2:0:2:1 sdu 65:64 active ready running
| `- 2:0:3:1 sdx 65:112 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:1 sdc 8:32 active ready running
|- 1:0:1:1 sdf 8:80 active ready running
|- 2:0:0:1 sdo 8:224 active ready running
`- 2:0:1:1 sdr 65:16 active ready running
3600a098044316b37305d44353075674d dm-0 NETAPP,LUN C-Mode
size=500G features='4 queue_if_no_path pg_init_retries 50 retain_attached_hw_handle' hwhandler='0' wp=rw
|-+- policy='round-robin 0' prio=50 status=active
| |- 1:0:2:0 sdh 8:112 active ready running
| |- 1:0:3:0 sdk 8:160 active ready running
| |- 2:0:2:0 sdt 65:48 active ready running
| `- 2:0:3:0 sdw 65:96 active ready running
`-+- policy='round-robin 0' prio=10 status=enabled
|- 1:0:0:0 sdb 8:16 active ready running
|- 1:0:1:0 sde 8:64 active ready running
|- 2:0:0:0 sdn 8:208 active ready running
`- 2:0:1:0 sdq 65:0 active ready running
Linux : Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)
https://access.redhat.com/articles/1200223
Diagnostic Steps:
If your system is not vulnerable, you will see output similar to:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test
If your system is vulnerable, you will see output similar to:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
test
If the output of the above command contains a line containing only the word
If your system is not vulnerable, you will see output similar to:
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
If your system is vulnerable, the time and date information will be output on the screen and a file called /tmp/echo will be created.
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Tue Sep 30 09:57:39 EDT 2014
$ ls -ld /tmp/echo
-rw-rw-r-- 1 abcd abcd 29 Sep 30 09:57 /tmp/echo
Solution :
If your system is vulnerable, you can fix these issues by updating to the most recent version of the Bash package by running the following command:
Diagnostic Steps:
If your system is not vulnerable, you will see output similar to:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test
If your system is vulnerable, you will see output similar to:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
test
If the output of the above command contains a line containing only the word
vulnerable you are using a vulnerable version of Bash. The patch
used to fix this issue ensures that no code is allowed after the end of a Bash
functionIf your system is not vulnerable, you will see output similar to:
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
If your system is vulnerable, the time and date information will be output on the screen and a file called /tmp/echo will be created.
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Tue Sep 30 09:57:39 EDT 2014
$ ls -ld /tmp/echo
-rw-rw-r-- 1 abcd abcd 29 Sep 30 09:57 /tmp/echo
Solution :
If your system is vulnerable, you can fix these issues by updating to the most recent version of the Bash package by running the following command:
# yum update bash
Monday, September 29, 2014
Oracle VM Manager : OVMAPI_2005E Summary: Server Cluster Failure, Description: Failed to destroy cluster
Oracle VM Manager version : 3.3.1
Problem : When trying to destroy a cluster, got the following error :
com.oracle.odof.exception.ObjectException: Caught during invoke method: com.oracle.ovm.mgr.api.exception.IllegalOperationException: OVMAPI_2005E "[ServerDbImpl] 32:33:35:36:30:30:53:55:45:34:33:30:33:4c:30:35 (xxxxxxxxx)" contains a component "32:33:35:36:30:30:53:55:45:34:33:30:33:4c:30:35" in error. Error event: server.cluster.failure., Summary: Server Cluster Failure, Description: Failed to destroy cluster
OVMEVT_003503D_000 Server reboot is required.. [Fri Sep 26 14:17:58 EDT 2014]
Solution :
# ssh -l admin -p 10000 loopback
:
:
:
:
:
Problem : When trying to destroy a cluster, got the following error :
com.oracle.odof.exception.ObjectException: Caught during invoke method: com.oracle.ovm.mgr.api.exception.IllegalOperationException: OVMAPI_2005E "[ServerDbImpl] 32:33:35:36:30:30:53:55:45:34:33:30:33:4c:30:35 (xxxxxxxxx)" contains a component "32:33:35:36:30:30:53:55:45:34:33:30:33:4c:30:35" in error. Error event: server.cluster.failure., Summary: Server Cluster Failure, Description: Failed to destroy cluster
OVMEVT_003503D_000 Server reboot is required.. [Fri Sep 26 14:17:58 EDT 2014]
Solution :
# ssh -l admin -p 10000 loopback
OVM> list filesystem
Command: list filesystem
Status: Success
Time: 2014-09-26 11:29:14,457 EDT
Data:
::
:
id:0004fb00000500005f792a3625f957de
name:
::
:
:
OVM> delete filesystem
id=0004fb00000500005f792a3625f957de
Command: delete filesystem
id=0004fb00000500005f792a3625f957de
Status: Success
Time: 2014-09-26 11:40:12,672 EDT
JobId: 1411746009613
After that we can destroy the server pool
Wednesday, September 24, 2014
Linux : ssh not working due to wrong key file permission
Problem: ssh not working due to wrong key file permission
In /var/log/messages
Sep 15 05:21:51 localhost sshd[21043]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sep 15 05:21:51 localhost sshd[21043]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Sep 15 05:21:51 localhost sshd[21043]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sep 15 05:21:51 localhost sshd[21043]: error: Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
Sep 15 05:21:51 localhost sshd[21043]: error: It is required that your private key files are NOT accessible by others.
Sep 15 05:21:51 localhost sshd[21043]: error: This private key will be ignored.
Sep 15 05:21:51 localhost sshd[21043]: error: bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Sep 15 05:21:51 localhost sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Solution : change the file permission back to read-able by root only
In /var/log/messages
Sep 15 05:21:51 localhost sshd[21043]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sep 15 05:21:51 localhost sshd[21043]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Sep 15 05:21:51 localhost sshd[21043]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sep 15 05:21:51 localhost sshd[21043]: error: Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
Sep 15 05:21:51 localhost sshd[21043]: error: It is required that your private key files are NOT accessible by others.
Sep 15 05:21:51 localhost sshd[21043]: error: This private key will be ignored.
Sep 15 05:21:51 localhost sshd[21043]: error: bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Sep 15 05:21:51 localhost sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Solution : change the file permission back to read-able by root only
Tuesday, September 23, 2014
Marketing Technology Landscape Supergraphic (2014)
http://chiefmartec.com/2014/01/marketing-technology-landscape-supergraphic-2014/
Tuesday, September 16, 2014
SDN, Network Virtualization, And NFV In A Nutshell
http://www.networkcomputing.com/networking/sdn-network-virtualization-and-nfv-in-a-nutshell/a/d-id/1315755
The networking industry is awash in new terminology. Here is a quick guide to three of the hottest concepts in networking today.
Software-defined networking
SDN is probably the most heavily used (and overused) term of the three. It generally means separating a data network's control functions from its packet forwarding functions. Why separate these functions? There are three main reasons being pushed by different solution sets in the networking industry right now.
First, the separation of hardware and software can allow vendors that specialize in each component to focus on bringing successful products to market in an independent, interoperable way. This, in turn, allows end users to select a combination of hardware and software that best suits their needs. This aspect of SDN is often called the "white-box" movement, harkening back to early white box personal computers, which were themselves decoupled from the operating systems that ran on them and sold largely as a collection of commodity components at a lower price than a fully integrated solution, such as an IBM PC or a Macintosh.
Not all SDN use cases necessitate (or even support) purchasing hardware and software developed independently, but the trend is growing. The result is value being driven into the networking software while the hardware vendors focus on reducing the cost of the commodity physical components.
Second, the decoupling of networking hardware and software allows for centralization of the control portion (called the control plane) while keeping the actual packet forwarding function (the forwarding plane) distributed across many physical network switches. This provides a means to configure, monitor, troubleshoot, and automate a large network built of many discrete hardware components as a single network "fabric."
The centralized control plane can then enable new or different forwarding behaviors and broader, more precise control of traffic flow. Many products that encompass data center fabrics and flow control methods such as OpenFlow leverage this facet of SDN.
Finally, the term SDN often goes hand in hand with the idea of network programmability: using homegrown or commercial tools that can interact closely with the software-based control plane to affect their configuration and behavior. By providing application programming interfaces (APIs) into the centralized SDN network control function and the information that supports the forwarding function, network management applications, provisioning tools, and homegrown scripts have a single point of interaction with the network that can greatly improve their effectiveness.
Network virtualization
Network virtualization refers to the virtualization of network resources or pathways to achieve application or tenant isolation. This isolation is often desirable for a variety of reasons, including scalability, fault isolation, security, and network abstraction. Isolation is sometimes accomplished with technologies that create virtual instances of a physical device, such as load balancers or firewall appliances that support being split into multiple virtual devices for different purposes.
Routers and Layer 3 switches can be virtualized using technologies such as virtual routing and forwarding instances (VRFs) to virtualize and isolate IP routing tables and routing functions. Ethernet switches support VLANs to provide Layer 2 path isolation and virtually carve up the broadcast domain of a single physical switch into multiple logical ones.
These techniques are often used in combination to provide a completely separate network environment for an application, business unit, or data center tenant. Path isolation and network virtualization can also be achieved using newer techniques like overlay network technologies such as VXLAN and NVGRE. This method provides tenant separation, containerization, and isolation as well as scalability. Another means for path isolation is flow manipulation using SDN technologies like OpenFlow.
There are various benefits and drawbacks to each of these network virtualization techniques, and there are situations in which they complement or conflict with one another. Detailed exploration of these pros and cons is beyond the scope of this article.
Network functions virtualization
NFV describes the concept of taking a function that traditionally runs on a dedicated network appliance -- usually a large appliance in the center of the network, shared by many tenants or applications -- and running those functions as virtual machines on the virtual server infrastructure (or sometimes dedicated virtualization resources).
The drawbacks of the traditional approach of monster firewalls or load balancers sitting in the middle of the network are numerous: They represent a large, shared fault domain and are typically very expensive because they must be sized for peak capacity (and thus are usually chronically underutilized). They also make it difficult to provide customers or users with configuration and monitoring access, or to perform maintenance without impacting multiple applications or tenants.
Major advances in the power of x86 microprocessors and compute virtualization technology have driven the success of NFV. Specialized hardware is increasingly unnecessary for many functions with virtual server hosts containing such powerful compute nodes. Once virtualized, those functions can be placed closer to where they are needed, containerized with an application or tenant, and replicated easily for building new, duplicate, or backup environments.
Fault domains are reduced to the specific container in which the function exists, and maintenance activities becomes easier, because multiple application owners don't need to agree on a common maintenance window for a software upgrade or other changes. NFV is usually used for upper-layer networking devices like firewalls, load balancers, NATs, and VPN appliances.
Virtualized network functions may rely on path isolation and containerization to ensure they are used by the intended application, such as ensuring a firewall is the default gateway for a containerized, isolated application. NFV may also rely on SDN flow programming techniques to force traffic through one or more virtualized network functions -- a process called service chaining.
NFV, SDN, and network virtualization are related when considering ways to design and implement a modern, scalable, secure, and highly available data center environment for multiple applications or tenants. Each topic has enough depth to warrant many volumes of material, but the goal of this post was to define the basics of each term and the basic means in which they are interdependent in modern data center implementation.
The networking industry is awash in new terminology. Here is a quick guide to three of the hottest concepts in networking today.
Over
the past several years, there's been an explosion of new networking
concepts and terminology resulting from trends in data center
technologies and virtualization. Terms like software-defined networking
(SDN), network virtualization, and network functions virtualization
(NFV) are used frequently in technical talks, vendor marketing material,
and blogs.
Many networking professionals have a tenuous grasp on just
what those terms mean and how they relate to one another. In this post, I
will provide a basic working definition for each.Software-defined networking
SDN is probably the most heavily used (and overused) term of the three. It generally means separating a data network's control functions from its packet forwarding functions. Why separate these functions? There are three main reasons being pushed by different solution sets in the networking industry right now.
First, the separation of hardware and software can allow vendors that specialize in each component to focus on bringing successful products to market in an independent, interoperable way. This, in turn, allows end users to select a combination of hardware and software that best suits their needs. This aspect of SDN is often called the "white-box" movement, harkening back to early white box personal computers, which were themselves decoupled from the operating systems that ran on them and sold largely as a collection of commodity components at a lower price than a fully integrated solution, such as an IBM PC or a Macintosh.
Not all SDN use cases necessitate (or even support) purchasing hardware and software developed independently, but the trend is growing. The result is value being driven into the networking software while the hardware vendors focus on reducing the cost of the commodity physical components.
Second, the decoupling of networking hardware and software allows for centralization of the control portion (called the control plane) while keeping the actual packet forwarding function (the forwarding plane) distributed across many physical network switches. This provides a means to configure, monitor, troubleshoot, and automate a large network built of many discrete hardware components as a single network "fabric."
The centralized control plane can then enable new or different forwarding behaviors and broader, more precise control of traffic flow. Many products that encompass data center fabrics and flow control methods such as OpenFlow leverage this facet of SDN.
Finally, the term SDN often goes hand in hand with the idea of network programmability: using homegrown or commercial tools that can interact closely with the software-based control plane to affect their configuration and behavior. By providing application programming interfaces (APIs) into the centralized SDN network control function and the information that supports the forwarding function, network management applications, provisioning tools, and homegrown scripts have a single point of interaction with the network that can greatly improve their effectiveness.
Network virtualization
Network virtualization refers to the virtualization of network resources or pathways to achieve application or tenant isolation. This isolation is often desirable for a variety of reasons, including scalability, fault isolation, security, and network abstraction. Isolation is sometimes accomplished with technologies that create virtual instances of a physical device, such as load balancers or firewall appliances that support being split into multiple virtual devices for different purposes.
Routers and Layer 3 switches can be virtualized using technologies such as virtual routing and forwarding instances (VRFs) to virtualize and isolate IP routing tables and routing functions. Ethernet switches support VLANs to provide Layer 2 path isolation and virtually carve up the broadcast domain of a single physical switch into multiple logical ones.
These techniques are often used in combination to provide a completely separate network environment for an application, business unit, or data center tenant. Path isolation and network virtualization can also be achieved using newer techniques like overlay network technologies such as VXLAN and NVGRE. This method provides tenant separation, containerization, and isolation as well as scalability. Another means for path isolation is flow manipulation using SDN technologies like OpenFlow.
There are various benefits and drawbacks to each of these network virtualization techniques, and there are situations in which they complement or conflict with one another. Detailed exploration of these pros and cons is beyond the scope of this article.
Network functions virtualization
NFV describes the concept of taking a function that traditionally runs on a dedicated network appliance -- usually a large appliance in the center of the network, shared by many tenants or applications -- and running those functions as virtual machines on the virtual server infrastructure (or sometimes dedicated virtualization resources).
The drawbacks of the traditional approach of monster firewalls or load balancers sitting in the middle of the network are numerous: They represent a large, shared fault domain and are typically very expensive because they must be sized for peak capacity (and thus are usually chronically underutilized). They also make it difficult to provide customers or users with configuration and monitoring access, or to perform maintenance without impacting multiple applications or tenants.
Major advances in the power of x86 microprocessors and compute virtualization technology have driven the success of NFV. Specialized hardware is increasingly unnecessary for many functions with virtual server hosts containing such powerful compute nodes. Once virtualized, those functions can be placed closer to where they are needed, containerized with an application or tenant, and replicated easily for building new, duplicate, or backup environments.
Fault domains are reduced to the specific container in which the function exists, and maintenance activities becomes easier, because multiple application owners don't need to agree on a common maintenance window for a software upgrade or other changes. NFV is usually used for upper-layer networking devices like firewalls, load balancers, NATs, and VPN appliances.
Virtualized network functions may rely on path isolation and containerization to ensure they are used by the intended application, such as ensuring a firewall is the default gateway for a containerized, isolated application. NFV may also rely on SDN flow programming techniques to force traffic through one or more virtualized network functions -- a process called service chaining.
NFV, SDN, and network virtualization are related when considering ways to design and implement a modern, scalable, secure, and highly available data center environment for multiple applications or tenants. Each topic has enough depth to warrant many volumes of material, but the goal of this post was to define the basics of each term and the basic means in which they are interdependent in modern data center implementation.
Monday, September 15, 2014
Linux : 7Zip
Download 7Zip from http://sourceforge.net/projects/p7zip/
After download :
cd p7zip_9.20.1
make all
# p7zip_9.20.1/bin/7za x cloudera-quickstart-vm-5.1.0-1-kvm.7z
7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs)
Processing archive: cloudera-quickstart-vm-5.1.0-1-kvm.7z
Extracting cloudera-quickstart-vm-5.1.0-1-kvm/cloudera-quickstart-vm-5.1.0-1-kvm.qcow2
Extracting cloudera-quickstart-vm-5.1.0-1-kvm
Everything is Ok
Folders: 1
Files: 1
Size: 32828686336
Compressed: 3112562928
After download :
cd p7zip_9.20.1
make all
# p7zip_9.20.1/bin/7za x cloudera-quickstart-vm-5.1.0-1-kvm.7z
7-Zip (A) [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs)
Processing archive: cloudera-quickstart-vm-5.1.0-1-kvm.7z
Extracting cloudera-quickstart-vm-5.1.0-1-kvm/cloudera-quickstart-vm-5.1.0-1-kvm.qcow2
Extracting cloudera-quickstart-vm-5.1.0-1-kvm
Everything is Ok
Folders: 1
Files: 1
Size: 32828686336
Compressed: 3112562928
Friday, September 12, 2014
Solaris 11 : Show FCP device
# cfgadm -al -o show_FCP_dev
Ap_Id Type Receptacle Occupant Condition
c5 fc-fabric connected configured unknown
c5::201b00a0983f416c,0 disk connected configured unknown
c5::201c00a0983f416c,0 disk connected configured unknown
c5::201d00a0983f416c,0 disk connected configured unknown
c5::201e00a0983f416c,0 disk connected configured unknown
c6 fc-fabric connected configured unknown
c6::201b00a0983f416c,0 disk connected configured unknown
c6::201c00a0983f416c,0 disk connected configured unknown
c6::201d00a0983f416c,0 disk connected configured unknown
c6::201e00a0983f416c,0 disk connected configured unknown
# cfgadm -al -o show_FCP_dev c5 c6
Ap_Id Type Receptacle Occupant Condition
c5 fc-fabric connected configured unknown
c5::201b00a0983f416c,0 disk connected configured unknown
c5::201c00a0983f416c,0 disk connected configured unknown
c5::201d00a0983f416c,0 disk connected configured unknown
c5::201e00a0983f416c,0 disk connected configured unknown
c6 fc-fabric connected configured unknown
c6::201b00a0983f416c,0 disk connected configured unknown
c6::201c00a0983f416c,0 disk connected configured unknown
c6::201d00a0983f416c,0 disk connected configured unknown
c6::201e00a0983f416c,0 disk connected configured unknown
# cfgadm
Ap_Id Type Receptacle Occupant Condition
c2 scsi-sas connected configured unknown
c3 scsi-sas connected configured unknown
c4 scsi-sas connected unconfigured unknown
c5 fc-fabric connected configured unknown
c6 fc-fabric connected configured unknown
c7 scsi-sas connected configured unknown
c8 scsi-sas connected unconfigured unknown
usb0/1 unknown empty unconfigured ok
usb0/2 unknown empty unconfigured ok
usb0/3 unknown empty unconfigured ok
usb0/4 unknown empty unconfigured ok
usb0/5 usb-hub connected configured ok
usb0/5.1 unknown empty unconfigured ok
usb0/5.2 usb-communi connected configured ok
usb0/5.3 unknown empty unconfigured ok
usb0/5.4 unknown empty unconfigured ok
usb0/6 unknown empty unconfigured ok
usb0/7 unknown empty unconfigured ok
usb0/8 usb-hub connected configured ok
usb0/8.1 unknown empty unconfigured ok
usb0/8.2 unknown empty unconfigured ok
usb0/8.3 unknown empty unconfigured ok
usb0/8.4 unknown empty unconfigured ok
Subscribe to:
Posts (Atom)