Restart ESXi management agent

ESXi 5.x
/etc/init.d/hostd restart
/etc/init.d/vpxa restart

ESXi 4.x
/etc/init.d/hostd restart
service vmware-vpxa restart

ESX:
service mgmt-vmware restart
service vmware-vpxa restart

Linux open files limit

System-wide file descriptors limits:

View:
cat /proc/sys/fs/file-max

Set:
sysctl -w fs.file-max=100000

Set persistently:
vi /etc/sysctl.conf
fs.file-max = 100000
then run sysctl -p

User level file descriptors limits:

View:
su - httpd
$ ulimit -Hn
$ ulimit -Sn

Set:
vi /etc/security/limits.conf
httpd soft nofile 4096
httpd hard nofile 10240

Force dismount VMware tools

First post in two years, been incredibly busy and blogging always sinks to the bottom of the list!

If VMware tools installer has been mounted to a VM for too long you may experience a scenario where you are unable to unmount it no matter how many times you click end or run dismount-tools. To force the dismount, run the following PowerCLI command. You may need to power off the VM if it doesn’t play ball:

Get-VM | Get-CDDrive | Set-CDDrive -NoMedia -Confirm:$false

Load Balanced Linux Web Cluster

Another example of a load balanced apache cluster, this time active-active using Pacemaker/Corosync/ldirectord.
This example is using CentOS.

10.11.1.40 – fixed IP of server1
10.11.1.41 – fixed IP of server 2
10.11.1.80 – apache site 1 (virtual IP)
10.11.1.50 – apache site 1 server 1
10.11.1.51 – apache site 1 server 2
10.11.1.90 – apache site 2 (virtual IP)
10.11.1.60 – apache site 2 server 1
10.11.1.61 – apache site 2 server 2

Some Munin Notes

Munin – its pretty handy for monitoring stuff over time to view trends. Some notes to get it up and running with a minimal config:

Install munin on monitoring server:
apt-get install munin

vi /etc/munin/munin.conf
Add something like:
[Webservers;webserver-01]
address 2.11.1.40
use_node_name yes
[Webservers;webserver-01]
address 2.11.1.40
use_node_name yes

Group by something sensible, i.e server type, location, domain?

Some LVM Notes

A few LVM notes to jog the brain

A. Steps to create the logical volume..

List the current physical volumes. In this instance, were interested in a blank 20GB SATA – /dev/sdb. You can extend a logical volume by adding additional phyical volumes later.

fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000b5a0f

High Availability Linux Web Server Example

Just a quick example of setting up a Linux HA failover environment for an Apache/MySQL web server. This runs through a Ubuntu installation, however RedHat shouldn’t vary too much.

2.11.1.24 – fixed IP of server1
2.11.1.25 – fixed IP of server2
2.11.1.30 – apache site1 (virtual IP)
2.11.1.31 – apache site2 (virtual IP)

Make sure both servers have a sensible hostname and ensure their hosts files relate to this:

etc/hosts
127.0.0.1 localhost
2.11.1.24 ubuntu-server-1.mydomain.com ubuntu-server-1
2.11.1.25 ubuntu-server-2.mydomain.com ubuntu-server-2

Some NFS Notes

A few notes on configuring NFS on RedHat or Ubuntu

The server packages to install are:
Ubuntu:
apt-get-install nfs-kernel-server nfs-common quota
RedHat:
yum install nfs-utils nfs-utils-lib quota

The client Packages are:
Ubuntu:
apt-get install nfs-common
RedHat:
yum install nfs-utils nfs-utils-lib

A few things to configure on the server:

/etc/hosts.allow
Any hosts listed here will be granted access to everything i.e
ALL: 2.11.1.2[4-5]
ALL: 192.168.1.*

Example IPTables rules for a webserver

Just a quick and basic example IPTables ruleset to secure a web/mail server:

# Allow outgoing traffic and disallow any passthroughs

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Allow traffic already established to continue

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Don’t be a Tw@t – Use At!

Sigh :( today I made a schoolboy error – making config changes to a live firewall on a remote server without giving myself any kind of safety net! Anyway, this is an example of where you should really use something like the at command to bail you out should anything go wrong:

get the current system time:
date

Schedule at to run a command 5 minutes from now:
at -m 13:50
service iptables stop
ctrl-d