Bryan White | Linux Systems, Motorcycles, Craft Brews

Specify NFS Server Ports in Ubuntu Linux

By Bryan | Published: February 7, 2012

By default, several of NFS’s supporting services choose random ports to run on at start-time. This can be problematic if your goal is to restrict access to NFS via a firewall. Here’s a quick overview of the changes I made in Ubuntu 10.04 to bind all NFS-related services to static ports.

Configure statd to listen on port 4000:

[root@server1 ~]# cat /etc/default/nfs-common 
NEED_STATD=
STATDOPTS="--port 4000"
NEED_IDMAPD=
NEED_GSSD=
[root@server1 ~]#

Set lockd to listen on port 4001. You can create the options.conf file if it doesn’t exist.

[root@server1 ~]# cat /etc/modprobe.d/options.conf 
options lockd nlm_udpport=4001 nlm_tcpport=4001
[root@server1 ~]#

Add lockd to /etc/modules, to be loaded at boot:

[root@server1 ~]# cat /etc/modules
loop
lp
rtc
lockd
[root@server1 ~]#

Configure mountd to listen on 4002:

[root@server1 ~]# cat /etc/default/nfs-kernel-server 
RPCNFSDCOUNT=8
RPCNFSDPRIORITY=0
RPCMOUNTDOPTS="--manage-gids -p 4002"
NEED_SVCGSSD=
RPCSVCGSSDOPTS=
[root@server1 ~]#

Once you’ve done the above, reboot your machine. When it comes back up, your rpcinfo output should look nice and clean like this:

[root@server1 ~]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp   4000  status
    100024    1   tcp   4000  status
    100021    1   udp   4001  nlockmgr
    100021    3   udp   4001  nlockmgr
    100021    4   udp   4001  nlockmgr
    100021    1   tcp   4001  nlockmgr
    100021    3   tcp   4001  nlockmgr
    100021    4   tcp   4001  nlockmgr
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp   4002  mountd
    100005    1   tcp   4002  mountd
    100005    2   udp   4002  mountd
    100005    2   tcp   4002  mountd
    100005    3   udp   4002  mountd
    100005    3   tcp   4002  mountd
[root@server1 ~]#

You can now proceed with permitting access to these ports through your firewall as needed.

Posted in System Administration | Tagged admin, linux, nfs, security, sysadmin, ubuntu | Leave a comment

Xen Free Memory Bash Script

By Bryan | Published: December 16, 2011

This probably isn’t 100% accurate, but it gets you in the ballpark:

#!/bin/bash
total_memory=$(xm info | grep total_memory | awk '{print $3}')
used_memory=$(xm list | grep -v VCPU | awk '{SUM += $3} END {print SUM}')
remaining=$((total_memory-used_memory))
 
echo -e 'Total Memory:\t'$total_memory'MB ('$((total_memory/1024))'GB)'
echo -e 'Memory Used:\t'$used_memory'MB ('$((used_memory/1024))'GB)'
echo -e 'Remaining:\t'$remaining'MB ('$((remaining/1024))'GB)'

Basically pulls total memory from ‘xm info’ and sums up allocated memory from ‘xm list’, then subtracts and prints out how much you’ve got available to allocate to new VMs.

Posted in System Administration | Tagged bash, linux, script, xen | Leave a comment

Change is Good

By Bryan | Published: August 1, 2011

“It is a law of nature we overlook, that intellectual versatility is the compensation for change, danger, and trouble. An animal perfectly in harmony with its environment is a perfect mechanism. Nature never appeals to intelligence until habit and instinct are useless. There is no intelligence where there is no change and no need of change.”

– H. G. Wells, from The Time Machine

Posted in Life | Tagged change, life, quotes | Leave a comment

Ubuntu Install Wine from Source

By Bryan | Published: July 26, 2011

This is mainly just for my own notes, but maybe you’ll find it useful.

sudo add-apt-repository ppa:ubuntu-wine/ppa
sudo apt-get build-dep wine1.3
sudo apt-get install git-core
git clone git://source.winehq.org/git/wine.git ~/wine-git
cd ~/wine-git
./configure
make depend
make
sudo make install

This worked fine for me on Ubuntu 11.04 64-bit. Enjoy!

Posted in System Administration | Tagged admin, linux, ubuntu, wine | Leave a comment

Rebuild Plesk 10 Apache Configuration Files

By Bryan | Published: July 13, 2011

In a previous article, I described how to rebuild the Apache configuration on a Plesk 9 server. It appears that in Plesk 10 this now should be done with the httpdmng command, and attempting to run websrvmng returns this message:

[root@server1 ~]# /usr/local/psa/admin/bin/websrvmng -av
WARNING: You are using obsolete option, use corresponding option of httpdmng.

That may complete successfully now, but in the future it will likely be deprecated on Plesk 10 and beyond. The correct way to rebuild the Apache configuration on Plesk 10 is as follows.

First, this particular client had deleted several virtualhost include files, and the fact that they didn’t exist was interfering with the rebuild. I made a backup of Plesk’s vhost include file, and then emptied the original:

[root@server1 ~]# cp /usr/local/psa/admin/conf/vhosts_bootstrap.conf ~
[root@server1 ~]# echo > /usr/local/psa/admin/conf/vhosts_bootstrap.conf

I then rebuilt the Apache configuration with this command:

[root@server1 ~]# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

Posted in System Administration | Tagged admin, apache, linux, plesk, sysadmin | 3 Comments

Plesk: unable to look up public/pickup: No such file or directory

By Bryan | Published: May 25, 2011

After upgrading from Plesk 9.5.4 to Plesk 10.0.1, mail submitted via PHP web forms on all sites stopped going through. No error was displayed to the user after submitting the form, but in testing I found this error in the Qmail maillog:

[root@server ~]# tail -f /usr/local/psa/var/log/maillog
May 25 14:11:40 p2389772 postfix/postdrop[19684]: warning: unable to look up public/pickup: No such file or directory
May 25 14:13:02 p2389772 postfix/postdrop[19728]: warning: unable to look up public/pickup: No such file or directory
[root@server ~]#

This indicated that PHP might be trying to send in a Postfix-specific method, despite the fact that the server’s MTA is Qmail. Here’s a quick check of the server’s php.ini:

[root@server ~]# grep mail /etc/php.ini | grep -v '^;'
[mail function]
sendmail_path = /usr/sbin/sendmail -t -i
[root@server ~]#

/usr/sbin/sendmail was linked to /etc/alternatives/mta as it should be:

[root@server ~]# ls -la /usr/sbin/sendmail
lrwxrwxrwx 1 root root 21 Mar  7 10:41 /usr/sbin/sendmail -> /etc/alternatives/mta
[root@server ~]#

But /etc/alternatives/mta was linked to a postfix binary:

[root@server ~]# ls -la /etc/alternatives/mta
lrwxrwxrwx 1 root root 26 May 23 16:46 /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
[root@server ~]#

I removed the /etc/alternatives/mta symlink and recreated it pointing to the qmail executable:

[root@server ~]# rm /etc/alternatives/mta
rm: remove symbolic link `/etc/alternatives/mta'? y
[root@server ~]# ln -s /var/qmail/bin/sendmail /etc/alternatives/mta
[root@server ~]#

And mail submitted via PHP forms began flowing as expected.

Posted in System Administration | Tagged admin, linux, mail, plesk, qmail, sysadmin | 4 Comments

CPanel /tmp 100% Full

By Bryan | Published: May 6, 2011

Came across an issue today where a client was receiving emails about /tmp on his CPanel server being full. Websites were not responding either. I logged in, and df-h indeed showed 100% usage, but looking inside the directory there were no large files:

root@server1 [/tmp]# df -h /tmp
Filesystem            Size  Used Avail Use% Mounted on
/usr/tmpDSK           485M  460M     0 100% /tmp
root@server1 [/tmp]# ls -lah /tmp/
total 23K
drwxrwxrwt  3 root root 1.0K May  6 15:12 ./
drwxr-xr-x 28 root root 4.0K Apr 22 01:37 ../
-rwxr--r--  1 root root 6.0K Jan 26 09:28 aquota.user*
drwx------  2 root root  12K Jan 20 18:25 lost+found/
lrwxrwxrwx  1 root root   30 May  6 15:12 mysql.sock -> ../../var/lib/mysql/mysql.sock=
root@server1 [/tmp]#

There were no files in lost+found either. After restarting Mysql, disk space usage on /tmp returned to normal:

root@server1 [/tmp]# /etc/init.d/mysql restart
Shutting down MySQL........................................[  OK  ]
Starting MySQL.                                            [  OK  ]
root@server1 [/tmp]# df -h /tmp
Filesystem            Size  Used Avail Use% Mounted on
/usr/tmpDSK           485M   11M  449M   3% /tmp
root@server1 [/tmp]#

Basically what happened here is that at some point the files taking up all the space in /tmp were deleted from the system, but weren’t *actually* deleted because some process had a lock on them. The deleted files will continue to take up disk space until the process that’s using them exits. You can find open deleted files with lsof:

root@server1 [~]# lsof | grep tmp    
queueproc  5133      root    0r      REG                7,0    16817       6103 /tmp/sh-thd-1300762559 (deleted)
cpdavd     5170      root    0r      REG                7,0    16817       6103 /tmp/sh-thd-1300762559 (deleted)
mysqld    28569     mysql    4u      REG                7,0        0         12 /tmp/ib5AISFk (deleted)
mysqld    28569     mysql    5u      REG                7,0        0         13 /tmp/ibSyq2LH (deleted)
mysqld    28569     mysql    6u      REG                7,0        0         14 /tmp/ib3ZkcS4 (deleted)
mysqld    28569     mysql    7u      REG                7,0        0         15 /tmp/ibIOXl0r (deleted)
mysqld    28569     mysql   11u      REG                7,0        0         16 /tmp/ibKMMLdP (deleted)
root@server1 [~]#

Restarting the service that’s holding onto the deleted files frees up the disk space. I would also recommend creating a larger /tmp directory on CPanel machines as it’s quite small, but I’ll save that for another post.

Posted in System Administration | Tagged admin, cpanel, disk, linux, mysql, sysadmin, tmp | Leave a comment

SSH Port Forwarding – Public Server to Internal Host

By Bryan | Published: May 6, 2011

ssh user@domain.com -R *:3389:10.105.0.146:3389 -f -N

I used the above command to forward port 3389 on my server, through my workstation, to my Windows VM on the internal network to allow RDP access to it from the outside world. Note that GatewayPorts yes needs to be set in /etc/ssh/sshd_config on the server with the remote end of the tunnel, so that it can bind to a public interface. Without GatewayPorts, it will only bind to localhost on the remote host.

Here’s a little breakdown of the -R option:

-R remote_address:remote_port:local_address:local_port

Useful trick to allow access to a box that’s behind a firewall or NAT.

Posted in System Administration | Tagged admin, forward, linux, port, ssh, sysadmin | Leave a comment

Duke Nukem: Net Admin

By Bryan | Published: May 4, 2011

Posted in System Administration | Tagged admin, duke, ipv4, nukem, sysadmin | Leave a comment

Dogfish Head Squall IPA (2011)

By Bryan | Published: May 2, 2011

Dogfish Head’s Squall is an unfiltered, bottle conditioned, and dry hopped double IPA. DFH’s regular 90 minute IPA is somewhat of a benchmark beer in this realm, and is probably responsible for turning me into the hophead that I am today. Squall, like the regular 90 minute, is a very well balanced beer given its IBU level. The hop bitterness is layered and long lasting, but offset by the body of the beer even moreso than in the 90 minute. Overall this beer has a great flavor and composition, but I think I was expecting a bit more muscle and instead got almost too much refinement.

Posted in Beer | Tagged dogfish, head, hoppy, hops, IBU, ipa, squall | Leave a comment

Linux Systems, Motorcycles, Craft Brews