Showing posts with label Linux. Show all posts
Showing posts with label Linux. Show all posts

04 February 2016

iSCSI connection failure in RHEL / Linux

Condition

We're running a Dell PowerVault MD3600i iSCSI connection to a RHEL server. From time to time (rarely but more frequently than I like it) it seems to lose the mount and needs intervention.

Herewith the script that I've written to repair the lost mount connection - hope it's useful for someone. 

Script solution

Run a cronjob to check the mount exists and if not, perform a mount repair...
(note the *** portions of the below script are going to be different for your personal setup)

if grep -qs /data /proc/mounts; then
date >> /usr/local/sbin/logs/checkdatamount.log
echo "/data is mounted" >> /usr/local/sbin/logs/checkdatamount.log
echo "---" >> /usr/local/sbin/logs/checkdatamount.log
else
date >> /usr/local/sbin/logs/checkdatamount.log
echo "!!! /data is NOT mounted !!!" >> /usr/local/sbin/logs/checkdatamount.log
echo "^^^" >> /usr/local/sbin/logs/checkdatamount.log
echo "attempting repair" >> /usr/local/sbin/logs/checkdatamount.log
echo "..." >> /belfry/logs/checkdatamount.log
iscsiadm --m node -T iqn.1984-05.com.dell:powervault.md3600i.6f0******2d788ac --portal 10.***.***.1**:3260 -u
iscsiadm -m discovery -t st -p 10.***.***.1**
iscsiadm -m node --targetname "iqn.1984-05.com.dell:powervault.md3600i.6f0******2d788ac" --portal "10.***.***.1**:3260" --login
iscsiadm -m session
vgchange -an MD3600i***01
vgchange -ay MD3600i***01
mount /dev/mapper/MD3600i***01-MD3600i***Vol01 /data
echo "... repaired (possibly)" >> /belfry/logs/checkdatamount.log
fi

Posted by at 2 comments:
Labels: ,

28 November 2013

Forbidden 403 when running RHEL Web Services (HTTPd) caused by "setenforce 1"

Been wasting most of my morning trying to figure out why a basic Apache Web Server won't run properly on my RHEL box.

/var/www/html/ default index.html works fine but when I try to access a UserDir (e.g. www.example.com/~user) it throws a 403 Forbidden error.

All permissions are set correctly and httpd.conf is configured right.

chmod 701 /home/*
chmod 705 /home/*/public_html
chmod 604 /home/*/public_html/*.html

Checking the error_log file in /var/log/httpd shows that the client requests are being pushed to /var/www/html/ and won't check the /home/*/public_html location.

After doing some digging, I discovered that this error can be caused either by the server permissions being set incorrectly for each directory (most common), or by "Enforcing" mode blocking standard suexec calls.

Running "setenforce 0" I was then able to browse to the ~user home page.

The following information was derived from http://www.brennan.id.au/13-Apache_Web_Server.html:

Forbidden Errors (SELinux)
You may experience a "forbidden error" when attempting to access a users public web site (http://localhost/~alice), this is generally because the permissions are either set incorrectly, or SELinux is set to "Enforcing" mode which blocks the standard suexec call needed by the Apache server. Common error is the "/home/username" permissions.

To temporarily disable SELinux so you can test the access permissions, type "setenforce 0" at the command prompt. Typing "setenforce 1" sets SELinux back to Enforcing mode.

Use the following commands to permanently adjust the SELinux file security context so Apache can access user's public web sites.

### SELinux ONLY - Enable User Website
[bash]# setsebool -P httpd_enable_homedirs true
[bash]# chcon -v -R -h -u user_u -t httpd_user_content_t /home/*/public_html
### SELinux ONLY - Disable User Website
[bash]# setsebool -P httpd_enable_homedirs false
[bash]# chcon -v -R -h -u user_u -t user_home_t /home/*/public_html
Posted by at 1 comment:
Labels:

12 June 2013

Fedora problems with dual screen in KDE: screens don't stay set on reboot

Tremendous frustration with Fedora and dual screen in KDE. When I use the System Settings option to configure my displays it works fine until reboot, at which point the dual screen reverts to a clone mode. I've tried the UI options pretty exhaustively and it still won't set past a reboot.

As most Linux users do, I eventually resorted to the Terminal to get this fixed. Here are the steps I followed:


  1. Configure your settings as you would like them to be permanently using the System Settings UI
  2. Go to Terminal
  3. Get your current display settings: "xrandr"
    1. Make note of the graphics interfaces listed as "connected" and their positioning, resolution, refresh rates

      Hint: you can extract similar information from ~/.kde/share/config/krandrrc
  4. Go to /etc/X11
  5. Create a new shell script (e.g. "sudo nano fixKDEdisplay.sh")
    1. Enter the details as you would like them to be set, based on your current configuration in (3)
    2. In our example:
      ### For DisplayPort card (ATI Radeon H6450)
      xrandr --output DVI-0 --pos 0x0 --mode 1920x1200 --refresh 60.0
      xrandr --output DisplayPort-0 --pos 1920x0 --mode 1920x1200 --refresh 60.0
      xrandr --output DVI-0 --primary

      ---
      Hint: if you used the krandrrc file above, replace the \n with new lines instead
    3. Save and quit
  6. Make the script executable (e.g. "sudo chmod 755 fixKDEdisplay.sh")
  7. Now make sure this script runs on every startup by going to System Settings --> Startup and Shutdown
    1. Autostart
      1. Add Script
      2. Run On Pre-KDE startup
  8. "reboot" to make sure
  9. Problem solved!

Posted by at 1 comment:
Labels:

16 May 2013

Fedora: Missing Security Signature when installing any programs behind authenticated proxy

I've decided to make the plunge into Linux as my primary desktop at work; this is the only way I'm going to learn anything about Linux I suspect. Fatherhood has put paid to any efforts at home so this is my time, this is the hour, this is my future (blah blah blah).

I connect via an authenticated proxy (Bluecoat) so this may not apply to everyone but it's a guide for those that need it.

One of the very first things I hit when trying to install any applications on Fedora was an error about certificates.

Specifically:

When trying to install google-chrome-stable_current_x86_64.rpm (no comments necessary about Chromium please)...

Missing security signature
The package security signature is missing and this package is untrusted. 
This package was not signed when created.

 Public key for google-chrome-stable_current_x86_64.rpm is not installed

From my limited understanding of how things work, this is because YUM is not configured to talk via the proxy and YUM doesn't talk to the System Settings. YUM must be configured independently in order for these installations and updates to take place:
  1. Open Terminal
  2. sudo nano /etc/yum.conf
  3. Insert three lines at the bottom of [main] section as so:
    1. proxy=proxy details:port
    2. proxy_username=proxy user name
    3. proxy_password=proxy password
  4. To make sure it worked, run sudo yum list
  5. If it has worked you'll see files updating.
Export the settings as so:
  1.  export http_proxy="http://proxy details:port/"
To make them persistent on reboots, add export command to the login:
  1. nano /root/.bash_profile
  2. export http_proxy="http://proxy details:port/"
To verify the settings have been entered into the environmental variables you can run one of the following:
  1. env
  2. env | grep proxy
    1. If you do not see http_proxy=(your proxy details:port) then something is wrong with the export command.
Once this is all done, if you try to install the program you should see it go through just fine.


Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)