Category Archives: Howto

How to find the process using high memory in Linux

Learn how to find the process using high memory on the Linux server. This helps in tracking down issues and troubleshooting utilization problems.

Many times you came to know system memory is highly utilized using a utility like sar. You want to find processes hogging on memory. To find that, we will be using the sort function of process status ps command in this article. We will be sorting ps output with RSS values. RSS is Resident Set Size. These values show how much memory from physical RAM allocated to a particular process. It does not include swapped out memory numbers. Since we troubleshooting processes using high physical memory RSS fits our criteria.

Lets see below example :

# ps aux --sort -rss |head -10
USER           PID %CPU %MEM    VSZ   RSS     TTY STAT START   TIME COMMAND
oracle_admin  14400  0.0 11.8 36937384 31420276 ?   Ss    2016  86:41 ora_mman_DB1
oracle_admin  14405  0.2 11.3 36993676 30023868 ?   Ss    2016 1676:11 ora_DB3
oracle_admin  14416  0.2 11.3 36993676 30023656 ?   Ss    2016 1722:47 ora_DB3
oracle_admin  14410  0.2 11.3 36993676 30020400 ?   Ss    2016 1702:09 ora_DB3
oracle_admin  14421  0.2 11.3 36993676 30018272 ?   Ss    2016 1754:25 ora_DB3
oracle_admin  14440  0.0 10.5 36946868 27887152 ?   Ss    2016 130:30 ora_mon_DB3
oracle_admin 15855  0.0  6.9 19232424 18298484 ?   Ss    2016  41:01 ora_mman_DB4
oracle_admin 15857  0.1  6.7 19288720 17966276 ?   Ss    2016 161:45 ora_DB4
oracle_admin 15864  0.1  6.7 19288720 17964584 ?   Ss    2016 173:36 ora_DB4

In the above output, we sorted processes with RSS and shown only the top 10 ones. RSS value in output is in Kb. Let’s verify this output for the topmost process with PID 14400.

# free
             total       used       free     shared    buffers     cached
Mem:     264611456   96146728  168464728          0    1042972   75377436
-/+ buffers/cache:   19726320  244885136
Swap:     67108860     539600   66569260

On our system, we have 264611456Kb physical RAM (highlighted entry in the above output). Out of which 11.8% is used by process 14400 (from ps output above) which comes to 31224151Kb. This value matches the RSS value of 31420276Kb (in ps output above)!

So the above method works well when you try to find processes using the highest physical memory on the system!

You can even use other methods to get high memory using processes like top, htop, etc. but this article aimed at using ps.

How to download the package using YUM or APT

Leave a reply

Learn how to download packages from YUM or APT repository. The standalone package can be used to install on another server that has no YUM or APT configured.

Process to download package using YUM or APT

Many production environments don’t prefer to configure YUM or APT repositories on all servers. This is to avoid accidental installation of packages or up-gradating packages, which may cause issues on operations. Most of them use a centralized patch server to push updates to all servers.

If you want to install a single package on a server in such a setup, you need to have a standalone package file .rpm or .deb with you—directly downloading packages from the internet is not allowed in production areas. So you have to get packages from the server with registered YUM or APT repository configured.

The good news is you can download the package using YUM or APT! Later this package can be transferred to the intended server and can be installed. See below steps to download packages :

Download package on YUM configured server

Using downloadonly switch with yum command is a way to download packages on yum supported servers (Red Hat, CentOS). You need to fire yum install command and instruct it to download only without installing a package.

# yum install telnet --downloadonly
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package telnet.x86_64 1:0.17-60.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                      Arch                         Version                              Repository                                              Size
=============================================================================================================================================================
Installing:
 telnet                       x86_64                       1:0.17-60.el7                        rhui-REGION-rhel-server-releases                        63 k

Transaction Summary
=============================================================================================================================================================
Install  1 Package

Total download size: 63 k
Installed size: 113 k
Background downloading packages, then exiting:
telnet-0.17-60.el7.x86_64.rpm                                                                                                         |  63 kB  00:00:00
exiting because "Download Only" specified

In the above output, the install process exists since we specified download the only option (see the highlighted line).

This downloaded package (.rpm) will be saved under /var/cache/yum/<architecture>/<OS>/<repository>/packages directory. A repository name can be seen in the above install command output under package details. We downloaded packages on the RHEL7 server running on x86_64 architecture. See where our package (.rpm) got downloaded :

# pwd
/var/cache/yum/x86_64/7Server/rhui-REGION-rhel-server-releases/packages
# ll
total 68
-rw-r--r--. 1 root root 64872 Nov  6 11:09 telnet-0.17-60.el7.x86_64.rpm

Alternatively, you can install yum-utils and then use the yumdownloader program to download the RPM from a repo in your PWD.

# yum install yum-utils -y
# yumdownloader telnet
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
telnet-0.17-65.amzn2.x86_64.rpm                                                                                                                  |  64 kB  00:00:00
# ll
total 68
-rw-r--r-- 1 root root 65496 May  5  2020 telnet-0.17-65.amzn2.x86_64.rpm

Download package on APT configured server

On APT supported servers like Debian, ubuntu you need to use -d option in apt-get install command.

# apt-get install -d telnet
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  telnet
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/63.5 kB of archives.
After this operation, 182 kB of additional disk space will be used.
Download complete and in download only mode

This will download package in /var/cache/apt/archives.

# pwd
/var/cache/apt/archives

# ll
total 72
drwxr-xr-x 2 root root  4096 Mar  6 11:55 ./
drwx------ 4 root root  4096 Mar  6 12:02 ../
-rw-r--r-- 1 root root 63460 May  6  2015 telnet_0.17-40_amd64.deb
----output clipped ----

Check telnet package file .deb is downloaded in the current directory. If you want to download them in the current working directory, use download option instead of install. So no hassle of tracking down the package in a variable path like yum!

# pwd
/tmp/mypackages
# apt-get download  ssh
Get:1 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 ssh all 1:7.2p2-4ubuntu2.1 [7,070 B]
Fetched 7,070 B in 0s (9,252 B/s)
# ll
total 16
drwxr-xr-x  2 root root 4096 May 17 10:17 ./
drwxr-xr-x 11 root root 4096 May 17 10:13 ../
-rw-r--r--  1 root root 7070 Aug 15  2016 ssh_1%3a7.2p2-4ubuntu2.1_all.deb

You can see the ssh package got downloaded within the same working directory. Now this package can be transferred to other servers (where repositories are not configured) for installation!

How to upgrade package using YUM in RHEL

Leave a reply

Learn step by step to upgrade the package using YUM on the RHEL system. Insights into how the package upgrade process takes place in the background.

YUM is a Red Hat package manager who is capable of searching available packages, install, un-install packages and update them to the latest version. In this article, we are seeing how to update the package using YUM.

You should be having superuser privilege to perform YUM updates or you can use sudo, su for performing it with superuser privilege.

You can update the single package, multiple packages, or all available packages at once. Let’s see stepwise commands for the upgrade package using YUM.

1. Check for updates :

First of all, you can check for available updates using below command :

# yum check-update
Loaded plugins: amazon-id, rhui-lb, security

ConsoleKit.x86_64                                                       0.4.1-6.el6                                          rhui-REGION-rhel-server-releases
ConsoleKit-libs.x86_64                                                  0.4.1-6.el6                                          rhui-REGION-rhel-server-releases
Red_Hat_Enterprise_Linux-Release_Notes-6-en-US.noarch                   8-2.el6                                              rhui-REGION-rhel-server-releases
abrt.x86_64                                                             2.0.8-40.el6                                         rhui-REGION-rhel-server-releases
abrt-addon-ccpp.x86_64                                                  2.0.8-40.el6                                         rhui-REGION-rhel-server-releases
abrt-addon-kerneloops.x86_64                                            2.0.8-40.el6                                         rhui-REGION-rhel-server-releases
------ output clipped -----

You will be presented with the list of packages with the available update. You can update one, multiple, or all packages at once. Dependencies during the update will be resolved and installed by YUM itself. You need not worry about them.

During any package update it goes through below steps :

It checks if package update available or not
It checks and resolves any dependencies
It will present the user with updated information and seeks user confirmation to proceed
Post confirmation it downloads the package from YUM server
It installs/updates dependencies and package
It cleans up stuff it created during the update
It verifies package post-update
Prints completion details screens and exits.

2. Update single package :

For single package update, you need to use the command yum update <package_name>

# yum update bash.x86_64
Loaded plugins: amazon-id, rhui-lb, security
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.1.2-33.el6_7.1 will be updated
---> Package bash.x86_64 0:4.1.2-41.el6_8 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                    Arch                         Version                                Repository                                              Size
=============================================================================================================================================================
Updating:
 bash                       x86_64                       4.1.2-41.el6_8                         rhui-REGION-rhel-server-releases                       909 k

Transaction Summary
=============================================================================================================================================================
Upgrade       1 Package(s)

Total download size: 909 k
Is this ok [y/N]: y
Downloading Packages:
bash-4.1.2-41.el6_8.x86_64.rpm                                                                                                        | 909 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : bash-4.1.2-41.el6_8.x86_64                                                                                                                1/2
  Cleanup    : bash-4.1.2-33.el6_7.1.x86_64                                                                                                              2/2
  Verifying  : bash-4.1.2-41.el6_8.x86_64                                                                                                                1/2
  Verifying  : bash-4.1.2-33.el6_7.1.x86_64                                                                                                              2/2

Updated:
  bash.x86_64 0:4.1.2-41.el6_8

Complete!

In the above example, we updated the bash package. You can see command also tried to check and resolve any dependencies for this update process.

3. Update multiple packages :

Multiple packages can be updated using the same command but supplying more than one package name at the end.

# yum update grep.x86_64 sudo.x86_64
Loaded plugins: amazon-id, rhui-lb, security
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package grep.x86_64 0:2.20-3.el6_7.1 will be updated
---> Package grep.x86_64 0:2.20-5.el6_8 will be an update
---> Package sudo.x86_64 0:1.8.6p3-20.el6_7 will be updated
---> Package sudo.x86_64 0:1.8.6p3-25.el6_8 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                    Arch                         Version                                Repository                                              Size
=============================================================================================================================================================
Updating:
 grep                       x86_64                       2.20-5.el6_8                           rhui-REGION-rhel-server-releases                       345 k
 sudo                       x86_64                       1.8.6p3-25.el6_8                       rhui-REGION-rhel-server-releases                       710 k

Transaction Summary
=============================================================================================================================================================
Upgrade       2 Package(s)

Total download size: 1.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): grep-2.20-5.el6_8.x86_64.rpm                                                                                                   | 345 kB     00:00
(2/2): sudo-1.8.6p3-25.el6_8.x86_64.rpm                                                                                               | 710 kB     00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                        2.3 MB/s | 1.0 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : grep-2.20-5.el6_8.x86_64                                                                                                                  1/4
  Updating   : sudo-1.8.6p3-25.el6_8.x86_64                                                                                                              2/4
warning: /etc/sudoers created as /etc/sudoers.rpmnew
  Cleanup    : grep-2.20-3.el6_7.1.x86_64                                                                                                                3/4
  Cleanup    : sudo-1.8.6p3-20.el6_7.x86_64                                                                                                              4/4
  Verifying  : sudo-1.8.6p3-25.el6_8.x86_64                                                                                                              1/4
  Verifying  : grep-2.20-5.el6_8.x86_64                                                                                                                  2/4
  Verifying  : grep-2.20-3.el6_7.1.x86_64                                                                                                                3/4
  Verifying  : sudo-1.8.6p3-20.el6_7.x86_64                                                                                                              4/4

Updated:
  grep.x86_64 0:2.20-5.el6_8                                                  sudo.x86_64 0:1.8.6p3-25.el6_8

Complete!

In the above example, we updated grep and sudo package using single command.

4. Updating all packages at once :

Sometimes you want to avoid the hassle of updating multiple packages and want to install all available updates in a single shot. Then you can go for yum update command. Make a note that all related dependencies also gets installed/updated with this.

This is not recommended in a production environment unless you review the complete list of available updates thoroughly.

# yum update
----- output clipped -----
Transaction Summary
=============================================================================================================================================================
Install       3 Package(s)
Upgrade     243 Package(s)

Total download size: 237 M
Is this ok [y/N]: y
Downloading Packages:
(1/246): ConsoleKit-0.4.1-6.el6.x86_64.rpm                                                                                            |  83 kB     00:00
----- output clipped -----

Installed:
  kernel.x86_64 0:2.6.32-642.15.1.el6                                      python-libipa_hbac.x86_64 0:1.13.3-22.el6_8.6

Dependency Installed:
  libnl3.x86_64 0:3.2.21-8.el6

Updated:
  ConsoleKit.x86_64 0:0.4.1-6.el6                                                  ConsoleKit-libs.x86_64 0:0.4.1-6.el6
  Red_Hat_Enterprise_Linux-Release_Notes-6-en-US.noarch 0:8-2.el6                  abrt.x86_64 0:2.0.8-40.el6
  abrt-addon-ccpp.x86_64 0:2.0.8-40.el6                                            abrt-addon-kerneloops.x86_64 0:2.0.8-40.el6
----- output clipped -----

You can see I had 243 updates available, 3 new packages were available and 1 dependency has to be installed for the update process.

We have seen above all manual steps to upgrade packages using YUM. In a case where you are comfortable with updating all packages on the system without checking the available list then you can use YUM crons as well which will automate the complete process for you.

YUM-cron is service available on RHEL which runs in background and updates packages on the system automatically. See the complete YUM-cron configuration here.

All outputs in this post are from RHEL 6.8 server.

How to open the file in the read-only mode under vi or vim

Leave a reply

Learn how to open the file in the read-only mode under vi or vim editor. Opening it as read-only prevents any accidental edits in the file and maintain file integrity.

“vi editor” is sysadmin’s and programmer’s daily text editor in Linux Unix systems. Opening a file to view its content can be achieved by many commands like cat, more, less etc. But many prefer to open a file in vi editors to view. Especially when the file is long and one needs to search particular terms in it. Vi editor makes it easy to search content, line numbering while viewing files.

One of the disadvantages is you are prone to accidentally alter file content and end up saving it in the file. This is a threat to file integrity and hence needs to be avoided. The option is to view files in vi editors carefully or open them in read-only mode!

Lets see different ways to view file in read only mode under vi :

1. Use of view command

One of the widely used ways to view files in vi editors. Simple open file with view command. It will open in vi editors and any attempt to save/alter data will result in failure, securing your file from accidental edits.

# view test.txt

This is test file
Test text
File ends here.
~
~
~
~
~
"test.txt" [readonly] 3L, 44C

You can see above it shows readonly at the bottom and open file in vi editors. If you get into INSERT mode to edit any content of the file you will see below warning.

W10: Warning: Changing a readonly file

If you try to save edited content then you will see below warning

E45: 'readonly' option is set (add ! to override)

So this is 2 level warnings before you could actually save the file using override option w!. There is no way you could *accidentally* ignores two warnings and make accidental edits in the file!

2. vi or vim command with -R option

Another way is to open the file in vi editors with -R option. It functions the same way as above and also shows the same double-layered warning messages when you enter INSERT mode and try to save the file. This option still lets you save the edits made in the buffer by using override w!.

You can open file using vi -R filename

3. vi modifications not allowed mode

Modification not allowed mode can be called using -M option. From the man page, The ’modifiable’ and ’write’ options will be unset, so that changes are not allowed and files can not be written.

Unlike the above two options, this mode won’t let you edit files at all. It will show below error at the bottom when you enter INSERT mode.

E21: Cannot make changes, 'modifiable' is off

So you won’t be able to type in anything even you try INSERT mode. If you try to save the file with :w then it will show you below error :

E142: File not written: Writing is disabled by 'write' option

This makes it the most secure way to open files in the read-only mode under vi to avoid accidental content alteration!

Let us know which way you use most in your daily operations in comments. Happy viewing! 🙂

Everything you need to know about the zombie process

3 Replies

Understand what is zombie process in Linux Unix, how the process goes to a zombie state, how to handle the zombie process, what is the impact of zombie processes.

In very lame terms, the Zombie process is a process that is present in the process table even if it’s already dead! The zombie process is also known as a defunct process. To understand how the zombie process gets created let see how to process exiting takes place from memory.

How the zombie gets created

Whenever the process completes its execution, it exits and notifies its parent process that his child has died. At this time, the parent process supposes to execute the WAIT system call which reads dead child process status and other details. Once the wait system call completes, a dead child will be removed from memory. At this point, if the parent process is not coded properly or unable to read this status from a child for some reason then it won’t fork wait system call. This in turn keeps the dead child process in memory & process table.

This whole operation completes very fast. Zombie takes a very tiny amount of memory to live in so a couple of zombies on the server are harmless. Many zombie processes have parent PID as 1 which is the init process. When a child is dead but not cleared from memory and parent process exists then those child zombies will be taken over by init. Init usually runs its child zombie clearance periodically. So its possible those zombies get cleared out in it.

How to check the zombie process

You can list zombie processes on your server with below command :

# ps aux |grep Z
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root     16479  0.0  0.0 103304   812 pts/0    S+   10:44   0:00 grep Z
oracle9  14523  0.0  0.0  52367   702 pts/1    Z    09:15   1:00 asldjkeh

In the above output watch out for STAT column. Z indicates the zombie process. Even top command shows a total number of zombie processes on the system. Check highlighted field in yellow :

You can get parent PID of the zombie process using ps or pstree command.

How to kill the zombie process

You simply can’t! Because of its Zombie! It’s already dead! The maximum you can do is to inform its parent process that its child is dead and now you can initiate a wait system call. This can be achieved by sending SIGCHLD a signal to parent PID using below command :

# kill -s SIGCHLD <ppid>

Here, ppid is the parent process id.

Impact of the zombie process on the system

As we already discussed, a couple of zombie processes are harmless. But if they are growing rapidly then there are two areas which may be bottlenecked and your system prone to panic :

Each zombie holds its PID hence rapidly growing zombies can exhaust all available PIDs on the system and then no new process can be forked by the kernel.
Even zombie holds a very tiny amount of memory, huge numbers can make a difference. A large number of zombies can hog a considerable amount of memory contributing to high memory utilization of the machine.

If your system is flooded with zombies that are not being cleared even by init, system reboot can be tried for a quick refresh. Obviously this would be the last resort you should be looking at.

How to disable direct root login on Linux & HPUX

Leave a reply

Learn how to disable direct root login to Linux and HPUX servers by altering parameters in SSH configuration files. Its one of the hardening step.

Many of the production / live environments has their server hardened. Once of the server hardening step is to disable direct root login to servers i.e. user can not login to server using root account. User need to login with normal account and then switch to root privilege account. This enables easy tracking when and who used superuser privilege. This adds extra layer of security to system prohibiting hackers trying to login with superuser privilege.

By editing SSH configuration file sshd_config we can disable direct root login. SSH configuration file in Linux located at /etc/ssh/sshd_config whereas in HPUX its at /opt/ssh/etc/sshd_config.

In above mentioned config files you need to check PermitRootLogin parameter :

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

This parameter defines if direct root access is permitted or not. By default its value is set to yes. This means direct root login is allowed on server. You need to hash out this entry by adding symbol # at the beginning as shown in above example. Once its hashed then SSH daemon ignores this value. Means it wont allow root login on server. This includes all accounts with root privileges i.e. with UID 0. You can even change value to no without hashing entry out and it will still works.

PermitRootLogin no

After hashing out entry you need to bounce SSH daemon sshd to read this new configuration by daemon.

# service sshd restart

OR

# systemctl restart sshd

But restarting sshd will terminate all user’s sessions currently active on server. To avoid this we need to kill it with HUP . HUP option restart sshd without disturbing existing sessions.

# ps -ef |grep -i sshd
    root 25993     1  0  Apr 29  ?        15:28 /opt/ssh/sbin/sshd

# kill -HUP 25993

#  ps -ef |grep -i sshd
    root 29760     1  0 10:43:58 ?         0:00 /opt/ssh/sbin/sshd

You can see new sshd has been spawned when we kill it by HUP signal. And your current logged in users wont observe any disconnections. Now, open new session and try to login with superuser account. It will fail!

How to install EC2 Linux server in AWS with screenshots

Leave a reply

Learn how to install the EC2 Linux server of your favorite distro on the Amazon Web Services cloud platform. Free Linux server for learning and practicing.

Amazon Web Services AWS is one of the cloud platforms which offers various computing facilities online. For a free tier account, there are enough services offered for a normal user who aims for testing or learning new technologies without spending much. You can sign up for a free account (12 months free) here which will require your valid mobile number and credit card information for validation.

In this post, we will be using AWS to install the Linux server which we can use for practice/ hand-on experience at home. One of the other alternatives is to install Vmware on your desktop/laptop and then install Linux in its virtual machine. But this way requires a good hardware configuration of your laptop/desktop. Hosting your Linux on cloud is much easy and it’s not costing you anything for low usage!

AWS offers below a list of distros to install on its EC2 (server computing module) platform.

Redhat
Cent OS
Debian
Fedora
Gentoo
OpenSuse
Suse Linux
Ubuntu
Amazon Linux

You can have a hand on to all these distros within minutes after signing up for your account! Of course, you will be having root administrator access on these systems! Let’s walk through steps to get your Linux server ready in minutes on AWS.

Step 1.

Step 2.

You will be presented with the ‘Quick Launch EC2 Instance’ screen. Here you will be able to launch a wizard to get your task done fast or you can go through Advanced selections to decide your final virtual server config. We will be going with a normal wizard. Click the “Get Started” button here.

Step 3.

Now we will walk through wizard for creating our Linux virtual server.

Name your EC2 instance :

Your EC2 linux virtual server name of your choice.

Select your operating system. We are selecting RedHat here.

Select an instance type.

This is the type of hardware config you will be needing. For free account, you will be able to select those instances only which is tagged with “Free tier eligible”. Here we are selecting default t2.micro instance which has Single core CPU, 1 GB RAM, and 8GB of HDD.

Create a key pair.

This is an important screen. Here you will be given one Private key to download. You will require this key to authenticate yourself while logging into this EC2 Linux server when ready. Give the name of your choice and download the key file and keep it safe.

Create this instance.

Finally hit create button and your server will be ready in 2 minutes. You will see installing screen.

Once complete, click EC2 console link and you will be presented with list of servers under your account.

Step 4.

You can see below the EC2 screen with your server details like instance state, zone, DNS, etc.

Now to connect to this server from your laptop/desktop, you need to use key pair as authentication. Download putty.exe and puttygen.exe from here.

Open puttygen.exe and load your private key which you have downloaded from AWS console in step 2.

Once, successfully loaded you need to click the “Save public key” button and save the key on your desktop/laptop.

Now open putty.exe. Set your saved key file from puttygen (in the above task) as an SSH authentication. In left-hand side pane, expand SSH then select Auth and on the right-hand side, you will be able to browse your file.

Now your putty.exe is ready to connect with your AWS Linux server. Now head back to EC2 console and copy your server’s public DNS.

Use this it, in putty to connect. And you will be able to connect to the server. Once prompted for username use username from the below table as per your distro (official AMI). You won’t be prompted for a password. Your authentication will be done via key pair you configured in putty settings.

Default ssh usernames for famous Linux in EC2

Linux Distro	Username
Ubuntu	ubuntu
Debian	admin
Fedora	fedora
CentOS	centos
RHEL 6.4 & Later	ec2-user
RHEL 6.3 & previous	root
SUSE	root

login as: ec2-user
Authenticating with public key "imported-openssh-key"
[ec2-user@ip-172-31-23-115 ~] $ sudo su -
[root@ip-172-31-23-115 ~] # id 
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Once logged in, use sudo su - command and you will be in root account! That’s it, you have an EC2 Linux server with root account in few minutes!

You can install any distro listed above in these instances. Make sure you are not expiring your free usage according to AWS free tier policy otherwise you will be billed on your card. Practice, learn, improve! Have a happy shell!!

How to check and test APA in HPUX

Leave a reply

A how-to guide for checking and testing APA configurations in HPUX. Auto Port Aggregation is used for NIC redundancy which is similar to NIC teaming in Linux.

APA stands for Auto Port aggregation. It is software i.e. operating system level configuration which offers NIC (Network Interface Card also referred to as LAN card) redundancy. Under APA in HPUX, two NICs are configured together as a single virtual card at OS level. For OS, it’s a single NIC it’s talking to. But physically there are 2 NIC handling requests on this virtual card. On the occasion of hardware failure of anyone physical card, another physical card service OS (through virtual card) without hampering operations.

Complete guide : How to configure APA in HPUX

Normally, physical NICs are numbered as lan0, lan1, lan2, and so on. APA in HPUX terms new virtual cards as lan900, lan901, and so on. The current list of lan cards on the system can be obtained using the below command :

# ioscan -fnClan
Class     I  H/W Path    Driver S/W State   H/W Type     Description
=====================================================================
lan       0  2/0/0/1/0   igelan   CLAIMED     INTERFACE    HP PCI-X 1000Base-T Built-in
lan       1  2/0/4/1/0   iether   CLAIMED     INTERFACE    HP A7012-60601 PCI/PCI-X 1000Base-T Dual-port Adapter
lan       2  2/0/4/1/1   iether   CLAIMED     INTERFACE    HP A7012-60601 PCI/PCI-X 1000Base-T Dual-port Adapter
lan       3  2/0/6/1/0   iether   CLAIMED     INTERFACE    HP A7012-60601 PCI/PCI-X 1000Base-T Dual-port Adapter

In the above output, you can see, the second column which shows lan number. So we have 4 lan cards numbering lan0 to lan3 here. But in this output, you won’t be able to see APA interfaces i.e. virtual NIC.

For checking APA interfaces you need to use lanscan command.

# lanscan -q
2
3
900
901   0  1
902
903
904

Here you can see lan0 and lan 1 combined together forms lan901 interface which is APA card. Since those are used in APA, you don’t see them as separate entries like lan2 and lan3. This way you can trace physical NIC and their respective virtual or APA interfaces.

Testing APA:

To test APA means to check if your network connectivity via APA interface is uninterrupted in case of one of the physical NIC failure.

You can test this by removing one of the NIC physically from the system board. But this is not recommended since abruptly removing cards from the board also invites un-foreseen hardware issues. So, to test APA we have to emulate NIC failure or shuts NIC down without touching hardware.

This can be achieved by resetting NIC using lanadmin command. Resetting NIC makes card unavailable/un-operational for few seconds. This time is enough for us to test APA in HPUX.

Complete test can be carried out in below order:

Identify IP defined on lan901 (our APA interface)
Keep continuous ping on for this IP
Reset lan0
Observe ping
Once lan0 comes back up reset lan1
Observe ping
Make sure both lan0 and lan1 are back online.

To reset lan you can use below command :

# lanadmin -r 0

To check if lan being reset is online or offline in APA

# lanscan -q
2
3
900
901   1   <<<< missing 0 means lan0 is offline

Repeat above command till lan901 shows 0 and 1 both interfaces.

During this test, you may observe one or two ping loss. This is due to APA shifting loads to the only available interface. This ping loss won’t hamper the operating environment because its far less than timeout values defined in software/tools used on OS. Hence redundancy is maintained in case of NIC failure.

Above test will fail i.e. you will completely lose ping to IP in the below scenarios :

Your APA configuration is erroneous
One or both lan interfaces are not configured properly at the network level (VLAN configurations)

How to establish passwordless ssh between two servers

Leave a reply

Step by step guide for establishing passwordless ssh between two Unix or Linux servers. Authenticate securely using public and private keys.

If you are working in an infra where there are hundreds of Linux or Unix servers running, then you must be having big-time while managing them. To deal with such a large number of servers, passwordless ssh becomes a must-do practice. Once you can achieve remote execution of scripts, commands, sync files via SCP, etc tasks with passwordless ssh very easily.

Passwordless ssh is not compromising on security. You will be using a pair of user-generated keys for authentication so your security is not compromised. It’s totally secured, the only thing is you are being authenticated already saved keys rather than a human entered password. This removes the dependency of entering a password and hence automatize the whole process non-interactively.

Also read : Run commands on multiple linux servers from Windows machine in one go

Update :

This is a very short and handy process to set up passwordless SSH between two servers.

kerneltalks1 : the server we are going to configure passwordless SSH from

kerneltalks2 : the server to which we need password less SSH

shrikant : the user ID for which password-less SSH needed from kerneltalks1 to kerneltalks2

On kernetalks1 (First server)

Generate SSH key using ssh-keygen command. Make sure you are logged in with user shrikant (your user for which password less ssh is needed)

[shrikant@kerneltalks1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/shrikant/.ssh/id_rsa):
Created directory 'https://z5.kerneltalks.com/home/shrikant/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/shrikant/.ssh/id_rsa.
Your public key has been saved in /home/shrikant/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:VO+kDv6iXtglzlIeC9OslZK14jKSVoPJKMNevMS/pp8 shrikant@kerneltalks1
The key's randomart image is:
+---[RSA 2048]----+
|          .      |
|         . .     |
|        o   o    |
|.ooo   * o +     |
|+.+=o * S o .    |
|o.oooo / B       |
| .+.o.= O .      |
| . . +oo..       |
|   .+Eo. ..      |
+----[SHA256]-----+

Now, you need to copy this generated key to target server i.e. kerneltalks2. Copy key using ssh-copy-id command.

[shrikant@kerneltalks1 ~]$ ssh-copy-id kerneltalks2
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/shrikant/.ssh/i                                                                                        d_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out                                                                                         any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted n                                                                                        ow it is to install the new keys
shrikant@kerneltalks2's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'kerneltalks2'"
and check to make sure that only the key(s) you wanted were added.

And that’s it. You have configured password-less SSH by just 2 commands from one server. You can test it out by doing simply ssh and it should not ask you for any password!

[shrikant@kerneltalks1 ~]$ ssh kerneltalks2
[shrikant@kerneltalks2 ~]$ hostname
kerneltalks2
[shrikant@kerneltalks2 ~]$ id
uid=1001(shrikant) gid=1002(shrikant) groups=1002(shrikant) context=unconfined_u                                                                                        :unconfined_r:unconfined_t:s0-s0:c0.c1023
[shrikant@kerneltalks2 ~]$ exit
logout
Connection to kerneltalks2 closed.

All the above processes can be chopped into smaller chunks and manual commands to understand what actually happens in the background. Follow the below manual setup to configure passwordless ssh access.

Lets see how to setup password less ssh between two servers:

Step 1:

Create your SSH key pair on the source machine. This is a machine from which you will be doing password less SSH to the destination machine.

Use below command :

$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user4/.ssh/id_rsa):
Created directory 'https://z5.kerneltalks.com/home/user4/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user4/.ssh/id_rsa.
Your public key has been saved in /home/user4/.ssh/id_rsa.pub.
The key fingerprint is:
ad:1e:14:a5:cd:77:25:29:9f:75:ee:4f:a4:8f:f5:65 user4@server1
The key's randomart image is:
+--[ RSA 2048]----+
|          .   ...|
|         =  . .oo|
|        o o .o.+.|
|         o . .o o|
|        S .    + |
|       . .    . E|
|        o      *+|
|       . .    . +|
|        .        |
+-----------------+

Note that your key pair is id_rsa and id_rsa.pub files in shown directories. Your id_rsa is a private key that will reside on the source machine. id_rsa.pub is a public key that resides on the destination machine. When the SSH attempt is made from source to destination, protocol checks these both keys from source and destination. If they match then the connection will be established without asking a password.

Step 2:

Now, we need to copy id_rsa.pub key on the destination machine. It should be copied to the home directory of the intended user in the destination server. It should reside under ~/.ssh/ (i.e. home directory/.ssh/) and with name authorized_keys. You can copy the file using a shell or any other file transfer program.

If you are trying from source machine using ssh then use below commands:

$ ssh user4@10.10.4.12 "mkdir ~/.ssh"
The authenticity of host '10.10.4.12 (10.10.4.12)' can't be established.
RSA key fingerprint is 08:6c:51:09:9f:4c:69:34:84:ef:08:af:68:df:5e:24.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.4.12' (RSA) to the list of known hosts.
user4@10.10.4.12's password:
$ cat .ssh/id_rsa.pub | ssh user4@10.10.4.12 'cat >> .ssh/authorized_keys'
user4@10.10.4.12's password:
$ ssh user4@10.10.4.12 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
user4@10.10.4.12's password:

Here, the first command creates .ssh directory on the destination machine. Second command copies id_rs.pub file’s content to destination machine under file ~/.ssh/authorized_keys and last command sets proper permissions.

Step 3:

You are done! Try SSH from source to destination and it will be through without password!

$ ssh user4@10.10.4.12
Last login: Tue Oct  6 21:59:00 2015 from 10.10.4.11
[user4@server2 ~]$

This method works for all Linux and Unix variants for SSH protocol. You can also configure it for different users on the source and destination. One machine can have more than one authorized key (one key for one source machine), that’s why we have concatenated id_rsa.pub content to authorized_keys file (not overwrite).

Drop us any suggestions/corrections you have in comments.

How to map Linux disk to vmware disk

3 Replies

Learn how to map Linux disk to VMware disk for virtual machines hosted on VMware. This ensures you are treating the correct disk on the virtualization layer.

It’s always a challenge to identify the correct disk physically when it’s being used in the virtualization layer. Since disk or hardware is attached to the Host physically and made visible to the guest server. Any activity related to physical attribute which is to be done on guest machine seeks perfect mapping of hardware from guest to host. In other posts, we already explained mapping iVM disks to host disks in HPUX (HPUX virtualization). In this post, we will be seeing how to map Linux disk to VMware disk (VMware virtualization).

Like HPUX, we do not have a direct command to see the mapping of disks. In HP, both hardware (server), OS software (HPUX), and virtualization technology (iVM) all three products are owned/developed by HP. This makes it possible to integrate tasks into a single command. Since VMware, Linux is not a single vendor configuration, I think it’s not yet possible to get things done with single-line command.

To map VMware disks to Linux VM, we need to check and relate the SCSI id of disks.

In vmware :

Check VM settings and identify disk SCSI id.

As highlighted in above screenshot, identify your SCSI id. Here its 0:0

In Linux VM:

Now login to Linux VM and execute below command :

# dmesg | grep -i 'Attached SCSI disk'
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
Attached scsi disk sdb at scsi0, channel 0, id 1, lun 0

We are filtering disk messages from syslog at the boot, to get disk SCSI id identified by the kernel. This will show us disk names along with 4 numbers. Every disk has 4 numbers displayed in the output. SCSI, channel, id, and lun. We are interested here in channel and id numbers.

For example, disk sda in the above output has numbers 0:0:0:0 whereas disk sdb has 0:0:1:0. Look at the second and third number i.e. 0:0:0:0 or 0:0:1:0. Sometimes you have to check first and third fields to match numbers.

Now match this SCSI id with the id you got from VMware console (VM settings panel). 0:0 is matching that means disk sda in Linux is what we are looking at in VMware Hard Disk 1.

Sometimes RDM disks are assigned to guests from VMware in that case above method is not sufficient to identify disks. You have another approach.

Get sg number from Linux VM :

# dmesg|grep sg |grep Attached
sr 0:0:0:0: Attached scsi generic sg0 type 5
sd 2:0:0:0: Attached scsi generic sg1 type 0
sd 2:0:1:0: Attached scsi generic sg2 type 0

This sgX number is always less than one from VMware “Hard Disk X” number. So sgX+1=Hard Disk X. This means in Linux disk sg starts with sg0 but in VMware it starts with Hard Disk 1. In the above example, sg1 will be Hard Disk 2 in VMware.

Match numbers accordingly and you will be able to map guest disk with vmware disk!

If you have any other method to get this task done, please drop us in comments!

Kernel Talks

Unix, Linux, & Cloud!

Category Archives: Howto

How to find the process using high memory in Linux

How to download the package using YUM or APT

Download package on YUM configured server

Download package on APT configured server

How to upgrade package using YUM in RHEL

1. Check for updates :

2. Update single package :

3. Update multiple packages :

4. Updating all packages at once :

How to open the file in the read-only mode under vi or vim

1. Use of view command

2. vi or vim command with -R option

3. vi modifications not allowed mode

How to check and test APA in HPUX

Testing APA:

How to map Linux disk to vmware disk

In vmware :

In Linux VM: