AWS VPC, Route53, IAM revision before the CSA exam

1 Reply

Quick revision on topics AWS VPC, Route53, IAM before appearing AWS Certified Solutions Architect – Associate exam.

VPC, Route53, IAM revision!

This article notes down a few important points about AWS (Amazon Web Services) VPC, Route53, and IAM. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is the second part of the AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about VPC (Virtual Private Cloud), Route53 (DNS Service) and IAM (Identity and Access Management).

Recommended read : AWS CSA exam preparation guide

Lets get started :

VPC (Virtual Private Cloud)

  • NACL (Network Access Control List) controls traffic security at the subnet level
  • Security groups control traffic security at the instance level
  • NACL is stateless (i.e. all traffic need to exclusively allow) while Security groups are stateful (i.e. response traffic is automatically allowed)
  • Only 1 Internet gateway per VPC is allowed.
  • VPC peering can be done between two AWS accounts or other VPS within the same region.
  • VPC peering is a direct network route between two VPC enabling sharing resources in different subnets.
  • Limits :
    • 5 VPC per region
    • 50 customer gateways per region
    • 200 route table per region
    • 50 entries per route table
    • 5 elastic IP
    • 5 security group per network interface
    • 500 security groups per VPC
    • 50 rules per security group
  • First 4 and last 1 IP of each subnet is reserved by AWS as below :
    • x.x.x.0: Network IP
    • x.x.x.1 : VPC router IP
    • x.x.x.2: For VPC DNS
    • x.x.x.3: For future use
    • x.x.x.255: Broadcast IP

Route 53

  • Can register domain, act as DNS, Check health of resources.
  • Port 53 used to serve request by DNS hence the name route 53!
  • Primarily TCP used to serve DNS request but if the response is more than 512 bytes it will use TCP.
  • Currently supported records :
    • A (address record)
    • AAAA (IPv6 address record)
    • CNAME (canonical name record)
    • MX (mail exchange record)
    • NAPTR (name authority pointer record)
    • NS (name server record)
    • PTR (pointer record)
    • SOA (start of authority record)
    • SPF (sender policy framework)
    • SRV (service locator)
    • TXT (text record)
  • Routing policies :
    • Simple routing: Single resource serving traffic
    • Weighted routing: Divert proportion wise traffic to multiple resources
    • Latency routing: Returns result with the lowest latency to requestor origin
    • Failover routing: Active-passive. One resource takes traffic when the other one is failed
    • Geolocation routing: Returns DNS queries based on the geolocation of the user
  • Limits :
    • 500 hosted zones per AWS account
    • 50 domains per AWS account
  • Ideal TTL values for CNAME to the existing domain are 24 hours and CNAM to S3 or ELB is 1 hour.
  • There is no default TTL for any record type in Route 53. You have to specify TTL for your records.
  • Weights can be assigned as integer 0 to 255. 0 means no weight i.e. don’t route to that record. The probability of routing to be done to a particular record equals to the weight of that record/Sum of all record weights.

IAM (Identity and Access Management)

  • Never use the root account for login. Create an admin user and use it for administrative tasks
  • Created users, groups and roles are global and available across all regions in the same AWS account
  • Prebuilt policy for :
    • Administrator – All access
    • Power-user – Everything administrator has except IAM management access
    • Read-only – Only view access (accounting purpose)
  • By default, the newly created user has normal deny on all AWS resources. Explicit allow will override normal deny.
  • Cross account roles can be defined. It assumes access of other users granted to another user.
  • The public key can be viewed in the account settings anytime. The private key visible only at the time of creation.  If lost can not be retrieved and need to create fresh key pair to use.

AWS EC2, S3, RDS revision before the CSA exam

Leave a reply

Quick revision on topics AWS EC2, S3, RDS before appearing AWS Certified Solutions Architect – Associate exam.

EC2, S3, RDS revision!

This article notes down a few important points about AWS (Amazon Web Services) EC2, S3, and RDS. This can be helpful in last-minute revision before appearing for the AWS Certified Solutions Architect – Associate level certification exam.

This is first part of AWS CSA revision series. Rest of the series listed below :

In this article, we are checking out key points about EC2 (Elastic Compute Cloud), S3 (Simple Storage Service) and RDS (Relational Database Service).

Recommended read : AWS CSA exam preparation guide

Lets get started :

EC2 (Elastic Compute Cloud)

  • Its an AWS service that provides scalable virtual servers in cloud.
  • Pricing models are Reserved instances, On-demand instances, and spot instances.
  • Reserved are less costly since you reserve in advance by paying partial or full.
  • On-demand ones are costliest. But their launching depends on current available capacity in that zone
  • Spot instances are bidding unused instances in the Amazon marketplace (cheapest of all). They are allocated and withdrawn according to your bid price.
  • Max 20 running and 20 shut-down instances can exist per account.
  • AMI is Amazon Machine Image used to deploy/install the pre-configured OS on EC2 instances.
  • Instance store backed volumes are ephemeral storage and lost their data once the instance is off
  • EBS (Elastic Block Store) volumes hold data permanently regardless of instance state.
  • EBS volume size: Min 1 GiB, Max 16384 GiB (16 Tib)
  • EBS volume can be attached to 1 instance at a time. It cannot be attached to an instance in a different availability zone.
  • EBS : 3 IOPS per GiB with a minimum of 100 IOPS, burstable to 3000 IOPS
  • EBS Provisioned IOPS. 50:1 ratio to be maintained.
  • RAID 5 and RAID 6 are not recommended for EBS by AWS.
  • IOPS are measures in chucks of 256KB or smaller.
  • EC2-Classic is a deprecated service. Exist in accounts before 24 Dec 2013.
  • The default session timeout for ELB is 60 sec.
  • 5 Elastic IPs per region only.
  • Key pairs are used by EC2 and CloudFront only.
  • SAML URL https://signin.aws.amazon.com/saml
  • Maximum 2 key pairs can be kept per user.
  • Elastic Load Balancer ELB modes :
    • Idle connection timeout
    • Cross zone load balancing
    • Connection draining
    • Proxy protocol
    • Sticky session
    • Health checks
  • Auto Scaling plans :
    • Current instant levels
    • Manual scaling
    • Dynamic scaling
    • Scheduled scaling
  • ELB session timeout is 60 sec.
  • Timeout for connection draining in ELB is 1 sec to 3600 sec. The default is 300 sec.

S3 (Simple Storage Service)

  • objects (files) are stored in buckets. All root folders are buckets and must have a unique name across all AWS infra
  • Unlimited storage and high availability by default
  • 99.999999999% (Eleven 9’s) durability and 99.99% availability for data stored on S3
  • User can enable AES-256 encryption for data at rest
  • Versioning can be enabled but can not be disabled. It can only be suspended then.
  • Life cycle policies can be defined for deletion or archival.
  • The glacier is a low-cost storage option for archiving data. Data in and out of Glacier takes hours or days.
  • Glacier costs 1 cent / 1 GB for a year.
  • Object size : min 0 bytes, max 5 TB
  • Object more than 100MB must use the multipart upload function
  • All regions support read after write consistency for PUTS (new object) and eventual consistency for PUTS (overwrite) & DELETE.
  • The object always stays within the region and synced across all availability zones.
  • The S3 infrequent access (S3-IA) storage class has object durability of 99.999999999% and availability of 99.90%
  • Max object size in a single put is 5GB.

RDS (Relation Database Service)

  • Its fully managed database service in the cloud.
  • Supported databases: Oracle, MySQL, PostgreSQL, MS SQL, Aurora (Amazon homegrown SQL DB)
  • Scale underlying hardware automatically
  • Support read replicas of SQL based DB
  • Disk space : min 5GB, max 3TB
  • Default database port: 3306
  • RDS backup retention policy : 0 days min (no backup) to 35 days max.

DynamoDB

  • Dynamodb supports in-place atomic updates
  • Dynamodb defaults in the US west Oregon region.
  • Max 1MB of data can be retrieved in the single query operation.
  •  

List of online package repositories

Leave a reply

List of all online Linux yum or apt package repositories, mirrors, download sites. Updated continuously whenever a new link is discovered

List of online resources for linux packages

This article aimed at listing all available mirrors, repositories, package download sites for Linux distros. Let us know broken/new links in comments and we will update this post accordingly. 

Use these links on your own risk!

Fedora Mirrors

https://admin.fedoraproject.org/mirrormanager/ (Sorted by distro, arch etc)

More details here

Red Hat Mirrors

ftp://tug.ctan.org/pub/mirrors/ftp.redhat.com/mirror.html (sorted by Geo locations)

More details here

CentOS mirrors

https://www.centos.org/download/mirrors/ (sorted by Geo locations)

More details here

Articles you might be interested :

  1. How to install package in Linux
  2. Configure EPEL repo in YUM based Linux
  3. How to download package without installing
  4. Package removal in Linux

openSUSE mirrors

http://mirrors.opensuse.org/ (sorted by Geo locations, repo)

Oracle Linux mirrors

https://community.oracle.com/docs/DOC-917963

Oracle public YUM repository : http://public-yum.oracle.com/

EPEL repositories

https://dl.fedoraproject.org/pub/epel/

Debian worldwide mirrors

https://www.debian.org/mirror/list (sorted by Geo locations, Architecture)

More details here

Ubuntu

RPM search and download sites

https://www.rpmfind.net/linux/RPM/

http://rpm.pbone.net/

Nginx installation on Linux server

Leave a reply

Step by step Nginx installation on YUM or APT based Linux servers. Know about configuration files, log files, and directory listing in Nginx.

nginx installation in linux

Nginx is a popular web server and preferred over Apache. Many websites and blogs today run on Nginx webserver. In this article, we are going to see how to install Nginx in Linux.

Nginx Installation

Nginx is available for install in EPEL repositories for YUM based Linux systems and in default repositories of APT (Debian) based systems. Depending on your system type install the Nginx package. Sample outputs below :

# yum install nginx
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos, security
Setting up Install Process
epel/metalink                                                                                                                         | 4.4 kB     00:00
epel                                                                                                                                  | 4.3 kB     00:00
https://mirrors.tuna.tsinghua.edu.cn/epel/6/x86_64/repodata/repomd.xml: [Errno -1] repomd.xml does not match metalink for epel
Trying other mirror.
epel                                                                                                                                  | 4.3 kB     00:00
rhui-REGION-client-config-server-6                                                                                                    | 2.9 kB     00:00
rhui-REGION-rhel-server-releases                                                                                                      | 3.5 kB     00:00
rhui-REGION-rhel-server-releases-optional                                                                                             | 3.5 kB     00:00
rhui-REGION-rhel-server-rh-common                                                                                                     | 3.8 kB     00:00
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 0:1.10.2-1.el6 will be installed
--> Processing Dependency: nginx-filesystem = 1.10.2-1.el6 for package: nginx-1.10.2-1.el6.x86_64
--> Processing Dependency: nginx-all-modules = 1.10.2-1.el6 for package: nginx-1.10.2-1.el6.x86_64
--> Processing Dependency: nginx-filesystem for package: nginx-1.10.2-1.el6.x86_64
--> Running transaction check
---> Package nginx-all-modules.noarch 0:1.10.2-1.el6 will be installed
--> Processing Dependency: nginx-mod-stream = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-mail = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-xslt-filter = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-perl = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-image-filter = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
--> Processing Dependency: nginx-mod-http-geoip = 1.10.2-1.el6 for package: nginx-all-modules-1.10.2-1.el6.noarch
---> Package nginx-filesystem.noarch 0:1.10.2-1.el6 will be installed
--> Running transaction check
---> Package nginx-mod-http-geoip.x86_64 0:1.10.2-1.el6 will be installed
--> Processing Dependency: GeoIP for package: nginx-mod-http-geoip-1.10.2-1.el6.x86_64
--> Processing Dependency: libGeoIP.so.1()(64bit) for package: nginx-mod-http-geoip-1.10.2-1.el6.x86_64
---> Package nginx-mod-http-image-filter.x86_64 0:1.10.2-1.el6 will be installed
--> Processing Dependency: gd for package: nginx-mod-http-image-filter-1.10.2-1.el6.x86_64
--> Processing Dependency: libgd.so.2()(64bit) for package: nginx-mod-http-image-filter-1.10.2-1.el6.x86_64
---> Package nginx-mod-http-perl.x86_64 0:1.10.2-1.el6 will be installed
---> Package nginx-mod-http-xslt-filter.x86_64 0:1.10.2-1.el6 will be installed
---> Package nginx-mod-mail.x86_64 0:1.10.2-1.el6 will be installed
---> Package nginx-mod-stream.x86_64 0:1.10.2-1.el6 will be installed
--> Running transaction check
---> Package GeoIP.x86_64 0:1.6.5-1.el6 will be installed
--> Processing Dependency: geoipupdate for package: GeoIP-1.6.5-1.el6.x86_64
--> Processing Dependency: GeoIP-data for package: GeoIP-1.6.5-1.el6.x86_64
---> Package gd.x86_64 0:2.0.35-11.el6 will be installed
--> Processing Dependency: libXpm.so.4()(64bit) for package: gd-2.0.35-11.el6.x86_64
--> Running transaction check
---> Package GeoIP-GeoLite-data.noarch 0:2017.01-1.el6 will be installed
--> Processing Dependency: GeoIP-GeoLite-data-extra = 2017.01-1.el6 for package: GeoIP-GeoLite-data-2017.01-1.el6.noarch
---> Package geoipupdate.x86_64 0:2.2.1-2.el6 will be installed
---> Package libXpm.x86_64 0:3.5.10-2.el6 will be installed
--> Running transaction check
---> Package GeoIP-GeoLite-data-extra.noarch 0:2017.01-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                                      Arch                    Version                        Repository                                         Size
=============================================================================================================================================================
Installing:
 nginx                                        x86_64                  1.10.2-1.el6                   epel                                              462 k
Installing for dependencies:
 GeoIP                                        x86_64                  1.6.5-1.el6                    epel                                              113 k
 GeoIP-GeoLite-data                           noarch                  2017.01-1.el6                  epel                                              468 k
 GeoIP-GeoLite-data-extra                     noarch                  2017.01-1.el6                  epel                                               23 M
 gd                                           x86_64                  2.0.35-11.el6                  rhui-REGION-rhel-server-releases                  142 k
 geoipupdate                                  x86_64                  2.2.1-2.el6                    epel                                               28 k
 libXpm                                       x86_64                  3.5.10-2.el6                   rhui-REGION-rhel-server-releases                   51 k
 nginx-all-modules                            noarch                  1.10.2-1.el6                   epel                                              7.7 k
 nginx-filesystem                             noarch                  1.10.2-1.el6                   epel                                              8.5 k
 nginx-mod-http-geoip                         x86_64                  1.10.2-1.el6                   epel                                               14 k
 nginx-mod-http-image-filter                  x86_64                  1.10.2-1.el6                   epel                                               16 k
 nginx-mod-http-perl                          x86_64                  1.10.2-1.el6                   epel                                               26 k
 nginx-mod-http-xslt-filter                   x86_64                  1.10.2-1.el6                   epel                                               16 k
 nginx-mod-mail                               x86_64                  1.10.2-1.el6                   epel                                               43 k
 nginx-mod-stream                             x86_64                  1.10.2-1.el6                   epel                                               36 k

Transaction Summary
=============================================================================================================================================================
Install      15 Package(s)

Total download size: 24 M
Installed size: 49 M
Is this ok [y/N]: y
Downloading Packages:
(1/15): GeoIP-1.6.5-1.el6.x86_64.rpm                                                                                                  | 113 kB     00:00
(2/15): GeoIP-GeoLite-data-2017.01-1.el6.noarch.rpm                                                                                   | 468 kB     00:00
(3/15): GeoIP-GeoLite-data-extra-2017.01-1.el6.noarch.rpm                                                                             |  23 MB     00:01
(4/15): gd-2.0.35-11.el6.x86_64.rpm                                                                                                   | 142 kB     00:00
(5/15): geoipupdate-2.2.1-2.el6.x86_64.rpm                                                                                            |  28 kB     00:00
(6/15): libXpm-3.5.10-2.el6.x86_64.rpm                                                                                                |  51 kB     00:00
(7/15): nginx-1.10.2-1.el6.x86_64.rpm                                                                                                 | 462 kB     00:00
(8/15): nginx-all-modules-1.10.2-1.el6.noarch.rpm                                                                                     | 7.7 kB     00:00
(9/15): nginx-filesystem-1.10.2-1.el6.noarch.rpm                                                                                      | 8.5 kB     00:00
(10/15): nginx-mod-http-geoip-1.10.2-1.el6.x86_64.rpm                                                                                 |  14 kB     00:00
(11/15): nginx-mod-http-image-filter-1.10.2-1.el6.x86_64.rpm                                                                          |  16 kB     00:00
(12/15): nginx-mod-http-perl-1.10.2-1.el6.x86_64.rpm                                                                                  |  26 kB     00:00
(13/15): nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64.rpm                                                                           |  16 kB     00:00
(14/15): nginx-mod-mail-1.10.2-1.el6.x86_64.rpm                                                                                       |  43 kB     00:00
(15/15): nginx-mod-stream-1.10.2-1.el6.x86_64.rpm                                                                                     |  36 kB     00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                        6.1 MB/s |  24 MB     00:03
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : GeoIP-GeoLite-data-extra-2017.01-1.el6.noarch                                                                                            1/15
  Installing : GeoIP-GeoLite-data-2017.01-1.el6.noarch                                                                                                  2/15
  Installing : nginx-filesystem-1.10.2-1.el6.noarch                                                                                                     3/15
  Installing : geoipupdate-2.2.1-2.el6.x86_64                                                                                                           4/15
  Installing : GeoIP-1.6.5-1.el6.x86_64                                                                                                                 5/15
  Installing : libXpm-3.5.10-2.el6.x86_64                                                                                                               6/15
  Installing : gd-2.0.35-11.el6.x86_64                                                                                                                  7/15
  Installing : nginx-mod-http-geoip-1.10.2-1.el6.x86_64                                                                                                 8/15
  Installing : nginx-mod-stream-1.10.2-1.el6.x86_64                                                                                                     9/15
  Installing : nginx-mod-http-perl-1.10.2-1.el6.x86_64                                                                                                 10/15
  Installing : nginx-mod-http-image-filter-1.10.2-1.el6.x86_64                                                                                         11/15
  Installing : nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64                                                                                          12/15
  Installing : nginx-1.10.2-1.el6.x86_64                                                                                                               13/15
  Installing : nginx-mod-mail-1.10.2-1.el6.x86_64                                                                                                      14/15
  Installing : nginx-all-modules-1.10.2-1.el6.noarch                                                                                                   15/15
  Verifying  : nginx-mod-mail-1.10.2-1.el6.x86_64                                                                                                       1/15
  Verifying  : GeoIP-1.6.5-1.el6.x86_64                                                                                                                 2/15
  Verifying  : nginx-mod-http-geoip-1.10.2-1.el6.x86_64                                                                                                 3/15
  Verifying  : libXpm-3.5.10-2.el6.x86_64                                                                                                               4/15
  Verifying  : nginx-mod-stream-1.10.2-1.el6.x86_64                                                                                                     5/15
  Verifying  : nginx-all-modules-1.10.2-1.el6.noarch                                                                                                    6/15
  Verifying  : GeoIP-GeoLite-data-2017.01-1.el6.noarch                                                                                                  7/15
  Verifying  : nginx-mod-http-perl-1.10.2-1.el6.x86_64                                                                                                  8/15
  Verifying  : nginx-mod-http-image-filter-1.10.2-1.el6.x86_64                                                                                          9/15
  Verifying  : nginx-1.10.2-1.el6.x86_64                                                                                                               10/15
  Verifying  : geoipupdate-2.2.1-2.el6.x86_64                                                                                                          11/15
  Verifying  : GeoIP-GeoLite-data-extra-2017.01-1.el6.noarch                                                                                           12/15
  Verifying  : nginx-filesystem-1.10.2-1.el6.noarch                                                                                                    13/15
  Verifying  : gd-2.0.35-11.el6.x86_64                                                                                                                 14/15
  Verifying  : nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64                                                                                          15/15

Installed:
  nginx.x86_64 0:1.10.2-1.el6

Dependency Installed:
  GeoIP.x86_64 0:1.6.5-1.el6                             GeoIP-GeoLite-data.noarch 0:2017.01-1.el6      GeoIP-GeoLite-data-extra.noarch 0:2017.01-1.el6
  gd.x86_64 0:2.0.35-11.el6                              geoipupdate.x86_64 0:2.2.1-2.el6               libXpm.x86_64 0:3.5.10-2.el6
  nginx-all-modules.noarch 0:1.10.2-1.el6                nginx-filesystem.noarch 0:1.10.2-1.el6         nginx-mod-http-geoip.x86_64 0:1.10.2-1.el6
  nginx-mod-http-image-filter.x86_64 0:1.10.2-1.el6      nginx-mod-http-perl.x86_64 0:1.10.2-1.el6      nginx-mod-http-xslt-filter.x86_64 0:1.10.2-1.el6
  nginx-mod-mail.x86_64 0:1.10.2-1.el6                   nginx-mod-stream.x86_64 0:1.10.2-1.el6

Complete!

# apt-get install nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-headers-4.4.0-59 linux-headers-4.4.0-59-generic linux-headers-4.4.0-66 linux-headers-4.4.0-66-generic linux-image-4.4.0-59-generic
  linux-image-4.4.0-66-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libtiff5 libvpx3 libxpm4 libxslt1.1 nginx-common nginx-core
Suggested packages:
  libgd-tools fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libtiff5 libvpx3 libxpm4 libxslt1.1 nginx nginx-common
  nginx-core
0 upgraded, 14 newly installed, 0 to remove and 64 not upgraded.
Need to get 2,999 kB of archives.
After this operation, 9,781 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libjpeg-turbo8 amd64 1.4.2-0ubuntu3 [111 kB]
Get:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libjbig0 amd64 2.1-3.1 [26.6 kB]
Get:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 fonts-dejavu-core all 2.35-1 [1,039 kB]
Get:4 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 fontconfig-config all 2.11.94-0ubuntu1.1 [49.9 kB]
Get:5 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libfontconfig1 amd64 2.11.94-0ubuntu1.1 [131 kB]
Get:6 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libjpeg8 amd64 8c-2ubuntu8 [2,194 B]
Get:7 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libtiff5 amd64 4.0.6-1ubuntu0.1 [146 kB]
Get:8 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libvpx3 amd64 1.5.0-2ubuntu1 [732 kB]
Get:9 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libxpm4 amd64 1:3.5.11-1ubuntu0.16.04.1 [33.8 kB]
Get:10 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libgd3 amd64 2.1.1-4ubuntu0.16.04.6 [126 kB]
Get:11 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 libxslt1.1 amd64 1.1.28-2.1 [145 kB]
Get:12 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx-common all 1.10.0-0ubuntu0.16.04.4 [26.6 kB]
Get:13 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx-core amd64 1.10.0-0ubuntu0.16.04.4 [428 kB]
Get:14 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 nginx all 1.10.0-0ubuntu0.16.04.4 [3,498 B]
Fetched 2,999 kB in 2s (1,135 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libjpeg-turbo8:amd64.
(Reading database ... 138589 files and directories currently installed.)
Preparing to unpack .../libjpeg-turbo8_1.4.2-0ubuntu3_amd64.deb ...
Unpacking libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ...
Selecting previously unselected package libjbig0:amd64.
Preparing to unpack .../libjbig0_2.1-3.1_amd64.deb ...
Unpacking libjbig0:amd64 (2.1-3.1) ...
Selecting previously unselected package fonts-dejavu-core.
Preparing to unpack .../fonts-dejavu-core_2.35-1_all.deb ...
Unpacking fonts-dejavu-core (2.35-1) ...
Selecting previously unselected package fontconfig-config.
Preparing to unpack .../fontconfig-config_2.11.94-0ubuntu1.1_all.deb ...
Unpacking fontconfig-config (2.11.94-0ubuntu1.1) ...
Selecting previously unselected package libfontconfig1:amd64.
Preparing to unpack .../libfontconfig1_2.11.94-0ubuntu1.1_amd64.deb ...
Unpacking libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ...
Selecting previously unselected package libjpeg8:amd64.
Preparing to unpack .../libjpeg8_8c-2ubuntu8_amd64.deb ...
Unpacking libjpeg8:amd64 (8c-2ubuntu8) ...
Selecting previously unselected package libtiff5:amd64.
Preparing to unpack .../libtiff5_4.0.6-1ubuntu0.1_amd64.deb ...
Unpacking libtiff5:amd64 (4.0.6-1ubuntu0.1) ...
Selecting previously unselected package libvpx3:amd64.
Preparing to unpack .../libvpx3_1.5.0-2ubuntu1_amd64.deb ...
Unpacking libvpx3:amd64 (1.5.0-2ubuntu1) ...
Selecting previously unselected package libxpm4:amd64.
Preparing to unpack .../libxpm4_1%3a3.5.11-1ubuntu0.16.04.1_amd64.deb ...
Unpacking libxpm4:amd64 (1:3.5.11-1ubuntu0.16.04.1) ...
Selecting previously unselected package libgd3:amd64.
Preparing to unpack .../libgd3_2.1.1-4ubuntu0.16.04.6_amd64.deb ...
Unpacking libgd3:amd64 (2.1.1-4ubuntu0.16.04.6) ...
Selecting previously unselected package libxslt1.1:amd64.
Preparing to unpack .../libxslt1.1_1.1.28-2.1_amd64.deb ...
Unpacking libxslt1.1:amd64 (1.1.28-2.1) ...
Selecting previously unselected package nginx-common.
Preparing to unpack .../nginx-common_1.10.0-0ubuntu0.16.04.4_all.deb ...
Unpacking nginx-common (1.10.0-0ubuntu0.16.04.4) ...
Selecting previously unselected package nginx-core.
Preparing to unpack .../nginx-core_1.10.0-0ubuntu0.16.04.4_amd64.deb ...
Unpacking nginx-core (1.10.0-0ubuntu0.16.04.4) ...
Selecting previously unselected package nginx.
Preparing to unpack .../nginx_1.10.0-0ubuntu0.16.04.4_all.deb ...
Unpacking nginx (1.10.0-0ubuntu0.16.04.4) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu13) ...
Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ...
Setting up libjbig0:amd64 (2.1-3.1) ...
Setting up fonts-dejavu-core (2.35-1) ...
Setting up fontconfig-config (2.11.94-0ubuntu1.1) ...
Setting up libfontconfig1:amd64 (2.11.94-0ubuntu1.1) ...
Setting up libjpeg8:amd64 (8c-2ubuntu8) ...
Setting up libtiff5:amd64 (4.0.6-1ubuntu0.1) ...
Setting up libvpx3:amd64 (1.5.0-2ubuntu1) ...
Setting up libxpm4:amd64 (1:3.5.11-1ubuntu0.16.04.1) ...
Setting up libgd3:amd64 (2.1.1-4ubuntu0.16.04.6) ...
Setting up libxslt1.1:amd64 (1.1.28-2.1) ...
Setting up nginx-common (1.10.0-0ubuntu0.16.04.4) ...
Setting up nginx-core (1.10.0-0ubuntu0.16.04.4) ...
Setting up nginx (1.10.0-0ubuntu0.16.04.4) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for systemd (229-4ubuntu13) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for ufw (0.35-0ubuntu2) ...

After successful installation, start nginx service.

# service nginx start (Redhat systems)
Starting nginx:                                            [  OK  ]
OR
# systemctl start nginx (RHEL7 & debian)
Starting nginx:                                            [  OK  ]

Verify service is running.

# service nginx status
nginx (pid  1689) is running...

OR

# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2017-04-04 10:24:19 UTC; 2min 15s ago
 Main PID: 6734 (nginx)
   CGroup: /system.slice/nginx.service
           ├─6734 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           └─6735 nginx: worker process

That’s it. Your installation is complete and your webserver is up and running.

Nginx server test

Now you can enter your server IP in the browser (http://x.x.x.x/) to check if your Nginx webserver is serving page or not. If you are getting a connection timed out, you may want to check firewall settings on your server to allow port 80.

You will be served with test page like below :

nginx test page on YUM based systems like Red Hat
nginx test page on APT based systems like Ubuntu

This confirms that your Nginx web server installation is successful and it’s ready for customization.

nginx configurations

The default server root directory is /usr/share/nginx/html. Files that are placed in there will be served on your web server. You can place your HTML files here to serve a static website! The test page you seen above is file index.html under /usr/share/nginx/html. This default directory can be changed under Nginx configuration file  /etc/nginx/conf.d/default.conf.

nginx global configuration file is /etc/nginx/nginx.conf In this conf file, you can set the user to run Nginx, its number of processes to fork, etc.

Default log files error.log (for errors) and access.log (logging accesses) are located under /var/log/nginx

Directory listing in nginx

If you place a few files or directories in root directory then you will not see a listing of them in your browser as we saw in Apache configuration. To enable this you need to add autoindex on; in config file after root directive. Look at my config below :

# cat /etc/nginx/conf.d/default.conf
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /tmp;
    autoindex on;

----- output clipped ----

In the above config, I defined /tmp as root and turned on autoindex (highlighted lines). Restart Nginx services after saving the above changes. Now if I check my webpage (http://x.x.x.x/) it will list all files/directories under /tmp

Directory listing in nginx

You can see in above screenshot, /tmp directory listing is presented by Nginx. If you don’t put autoindex on then it will serve you 404 forbidden error!

Let’s Encrypt SSL certificate on Apache YUM based Linux system

Leave a reply

Learn to configure the free, open-source, secure Let’s Encrypt SSL certificate on Apache webserver running on YUM based Linux server.

Lets Encrypt installation on Apache

What is Let’s Encrypt

Let’s Encrypt is free, open-source, and automatic SSL CA (Certificate Authority). Its managed by ISRG (Internet Security Research Group). SSL certificate always involved a cost which is recurring every year for renewal. Let’s encrypt aimed at open source and free SSL. This is an ideal choice for small websites, businesses which have less or no critical data on their websites and looking for SSL certificates.

If you are running a personal blog then SSL is essential for having a good search engine reputation. But before you dive into you need one dedicated IP for your domain name. If you are on shared hosting you are likely not having a dedicated IP. So for Let’s Encrypt SSL, you need to buy IP for your domain name.

Lets Encrypt SSL certificate

Let’s encrypt provides you fee SSL after your domain name validity which lasts for 3 months. You have to manually renew it every 3 months. The renewal process can be automatized too. Certbot is currently serving you deploying https on your server and configuring Let’s encrypt certs for you.

Before run into installation you should have these pre-requisite completed :

  1. Install EPEL repo
  2. You should have a webserver running
  3. The webpage is being displayed on your domain name (port 80) properly

Let’s encrypt installation on Apache & YUM Linux system

First of all, you need to clone git repository of letsencrypt. For that install package ‘git’ first. Once done run below git clone command :

# git clone https://github.com/letsencrypt/letsencrypt
Initialized empty Git repository in /root/letsencrypt/.git/
remote: Counting objects: 45178, done.
remote: Compressing objects: 100% (164/164), done.
remote: Total 45178 (delta 112), reused 0 (delta 0), pack-reused 45014
Receiving objects: 100% (45178/45178), 13.38 MiB | 2.15 MiB/s, done.
Resolving deltas: 100% (32345/32345), done.

Now goto letsencrypt directory which is created in your present directory by clone command. Under that directory run below command :

# ./letsencrypt-auto  certonly --standalone

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):ktwebtest.ddns.net
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for ktwebtest.ddns.net
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem. Your cert
   will expire on 2017-07-02. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt-auto again.
   To non-interactively renew *all* of your certificates, run
   "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You can see above, after supplying domain name, Certbot creates a CSR file on its own, generates a key file, and fetch SSL certificate too. All paths are visible in the output. All files path are :

Key files directory/etc/letsencrypt/keys/
CSR files directory/etc/letsencrypt/csr/
SSL files directory/etc/letsencrypt/live/

It also shows you when your certificate going to expire. And command you can use to renew your certificate. Now you can follow the tutorial of how to install SSL which you obtained in the above step.

You can even automatize this SSL installation steps by using command :

# ./letsencrypt-auto  -d ktwebtest.ddns.net --apache

With this command, it will create key, CSR, fetch SSL, install SSL on your domain webserver!

Certificate renewal

You can renew certificate manually using :

# ./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/ktwebtest.ddns.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem (skipped)
No renewals were attempted.


As you can see, it will scan through all fetched let’s encrypt certificates on the server and their due date. If found due, those certificates will be renewed in no time!

If you want to renew certificate regardless of the due date then you can use force renew as below :

# ./letsencrypt-auto renew  --force-renewal

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/ktwebtest.ddns.net.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for ktwebtest.ddns.net
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0003_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0003_csr-certbot.pem

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/ktwebtest.ddns.net/fullchain.pem (success)

You can even schedule crontab with a little bit of scripting to have an automatic renewal of certificates.

How to install EPEL repository in YUM based Linux

Leave a reply

Learn how to install EPEL repository (Extra Packages for Enterprise Linux) in YUM based Linux. It enables you to install open source packages.

EPEL repository installation

What is EPEL

EPEL stands for Extra Packages for Enterprise Linux. EPEL repository is helpful and rich with packages that are normally used/needed for commonly used Linux software. This repository is managed by the EPEL group. This repository contains all 100% free open source packages which may not available in the core

EPEL repos should be used in production with extra caution.

As you know EPEL group is the Fedora project, EPEL repository can be enabled for YUM based systems like RHEL, Oracle Linux, Fedora, CentOS, etc distributions.

How to configure EPEL

Adding EPEL repository can take a different route than adding https, FTP repositories in YUM. For EPFL, you need to download related RPM from link  using any Linux downloaders. Choose correct distro and architecture while choosing a download link for the EPEL package. Or you can choose noarch rpm as I did below.

I downloaded rpm using wget as below :

# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
--2017-04-03 13:18:35--  https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
Resolving dl.fedoraproject.org... 209.132.181.25, 209.132.181.23, 209.132.181.24
Connecting to dl.fedoraproject.org|209.132.181.25|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14540 (14K) [application/x-rpm]
Saving to: “epel-release-latest-6.noarch.rpm”

100%[===================================================================================================================>] 14,540      51.5K/s   in 0.3s

2017-04-03 13:18:37 (51.5 KB/s) - “epel-release-latest-6.noarch.rpm” saved [14540/14540]

You should have rpm file in your current directory.

# ll
total 680
-rw-r--r--. 1 root root  14540 Nov  5  2012 epel-release-latest-6.noarch.rpm

You need to install rpm using yum command.

# yum install ./epel-release-latest-*.noarch.rpm
Loaded plugins: amazon-id, rhui-lb, security
Setting up Install Process
Examining ./epel-release-latest-6.noarch.rpm: epel-release-6-8.noarch
Marking ./epel-release-latest-6.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:6-8 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                              Arch                           Version                     Repository                                             Size
=============================================================================================================================================================
Installing:
 epel-release                         noarch                         6-8                         /epel-release-latest-6.noarch                          22 k

Transaction Summary
=============================================================================================================================================================
Install       1 Package(s)

Total size: 22 k
Installed size: 22 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : epel-release-6-8.noarch                                                                                                                   1/1
  Verifying  : epel-release-6-8.noarch                                                                                                                   1/1

Installed:
  epel-release.noarch 0:6-8

Complete!

Thats it. EPEL repository is accommodated by your YUM configuration now.

EPEL repository test

Let’s test the EPEL repository if it’s configured properly. You should see below the new repo in directory /etc/yum.repos.d This is the first indication EPEL is configured.

# pwd
/etc/yum.repos.d

# ll
total 32
-rw-r--r--. 1 root root  957 Nov  4  2012 epel.repo
-rw-r--r--. 1 root root 1056 Nov  4  2012 epel-testing.repo

Now extract repolist from yum to verify configuration.

# yum repolist
Loaded plugins: amazon-id, rhui-lb, security
repo id                                                         repo name                                                                              status
epel                                                            Extra Packages for Enterprise Linux 6 - x86_64                                         12,361
rhui-REGION-client-config-server-6                              Red Hat Update Infrastructure 2.0 Client Configuration Server 6                             0
rhui-REGION-rhel-server-releases                                Red Hat Enterprise Linux Server 6 (RPMs)                                               19,422
rhui-REGION-rhel-server-releases-optional                       Red Hat Enterprise Linux Server 6 Optional (RPMs)                                      11,057
rhui-REGION-rhel-server-rh-common                               Red Hat Enterprise Linux Server 6 RH Common (RPMs)                                        129
repolist: 48,031

You can see EPEL is configured and identified properly by YUM (highlighted line).

How to install Apache webserver in Linux

Leave a reply

Step by step procedure to install and configure Apache webserver in Linux. It also includes troubleshooting steps for errors during install.

Apache webserver installation in Linux

In this tutorial, we are going to see how to install and configure Apache webserver in Linux. Apache is the most widely used web server that is developed and maintained by Apache Software Foundation. Its an open-source software and available for free to download and use.

What is webserver

The webserver is aimed to serve web pages to its clients. In our daily life websites, we visit from browsers that are hosted on webservers! Webserver commonly runs on port 80 (HTTP protocol) and 443 (https protocol, more secured). Communication between the web server and its client over https protocol is encrypted and hence secured.

Apache webserver

Apache webserver is an open-source web server developed by Apache Software Foundation. It is named as Apache HTTP Server Project and details can be viewed here. Apache webserver is also a part of the LAMP stack. Read more about LAMP here. Let’s see how to set up the Apache web server on the Linux box.

Apache installation

If you have configured YUM repositories then you can install ‘httpd’ package. If you don’t have YUM or apt-get repositories configured you can download the latest Apache source, compile and then install it.

Number of errors and their solutions :

Error: configure: error: APR not found.
Solution: Install apr and apr-utils packages (download here if you don’t have yum)

Error: configure: error: no acceptable C compiler found in $PATH
Solution: Install GCC package

Error: configure: error: pcre-config for libpcre not found.
Solution: Install pcre package (download here, unzip, /configure --prefix=/usr/local/pcre, make, make install)

Finally, you should be able to install it using : ./configure --prefix=/apache, make, make install (you can change /apache directory to diff where it will be installed)

Apache configuration

Post-installation you will have /var/www/html/ directory in which you should place your HTML pages which can be fetched from browser. httpd service will come to existence.

Read also : Let’s encrypt (free, open source) SSL configuration for Apache

If you keep files and directories in /var/www/html/ then its listing will be shown in a browser like this example we saw in another post. We will put below HTML file in /var/www/html/  for test :

# cat test.html
<html>
<body>
<h4>This webserver is installed by kerneltalks.com</h4>
</body>
</html>

Now once you make changes in the directory structure, restart httpd service. Verify httpd service is running and port 80 is listening.

# service httpd status
httpd (pid  27920) is running...

Now, try to fetch that page from browser. Use your server IP as website address i.e. http://IP/test.html

Testing webserver

You will be greeted with such a page! Your webserver is up and running. Accepting and serving requests from browsers.

Apache config files

Apache configuration file located at /etc/httpd/conf/httpd.conf In this configuration file you can set your error file path, SSL certificate path, SSL cert key file path, port, IP (virtual hosts), access log path, etc. There is a lot more customization that can be done using this file but I stated only general tweaking parameters.

Apache log files can be found at :

  1. /etc/httpd/logs/access_log: all access logs logged here.
  2. /etc/httpd/logs/error_log: All errors logged here. They also include start-stop service messages.

How to start / stop Apache webserver

To start Apache webserver

# service httpd start
# service apache2 start   #If you are running Apache2

To stop Apache webserver

# service httpd stop
# service apache2 stop   #If you are running Apache2

How to load Apache2 modules

One of the common issues found is when the PHP module is not loaded into Apache webserver, .php links on webserver will download files in the browser instead of displaying them. To correct this you need to load the PHP module in Apache.

To load PHP or any other module in Apache, you need to add it in file /etc/sysconfig/apache2 in below line :

APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout authn_core php5"

Here you can see we are loading the php5 module in our Apache2 webserver. Then you need to restart Apache2 webserver. Once done, check if the PHP module is loaded or not. Use command apache2ctl -M to check loaded modules in Apache.

How to list Apache modules in Linux

 # apache2ctl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 mpm_prefork_module (static)
 unixd_module (static)
 systemd_module (static)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_core_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dir_module (shared)
 env_module (shared)
 expires_module (shared)
 include_module (shared)
 log_config_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 socache_shmcb_module (shared)
 userdir_module (shared)
 reqtimeout_module (shared)
 authn_core_module (shared)
 php5_module (shared)

You can see our php5 module is loaded in Apache.

What is difference between Server Root and Document Root in Apache ?

Server root is where Apache executable binaries reside rather its an installation path for Apache. Whereas document root is where website pages reside i.e. from where webserver loads web pages. So, you can change Document Root if you don’t want to use default /srv/www/htdocs directory. You can change it to any directory where you keep your website pages.

List WWN of online FC in HPUX server

Leave a reply

List of commands to check WWN of online FC in the HPUX server. The article also includes a small script that can do this task in seconds!

WWN of online FC in HPUX

For FC connectivity to storage on the HPUX server, we must share the WWN of the online FC. Getting WWN is a three-step process :

Step 1:

Identify FC devices under ioscan output.

# ioscan -fnCfc
Class     I  H/W Path    Driver S/W State   H/W Type     Description
==================================================================
fc        0  2/0/10/1/0  fcd   CLAIMED     INTERFACE    HP AB379-60101 4Gb Dual Port PCI/PCI-X Fibre Channel Adapter (FC Port 1)
                        /dev/fcd0
fc        1  2/0/10/1/1  fcd   CLAIMED     INTERFACE    HP AB379-60101 4Gb Dual Port PCI/PCI-X Fibre Channel Adapter (FC Port 2)
                        /dev/fcd1
fc        2  2/0/12/1/0  fcd   CLAIMED     INTERFACE    HP AB379-60101 4Gb Dual Port PCI/PCI-X Fibre Channel Adapter (FC Port 1)
                        /dev/fcd2
fc        3  2/0/12/1/1  fcd   CLAIMED     INTERFACE    HP AB379-60101 4Gb Dual Port PCI/PCI-X Fibre Channel Adapter (FC Port 2)
                        /dev/fcd3

In above output, you can see /dev/fcd0 to 3 are FC devices.

Step 2:

Check which FCs are online i.e. have cable connectivity with fcmsutil output.

# fcmsutil /dev/fcd0

                           Vendor ID is = 0x1077
                           Device ID is = 0x2422
            PCI Sub-system Vendor ID is = 0x103C
                   PCI Sub-system ID is = 0x12D7
                               PCI Mode = PCI-X 133 MHz
                       ISP Code version = 5.4.0
                       ISP Chip version = 3
                               Topology = PTTOPT_FABRIC
                             Link Speed = 4Gb
                     Local N_Port_id is = 0x010300
                  Previous N_Port_id is = None
            N_Port Node World Wide Name = 0x50060b00006975ed
            N_Port Port World Wide Name = 0x50060b00006975ec
            Switch Port World Wide Name = 0x200300051e046c0f
            Switch Node World Wide Name = 0x100000051e046c0f
              N_Port Symbolic Port Name = server1_fcd0
              N_Port Symbolic Node Name = server1_HP-UX_B.11.31
                           Driver state = ONLINE
                       Hardware Path is = 2/0/10/1/0
                     Maximum Frame Size = 2048
         Driver-Firmware Dump Available = NO
         Driver-Firmware Dump Timestamp = N/A
                                   TYPE = PFC
                         NPIV Supported = YES
                         Driver Version = @(#) fcd B.11.31.1103 Dec  6 2010

Check the driver state in the above output (highlighted). If it’s ONLINE that means this FC has cable connectivity. If its Awaiting Link UP then it does not have cable connectivity.

Step 3:

If it’s online check its WWN by checking N_Port Port World Wide Name value! That’s it. So WWN of above FC is 0x50060b00006975ec.

I have compiled all the above steps in a single script that you can run and get the WWN of online FC in seconds.

First test script in test server. Run it on your own risk.

Sample output :

# sh test.sh

FC : /dev/fcd0
0x50060b00006975ec

FC : /dev/fcd2
0x50060b00006973c8

pvcreate error: Device /dev/xyz not found (or ignored by filtering).

2 Replies

Solution for pvcreate error:  Device /dev/xyz not found (or ignored by filtering). Troubleshooting steps and resolution for this error.

Solution for pvcreate error: Device /dev/xyz not found (or ignored by filtering).

Sometimes when adding new disk/LUN to Linux machine using pvcreate you may come across below error :

  Device /dev/xyz not found (or ignored by filtering).

# pvcreate /dev/sdb
  Device /dev/sdb not found (or ignored by filtering).

This is due to disk was used in different volume managers (possibly Linux own fdisk manager) and now you are trying to use it in LVM. To resolve this error, first, check if it has fdisk partitions using fdisk command :

# fdisk /dev/sdb

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): p

Disk /dev/sdb: 859.0 GB, 858993459200 bytes
255 heads, 63 sectors/track, 104433 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x62346fee6

    Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1      104433   838858041   83  Linux

In the above example, you can print the current partition table of the disk using p option under fdisk menu.

You can see there is one primary partition detected using fdisk. Because of this LVM command to initialize this disk (pvcreate) failed.

To resolve this you need to remove this partition and re-initialize disk in LVM.  To delete partition use d option under fdisk menu.

# fdisk /dev/sdb

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help):d
Selected partition 1

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

After issuing delete d command under fdisk menu, you need to write (w) changes on disk. This will remove your existing partition on the disk. Once again you can use print p option to make sure that there is no fdisk partition on the disk.

You can now use disk in LVM without any issue.

# pvcreate /dev/sdb
  Physical volume "/dev/sdb" successfully created

If this solution doesn’t work for you or there were no partitions on disk previously and still, if you get this error then you may want to look at your multipath configurations. The hint is to look at your verbose pvcreate output to check where it’s failing. Use pvcreate -vvv /dev/<name> command.

YUM cheat sheet

Leave a reply

All YUM related articles in one place! Helpful YUM cheat sheet to learn, understand, revise YUM related sysadmin tasks on a single page.

YUM cheat sheet

YUM is Yellow dog Updater Modified. Its a package management tool for RPM-based systems. It has below a list of features that make it must use for every sysadmin.

  1. Simple install, uninstall, upgrade operations for packages
  2. Automatic resolves software dependency while installing or upgrading
  3. Looks for more than one source for software (supports multiple repositories)
  4. Supports CLI and GUI
  5. Automatically detects architecture of the system and search for best-fit software version
  6. Works well with remote (network connectivity) and local (without network connectivity) repositories.

In this article, I am gathering all YUM related posts in one place so that you don’t have to search them through our site!

Package Operations

  1. How to install package
  2. How to upgrade package
  3. How to remove package

Configurations

  1. YUM server configuration
  2. YUM config basics
  3. Package naming conventions
  4. Configure internet proxy for YUM

Services

  1. Automatic scheduled package updates 
  2. Download only packages without installing

Miscellaneous

  1. How to check if package is installed