Tag Archives: SL

Scientific Linux 6 – Basic Setup

Not allowing root to log in

By default sshd is running on SL6 and you can ssh in with ‘root’.

Probably a good idea to change this in /etc/ssh/sshd_config

permitrootlogin no

But first, create a user that can log in.

useradd mart
passwd mart

Then you can change sshd_config and ‘service sshd reload’.

Then you can ssh in and either hit’ su -‘ to get root access.
Or, if you hit ‘visudo’ and add your user. You can later just type ‘sudo bash’ to get a root bash shell.

Firewall

iptables -L to view the firewall setup, note that there is a ‘virbr0’ interface that has forwarding rules. This is probably for NAT or bridging for potential virtual machines, and was probably created when we chose ‘Virtual Host’ as the role for the system.
iptables-save : another view that may be easier to understand. This you can put in ‘file’ and then hit iptables-restore < file.

Slow before you get the login prompt while ssh-ing?

To see what is happening, ssh in with ‘ssh -v ip’.
In my case I saw

 debug1: An invalid name was supplied
Cannot determine real for numeric host address

A little googling showed me that this is because your machine doesn’t have a name lookup for that IP. So go ahead and add one in /etc/hosts and then it will be fast.

Notice that your ssh stops working after a while? Doesn’t accept input?

If so, add this to your ~/.ssh/config file:

Host *
   ServerAliveInterval 60

Make sure there is at least a space on the second line. I have three :p
You can change the * to a specific domain if you do not want to do this on all your boxes.
If the file doesn’t exist, create it.

Run sshd on a second port.

  1. Edit /etc/ssh/sshd_config
  2. Add a line saying: Port 6666
  3. look in /etc/hosts.allow (any entries? good)
  4. iptables-save > ~/fwrules
  5. vi fwrules
  6. copy the –dport 22 line and paste a new one above the -j REJECT lines (vi commands: yy and P)
  7. change the 22 to 6666 (vi commands: x for delete, R for replace mode. :wq! to save and quit)
  8. iptables-restore < ~/fwrules
  9. /etc/init.d/sshd restart

If you want you can hit: iptables -L or iptables-save.
These will also show the current iptables rules.
See ip6tables for IPv6 rules.

Now the port is running on another non-standard port (you could set it to whatever you want, as long as it’s lower then 65536 and preferably higher than 1024). This might be good for security reasons. You could still have port 22 open for access from your internal network (see adding a -s ip.add.r.ess on the row in the iptables rules) and the other one accessible from the internet or maybe even a specific network / address on the internet for even more security.

Install Scientific Linux 6 in VMWare Workstation

Time for some more Linux testing.

The reason for this is because I think I will go ahead and try to study for the RHCSA – Red Hat Certified System Administrator. Work might send me to a course in December, probably wise to play around with it before this.

So here we go.

Scientific Linux (SL) is a free clone of Red Hat Enterprise Linux (RHEL). Historically it’s been updated faster than CentOS. It’s same as Enterprise Linux (EL) – it’s re-compiled from source.

New VM, \SL-61-x86_64-2011-07-27-Install-DVD.iso, RHEL6 64-bit. 1 Core, 2G RAM, NAT, LSI Logic, New virtual disk, SCSI, 20G. Then boot the VM.

SL.org has this in pictures.

First thing you see is the Grub menu:

  1. Install or Upgrade
  2. Install with basic video driver
  3. Rescue
  4. Boot from local drive
  5. Memtest (I like that memtest is pretty standard now)

Chose 1. Next screen is a graphical interface where you click and write, so you need keyboard/mouse. Next screen asks if you want local disks or external storage (fc, iSCSI, or zFCP – for system Z). Hostname: SL1.localdomain.

Create disks. Custom/full size. xfs/encryption/lvm cannot be used for boot volumes.

Role: Virtual Host (I want to try KVM). Enabling SL 6.1 and SL 6.1 Security Updates repositories.

Pinging to something on the Intertubes work from the start.

More posts coming with more fun stuff :)

HEPIX Spring 2011 – Day 3

Day 3 woop!

An evaluation of gluster: uses distributed metadata, so no bottleneck that comes with a metadata server, can or will do do some replication/snapshot.

Virtualization of mass storage (tapes). Using IBM’s TSM (Tivoli Storage Manager) and ERMM. Where ERMM manages the libraries, so that TSM only sees the link to the ERMM. No need to set up specific paths from each agent to each tape drive in each library.
They were also using Oracle/SUN’s T10000c tape drives that goes all the way up to 5TB – which is quite far ahead of LTO consortium’s LTO-5 that only goes to 1.5/3TB per tape. Some talk about buffered tape marks which speeds up tape operations significantly.

Lustre success story at GSI. They have 105 servers that provide 1.2PB of storage and max throughput seen is 160Gb/s. Some problems with

Adaptec 5401 – boots longer than entire linux. Not very nice to administrate. Controller complains about high temps – and missing fans of non-existing enclosures. Filter out e-mails with level “ERROR” and look at the ones with “WARNING” instead.

Benchmarking storage with trace/replay. Using strace (comes default with most Unixes) to record some operations and the ioreplay to replay them. Proven to give very similar workloads. Especially great for when you have special applications.

IPv6 – running out of IPv4 addresses, when/will there be sites that are IPv6? Maybe if a new one comes up? What to do? Maybe collect/share IPv4 addresses?

Presentations about the evolve needed of two data centers to accomodate requirements of more resource/computing power.

Implementing ITIL with Service-Now (SNOW) at CERN.

Scientific Linux presentation. Live CD can be found here:

www.livecd.ethz.ch. They might port NFS 4.1 that comes with Linux Kernel 2.6.38 to work with SL5. There aren’t many differences between RHEL and SL but in SL there is a tool called Revisor, which can be used to create your own linux distributions/CDs quite easily.

 

Errata is a term – this means security fixes.

Dinner later today!

 

Next Days:
Day 5
Day 4

Previous Days:
Day 2
Day 1