Enable ftps in vsftpd.

To enable ftps on my CentOS 5 server I first needed to create a self-signed certificate:

# cd /etc/pki/tls/certs
# make vsftpd.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > vsftpd.pem ; \
echo “” >> vsftpd.pem ; \
cat $PEM2 >> vsftpd.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
……….++++++
………………..++++++
writing new private key to ‘/tmp/openssl.R27560’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:Country
State or Province Name (full name) [Berkshire]:State
Locality Name (eg, city) [Newbury]:City
Organization Name (eg, company) [My Company Ltd]:Company
Organizational Unit Name (eg, section) []:Department
Common Name (eg, your name or your server’s hostname) []:Servername
Email Address []:Emailaddress

Copy the newly created certificate to /etc/vsftpd:

# cp -p vsftpd.pem /etc/vsftpd/

Add the following to the vsftpd.conf file:

# vi /etc/vsftpd/vsftpd.conf

ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem

Note: As is above, this will not allow non-anoymous users to use plain ftp. They will have to use ftps. To change this behavior, add the following to your vsftpd.conf:

force_local_data_ssl=NO

Then, restart/start vsftpd:

service vsftpd restart

Note: This worked fine from WinSCP and SmartFTP, but Filezilla gives me the following:
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server

Mounting / as writeable from single user mode.

Say you happened remove a disk from your RHEL/CentOS/Fedora system and left the entry to mount a partition in the fstab and rebooted. Well, you end up at a prompt for your root password and dropped into single user mode to resolve the problem before the system can boot up. I used to be able to just mount the root partition writeable by using any number of commands including “mount /” or “mount -rw /”. However, somewhere along the line that changed and those commands would not mount the filesystem as writeable. To workaround the issue, I previously used a distribution rescue disk or booted the distribution disk into rescue mode. Then, I would edit the fstab from rescue mode:

I usually chrooted the system disk:

chroot /mnt/sysimage

And then to make the changes:

vi /etc/fstab

I knew there had to be a better, more efficient way to do this, but just never took the time to figure out what is was, until now.

If you find yourself in similar situation, and need to edit a file or make some other changes to the filesystem from single user mode, this will do the trick:

mount -w -o remount /

Then, you can edit the fstab that you forgot to before carelessly removing that hard drive.

Windows 7 – Desktop icon resize

Picked up a not so obvious way to modify the Desktop icon size on a Windows 7 machine.

Hold down the control key, and use the wheel on the mouse to change them to the desired size. I am not really sure how you would do this on a laptop, but my guess is that you would drag your finger up or down the trackpad while holding down the control key.

More ESXi 4.1 Tech Mode commands

Today, I found myself in the awkward position of having to figure out how to bring my newly upgraded ( ESXi 4.1 to 4.1 Update 1 ) host out of Maintenance Mode using Tech Mode commands, because I did not realize that I had to upgrade the vSphere client. It was even worse, because I thought I could download the new client from the ESXi server itself (http://esxi-hostnam). Instead, the ESXi host just provides a link to the VMware site. Ooopps. My LAN DNS servers are running on the same physical host, due to lack of funding. So, this little adventure forced me to discover a few more commands to manage an ESXi host from the Tech mode command line.

First off is a command that will tell you more information than you possibly ever want to know about your ESXi host. This command will spew out hundreds of lines of information about the host.

vim-cmd hostsvc/hostsummary

I highly recommend using grep to find the information you need. For instance, I used the following command to determine whether the host was in Maintenance Mode:

vim-cmd hostsvc/hostsummary | grep -i main
inMaintenanceMode = false,

To put the host into Maintenance Mode:

vim-cmd hostsvc/maintenance_mode_enter

To take the host out of Maintenance Mode:

vim-cmd hostsvc/maintenance_mode_exit

I have written about this command before, but it seems appropriate to list it here. To display all guests:

vim-cmd vmsvc/getallvms

You can also use the following command to get a “summary” of a guest:

# vim-cmd vmsvc/get.summary 160

Again, I recommend using grep, because you get a lot of output.

# vim-cmd vmsvc/get.summary 160 | grep -i name
guestFullName = ,
hostName = ,
name = “White2”,
vmPathName = “[1TBVolume] White2/White2.vmx”,
guestFullName = “Microsoft Windows Vista (32-bit)”,

Or:

# vim-cmd vmsvc/get.summary 272 | grep -i state
runtimeState = (vim.vm.DeviceRuntimeInfo.VirtualEthernetCardRuntimeState) {
connectionState = “connected”,
powerState = “poweredOff”,
faultToleranceState = “notConfigured”,
recordReplayState = “inactive”,

getallvms will display the Vmids of all the guests. You will need these to power on your guests from Tech Mode. The following command will display whether a guest is power on or not:

# vim-cmd vmsvc/power.getstate 160
Retrieved runtime info
Powered off

Finally, to power on a guest using the Vmid from getallvms command:

# vim-cmd vmsvc/power.on 272
Powering on VM:

Furthermore, here is how you can add a new configuration from Tech Mode:

vim-cmd solo/registervm pathtovmxconfigurationfile

To remove a configuration:

vim-cmd vmsvc/unregister Vmid

To check the version:

vmware -v

Update to ESXi 4.1 U1 from ESXi 4.1.

Download software from VMware (The zip update file.).

Put update zip file on ESX server. I created an update directory in my datastore1 directory. I use scp from the ESXi host with Tech Support Mode enabled.

Put the host in Maintenance Mode via the vSphere Client (right mouse click on the host).

esxupdate –bundle zipfile update

Reboot

Update your vSphere client, if needed by browsing to your ESXi server name (http://esxi-host).

Take out of maintenance mode via vSphere Client.

Boot guests.

Repairing disk errors in CentOS.

I started getting the following errors every night when the /var partition backed up on one of my CentOS 5 servers.

DUMP: read error from /dev/sda5: Input/output error: [block 4125240, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [block 4125252, ext2blk 0]: count=515656
DUMP: read error from /dev/sda5: Input/output error: [sector 4125240, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [sector 4125252, ext2blk 0]: count=515656
DUMP: read error from /dev/sda5: Input/output error: [sector 4125241, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [sector 4125253, ext2blk 0]: count=515656
DUMP: read error from /dev/sda5: Input/output error: [sector 4125242, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [sector 4125254, ext2blk 0]: count=515656
DUMP: read error from /dev/sda5: Input/output error: [sector 4125243, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [sector 4125255, ext2blk 0]: count=515656
DUMP: read error from /dev/sda5: Input/output error: [sector 4125244, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [sector 4125245, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [sector 4125246, ext2blk 0]: count=515655
DUMP: read error from /dev/sda5: Input/output error: [sector 4125247, ext2blk 0]: count=515655

Also, I found the following kinds of message in the messages file:

May 7 02:34:37 white1 kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
May 7 02:34:37 white1 kernel: ata1.00: BMDMA stat 0x24
May 7 02:34:37 white1 kernel: ata1.00: cmd c8/00:50:ea:9f:03/00:00:00:00:00/e3 tag 0 dma 40960 in
May 7 02:34:37 white1 kernel: res 51/40:00:08:a0:03/00:00:00:00:00/03 Emask 0x9 (media error)
May 7 02:34:37 white1 kernel: ata1.00: status: { DRDY ERR }
May 7 02:34:37 white1 kernel: ata1.00: error: { UNC }
May 7 02:34:37 white1 kernel: ata1.00: configured for UDMA/133
May 7 02:34:37 white1 kernel: ata1: EH complete
May 7 02:34:40 white1 kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
May 7 02:34:40 white1 kernel: ata1.00: BMDMA stat 0x24
May 7 02:34:40 white1 kernel: ata1.00: cmd c8/00:50:ea:9f:03/00:00:00:00:00/e3 tag 0 dma 40960 in
May 7 02:34:40 white1 kernel: res 51/40:00:08:a0:03/00:00:00:00:00/03 Emask 0x9 (media error)
May 7 02:34:40 white1 kernel: ata1.00: status: { DRDY ERR }

From single user mode with /var dismounted, I ran the following:

# e2fsck -c /dev/sda5

I wish I had kept the output, but I know I accepted the defaults ( “Y” ) for all the prompts or which their were a couple. After it completed, I ran dump that completed without error. We will see how it goes from here. According to the man page, any bad blocks found using this command are added to the bad block inode so that they are used by any files or directories.

CentOS/RHEL/Fedora/Ubuntu: scan for SCSI hardware changes.

To scan all SCSI buses for hardware changes enter the following:

echo “- – -” >/sys/class/scsi_host/host0/scan # “dash space dash space dash space”

I did this on CentOS 5 to discover a new disk I added, but did not want to reboot the server.

Note: You might have to use one of the other host directories. In Ubuntu, I had to use host2 before the drive would show up.

To capture DHCP vendor-class-identifier in linux.

On a linux DHCP server, you can add the following linke to dhcpd.conf file to display the vendor-class-identifier of DHCP clients:

set vendor-string = option vendor-class-identifier;

I added this towards the top of my configuration in both version 3 and version 4 DHCP server installations. I did notice that not all clients report the information back. For instance, some Wyse clients. You find the information in the dhcpd.leases database file on the server.

MSA1000 Brocade SAN Switch commands

I have fumbled around long enough trying to remember these commands at various points in my career, so I decided to write down a few of the commands needed to create a SAN zone and enable a config.

alicreate “aliasname “, “WWID

zonecreate “zonename”, “aliasname; aliasname; etc”

cfgcreate “configname“, “zonename1; zonename2; etc“)

cfgsave “cfgname

cfgenable “cfgname

Commands to show information configured above:

alishow
zoneshow
cfgshow
switchshow

Windows 2003/2008 shutdown command

Because I never remember the syntax for 2003 and later:

Reboot:
shutdown /r /c “comment” /t time

Shutdown:
shutdown /s /c “comment” /t time

Add a /m computername to reboot/shutdown a remote server.

Return top

INFORMATION