About Me

My photo
Kalyan Kumar Pasupuleti B-Tech(Information Technology). • RedHat Certified Engineer(RHCE) • Directory Services and Authentication Certificate of Expertise(LDAP) • Red Hat SELinux Policy Administration Certificate of Expertise(SELinux) • Network Services Security Certificate of Expertise (Network Services) • RedHat Certified Virtualization Administrator(RHCVA) • Red Hat Certified Security Specialist (RHCSS) Working as Cloud DevOps engineer

Tuesday, September 6, 2011

Using KVM virtualization in the enterprise: RHEV or RHEL?

Red Hat Enterprise Linux and Red Hat Enterprise Virtualization both offer KVM virtualization, but there are important differences in their KVM management, features and implementation.

RHEL goes smallRed Hat Enterprise Linux (RHEL) is a generic Linux server product that relies on KVM virtualization. It consists of a Linux kernel and lots of packages, including the Apache Web server and the MySQL database, as well as some KVM management tools. With RHEL 6, you can install and manage a few virtual machines (VMs), but it doesn’t deliver the best performance or an optimal KVM management platform. Still, in very small environments, RHEL 6 gives you everything you need for open source virtualization.
Enterprise-ready KVM virtualization

If virtualization is a key component of your corporate IT infrastructure, you’ll need something that goes beyond merely managing a few VMs. For enterprise-level KVM virtualization, you need easy KVM management, high availability, optimal performance and other advanced features. Red Hat Enterprise Virtualization (RHEV) includes RHEV Manager (RHEV-M) -- a central KVM management platform for physical as well as virtual resources.
RHEV-M helps you manage VMs and their disk images, installation ISOs, high-availability settings, VM templates and more -- all from a graphical Web interface. You can also manage two types of hypervisors with RHEV-M. RHEV comes with a standalone bare-metal hypervisor that’s based on RHEL and KVM virtualization, to be used as a managed physical node. Alternatively, if you want to manage VMs running on RHEL from RHEV, you can register RHEL servers to the RHEV-M console.
RHEV 3.0 or RHEL 6?RHEL 6 is simply a Linux server that offers open source virtualization options, so you need RHEV to implement KVM virtualization in large corporate environments. 

RHEV 3.0, expected later this year, has a re-engineered core and is based on Java. In RHEV 3.0, you’ll find all the features of competing virtualization platforms such as VMware or Citrix XenServer. Plus, RHEV offers these functions for a fraction of the price.

Thursday, August 25, 2011

Static Route in Ubuntu. How To?

1. Login in the system with the system administrator privilege.
2. Open the network configuration file with a editor. I will be using “vi editor” in this case.
example : “vi /etc/network/interfaces
3. Go to last line and add your routing.
example “up route add -net netmask dev eth0
4. Save your changes and exit the editor.
5. Restart the network service with “/etc/init.d/networking restart
6. Verify your routing by sending “route” command.

Wednesday, August 24, 2011

What is the difference between Xen PV, Xen KVM and HVM?

Xen supported virtualization types
Xen supports running two different types of guests. Xen guests are often called as domUs (unprivileged domains). Both guest types (PV, HVM) can be used at the same time on a single Xen system.
Xen Paravirtualization (PV)
Paravirtualization is an efficient and lightweight virtualization technique introduced by Xen, later adopted also by other virtualization solutions. Paravirtualization doesn't require virtualization extensions from the host CPU. However paravirtualized guests require special kernel that is ported to run natively on Xen, so the guests are aware of the hypervisor and can run efficiently without emulation or virtual emulated hardware. Xen PV guest kernels exist for Linux, NetBSD, FreeBSD, OpenSolaris and Novell Netware operating systems.
PV guests don't have any kind of virtual emulated hardware, but graphical console is still possible using guest pvfb (paravirtual framebuffer). PV guest graphical console can be viewed using VNC client, or Redhat's virt-viewer. There's a separate VNC server in dom0 for each guest's PVFB.
Upstream kernel.org Linux kernels since Linux 2.6.24 include Xen PV guest (domU) support based on the Linux pvops framework, so every upstream Linux kernel can be automatically used as Xen PV guest kernel without any additional patches or modifications.
See XenParavirtOps wiki page for more information about Linux pvops Xen support.
Xen Full virtualization (HVM)
Fully virtualized aka HVM (Hardware Virtual Machine) guests require CPU virtualization extensions from the host CPU (Intel VT, AMD-V). Xen uses modified version of Qemu to emulate full PC hardware, including BIOS, IDE disk controller, VGA graphic adapter, USB controller, network adapter etc for HVM guests. CPU virtualization extensions are used to boost performance of the emulation. Fully virtualized guests don't require special kernel, so for example Windows operating systems can be used as Xen HVM guest. Fully virtualized guests are usually slower than paravirtualized guests, because of the required emulation.
To boost performance fully virtualized HVM guests can use special paravirtual device drivers to bypass the emulation for disk and network IO. Xen Windows HVM guests can use the opensource GPLPV drivers. See XenLinuxPVonHVMdrivers wiki page for more information about Xen PV-on-HVM drivers for Linux HVM guests.
KVM is not Xen at all, it is another technology, where KVM is a Linux native kernel module and not an additional kernel, like Xen. Which makes KVM a better design. the downside here is that KVM is newer than Xen, so it might be lacking some of the features.

How to disable USB port on linux server?

To disable USB port on the machine, you have to edit the file /etc/grub.conf
# vim /etc/grub.conf   (or) # vim /boot/grub/grub.conf

Then add the kernel parameter as follows

kernel /vlinuz ..... rhgb quiet nousb

Now reboot the system and check that  all your usb ports disabled.

how a linux command work internally?

You can use strace command to understanding how a linux command work internally. For example, to check on the ls command

strace is a system call monitor command and provides information about system calls made by an application, including the call arguments and return value.

# strace -c /bin/ls
anaconda-ks.cfg  Desktop  index.hml    install.log.syslog  samba-latest.tar.gz
as               file5    install.log  samba-3.5.9         vmware-tools-distrib
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
100.00    0.000039           1        27           mmap2
  0.00    0.000000           0        12           read
  0.00    0.000000           0         2           write
  0.00    0.000000           0        13           open
  0.00    0.000000           0        14           close
  0.00    0.000000           0         1           execve
  0.00    0.000000           0         2         1 access
  0.00    0.000000           0         3           brk
  0.00    0.000000           0         2           ioctl
  0.00    0.000000           0         4           munmap
  0.00    0.000000           0         1           uname
  0.00    0.000000           0         5           mprotect
  0.00    0.000000           0         2           rt_sigaction
  0.00    0.000000           0         1           rt_sigprocmask
  0.00    0.000000           0         1           getrlimit
  0.00    0.000000           0        13           fstat64
  0.00    0.000000           0         2           getdents64
  0.00    0.000000           0         1           fcntl64
  0.00    0.000000           0         1           futex
  0.00    0.000000           0         1           set_thread_area
  0.00    0.000000           0         1           set_tid_address
  0.00    0.000000           0         1           set_robust_list
------ ----------- ----------- --------- --------- ----------------
100.00    0.000039                   110         1 total

Thursday, April 28, 2011

Howto random background images in GDM3 - debian 6

Configure GDM3 to display random images from directory upon login screen.

A way to random background images in GDM3 - Debian 6. Should be applicable to other distributions, the only difference being configuration file paths.

If you know of a simpler approach please let us know.

PRECAUTION: I'm just a newbie customizing a family laptop, this may not work, or slow down or expose your system in ways i do not understand.
Follow procedure at your own risk.

1- Creating PostLogin bash script. #as root

cp /etc/gdm3/PostLogin/Default.sample /etc/gdm3/PostLogin/Default

2- Editing PostLogin bash script, this will take a random image from directory and make it the background image #as root

Add the following to /etc/gdm3/PostLogin/Default and adjust the path to point your images directory.
#change background image
file=`/bin/ls -1 "$dir" | sort --random-sort | head -1`
path=`readlink -f "$dir/$file"` # Converts to full path
cp $path /wherever/you/want/background.jpg

3- Create the background image and change permissions for all users to change background image when logging out.

touch /wherever/you/want/background.jpg
chmod 777 /wherever/you/want/background.jpg #do not know if this is necessary

4- Editing GDM3 configuration file #as root

edit /etc/gdm3/greeter.gconf-defaults

Uncomment the following line and change background image path

/desktop/gnome/background/picture_filename      /wherever/you/want/background.jpg

Optionally uncomment:
/desktop/gnome/background/picture_options       zoom

And adjust config file to your likings.

5- Restarting GDM3

invoke-rc.d gdm3 reload

/etc/init.d/gdm3 restart

Tweeting through Terminal (Ubuntu)

This is a short tutorial explaining how to post to Twitter using command-line in Linux, without needing to even open up your web browser.

First, install the curl package:

sudo apt-get install curl

Next, create a script anywhere in your $PATH, for example twitter.sh inside ~/bin, where ~ is your home directory (make sure ~/bin is included in your $PATHvariable, in case echo $PATH doesn't return it, edit~/.bashrc and add a line like this: export PATH=/home/USER/bin/:$PATH).

The script twitter.sh should contain the following:

curl -u USER:PASS -d status="$*" http://twitter.com/statuses/update.xml > /dev/null
echo "Message sent!"

Replace USER and PASS with your Twitter username and password, and then make the script executable:

chmod 755 ~/bin/twitter.sh

And now test it:

twitter.sh Hello, world! This is a test.

So just use it as:

twitter.sh YOUR MESSAGE


Wget is nice little piece of software that everyone should know. With it you can check site, download from FTP an entire collection of files or a photo gallery. Just open your terminal and these steps

GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.
GNU Wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, here are some interesting options.

All these commands must be used from linux terminal.

Basic use download a package knowing its http (or ftp) URL:

wget http://kernel.org/pub/linux/kernel/v2.6/patch-2.6.23.bz2

Using Wget for Recursive Downloads

wget -r http://my.site.todownload.com/

The -r command tells wget to recursively download everything from the listed url.

Using Wget for Recursive Downloads but limit the number of levels to 2

wget -r -l2 http://my.site.todownload.com/

Now the -r does the same as above the -l tells wget to limit to that
number of levels here 2 levels deep (otherwise the defualt is 5)

Using Wget for Recursive Downloads but limit the type of files you want to download

wget -r -A.pdf -R.htm http://my.site.todownload.com/

This one tells wget to do a recursive get and Accept all files with .pdf extension and reject all files with .htm extension

Using Wget for Recursive Downloads from a FTP with authentication

wget -r ftp://username:password@my.site/path/to/download

Here you tell wget to download from FTP with userid and password

Using Wget to check dead link on your site

wget spider -r -o log.txt http://yourdomain.com

In this example we tell Wget to act like a web spider (Wget will
behave as a Web spider, which means that it will not download the
pages, just check that they are there), and put results in the file
log.txt, so you can open it and search for a list of broken links.

Using Wget to download a photo gallery

for i in `seq -w 1 100`; do wget http://www.mysite.com/images/DSCF00$i.jpg; done

In this example we run a cycle that go from 1 to 100 and every time
download a different URL, really useful for quickly download a gallery
with no links.

Finally, I forgot to tell you that wget is also usable by Mac and Windows (requires Cygwin)

Wednesday, April 27, 2011

[How-To] Install yum on CentOS 4??

WARNING: According to eApps policy if you edit any system files manually, they might not support the changes you have made. Use at your own risk.

NOTE: If SQLite is installed in HSPc, do NOT uninstall it after having done this.

SSH into your VPS as root and follow these instructions.

Firstly, create a source directory to work from:

mkdir /usr/local/src/yum
cd /usr/local/src/yum

Then, download the following packages:

wget http://mirror.centos.org/centos/4/apt/i386/RPMS.os/python-urlgrabber-2.9.8-2.noarch.rpm
wget http://mirror.centos.org/centos/4/apt/i386/RPMS.os/python-sqlite-1.1.7-1.2.1.i386.rpm
wget http://mirror.centos.org/centos/4/apt/i386/RPMS.os/python-elementtree-1.2.6-5.el4.centos.i386.rpm
wget http://mirror.centos.org/centos/4/apt/i386/RPMS.os/python-urlgrabber-2.9.8-2.noarch.rpm
wget http://mirror.centos.org/centos/4/apt/i386/RPMS.os/yum-2.4.3-3.el4.centos.noarch.rpm
wget http://mirror.centos.org/centos/4/apt/i386/RPMS.os/sqlite-3.3.6-2.i386.rpm

Now install them:

rpm -Uvh *.rpm

Finally, update your system:

yum -u update

All done! Now if you want to install an application, just run:

yum -y install application

[OPTIONAL] You may also want to delete the source directory:

rm -rf /usr/local/src/yum

How to Install Firefox 4 in Fedora, RHEL and CentOS?

Mozilla Firefox 4 has finally been released after such a long development cycle, when compared to the development of the recent releases of Internet Explorer and Google Chrome.
For those who have been waiting all this time. It can be painful waiting for the new version of Firefox to show up on the default repositories.
Here is a way to install the new Firefox 4 without having to wait,

  • Backup Firefox Settings

  • Take a backup of your current Firefox user profile and settings. Even though it’s generally safe to skip this step, as the settings will stay on the computer even if your uninstall Firefox. It’s always better to be safe then sorry.
    tar cvzf firefox-backup.tar.gz ~/.mozilla

  • Install Third-Party Spot Repository

  • Install the Spot Repository. Third party repositories generally are updated faster then the default repositories. So sometimes third party repositories are needed if you wanted the latest software as soon as they are released.
    su -c 'wget http://repos.fedorapeople.org/repos/spot/firefox4/fedora-firefox4.repo -O /etc/yum.repos.d/fedora-firefox4.repo'

  • Remove Current Firefox Installation (Optional)

  • Remove your current Firefox installation. If you plan on having more then one Firefox installation then you can skip this step.
    su -c 'yum remove firefox'

  • Enable the Repository

  • The repository will need to be enabled before we can use it.
    su -c 'yum –enablerepo fedora-firefox4'

  • Install New Firefox 4

  • Install the new Firefox 4 package onto your system and enjoy!!
    su -c 'yum install firefox4'
    Screenshot-Firefox web browser - Mozilla Firefox 4

    Tuesday, April 19, 2011

    LDAP Basics

    Nowdays LDAP is used everywhere for Authentication or crucial information management purpose. In this Article I have tried to explain basics of LDAP and also OpenLDAP basic configuration. Please let me know your queries and comments on it. Thanks.

    LDAP & OpenLDAP

    LDAP - Lightweight Directory Access Protocol.
    OpenLDAP - Server which operates on LDAP for eg. Microsoft AD

    1. Stores & organize information in directory i.e. in hierarchical manner and provides access to it
    2. Eg. Domain Name System. DNS is a most successful implementation of Directory service over Internet

    Directory Structure -
    1. Directory service stores information in Directory Structure. The diagram of Directory structure is called Directory Information Tree.
    2. A Directory is a tree of Entries
    3. An entry is set of attributes
    4. An attribute is has a Name and one or more value
    5. Attributes are Defined in Schema
    6. Each entry has an Unique Identifier i.e. DN

    Five Major Characteristics of Directory Service -
    1. Higly optimized for reads
    2. Information can be stored in Distributed model
    3. Can extend types of information to be stored
    4. Replication
    5. Advance search capabilities

    Difference between Databases and Directory Services
     Many people ask that can we use Database instead of Directory Service

    SN                       Databases                                                 Directory Services

    1.    Information has more writes and reads            More reads only, very less writes
    2.   Transactions, rollbacks,                                    Transactions, rollbacks, write locks      write locks are more important                          are less important
    3.   More Overheads                                               Less Overheads

    What is LDAP ?
    1. Originally created by Tim Howes, Steve Kille and Wingyik Yeong in 1993. Later Tim & Steve improved it and started LDAPv3
    2. Application Protocol for reading & editing directories over an IP network
    3. LDAP is itself a Binary Protocol. Binary Protocol means, a protocol which is expected to read by machine than a human being.
    4. Lightweight Directory Access Protocol
    5. Lightweight in comparison with x.500 Directory Services

    LDAP vs X.500:
    Main difference in LDAP and X.500 is LDAP uses TCP stack and X.500 uses OSI stack. Thats the reason LDAP is lightweight.

    Uses of LDAP:
    • Machine Authentication
    • User/System Groups
    • User Resource Management
    • Address Book
    • Organization Representation
    • Assets Tracking
    • Telephony Information Store
    • Application Configuration Store

    Directory Information Tree:
    LDAP stores information in Directory Structure. Pictorial view of Directory Structure is called Directory Information Tree. See Below Figure:

                                                            dn: dc=example,dc=com

                                    |                                                                         |
                                    |                                                                         |
    dn: ou=groups,dc=example,dc=com                    dn:ou=people,dc=example,dc=com
                                                                      dn: cn=neelesh,ou=people,dc=example,dc=com

    Directory Structure: 
      • A Directory is a tree of Directory Entries
      • An Entry consists of a set of Attributes
      • An Attribute has a Name and one or more values.
      • The attributes are defined in Schemas
      • Each entry has unique Identifier i.e. DN, consists of RDN

    Please note that in our example we have used OpenLDAP as a LDAP server.
    Please visit www.openldap.org for more details.

    Features of OpenLDAP:
    1. It is open source
    2. Free to use
    3. Simple Authentication and Security Layer (SASL) support
    4. Access Control
    5. Implements LDAPv3

    Components of OpenLDAP:
    1. slapd - OpenLDAP server daemon
    2. slapd.conf  OpenLDAP configuration file
    3. Schemas - To define Attributes
    4. Libraries  Required to slapd. Normally they are under /usr/lib/ldap
    5. Backend - Banckend Database. We use BDB here. Located at /var/lib/ldap
    6. LDIF  LDAP Interchange Format. It is used for Importing and exporting information stored in Directory
    7. LDAPcleint  Used to connect LDAP server and operate it. Eg. ldapsearch, ldapadd, ldapdelete etc.

       1. LDAP server daemonBinary
      2. Normally located under /usr/sbin
      3. To invoke you can directly call slapd on bash prompt

         I have divided slapd.conf into 4 Parts
         1. Schema Inclusion
         2. Backend DB & Directory Specific
         3. Access Control
         4. Other

          1. Schemas are used to define Attributes
         2. It adds extendibility of LDAP
         3. We can customize or add schemas
         4. Generally Schema files are stored under /etc/ldap/schema

             Schema Files                                                   Description
           core.schema                          OpenLDAP core (required)
           cosine.schema                       Cosine and Internet X.500 (useful)
           inetorgperson.schema           InetOrgPerson (useful)
           misc.schema                          Assorted (experimental)
           nis.schema                             Network Information Services (FYI)
           openldap.schema                   OpenLDAP Project (experimental)

         Libraries or modules
         - Generally libraries are stored under /usr/lib/ldap
         - It adds functionality and makes OpenLDAP modular

         Backend DB

         - OpenLDAP uses mainly following 2 embedded databases to store information
                - BDB Berkely DB Transactional Backend
                - HDB Hierarchical variant of BDB
         - DB is stored under /var/lib/ldap

          - LDAP interchange format
         - Collection of entries separated by new line
         - Mapping attribute names to values
         - It is used to import or export information from LDAP directory

          - LDAP client is used to connect to LDAP server
         - You can add, edit, delete Directory entries

         Important Terminologies
         - Distinguished Name (DN) & Relative Distinguished Name (RDN)
           DN is like the absolute path between root of File System and file
           RDN is like Filename
           Entry ---- > dn: cn=admin,dc=example,dc=com
           In above entry
           DN is cn=admin,dc=example,dc=com
           RDN is cn=admin

          1. Attributes
             - Attributes are used to store the values
             - Attributes can be one or more values
             - Attributes are defined in Schema Files
             - In LDIF files, Declare Attribute by following way:
                   objectClass: organizationalUnit
             In above example objectClass is Attribute and organizationalUnit is value.

           2. objectClass Attributes
              - Compulsory attribute with atleast one value
              - It acts as a template for the data to be stored