Monday, September 24, 2007

PowerPath Kernel Updates

I do the following when updating the kernel of a RHEL system that uses PowerPath to HBA mount a Clariion.
  1. Prepare system to be rebooted without the SAN
    When the system is rebooted with the new kernel the SAN won't be there so make sure you don't try to use it:
    • Stop any processes that uses the HBA mounted LUNs and remove their startup scripts from /etc/rc*.d for after the reboot.
    • Umount any HBA LUNs and then comment out their entries in /etc/fstab
  2. Install your new kernel
    Explicitly tell up2date to get your new kernel. E.g.: 
     up2date -i kernel-hugemem
    You might need to do an up2date --configure and set pkgSkipList (option 20 from the list) to an empty string. You might wish to undue this step later so that you don't get a new kernel with each up2date (otherwise you might have to follow these steps again when you're not ready).
  3. Update PowerPath for the new Kernel 
     rpm -Uvh --replacepkgs EMCpower.LINUX-5.0.0-157.rhel.i386.rpm
    After doing the above PowerPath should start without a emcpmpx module error. Note that you might need the x86_64 RPM. The RPM comes from EMCpower.LINUX.*.tar.gz.
  4. Undo what you did in step 1 (in reverse order) and reboot.

Of course if I was really cool I would just use the Free software MPIO instead of PowerPath.

Posted by John at 2:32 PM 0 comments

Thursday, September 20, 2007

ssh agent

My users asked about how to use ssh-agent so I sent them this:

1. Start the SSH agent 

workstation:~$ eval `ssh-agent`
Agent pid 26147
workstation:~$
Note that the above is a back-tick, not a single quote. It should be on the upper-left of a standard PC keyboard. If you try this and get: 
Could not open a connection to your authentication agent.
then your session is not running under the ssh-agent. You can get around this by restarting a new shell under the agent by running: 
exec ssh-agent bash
2. Make the agent aware of your key (and type passphrase): 
workstation:~$ ssh-add
Enter passphrase for /home/me/.ssh/id_rsa:
Identity added: /home/me/.ssh/id_rsa (/home/me/.ssh/id_rsa)
workstation:~$
3. Confirm it has your key: 
workstation:~$ ssh-add -l
2048 9b:fe:23:ed:9a:ff:be:ed:1d:b7:26:28:c9:68:b5:62
/home/me/.ssh/id_rsa (RSA)
workstation:~$
4. SSH to server1 and forward your key: 
workstation:~$ ssh -AX server1
Last login: Thu May 31 11:58:34 2007 from workstation.domain.tld
[server1 ~]$
(note: it didn't prompt for a password since the agent cached the key)

5. SSH from server1 to server3 

[server1 ~]$ ssh -AX server3
The authenticity of host 'server3 (123.456.789.45)' can't be established.
RSA key fingerprint is 6b:9d:98:60:36:8e:ef:d3:ea:90:0e:a8:cb:25:b2:90.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server3,123.456.789.45' (RSA) to the list of
known hosts.
Last login: Wed May 30 17:42:33 2007 from workstation.domain.tld
[server3 ~]$
6. Create a file on server3 
[server3 ~]$ echo "foo" > foo.txt
[server3 ~]$
7. Logout back to server1: 
[server3 ~]$ exit
Connection to server3 closed.
[server1 ~]$
8. scp the file you left on server3 back to server1: 
[server1 ~]$ scp server3:/home/me/foo.txt .
foo.txt                                     100%    4     0.0KB/s   00:00
[server1 ~]$
9. Logout on server1 and see that the agent still running on your PC: 
workstation:~$ ssh-add -l
2048 9b:fe:32:ed:9a:ee:fb:ea:1f:3b:22:83:9c:86:b5:62
/home/me/.ssh/id_rsa (RSA)
workstation:~$
10. Remove the key when your done working: 
workstation:~$ ssh-add -d ~/.ssh/id_rsa
Identity removed: /home/me/.ssh/id_rsa (/home/me/.ssh/id_rsa.pub)
workstation:~$
11. Verify it's no longer cached: 
workstation:~$ ssh-add -l
The agent has no identities.
workstation:~$
12. Figure out the agent's PID and stop it: You were told the PID in step one but if you don't remember it you can find it: 
workstation:~$ ps ax | grep 26147
26147 ?        Ss     0:00 ssh-agent
workstation:~$
and then kill that PID: 
workstation:~$ kill 26147
workstation:~$
You can then make sure that the agent has died: 
workstation:~$ ps ax | grep 26147
workstation:~$
These last few steps are important. Especially if you're done working and going to be away from your desk.
Posted by John at 1:54 PM 0 comments

Thursday, September 13, 2007

GPG for the Masses

FireGPG tweaks Firefox so that you can highlight text and then right click to choose to de/en-crypt that text. I'm curious about the same thing but integrated with an operating system's file browser so that you could right click on the icon for a file and then choose to produce a .gpg version of that file or produce a decrypted version without the .gpg. I think this would help the average user get more comfortable GPG.
Posted by John at 5:29 PM 0 comments

Friday, September 7, 2007

TWM

I'm considering going back to twm. Small means fast and dependable. I also love green on black and this lugu.org screenshot inspires me given all of the focus on bloated eye candy:
Posted by John at 9:10 AM 0 comments

Tuesday, September 4, 2007

Huge Memory Kernel

Remember kids!

If 'uname -i' returns x86_64 and you have 16G or more of RAM (supposedly up to a tebibyte), then you don't need a special kernel.

If 'uname -i' returns i386 and you have between 16G or more of RAM, then you need to install a huge memory kernel (on RedHat "up2date -i kernel-hugemem").

Posted by John at 2:59 PM 0 comments
Subscribe to: Posts (Atom)