Jaime Frutos Morales's blog

29/01/2010

How to reduce a logical volume in GNU/Linux using LVM

Filed under: Linux, SysAdmin — acidborg @ 14:01

Description: previously, on this post, I explain how to extend a logical volume using LVM. Now, I’m going to explain how to reduce it without data loss (if you aren’t using all the available space, of course). In this example, I’m going to reduce a logical volume called logical_volume1 belonging to the volume group volume_group1 to 85 Gb of disk space. It’s mounted on /mnt/logical_volume1 .

Steps:

  1. Umount the logical volume: umount /mnt/logical_volume1
  2. Make a backup of the logical volume
  3. Check the filesystem integrity: fsck -f -y -v /dev/volume_group1/logical_volume1
  4. Resize the filesystem to something smaller than the final size (around 80GB in this case): resize2fs /dev/volume_group1/logical_volume1 80000M
  5. Check the filesystem integrity again: fsck -f -y -v /dev/volume_group1/logical_volume1
  6. Reduce the logical volume: lvreduce -L 85G /dev/volume_group1/logical_volume1
  7. Resize the filesystem to fit the logical volume: resize2fs /dev/volume_group1/logical_volume1
  8. Check the filesystem to know whether the reduction went fine: fsck -f -y -v /dev/volume_group1/logical_volume1
  9. Mount the logical volume: mount /mnt/logical_volume1

NOTE: if you aren’t careful with the disk space you are using and the final disk space you are going to be using, this operation can cause data loss. I recommend to backup the logical volume before the reduction and to use around 5GB of “safe space” while reducing the filesystem in order to avoid data loss.

Advertisements

27/01/2010

How to backup a logical volume (snapshots) using LVM

Filed under: Linux, SysAdmin — acidborg @ 11:19

Description: a snapshot is a copy of the state of a logical volume at a particular point. It’s created almost immediately, so it’s very useful to backup large logical volumes. In this example, I’m going to create a snapshot of a logical volume called logical_volume1 beloging to the volume group volume_group1.

Steps:

  1. Check the size of the logical volume (LV Size): lvdisplay /dev/volume_group1/logical_volume1
    --- Logical volume ---
    LV Name /dev/volume_group1/logical_volume1
    VG Name volume_group1
    LV UUID AxihqP-Yt8l-5scY-bXNG-Bn5D-K3ms-X7v1Ys
    LV Write Access read/write
    LV Status available
    # open 1
    LV Size 200,00 GB
    Current LE 6400
    Segments 2
    Allocation inherit
    Read ahead sectors auto
    - currently set to 256
    Block device 253:5

    Usually, snapshots are smaller than the original logical volume, but I recommend to use at least the same space.

  2. Create the snapshot: lvcreate -L200G -s -n backup_logical_volume1 /dev/volume_group1/logical_volume1
  3. The -s param tells lvcreate to create a snapshot instead of a normal logical volume.

25/01/2010

How to extend a logical volume in GNU/Linux using LVM

Filed under: Linux, SysAdmin — acidborg @ 13:54

Description: if you have created a logical volume (maybe following my previous post) and you want to increase its size (if you have enough physical space, of course), LVM can do that easily. In this example, I’m going to extend a logical volume called /dev/volume_group1/logical_volume1 mounted on /mnt/logical_volume1 adding 50GB of disk space which are available in the volume group volume_group1.

Steps:

  1. Unmount the logical volume if it’s mounted: umount /mnt/logical_volume1
  2. Extend the logical volume with 50GB: lvextend -L +50G /dev/volume_group1/logical_volume1
  3. Check the volume group: e2fsck -f /dev/volume_group1/logical_volume1
  4. Resize the filesystem on the logical volume (ext3 in this case): resize2fs /dev/volume_group1/logical_volume1
  5. Mount the logical volume again: mount /mnt/logical_volume1

Extending a logical volume it’s a safe operation which doesn’t involve much downtime. This is one of the many advantages of using LVM to manage disk storage.

21/01/2010

How to configure a network bridge in Debian / Ubuntu

Filed under: Linux, SysAdmin, Ubuntu — acidborg @ 12:23

Description: Following yesterday’s post, today I’m going to explain how to do the same in a Debian / Ubuntu system.

Installation:

Install the packages needed: apt-get install bridge-utils

Configuration:


  • Edit /etc/network/interfaces and replace your eth1 config with this:

    auto eth1
    iface eth1 inet manual

    auto br0
    iface br0 inet static
    address 192.168.1.100
    network 192.168.1.0
    netmask 255.255.255.0
    broadcast 192.168.1.255
    gateway 192.168.1.1
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0

  • Restart your network interfaces: /etc/init.d/networking restart

20/01/2010

How to configure a network bridge in Red Hat / Fedora

Filed under: Linux, SysAdmin — acidborg @ 14:20

Description: a network bridge is a forwarding technique very useful when you have to deal with virtualization and you want to give your virtual machines direct access to your real network, without using NAT.

In this example, I’m going to use a bridge (br0) to access a wired network interface (eth1). I use eth1 for the bridge instead of eth0 because I prefer to use the first network interface to access the machine using SSH and fix any problems that could appear while configuring the bridge.

Installation:

Use yum to install the packages needed: yum install bridge-utils

Configuration:

  • Edit /etc/sysconfig/network-scripts/ifcfg-eth1 and write this (changing the HWADDR for the MAC address of your network card):

    DEVICE=eth1
    HWADDR=00:11:22:33:44:55
    ONBOOT=yes
    BRIDGE=br0
  • Edit /etc/sysconfig/network-scripts/ifcfg-br0 with this content (change the IP related fields to fit your needs):

    DEVICE=br0
    TYPE=Bridge
    ONBOOT=yes
    DELAY=0
    BOOTPROTO=static
    BROADCAST=192.168.1.255
    IPADDR=192.168.1.100
    NETMASK=255.255.255.0
    NETWORK=192.168.1.0
    GATEWAY=192.168.1.1
  • Add these lines to /etc/sysctl.conf in order to disable packet filtering in the bridge:

    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    net.bridge.bridge-nf-call-arptables = 0

    This improves the bridge’s performance. I recommend to use packet filtering in the computers which connect through the bridge, but not in the bridge itself.

  • Apply the syscttl changes: sysctl -p /etc/sysctl.conf
  • Restart your network interfaces: service network restart

19/01/2010

How to create logical volumes in GNU/Linux with LVM

Filed under: Linux, SysAdmin — acidborg @ 17:58

This is a quick introduction to LVM configuration in GNU/Linux systems. LVM is a logical volume manager for the Linux kernel. I won’t explain the theory behind this technology in this post because it is well documented in Wikipedia. This post tries to be just a starting point for newcomers and a reminder for the rest.

1. Change partition label

Partitions which are going to be used by LVM must be labelled “Linux LVM”. To check partition table: fdisk -l

Device Boot Start End Blocks Id System
/dev/sda1 * 1 1550 20480000 83 Linux
/dev/sda2 1551 1806 2047984 82 Linux swap
/dev/sda3 1531 140013 274458624 83 Linux

To change a partition label: fdisk /dev/disk (sequence in this example: fdisk /dev/sda and then t, 3, 8e, w ) .

Device Boot Start End Blocks Id System
/dev/sda1 * 1 1275 10240000 83 Linux
/dev/sda2 1276 1530 2047984 82 Linux swap
/dev/sda3 1531 140013 274458624 8e Linux LVM

Restart to apply the changes to the partition table( shutdown -r now ) or use partprobe ( partprobe /dev/sda )

2. Creating physical volumes (PVs)

Physical volumes (which can be either hard disks, hard disk partitions or LUNs of an external storage device) are the basic units of storage for LVM. To create PVs, use pvcreate [partition,hd or lun] . For example, to create a PV from /dev/sda3: pvcreate /dev/sda3

3. Creating a volume groups (VG)

Once PVs are created, at least one volume group (VG) must be defined to use this PVs. A Volume Group is formed by one or more PVs and it abstracts the location of the storage space. To create a VG use: vgcreate vg_name PV1 [PV2 ... PVn]. Following the previous example, to create a VG which includes the PV /dev/sda3 use: vgcreate vg1 /dev/sda3 .

4. Creating logical volumes (LVs)

Once we have defined a VG, we can divide its storage space into logical volumes (LVs), which are partitions of a VG. To create a LV, use: lvcreate -Lsize -n lv_name vg_name. In our example, to create a LV of 50GB, we use this command: lvcreate -L50G -n lv1 vg1

5. Format LVs

We have already created all the infrastructure needed by LVM, but we have to format the LVs in order to use them. For example, to give EXT3 format to our recently created LV, we use the following command: mkfs.ext3 /dev/vg1/lv1

6. Mount LVs

The last thing to do before reading or writing to our brand new LVs is mounting it, so use mount to do it. For example: mkdir /mnt/test && mount -t ext3 /dev/vg1/lv1 /mnt/test

16/01/2010

Book review: ModSecurity 2.5 by Magnus Mischel

Filed under: Books, Security, SysAdmin — acidborg @ 14:41

ModSecurity 2.5 by Magnus Mischel

As a GNU/Linux systems administrator, I manage Apache servers and their configurations on a daily basis, so being capable of getting the best from them is essential on my daily work. That’s why any additional knowledge on the subject helps to make my work easier and more efficient. That is where ModSecurity 2.5 by Magnus Mischel comes to scene. Although I have already installed and configured mod_security on several Apache servers, I have learned a lot from this book and I strongly recommend to read it if you are a web server admin or you are interested in web-based attacks and how to protect your servers from them.

ModSecurity 2.5 by Magnus Mischel introduces one of the most powerful Apache’s modules: mod_security. It is a web application firewall designed as an Apache module. It provides protection from a lot of web-based attacks and it monitors and logs your HTTP traffic. This book explains how to secure your Apache installation and web applications using mod_security. It is targeted to web servers admins, mainly in GNU/Linux environments, with some experience with SQL. Although programming knowledge is not required, knowing shell scripting, Perl and/or PHP will make following the book easier. Web security knowledge is not required as all security concepts and attacks are in-depth explained through the book. No prior regular expressions knowledge is required as they are widely explained on many chapters and there is an appendix dedicated to them.

Before reading this book, I was thinking “A book on such a specialized topic must be hard to follow and understand”. How wrong I was. In fact, it is one of the best written technical books I have ever read. The author explains each topic step-by-step but in-depth, so you can learn new things easily through all the book both by the explanations and the real-life examples it shows. After reading it, you will be able to create your own customized mod_security rules, understand a lot of web-based attacks, know how to protect from them using mod_security and, last but not least, improve your regular expressions skills.

My favourite part of the book is Chapter 6 (“Blocking common attacks”) because it introduces many web-based attacks, how to prevent them and how to protect your servers from them in just a few minutes with real-life examples and screenshots. Chapter 2 (“Writing rules”) is very nice and well explained too, but I prefer real examples over theory (you can’t blame me, I’m a Sysadmin). On the other hand, The only chapter I don’t like as much as the others is the last one (“Protecting a web application”) because it picks up a web application (YaBB) and explains in-depth how to generate the proper rules to protect it. I understand that this has to be read as a real world example, but I think it’s very focused on the application and it’s hard to follow this example if you have never used YaBB before.

In conclusion, I think this is a “must-have” book if you usually deal with web servers. I enjoyed reading it a lot and I have learned many things that mod_security can do that I wasn’t aware of. I strongly recommend it to all web servers admins out there. You can download a sample chapter (Chapter 3 – Performance) here. Check the book’s table of contents to find out what the rest of the chapters are about.

You can also buy the book from Packt Publishing if you want.

NOTE: I was contacted by Packt Publishing to review this book and they send me a free copy to do it. I would like to thank them for giving me this opportunity.

Create a free website or blog at WordPress.com.