EVEN MORE Fun with Server Core 2012 R2

And finally, to finish off my Windows Server Core 2012 R2, I install Cygwin!  Advice from the web says preemptively open port 22 for OpenSSHd.

netsh advfirewall firewall add rule name="SSHd" dir=in action=allow protocol=TCP localport=22

Now, download the Cygwin installer:

$client = new-object System.Net.WebClient

$client.DownloadFile( "http://www.cygwin.com/setup-x86_64.exe","c:\windows\temp\setup-x86_64.exe" )

Now, run the installer:

c:\windows\temp\setup-x86_64.exe

Don't forget to configure OpenSShd (in Cygwin Bash):

$ ssh-host-config -y
$ cygrunsrv -S sshd
$ ssh-keygen -t rsa

Assuming you added lots of nice Cygwin utilities, you now have a very useful server.  ;-)

More Fun with Windows Server Core 2012 R2

SCONFIG Follow-Up

In my earlier post on using SCONFIG, I mentioned needing to be able to do a few other things from the command line before I could stay immersed in Windows Server Core 2012 R2.  Namely, adding disks and formatting them.  I recently covered that here and here.  There's a couple of other things: Firewall Rules (viewing and setting), mapping network drives (turns out the old "net use" is by far the easiest way for that) and turning off IPv6.

Firewall rules definitely rates its own post.  Mapping drives is trivial as long as they allow you to use the old "net use"command.  Slightly less trivial with Powershell.  Honestly, I would only use the PS way if i was programming something (or it MS took away "net use"command in a future release).  So that leaves IPv6 for this post.  Here's how to disable that: First you have to find the name (alias) of your Ethernet card.  After that, you can display it's settings.

PS C:\Windows\system32> Get-NetAdapter

Name                      InterfaceDescription                    ifIndex Status       MacAddress             LinkSpeed
----                      --------------------                    ------- ------       ----------             ---------
Ethernet 5                Citrix PV Network Adapter #2                 20 Up           BE-EF-B0-1D-FA-CE         1 Gbps
Ethernet 8                Citrix PV Network Adapter #0                 23 Up           FE-ED-BA-5E-BA-11         1 Gbps


PS C:\Windows\system32> Get-NetAdapterBinding -InterfaceAlias "Ethernet 8" | Select-Object Name,DisplayName,ComponentID

Name                                    DisplayName                             ComponentID
----                                    -----------                             -----------
Ethernet 8                              Link-Layer Topology Discovery Responder ms_rspndr
Ethernet 8                              Link-Layer Topology Discovery Mapper... ms_lltdio
Ethernet 8                              Microsoft Network Adapter Multiplexo... ms_implat
Ethernet 8                              Client for Microsoft Networks           ms_msclient
Ethernet 8                              QoS Packet Scheduler                    ms_pacer
Ethernet 8                              File and Printer Sharing for Microso... ms_server
Ethernet 8                              Internet Protocol Version 6 (TCP/IPv6)  ms_tcpip6
Ethernet 8                              Internet Protocol Version 4 (TCP/IPv4)  ms_tcpip 

Now, just disable IPv6...

PS C:\Windows\system32> Disable-NetAdapterBinding -InterfaceAlias "Ethernet 8" -ComponentID ms_tcpip6

And -  TA-DAHH!  That's it.

iSCSI with Powershell and Hyper-V on Windows Core 2012 R2

I found a great link for working with iSCSI drives from Powershell.  The first thing you have to do is turn on iSCSI:

PS C:\Windows\system32> Set-Service -Name MSiSCSI -StartupType Automatic
PS C:\Windows\system32> Start-Service MsiSCSI

Next, tell Windows Server Core where your SAN resides:

PS C:\Windows\system32> New-IscsiTargetPortal -TargetPortalAddress 192.168.12.34
0
 
 
InitiatorInstanceName  :
InitiatorPortalAddress :
IsDataDigest           : False
IsHeaderDigest         : False
TargetPortalAddress    : 192.168.12.34
TargetPortalPortNumber : 3260
PSComputerName         :

I would have thought at this point it would know the iSCSI share but it did not.  Had to run this command:

PS C:\Windows\system32> $target = Get-IscsiTarget
PS C:\Windows\system32> print $target.NodeAddress
Can't find file iqn.2003-06.com.equallogic:0-bf1bf6-56acce3eb-fd0030124795492f-testvol1
PS C:\Windows\system32> Connect-IscsiTarget -NodeAddress $target.NodeAddress

You just need the above TWO commands in black.  I ran the line in red to see what it was looking at (making certain of the IQN before proceeding).  The Connect-IscsiTarget command responds with this:

AuthenticationType      : NONE
InitiatorInstanceName   : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress    : iqn.1991-05.com.microsoft:testsrv.example.com
InitiatorPortalAddress  : 0.0.0.0
InitiatorSideIdentifier : 412341375678
IsConnected             : True
IsDataDigest            : False
IsDiscovered            : True
IsHeaderDigest          : False
IsPersistent            : False
NumberOfConnections     : 1
SessionIdentifier       : ffffe000cd87c020-4012313700056702
TargetNodeAddress       : iqn.2003-06.com.equallogic:0-bf1bf6-56acce3eb-fd00301...-testvol1                      TargetSideIdentifier    : 4f00
PSComputerName          :

Testing the iSCSI session...

PS C:\Windows\system32> Get-IscsiConnection


ConnectionIdentifier : feffe060cd87c029-1
InitiatorAddress     : 0.0.0.0
InitiatorPortNumber  : 15552
TargetAddress        : 192.168.12.34
TargetPortNumber     : 3260
PSComputerName       :

Looks good so you permanently register it (you don't want your iSCSI volumes disappearing after a reboot after all this).

PS C:\Windows\system32> Get-IscsiSession | Register-IscsiSession

Now, check to see if you have a iSCSI session:

PS C:\Windows\system32> get-IscsiSession


AuthenticationType      : NONE
InitiatorInstanceName   : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress    : iqn.1991-05.com.microsoft:testsrv.example.com
InitiatorPortalAddress  : 0.0.0.0
InitiatorSideIdentifier : 400301370020
IsConnected             : True
IsDataDigest            : False
IsDiscovered            : True
IsHeaderDigest          : False
IsPersistent            : True
NumberOfConnections     : 1
SessionIdentifier       : bfbfe030cd87c020-400201370020d002
TargetNodeAddress       : iqn.2001-05.com.equallogic:0-af1bf6-66acce3eb-fd02300
                          24795492f-testvol1
TargetSideIdentifier    : 4f00
PSComputerName          :

Looking good.  Now check your drives again:

PS C:\Windows\system32> get-disk

Number Friendly Name                            Operationa Total Size Partition
                                                lStatus                Style
------ -------------                            ---------- ---------- ---------
0      XENSRC PVDISK SCSI Disk Device           Online          88 GB MBR
1      XENSRC PVDISK SCSI Disk Device           Online          40 GB MBR
2      EQLOGIC 100E-00 SCSI Disk Device         Online       77.01 GB RAW

You can see the Dell Equalogic SAN volume has been added as disk number 2.
Now you just need to format the disk and give it a drive letter:

PS C:\Windows\system32> Get-Disk | Where partitionstyle -eq 'raw' | Initialize-D
isk -PartitionStyle MBR -PassThru | New-Partition -AssignDriveLetter -UseMaximum
Size | Format-Volume -FileSystem NTFS -NewFileSystemLabel "iDisk3" -Confirm:$fal
se

DriveLetter FileSystemL FileSystem  DriveType  HealthStat SizeRemain       Size
            abel                               us                ing
----------- ----------- ----------  ---------  ---------- ----------       ----
F           iDisk3      NTFS        Fixed      Healthy      76.91 GB      77 GB

Remember: Get-Disk | Where partitionstyle -eq 'raw' is CRUCIAL if you do not want to initialize a disk with data on it already.

That's it.  You've added an iSCSI drive from the command line.
 

Hard Disks with PowerShell

The other day, I needed to extend a Hyper-V iSCSI disk store (after increasing the size on the SAN).  I didn't know how.  One of our consultants used DISKPART - oh yeah - forgot that from NT 3.51 (or perhaps earlier).  I was using PowerShell's Get-Disk but wasn't able to go much further.  So I mocked up a VM to play with.  I added a drive and formatted it (after looking at the Hey, Scripting Guy! blog).

  PS  C:\Windows\system32> Get-Disk | Where partitionstyle -eq 'raw' | Initialize-Disk -PartitionStyle MBR -PassThru |New-Partition -AssignDriveLetter -UseMaximumSize |Format-Volume -FileSystem NTFS -NewFileSystemLabel "disk2" -Confirm:$false

You can run most of the commandlets between the pipes as individual commands (not sure that makes it any easier).

Anyway, once I had my test drive, it was time to expand it.  I halted the system and then made the changes in Citrix XenCenter.  After restarting, I checked to see that the drive was now 40GB instead of 25GB.  HOWEVER, this is misleading.  Although the DRIVE is now 40GB, the partition being used is still only 25GB.

PS C:\Windows\system32> Get-Partition -DiskNumber 1

Disk Number: 1

PartitionNumber DriveLetter  Offset       Size Type
--------------- -----------  ---------    ---- ----
1               E            1048576     25 GB IFS

To expand the disk, I had hoped there was a simple "MaxSize" but instead I found this:

PS C:\> $size = (Get-PartitionSupportedSize –DiskNumber 1 –PartitionNumber 1)

PS C:\> Resize-Partition -DiskNumber 1 –PartitionNumber 1 -Size $size.SizeMax

Ta-dahh!  Sadly, DISKPART is easier.  But, for the PowerShell purists, running Windows Core 2012 R2, this does the trick.

When your VM gets stuck in suspended mode in Red Hat KVM...

I needed to re-do my network interfaces in KVM - make more bridged Ethernet connection for the VMs to use.  I totally forgot that I had a guest VM running as I began my reboot.  "Suspending SSB2" it says as I panic suddenly realizing what I had done.  It's ok - I've done this before I quickly remember.  It does a great job of automatically suspending and resuming UNLESS YOU JUST HAPPEN TO CHOSE THAT REBOOT TO SCREW UP THE NETWORK CONFIGURATION.

So, it reboots and networking is goofed.  I quickly see what I did, fix and reboot again.  This time it's ok but the SSB2 VM does not start.  I try to start it manually and get the message:

libvirtError: error creating macvtap type of interface: Device or resource busy

Whatever that means.  (It actually means I tried to un-suspend but couldn't talk to the iSCSI network so we're leaving it in limbo).  I google and google and find a lot of folks in the same boat.  They came up with some very iffy and convoluted solutions involving editing multiple XML files, etc.  I follow the threads to the bottom of each.  None of them seem quite right.

New to KVM, I try clonging the non-startable SSB2 and succeed.  It boots and works (requires a lot of network changes, but oh well).

Still not satisfied I see mention of "/var/lib/libvirt/qemu/save/rhel.save"  (it's ssb2.save in my case).  Again some very complicated procedures involving editing multiple XML files, etc. with no guaranteed results by the author.

Since I have a working clone, I figure "What the heck!  I'll just delete "/var/lib/libvirt/qemu/save/ssb2.save" and try starting.  It worked!  -Except for one snag - I already had an exact doppleganger running.  It locked up my virt-manager and the server hard.  After, rebooting all was well.

This worked for me.  On a TEST system.  Use at your own risk.

Fun with Windows Server Core 2012 R2

As a Unix/Linux admin, I find administering Windows servers boring and tedious.  Until now.  With Server Core 2012, you get Powershell pre-installed.  Some of the windowish apps, still launch little windows (e.g. Xen Tools) but for the most part, I find I can deploy servers much more quickly simply by using SCONFIG.  To me, this is much quicker than hovering a mouse all over trying to find where they've hidden the thing you need now (seems to change in every version).

This isn't Windows Server Core, but you get the idea.  The menus are pretty self explanatory.  I find configuring a system with this much quicker!  All I needed was a command line disk utility (which has been around a long time I know).  Brushing up on the commands, I was able to quickly deploy a new disk.  I will post the command line version of iSCSI when that comes up (soon, I'm sure).

Again, all pretty straight forward.  This looks a little more complicated than the GUI but I'll bet if I raced someone, they would not be able to find the utility, right click, etc. etc. as quickly.

Although this isn't showing it off much, I am really loving the power of Powershell.  I like how all of my Unix commands like ls and cat are already aliased (I used to have to make a ls.bat and cat.bat, etc.).  With Windows Server Core 2012 R2's command line utilities, and powerful shell, I might actually start to enjoy this OS again.  It's becoming more Unix-like everyday - and that's a good thing (for me anyway).

Netbackup Ports

Note to self: After installing the Netbackup client, don't forget to open ports 1556 and 13724 in the firewall.

Simple Things

Having a Red Hat 6 install with no GUI, and little else, made installing Netbackup clients from CDROM rather problematic.  No definition for the CDROM drive was in /etc/fstab so "mount /dev/cdrom" wasn't going to work.  Running "fdisk -l" did not show a CDROM and scanning and grepping dmesg revealed no clues.  Then I found this command:

# wodim --devices

That worked (after running "yum install wodim").  Handy command!

SELinux and CentOS 6 with Special Guest: BackupPC

I was trying to tighten things back up on the BackupPC after getting it running.  SELinux is a pain - but I like to have it running on all systems.  I had two BackupPC installs - one on a CentOS 5 server and one a CentOS 6 server.  You would think the latter would be the easiest - but not so!  

For the most part, I just used this blog article BackupPC on CentOS 5 (selinux fix) but I had a few issues between the two servers so I'm documenting that.

CentOS5

CentOS 5 didn't have the semodule command.  So...

# yum install selinux*

And then create a source policy module...

# grep httpd /var/log/audit/audit.log | audit2allow -m backuppc > backuppc.te

And then build the policy module...

# grep httpd /var/log/audit/audit.log | audit2allow -M backuppc

And finally, install the module...

# semodule -i backuppc.pp

After that, I turned on SELinux=enforcing at the command line and edited the /etc/selinux/conf to default to enforcing.

# setenforce 1
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

CentOS 6

CentOS 6 also needed to have all of the SELinux tools installed (I think).  However, when I tried the exact same things as above, the semodule command gave an error:

     Tried to link in a non-MLS module with an MLS base

After some searching I found that I needed to run system-config-selinux which is a GUI (no system-config-selinux-tui I could find).

# system-config-selinux

Here, I was expecting to see MLS instead of targeted.  Not sure why, but it was already toggled to the correct setting.  (So why does it think it's MLS?)  So, I checked the box to "Relabel on next reboot" and rebooted.  I was a little afraid of this because it said it could take a long time if you had a large filesystem and this had already used about 23% of 3TB.  It was probably done well under 20 minutes (by the time I tried it again) and it worked!

 

iSCSI LVM Red Hat/CEntOS/Oracle Linux

Today I learned a couple of important things about LVMs on iSCSI.  First, a silly one - pvcreate against a slice (or partition - sorry, my Sun Solaris is showing) - NOT against a disk.  That is, /dev/sda1 NOT /dev/sda.  I coulda swore you could use the disk and LVM would take care of the details.  Again, probably thinking of ZFS and Sun Solaris.

The other really important things is you MUST use _netdev in place of defaults in the /etc/fstab.  For example:

   /dev/mapper/vg_oracle-lv_u01 /u01 ext4 _netdev  0 0

This is a serious gotcha!  If you don't do this, the device disappears from /dev/mapper.  Pretty unnerving!  

The other cool thing I picked up was, if you lose the /dev/mapper device, you can get it back (assuming you tinkered with iscsi restarts a bit) simply by issuing the command "vgchange -ay".  That was a neat trick and prompted this blog post.

That is all.