Sunday, September 28, 2014

RHEL / CentOS 6 - How to setup iscsi target and initiator ?

How to setup ISCSI Target?

Server Side

1) Install scsi-target-utils using yum

yum -y install scsi-target-utils

2) Edit iSCSI target configuration

vim /etc/tgt/targets.conf






initiator-address 192.168.56.102              ##Initiator IP/Name
incominguser myuser redhat                    ##Username = myuser and password = redhat

"iqn.2014-09.net.node1:server.target01" ##Can be anything

There are 2 types of storage devices:

backing-store - defines a virtual device on the target.

direct-store  - defines a direct mapped device with the same properties as the physical device (such as VENDOR_ID, SERIAL_NUM, etc.)

3) Start iSCSI target and on boot

service tgtd start

Start on boot

chkconfig tgtd on

4) Enable 3260 port at firewall

5) Check iSCSI target configuration

tgtadm --mode target --op show

6) Check if everything works as expected

tgt-admin -s


How to setup iSCSI initiator?

Client Side

1) Install iscsi-initiator-utils using yum

yum -y install iscsi-initiator-utils

2) Edit initiator configuration file

vim /etc/iscsi/initiatorname.iscsi

InitiatorName=iqn.2014-09.net.node1:san.initiator01
InitiatorAlias=node2

3) Edit iscsi client configuration /etc/iscsi/iscsid.conf

node.session.auth.authmethod = CHAP
node.session.auth.username = manoj
node.session.auth.password = redhat

4) Start iscsi client service

service iscsid start

5) Start iscsi client on boot

chkconfig iscsid on

6) Discovering targets in our iSCSI server

iscsiadm -m discovery -t st --portal Target-server-IP

7) Login with iSCSI LUN

iscsiadm -m node --targetname iqn.2014-09.net.node1:server.target01 --portal Target-Server-IP --login

8) Checking session status with the target

iscsiadm --mode session --op show

Thats it!!

Please do not forget to update with your feedback :-)

Friday, September 26, 2014

Encrypting Disks With LUKS (RHEL 6 / CentOS 6)

LUKs a concept used to encrypt disks for securing data. Partitions will not be accessible without decrypting that device with an defined PASSPHRASE

How to setup encrypted disks with LUKs?

1) Install LUKs utilities

yum -y install crypt*

2) Load dm_crypt module

modprobe dm_crypt

3) Add dm_crypt in system, so that after reboot this should be loaded

cat > /etc/sysconfig/modules/dm_crypt.modules
#!/bin/bash
modprobe dm_crypt

save and exit with  CTRL+D

chmod 755 /etc/sysconfig/modules/dm_crypt.modules

NOTE: dm_crypt.modules script created to loaod module


4) Lets say /dev/sdb is the disk to encrypt, First Create setup and format /dev/sdb with following command:

cryptsetup luksFormat /dev/sdb

This will ask for passphrase which will be used to decrypt/open this disk before using this disk

To mount or use /dev/sdb disk follow below given steps as at this point /dev/sdb will not be available to mount

5) Open LUKs disk/device by mapping/assigning an name, this will create and file/mapping in /dev/mapper

cryptsetup luksOpen /dev/sdb myluksdev_map

This will ask for passphrase to decrypt disk. Enter passphrase set in step number 4

NOTE : myluksdev_map given name can be anything as per your desire

6) As above command has opened/decrypted disk, now we can format with ext4

mkfs.ext4 /dev/mapper/myluksdev_map

7) Create an folder and mount /dev/sdb

mkdir /mnt/my_secret_dir

mount /dev/mapper/myluksdev_map /mnt/my_secret_dir

[Above /dev/mapper/myluksdev_map is name which is given at the time of opening/decrypting /dev/sdb device]

8) If we want to close encryption, have to follow given steps

umount /mnt/my_secret_dir
cryptsetup luksClose myluksdev_map

8) To make partition persistent or permanent after reboot we should add MOUNT entry in /etc/fstab but for mounting encrypted file system, we should decrypt disk/device. So, we should follow given steps to mount disks at the time of boot

    a) Create a file /etc/crypttab
    b) Update with given content

        MAPname         Device/path     ------------------- example

        In our case MAPname = myluksdev_map , Device Path = /dev/sdb

    c) Content should be

         cat /etc/crypttab
         myluksdev_map      /dev/sdb

   d) Now update /etc/fstab file with below content
 
       /dev/mapper/myluksdev_map                /mnt/my_secret_dir          ext4      defaults        0 0


Now reboot your server, this will ask for PASSPHRASE while mounting device /dev/mapper/myluksdev_map

To automatically unlock passphrase or avoiding asking password use below given steps:

    a) Create an file, lets say /root/cpasswd which will store password
       
         echo -n "password" > /root/cpasswd
         chmod 600 /root/cpasswd

   b) Now update /etc/crypttab like this

       MAPNAME         /DEVICE/PATH      /PASSWORD/FILE

       So, in our case this should be

       myluksdev_map     /dev/sdb           /root/cpasswd

Now try rebooting your server, this should not ask for password.

Thats it!!!

Please comment with your feedback :-)

Friday, September 19, 2014

Troubleshooting Kdump error "Memory for crashkernel is not reserved"

In case getting following error while starting kdump service

Memory for crashkernel is not reserved
Please reserve memory by passing "crashkernel=X@Y" parameter to the kernel

If your server is having more than 4GB of RAM then crashkernel=auto (in /etc/grub.conf line starting with kernel)will automatically Reserve memory else need to specify in following format:


crashkernel=0M-2G:128M,2G-6G:256M




If physical memory is 0MB to 2GB then 128MB of memory will be reserved
If physical memory is 2MB to 6GB then 256MB of memory will be reserved

Now REBOOT server for kdump changes to take effect (1st time after kdump installed, a new INITRD will be generated)

Thats it!!!

How To setup Kdump on Linux (Redhat/CentOS 6)?

1) Install kdump package using YUM

yum -y install kexec-tools

2) Once installed, check /etc/init.d/kdump file/service should be available

ls -l /etc/init.d/kdump

3) Enable kdump at boot

chkconfig kdump on

4) Reboot server for kdump to take effect (new initrd will be generated)

5) Once rebooted kdump status should be Operational

service kdump status

if it's not Operational check error with

service kdump restart/start

If error is "Memory for crashkernel is not reserved" follow given link

http://linuxtroubleshoot.blogspot.in/2014/09/troubleshooting-kdump-error-memory-for.html