SvennD

rocks stuck at choose language

19 August, 2018

While updating our network on the Rocks Cluster, the nodes had to reinstall (this is default protocol). Now however the nodes got stuck during PXE (over the net automatic installation) on the setting of the language.

install language Centos

a screen like this (source).

This is annoying as it would mean connect a screen and a keyboard to every node to install. This however is an indication that something is wrong all together, however finding what proved a little bit tricky, that’s why I share it here.

To find if you face the same issue, execute :

sudo -u apache /opt/rocks/bin/rocks list host profile compute-0-0

This will show the configuration the node pulled from the head-node.  In my case it looked like :

Traceback (most recent call last):
  File "/opt/rocks/bin/rocks", line 301, in <module>
    command.runWrapper(name, args[i:])
  File 
"/opt/rocks/lib/python2.6/site-packages/rocks/commands/__init__.py", 
line 2194, in runWrapper
    self.run(self._params, self._args)
  File 
"/opt/rocks/lib/python2.6/site-packages/rocks/commands/list/host/profile/__init__.py", 
line 301, in run
    for host in self.getHostnames(args):
  File 
"/opt/rocks/lib/python2.6/site-packages/rocks/commands/__init__.py", 
line 773, in getHostnames
    min,max = self.db.fetchone()
TypeError: 'NoneType' object is not iterable

While this should be a large XML file structure like. After allot of extensive google skills (and this 2013 topic) I found out that a simple MySQL update had dropped the root password out of the global configuration, this can be found :

/opt/rocks/etc/my.cnf

a update, generally saves it here :

/opt/rocks/etc/my.cnf.rpmsave

it should look like this :

[mysqld]
user            = rocksdb
port            = 40000
socket          = /var/opt/rocks/mysql/mysql.sock
datadir         = /var/opt/rocks/mysql

[client]
user            = rocksdb
port            = 40000
socket          = /var/opt/rocks/mysql/mysql.sock
password        = <password>

You don’t have to restart the MySQL or the service, just let the node reboot and it will install properly 🙂

Good luck

Linux, SysAdmin

SNMP forwarding on Rocks Cluster

13 August, 2018

Rocks distro is a cluster system. It comes with SNMP configured out of the box. It is polled using Ganglia. Which is working nicely, but I like to have all SNMP data in my favorite SNMP system, LibreNMS. Changing the SNMP configuration to be able to poll from LibreNMS should be a rather straight forward process, however those nodes have no connection to the public network. They have a private VLAN to talk to the head-node and a private VLAN to communicate with the storage array. So to get the SNMP data to Librenms we will have to get crafty with Iptables to get this data to LibreNMS on the public net.

forward snmp from 161 to 3161

Configuration

First let’s check the /etc/snmp/snmpd.conf file from the Rocks installation :

com2sec        notConfigUser   default         public
group  notConfigGroup  v1              notConfigUser
group  notConfigGroup  v2c             notConfigUser
view    all             included        .1             80

access  notConfigGroup  "" any noauth exact all all all

This config is a bit complex and I figure I won’t go back, so I commented it. I decided not to remove it completely, since I don’t want to break the possibility to go back to Ganglia should it be an important system in Rocks. (note : it’s not) I added :

# this create a  SNMPv1/SNMPv2c community named "my_servers"
# and restricts access to LAN adresses 192.168.0.0/16 (last two 0's are ranges)
rocommunity my_servers <our_public_net>/16
rocommunity my_servers 10.1.0.0/16

# setup info
syscontact  "svennD"

# open up
agentAddress  udp:161

# run as
agentuser  root

# dont log connection from UDP:
dontLogTCPWrappersConnects yes

Important here is, that I added two IP ranges, I’m not sure if the private VLAN (10.1.0.0/16) is even required, but since traffic is going over those devices I just added it.

Next thing is setting up the Iptables on the head-node. Since Rocks is already pretty protective (good !) I had to add an extra rule to even allow SNMP polling from the device :

-A INPUT -p udp -m udp --dport 161 -j ACCEPT

Allow the head-node to be polled by LibreNMS by accepting incoming UDP packets over port 161.

To receive packets send from the node on port 161 to the head-node, but forward this to port 3161 externally to LibreNMS (circumventing most known ports and the REJECT rule in Rocks for port 1-1023.) can be done with prerouting rule :

-A PREROUTING -i eth1 -p udp -m udp --dport 3161 -j DNAT --to-destination 10.1.255.244:161
-A POSTROUTING -o eth1 -j MASQUERADE

Note : 10.1.255.244 is the private IP of the node.

So from now on packets should come in, this can be checked using tcpdump, which came in handy during the debugging of this project : (on the node)

tcpdump 'port 161'

To be able to let snmpd answer we needed the information to be forwarded on the head-node, this can be done with a forward rule :

-A FORWARD -d 10.1.255.244/32 -p udp -m udp --dport 161 -m state --state NEW,RELATED,ESTABLISHED -j

note : again 10.1.255.244 is the ip of the node.

Surprisingly the node was unable to answer to the incoming requests. This was due to the fact that, the default route (route -n) was pointing towards one of the storage servers. To add a default gateway we can add it using route :

route add default gw 10.1.1.1 eth0

note : 10.1.1.1 is the private VLAN ip of the head-node.

Conclusion

Bam! LibreNMS can talk to the node using the public IP of the head-node on port 3161 and to the head-node on port 161. One issue that remains unsolved is on reboot, this setup is lost. Rocks by default will reinstall nodes that reboot. This can be resolved by adapting the configurations on Rocks and rebuild the distribution (rocks create distro). However this is rather advanced and (IMHO) difficult to debug. So I did not use that system for this project. Another problem is that its rather work-intense to add all the configuration to all the nodes. (this is only for a single node) This can be resolved most easily using scripts and using rocks run host to execute bits on all the nodes. I decided that I only want one node to be polled as a sample. I already track opengridscheduler using an extend on the head-node. So this is mostly for debugging. Good luck !

Linux, SysAdmin

vzquota : (error) quota file is corrupted, Proxmox 3.4

10 August, 2018

Oh noes, while starting a container, it failed cause of a corrupt quota file…

Starting container ...
vzquota : (error) quota file is corrupted
vzquota on failed [4]
TASK ERROR: command 'vzctl start 114' failed: exit code 60

The fix is to remove it and rebuild it (this takes a long time, depending on the size of the container)

# this failed
vzquota off 114

# delete the quota
quota drop 114

We can rebuild the quota using vzquota but that is done automatically if you restart the container :

# vzctl start 114
Starting container ...
Initializing quota ...

The vzquota currently running is : (for reference)

/usr/sbin/vzquota init 114 -b 8388608100 -B 9227468900 -i 1600000100 -I 1760000100 -p /data/private/114 -e 0 -n 0 -s 0

Sit back and relax, cause this will take time.

Linux, SysAdmin

rpc.statd is not running but is required for remote locking. Centos 6

9 August, 2018

Got this error :

mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: an incorrect mount option was specified

You forgot the rpcbind service !

yum install rpcbind
service rpcbind start
chkconfig rpcbind on

Glad to help 😉

Linux, SysAdmin

Mount NFS on LXC Proxmox

8 August, 2018

I’m a long time user of Proxmox (a few years), and recently I had the chance to upgrade an by-now ancient Proxmox 3.4 to current 5.2. In that time frame the developers have changed from OpenVZ to LXC and made a script to migrate the data. One key element however, mounting (remote) NFS shares are no longer possible from within the containers, at least not native.

Within the container the error is rather lacking information and is pointing towards the NFS server issue.

Aug  8 09:09:51 svennd mount: mount.nfs: access denied by server while mounting nfs_server:/data

However, on the Proxmox host, in /var/log/messages you can find that apparmor is the problem.

apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/storage/nfs_server/data/" pid=25086 comm="mount.nfs" fstype="nfs" srcname="nfs_server:/data" flags="ro, noatime"

It seems this is a feature .

Well now, lets try and undo this security feature, in my case the profile that is causing it to block is lxc-container-default-cgns. You can find this file : /etc/apparmor.d/lxc/lxc-default-cgns Also some other configs can be found there (not sure when what profile is loaded) I added :

mount fstype=rpc_pipefs,
mount fstype=nfs,

below mount fstype=cgroup -> /sys/fs/cgroup/**, resulting in this final file :

# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>

  # the container may never be allowed to mount devpts.  If it does, it
  # will remount the host's devpts.  We could allow it to do it with
  # the newinstance option (but, right now, we don't).
  deny mount fstype=devpts,
  mount fstype=cgroup -> /sys/fs/cgroup/**,
  mount fstype=rpc_pipefs,
  mount fstype=nfs,
}

After that we need to reload Apparmor, I’m not sure what made it work again, but it was one of these :

apparmor_parser -r /etc/apparmor.d/lxc-containers
systemctl apparmor reload

And now we can mount from within once more ! 🙂

There is an alternative, but from what I read here you need to remap user ID’s, and need to use mountpoints on the host and draw them inside the container.

Linux, proxmox, SysAdmin

Proxmox config directory & files

6 August, 2018

A small list for important Proxmox files & directories.

For LXC (Linux containers) :

config: /var/lib/lxc/$ct_id/config

For KVM (Kernel-based Virtual Machine, mostly Windows machines)

config: /etc/pve/qemu-server/$kvm_id.conf

Cluster files (if you use Proxmox cluster)

per node configuration : /etc/pve/nodes/$node_name/*

Location of the ISO files that can then be loaded from the web interface :

/var/lib/vz/template/iso/
proxmox, SysAdmin

Increase upload size for Nginx, php-fpm and WordPress

17 June, 2018

In order to increase the size of files you can upload in WordPress, we need to adapt the software powering the software.

Let’s begin with PHP, I use Nginx + php-fpm to run PHP, so I need to edit

/etc/php.ini

on line 799, upload_max_filesize determines the maximum allowed size a PHP file will accept for upload.

upload_max_filesize = 2M

This should not be to big, but a few megabytes will work just fine. I increased this to 10M (~10MB)

After that its time to update Nginx to allow larger upload body’s, this I already had an error documented in the past. So in short :

/etc/nginx/nginx.conf

add after the

http {

# increase upload size to 10MB
client_max_body_size 10M;

Once that is done, just restart Nginx and php-fpm.

systemctl restart nginx
systemctl restart php-fpm

And voila

Linux, SysAdmin

The power of find commands

14 June, 2018

Some powerful and or useful find commands; As with anything on the web, test before running ! (I forget the syntax so this is mainly self-documenting)

 

 

Find all *.tsv larger 1Mb, compress them with the super fast lz4 on high compression and remove the source file after this.

find . -name "*.tsv" -size +1M -exec lz4 -9 --rm '{}' \;

In the same line; compress all files ending with *.fastq and gzip them, also they cannot end with *.gz (in this case redundant but its an extra safety)

find . -type f -name "*.fastq" ! -name '*.gz' -exec gzip "{}" \;

 

Recursive remove all directory’s matching the name *.tsv.index in a rm or echo single command. This makes it possible to easily swap out rm for echo as a test.

find . -type d -name "*.tsv.index" -exec echo {} +
find . -type d -name "*.tsv.index" -exec rm -rf {} +

A combination of a few commands, calculate the storage use from all files size larger then 1M, with no hardlinks, ending with *.tsv.

find . -name "*.tsv" -size +1M -links 1 -print0 | du -hc | tail -n 1

(edit: might not work as intended)

find . -name "log_jobs" -exec du -hc {} +

 

Find files, that are newer then 5 minutes :

find . -type f -mmin -5

and older :

find . -type f -mmin +5

Hard links are nice, but also a (enter curse-word) to track, luckily we have find to locate it :

find /data -samefile file.txt -xdev

This would find all the files that are exactly the same as file.txt (so only hard links, no soft links or copy’s) considering hard links can only be in one file system its logical to add -xdev which tells find not to enter other file-systems since hard links can not be across file-systems. If you are also looking for soft links remove -xdev and add -L

Generate a md5sum for every file in this current directory except files “mylog.log” and “md5.lst”.

find . -type f ! -name "mylog.log" ! -name "md5.lst" -exec md5sum "{}" + > md5.lst

 

A quick and dirty way to find directories (=experiments) that have been made in the last 90 days, sorted on date (removing hard linked .save dirs) This is a sort.

find . -maxdepth 1 -name "*_machine_ID_*" -type d -ctime -90 | grep -v .save | sort -t_ -k 2

 

Ignore certain files, can be done using ! -name “*file” for example. This finds all directories starting with 17, and not ending with .save (hard link for us) and shows the size of those directories.

find . -maxdepth 1 -name "17*" ! -name "*.save" -type d -exec du -hs '{}' +

 

Linux, SysAdmin

Windows : irremovable folder, no longer located in D drive

8 June, 2018

I could not remove this folder in Windows. It gave an error that is was not there anymore … uh-oh … corruption ? I checked the disk using the windows utility but the disk seemed fine (raid was a-OK).

To my surprise the only solution was to go to the windows console / command prompt and remove the directory directly from there. So Windows is becoming more like Linux, I like it !

The command to be used is rd :

rd /S \\?\D:\arch_micro_data\svennd\data\2015

rd stands for remove directory, the /S is the flag for recursively remove the tree.

After running this command, and accepting the removal, bloop, directory was gone.

What the \\? means I have not found, but the solution came from spiceworks.

SysAdmin

ZFS : Unknown parameter `zil_slog_limit’

1 June, 2018

sleep and sysadmin

This is the tale of caution, when sleep deprived, sysadmin with caution! Let’s be honest who never said : lets finish this game, let’s have another drink, I will sleep when dead, … (enter sleepless night excuse here) ? Last night for me I was on a coding spree, when a thunderstorm broke, I was like, whoa its already too late, let’s take my camera and try and take some thunder shots. (it failed) It ended up being a very short 5h night.

Fast forward to the next morning. There was a planned power-down at work but UPS’s (Uninterruptible Power Supply) should take the heat if not extended due to circumstances. We had prepared for this situation two weeks prior, when it was cancelled. So I was pretty sure my task would be to sit there and say, good work team!

It was a 7 minute blackout, butter smooth, we planned for 15m ! After the planned boot procedure all was up and running in no time. With exception of one machine, that had updated and was now running Centos 7.5. The machine refused to show the ZFS partitions, while normally this machine is playing nice, it was not today. I immediately thought of kernel module not loading however that failed ! Time to panic ! Well for sure data was not gone, since its just not accessible in this kernel. So the panic was never really there, as my brain was to slow to really get in the panic mood. Just add coffee and time I thought.

My first attempt was to remove zfs and spl modules and redo the dkms installation following the official guide, after removing every trace of ZFS, that royally failed. Ok. Time for kABI. Which until today I assumed was kernel-my-girlfriends-name (Abby) it turns out its not and its actually Kernel Application Binary Interface. As the red-hat customer platform says nicely :

kABI is a set of in-kernel symbols used by drivers and other kernel modules. Each major and minor Red Hat Enterprise Linux release (and Centos/Fedora kernel) has set of in-kernel symbols whitelist, which are defined in “/usr/src/kernels/”kernel-version”/Module.symvers” file. source

Following the guide for kABI, succes was not to be found. Ok, I got no errors that yielded any google results, so it was time for the deep and dirty. Let’s compile from source ! Failed. I had allot of kernels installed, so let’s remove them all except one and rebuild. Fail. Maybe the kernel is too new, let’s install an older kernel and rebuild again. Fail. Good, this 0.7.x version of ZFS is at fault, let’s try this 0.5.X. Fail. Let’s check Centos board to see if there are known issues. Nothing. Let’s check the Github of the ZoL project. Nothing.

Good I genuinely found a new bug in ZFS with working in Centos 7.5. (by this time, my brain should have said, wait a minute, did we read the error ?) Even tho, Centos 7.5 is out for a while already and even before that RHEL 7.5 is always out first to the enterprise users…. So this error makes no sense what so ever.

As my brain was pretty stable, focused and definitely not counting the minutes till weekend. It also had enough sleep and no any kind of substances such as “OD levels” of caffeine and sugar. I made the choice to claim ZFS developers time and open a new ticket with the developers. After all they fubar’d right ?

The only thing I did not do was to really read the error :

zfs: Unknown parameter 'zil_slog_limit'

Yes, if you set tuning value’s for a module and the module updates significantly (0.5 -> 0.7) some parameters get dumped/deprecated. I feel a bit ashamed for stealing developer time for my own stupidity. But I hope this blog post is a bit of payback. Next person who google’s this error will find my shame post and not waste dev. time.

As to the fix; comment or remove zil_slog_limit in /etc/modprobe.d/zfs.conf or similar configuration file.

Thanks behlendorf, I hope you get a good’s night rest !

Linux, SysAdmin, ZFS
Older Posts