HEP System Administration

Archive for June, 2007

Raid Problems

I’m installing another machine with a 3ware raid card and am having some problems with it. It looks like the module gets loaded ok, but when it tries to mount the disk that’s listed in /etc/fstab, I get this error:

fsck.ext3: /dev/sda1:
The superblock could not be read or does not describe a correct ext2 filesystem.

First of all, it’s an ext3 filesystem and it’s looking at -b 8193 for the location of the superblock. According to the mkfs command, there is no superblock there.

I’m recreating the filesystem and am outputting everything here:

[root@cs4 ~]# fdisk /dev/sda

The number of cylinders for this disk is set to 243147.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): p

Disk /dev/sda: 1999.9 GB, 1999957393408 bytes
255 heads, 63 sectors/track, 243147 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-243147, default 1): 
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-243147, default 243147): 
Using default value 243147

Command (m for help): p

Disk /dev/sda: 1999.9 GB, 1999957393408 bytes
255 heads, 63 sectors/track, 243147 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1      243147  1953078246   83  Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
[root@cs4 ~]# mkfs -v /dev/sda1
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
244137984 inodes, 488269561 blocks
24413478 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=490733568
14901 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks: 
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
        4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
        102400000, 214990848

Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@cs4 ~]# tune2fs -c0 -i0 -j /dev/sda1
tune2fs 1.35 (28-Feb-2004)
Setting maximal mount count to -1
Setting interval between check 0 seconds
Creating journal inode: done
This filesystem will be automatically checked every -1 mounts or
0 days, whichever comes first.  Use tune2fs -c or -i to override.

Now mount the disk

[root@cs4 ~]# mount /dev/sda1 /local/s7
[root@cs4 ~]# df -H
Filesystem             Size   Used  Avail Use% Mounted on
/dev/hda2              157G   4.0G   145G   3% /
/dev/hda1              128M    18M   104M  15% /boot
none                   1.6G      0   1.6G   0% /dev/shm
/dev/sda1              2.0T   114M   1.9T   1% /local/s7

Works fine, but will it work when I reboot? Nope. I give up. I added the following to /etc/rc.d/rc.local and things work fine.

# Mount raid
mount /dev/sda1 /local/s7

Usually, the problem is that the driver isn’t loaded, but here, I don’t need to run a modprobe 3w-9xxx because it is already loaded. Go figure.

Posted by Mary Heintz on June 21, 2007 at 9:56 am under Machine Specific, Raid.
Comments Off on Raid Problems.

Mail Forwarding

Had a problem where a user who forwarded mail wasn’t receiving any. Turns out that port 25 on the machine the mail was going to was blocked.

Edited /etc/mail/sendmail.mc

Was: DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl
Changed to: DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl

Restart sendmail

If anyone tries to forward their mail to another machine in our cluster, need to make sure that this port is open.

Posted by Mary Heintz on June 5, 2007 at 12:53 pm under Machine Specific, Mail.
Comments Off on Mail Forwarding.

Firewall

Now using iptables as a firewall on the server. This server needs to allow the following services:

ssh – from anywhere
smtp/submission – from anywhere
http/https – from anywhere
imaps/pop3s – from anywhere
nfs – from our subnet only
mysql (though this will soon be turned off) – from localhost only

The one problem that we have is that some parts of nfs are randomly assigned port numbers. I needed to set these parts to a specific port and then allow that port through the firewall.

Edit /etc/sysconfig/nfs

MOUNTD_PORT="10004"
RQUOTAD_PORT="10005"
STATD_OUTGOING_PORT="10003"
STATD_PORT="10002"

Edit /etc/modprobe.conf and add this line

# Set lockd to a port for iptables
options lockd nlm_tcpport=10000 nlm_udpport=10001

Create /etc/sysconfig/iptables with the following:

# 29 May 2007 by MH
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [120351:14706650]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT 
-A FORWARD -j RH-Firewall-1-INPUT 
-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT 
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT 

# Allow ssh logins from anyplace
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

# Allow secure imap from anyplace 
-A RH-Firewall-1-INPUT -p tcp --dport 993 -j ACCEPT

# Allow secure pop from anyplace 
-A RH-Firewall-1-INPUT -p tcp --dport 995 -j ACCEPT

# Allow smtp and submission from anyplace 
-A RH-Firewall-1-INPUT -p tcp --dport 25 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp --dport 587 -j ACCEPT

# Allow http and https from anyplace, https is for webmail 
-A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 443 -j ACCEPT

# Allow portmap (111), ,rquotad(10005), mountd(10004), statd(10002 & 10003), nfsd(2049) and 
# lockd(10000 & 10001) from our subnet (for nfs)
# rquotad, mountd and statd are set in /etc/sysconfig/iptables
# lockd is set in /etc/modprobe.conf
-A RH-Firewall-1-INPUT -s 10.135.102.0/255.255.255.0 -p tcp -m tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.135.102.0/255.255.255.0 -p udp -m udp --dport 111 -j ACCEPT

-A RH-Firewall-1-INPUT -s 10.135.102.0/255.255.255.0 -p tcp -m tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.135.102.0/255.255.255.0 -p udp -m udp --dport 2049 -j ACCEPT

-A RH-Firewall-1-INPUT -s 10.135.102.0/255.255.255.0 -p tcp -m tcp --dport 10000:10005 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.135.102.0/255.255.255.0 -p udp -m udp --dport 10000:10005 -j ACCEPT

# Allow localhost to use unsecured imap on 143 (this is for squirrelmail)
-A RH-Firewall-1-INPUT -s 127.0.0.1 -p tcp --dport 143  -j ACCEPT

# Allow localhost to use mysql (3306)
-A RH-Firewall-1-INPUT -s 127.0.0.1 -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -s 127.0.0.1 -p udp --dport 3306 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
COMMIT

Then I reboot the machine to have the settings take effect.

Posted by Mary Heintz on June 5, 2007 at 12:49 pm under Firewall, Machine Specific, Service.
Comments Off on Firewall.

Archive for June, 2007

Raid Problems

Mail Forwarding

Firewall

Pages

Recent Posts

Categories

Archives