SSD & CentOS 6+

SSD  & CentOS 6+

SSDs can be divided into three classes, based on throughput:

• The first class of SSDs use a PCI-Express connection, which offers the fastest I/O throughput compared to other classes. This class also has a very low latency for random access.
• The second class uses the traditional SATA connection, and features fast random access for read and write operations (though not as fast as SSDs that use PCI-Express connection).
• The third class also uses SATA, but the performance of SSDs in this class do not differ substantially from devices that use 7200rpm rotational disks.

For all three classes, performance degrades as the number of used blocks approaches the disk capacity. The degree of performance impact varies greatly by vendor. However, all devices experience some degradation.

Enabling discard support is most useful when there is available free space on the file system, but the file system has already written to most logical blocks on the underlying storage device.

At present, ext4 is the only fully-supported file system that supports discard. 

To enable discard commands on a device, use the mount option discard. For example, to mount /dev/sda2 to /data with discard enabled, run:

mount -t ext4 -o discard /dev/sdb1 /data

By default, ext4 does not issue the discard command.

This is mostly to avoid problems on devices which may not properly implement the discard command. The Linux swap code will issue discard commands to discard-enabled devices, and there is no option to control this behavior.

There are basically two big things to do

-        enable discard/trim support in the file system

-       Limit write operations to the SSD. You want to enable discard to deal with underlying drive specific performance degradation that will happen over time

Move /tmp to ram.  This depends on how much ram you have and how much /tmp space you use, but it really helps to limit writes to the SSD

Change the mount options for your ext4 filesystem

-       change data from the default of ordered to writeback. This reduces the journal data to meta-data only, thus limiting writes.

-       change the commit value from the default of 5 seconds to 10, or 15. This gets you a 2 to 3x write savings, though you risk losing a bit more data if you lose power.

-       If you don't need access time records (mtime and ctime should be enough for most folks) disabling atime will also limit write operations. 

Ex:   /dev/sdb1        /      ext4     defaults,discard,data=writeback,noatime,commit=15     1 1

A/ mount file systems with the "noatime" option.
"noatime" prevents the file system from updating file access times.
"noatime" includes "nodiratime" (prevents directory access time updates).

Consider whether you need journals

            File system journals make file system reconstruction (fsck for
example) possible, and running without any journal makes catastrophic
file system failure far more likely. On the other hand, journals
require extra write operations, Sometimes it's easy enough to
reconstruct a file system that it's not worth the cost in terms of SSD
write operations.

echo "noop" > /sys/block/sda/queue/scheduler
in /etc/rc.d/rc.local.

OR

one can eliminate journaling altogether by doing this to a unmounted or read-only ext4
tune2fs -O ^has_journal /dev/sda1

 Then there will be no journal. While you are at it the command:
tune2fs -r 1024 /dev/sda1
will reduce the root-reserved blocks to 1k (4MB) 

Get rid of /tmp

Put it on ramdisk. The X11 server makes a huge number of tiny
writes to /tmp and if these flush to disk at a high rate it creates a
load of writes. Adding this line to /etc/fstab does the trick.

none /tmp tmpfs defaults 0 0

To enable trim, use the "discard' mount option in fstab for all mounted partitions from the SSD. The "swap" partition automatically uses TRIM. For example from /etc/fstab ....

Code:

UUID=ffc6a6fc-1bf3-4f25-ab17-067b0515e85a /   ext4    noatime,discard,data=writeback 1 1

UUID=24941fe7-6d23-4969-951e-0872d4b81b0e /home      ext4    noatime,discard,data=writeback 1 2

UUID=2bbebe51-c0f8-4296-ba0a-e715bf84dc67 swap       swap    defaults                       0 0

Few useful Commands

fdisk -u -l /dev/sdX

cat /sys/block/sda/queue/scheduler

Use iotop -oPa and sort by disk writes to see how much programs are writing to disk

Using “tune2fs –l /dev/sdb”, we can see the file system block size is 4KB with journal turned on.

Using “more /sys/fs/ext4/sdc/lifetime_write_kbytes” to see how much has been written to the disk so far

stop all application/System  services on the box,

unmount sdbX and sdcX

run tune2fs to set stride, stripe-width options

change mounting option on sdb, sdc to use noatime

mount again

start application/System services 

mkfs.ext4 -b 1024 -E stride=128,stripe-width=128 -O ^has_journal /dev/sda1

mkfs.ext4 -b 4096 -E stride=32,stripe-width=32 /dev/sda3 

Ref

http://www.void.gr/kargig/blog/2012/01/11/linux-ssd-partition-alignment-tips/

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/newmds-ssdtuning.html

http://blog.nuclex-games.com/2009/12/aligning-an-ssd-on-linux/  (good read)

https://wiki.archlinux.org/index.php/Solid_State_Drives (good read)

http://www.xbitlabs.com/articles/storage/display/intel-x25m-ssd_2.html

http://www.xbitlabs.com/articles/storage/display/intel-x25m-ssd_2.html

Exchange 2007 DG & List of all forwarding address list

Fetch the DG members from Exchange 2007

Get-DistributionGroupMember –identity “group name” | ft name, primarysmtpaddress | Export-CSV c:members.csv

Find all users with Forwarding Address is set

Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Select Name, ForwardingAddress, DeliverToMailboxAndForward c:/myfile.txt 

Mail Server - TODO

- Check for the open relay  , it should not configured for that :)
- Restrict the application servers by IP to relay email. you can use to test (http://www.abuse.net/relay.html )
- Check for the DNS and Reverse DNS
- Use SPF
- Use AntiSpam & Antivirus tools
- Monitor incoming and outgoing tools.
- Check RBL for the mail server blacklisting
-

Partition Alignment

#sudo fdisk -luc

turn off MSDOS mode

#sudo fdisk -H 32 -S 32 -cu /dev/yourdisk

1 Gigabyte = 2,097,152 sectors
1 Megabyte = 2,048 sectors


total_sectors / 2,097,152 (sectors in 1GB) = Total Gigabytes
remaining_sectors / 2,048 (sectors in 1MB) = Total Megabytes

Example
2,097,152 X 25 = 52,428,800 (25GB)
2,048 X 750 = 1,536,000 (750MB)
(2,097,152 X 12) + (2,048 X 500) = 26,189,824 (12GB+500MB)


Remember: If you're aligning partitions make sure to start at a sector evenly divisable by 512.
When asked for the size of your partition you'll need to prefix a + to your sectors.
Your last partition may consume the rest of the disk without a worry.


Alignment.

thumb rule is all about your partition starting at a sector evenly divisable by 512. The size of your partition and/or where it ends does not matter. As long as your partition starts at a sector divisable by 512 you're good.

If you had the following partitions sizes ready to go and you could sacrifice 512 bytes per partition without a worry, you subtract 1 sector from each partition. Doing it this way insures no gaps between partitions.


52,428,800 (25GB) - 1 sector = 52,428,799
1,536,000 (750MB) - 1 sector = 1,535,999
26,189,824 (12GB+500MB) - 1 sector = 26,189,823


start at 2,048 because this is the most common start sector in almost all guides. The following example assumes you don't mind shaving 512 bytes per partition by subtracting 1 sector each. In other words you don't need the absolute size and in that process create no gaps between partitions.


Start       End
2,048       +52,428,799  # This partition ends at 52,430,847, the next partition starts at 52,430,848 (evenly divisable by 512)
52,430,848  +1,535,999   # This partition ends at 53,966,847, the next partition starts at 53,966,848 (evenly divisable by 512)


The following example assumes you do mind shaving 512 bytes and want absolute sizes. If you need an absolute size per partition and cannot subtract 1 sector per partition you simply start your next partition at a sector evenly divisable by 512.


Start       End
2,048       +52,428,800  # This partition ends at 52,430,848, our next partition cannot start there. It will start at 52,430,848 + 512 = 52,431,360 (evenly divisable by 512)
52,431,360  +1,536,000   # This partition ends at 53,967,360, our next partition cannot start there. It will start at 53,967,360 + 512 = 53,967,872 (evenly divisable by 512)
53,967,872  +26,189,824  # This partition ends at 80,157,696, our next partition cannot start there. It will start at 80,157,696 + 512 = 80,158,208 (evenly divisable by 512)

Reinstalling the agents on ESX

Reinstalling the agents on ESX

1. Disconnect the ESX host in vCenter Server. Right-click the host and click Disconnect.
2. Log in as root to the ESX host using an SSH client.
3. Run this string of commands in the SSH session:
   
   service mgmt-vmware stop && service vmware-vpxa stop && service vmware-vmkauthd stop && service xinetd restart && rpm -qa | grep -i vpxa | awk '{print $1}' | xargs rpm -ef $1 && userdel vpxuser && rpm -qa | grep -i aam | awk '{print $1}' | xargs rpm -ef $1 && service mgmt-vmware start && service vmware-vmkauthd start
   
   Note: This is a concatenated list of commands strung together with the "&&" operator. This is useful in stringing together multiple commands as the next command does not start until the previous one has completed successfully.
   
   These are the commands you are running:
   
   • service mgmt-vmware stop && service vmware-vpxa stop && service vmware-vmkauthd stop && service xinetd restart stops the management services for the service console.
   • rpm -qa | grep -i vpxa | awk '{print $1}' | xargs rpm -ef $1 removes the vpxa agent.
   • userdel vpxuser removes the vpxa user that is installed once you connect the host to vCenter Server.
   • rpm -qa | grep -i aam | awk '{print $1}' | xargs rpm -ef $1 removes the AAM RPM (HA) which is reinstalled when you configure HA.
   • service mgmt-vmware start && service vmware-vmkauthd start restarts the services.
   • vmware-cmd -l lets you know when hostd is up and running so that you can reattach it to vCenter Server.
     
   Note: When you see a list of virtual machines output, the command sequence is complete.
   
4. Log in to the vCenter Server using VMware Infrastructure/vSphere Client.
5. Choose the ESX host from the Inventory.
6. Right-click on the ESX host and click Connect. This step initiates a re-install of the agent.

Create ext4 partition

1. Upgrade your system: yum update 
2. Format the partition: mkfs.ext4 /dev/sdxY (replace sdxY with the device to format (e.g. sda1))
3. Mount the partition
4. Add an entry to /etc/fstab, using the filesystem 'type' ext4 

 df -T | awk '{print $1,$2,$NF}' | grep "^/dev"

Format an external/Second HDD with ext4

First,  delete any existing partition and create a new Linux partition using fdisk:

1	# fdisk /dev/sdb

Assuming /dev/sdb is the external or second hard disk. Use d to delete the partition and use n to create a new partition. 83 is the ID of the native Linux partition.
Them,  use mkfs.ext4 to format the partition with ext4:

1	# mkfs.ext4 /dev/sdb1

Note that mkfs.ext4 expects a partition as its argument.
use tune2fs to adjust some parameters:

1 2	# tune2fs -m 0 /dev/sdb1 # tune2fs -L secondDisk01 /dev/sdb1

The -m option is for adjusting the percentage of reserved blocks. The reserved blocks are used by privileged processes which is by default 5% of the hard disk size. Since I’m using the external/second hard disk solely as a storage, I set this to 0 so I can also use those 5% for storage. The -L option is for labeling the filesystem.

Free NX [Error: Call to bind failed for font TCP port 11000]

Info: Proxy running in client mode with pid '98196'.

Session: Starting session at 'Mon Apr 30 18:22:52 2012'.

Warning: Connected to remote version 3.4.0 with local version 3.5.0.

Info: Connection with remote proxy completed.

Error: Call to bind failed for font TCP port 11000. Error is 112 'Address already in use'.

Session: Session terminated at 'Mon Apr 30 18:22:52 2012'.

This can happen if you have multiple NX connection to multiple machine.

sometime it can be due to the base display number. you can change that with

some other port. but make sure that port is not used by some other application.

 Or

Just start one connection at a time with nx client instead of multiple 

The setting is in the file # cat  /etc/nxserver/node.conf

# The base display number from which sessions are started.

#DISPLAY_BASE=1000

tar zcvf ~/ssh_freenx_config.tgz $(rpm -ql openssh-server freenx | grep etc)

How to Setup NTP server and Client (CentOS/RHEL)

NTP (Network time protocol) is used to  synchronize a computer's time in a local network (usually behind firewall )with another reference time source.

Steps:
1. Install NTP package
2. configure ntp.conf
3. start ntpd daemon
4.check   with ntpq -n

check the correct

cat /etc/sysconfig/clock

rpm -qa ntp

one US and one Canada NTP Server

http://www.pool.ntp.org/zone/north-america

http://www.pool.ntp.org/zone/ca

http://support.ntp.org/bin/view/Servers/StratumOneTimeServers


vim /etc/ntp.conf
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
restrict 10.10.10.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server time-a.nist.gov

server time-nw.nist.gov

server 0.ca.pool.ntp.org
server 1.ca.pool.ntp.org
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10



#service ntpd restart



 ntpdate -u  0.ca.pool.ntp.org

 ntpq -p