Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

Mysql Secure Installation for non default socket.

Mysql Secure Installation for non default socket.

SECURING MYSQL SERVER –

mysql_secure_installation is a script useful to

  • set root password
  • disallowing root login remotely
  • removing anonymous user accounts after first installation
  • removing test database which can be accessed by any users

Above script would work for default socket location i.e /var/lib/mysql/mysql.sock

If the server is started with a non-default socket location, mysql_secure_installation does not consider any socket options you specify and the script would fail (For example -> mysql_secure_installation –socket=/mysql/socket/mysql.sock)

We should also consider this situation in case if we need to install more than one instance of mysql on a single server.

For the secure installation script to work for a non default socket location, we need to create a softlink /var/lib/mysql/mysql.sock -> <non-default socket>

1) ln -s /mysql/socket/mysqld.sock /var/lib/mysql/mysql.sock

Then run mysql_secure_installation directly

2) mysql_secure_installation

MYSQL mariadb CENTOS 7

MYSQL CENTOS 7

wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum update
yum install mysql-server

systemctl start mysqld

[root@clusterserver1 ~]# systemctl start mysqld
[root@clusterserver1 ~]# systemctl enable mysqld
[root@clusterserver1 ~]# systemctl status mysqld

[root@clusterserver1 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user.  If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
… Success!

Normally, root should only be allowed to connect from ‘localhost’.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
… Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
– Dropping test database…
ERROR 1008 (HY000) at line 1: Can’t drop database ‘test’; database doesn’t exist
… Failed!  Not critical, keep moving…
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
… Success!

All done!  If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

Cleaning up…
[root@clusterserver1 ~]# systemctl restart mysqld

[root@clusterserver1 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.33 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>

create database testdb;
create user ‘testuser’@’localhost’ identified by ‘password’;
grant all on testdb.* to ‘testuser’ identified by ‘password’;

mysql> create database testdb;
Query OK, 1 row affected (0.00 sec)

mysql> create user ‘testuser’@’localhost’ identified by ‘password’;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on testdb.* to ‘testuser’ identified by ‘password’;
Query OK, 0 rows affected (0.00 sec)

mysql>

create database testdb;
grant all on testdb.* to ‘testuser’ identified by ‘password’;

mysql -u testuser -p

use testdb;
create table customers (customer_id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, first_name TEXT, last_name TEXT);

[root@clusterserver1 ~]# mysql -u testuser -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.33 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql> use testdb;
Database changed
mysql> create table customers (customer_id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, first_name TEXT, last_name TEXT);
Query OK, 0 rows affected (0.01 sec)

mysql>

Reset the MySQL Root Password

If you forget your root MySQL password, it can be reset.

Stop the current MySQL server instance, then restart it with an option to not ask for a password.

systemctl stop mysqld
mysqld_safe –skip-grant-tables &

Reconnect to the MySQL server with the MySQL root account.

mysql -u root

Use the following commands to reset root’s password. Replace password with a strong password.

use mysql;
update user SET PASSWORD=PASSWORD(“password”) WHERE USER=’root’;
flush privileges;
exit

Then restart MySQL.

systemctl start mysqld

Tune MySQL

MySQL Tuner is a Perl script that connects to a running instance of MySQL and provides configuration recommendations based on workload. Ideally, the MySQL instance should have been operating for at least 24 hours before running the tuner. The longer the instance has been running, the better advice MySQL Tuner will give.

Download MySQL Tuner to your home directory.

wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl

To run it:

perl ./mysqltuner.pl

You will be asked for the MySQL root user’s name and password. The output will show two areas of interest: General recommendations and Variables to adjust.

MySQL Tuner is an excellent starting point to optimize a MySQL server but it would be prudent to perform additional research for configurations tailored to the application(s) utilizing MySQL on

 

 

 

recently upgraded my development laptop to CentOS 7 and while I was at it built a spare laptop running the same operating system. After manually creating a dozen MySQL databases and users and then importing their data from dump files on one laptop, I wasn’t interested in going through exactly the same process again on the second laptop.

As is now the default on CentOS 7, the databases were actually MariaDB (a community-developed fork of MySQL) rather than MySQL, but that’s not relevant here. The following procedure describes how I migrated an entire MariaDB/MySQL RDBMS installation in one go without recreating any databases or users or dumping and re-importing any files. The same procedure would of course work for migrating similar data between CentOS 7 servers.

Before proceeding I should emphasise that this data migration was between two machines with identical freshly installed operating systems. In cases where the operating systems, distributions or version were different things might not go so smoothly. One concern would be that global database configuration parameters on both machines were compatible.

Original Database Server

1: Create a directory to hold the data being migrated:

# mkdir mariadbdata

2: Stop the MariaDB/MySQL server:

# systemctl stop mariadb

3: Copy contents of /var/lib/mysql to the directory just created:

# cp -r /var/lib/mysql/* mariadbdata

4: Restart the MariaDB/MySQL server again:

# systemctl start mariadb

5: Compress the data:

 # tar -czvf mariadbdata.tar.gz mariadbdata

6: Copy the compressed file to new server.

 

New Database Server

1: Install MariaDB but don’t start it yet.

2: Uncompress data file:

# tar -xzvf mariadbdata.tar.gz

3: Move contents of data directory to /var/lib/mysql:

# mv mariadbdata/* /var/lib/data

4: Change ownership of all files in /var/lib/mysql to mysql user:

# chown -R mysql.mysql /var/lib/mysql/*

5: Restore correct SELinux security contexts:

# restorecon -R /var/lib/mysql/

6: Enable and start MariaDB:

# systemctl enable mariadb
# systemctl start mariadb


Typically the mysql database are located in /var/lib/mysql

I want to change it to /var/data/mysql 

Modify the paths as required in the below commands

stop mysql

systemctl stop mysqld.service

create new mysql data directory

mkdir /var/data/mysql

modify /etc/my.cnf and point to new data directory – add the client section to the top

[client]
port=3306
socket=/var/data/mysql/mysql.sock

[mysqld]
datadir=/var/data/mysql
socket=/var/data/mysql/mysql.sock

copy all files from /var/lib/mysql to the new directory /var/data/mysql

cp -r /var/lib/mysql/* /var/data/mysql

permissions for the new directory

chown -R mysql /var/data/mysql;
chgrp -R mysql /var/data/mysql;
chmod -R g+rw /var/data/mysql;

also modify SELINUX settings to allow mysql to use the different path

# add context and make it permanent 
semanage fcontext -a -s system_u -t mysqld_db_t "/var/data/mysql(/.*)?"
restorecon -Rv /var/data/mysql

start mysql

systemctl start mysqld.service

XFS CENTOS 7

Last login: Mon Sep  5 22:48:00 2016 from 192.168.1.1
clusterserver1 without LVM
Create an “clusterserver1” file system
We have “/dev/sdb” as a free hard drive :

[root@clusterserver1 ~]# lsblk -f
NAME            FSTYPE      LABEL           UUID                                   MOUNTPOINT
fd0
sda
??sda1          clusterserver1                         aba69d25-b3de-4d89-ba25-e50a8dcf10eb   /boot
??sda2          LVM2_member                 EE31dY-Ubnm-LwCA-8J9J-vK9B-XNzz-OZSt75
??centos-swap swap                        2e1fb731-0f59-4d10-9f2f-e302a671de57   [SWAP]
??centos-root clusterserver1                         8e1d8c59-5cd0-4716-92dd-de7c1417dc74   /
sdb
sr0             iso9660     CentOS 7 x86_64 2014-07-06-17-32-07-00
[root@clusterserver1 ~]#

Create a full partition on this drive :

[root@clusterserver1 ~]# parted -s /dev/sdb mklabel gpt
[root@clusterserver1 ~]# parted -s /dev/sdb mkpart primary clusterserver1 0% 100%
[root@clusterserver1 ~]#
[root@clusterserver1 ~]#  mkfs.clusterserver1 /dev/sdb1
meta-data=/dev/sdb1              isize=256    agcount=4, agsize=1310592 blks
=                       sectsz=512   attr=2, projid32bit=1
=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=5242368, imaxpct=25
=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2
=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@clusterserver1 ~]# mount -o inode64,nobarrier /dev/sdb1 /mnt
[root@clusterserver1 ~]# df -TH /mnt/
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sdb1      clusterserver1    22G   34M   22G   1% /mnt
[root@clusterserver1 ~]#

[root@clusterserver1 ~]# lsblk -f /dev/sdb
NAME   FSTYPE LABEL UUID                                 MOUNTPOINT
sdb
??sdb1 clusterserver1          23356c78-b7eb-4dc8-bd29-3d9933ac848b /mnt
[root@clusterserver1 ~]#

[root@clusterserver1 ~]# umount /mnt

[root@clusterserver1 ~]# mkdir -p /other/data
[root@clusterserver1 ~]# vi /etc/fstab
[root@clusterserver1 ~]# grep /dev/sdb1 /etc/fstab
/dev/sdb1       /other/data                     clusterserver1     inode64,nobarrier                                                                                                0 0
[root@clusterserver1 ~]# grep /dev/sdb1 /etc/fstab
/dev/sdb1       /other/data                     clusterserver1     inode64,nobarrier       0 0
[root@clusterserver1 ~]#

[root@clusterserver1 ~]# mount /other/data
[root@clusterserver1 ~]#  df -hT /other/data
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sdb1      clusterserver1    20G   33M   20G   1% /other/data

[root@clusterserver1 ~]# parted -s /dev/sdb print free
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 21.5GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system  Name     Flags
17.4kB  1049kB  1031kB  Free Space
1      1049kB  21.5GB  21.5GB  clusterserver1          primary
21.5GB  21.5GB  1032kB  Free Space

[root@clusterserver1 ~]#

Umount the file system :

[root@clusterserver1 ~]# umount /other/data
One minute after, we see the new drive size (here : 6 GB) :

[root@clusterserver1 ~]# parted /dev/sdb
GNU Parted 3.1
Using /dev/sdb
Welcome to GNU Parted! Type ‘help’ to view a list of commands.
(parted) print free
Error: The backup GPT table is not at the end of the disk, as it should be.  This might mean that another operating system believes the disk is smaller.  Fix, by moving the
backup to the end (and removing the old backup)?
Fix/Ignore/Cancel? fix
Warning: Not all of the space available to /dev/sdb appears to be used, you can fix the GPT to use all of the space (an extra 4194304 blocks) or continue with the current
setting?
Fix/Ignore? fix
Model: VMware Virtual disk (scsi)
Disk /dev/sdb: 6442MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system  Name     Flags
17.4kB  1049kB  1031kB  Free Space
1      1049kB  4294MB  4293MB  clusterserver1          primary
4294MB  6442MB  2149MB  Free Space
Switch to sectors values :

(parted) unit s
Display all partitions :

(parted) print free
Model: VMware Virtual disk (scsi)
Disk /dev/sdb: 12582912s
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start     End        Size      File system  Name     Flags
34s       2047s      2014s     Free Space
1      2048s     8386559s   8384512s  clusterserver1          primary
8386560s  12582878s  4196319s  Free Space
Remove this partition :

(parted) rm 1
Recreate the partition :

(parted) mkpart primary 2048s 100%
Switch to kB values :

(parted) unit kB
We can see a 6GB new partition :

(parted) print free
Model: VMware Virtual disk (scsi)
Disk /dev/sdb: 6442451kB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start      End        Size       File system  Name     Flags
17.4kB     1049kB     1031kB     Free Space
1      1049kB     6441402kB  6440354kB  clusterserver1          primary
6441402kB  6442434kB  1032kB     Free Space
Quit “parted” :

(parted) q
Information: You may need to update /etc/fstab.
Rebuild this clusterserver1 file system :

[root@clusterserver1 ~]# clusterserver1_repair /dev/sdb1
Phase 1 – find and verify superblock…
Phase 2 – using internal log
– zero log…
– scan filesystem freespace and inode maps…
– found root inode chunk
Phase 3 – for each AG…
– scan and clear agi unlinked lists…
– process known inodes and perform inode discovery…
– agno = 0
– agno = 1
– agno = 2
– agno = 3
– process newly discovered inodes…
Phase 4 – check for duplicate blocks…
– setting up duplicate extent list…
– check for inodes claiming duplicate blocks…
– agno = 0
– agno = 1
– agno = 2
– agno = 3
Phase 5 – rebuild AG headers and trees…
– reset superblock…
Phase 6 – check inode connectivity…
– resetting contents of realtime bitmap and summary inodes
– traversing filesystem …
– traversal finished …
– moving disconnected inodes to lost+found …
Phase 7 – verify and correct link counts…
done
Remount this file system :

[root@clusterserver1 ~]# mount /other/data
The file system size didn’t grow :

[root@clusterserver1 ~]# df -hT /other/data
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sdb1      clusterserver1   4.0G   33M  4.0G   1% /other/data
We need now to extend this clusterserver1 file system :

[root@clusterserver1 ~]# clusterserver1_growfs /other/data
meta-data=/dev/sdb1              isize=256    agcount=4, agsize=262016 blks
=                       sectsz=512   attr=2, projid32bit=1
=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=1048064, imaxpct=25
=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal               bsize=4096   blocks=2560, version=2
=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 1048064 to 1572352
It’s done :

[root@clusterserver1 ~]# df -hT /other/data
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sdb1      clusterserver1   6.0G   33M  6.0G   1% /other/data
No data lost :

[root@clusterserver1 ~]# cat /other/data/file
here is a file in an clusterserver1 file system

yum -y install system-storage-manager
mkdir -p /other/data
fdisk -l

[root@clusterserver1 ~]#  ssm create -n data_lv –fstype xfs -p data_vg /dev/sdb /other/data
File descriptor 7 (/dev/urandom) leaked on lvm invocation. Parent PID 10096: /usr/bin/python
Physical volume “/dev/sdb” successfully created
Volume group “data_vg” successfully created
File descriptor 7 (/dev/urandom) leaked on lvm invocation. Parent PID 10096: /usr/bin/python
Logical volume “data_lv” created.
meta-data=/dev/data_vg/data_lv   isize=256    agcount=4, agsize=1310464 blks
=                       sectsz=512   attr=2, projid32bit=1
=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=5241856, imaxpct=25
=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2
=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@clusterserver1 ~]# df -hT /other/data
[root@clusterserver1 ~]# vgdisplay -v data_vg
Using volume group(s) on command line.
— Volume group —
VG Name               data_vg
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  2
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                1
Open LV               1
Max PV                0
Cur PV                1
Act PV                1
VG Size               20.00 GiB
PE Size               4.00 MiB
Total PE              5119
Alloc PE / Size       5119 / 20.00 GiB
Free  PE / Size       0 / 0
VG UUID               wlEg2R-Bydn-UbFn-AI63-MeA4-dgNy-q30uWb

— Logical volume —
LV Path                /dev/data_vg/data_lv
LV Name                data_lv
VG Name                data_vg
LV UUID                BvQo50-0ehc-Ub92-QUNo-Qmn4-4roI-qHpkjX
LV Write Access        read/write
LV Creation host, time clusterserver1.rmohan.com, 2016-09-19 00:38:25 +0800
LV Status              available
# open                 1
LV Size                20.00 GiB
Current LE             5119
Segments               1
Allocation             inherit
Read ahead sectors     auto
– currently set to     8192
Block device           253:2

— Physical volumes —
PV Name               /dev/sdb
PV UUID               kYBGc2-EZNF-JtdX-lKj4-WRJR-tKxP-vu8wJP
PV Status             allocatable
Total PE / Free PE    5119 / 0

root@clusterserver1 ~]# lsblk -f
NAME   FSTYPE   LABEL          UUID                                   MOUNTPOINT
fd0
sda
??sda1 xfs                     aba69d25-b3de-4d89-ba25-e50a8dcf10eb   /boot
??sda2 LVM2_mem                EE31dY-Ubnm-LwCA-8J9J-vK9B-XNzz-OZSt75
??centos-swap
swap                    2e1fb731-0f59-4d10-9f2f-e302a671de57   [SWAP]
??centos-root
xfs                     8e1d8c59-5cd0-4716-92dd-de7c1417dc74   /
sdb    LVM2_mem                kYBGc2-EZNF-JtdX-lKj4-WRJR-tKxP-vu8wJP
??data_vg-data_lv
xfs                     49460e67-1b86-444d-9dcb-7b7fd014303e
sdc
sr0    iso9660  CentOS 7 x86_64
2014-07-06-17-32-07-00
[root@clusterserver1 ~]# ssm add -p data_vg /dev/sdc
File descriptor 7 (/dev/urandom) leaked on lvm invocation. Parent PID 2200: /usr/bin/python
Physical volume “/dev/sdc” successfully created
Volume group “data_vg” successfully extended
[root@clusterserver1 ~]#
[root@clusterserver1 ~]# ssm list pool
—————————————————-
Pool     Type  Devices      Free      Used     Total
—————————————————-
centos   lvm   1         0.00 KB  19.51 GB  19.51 GB
data_vg  lvm   2        20.00 GB  20.00 GB  39.99 GB
—————————————————-
[root@clusterserver1 ~]# ssm resize -s +2G /dev/data_vg/data_lv
File descriptor 7 (/dev/urandom) leaked on lvm invocation. Parent PID 2256: /usr/bin/python
Phase 1 – find and verify superblock…
Phase 2 – using internal log
– scan filesystem freespace and inode maps…
– found root inode chunk
Phase 3 – for each AG…
– scan (but don’t clear) agi unlinked lists…
– process known inodes and perform inode discovery…
– agno = 0
– agno = 1
– agno = 2
– agno = 3
– process newly discovered inodes…
Phase 4 – check for duplicate blocks…
– setting up duplicate extent list…
– check for inodes claiming duplicate blocks…
– agno = 0
– agno = 1
– agno = 2
– agno = 3
No modify flag set, skipping phase 5
Phase 6 – check inode connectivity…
– traversing filesystem …
– traversal finished …
– moving disconnected inodes to lost+found …
Phase 7 – verify link counts…
No modify flag set, skipping filesystem flush and exiting.
Size of logical volume data_vg/data_lv changed from 20.00 GiB (5119 extents) to 22.00 GiB (5631 extents).
Logical volume data_lv successfully resized.
meta-data=/dev/mapper/data_vg-data_lv isize=256    agcount=4, agsize=1310464 blks
=                       sectsz=512   attr=2, projid32bit=1
=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=5241856, imaxpct=25
=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal               bsize=4096   blocks=2560, version=2
=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 5241856 to 5766144
[root@clusterserver1 ~]# ssm resize -s +2093056K /dev/data_vg/data_lv
File descriptor 7 (/dev/urandom) leaked on lvm invocation. Parent PID 2429: /usr/bin/python
Phase 1 – find and verify superblock…
Phase 2 – using internal log
– scan filesystem freespace and inode maps…
– found root inode chunk
Phase 3 – for each AG…
– scan (but don’t clear) agi unlinked lists…
– process known inodes and perform inode discovery…
– agno = 0
– agno = 1
– agno = 2
– agno = 3
– agno = 4
– process newly discovered inodes…
Phase 4 – check for duplicate blocks…
– setting up duplicate extent list…
– check for inodes claiming duplicate blocks…
– agno = 0
– agno = 1
– agno = 2
– agno = 3
– agno = 4
No modify flag set, skipping phase 5
Phase 6 – check inode connectivity…
– traversing filesystem …
– traversal finished …
– moving disconnected inodes to lost+found …
Phase 7 – verify link counts…
No modify flag set, skipping filesystem flush and exiting.
Size of logical volume data_vg/data_lv changed from 22.00 GiB (5631 extents) to 23.99 GiB (6142 extents).
Logical volume data_lv successfully resized.
meta-data=/dev/mapper/data_vg-data_lv isize=256    agcount=5, agsize=1310464 blks
=                       sectsz=512   attr=2, projid32bit=1
=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=5766144, imaxpct=25
=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal               bsize=4096   blocks=2560, version=2
=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 5766144 to 6289408
[root@clusterserver1 ~]#

[root@clusterserver1 ~]#  xfs_growfs /other/data
meta-data=/dev/mapper/centos-root isize=256    agcount=4, agsize=1147392 blks
=                       sectsz=512   attr=2, projid32bit=1
=                       crc=0        finobt=0
data     =                       bsize=4096   blocks=4589568, imaxpct=25
=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal               bsize=4096   blocks=2560, version=2
=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

[root@clusterserver1 ~]# df -TH
Filesystem                  Type      Size  Used Avail Use% Mounted on
/dev/mapper/centos-root     xfs        19G  1.7G   18G   9% /
devtmpfs                    devtmpfs  2.0G     0  2.0G   0% /dev
tmpfs                       tmpfs     2.0G     0  2.0G   0% /dev/shm
tmpfs                       tmpfs     2.0G  9.0M  2.0G   1% /run
tmpfs                       tmpfs     2.0G     0  2.0G   0% /sys/fs/cgroup
/dev/sda1                   xfs       521M  279M  243M  54% /boot
tmpfs                       tmpfs     390M     0  390M   0% /run/user/0
/dev/mapper/data_vg-data_lv xfs        26G   34M   26G   1% /other/data
[root@clusterserver1 ~]# cd /other/data/
[root@clusterserver1 data]# ls
file
[root@clusterserver1 data]# cat file
we are using LVM
[root@clusterserver1 data]#

CentOS7 under yum successfully installed MySQL 5.7

1. Download the YUM library

shell> wget http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm

2. Install YUM library

shell> yum localinstall -y mysql57-community-release-el7-7.noarch.rpm

3. Install Database

shell> yum install -y mysql-community-server

4. Start MySQL service

shell> systemctl start mysqld.service

5. The default blank password

shell> mysql -uroot -p

6. Reset the root password to restart the mysql service

shell> update mysql.user set authentication_string = password ( “yourpassword”) where user = “root” and Host = “localhost”;

shell> flush privileges;

shell> quit;

shell> systemctl restart mysqld;

If the hand cheap or do not know what reason the following questions arise:

ERROR 1045 (28000): Access denied for user ‘root’ @ ‘localhost’ (using password: NO)

Please edit my.cnf, add the skip-grant-tables and skip-networking:

shell> vi /etc/my.cnf

[Mysqld]

skip-grant-tables

skip-networking

Restart mysql, and then repeat the above steps to change the password, remember to modify finished, remove the two lines of my.cnf add.

Part II: Configuration

1, add a remote login user (login Mysql)

use mysql;

. GRANT ALL PRIVILEGES ON * * TO ‘root’ @ ‘%’ IDENTIFIED BY ‘your password’ WITH GRANT OPTION;

Note: ‘%’ represents any address, you can specify IP

2, check the user table, memory refresh permission

select host, user from user;

FLUSH PRIVILEGES;

3, set the firewall (CentOS7 not recommended)

vi / etc / sysconfig / iptables

Before -A RH-Firewall-1-INPUT -j REJECT -reject-with icmp-host-prohibited, add

-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT

Restart the firewall

service iptables restart

NOTE: centos7 using a firewall Firewall

systemctl stop firewalld.service # Stop

systemctl disable firewalld.service # disable

4, set the character set and encoding are case sensitive

4.1 modify the mysql configuration file (set the character set encoding)

The default location: /etc/my.cnf

Etc into the folder >> vim my.cnf

[Mysqld]

character-set-server = utf8

collation-server = utf8_general_ci

* Systemctl restart mysql.service # restart MySQL

* View current mysql running state

mysql> status

Parameter Description:

haracter_set_client: character set the client requests data.

character_set_connection: receives data from the client, and then transfers the character set.

character_set_database: default character set of the database, regardless of how to change the default database, all the character sets; if there is no default database, make character_set_server specified character set, no need to set this parameter.

character_set_filesystem: the operating system file name is converted to the character set that is character_set_client conversion character_set_filesystem, the default binary can.

character_set_results: character set of the result set.

character_set_server: the default character set of the database server.

character_set_system: This value is always utf8, no need to set the character set, the storage system metadata.

4.2 modify the mysql configuration file (setting is case-sensitive)

lower_case_table_names Detailed parameters:

0: case sensitive

1: case-insensitive

MySQL change the default blank password to open Remote Access

mysql -u root -p

use mysql

update user set password=PASSWORD(‘abcde’) where user = ‘root’;

mysql
update user set password=PASSWORD(‘123456′) where user=’root’

mysqld -install

 

 

mysql> show variables like ‘char%’;
mysql>set character_set_client=gbk;
mysql>set character_set_results=gbk;

HaProxy high availability cluster configuration Redis notes

HaProxy high availability cluster configuration Redis notes

Goal is to make a high-availability cluster for redis sensu use. redis cluster using Sentinel + Redis three-node configuration.
Blog post before configuring details

Sentinel can be done when the master hang up automatically elect a new master, then it is not a proxy.
Therefore, we need a proxy ip to provide a client used herein HaProxy the agent.
Taking into account the HaProxy single node failure, the use of master-slave HaProxy Keepalived do in order to achieve a high-availability cluster Redis.

tar zxvf haproxy-1.4.21.tar.gz
mv haproxy-1.4.21 /usr/local/haproxy
cd /usr/local/haproxy
make install

mkdir conf
cd conf
vim haproxy.cfg

global
log 127.0.0.1   local0
log 127.0.0.1   local1 notice
#log loghost    local0 info
maxconn 4096
chroot /usr/local/haproxy
uid 99
gid 99
daemon
#debug
#quiet

defaults
log     global
mode    tcp
option  redispatch
option  dontlognull
retries 2
maxconn 2000
balance roundrobin
contimeout      5000
clitimeout      50000
srvtimeout      50000

listen  proxy 10.166.224.37:6379
#redis
server redis_10.122.224.36 10.166.224.36:6379 check inter 2000 rise 2 fall 5
server redis_10.122.224.35 10.166.224.35:6379 check inter 2000 rise 2 fall 5
server redis_10.122.224.33 10.166.224.33:6379 check inter 2000 rise 2 fall 5

/usr/local/haproxy/haproxy -f /usr/local/haproxy/conf/haproxy.cfg

[root@app2 ~]# redis-cli -h 192.168.1.11
192.168.1.11:6379> INFO
# Server
redis_version:2.8.19
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:c0359e7aa3798aa2
redis_mode:standalone
os:Linux 3.10.0-327.28.3.el7.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.8.3
process_id:14574
run_id:399a903ee13ab0b442d81020b174cafd5d91701a
tcp_port:6379
uptime_in_seconds:2820
uptime_in_days:0
hz:10
lru_clock:14238870
config_file:/etc/redis.conf

# Clients
connected_clients:2
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0

# Memory
used_memory:857984
used_memory_human:837.88K
used_memory_rss:5955584
used_memory_peak:858120
used_memory_peak_human:838.01K
used_memory_lua:35840
mem_fragmentation_ratio:6.94
mem_allocator:jemalloc-3.6.0

# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1473855549
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:0
rdb_current_bgsave_time_sec:-1
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok

# Stats
total_connections_received:7
total_commands_processed:51
instantaneous_ops_per_sec:0
total_net_input_bytes:22221
total_net_output_bytes:37208
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
evicted_keys:0
keyspace_hits:1
keyspace_misses:1
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:821

# Replication
role:master
connected_slaves:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0

# CPU
used_cpu_sys:1.03
used_cpu_user:0.69
used_cpu_sys_children:0.00
used_cpu_user_children:0.00

# Keyspace
db1:keys=5,expires=0,avg_ttl=0

How to configure Storage Tiers with Windows Server 2012 R2

Storage Spaces: How to configure Storage Tiers with Windows Server 2012 R2 | Ask Premier Field Engineering (PFE) Platforms

Storage Tiers allow for use of SSD and hard drive storage within the same storage pool as a new feature in Windows Server 2012 R2.  If you’ve not read Jose Barreto’s Step-by-step post on this subject already, it is a great source for links about Storage Tiers as well as a fantastic place to find examples of how to use PowerShell cmdlets to implement Storage Tiers with Storage Spaces.   In this episode, I’m going to show you how to implement Storage Tiers using mostly the UI.

If you’re not familiar with Storage Tiers, the idea is to be able to mix Solid State Disk (SSD) storage with conventional disks (HDD).  However, Storage Tiers provides the ability to store more frequently accessed data on SSD media…with both types of media used as block based storage for the same virtual disk: the best of both types of storage.   That’s a pretty high level summary…and a pretty awesome concept.  Previously, in my basement lab I had two different pools:  one for each type of storage.

If implementing tiers using PowerShell, some calculations may be required…and it looks a bit complicated if you’re just attempting to try out.   Granted, below are quite a few screen shots and this is a lengthy post.  However, the process using the UI is fairly easy.   I made one diversion into PowerShell to show how to define MediaTypes for storage devices if they’re not detected automatically.  The technique I use for that is very similar to Jose’s example but is another variation to show that you’re not limited to just one technique.

If you’ve read my recent post about expanding a storage pool, you may have a better understanding of how Storage Spaces uses columns.  Using the UI to configure Storage Tiers will attempt to use the defaults for the number of columns.  Using some quick and easy PowerShell during the creation process, you may change the column defaults for a specific storage pool.

Remember: If you have difficulty reading any of the screenshots below, you can obtain a full size image by clicking on them.

Creating Tiered Storage

1. The first step involves attaching the devices you intend to use.  You must have at least one SSD and one physical drive attached.   For this example, I chose 4 SSD devices, and 9 1 TB drives.   This is indeed an odd arrangement but I’ve chosen it with a purpose: to show the layout of a defined virtual disk, and to show that Storage Spaces will use what it can from this arrangement and leave remaining space for other uses.   In this example, I’ve connected the devices and can see them within Server Manager.

store01 store02 store03 store04 store05 store06 store07 store08 store09 store10 store11 store12 store13 store014 store015 store016 store017 store018 store019 store021 store022 store023 store024 store025 store026 store027 store028

PVLAN Isolation

 PVLAN Isolation

Introduction

In VMM 2012 SP1 you can isolate VM Networks using either traditional VLAN/PVLANS or, if you are using Windows Server 2012 as your host operating system, you can choose to implement Network Virtualization. The latter option addressing the scale limitations associated with a traditional VLANs solution as well as allowing tenants to “bring their own network” or otherwise extend their network into your environment. The diagram at the link below shows each of these options and acts as a reference for the detailed discussion that follows.

http://www.microsoft.com/en-us/download/details.aspx?id=37137

In Part III – Network Isolation, we covered how to configure your Logical Network for “No Isolation” in cases where you do not need to separate workloads and what you should do / how you should design your logical network solution when you want to use traditional VLANS. In this post, we focus our attention on isolation using PVLANs.

PVLAN Isolation

Private Virtual LANs (PVLANS) are often used by Service Providers (Hosters) to work around the scale limitations of VLANS that we discussed in Part III. They essentially allow network administrators to divide a VLAN into a number of separate and isolated sub-networks which can then be allocated to individual customers (tenants). PVLANs share the IP subnet that was allocated to the parent VLAN, as you might expect, but, from a security perspective, although hosts connected to different PVLANs still belong to the same IP subnet, they require a router to communicate with each other and with resources on any other network.

A PVLAN consists of a Primary and Secondary VLAN pair – each machine that is part of a PVLAN pair can be configured in one of three modes as shown below. In Promiscuous mode, hosts are on the primary VLAN and are able to communicate directly with resources on the primary VLAN and also the secondary VLAN. In a Community mode, the secondary VLAN represents a community. Direct communication is permitted only with hosts in the same community and those that are connected to the Primary PVLAN in promiscuous mode. Isolated PVLANs are pretty much as described, in that direct communication is permitted only with promiscuous resources that exist in the Primary PVLAN.

hyp1

 

The Networks Sites page of the Create Logical Network wizard includes a subtle but important difference for PVLANs – in addition to the primary VLAN, the “Associated VLANs and IP Subnets” section now contains an additional column Secondary VLAN. You should associate each primary VLAN and secondary PVLAN with a Network site within the logical network (as shown below) – you can define multiple PVLANS in the same Network Site as needed.

 

hyp2

 

Note: Only one PVLAN can be in isolated mode per primary VLAN and you should take care to ensure that a different primary VLAN ID is used in each Network Site you create. The ID you use for the PVLAN, however, may be the same in each site – in fact using the same ID for the isolated PVLAN is recommended since it ensures consistency and simplifies management.

As before, VM Networks need to be created to allow virtual machines to connect to and use the Logical Network. Each VM Network you create is directly mapped to exactly one of the PVLANS that have been defined for that Logical Network. As a result, you can only have as many VM Networks as you have defined PVLANS. The create VM Wizard (below) will display only those PVLANS that have not already been allocated to an existing VM Network. The wizard does not offer the option for automatic assignment – even though the text suggests that this is actually possible.

 

hyp3

To briefly summarize, create a single Logical Network to support PVLAN isolation, configured such that “sites within the logical network are not connected” and “Network sites within the logical network contain Private VLANs”. You should create a Network Site, define primary and secondary VLAN pairs and create VM Networks for each one (as shown below). In our example, we have chosen to designate PVLAN 5 as the isolated PVLAN for consistency across all primary VLANs, your implementation may be different.

 

hyp4

 

As we discussed earlier, although each virtual machine you connect to one of these VM Networks will be assigned an IP address from the same subnet, it will only be able to communicate only with the default IP gateway. You should also be aware that If all of the virtual machines are present on the same physical host, isolation will be enforced through the Hyper-V Extensible Switch, otherwise you will need to make sure that each of the PVLANS you define in VMM are also configured for isolation mode on the Physical Switch.

To avoid potential IP conflicts with resources that exist on the primary VLAN (and any community VLANS that were created outside of VMM), it is recommended that you reserve a set of IP addresses / create a separate IP Pool for each PVLAN. As discussed, the IP addresses you reserve must be part of the IP subnet that was allocated to the primary VLAN.

Summary

SC VMM 2012 SP1 only supports isolation mode and has no concept of primary (promiscuous) or community PVLANS and you need to be aware of this restriction when designing your solution. That being said, there are a number of scenarios which work quite well in this configuration – the most common example of which is Front End Web Servers. In this specific scenario, all of the web servers in a web farm are placed on a single network subnet but are otherwise completely isolated from each other, PVLANs in this context helping to simplify management and improve overall security.

hyp5

Requirements for Active Directory Recycle Bin 2008

Requirements for Active Directory Recycle Bin

Requirements for Active Directory Recycle Bin

Updated: December 21, 2012

Applies To: Windows Server 2008 R2

By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable Active Directory Recycle Bin, your environment must meet the requirements in the following sections.

Do the following before you enable Active Directory Recycle Bin in an Active Directory Domain Services (AD DS) environment:

  • Run Adprep to update your Active Directory schema with the necessary Active Directory Recycle Bin attributes. Membership in the Schema Admins group is the minimum required to complete the following Adprep tasks:
    ImportantImportant
    If you are performing a clean installation of a Windows Server 2008 R2 Active Directory forest, you do not have to run Adprep and your Active Directory schema will automatically contain all the necessary attributes for the Active Directory Recycle Bin to function properly. If, however, you are introducing a Windows Server 2008 R2 domain controller into your existing Windows Server 2003 or Windows Server 2008 forest and, subsequently, upgrading the rest of the domain controllers to Windows Server 2008 R2, you must run Adprep to update your Active Directory schema with the attributes that are necessary for Active Directory Recycle Bin to function correctly.
    • Prepare the forest by running the adprep /forestprep command on the server that holds the schema master operations master (also known as flexible single master operations or FSMO) role to update the schema.
    • Prepare the domain by running the adprep /domainprep /gpprep command on the server that holds the infrastructure operations master role.
    • If a read-only domain controller (RODC) is present in your AD DS environment, you must also run the adprep /rodcprep command.
  • Make sure that all domain controllers in your Active Directory forest are running Windows Server 2008 R2.
  • Raise the functional level of your Active Directory forest to Windows Server 2008 R2.

Do the following before you enable Active Directory Recycle Bin in an Active Directory Lightweight Directory Services (AD LDS) environment:

  • Upgrade the schema of your AD LDS configuration set with the necessary Active Directory Recycle Bin attributes by running the following command:

    Ldifde.exe –i –f MS-ADAM-Upgrade-2.ldf –s server:port –b username domain password –j . -$ adamschema.cat

    noteNote
    If you are upgrading your environment to Windows Server 2008 R2, you can upgrade the schema first and then upgrade the operating system. If you select this approach, you will have to first locate and download the necessary MS-ADAM-Upgrade-2.ldf and adamschema.cat files. Or you can do the reverse: upgrade the operating system first and then upgrade the schema. This is the recommended approach, because both MS-ADAM-Upgrade-2.ldf and adamschema.cat are available in Windows Server 2008 R2 in the C:\Windows\ADAM directory.
  • Make sure that all servers hosting the instances of your AD LDS configuration set are running Windows Server 2008 R2.
  • Raise the functional level of your AD LDS configuration set to Windows Server 2008 R2 or higher. To do this using ADSIEdit:
    1. Open ADSIEdit, click Action and click Connect to .
    2. In Connection Point , click Select a well known Naming Context: and choose Configuration and in Computer , click Select or type a domain or server: and then type Localhost:50000 or an alternative server name and port that you chose during the AD LDS installation, and then click OK .
    3. Double-click Configuration [Localhost:50000] , double-click CN=Configuration,CN={GUID} , right-click CN=Partitions , and click Properties .
    4. Select msDS-Behavior-Version and click Edit .
    5. Type a value of 4 to raise the functional level to Windows Server 2008 R2 or 5 to raise it to Windows Server 2012, and click OK twice.

Hyper -V Fabric Monitoring

Fabric Monitoring

A close integration between System Center 2012 R2 Virtual Machine Manager and System Center 2012 R2 Operations Manager introduces System Center cloud monitoring of virtual layers for private cloud environments. To get this new functionality, use the System Center 2012 Management Pack for System Center 2012 R2 Virtual Machine Manager Dashboard, which is imported automatically when you integrate Operations Manager and Virtual Machine Manager. For information about how to integrate Operations Manager and Virtual Machine Manager, see Configuring Operations Manager Integration with VMM.

 

DPM can protect servers and workstations across domains within a forest that has a twoway trust relationship with the domain that the DPM server is located in. If there is not a two-way trust across domains, you can protect the computers using DPM’s support for computers in workgroups or untrusted domains. For more information, see Managing Protected Computers in Workgroups and Untrusted Domains.DPM supports data protection across forests as long as you establish a forest-level, two-way trust between the separate forests.

Page 30 of 163« First...1020...2829303132...405060...Last »