KVM

Attach a disk/DVD to VM in KVM Host

 

 

Attach DVD/Disk attached to KVM host. Just change the source dev to match what was assigned to your usb when it was plugged in.
Create a xml file as below.

<disk type=’block’ device=’disk’>
<driver name=’qemu’ type=’raw’ cache=’none’/>
<source dev=’/dev/sr0’/>
<target dev=’vdc’ bus=’virtio’/>
</disk>

<disk type=’block’ device=’disk’>
<driver name=’qemu’ type=’raw’/>
<source dev=’/dev/sdb’/>
<target dev=’sdb’ bus=’scsi’/>
</disk>

Then execute the command.

virsh attach-device vmserverID /path/to/disk/usb.xml.

Also try xml with the below format.

<hostdev mode ‘subsystem’ type=’usb’>

<source>

<vendor id=’0x03f0’/>

<product id=’0x4217’/>

</source>

</hostdev>

Where vendor ID and product ID could be obtained from the below command.

#lsusb

Bus 002 Device 018: ID 03f0:4217 Hewlett-Packard EWS CM1015

 

http://www.linux-kvm.org/page/USB_Host_Device_Assigned_to_Guest

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-Virtualization-Adding_storage_devices_to_guests-Adding_hard_drives_and_other_block_devices_to_a_guest.html

https://help.onapp.com/hc/en-us/articles/222049588-Getting-a-USB-device-attached-to-a-VM-within-KVM

http://rolandtapken.de/blog/2011-04/how-auto-hotplug-usb-devices-libvirt-vms-update-1

Application Upgrade

Upgrade applications in CentOS.

PHP && MySQL installation or upgrade.

CentOS/RHEL 7.x:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
CentOS/RHEL 6.x:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm

CentOS/RHEL 5.x:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm
rpm -Uvh http://mirror.webtatic.com/yum/el5/latest.rpm

Now, remove all the old php packages installed and update with new php packages.

Note:- yum install php55w-mysql.x86_64  — This is required for integration of PHP with MySQL

 

Ref url:-

https://webtatic.com/packages/php55/

https://webtatic.com/projects/yum-repository/

https://mirror.webtatic.com/yum/

 

 

How to use two Python Versions.

Default python version is ‘2.6.6’ in CentOS – 6 and this cannot be uninstalled as this is required for ‘yum’ and other utilities to work. It is possibe to install alternate Python version.

yum install -y centos-release-SCL
yum install -y python27

/usr/local/bin/python -V –>This will show new version of Python.

/usr/bin/python -V –>This will show old version of Python.
How to install Python 2.7.6 on CentOS 6.3.

yum groupinstall “Development tools”
yum install zlib-devel
yum install bzip2-devel
yum install openssl-devel
yum install ncurses-devel
yum install sqlite-devel

cd /opt
wget –no-check-certificate https://www.python.org/ftp/python/2.7.6/Python-2.7.6.tar.xz
tar xf Python-2.7.6.tar.xz
cd Python-2.7.6
./configure –prefix=/usr/local
make && make altinstall
Ref url:- https://github.com/h2oai/h2o-2/wiki/Installing-python-2.7-on-centos-6.3.-Follow-this-sequence-exactly-for-centos-machine-onlyhttps://github.com/h2oai/h2o-2/wiki/Installing-python-2.7-on-centos-6.3.-Follow-this-sequence-exactly-for-centos-machine-only

 

 

Autoprotect

AutoProtect kernel module failed to enable.

Packages to be installed.
*kernel-devel-$(uname –r)
*kernel-headers-$(uname –r)

#locate ap-kernelmodule.tar.gz
#tar -xf ap-kernelmodule.tar.gz
#cd ap-kernelmodule
.#/build.sh
#cd bin.ira
#mv * /opt/Symantec/autoprotect/
#/etc/init.d/autoprotect restart
#/etc/init.d/rtvscand restart
#/opt/Symantec/symantec_antivirus/sav info -a

 

url:-

https://support.symantec.com/en_US/article.TECH132773.html

 

Symantec installation error.

Issue:- Installation requires 32bits glibc library. Please install it and try again.

soln:-yum install glibc.i686 libgcc.i686 libX11.i686

url:-https://support.symantec.com/en_US/article.TECH228118.html

 

How to copy files with progress bar.

Use ‘pv’ utility.

How to Monitor Progress of (Copy/Backup/Compress) Data using ‘pv’ Command

 

 

Iiptables and firewalld

Firewalld

Provide  Dynamic management of firewall. See below some examples.

firewall-cmd –zone=public –add-port=80/tcp        //Open  port 80
firewall-cmd –zone=public –add-port=80/tcp –permanent           //To make policy permanent
firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toport=8080        //Redirect port 80 to 8080
firewall-cmd –permanent –zone=public –add-forward-port=port=80:proto=tcp:toport=8080   //To make policy permanent

firewall-cmd  --zone=public --add-rich-rule="rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept" --permanent //OPen service from particular IP
firewall-cmd –reload //Reload firewall-cmd
iptables-save | grep ” //Verify

 

More details, refer url:-https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html

 

 

IPtable – Allow connection from single IP.

iptables -I INPUT -s <IP> -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -I OUTPUT -o eth0 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP

Refer below url for connection states
URL: http://www.iptables.info/en/connection-state.html

Load Balancing.

Apache Load balancing .

Using Haproxy in Opensuse 12:-

zypper addrepo http://download.opensuse.org/repositories/server:http/SLE12/server:http.repo

zypper search haproxy

zypper install haproxy

systemctl restart haproxy

 

zypper install apache2

vi /etc/apache2/listen.conf

Listen 808 

IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>

Listen 444

 

>Change http and https port from default.

 

 

systemctl restart apache2

Doc root :- /etc/apache2/conf.d/default-server.conf

/srv/www/htdocs/

echo “This is to show that apache is working” >> index.html

 

 

zypper install php

zypper install apache2-mod_php5

cd /srv/www/htdocs/

Test using info.php

 

 

To check  this , install additional custom apache server.

 

cd /usr/local/src

wget http://www.us.apache.org/dist//httpd/httpd-2.4.18.tar.gz

wget https://archive.apache.org/dist/apr/apr-util-1.5.4.tar.gz

wget https://archive.apache.org/dist/apr/apr-1.5.2.tar.gz

 

Untar all using tar -xzf $packages

Cd apr-1.5*

./configure

make

make install

 

Apr is installed under the location “/usr/local/apr/” whose binary in the location “/usr/local/apr/bin/apr-config”

cd apr-utl.*

./configure –with-apr=/usr/local/apr/bin/apr-config

make

make install

This will install apr-utils under “/usr/local/apr/bin/apu-config“

zypper install pcre

 

./configure –prefix=/usr/local/apache22 –with-apr=/usr/local/apr/bin/apr-config –with-apr-util=/usr/local/apr/bin/apu-config

make

make install

 

Change listening port from /usr/local/apache22/conf/httpd.conf

Start using

/usr/local/apache22/bin/apachectl start

 

Change the /etc/haproxy/haproxy.cfg as below taking the backup.

mv  /etc/haproxy/haproxy.cfg  /etc/haproxy/haproxy.cfg{,.haproxy.cfg.bak_$(date +%d-%m-%y)

cat /etc/haproxy/haproxy.cfg
global
log /dev/log daemon
maxconn 32768
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
tune.bufsize 32768
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

defaults
log global
mode http
option log-health-checks
option log-separate-errors
option dontlog-normal
option dontlognull
option httplog
option socket-stats
retries 3
option redispatch
maxconn 10000
timeout connect 5s
timeout client 50s
timeout server 450s

#listen stats
# bind 0.0.0.0:80
# bind :::80 v6only
# stats enable
stats uri /haproxy?stats
# option httpclose
# option forwardfor
frontend http-in
bind *:80
default_backend web-backend
backend web-backend
balance roundrobin
# stats refresh 5s
# server default IP:808 check
# server default IP:808 check
server default IP:808 check
# server custom IP:8088 check
server custom IP:8088 check
# rspadd Server:\ haproxy/1.6

 

 

This will swicth apache server on arch access via browser on port 80.

The web server status can  be found from

http://ip/haproxy?status

Docs:-

frontend

A frontend defines how requests should be forwarded to backends. Frontends are defined in the frontendsection of the HAProxy configuration.

 

backend

A backend is a set of servers that receives forwarded requests. Backends are defined in the backendsection of the HAProxy configuration.

balance(roundrobin)

Round Robin selects servers in turns. This is the default algorithm.

stats uri <prefix>

Enable statistics and define the URI prefix to access them