Monitor & Record all Shell Commands & Send Logs to Centralized RSyslog Server

In this post I will show how to record all the users activity i.e. shell commands that are executed and will send that logs to the centralized log server.

In this demo I have a couple of CentOS 6.3 x86_64 machines with minimal installation.

1) Rsyslog is installed by default on CentOS machines, incase its not installed, install the Rsyslog package on both Client and Server.
[root@server ~]# yum install rsyslog -y
[root@client ~]# yum install rsyslog -y 
 
2) Edit the /etc/bashrc to record the shell commands that are executed
[root@client ~]# vim /etc/bashrc
Add this line to the end of file
remoteip=$(who am i | awk '{print $5}' | sed "s/[()]//g" )
export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local3.debug "$(whoami)  $remoteip  [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"' 

3) Configure the Rsyslog server to capture the local3 to a log file
[root@client ~]# vim /etc/rsyslog.conf
local3.*                /var/log/user-activity.log

4) Restart the Rsyslog server
[root@client ~]# service rsyslog restart

5) Log off and log back in to check the result in the file /var/log/user-activity.log
[root@client ~]# cat /var/log/user-activity.log
Oct  7 00:18:20 ad root: root  192.168.124.1   [4927]: service postfix stautus [2]
Oct  7 00:18:25 ad root: root  192.168.124.1   [4927]: service postfix status [0]
Oct  7 00:19:10 ad root: root  192.168.124.1  [4991]: exit [0]
Oct  7 00:19:16 ad root: root  192.168.124.1  [4991]: service postfix status [0]
Oct  7 00:19:23 ad root: root  192.168.124.1  [4991]: service sendmail status [1]
Oct  7 00:20:05 ad root: root  192.168.124.1  [4991]: date [0]
Oct  7 00:20:06 ad root: root  192.168.124.1  [4991]: pwd [0]
Oct  7 00:20:10 ad root: root  192.168.124.1  [4991]: history  [0]
Oct  7 00:20:15 ad root: root  192.168.124.1  [4991]: service named status [0]
Oct  7 00:20:21 ad root: root  192.168.124.1  [4991]: service named restart [0]
Oct  7 00:20:49 ad root: root  192.168.124.1  [4991]: cp -v /home/ahmed/* /root [0]
Oct  7 00:21:03 ad root: root  192.168.124.1  [4991]: ll [0]
Oct  7 00:21:16 ad root: root  192.168.124.1  [4991]: cat su [0]
Oct  7 00:21:31 ad root: ahmed  192.168.124.1  [5135]: exit [0]
Oct  7 00:21:32 ad root: ahmed  192.168.124.1  [5135]: redhat [127]
Oct  7 00:21:35 ad root: ahmed  192.168.124.1  [5135]: who am i [0]
Oct  7 00:21:38 ad root: ahmed  192.168.124.1  [5135]: ls [0]
Oct  7 00:21:46 ad root: ahmed  192.168.124.1  [5135]: rm * [0]
Oct  7 00:21:49 ad root: root  192.168.124.1  [4991]: su - ahmed [0]

6) To Centralize the logs do the following on the centralized Rsyslog server
[root@server ~]# vim /etc/rsyslog.conf
Uncomment the below lines
$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

[root@server ~]# vim /etc/rsyslog.d/remotesrv.conf
if $hostname contains 'client' then /var/log/servers/client.log
if $hostname contains 'client' then ~

7) Restart the server and configure iptables to accept the rsyslog connections
[root@server ~]# service rsyslog restart
[root@server ~]# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT
[root@server ~]# iptables -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
[root@server ~]# service iptables save

8) On Client Side configure the following
[root@client ~]# vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1, 192.168.124.0/24

$ModLoad imtcp
$InputTCPServerRun 514
$AllowedSender TCP, 127.0.0.1, 192.168.124.0/24

local3.*        @@192.168.124.250:514

9) Restart the Rsyslog service on the client side as well
[root@client ~]# service rsyslog restart

10) Logoff and Log back in and run some commands that will be recorded on the server at the defined location here it is /var/log/servers/clients.log

Deploying Operating Systems Using Cobbler - PXE Boot

Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between many various commands and applications when deploying new systems, and, in some cases, changing existing ones. Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management orchestration, and much more.

Here in my example, my machine name is cobbler and its IP is 192.168.75.222 and its running CentOS 6.5 x86_64 version 

1) For simplicity and testing purposes, disable SELinux
[root@cobbler ~]# vim /etc/sysconfig/selinux
selinux=disabled

2) Reboot your system after applying SELinux Changes

3) Install the EPEL Repo for Cobbler Packages
[root@cobbler ~]# rpm -ivh http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm

4) Install the following packages
[root@cobbler ~]# yum install dhcp cobbler pykickstart mod_python tftp -y

5) Enable xinetd tftp and rsync services
[root@cobbler ~]# vim /etc/xinetd.d/tftp
disable = no                    <- Change this line to "no"

[root@cobbler ~]# vim /etc/xinetd.d/rsync
disable = no                    <- Change this line to "no"

6) Start the xinetd, httpd, cobbler services and start the necessary at boot time
[root@cobbler ~]# for i in xinetd httpd cobblerd; do service $i restart; chkconfig $i on; done;
[root@cobbler ~]# chkconfig tftp on 
[root@cobbler ~]# chkconfig rsync on

7) Download the network boot-loaders for cobbler
[root@cobbler ~]# cobbler get-loaders

8) Change the default template of the dhcp file included with cobbler to match your network
[root@cobbler ~]# cp /etc/cobbler/dhcp.template /etc/cobbler/dhcp.template.org
[root@cobbler ~]# vim /etc/cobbler/dhcp.template
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.75.0 netmask 255.255.255.0 {
     option routers             192.168.75.1;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.75.100 192.168.75.254;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                192.168.75.222;
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          if option pxe-system-type = 00:02 {
                  filename "ia64/elilo.efi";
          } else if option pxe-system-type = 00:06 {
                  filename "grub/grub-x86.efi";
          } else if option pxe-system-type = 00:07 {
                  filename "grub/grub-x86_64.efi";
          } else {
                  filename "pxelinux.0";
          }
     }

9) Change the cobbler setting file according to the below
[root@cobbler ~]# vim /etc/cobbler/settings
manage_dhcp: 1
next_server: 192.168.75.222
server: 192.168.75.222

10) Mount your CentOS 6.5 DVD to a mount point, here I am mounting on /mnt
[root@cobbler ~]# mount /dev/sr0 /mnt

11) Import the Distro details into cobbler using the below command (It takes time to copy the distro data into /var/www/cobbler/. So be patient)
[root@cobbler ~]# cobbler import --path=/mnt --name=CentOS_6.5_x86_64

12) Copy the default anaconda-ks.cfg to the default location of cobbler kickstart files
[root@cobbler ~]# cp anaconda-ks.cfg /var/lib/cobbler/kickstarts/centos65.ks

13) Modify the centos65.ks file to the following or according to your requirement
[root@cobbler ~]# vim /var/lib/cobbler/kickstarts/centos65.ks
install
url --url http://192.168.75.222/cobbler/ks_mirror/CentOS_6.5_x86_64/
lang en_US.UTF-8
zerombr
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --noipv6
rootpw  --iscrypted $6$4t6CgzQlwQKVFUEb$.mWJx35kMLobSabwpoKzlVpTvmTjxapy5GjSJdWkWANgV9J0SE4tm/oYMQjOYFdAyp5FgpevxXmzyy5/3xcHS.
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone Asia/Kolkata
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"

clearpart --linux --drives=sda
repo --name="CentOS"  --baseurl=cdrom:sr0 --cost=100
%packages --nobase
@core
%end

14) Add the distro information to the cobbler for PXE Boot
[root@cobbler ~]# cobbler distro add --name=CentOS_6.5_x86_64 --kernel=/var/www/cobbler/ks_mirror/CentOS_6.5_x86_64/isolinux/vmlinuz --initrd=/var/www/cobbler/ks_mirror/CentOS_6.5_x86_64/isolinux/initrd.img 

15) Add the kickstart profile to the distro
[root@cobbler ~]# cobbler profile add --name=CentOS_6.5_KS --distro=CentOS_6.5_x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos65.ks 

16) Restart and synchronize the changes that were made into cobbler
[root@cobbler ~]# service cobblerd restart 
[root@cobbler ~]# cobbler sync

17) Configure the firewall to allow ports 80 (HTTP) and 69 (TFTP) 
[root@cobbler ~]# iptables -I INPUT -p tcp -s 192.168.75.0/24 -d 192.168.75.222 --dport 80 -j ACCEPT
[root@cobbler ~]# iptables -I INPUT -p udp -s 192.168.75.0/24 -d 192.168.75.222 --dport 69 -j ACCEPT
[root@cobbler ~]# service iptables save

18) Restart the below services once again to make sure all the changes are applied to the services 
[root@cobbler ~]# for i in xinetd httpd cobblerd; do service $i restart; chkconfig $i on; done;

19) Boot a new linux machine and make sure it boots via Network and at the menu prompt select the CentOS_6.5_KS option


 

HOWTO: backup a mysql db on the command line

To backup a single mysql database, use the following command:

:~$ mysqldump -u my_user_name -p db_name > backup_of_my_db.sql

If compression is needed, the command changes like this:

:~$ mysqldump -u my_user_name -p db_name  | gzip -9 > backup_of_my_db.sql.gz

To extract the compressed .gz file, use the following gunzip command:

:~$ gunzip backup_of_my_db.sql.gz

HOWTO: killing a TTY session using the command line

HOWTO: killing a TTY session using the command line

Recently one of my PuTTY sessions froze, and I decided to try and kill it using the command line, instead of simply closing the window.

This is the complete procedure:
I opened another PuTTY session
using the who command I found the name of the frozen TTY

myuser@ubuntu:~$ w
14:21:07 up 119 days, 12 min, 2 users, load average: 0.06, 0.05, 0.05
USER  TTY   FROM        LOGIN@ IDLE  JCPU  PCPU  WHAT
user1 pts/0 192.168.x.x 13:02  1:36  1.81s 0.10s sshd: user1 [priv]
user1 pts/2 192.168.x.x 14:21  0.00s 0.46s 0.00s w
myuser@ubuntu:~$

using ps and grep i found its PID
ps -u root | grep -i pts/0
finally, I killed the blocked session:

kill -9

Automated Process monitoring during high server load

Automated Process monitoring during high server load

root@myServer [/root]# cat load-process-monitor.sh

#!/bin/bash

# Define Variables

DT=`date +”%A %b %e %r”`

HOSTNAME=`hostname`

# Create dir to store data

mkdir -p /opt/loadcheck/

# Retrieve the load average of the past 1 minute

LAVG=`uptime | awk {‘print $10}’ | cut -d. -f1`

LCURRENT=`uptime | awk {‘print $10,$11,$12}’`

# Define Threshold. This value will be compared with the current load average. Set the value as per your wish.

LIMIT=-1

# Compare the current load average with Threshold and email the server administrator if threshold is greater.

if [ $LAVG -gt $LIMIT ]

then

#Save the current running processes in a file

/bin/ps -auxf >> /opt/ps_output

echo “Current Time :: $DT. >> /tmp/loadmon.txt

echo “Current Load Average :: $LCURRENT. >> /tmp/loadmon.txt

echo “current processes list attached with the email 1 instance. >> /tmp/loadmon.txt

echo “Also check loadps.txt :: loadtop.txt :: netstat_all.txt :: netstat_port80.txt inside /opt/loadcheck/ on the server” >> /tmp/loadmon.txt

# Send email to support

/usr/bin/mutt -s “Server Load ALERT!!! High 1 minute load average on ‘$HOSTNAME’” -a /opt/ps_output support@somedomain.com > /opt/ps_output

echo “Current Time :: $DT” >> /tmp/loadmon.txt

echo “Current Load Average :: $LCURRENT” >> /tmp/loadmon.txt

echo “current processes list attached with the email 1 instance” >> /tmp/loadmon.txt

echo “Also check loadps.txt :: loadtop.txt :: netstat_all.txt :: netstat_port80.txt inside /opt/loadcheck/ on the server” >> /tmp/loadmon.txt

# Send email to support

/usr/bin/mutt -s ” Server Load ALERT ::: High 1 minute load average on ‘$HOSTNAME’ ” -a /opt/ps_output support@integrityhost.com > /opt/loadcheck/loadps.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadps.txt

/bin/top -c -n1 >> /opt/loadcheck/loadtop.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadtop.txt

/bin/netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_all.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_all.txt

/bin/netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_port80.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_port80.txt

/bin/ps -auxf >> /opt/loadcheck/loadps.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadps.txt

/bin/top -c -n1 >> /opt/loadcheck/loadtop.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadtop.txt

/bin/netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_all.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_all.txt

/bin/netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_port80.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_port80.txt

/bin/ps -auxf >> /opt/loadcheck/loadps.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadps.txt

/bin/top -c -n1 >> /opt/loadcheck/loadtop.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadtop.txt

/bin/netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_all.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_all.txt

/bin/netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_port80.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_port80.txt

/bin/ps -auxf >> /opt/loadcheck/loadps.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadps.txt

/bin/top -c -n1 >> /opt/loadcheck/loadtop.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadtop.txt

/bin/netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_all.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_all.txt

/bin/netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_port80.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_port80.txt

/bin/ps -auxf >> /opt/loadcheck/loadps.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadps.txt

/bin/top -c -n1 >> /opt/loadcheck/loadtop.txt

echo “#########################################################################################################################” >> /opt/loadcheck/loadtop.txt

/bin/netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_all.txt

echo “#########################################################################################################################” >> /opt/loadcheck/netstat_all.txt

/bin/netstat -alntp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n >> /opt/loadcheck/netstat_port80.txt

echo ” ######################################################################################################################### ” >> /opt/loadcheck/netstat_port80.txt

fi

# Remove residue logs

/bin/rm -f /tmp/loadmon.txt

/bin/rm -f /opt/ps_output

root@myServer [/root]#

Add a cron to run load-process-monitor.sh ( * * * * * /bin/sh /path-to/load-process-monitor.sh ) every min and when server load goes beyond 4, it will send you email and log some important details, which can help to some extent to find some pointers to load issue from process and netstat listings.

Email Spamming Audit scripts on Cpanel

Some scripts that are used to send out spam emails :
[root@support ~]#grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
Eximstats
[root@support ~]#eximstats -t5 /var/log/exim_mainlog > teststats
Script to know the mail count by various accounts
[root@support ~]#grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
The number of mails by a domain
[root@support ~]#exigrep @domain.com /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l
[root@support ~]#ps -C exim -fH ewww |grep home, it shows the mails going from the server.
It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.
[root@support ~]#eximstats -ne -nr /var/log/exim_mainlog
It shows top 50 domains using mail server with options.
[root@support ~]#exim -bp | exiqsumm
It shows the main domains receiving and sending mails on the server.
[root@support ~]# netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1
It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.
In order to find “nobody” spamming, issue the following command
[root@support ~]#ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}’|sort|uniq -c|grep PWD|sort -n
It will give as like below result :-
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)
The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.
Command :
[root@support ~]#grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
This will result in something like :
96 cwd=/root
4583 cwd=/home/sample/public_html/test
Count the cwd and if it is a large value check the files in the directory listed in cwd
(Ignore if it is / or /var/spool/mail /var/spool/exim)
Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.
[root@support ~]#exim -bpr | exiqsumm -c | head
[root@support ~]#exiqgrep -ir <domain> | xargs -n1 exim -Mrm
That should remove any e-mail that is in the queue that is waiting to be delivered to POP accounts at <domain>.
Take below Precautions:
I)Turn on the SMTP tweak. It will block the users to bypass the mail server for sending out spam.
II)Turn on blacklisting ability in whm.
III)Use spamassassin to stop receiving spam mails.

Virtuzzo All commands

List vps’es on a node vzlist -a
Create a vps vzctl create 5001 –ostemplate centos-5-i386-default
When a vps is created the files are stored in main node in the location /vz/private/5001. The configuration file for vps 5001 will lie at /etc/vz/conf/5001.conf. The /etc/vz/conf is a link to /etc/sysconfig/vz-scripts/
[root@server ~]# ls -al /etc/vz/conf
lrwxrwxrwx 1 root root 23 Apr 10 2009 /etc/vz/conf -> ../sysconfig/vz-scripts
Destroy a vps
vzctl destroy 5001
Assigning host name to vps
vzctl set 5001 –hostname server.hostname.com –save
Add IP to vps
vzctl set 5001 –ipadd 11.22.33.44 –save
Create vps with hostnmae and IP set
vzctl create 5001 –ostemplate centos-5-i386-default –ipadd 11.22.33.44 –hostname server.hostname.com
Dump a vps to take backup. This will create a backup 5001.tgz in the path /backup/
vzdump –compress –dumpdir /backup/5001.tgz 5001
Restore a vps from backup
vzdump –restore /backup/vzdump-5001.tgz 5001
Change vps parameters, eg privvmpages
vzctl set 5001 –privvmpages 431072:441072 –save
Execute a command inside a vps from Node, Eg: to execute “free -m” inside the vps 5001
vzctl exec 5001 free -m
To set vps to be booted when the node boots up
vzctl set 5001 –onboot=yes –save
To set root password for a vps from Node
vzctl set 5001 –userpasswd root:newpassword –save
Install a package on vps. To install “yum” on vps 5001.
vzyum 5001 install yum
To set capability to change eg: MAC addresses
vzctl set 5001 –capability net_admin:on –save
Basic OpenVZ commands:

To set up a VPS from the default CentOS 5 template you have to use the below command:

vzctl create 101 –ostemplate centos-5-x86 –config basic

The 101 must be a uniqe ID – each virtual machine must have its own unique ID. If you want to have the vm started at boot, run
vzctl set 101 –onboot yes –save

To set a hostname and IP address for the vm, run:

vzctl set 101 –hostname test.example.com –save
vzctl set 101 –ipadd 192.168.1.101 –save
To start the vm
vzctl start 101

To set a root password for the vm, execute

vzctl exec 101 passwd

To login into vm

vzctl enter 101

To leave the vm’s console, type

exit

To stop a vm, run

vzctl stop 101

To restart a vm, run

vzctl restart 101

To delete a vm from the hard drive (it must be stopped before you can do this), run

vzctl destroy 101

To get a list of your vms and their statuses, run

vzlist -a

To find out about the resources allocated to a vm, run

vzctl exec 101 cat /proc/user_beancounters

Command to check the load of all VPS from main server node.

vzlist -o veid,laverage

It will show the below output:

CTID LAVERAGE

101 3.02/3.32/3.31
102 5.35/3.30/3.38
103 03.34/3.03/3.50
104 0.93/0.61/0.66
105 1.67/1.67/1.85
106 0.02/0.01/0.00

vzctl status VEID
To view the status of the particular VPS

vzctl stop VEID –fast
To stop the VPS quickly and forcefully

vzctl enter VEID
To enter in a particular VPS

vzctl set VEID –hostname vps.domain.com –save
To set the Hostname of a VPS

vzctl set VEID –ipadd 1.2.3.4 –save
To add a new IP to the hosting VPS

vzctl set VEID –ipdel 1.2.3.4 –save
To delete the IP from VPS

vzctl set VEID –userpasswd root:new_password –save
To reset root password of a VPS

vzctl set VEID –nameserver 1.2.3.4 –save
To add the nameserver IP’s to the VPS

vzctl exec VEID command
To run any command on a VPS from Node

vzyum VEID install package_name
To install any package/Software on a VPS from Node

**VEID refers to the ID of the Particular VPS**
vz -> recommends ext3 file system
PIM -> IP:4643
PMC -> mangaing h/w node
PPP -> for managing a single container
All the above things need a license from parallel
====================

Templates

====================
OS template -> vzpkg (cache needs to created before creating the container)
EZ template -> points to the repository that contains packages that constitute the template
Application template -> mysql template
====================

To create a container

====================
vzctl create
the container ID > 100
32 -bit integer
ID – 0 -> h/w node
ID -1 -> service container

/etc/vz/conf -> for the sample file names (only use the main part of the file name)

vzctl set – configure the container
vzctl exec – run anything on the container
vzctl status/vzlist 101

vzpkg – for adding application templates on h/w node (/vz/templates)
- the same command can be used for installing/removing the template into a the container.

Virtuozzo – User’s guide

OS virtualization – (1-2% of is spent on the virtualization s/w)
VZFS – allows sharing of common files among containers
Hardware node & Containers

/etc/vz/vz.conf
/etc/vz/conf/
/etc/vzbackup.conf

Standard migration
vzmigrate

Zero downtime migration
vzmigrate –online –require-realtime my_node.com 101

Move the container within the h/w node
vzmlocal

Backup & restore
vzabackup/vzarestore

Reinstall container
vzctl recover -> restores the VZFS symlinks
vzctl reinstall -> creates new private area for the container, copies the old private area to /old dir
- vps.configure, vps.reinstall

Delete the container
vzctl destroy

Disabling the container
vzctl set

Suspending the container
vzctl suspend

Setting up resources
disk quotas – first level(how much files or disk space the container can use) and second level (quotaugidlimit > no of entries in /etc/passwd or group files)
Container must be restarted to come this changes into effect

vzquota – to check the status of the quota info

Cleaning up containers – to move identical files from contrainers to /vz/template/vc folder
vzcache

Linking container files with application templates
vzpkg link
vzpkglink
vzpkgls

Managing CPU – cpu share and the number of processors the node can make use of.
vzcpucheck

Network traffic
/etc/vz/conf/networks_classes – after any changes, you need to service vz accrestart
class 0 – no accounting will be performed
class 1 – defined by containers to match any IP address
vznetstat

Bandwidth management (outgoing traffic)
service vz shaperon, shaperrestart, shaperoff
BANDWIDTH -> kilobites per second
TOTALRATE -> ::

For container
RATE -> ::
RATEBOUND -> to specify if the bandwidth is limited to the RATEBOUND
====================

Monitoring tools

====================
vzstat
vzps
vzpid
vztop
vzsetxinetd

Virtuozzo networks
vznetcfg if list

vznetcfg vlan add eth0 5
vznetcfg vlan del eth0.5

vznetcfg net addif vznetwork1 eth0
vznetcfg net delif eth0

vznetcfg net new vznetwork1
vznetcfg net del vznetwork1
vznetcfg net list

venet0 –?

License
vzlicload
vzlicupdate
vzlicview

Keeping system up2date
The h/w node can be updated using the normal update procedures without affecting virtuozzo
vzup2date – /etc/sysconfig/vzup2date/vzup2date.conf
vzup2date -m batch install –core
vzup2date -t -m batch install –all-os

Updating the containers
vzpkg update 101 redhat-el5-x86
vzpkg update 101
vzpkg update cache fedora-core-8-x86

Loading iptables modules
/etc/sysconfig/iptables-config
/etc/vz/vz.conf
/etc/vz/conf/.conf

VZFS-v2

Virtuozzo – Templates management guide

/vz/template
/vz/private/
/vz/root/

vzpkg – for managing VZ template
vzpkgls – for listing standard template

vzpkg install -p 110 yum

Virtuozzo – Managing UBC Resources

vzcfgvalidate

VE0CPUUNITS
SLM parameters

i-node setups

ext3 – 1 inode per every 4K
# vzlist -a

To list all the running VPS in the node

# vzlist

To display the templates present in the server

# vzpkgls

Creating a VPS To create a VPS with VEID 101 and ostemplate fedora-core-4 with vps.basic configuration

# vzctl create 101 –ostemplate fedora-core-4 -.config vps.basic

Deleting a VPS To destroy a VPS with VEID 101

# vzctl destroy 101

Configuring VPS (The changes are saved in /etc/vz/conf/.conf) To automatically boot when a node is up

# vzctl set 101 –onboot yes –save

To set hostname

# vzctl set 101 –hostname test101.my.org –save

To add an IP address

# vzctl set 101 –ipadd 10.0.186.1 –save

To delete an IP address

# vzctl set 101 –ipdel 10.0.186.1 –save

To set the name servers

# vzctl set 101 –nameserver 192.168.1.165 –save

To set the root password of VPS 101

# vzctl set 101 –userpasswd root:password

To set shortname for VPS

# vzctl set 101 –name test101 –save

Start/Stop/Restart VPS To start a VPS

# vzctl start 101

To start a disabled VPS

# vzctl start 101 –force

To stop a VPS

vzctl stop 101

To restart a VPS

# vzctl restart 101

To know the status of a VPS

# vzctl status 101

To get the details of the VPS like VEID, ClassID, number of processes inside each VPS and the IP addresses of VPS

# cat /proc/vz/veinfo

To enter into a VPS 101

# vzctl enter 101

To execute a command in VPS 101

# vzctl exec 101 command (replace command with the command you need to execute)
# vzctl exec 101 df -h

Managing Disk Quotas To assign disk quotas – First limit is soft limit, second limit is hard limit

# vzctl set 101 –diskspace 10485760 –save ==>> for setting 10GB
OR
# vzctl set 101 –diskspace 1048576 –save ==>> for setting 1GB

To assign disk inodes

# vzctl set 101 –diskinodes 90000:91000 –save

To check the disk quota of a VPS

# vzquota stat 101 -t

Managing CPU quota To display the available CPU power

# vzcpucheck

To set the number of CPUs available to a VPS

# vzctl set 101 –cpus 2 –save

To set the minimum and maximum CPU limits

# vzctl set 101 –cpuunits nnnn –cpulimit nn –save
(cpuunits is a an absolute number (fraction of power of the node) and cpulimit is taken as percentage)

Managing memory quota To display memory usage

# vzmemcheck -v

To set kmem

# vzctl set 101 –kmemsize 2211840:2359296 –save

To set privvmpages

# vzctl set 101 –privvmpages 2G:2G –save

Other Commands To copy/clone a VPS

# vzmlocal -C :

To disable a VPS

# vzctl set 101 –disabled yes

To enable a VPS

# vzctl set 101 –disabled no

To suspend a VPS

# vzctl suspend 101

To resume a VPS

# vzctl resume 101

To run yum update on a VPS

# vzyum 101 -y update

To install a package using yum on VPS

# vzyum 101 -y install package

To install a package using rpm on VPS

# vzrpm 101 -ivh package
VZ -> Vir­tuozzo –> rec­om­mends ext3 file sys­tem
PIM -> Par­al­lels Infra­struc­ture Man­ager –> IP:4643
PMC -> Par­al­lels Man­age­ment Con­sole –> man­ag­ing hard­ware node
PPP -> Par­al­lels Power Panel –> for man­ag­ing a sin­gle con­tainer
All the above things need a license from parallel

Tem­plates

OS tem­plate -> vzpkg (cache needs to cre­ated before cre­at­ing the con­tainer)
EZ tem­plate -> points to the repos­i­tory that con­tains pack­ages that con­sti­tute the tem­plate
Appli­ca­tion tem­plate -> mysql tem­plate

Vir­tuozzo — User’s guide

OS vir­tu­al­iza­tion — (1–2% of is spent on the vir­tu­al­iza­tion s/w) VZFS — allows shar­ing of com­mon files among con­tain­ers Hard­ware node & Containers

/etc/vz/vz.conf
/etc/vz/conf/
/etc/vzbackup.conf

Delete the container

# vzctl destroy

Dis­abling the container

# vzctl set

Sus­pend­ing the container

# vzctl suspend

To check the sta­tus of the quota info

# vzquota

Man­ag­ing CPU — cpu share and the num­ber of proces­sors the node can make use of

# vzcpucheck

Mon­i­tor­ing tools

# vzs­tat
# vzps
# vzpid
# vztop
# vzsetx­inetd

Vir­tuozzo networks

# vznetcfg if list
# vznetcfg vlan add eth0 5
# vznetcfg vlan del eth0.5
# vznetcfg net addif vznetwork1 eth0
# vznetcfg net delif eth0
# vznetcfg net new vznetwork1
# vznetcfg net del vznetwork1
# vznetcfg net list

Keep­ing sys­tem up2date : The h/w node can be updated using the nor­mal update pro­ce­dures with­out affect­ing virtuozzo

# vzup2date — /etc/sysconfig/vzup2date/vzup2date.conf
# vzup2date –m batch install –core
# vzup2date –t –m batch install –all-os

Updat­ing the con­tain­ers

# vzpkg update 101 redhat-el5-x86
# vzpkg update 101
# vzpkg update cache fedora-core-8-x86

1) vzlist -a : Shows list of all the VPS’s hosted on the Node.
2) vzctl start VPS_ID: To start the VPS.
3) vzctl stop VPS_ID : To stop (Shut Down) the VPS.
4) vzctl status VPS_ID : To view the status of the particular VPS.
5) vzctl stop VPS_ID –fast : to stop the VPS quickly and forcefully
6) vzctl enter VPS_ID : To enter in a particular VPS

Configuration Commands

1) vzctl set VPS_ID –hostname vps.domain.com –save: To set the Hostname of a VPS.

2) vzctl set VPS_ID –ipadd 1.2.3.4 –save : To add a new IP to the hosting VPS

3) vzctl set VPS_ID –ipdel 1.2.3.4 –save : To delete the IP from VPS.

4) vzctl set VPS_ID –userpasswd root:new_password –save : to reset root password of a VPS.

5) vzctl set VPS_ID –nameserver 1.2.3.4 –save : To add the nameserver IP’s to the VPS

6) vzctl exec VPS_ID command : To run any command on a VPS from Node.

6) vzyum VPS_ID install package_name : To install any package/Software on a VPS from Node.

VPS_ID refers to the ID of the Particular VPS.