If you had forgotten the OpenMediaVault Default Login defaults, this post should help you reset it.
[Read more…] about Reset admin password in OpenMediaVaultTroubleshooting
Make BIND9 named Use Only IPv4
Having recently built a centralised log server with RSyslog on one of my Raspberry Pi systems at home office, I'm finally getting to reap the rewards: small and not so small errors get noticed and resolved at last.
Network Unreachable Resolving IPv6 in named
I notice getting lots of named errors like this:
May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1683.awsdns-18.co.uk/A/IN': 2600 :9000:5301:5200::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1244.awsdns-27.org/A/IN': 2600:9 000:5306:5b00::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1683.awsdns-18.co.uk/AAAA/IN': 2 600:9000:5301:5200::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-573.awsdns-07.net/AAAA/IN': 2600 :9000:5301:c800::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-1244.awsdns-27.org/AAAA/IN': 260 0:9000:5306:5b00::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-573.awsdns-07.net/A/IN': 2600:90 00:5305:4700::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'ns-573.awsdns-07.net/AAAA/IN': 2600 :9000:5305:4700::1#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'flickr.com/DS/IN': 2001:503:231d::2 :30#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf2.yahoo.com/A/IN': 2406:8600:b8:f e03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf1.yahoo.com/A/IN': 2406:8600:b8:f e03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf2.yahoo.com/AAAA/IN': 2406:8600:b 8:fe03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yf1.yahoo.com/AAAA/IN': 2406:8600:b 8:fe03::1003#53 May 1 16:13:04 becky named[545]: network unreachable resolving 'yahoodns.net/DS/IN': 2001:503:39c1: :30#53
Since they all looked like IPv6 addresses, I figured IPv6 would be the explanation. Since I'm not using IPv6 yet, the logical step to resolve issues was to disable IPv6.
Switch BIND9 named to using IPv4 only
By editing the /etc/default/bind9 file, it's very easy to enfore IPv4 ONLY mode.
Change OPTIONS line from this:
OPTIONS="-u bind"
to this:
OPTIONS="-u bind -4"
Now we just need to restart named daemon. Confusingly enough, it's done by restarting the service:
greys@becky:/ $ sudo systemctl restart bind9
let's quickly confirm bind9 status:
greys@becky:/ $ sudo systemctl status bind9 ● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-05-01 16:33:56 UTC; 3s ago Docs: man:named(8) Process: 3062 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS) Main PID: 3067 (named) CGroup: /system.slice/bind9.service └─3067 /usr/sbin/named -f -u bind -4 May 01 16:33:56 becky named[3067]: automatic empty zone: EMPTY.AS112.ARPA May 01 16:33:56 becky named[3067]: configuring command channel from '/etc/bind/rndc.key' May 01 16:33:56 becky named[3067]: command channel listening on 127.0.0.1#953 May 01 16:33:56 becky named[3067]: managed-keys-zone: loaded serial 788 May 01 16:33:56 becky named[3067]: zone 0.in-addr.arpa/IN: loaded serial 1 May 01 16:33:56 becky named[3067]: zone 127.in-addr.arpa/IN: loaded serial 1 May 01 16:33:56 becky named[3067]: zone localhost/IN: loaded serial 2 May 01 16:33:56 becky named[3067]: zone 255.in-addr.arpa/IN: loaded serial 1 May 01 16:33:56 becky named[3067]: all zones loaded May 01 16:33:56 becky named[3067]: running
That's it! Problem solved – no more IPv6 errors in named logs.
See Also
How To Check SSH Port Status
When you're configuring new SSH server, it's possible that connection won't work right away. That's when it will be useful for you to know how to check SSH port status.
Use telnet to check SSH port
The easiest approach has traditionally been to use telnet command. It's also a more universal way of checking SSH port because telnet is usually found in Windows operating system. In fact, you can check any port using telnet.
INTERESTING: Since telnet is an clear text protocol (no encryption), it's being phased out so it's quite possible that you won't find telnet command installed by default in your Linux/Unix system or even modern Windows or MacOS based desktop.
Provided telnet is installed (yum install telnet in CentOS/RedHat/Fedora Linux, for example) though, here's how you can check SSH port on remote server:
greys@centos:~ $ telnet vps1.unixtutorial.org 22 Trying 51.15.230.209... Connected to vps1.unixtutorial.org. Escape character is '^]'. SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 ^]^C^]
If you can see the SSH version information as highlighted above, the SSH port is open and SSH server is functioning properly.
If port 22 is open but SSH server is not listening on it, you'll get an error like this:
greys@centos:~ $ telnet vps1.unixtutorial.org 22 Trying 163.172.34.149... telnet: connect to address 163.172.34.149: Connection refused
Verbose ssh command output to check port
My default way of checking remote connectivity is to use ssh command to initiate client connection to remote SSH server using verbose output.
In this example, I'm checking connectivity to vps1 server on port 212:
greys@centos:~ $ ssh -vvv vps1.unixtutorial.org -p 212 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "vps1.unixtutorial.org" port 212 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to vps1.unixtutorial.org [51.15.230.209] port 212. debug1: connect to address 51.15.230.209 port 212: Connection refused ssh: connect to host vps1.unixtutorial.org port 212: Connection refused
the same command to a working SSH port will confirm that connection is established:
greys@centos:~ $ ssh -vvv vps1.unixtutorial.org -p 22 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "vps1.unixtutorial.org" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to vps1.unixtutorial.org [51.15.230.209] port 22. debug1: Connection established.
That's it for today!
See Also
Monitor processes, CPU and RAM with htop
I've been using htop for so long that it's now my go-to tool for the visual representation of key process performance metrics on a server: CPU usage, RAM, Swap, average load and most resource-hungry processes.
htop command for process monitoring
This is how a default htop screen looks on a properly configured colour-capable terminal: just run "htop" wihtout any parameters.
How To Install htop in Linux
htop is available via EPEL repository for CentOS/RedHat/Fedora projects:
reys@rhel:~ $ yum whatprovides htop Loaded plugins: fastestmirror, langpacks Determining fastest mirrors * base: centos.quelquesmots.fr * epel: mirror.ibcp.fr * extras: centos.mirrors.proxad.net * updates: centos.crazyfrogs.org htop-2.2.0-3.el7.x86_64 : Interactive process viewer Repo : epel
Once EPEL is activated, you'll be able to just install htop with yum.
How To Install htop in MacOS
On MacOS I've been using brew to install htop:
greys@maverick:~ $ brew install htop
or
greys@maverick:~ $ brew upgrade htop ==> Upgrading 1 outdated package: htop 2.0.2 -> 2.2.0_1 ==> Upgrading htop ==> Installing dependencies for htop: ncurses ==> Installing htop dependency: ncurses ==> Downloading https://homebrew.bintray.com/bottles/ncurses-6.1.mojave.bottle.tar.gz ######################################################################## 100.0% ==> Pouring ncurses-6.1.mojave.bottle.tar.gz ==> Caveats ncurses is keg-only, which means it was not symlinked into /usr/local, because macOS already provides this software and installing another version in parallel can cause all kinds of trouble. If you need to have ncurses first in your PATH run: echo 'export PATH="/usr/local/opt/ncurses/bin:$PATH"' >> ~/.bash_profile For compilers to find ncurses you may need to set: export LDFLAGS="-L/usr/local/opt/ncurses/lib" export CPPFLAGS="-I/usr/local/opt/ncurses/include" For pkg-config to find ncurses you may need to set: export PKG_CONFIG_PATH="/usr/local/opt/ncurses/lib/pkgconfig" ==> Summary 🍺 /usr/local/Cellar/ncurses/6.1: 3,869 files, 8.3MB ==> Installing htop ==> Downloading https://homebrew.bintray.com/bottles/htop-2.2.0_1.mojave.bottle.tar.gz ######################################################################## 100.0% ==> Pouring htop-2.2.0_1.mojave.bottle.tar.gz ==> Caveats htop requires root privileges to correctly display all running processes, so you will need to run `sudo htop`. You should be certain that you trust any software you grant root privileges. ==> Summary 🍺 /usr/local/Cellar/htop/2.2.0_1: 11 files, 188KB Removing: /usr/local/Cellar/htop/2.0.2... (11 files, 185KB) ==> Caveats ==> ncurses ncurses is keg-only, which means it was not symlinked into /usr/local, because macOS already provides this software and installing another version in parallel can cause all kinds of trouble. If you need to have ncurses first in your PATH run: echo 'export PATH="/usr/local/opt/ncurses/bin:$PATH"' >> ~/.bash_profile For compilers to find ncurses you may need to set: export LDFLAGS="-L/usr/local/opt/ncurses/lib" export CPPFLAGS="-I/usr/local/opt/ncurses/include" For pkg-config to find ncurses you may need to set: export PKG_CONFIG_PATH="/usr/local/opt/ncurses/lib/pkgconfig" ==> htop htop requires root privileges to correctly display all running processes, so you will need to run `sudo htop`. You should be certain that you trust any software you grant root privileges.
That's it for today. Hope you find htop command useful!
See Also
How To: Test Disk I/O with dd
dd command, that is pretty much guaranteed to be pre-installed on your Linux or Unix server, can be used to quickly get an understanding of the I/O capability of available storage.
Although there are specialised file processing and I/O benchmarks, you may not always have the time or permission to install additional packages. That's why using is one of the easiest ways to understand the storage you're working with.
Test write speed using dd
In this example, I'm creating a 1GB file using a fairly large block size of 512KB:
greys@s5:~ $ dd if=/dev/zero of=./test bs=512k count=2048 oflag=direct 2048+0 records in 2048+0 records out 1073741824 bytes (1.1 GB) copied, 3.11501 s, 345 MB/s greys@s5:~ $ dd if=/dev/zero of=./test bs=512k count=2048 oflag=direct 2048+0 records in 2048+0 records out 1073741824 bytes (1.1 GB) copied, 3.01872 s, 356 MB/s
That's a pretty impressive throughput! If the filesystem we're testing this on is hosted on a single disk, it must be an SSD one. Similar results may be achieved using a software RAID from HDDs.
Test read speed using dd
If you apply logic and reverse the if and of parameters from the previous example, you will arrive at the following dd command testing the speed of reading from ./test file:
greys@s5:~ $ dd if=./test of=/dev/zero bs=512k count=2048 oflag=direct
If you try running it though, you'll have 2 problems.
Problem 1: you get an error if you attempt direct I/O (oflag=direct) with a virtual device like /dev/zero:
greys@s5:~ $ dd if=./test of=/dev/zero bs=512k count=2048 oflag=direct dd: failed to open ‘/dev/zero’: Invalid argument
Problem 2: even if we remove the oflag=direct, results seem to be too good to be true:
greys@s5:~ $ dd if=./test of=/dev/zero bs=512k count=2048 2048+0 records in 2048+0 records out 1073741824 bytes (1.1 GB) copied, 0.159449 s, 6.7 GB/s greys@s5:~ $ dd if=./test of=/dev/zero bs=512k count=2048 2048+0 records in 2048+0 records out 1073741824 bytes (1.1 GB) copied, 0.152424 s, 7.0 GB/s
Slightly better I/O for reading is always expected, but such a dramatic improvement is usually false. As you may have guessed, we get such high numbers because of I/O caching that OS cleverly applies when working with files.
Caching is done in such a way that kernel would cache I/O as long as it has unused memory. As soon as some process needs memory though, the kernel would release it by dropping some clean caches
So for the correct read speed test with dd, we need to disable I/O caching using this command line :
greys@s5:~ $ sudo /sbin/sysctl -w vm.drop_caches=3 vm.drop_caches = 3
… and then re-run the same dd command again:
greys@s5:~ $ dd if=./test of=/dev/zero bs=512k count=2048 2048+0 records in 2048+0 records out 1073741824 bytes (1.1 GB) copied, 2.10861 s, 509 MB/s
That's better! 509MB/s read throughput is in line with the 356MB/s write throughput.
See Also
mkdir cannot create directory
New Linux users often get puzzled by the "mkdir: cannot create directory" errors when taking first steps and trying to learn basics of working with files and directories. In this short post I'll show the two most common types of this mkdir error and also explain how to fix things so that you no longer get these errors.
How To Fix Corrupted Packages Database for YUM
I had a server run out of space recently, to the point that it couldn't complete the yum update. This server ended up corrupting a yum packages database.
Here's how corrupted YUM database looks
Correctly called rpmdb, packaged database used by YUM looks like this when it can't be opened:
root@s3:/ # yum update error: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm CRITICAL:yum.main: Error: rpmdb open failed
Rebuilding RPM DB
The fix is to rebuild the RPM database, like this:
root@s3:/ # rpm --rebuilddb
and just to try things, do the same yum update – it should work now:
root@s3:/backup/linux # yum update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.mirror.ate.info * epel: mirror.1000mbps.com * extras: rep-centos-fr.upress.io * updates: centos.mirror.ate.info Resolving Dependencies ...
How To Fix Fonts in X11 Forwarding
I'm installing VirtualBox on one of my remote Linux servers and installed the software from their repository that deploys all the additional packages required by VirtualBox.
Still, when I first started the graphical interface (VirtualBox Manager), most of text appeared as funny characters that can't really be read:
This is a common problem when you're trying to run a graphical (X11) application on a server without graphics system like Xorg. As you probably guess, the problem is to do with fonts.
Specifically, it's a problem of your remote Linux server not having any fonts installed, because Xorg (graphics system) was never installed on it (servers usually have server-specific version of distro or at least a package selection that disables desktop related things).
Once we install standard fonts package like this:
greys@s5:~ $ sudo yum install xorg-x11-fonts-Type1 ... Installed: xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 Dependency Installed: libXfont.x86_64 0:1.5.2-1.el7 libfontenc.x86_64 0:1.1.3-3.el7 ttmkfdir.x86_64 0:3.0.9-42.el7 xorg-x11-font-utils.x86_64 1:7.5-20.el7 ...
… restarting application will result in a normal window with quite readable fonts: