Rabu, 04 Oktober 2017

Configure Network Bonding on Linux


To set up bonding:

1. Create a virtual 'bond' interface by creating a configuration file in:

# vi /etc/sysconfig/network-scripts/ifcfg-bond0

2. Append the following lines to the file.

DEVICE=bond0

IPADDR=192.168.10.79 # Use the free IP Address of your network

NETWORK=192.168.10.0

NETMASK=255.255.255.0

USERCTL=no

BOOTPROTO=none

ONBOOT=yes

3. Attach one or more slave interfaces to the bond interface. Modify the eth0 and eth1 configuration files (using a VI text editor).

a. Use the VI text editor to open the eth0 configuration file.

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

b. Modify/append the eth0 file as follows:

DEVICE=eth0

USERCTL=no

ONBOOT=yes

MASTER=bond0

SLAVE=yes

BOOTPROTO=none

c. Use the VI text editor to open the eth1 configuration file.

# vi /etc/sysconfig/network-scripts/ifcfg-eth1

d. Modify/append the eth1 file as follows:

DEVICE=eth1

USERCTL=no

ONBOOT=yes

MASTER=bond0

SLAVE=yes

BOOTPROTO=none

4. Set up the bond interface and its options in /etc/modprobe.conf. Start the slave interfaces by your normal network method.

# vi /etc/modprobe.conf

a. Append the following lines to the file.

alias bond0 bonding isikan di modprobe.conf

options bond0 mode=balance-alb miimon=100 isikan di modprobe.conf

b. Load the bonding module.

# modprobe bonding

# ifconfig bond0 up

# ifenslave bond0 eth0 eth1

# service network restart

# cat /proc/net/bonding/bond0

# ifconfig | grep -i bond




Descriptions of bonding modes

Mode 0

balance-rr

Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

Mode 1

active-backup

Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

Mode 2

balance-xor

XOR policy: Transmit based on selectable hashing algorithm. The default policy is a simple source+destination MAC address algorithm. Alternate transmit policies may be selected via the xmit_hash_policy option, described below. This mode provides load balancing and fault tolerance.

Mode 3

broadcast

Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

Mode 4

802.3ad

IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

Prerequisites:

Ethtool support in the base drivers for retrieving the speed and duplex of each slave.

A switch that supports IEEE 802.3ad Dynamic link aggregation. Most switches will require some type of configuration to enable 802.3ad mode.

Mode 5

balance-tlb

Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Prerequisites:

Ethtool support in the base drivers for retrieving the speed of each slave.

Mode 6

balance-alb

Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

Descriptions of balancing algorithm modes

The balancing algorithm is set with the xmit_hash_policy option.

Possible values are:

layer2 Uses XOR of hardware MAC addresses to generate the hash. This algorithm will place all traffic to a particular network peer on the same slave.

layer2+3 Uses XOR of hardware MAC addresses and IP addresses to generate the hash. This algorithm will place all traffic to a particular network peer on the same slave.

layer3+4 This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves.

encap2+3 This policy uses the same formula as layer2+3 but it relies on skb_flow_dissect to obtain the header fields which might result in the use of inner headers if an encapsulation protocol is used.

encap3+4 This policy uses the same formula as layer3+4 but it relies on skb_flow_dissect to obtain the header fields which might result in the use of inner headers if an encapsulation protocol is used.

The default value is layer2. This option was added in bonding version 2.6.3. In earlier versions of bonding, this parameter does not exist, and the layer2 policy is the only policy. The layer2+3 value was added for bonding version 3.2.2.


Reduce and Create LVM on RHEL


h[root@twins /]#df –h

[root@twins /]#umount /home

[root@twins /]# lvreduce -L 40G /dev/mapper/VolGroup-lv_home

WARNING: Reducing active and open logical volume to 40.00 GiB

THIS MAY DESTROY YOUR DATA (filesystem etc.)

Do you really want to reduce lv_home? [y/n]: y

Reducing logical volume lv_home to 40.00 GiB

Logical volume lv_home successfully resized


[root@twins /]# mkfs -t ext4 /dev/mapper/VolGroup-lv_home

mke2fs 1.41.12 (17-May-2010)

Filesystem label=

OS type: Linux

Block size=4096 (log=2)

Fragment size=4096 (log=2)

Stride=0 blocks, Stripe width=0 blocks

2621440 inodes, 10485760 blocks

524288 blocks (5.00%) reserved for the super user

First data block=0

Maximum filesystem blocks=4294967296

320 block groups

32768 blocks per group, 32768 fragments per group

8192 inodes per group

Superblock backups stored on blocks:

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,

4096000, 7962624


Writing inode tables: done

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information: done


This filesystem will be automatically checked every 29 mounts or

180 days, whichever comes first. Use tune2fs -c or -i to override.

[root@twins /]# mount /home/

[root@twins /]# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/mapper/VolGroup-lv_root

50G 8.6G 39G 19% /

tmpfs 1.5G 88K 1.5G 1% /dev/shm

/dev/sdb1 485M 30M 430M 7% /boot

/dev/sda2 230G 210G 7.6G 97% /disk3

/dev/sda1 230G 229M 218G 1% /disk2

/dev/sr0 3.2G 3.2G 0 100% /DVDCD

/dev/mapper/VolGroup-lv_home

40G 176M 38G 1% /home


Membuat LV baru dengan sisa yang sudah kita reduce sebelumnya


[root@twins /]# lvcreate -L 53G -n temp VolGroup

Logical volume "temp" created

[root@twins /]# lvs

LV VG Attr LSize Origin Snap% Move Log Copy% Convert

lv_home VolGroup -wi-ao 40.00g

lv_root VolGroup -wi-ao 50.00g

lv_swap VolGroup -wi-ao 4.95g

temp VolGroup -wi-a- 53.00g

[root@twins /]# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/mapper/VolGroup-lv_root

50G 8.6G 39G 19% /

tmpfs 1.5G 88K 1.5G 1% /dev/shm

/dev/sdb1 485M 30M 430M 7% /boot

/dev/sda2 230G 210G 7.6G 97% /disk3

/dev/sda1 230G 188M 218G 1% /disk2

/dev/sr0 3.2G 3.2G 0 100% /DVDCD

/dev/mapper/VolGroup-lv_home

40G 218M 38G 1% /home

[root@twins /]# mkfs -t ext4 /dev/mapper/VolGroup-temp

mke2fs 1.41.12 (17-May-2010)

Filesystem label=

OS type: Linux

Block size=4096 (log=2)

Fragment size=4096 (log=2)

Stride=0 blocks, Stripe width=0 blocks

3473408 inodes, 13893632 blocks

694681 blocks (5.00%) reserved for the super user

First data block=0

Maximum filesystem blocks=4294967296

424 block groups

32768 blocks per group, 32768 fragments per group

8192 inodes per group

Superblock backups stored on blocks:

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,

4096000, 7962624, 11239424


Writing inode tables: done

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information: done


This filesystem will be automatically checked every 33 mounts or

180 days, whichever comes first. Use tune2fs -c or -i to override.

[root@twins /]# mkdir temporary

[root@twins /]# mount /dev/mapper/VolGroup-temp /temporary/

[root@twins /]# vi /etc/fstab =è> tambahkan di fstab

/dev/mapper/vg_twins-temp /temporary/




[root@twins temporary]# df -h

Filesystem Size Used Avail Use% Mounted on

/dev/mapper/VolGroup-lv_root 8.6G 39G 19% /

Tmpfs 1.5G 88K 1.5G 1% /dev/shm

/dev/sdb 1485M 30M 430M 7% /boot

/dev/sda 2230G 210G 7.6G 97% /disk3

/dev/sda 1230G 188M 218G 1% /disk2

/dev/sr0 3.2G 3.2G 0 100% /DVDCD

/dev/mapper/VolGroup-lv_home 40G 218M 38G 1% /home

/dev/mapper/VolGroup-temp 53G 180M 50G 1% /temporary

Instaling NMON on Linux via rpm

# rpm -ivh nmon-12d-1.el6.rf.x86_64.rpm

# export NMON=mndc

# nmon

nmon keyboard shortcuts


q – To stop and exit nmon.

h – To see quick help (hint) screen and press h again to remove the hints.

Use the following command to turn on or off stats:

c – See cpu stats.

m – See memory stats.

d – See disk stats.

k – See kernel stats.

n – See network stats.

N – See NFS stats.

j – See file system stats.

t – See top process.

V – See virtual memory stats.

. – See only busy disks/procs.

v – Verbose mode (display as Ok/warning/danger on screen)


Capturing and analyzing data with nmon

# nmon -f -s2 -c 30

# nmon -ft -s 30 -c 120

Installing Samba File Sharing On Linux


Install samba

Install paket samba dan samba client

[root@localhost /]# rpm -ivh samba-3.5.4-68.el6.x86_64.rpm

warning: samba-3.5.4-68.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY

Preparing... ########################################### [100%]

1:samba ########################################### [100%]

[root@localhost /]#

[root@localhost /]# rpm -ivh samba-client-3.5.4-68.el6.x86_64.rpm

warning: samba-client-3.5.4-68.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY

Preparing... ########################################### [100%]

package samba-client-0:3.5.4-68.el6.x86_64 is already installed

[root@localhost /]#

SAMBA uses ports 137,138,139 and 445

Port 137


UDP NetBIOS name service (WINS)

Port 138


UDP NetBIOS datagram

Port 139


TCP NetBIOS Session (TCP), Windows File and Printer Sharing

Port 445


Microsoft-DS Active Directory, Windows shares (TCP)

Port 445


Microsoft-DS SMB file sharing (UDP)

To open firewall for Samba adds the following rules and restart the iptables

#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT

#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT

#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT


[root@localhost /]# iptables -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT

[root@localhost /]# iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT

[root@localhost /]# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

[root@localhost /]# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

[root@localhost /]#


Add user and password samba

[root@localhost /]# cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

[root@localhost /]# chmod 600 /etc/samba/smbpasswd

[root@localhost /]# smbpasswd -a lutfi

New SMB password:

Retype new SMB password:

Added user lutfi.

[root@localhost /]#nano /etc/selinux/config

Enabled

Ctrl+x

Enter


Set SELinux value to disabled.

vi /etc/sysconfig/selinux


Selanjutnya silahkan akses via webmin dan kombinasikan dengan terminal via ssh


#chown sambauser /sharedata

#chmod 1700 /sharedata

#smbstatus

#testparm

#chgrp smbgroup /sharedata

#chmod 1770 /sharedata