Pages

Thursday, July 9, 2015

Delete a nat rule in iptables


First of all I list all the rules including line numbers like this;

iptables -L -t nat –line-numbers

I then look at the output that will be similar to the below

In this example lets say I want to delete rule number 2 in the PREROUTING chain, I would enter the following;

iptables -t nat -D PREROUTING 2

In English the above line means remove line number 2 from the PREOUTING chain, I would then run the first command again to check my iptables file, then save the iptables file and restart the iptables service.

iptables -L -t nat –line-numbers

service iptables save

service iptables restart

All the above is carried out running on Centos, you may have to edit slightly for your particular distribution.

Wednesday, July 8, 2015

Linux tune the VM subsystem.

Tuning the memory subsystem in Linux is a powerful but delicate task. The right settings can boost your system’s performance, but incorrect changes may cause instability or slowdowns. Always adjust one parameter at a time and monitor your system before making further changes.

Exploring /proc/sys/vm

The /proc/sys/vm directory contains files that represent kernel parameters for the virtual memory subsystem. You can read and write to these files to tune system behavior.

To view the files, use:
cd /proc/sys/vm
ls -l

Sample output:
-rw-r--r-- 1 root root 0 Oct 16 04:21 block_dump
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_background_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_expire_centisecs
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_ratio
-rw-r--r-- 1 root root 0 Oct 16 04:21 dirty_writeback_centisecs
-rw-r--r-- 1 root root 0 Oct 16 04:21 drop_caches
-rw-r--r-- 1 root root 0 Oct 16 04:21 swappiness
-rw-r--r-- 1 root root 0 Oct 16 04:21 vfs_cache_pressure
...

Key Parameters and Their Effects

  1. dirty_background_ratio
    Purpose: Sets the percentage of system memory filled with “dirty” pages (pages to be written to disk) before the background writeback daemon (pdflush) starts writing them out.

Check current value:
sysctl vm.dirty_background_ratio

Default example:
vm.dirty_background_ratio = 10

Tuning:
Increasing this value (for example, to 20) means less frequent flushes, which may benefit systems with fast disks but can cause larger flushes at once.
sysctl -w vm.dirty_background_ratio=20

  1. swappiness
    Purpose: Controls how aggressively the kernel swaps memory pages to disk.

Check current value:
sysctl vm.swappiness

Default example:
vm.swappiness = 60

Tuning:
Lower values reduce swapping (good for desktops), higher values increase swapping (can benefit workloads with long-sleeping processes).
sysctl -w vm.swappiness=100

  1. dirty_ratio
    Purpose: Sets the percentage of system memory that can be filled with dirty pages before processes generating writes must themselves start writing data to disk.

Check current value:
sysctl vm.dirty_ratio

Default example:
vm.dirty_ratio = 40

Tuning:
Lowering this value (for example, to 25) causes data to be written to disk more frequently, reducing the risk of large data loss but possibly impacting performance.
sysctl -w vm.dirty_ratio=25

Best Practices for VM Tuning

  • Change one setting at a time.

  • Monitor system performance after each change using tools like vmstat, top, or free.

  • If performance improves, keep the new setting. If not, revert to the previous value.

  • Document your changes for future reference and troubleshooting.


CloudStack Installation and Configuration

CloudStack is an open-source cloud computing platform similar with both OpenNebula And OpenStack .

Managment Server


service iptables stop
chkconfig iptables off

echo " HOSTNAME=controller.example.com" > /etc/hostname
cat /etc/hostname
echo "142.0.42.46 controller.example.com controller " >> /etc/hosts
echo " HOSTNAME=controller.example.com" >> /etc/sysconfig/network
cat /etc/hosts
hostname controller.example.com
hostname
ping -c 3 controller
yum install -y yum-plugin-priorities gedit curl wget nc
yum -y install policycoreutils setroubleshoot
sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/sysconfig/selinux
sed -i "s/SELINUX=disabled/SELINUX=permissive/g" /etc/sysconfig/selinux
setenforce 0

# vi /etc/yum.repos.d/cloudstack.repo
[cloudstack]
name=cloudstack
baseurl=http://cloudstack.apt-get.eu/rhel/4.2/
enabled=1
gpgcheck=0

yum -y install ntp
service ntpd start
chkconfig ntpd on

yum -y install mysql mysql-server MySQL-python
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation

Downloading vhd-util
wget http://download.cloud.com.s3.amazonaws.com/tools/vhd-util
If the Management Server is RHEL or CentOS, copy vhd-util to /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver.
If the Management Server is Ubuntu, copy vhd-util to /usr/lib/cloud/common/scripts/vm/hypervisor/xenserver/vhd-util.

yum -y install cloud-client

cloudstack-setup-databases cloud:cloud@localhost --deploy-as=root:mysql-password -i 142.0.42.46
cloudstack-setup-management

Mostly by default the the Dashboard password will be admin and password.

yum -y install nfs-utils
mkdir -p /export/primary
mkdir -p /export/secondary
vi /etc/exports
/export *(rw,async,no_root_squash,no_subtree_check)
# vi /etc/sysconfig/nfs
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020

service rpcbind start
service nfs start
chkconfig nfs on
chkconfig rpcbind on

mkdir -p /mnt/primary
mkdir -p /mnt/secondary
mount -t nfs 142.0.42.46:/export/primary /mnt/primary
mount -t nfs 142.0.42.46:/export/secondary /mnt/secondary

Create a System virtual machine template, you also can get it from official site.

Usage: cloud-install-sys-tmplt: -m <secondary storage mount point> -f <system vm template file> [-h <hypervisor name: kvm|vmware|xenserver> ] [ -s <mgmt server secret key, if you specified any when running cloudstack-setup-database, default is password>][-u <Url to system vm template>] [-F <clean up system templates of specified hypervisor>] [-e <Template suffix, e.g vhd, ova, qcow2>] [-o <Database server hostname or ip, e.g localhost>] [-r <Database user name, e.g root>] [-d <Database password. Fllowed by nothing if the password is empty>]
or
cloud-install-sys-tmplt: -m <secondary storage mount point> -u <http url for system vm template> [-h <hypervisor name: kvm|vmware|xenserver> ] [ -s <mgmt server secret key>]

/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://d21ifhcun6b1t2.cloudfront.net/templates/4.2/systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 -h kvm -s -F


On The Compute Node


service iptables stop
chkconfig iptables off

echo " HOSTNAME=compute.example.com" > /etc/hostname
cat /etc/hostname
echo "142.0.42.46 compute.example.com controller " >> /etc/hosts
echo " HOSTNAME=compute.example.com" >> /etc/sysconfig/network
cat /etc/hosts
hostname compute.example.com
hostname
ping -c 3 controller
vi /etc/yum.repos.d/cloudstack.repo
[cloudstack]
name=cloudstack
baseurl=http://cloudstack.apt-get.eu/rhel/4.2/
enabled=1
gpgcheck=0

yum -y install ntp

yum -y install cloudstack-agent
yum -y install qemu-kvm

Modify the libvirt configuration files, remove the following comments, change the value of auth_tcp to “none”
vi /etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
tcp_port = "16509"
auth_tcp = "none"
mdns_adv = 0