Pages

Thursday, February 27, 2014

OpenStack Installation And Configuring

The OpenStack project is an open source cloud computing platform for all types of clouds, which aims to be simple to implement, massively scalable, and feature rich. Developers and cloud computing technologists from around the world create the OpenStack project.

OpenStack provides an Infrastructure as a Service (IaaS) solution through a set of interrelated services. Each service offers an application programming interface (API) that facilitates this integration. Depending on your needs, you can install some or all services.

Dashboard         ---Horizon
Compute           ---Nova
Networking       ---Neutron
Object Storage  ---Swift
Block Storage   ---Cinder
Identity Service---Keystone
Image Service   ---Glance
Telemetry         ---Ceilometer
Orchestration   ---Heat

Dashboard : Horizon Provides a web-based self-service portal to interact with underlying OpenStack services, such as launching an instance, assigning IP addresses and configuring access controls.

Compute : Nova Manages the lifecycle of compute instances in an OpenStack environment. Responsibilities include spawning, scheduling and decomissioning of machines on demand.

Networking : Neutron Enables network connectivity as a service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them. Has a pluggable architecture that supports many popular networking vendors and technologies.

Storage

Object Storage : Swift Stores and retrieves arbitrary unstructured data objects via a RESTful, HTTP based API. It is highly fault tolerant with its data replication and scale out architecture. Its implementation is not like a file server with mountable directories.

Block Storage : Cinder Provides persistent block storage to running instances. Its pluggable driver architecture facilitates the creation and management of block storage devices.
Shared services

Identity Service : Keystone Provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.

Image Service : Glance Stores and retrieves virtual machine disk images. OpenStack Compute makes use of this during instance provisioning.

Telemetry : Ceilometer Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical purposes.

Higher-level services

Orchestration : Heat Orchestrates multiple composite cloud applications by using either the native HOT template format or the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.



Please run a 64 bit Os in your compute node, else you will be having issue while creating Vm running 64 bit Os. 

Steps Need to Done on the Controller Server

Networking

service iptables stop
chkconfig iptables off

/etc/sysconfig/network-scripts/ifcfg-eth0
# Internal Network
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes

/etc/sysconfig/network-scripts/ifcfg-eth1
# External Network
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes

service network restart

yum -y install policycoreutils setroubleshoot

setenforce 0

yum install -y euca2ools

yum install -y yum-plugin-priorities gedit curl wget nc

Setting Hostname

echo " HOSTNAME=controller" > /etc/hostname
cat /etc/hostname
echo "\n142.0.42.46 controller" >> /etc/hosts
cat /etc/hosts
hostname controller
hostname
ping -c 3 controller

Installing Ntpd Server

yum -y install ntp
service ntpd start
chkconfig ntpd on

Installing Mysql Server

yum -y install mysql mysql-server MySQL-python
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation

set and remember the mysql root password, it will be needed through out further installation.

Installing OpenStack Yum Repos

rpm -ivUh http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm
rpm -ivUh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Installing OpenStack Packages

yum -y install openstack-utils
yum -y install openstack-selinux
yum -y install qpid-cpp-server memcached

vi /etc/qpidd.conf
auth=no
service qpidd start
chkconfig qpidd on

Installing And Configuring KeyStone

yum -y install openstack-keystone python-keystoneclient

The Identity Service uses a database to store information. Specify the location of the database in the configuration file. In this guide, we use a MySQL database on the controller node with the username keystone.

openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:password@controller/keystone

Use the openstack-db command to create the database and tables, as well as a database user called keystone to connect to the database.

openstack-db --init --service keystone --password password

Define an authorization token to use as a shared secret between the Identity Service and other OpenStack services. Use openssl to generate a random token and store it in the configuration file:

ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

By default, Keystone uses PKI tokens. Create the signing keys and certificates:

chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
service openstack-keystone start
chkconfig openstack-keystone on

Define users, tenants, and roles

export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://142.0.42.46:35357/v2.0

keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=password
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin

[root@server ~]# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 56b2c2009ac4402996df23f85587eb60 |
| name | admin |
+-------------+----------------------------------+
[root@server ~]# keystone tenant-create --name=service --description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 48606f4b78024ba5b34f1854154be27e |
| name | service |
+-------------+----------------------------------+
[root@server ~]# keystone user-create --name=admin --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 72d9b80b1e464558ab9f563241106a69 |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | ba0ed19af57f4122b4c43c8868bfb47c |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone user-role-add --user=admin --tenant=admin --role=admin

Define services and API endpoints

keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0

[root@server ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+

[root@server ~]# keystone endpoint-create --service-id=05c8b4bcd2b44b59a5f8a3a8cde43c2e --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:35357/v2.0 |
| id | c91bacef4e0549709109d102d26d940e |
| internalurl | http://142.0.42.46:5000/v2.0 |
| publicurl | http://142.0.42.46:5000/v2.0 |
| region | regionOne |
| service_id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
+-------------+----------------------------------+
[root@server ~]#


Verify the Identity Service installation


unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://142.0.42.46:35357/v2.0 token-get

export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://142.0.42.46:35357/v2.0

keystone token-get

keystone user-list

+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 72d9b80b1e464558ab9f563241106a69 | admin | True | |
+----------------------------------+-------+---------+-------+
[root@server ~]#

Install and Configure the Image Service

openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance

openstack-db --init --service glance --password password

keystone user-create --name=glance --pass=password

+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 903ccd5db7da45d9a15a52f37634652f |
| name | glance |
+----------+----------------------------------+

keystone user-role-add --user=glance --tenant=service --role=admin

Configure the Image Service to use the Identity Service for authentication.

Run the following commands and replace Password with the password you chose for the glance user in the Identity Service:

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://142.0.42.46:5000

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

On CentOS
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini

Edit each file to set the following options in the [filter:authtoken] section and leave any other existing option as it is.

[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS

keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292

Output

[root@server ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | 75a7bef17f9b4329bb84aab14e3a01ae |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=75a7bef17f9b4329bb84aab14e3a01ae --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:9292 |
| id | 10fb121e1190488a85341fe34d567c36 |
| internalurl | http://142.0.42.46:9292 |
| publicurl | http://142.0.42.46:9292 |
| region | regionOne |
| service_id | 75a7bef17f9b4329bb84aab14e3a01ae |
+-------------+----------------------------------+
[root@server ~]#

service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on

Verify the Image Service installation

mkdir images
cd images/
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img

glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
glance image-list

[root@server ~]# cd images/
[root@server images]# wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
--2014-02-27 11:48:30-- http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
Resolving cdn.download.cirros-cloud.net... 204.188.136.134, 204.188.136.74, 2001:559:0:5a::1743:3c82, ...
Connecting to cdn.download.cirros-cloud.net|204.188.136.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13147648 (13M) [application/octet-stream]
Saving to: “cirros-0.3.1-x86_64-disk.img”

100%[===========================================================================================================>] 13,147,648 10.1M/s in 1.2s

2014-02-27 11:48:32 (10.1 MB/s) - “cirros-0.3.1-x86_64-disk.img” saved [13147648/13147648]

[root@server images]# glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | d972013792949d0d3ba628fbe8685bce |
| container_format | bare |
| created_at | 2014-02-27T16:50:47 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 886c9f6a-f38c-491d-a2b4-220cf90bd064 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | CirrOS 0.3.1 |
| owner | 56b2c2009ac4402996df23f85587eb60 |
| protected | False |
| size | 13147648 |
| status | active |
| updated_at | 2014-02-27T16:50:48 |
+------------------+--------------------------------------+
[root@server images]# glance image-list
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | qcow2 | bare | 13147648 | active |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
[root@server images]#

Install And Configure Compute controller service

yum -y install openstack-glance

openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance

openstack-db --init --service glance --password password

Set the my_ip, vncserver_listen, and vncserver_proxyclient_address configuration options to the internal IP address of the controller node:

openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 142.0.42.46

keystone user-create --name=nova --pass=password
keystone user-role-add --user=nova --tenant=service --role=admin

Configure Compute to use these credentials with the Identity Service running on the controller. Replace password with your Compute password.

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
Add the credentials to the /etc/nova/api-paste.ini file. Add these options to the [filter:authtoken] section:
You might sometimes have to edit .ini files during initial setup. However, do not edit these files for general configuration tasks.

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = nova
admin_password = password

Ensure that the api_paste_config=/etc/nova/api-paste.ini option is set in the /etc/nova/nova.conf file.
keystone service-create --name=nova --type=compute --description="Nova Compute service"

keystone endpoint-create --service-id=the_service_id_above --publicurl=http://controller:8774/v2/%\(tenant_id\)s --internalurl=http://controller:8774/v2/%\(tenant_id\)s --adminurl=http://controller:8774/v2/%\(tenant_id\)s

service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on

nova image-list

+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
[root@server images]#

Installing And Configuring the dashboard

yum -y install memcached python-memcached mod_wsgi openstack-dashboard

Update the ALLOWED_HOSTS in local_settings.py to include the addresses you wish to access the dashboard from.

Edit /etc/openstack-dashboard/local_settings:

ALLOWED_HOSTS = ['localhost', 'my-desktop', '*']
This guide assumes that you are running the Dashboard on the controller node. You can easily run the dashboard on a separate server, by changing the appropriate settings in local_settings.py.

Edit /etc/openstack-dashboard/local_settings and change OPENSTACK_HOST to the hostname of your Identity Service:

OPENSTACK_HOST = "controller"
Start the Apache web server and memcached:

service httpd start
service memcached start
chkconfig httpd on
chkconfig memcached on

You can now access the dashboard at http://controller/dashboard .

Configure a Compute node

yum -y install openstack-nova-compute

Edit the /etc/nova/nova.conf configuration file:

# openstack-config --set /etc/nova/nova.conf database connection mysql://nova:NOVA_DBPASS@controller/nova
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password NOVA_PASS

  1. Configure the Compute Service to use the Qpid message broker by setting these configuration keys:
    # openstack-config --set /etc/nova/nova.conf \
  DEFAULT rpc_backend nova.openstack.common.rpc.impl_qpid
# openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller



Configure Compute to provide remote console access to instances.

# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.0.11
# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.0.11
# openstack-config --set /etc/nova/nova.conf \
DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html

Specify the host that runs the Image Service.

# openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller

Edit the /etc/nova/api-paste.ini file to add the credentials to the [filter:authtoken] section

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS

Start the Compute service and configure it to start when the system boots.

# service libvirtd start
# service messagebus start
# chkconfig libvirtd on
# chkconfig messagebus on
# service openstack-nova-compute start
# chkconfig openstack-nova-compute on

Posted by at No comments:
Labels: ,

Tuesday, January 14, 2014

Migrated from Plesk, Ensim, or DirectAdmin To WHM

Sometimes, moving website accounts from servers like Plesk, Ensim, or DirectAdmin to cPanel using the usual automated tools can hit a snag. This might be due to slow network connections or small software glitches. The good news is that manually migrating an account is straightforward.

WHY MANUAL MIGRATION?

Automated migration tools are great, but they can fail if:

  • The connection between your old server and the new cPanel server is unreliable, causing the migration to time out.

  • There are known issues with the migration scripts that haven't been fixed yet.

In these cases, a simple manual process can save the day.

THE MANUAL MIGRATION PROCESS

Manually moving an account involves four main steps:

  1. Getting a list of accounts on your old server.

  2. Packaging a chosen account into a single file.

  3. Copying that packaged file to your new cPanel server.

  4. Restoring the account on the cPanel server.

STEP-BY-STEP GUIDE

Here’s how to do it:

1. PREPARE THE SOURCE SERVER

On your old server (Plesk, Ensim, or DirectAdmin), you need two scripts: one to list accounts and one to package them.

  • Download the account list script: wget http://httpupdate.cpanel.net/cpanelsync/transfers_DEVEL/pkgacct/updateuserdomains-universal

  • Download the packaging script (choose one based on your old server type):

    • For Plesk: wget http://httpupdate.cpanel.net/cpanelsync/transfers_DEVEL/pkgacct/pkgacct-pXa

    • For Ensim: wget http://httpupdate.cpanel.net/cpanelsync/transfers_DEVEL/pkgacct/pkgacct-enXim

    • For DirectAdmin: wget http://httpupdate.cpanel.net/cpanelsync/transfers_DEVEL/pkgacct/pkgacct-da

2. MAKE SCRIPTS EXECUTABLE

After downloading, you need to give these scripts permission to run:

  • chmod +x updateuserdomains-universal

  • chmod +x pkgacct-* (This command makes the specific pkgacct script you downloaded executable).

3. GENERATE THE ACCOUNT LIST

Run the updateuserdomains-universal script to create a list of accounts:

  • ./updateuserdomains-universal

This will create a file at /etc/trueuserdomains containing all the accounts that can be packaged.

4. PACKAGE THE ACCOUNT

Now, pick an account you want to move from the /etc/trueuserdomains file. For example, let's say the username is "alice". Run the appropriate packaging script (using pkgacct-pXa for Plesk in this example):

  • ./pkgacct-pXa alice

This command will create a single archive file, typically named /home/cpmove-alice.tar.gz. The time this takes depends on the account's size.

  • Important Tip: If your /home directory is full, you can specify another location for the packaged file. For example, to save it to /disk1: ./pkgacct-pXa alice /disk1 This would create /disk1/cpmove-alice.tar.gz.

  • Stay Connected (Optional but Recommended): Use the screen command before packaging and restoring. This ensures the process continues even if your connection to the server drops. Just type screen before running the packaging command.

5. COPY THE ACCOUNT TO THE NEW SERVER

You can copy the packaged account file (cpmove-alice.tar.gz) to your new cPanel server in two ways:

  • From the source server: scp /home/cpmove-alice.tar.gz root@x.x.x.x:/home (Replace x.x.x.x with your cPanel server's IP address)

  • From the cPanel server: cd /home scp root@x.x.x.x:/home/cpmove-alice.tar.gz . (Again, replace x.x.x.x with the source server's IP address)

6. RESTORE THE ACCOUNT ON THE CPANEL SERVER

Once the file is on your new cPanel server, navigate to the /home directory and restore the account. Remember to use screen here too if you chose to earlier.

  • cd /home

  • /scripts/restorepkg cpmove-alice.tar.gz

After a successful restore, you can delete the cpmove-alice.tar.gz file from /home to free up space.

Posted by at No comments:
Labels:

Monday, December 16, 2013

Exim cheat sheet

Exim is a powerful mail transfer agent (MTA) used on many Linux servers. When emails can't be delivered immediately, they get put into a "queue." Managing this queue is crucial for server health and ensuring mail delivery. This guide provides quick commands for common Exim queue tasks.

CLEARING THE EXIM MAIL QUEUE

Sometimes, you need to clear out stuck or unwanted emails from the queue.

  • Remove All Mails: This command directly deletes all files from the input directory of the Exim spool, effectively clearing the entire queue. rm -rf /var/spool/exim/input/*

  • Delete All Frozen Mails: Frozen emails are those that Exim has temporarily stopped trying to deliver due to issues. exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm Alternatively, a more concise command: exiqgrep -z -i | xargs exim -Mrm

  • Delete Frozen Mails Older Than a Day: This is useful for clearing old, stalled messages without affecting newer ones. The 86400 represents seconds (1 day). exiqgrep -zi -o 86400 | xargs exim -Mrm You can change 86400 to any number of seconds for a different time frame.

  • Clear Spam Mails: If your logs indicate messages are marked as [SPAM]. grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

  • Clear Frozen Mails (Based on Log Entry): grep -R -l '*** Frozen' /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

  • Clear Mails for Unverified Recipients: grep -R -l 'The recipient cannot be verified' /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

  • Remove Mails from a Specific Sender (e.g., 'root'): Replace "" with the sender's email address or username, for example, root@yourhostname. exim -bp |grep ""|awk '{print $3}'|xargs exim -Mrm

  • Remove 'nobody' Mails: These often come from scripts. Replace HOSTNAME with your server's hostname.

    • From a specific sender (nobody@HOSTNAME): exiqgrep -i -f nobody@HOSTNAME | xargs exim -Mrm

    • For a specific recipient/domain (nobody@HOSTNAME): exiqgrep -i -r nobody@HOSTNAME | xargs exim -Mrm

  • Delete Mails for a Specific Domain: Replace yourdomain.com with the actual domain. exim -bp | grep "yourdomain.com" | awk {'print $3'} | xargs exim -Mrm

DELIVERING MAILS FROM THE QUEUE

If emails are stuck but should be delivered, you can force a delivery attempt.

  • Force Deliver All Mails: This command attempts to deliver all messages in the queue. The -P 40 option attempts 40 deliveries in parallel. exim -bpru |awk '{print $3}' | xargs -n 1 -P 40 exim -v -M

  • Flush the Mail Queue (Force Another Run): This tells Exim to process the queue again. exim -qff Alternatively: /usr/sbin/exim -qff exim -qf

  • Force Deliver Mails of a Particular Domain: Replace domain.com with the target domain. exim -v -Rff domain.com

  • Force Deliver a Specific Message: Replace MSGID with the message's unique ID. exim -M MSGID To view the transaction during delivery: exim -v -M MSGID

CHECKING THE EXIM MAIL QUEUE STATUS

These commands help you monitor the queue and inspect individual messages.

  • Exim Queue Summary: Provides details like count, volume, oldest, newest message, and domain breakdown. exim -bp | exiqsumm

  • Number of Frozen Mails: exim -bpr | grep frozen | wc -l

  • Total Number of Mails in Queue: exim -bpr | grep "<" | wc -l A simpler alternative: exim -bpc

  • View Mail in Queue for a User/Sender: Replace $name with the username or email address. exim -bp|grep $name

  • Check All Mails in the Queue: This lists all messages and their IDs. exim -bp

  • View Log for a Message: Replace message ID with the actual ID. exim -Mvl message ID

  • View Message Header: Replace $MSGID with the message ID. exim -Mvh $MSGID

  • View Message Body: Replace $MSGID with the message ID. exim -Mvb $MSGID

ADVANCED EXIM TOOLS

  • Simulate SMTP Transaction: This command helps debug Exim's checks, ACLs (Access Control Lists), and filters without actually sending a mail. Replace 127.0.0.1 with the IP you want to simulate from. exim -bh 127.0.0.1

  • Most Used Mailing Script Locations: This can help identify scripts sending a lot of mail. grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

  • Check Syntactic Errors in Configuration: Use this when modifying Exim's configuration file. exim -C /config/file.new -bV

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)