10 Key Tips for "lazy" Linux administrators

Source: Internet
Author: User
Tags ssh port lenovo

A good system administrator distinguishes between efficiency. If an efficient system administrator can complete a task that someone else needs 2 hours to complete in 10 minutes, he should be rewarded (get more money) because he saves time for the company and time is cash, doesn't it?

The trick is to improve management efficiency. Although this article does not intend to discuss all the techniques, I will introduce the 10 basic magic weapon used by the "lazy" administrator. These tips can save you time-even if you don't get paid more for being productive, but at least you can have more time to play.

Tip 1: Uninstall the unresponsive DVD drive

Experience with a novice network: When you press the Eject button on the DVD drive of the server (running the Redmond operating system), it pops up immediately. He then complained that in most enterprise Linux servers, if a process was running in that directory, the popup would not happen. As a long-term Linux administrator, I will restart the machine. If I don't know what's running, and why not release the DVD drive, I'll eject the disk. But this is inefficient.

Here's how to find the process that keeps the DVD drive and easily eject the DVD drive: simulate first. Put the disk in the DVD drive, open a terminal, mount the DVD drive:

# mount /media/cdrom
# cd /media/cdrom
# while [ 1 ]; do echo "All your drives are belong to us!"; sleep 30; done

Now open the second terminal and try to eject the DVD drive:

# eject

You will get the following message:

umount: /media/cdrom: device is busy

Before releasing the device, let's find out who is using it.

# fuser /media/cdrom

The process is running and cannot eject the disk is actually our error.

Now, if you are the root user, you can terminate the process at will:

# fuser -k /media/cdrom

Now you can finally uninstall the drive:

# eject

fuserIt's normal.

Back to top of page

Tip 2: Recover the screen that is having problems

Try these actions:

# cat /bin/cat

Attention! The terminal is like rubbish. Everything entered is very messy. So what should we do?

Input reset . However, the input reset and reboot input shutdown are too close. The palms are sweating-especially when performing this operation on a production machine.

Don't worry, the machine does not restart when you do this. To continue the operation:

# reset

Now the screen is back to normal. This is much better than closing the window and landing again, especially if you have to go through 5 machines and SSH to get to the machine.

Back to top of page

Tip 3: Screen collaboration

David, a senior maintenance user from product engineering, called, "Why can't I compile supercode.c on these new machines you deploy?"

You will ask him: "What machine are you running?" ”

David replied, "Posh." (This virtual company names its 5 production servers in the fashion of Spice Girls). You can do it now, and another machine is operated by David:

# su - david

Go to Posh:

# ssh posh

When you arrive, run the following code:

# screen -S foo

Then call David:

"David, Run command at Terminal # screen -x foo ."

This allows you and David to join the conversation in a Linux shell. You can enter, he can also input, but can see each other to do things. This avoids entering other levels, and both sides have the same control. The benefit of this is that David can observe your troubleshooting skills and know exactly how to solve the problem.

Finally, everyone can see the problem: David's compilation script hardcoded an old directory that is not on this new server. Mount it and compile it again to fix the problem, and David continues to work. You can continue with your previous entertainment activities.

One thing to note about this technique is that both parties need to log on with the same user. screencommands can also: implement multiple windows and split screens. Please read the manual page for more information.

For screen The session, I have one last trick. To detach from it and let it open, enter Ctrl-A D (that is, hold down the Ctrl key and click the A key.) Then press the D key).

screen -x fooyou can then re-stitch them by running the command again.

Back to top of page

Tip 4: Retrieve the root password

If you forget the root password, you must reinstall the entire machine. Even worse, many people would do so. But it is easy to start the machine and change the password. This does not apply in all cases (such as setting up a GRUB password but also forgetting), but here is an example of a Cent OS Linux that describes the operation in general.

Restart the system first. The GRUB screen shown in 1 will jump out when you restart. Move the arrow keys so that you can keep on this screen instead of going into normal startup.

Figure 1. The GRUB screen after reboot

650) this.width=650; "alt=" After restarting the GRUB screen "src=" Http://www.ibm.com/developerworks/cn/linux/l-10sysadtips/figure1.jpg " Width= "572"/>

Then, use the arrow keys to select the kernel you want to start, and enter E to edit the kernel line. You can then see the screen shown in 2:

Figure 2: Preparing to edit the kernel line

650) this.width=650; "alt=" Preparing to edit the kernel line "src=" Http://www.ibm.com/developerworks/cn/linux/l-10sysadtips/figure2.jpg " Width= "572"/>

Use the arrow keys again to highlight the kernel line to begin with, and press E to edit the kernel parameters. When you reach the screen shown in 3, append the number 1 to the parameter shown in Figure 3:

Figure 3. Append the number 1 after the parameter

650) this.width=650; "alt=" Appends the number 1 "src=" http://www.ibm.com/developerworks/cn/linux/l-10sysadtips/figure3.jpg "to the parameter Width= "572"/>

Then press Enter and B, and the kernel will boot into single-user mode. Then run passwd the command to change the user root password:

sh-3.00# passwd
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

It is now possible to reboot and the machine will start with the new password.

Back to top of page

Tip 5:ssh Back Door

A lot of times, my site needs someone's remote support, and he is the company's fire resistance is strong blocking the outside. Few people realize that if you can get outside through a firewall, it's easy to get outside information in.

This is called "hitting a hole in the fire wall" from the original intention. I call it SSH backdoor . In order to use it, you must have a machine that is connected to the Internet as a mediator.

In this case, the machine is called blackbox.example.com. The machine behind the corporate firewall is called ginger. The machine supported by this technology is called TECH. Figure 4 explains the setup process.

Figure 4. Hit a hole in the fire wall.

650) this.width=650; "alt=" hit a hole in the fire wall "src=" Http://www.ibm.com/developerworks/cn/linux/l-10sysadtips/figure4.gif " Width= "510"/>

Here are the steps to proceed:

  1. Check what is allowed to do, but make sure you ask the right person. Most people worry that you've turned on the firewall, but they don't understand that it's completely encrypted. Furthermore, external machines must be cracked to get inside the company. However, you may be an "aggressive" type of person. Self-judgment should be chosen in the way, but not when not complaining about others.

  2. Use -R tags to connect to blackbox.example.com from Ginger via SSH. If you are the root user on ginger, tech needs a root user ID to help with the system. Use the -R tag to forward the instructions for Port 2222 on the blackbox to Ginger ports 22. This sets up the SSH channel. Note that only SSH traffic can enter Ginger: you will not put Ginger on an unprotected Internet.

    You can do this using the following syntax:

    ~# ssh -R 2222:localhost:22 [email protected]

    After entering Blackbox, just keep logged in. I always enter the following command:

    [email protected]:~$ while [ 1 ]; do date; sleep 300; done

    Keep the machine in a busy state. Then minimize the window.

  3. Now instruct a friend on tech to connect to blackbox using SSH, without any special SSH tags to use. But you have to give them the password:

    [email protected]:~# ssh [email protected].

  4. When tech is on the blackbox, you can connect to ginger from SSH using the following command:

    [email protected]:~$: ssh -p 2222 [email protected]

  5. Tech will prompt for a password. The root password of the ginger should be entered.

  6. Now you and tech support can work together and solve the problem. Even need to use the screen together! (see Tip 4).

Back to top of page

Tip 6: Remote VNC session via SSH Channel

VNC or virtual network Computing has existed for a long time. Normally, I need VNC when a class of graphics programs on a remote server can only be used on this server.

For example, suppose that in tip 5, ginger is a storage server. Many devices use GUI programs to manage storage controllers. These GUI management tools often need to be connected directly to a storage server via a network, which is sometimes saved in a dedicated subnet. Therefore, this GUI can only be accessed through ginger.

You can try using the -X option to connect to Ginger via SSH and start it, but this is a high bandwidth requirement and you need to endure the pain of waiting. VNC is a network-friendly tool that works on almost all operating systems.

Suppose the settings are the same as in tip 5, but hopefully tech can access VNC instead of SSH. For this scenario, you need to do something similar, but the VNC port is being forwarded. Perform the following steps:

  1. Start a VNC server session on the ginger. Run the following command:

    [email protected]:~# vncserver -geometry 1024x768  -depth 24 :99

    These options indicate a boot server with a resolution of 1024x768 and a pixel depth of 24 bits per pixel. If you use slower connection settings, 8 is probably the better option. Use :99 the port specified to access the VNC server. The VNC protocol starts at 5900 and therefore :99 indicates that the server is reachable from Port 5999.

    When you start the session, you are asked to specify a password. The user ID is the same as the user who started the VNC server (in this case the root user).

  2. SSH connecting to blackbox.example.com from Ginger forwards Port 5999 on Blackbox to ginger. This is done in ginger by running the following command:

    [email protected]:~# ssh -R 5999:localhost:5999 [email protected]

    After you run this command, you need to leave this SSH session open so that you can keep the ports that are forwarded to ginger. At this point, if you are on Blackbox, run the following command to access the VNC session on the ginger:

    [email protected]:~$ vncviewer localhost:99

    This will send the port to ginger via SSH, but we would like to have VNC access to ginger via tech. To do this, another channel is required.

  3. In tech, open a channel and forward port 5999 through SHH to Port 5999 on the blackbox. This is done by running the following command:

    [email protected]:~# ssh -L 5999:localhost:5999 [email protected]

    The SSH tag used this time is -L not to put 5999 in Blackbox, but to get from it. After you reach Blackbox, you need to keep this session open. You can now use VNC in tech!

  4. In tech, run the following command to connect VNC to the ginger:

    [email protected]:~# vncviewer localhost:99.

    Tech will now have a VNC session directly to ginger.

Setup is a bit cumbersome, but running around much better than repairing the storage array. But it's easier to practice a few more times.

I would also like to add that if tech is running a Windows operating system and there are no command-line SSH clients, then tech can run Putty. Putty can be set to forward an SSH port by looking for options in the sidebar. If the port is 5902 instead of 5999 in this example, you can enter the contents of Figure 5.

Figure 5. Putty can forward SSH as a channel

650) this.width=650; "alt=" Putty can be forwarded as a channel SSH port "src=" http://www.ibm.com/developerworks/cn/linux/l-10sysadtips/ Figure5.jpg "width=" 332 "/>

If this is done, then tech can use VNC to connect to the Localhost:2, just as tech is running on the Linux operating system.

Back to top of page

Tip 7: Check Bandwidth

Imagine that company A has a storage server named Ginger and mounts NFS through a client node named Beckham. Company A determines that they need to get more bandwidth from Ginger because there are a large number of nodes that require NFS to mount Ginger's shared file system.

The most common and inexpensive way to do this is to combine two Gigabit Ethernet NICs. This is the cheapest, because you will typically have an additional available NIC and an additional port.

So take this approach. But now the question is: how much bandwidth does it really need?

The theoretical limit of the gigabit Ethernet is 128mbit/s. Where does this number come from? Look at these calculations:

1Gb = 1024Mb;1024mb/8 = 128MB; "B" = "bits," "B" = "bytes"

But what do you actually see, and what are the good ways to measure it? I recommend a tool iperf. Iperf can be obtained as follows:

# wget http://dast.nlanr.net/Projects/Iperf2.0/iperf-2.0.2.tar.gz

This tool needs to be installed on a shared file system that is visible to both ginger and Beckham, or compiled and installed on two nodes. I will compile it in the home directory of the Bob user who is visible to all two nodes:

tar zxvf iperf*gz
cd iperf-2.0.2
./configure -prefix=/home/bob/perf
make
make install

On the ginger, run:

# /home/bob/perf/bin/iperf -s -f M

This machine will be used as a server and output execution speed in Mbit/s.

On the Beckham node, run:

# /home/bob/perf/bin/iperf -c ginger -P 4 -f M -w 256k -t 60

The results on all two screens indicate what the speed is. On a normal server that uses a gigabit adapter, you may see a speed of about 112mbit/s. This is the usual bandwidth in the TCP stack and physical cables. By connecting two servers in an end-to-end manner, each server uses two connected Ethernet cards, and I get about 220mbit/s bandwidth.

In fact, the NFS seen on the connected network is about 150-160mbit/s. This still indicates that bandwidth can achieve the desired effect. If you see a smaller value, you should check for problems.

I recently encountered a situation in which two NICs with different drivers were connected by connecting the driver. This results in very low performance with a bandwidth of approximately 20mbit/s, which is smaller than the bandwidth when the Ethernet card is not connected!

Back to top of page

Tip 8: Command-line scripting and utilities

Linux system administrators become more efficient by using authoritative command-line scripts. This includes the clever use of loops and the knowledge of how to use awk , grep and so on, sed the utilities to parse the data. Usually this reduces the number of keystrokes and reduces the user error rate.

For example, suppose you need to generate a new/etc/hosts file for the Linux cluster that will be installed. As a general practice, add an IP address to the VI or text editor. However, you can do this by using an existing/etc/hosts file and appending the following to this file. Run on the command line:

# P=1; for i in $(seq -w 200); do echo "192.168.99.$P n$i"; P=$(expr $P + 1);
done >>/etc/hosts

200 host names (n001 through n200) will be created by IP addresses (192.168.99.1 to 192.168.99.200). Manually populating such files may create duplicate IP addresses or host names, so this is a good example of using the built-in command line to eliminate user errors. Note that this is done within the bash shell (default values for most Linux distributions).

Another example would be to check if the memory size in each compute node in the Linux cluster is the same. In general, owning a distribution or similar shell is the best. But for demonstration purposes, the following SSH is used.

Assume that SSH is set to not use password authentication. Then run:

# for num in $(seq -w 200); do ssh n$num free -tm | grep Mem | awk ‘{print $2}‘;
done | sort | uniq

Such a command line is fairly concise. (It would be worse if you put a regular expression in it.) Let's subdivide it and discuss the sections in detail.

First cycle from 001 to 200. Use seq the options in the command to -w populate the front 0. Then replace num the variable to create the host connected via SSH. After you have the target host, issue a command to it. In this case:

free -m | grep Mem | awk ‘{print $2}‘

The meaning of this command is:

    • Use free the command to get the memory size in megabytes.

    • Gets the result of this command and uses the grep fetch line that contains Mem the string.

    • Gets the row and uses the awk output second field, which is the total memory in the node.

Perform this operation on each node.

After executing the command on each node, the entire output of the 200 nodes is routed ( | D) to the sort command to sort all the memory values.

Finally, use the uniq command to eliminate duplicates. This command can result in one of the following scenarios:

    • If all nodes (n001 through n200) have the same memory size, only one number is displayed. This number is the amount of memory that each operating system sees.

    • If the node memory size is different, you will see a few memory size values.

    • Finally, if SSH fails on a node, you will see some error messages.

This command is not perfect. If you find a different memory value than you expect, you don't know which node is out of the question, or how many nodes are there. Another command needs to be issued for this purpose.

This technique provides a quick way to see something, and you can know it immediately if an error occurs. Its value lies in a quick check.

Back to top of page

Tip 9: Console reconnaissance

Some software outputs error messages to the console, and the console does not necessarily appear in the SHH session. Use a VCS device to check. In an SSH session, # cat /dev/vcs1 run the following command on the remote server. This displays the contents of the first console. You can also view other virtual terminals using 2, 3, and so on. If a user enters on a remote system, you'll see what he's entered.

Using a remote Terminal Server, KVM, or even Serial over LAN is the best way to view this information in most data farms, and it also provides some benefits of out-of-band viewing capabilities. Using a VCS device can provide a fast in-band approach, which saves time in the computer room to view the console.

Back to top of page

Tip 10: Random System Information collection

In Tip 8, we describe an example of using the command line to get information about the total memory in the system. In this tip, I'll cover a few other ways to collect important information from systems that require validation, troubleshooting, or remote support.

First, gather information about the processor. This is easy to achieve with the following commands:

# cat /proc/cpuinfo

This command gives information about the speed, number, and model of the processor. In many cases, the grep desired value can be obtained.

My frequent check is to determine the number of processors in the system. So if I buy a four-core server with a dual-core processor, I can run the following command:

# cat /proc/cpuinfo | grep processor | wc-l

Then I see that the value should be 8. If not, I will call the supplier and ask them to send me another processor.

Another piece of information I need is disk information. Can be df obtained using commands. I always add -h tags to see the output in 1 billion-byte or megabyte units. # df -hthe partition of the disk is also displayed.

The end of the list is how to view the system firmware-a method for obtaining firmware information on the BIOS level and on the NIC.

To check the BIOS version, you can run the dmidecode command. Unfortunately, getting information is not easy to use grep , so this is not a very effective approach. For my Lenovo T61 laptop, the output is as follows:

#dmidecode | less
...
BIOS Information
       Vendor: LENOVO
       Version: 7LET52WW (1.22 )
       Release Date: 08/27/2007
...            

This is much more effective at starting the machine and viewing the POST output.

To check the driver and firmware version of your Ethernet adapter, run ethtool :

# ethtool -i eth0
driver: e1000
version: 7.3.20-k2-NAPI
firmware-version: 0.3-0


10 Key Tips for "lazy" Linux administrators

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.