Thursday, April 22, 2010

Sorting creation date within ls

When trying to find a file/folder in Linux filesystem using the ls command and we want to get when the file/folder is created and which file is the most recent to be listed first, we can basically use the -lUr options to get the exact output that we intend. Below is an example of the command in work.

-l (The lowercase letter ``ell''.) List in long format. (See
below.) If the output is to a terminal, a total sum for all the
file sizes is output on a line before the long listing.

-U Use time of file creation, instead of last modification for sort-
ing (-t) or long output (-l).

-r Reverse the order of the sort to get reverse lexicographical
order or the oldest entries first (or largest files last, if com-
bined with sort by size

jeff-iMac:~ jeff$ ls -lUr
total 0
drwxr-xr-x+ 5 jeff staff 170 Nov 20 12:46 Sites
drwxr-xr-x+ 5 jeff staff 170 Jun 19 2009 Public
drwx------+ 4 jeff staff 136 Nov 20 12:46 Pictures
drwx------+ 4 jeff staff 136 Jun 19 2009 Music
drwx------+ 3 jeff staff 102 Jun 19 2009 Movies
drwx------+ 29 jeff staff 986 Jun 19 2009 Library
drwx------+ 4 jeff staff 136 Jun 19 2009 Downloads
drwx------+ 4 jeff staff 136 Jun 19 2009 Documents
drwx------+ 4 jeff staff 136 Jun 19 2009 Desktop

I hope this helps!

Thursday, April 15, 2010

Building an Open Source based Infrastructure

If you are a seasoned Linux/Unix Adminstrator, you already know how good it is to administer any Unix like Operating system because of its stability and reliability. Fixing any problems that arises will be routine, or if not, you can easily find help by posting into a particular application/service mailing list, no matter where you are and no matter what time is it. You will certainly get any clue if not the answer to the specific problem that you encountered.

With the stablity and reliability of an application, services, or the Operating System itself, and because of this, we have the luxury of enjoying our valuable time this world. It is also a great time to cut the cost off from the proprietary world. With that on mind, you can use those extra budget to hire some junior level IT staff and make employment, and not only that you created some jobs, you also help them understand the important role of Open Source systems not with what it can only do, but that this systems can also meet business objectives.

Once you have your objectives (IT) already defined, we can now start building the infrastructure using Open Source software. In this scenario, we will be configuring numerous Open Source based applications and services and we will also be going to scale them to be inline with IT objectives. Below lists the infrastructure servers that we will going to build and configure along the way.

We will first be going to configure our NFS server, as this server will be going to host our iso installer images (we will be using RHEL 5.4, but any Linux flavor will do. If you dont have a RHEL installer, you can use CentOS to follow the examples easily), eventually we will also install and configure the vsftp server for FTP and yum, this will further make the whole process of installing and configuring services on our next servers later on. 

Security is mandatory, so before this servers will be available online, we already must have IPtables and other access permissions already set in place.

Now its time to configure our Internet gateway using iptables and configure our caching proxy server using squid, a DHCP server using ISC DHCP.

As we are in the intention to cut cost not just on the software side but also in the hardware and server space footprint (this will also inturn lead to lower power and air-conditioning consumption), we will be utilizing the Xen virtualization software. IT's good to be green. :)

Next inline will be to install and configure our own internal caching only local DNS server, and Sendmail as our SMTP server.

Once we have our mailserver configured (sendmail), we will install and configure SpamAssassin and ClamAv services via milter so our users will not be spammed (well, this is not 100% true, but at least we will be able to minimize the situation to a significant degree).

We will also then need to configure our webserver using apache for web presence and web applications like webmail which we will be using roundcube.

A SQL server for our CMS (Drupal) and other valuable web applications, in this case we will be installing and configuring a MySQL server.

Then there comes the need for sharing files via a centralized fileserver in which we will be using Samba to let our *Windows* clients be able to use the centralized file server. We will also need to secure the server like the need for user authentication, antivirus and logging (we will need to audit/track users on the critical files). Linux clients will connect to the fileserver via nfs as usual, but they can also use samba if they want to.

We will also configure a soft PABX using asterisk, so staffs will be able to communicate where ever they are cheaply :). And we will also configure several softphones and integrate it to our asterisk PABX.

As to any business now, there will also be a need to deploy a VPN gateway for our mobile users/staffs that should be able to access resources from anywhere securely.

With all our servers currently up and running, and there be any need to scale the infrastructure, we will again use different Open Source software and techniques that are already proven and in production all over the world.

Friday, April 9, 2010

Using ssh to administer systems behind a firewall

I have a number of clients with all their systems behind a firewall. That's a very good thing in terms of security, and this firewalls are so tight and don't really allow remote administration of the boxes, this ranges from Fibre Chanel switches, manageable Ethernet switches, Storage Array boxes, Firewall GUI frontend and Etc. But the good news is, I am still able to gain administrative access to this machines via ssh port forwarding. Not only this is secure but it just really works and does the job as expected. Below shows how I am able to connect to one of the RAID Arrays controllers when its time to manage them. Please take note that we must have a ssh login account to the ssh frontend server or the firewall itself and this machines shoud be able to reach the machines inside that we need to administer.

ssh -L 8081: -p 20002

The command above does a port forwarding to a machine (RAID Array controller) inside the example. com network with the IP Address of and the port I would want to connect to which is port 80 of the RAID Array controller to be redirected to my local machines port 8081 (the mahine that I use to ssh to and using my login account to the ssh frontend server and the port is 20002.

Once i gain access with the correct username and password combination, I am certain that the port 80 of the RAID Array controller is now being forwarded to my Local machines port 8081. I will now open my web browser, and type in the following below.


Now, I am able to administer the RAID Array controller as I was still inside the office. :)

Changing the hostname of a RHEL 5.4 server

Sometimes we need to change the hostname of a configured server to reflect its new hostname.  And we will most likely do it if we have just cloned a new drive and connected it to a new server. This can be done with the following steps below.

[root@base ~]# vi /etc/sysconfig/network


The configuration above makes sure that the new hostname (fqdn to be exact) will be persistent and will stick after a reboot.

[root@base ~]# hostname
[root@base ~]# uname -a
Linux 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:54 EDT 2009 i686 i686 i386 GNU/Linux
[root@base ~]# hostname
[root@base ~]# 

Notice that the output of the uname -a command or hostname already shows the intended hostname for this system. But on the shell, it still says its base. At this point we need to logout and login again in order for us to get the new hostname.

Connection to closed.
motto:~ motto$ ssh root@
root@'s password: 
Last login: Fri Apr  9 14:32:27 2010 from
[root@nfs00 ~]# 

Voila! Our servers hostname is now nfs00.

Configuring NFS server on RHEL 5.4

Here, we are going to configure a NFS service on our RHEL 5.4 system. And this NFS server will be used for installing a new OS on our servers via this service. Make sure that the nfs-utils-1.0.9-42.el5 package is install

[root@nfs00 ~]# rpm -qa | grep nfs
[root@nfs00 ~]# rpm -qi nfs-utils-1.0.9-42.el5
Name        : nfs-utils                    Relocations: (not relocatable)
Version     : 1.0.9                             Vendor: Red Hat, Inc.
Release     : 42.el5                        Build Date: Tue 19 May 2009 10:36:44 PM PHT
Install Date: Fri 09 Apr 2010 12:39:42 PM PHT      Build Host:
Group       : System Environment/Daemons    Source RPM: nfs-utils-1.0.9-42.el5.src.rpm
Size        : 768535                           License: GPL
Signature   : DSA/SHA1, Mon 27 Jul 2009 10:32:30 PM PHT, Key ID 5326810137017186
Packager    : Red Hat, Inc.
Summary     : NFS utlilities and supporting clients and daemons for the kernel NFS server.
Description :
The nfs-utils package provides a daemon for the kernel NFS server and
related tools, which provides a much higher level of performance than the
traditional Linux NFS server used by most users.

This package also contains the showmount program.  Showmount queries the
mount daemon on a remote host for information about the NFS (Network File
System) server on the remote host.  For example, showmount can display the
clients which are mounted on that host.

This package also contains the mount.nfs and umount.nfs program.

[root@nfs00 ~]# rpm -qi fs-utils-lib-1.0.8-7.6.el5
package fs-utils-lib-1.0.8-7.6.el5 is not installed
[root@base ~]# rpm -qi nfs-utils-lib-1.0.8-7.6.el5
Name        : nfs-utils-lib                Relocations: (not relocatable)
Version     : 1.0.8                             Vendor: Red Hat, Inc.
Release     : 7.6.el5                       Build Date: Tue 03 Mar 2009 11:27:15 PM PHT
Install Date: Fri 09 Apr 2010 12:36:33 PM PHT      Build Host:
Group       : System Environment/Libraries   Source RPM: nfs-utils-lib-1.0.8-7.6.el5.src.rpm
Size        : 105265                           License: GPL
Signature   : DSA/SHA1, Mon 27 Jul 2009 07:09:34 PM PHT, Key ID 5326810137017186
Packager    : Red Hat, Inc.
URL         :
Summary     : Network File System Support Library
Description :
Support libaries that are needed by the commands and
daemons the nfs-utils rpm.

We need to move the CD/DVD installer iso to the /var/ftp/pub directory

[root@nfs00 ~]# mv rhel-server-5.4-i386-dvd.iso /var/ftp/pub/

Then add the folder or directory three that is intended to be shared to the exports configuration file

[root@nfs00 ~]# echo "/var/ftp/pub/ *(ro,no_root_squash)" >> /etc/exports 

Start the NFS service

[root@nfs00 ~]# /etc/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
[root@nfs00 ~]# 

Check the exported directory is correct

[root@nfs00 ~]# exportfs 

Now we are ready to install the OS on a new machine via NFS.

And oh, finally, we need to make sure that our nfs service starts every time the server is started.

[root@nfs00 ~]# chkconfig --level 345 nfs on
[root@nfs00 ~]# chkconfig --list nfs 
nfs             0:off 1:off 2:off 3:on 4:on 5:on 6:off
[root@nfs00 ~]# 

Thursday, April 8, 2010

Switching SELinux ON/OFF

What is SELinux?

From the FAQ

SELinux is an implementation of mandatory access controls (MAC) on Linux. Mandatory access controls allow an administrator of a system to define how applications and users can access different resources such as files, devices, networks and inter-process communication.

With SELinux an administrator can differentiate a user from the applications a user runs. For example, the user shell or GUI may have access to do anything he wants with his home directory but if he runs a mail client the client may not be able to access different parts of the home directory, such as his ssh keys.

The way that an administrator sets these permissions is with the centralized SELinux policy. The policy tells the system how different components on the system can interact and use resources. The policy typically comes from your distribution but it can be updated on the end system to reflect different configurations or application behavior.

That just sounds fantastique! But if you don't really understand  it, it may me a bit hard to manage. In that case, you can always enable and disable SELinux on your RHEL system with the following commands below.

Verify the state of SELinux on the RHEL system

[root@base ~]# getenforce 
[root@base ~]# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

The output above shows us that SELinux is enabled and the current mode is "enforcing" on the RHEL system. If the administrator is not familiar with SELinux, this may pose some issues on certain applications or services and may not start. So we may need to disable SELinux "temporarily" for now.

We may first try to make SELinux mode as "permissive" and retry any failing applications or services.

[root@base ~]# echo 0 >/selinux/enforce

[root@base ~]# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

NOTE: The effect of the command above will not persist upon reboot, so if that already fixes some application/services issues, we can now edit the SELinux configuration file so this setting will persist after a reboot.

[root@base ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX= permissive
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.

Once the SELINUX= permissive parameter is set, we can now reboot the server. Or just leave the system alone until its next necessary reboot that this new setting will be applied automatically.

For the other Linuxes which don't have the /etc/selinux/config file, you just need to edit the kernel boot line, usually in /boot/grub/grub.conf if you're using the GRUB boot loader. On the kernel line, add enforcing=0 at the end. For example,

title SE-Linux Test System
        root (hd0,0)
        kernel /boot/vmlinuz-2.4.20-selinux-2003040709 ro root=/dev/hda1 nousb enforcing=0
        #initrd /boot/initrd-2.4.20-selinux-2003040709.img

Setting up Auto-reply in qmail-ldap

I have a few email account users that will be away for 10 days. This users are part of the sales group and support group. Emails that will be bound to their respective email address should have be replied ASAP, much more if this is a support email that is very urgent. The sender should at least know that the email was received but replies may take some time due to recipient being still on the air, on a meeting, on training, on leave and etc.

On my Qmail-LDAP mail server installation, I can configure such Auto-reply on the particular users ldif entry as follows:

add: mailReplyText
mailReplyText: Hi, I am on vacation till 19th April 2010. See you when I am back.
delete: deliveryMode
deliveryMode: noprogram
add: deliveryMode
deliveryMode: reply

NOTE: Even if you don't specify the attribute deliveryMode as reply and the attribute mailReplyText exists it will reply automatically as long as mailReplyText attribute is defined in the ldap entry for the given user.

Wednesday, April 7, 2010

Ethernet Bonding (Linux)

Bonding ethernet channels in Linux is easy. With the right configuration and hardware, it can be done in minutes.

In this example, I have a 4 port intel Gigabit card and I wanted to utilize this and my Network switches LACP/LAG capability. Lets assume we have the Network switch part already configured to have its ports utilize LACP/LAG.

On the RHEL 4.3 server that is hosting my samba file server below are the steps outlined to configure ethernet channel bonding/teaming on the RHEL 4.3 server.

Edit the /etc/modprobe.conf file and add the bonding kernel module and its mode.

# vi /etc/modprobe.conf

#regular network card (built-in)
alias eth0 e1000
alias eth1 e1000
#the bond interface 
alias bond0 bonding
#bond interface mode. mode=4 (802.3ad/link aggregation)
options bond0 mode=4 miimon=100 
#Intel 4 port Gigabit ethernet card
alias eth5 e1000
alias eth3 e1000
alias eth4 e1000
alias eth2 e1000
alias scsi_hostadapter ahci
alias usb-controller ehci-hcd
alias usb-controller1 uhci-hcd

Now make sure to edit the /etc/sysconfig/network-scripts/ifcfg-ethX (where X are the ethernet ports that will be part of the bond0 LACP interface) 

# vi /etc/sysconfig/network-scripts/ifcfg-eth2


Now we don't want to edit every single file as its a boring and error prone process

# for i in {3..5} ; do cp /etc/sysconfig/network-scripts/ifcfg-eth2 /etc/sysconfig/network-scripts/ifcfg-eth$i ; done

#for i in {3..5} ; do sed -i "s/DEVICE=eth2/DEVICE=eth$i/g" /etc/sysconfig/network-scripts/ifcfg-eth$i ; done

Now create the bond0 interface configuration file.

# vi /etc/sysconfig/network-scripts/ifcfg-bond0


Load the bonding kernel module.

# modprobe bonding

Now bring up the bond0 interface

# ifup bond0

Verify the bond0 interface

# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v2.6.1 (October 29, 2004)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

802.3ad info
LACP rate: slow
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 1
        Actor Key: 17
        Partner Key: 1
        Partner Mac Address: 00:00:00:00:00:00

Slave Interface: eth2
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:6a:c1:e4
Aggregator ID: 1

Slave Interface: eth3
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:6a:c1:e5
Aggregator ID: 2

Slave Interface: eth4
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:6a:c1:e6
Aggregator ID: 3

Slave Interface: eth5
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:15:17:6a:c1:e7
Aggregator ID: 4

You can now try transferring files to/from the samba servers shared folders, once the transfer process is on-going, try unplugging the network cables that are part of the bond/LACP/LAG on the Network switch or on the configured 4 port Intel ethernet card.

Resetting lost password

Resetting lost password

If you've ever forgotten your user account's password in OS X, it is still possible to reset or change your lost password. All you need is to remember your username and then reboot your computer. From there it's command line work

You should know your username in order to perform the password reset as outlined below. The username is usually your computer name.

Hold Apple+S when booting to enter single user mode, then enter the commands below.

#sh /etc/rc
#passwd yourusername

Note that the process above will reset all your keychain if you ever have to use it. Anyway, this is better than no password at all -

Saturday, April 3, 2010

Adding clamav-milter antivirus headers to emails

Edit the /etc/clamav-milter.conf and change the configuration to "AddHeader Add".

[root@mail ~]# less /etc/clamav-milter.conf

# If this option is set to "Replace" (or "Yes"), an "X-Virus-Scanned" and an
# "X-Virus-Status" headers will be attached to each processed message, possibly
# replacing existing headers.
# If it is set to Add, the X-Virus headers are added possibly on top of the
# existing ones.
# Note that while "Replace" can potentially break DKIM signatures, "Add" may
# confuse procmail and similar filters.
# Default: no
#AddHeader Replace
AddHeader Add

Restart the clamav-milter daemon after changing the configuration file, then try sending emails from/to your user in your mailserver and check the header if the clamav-milter is already working. This is also one way to check if your clamav-milter integration with your email server is working correctly.
X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.95.3 at Received: (qmail 49613 invoked by uid 60001); 29 Mar 2010 08:59:04 -0000

Monday, March 29, 2010

Deleting pesky emails that are in the postfix queue (for whatever reason)

Sometimes, emails gets stuck on the email queue, retrying and retrying. A more unwanted scenario if there are spam mails in the queue hogging the system down (resources, bandwidth, etc). This spam might have been caused by incorrectly configured email server, a spam bot infected client that is trusted by your network, and maybe emails that are just really going nowhere for whatever reasons (again).

In Unix and Unix-like operating systems, there are quite a lot of ways to getting rid of those *unwanted* stuck emails on the email servers queue. In Postfix, you can use the postsuper -d to delete those unwanted emails on the queue. So if you have a couple of hundred emails to delete, you may want to automate this process as we don't basically want to waste most of our precious administrator time by just manually deleting this pesky emails. If you like reading manual pages, you can see that there is a fantastic one-liner to delete a number of emails from an unwanted sender, or in the case that this sender (particularly a spam) will never have mailbox on your email server so this gets stuck on the queue as being a MAILER_DAEMON pointing to non-existent address. Imagine you have thousands of this on the queue, this will easily bring your server down to its knees. What more bad is that you will be bombarded with phone calls from not so happy users.

In this kind of situation, you don't really need to panic as there will always be a way how to correct this thing. In Postfix, you can delete/purge this unwanted emails by using the command below:

Assuming that you already know the offending email address, you can substitute the "" with the email address that is stuck in the queue. Also, take note of the correct "test" in the "if" clause, so you can basically change this accordingly to exactly match you situation.

# $7=sender, $8=recipient1, $9=recipient2

mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($8 == "" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d -

Determine the offending email address as below using the mailq command:

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
3E90C13F88D3     4543 Mon Mar 29 20:03:56
(host[] said: 451 too many errors from your ip (, please visit (in reply to DATA command))

OK, suppose that we have an email inside the queue that is from a spam address (and being a spam, it will send to X number of recipients), we can adjust our one-liner command like below. 

NOTE: I added -n to the tail command as below or you will get this error message on the shell "tail: cannot open `+2' for reading: No such file or directory". Also, take note of the "if" clause.

# mailq | tail -n +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($7 == "") print $1 } ' | tr -d '*!' | postsuper -d -
postsuper: 3E90C13F88D3: removed
postsuper: Deleted: 1 message

We now just deleted one offending email stuck on the email servers queue. And this will work on multiple emails sent by this address that are stuck in the email servers queue.

Cyrus-IMAP Logging region out of memory thing

One Wednesday morning, our email users reported that they are not receiving any emails, which is very unusual for a very busy day. I found out that the Cyrus-IMAP's database is flagging with errors as below:

[root@mail ~]# tail -n 100 -f /var/log/maillog

Mar 24 10:36:14 mail lmtpunix[4017]: executed
Mar 24 10:36:14 mail lmtpunix[4017]: DBERROR db4: Logging region out of memory; you may need to increase its size
Mar 24 10:36:14 mail lmtpunix[4017]: DBERROR: opening /var/lib/imap/deliver.db: Cannot allocate memory
Mar 24 10:36:14 mail lmtpunix[4017]: DBERROR: opening /var/lib/imap/deliver.db: cyrusdb error
Mar 24 10:36:14 mail lmtpunix[4017]: FATAL: lmtpd: unable to init duplicate delivery database
Mar 24 10:36:14 mail master[4664]: process 4017 exited, status 75
Mar 24 10:36:14 mail master[4664]: service lmtpunix pid 4017 in READY state: terminated abnormally
Mar 24 10:36:14 mail master[4018]: about to exec /usr/lib/cyrus-imapd/lmtpd

It turned out that the Cyrus-IMAP service runs out of log memory. So here comes the need to change the default setting and create a bigger cache and log memory regions of Cyrus-IMAP's database as documented below.

Changing the default Logging region of Cyrus-IMAP servers database is easy.

Create a DB_CONFIG file is you have not done it yet.

[root@mail ~]# cat > /var/lib/imap/db/DB_CONFIG 
set_cachesize 0 2097152 1
set_lg_regionmax 1048576

Stop the cyrus-imapd server, this is very important.

[root@mail ~]# /etc/init.d/cyrus-imapd stop

Backup the database to be recovered.

[root@mail ~]# rsync -auvp /var/lib/imap/db /root/

Recover the database that was changed.

[root@mail ~]# db_recover -h /var/lib/imap/db

Once the command above is successfully done, we can now start the Cyrus-IMAP service.

[root@mail ~]# /etc/init.d/cyrus-imapd start

Check the new cache and memory statitics and wether the new settings are set correctly.

[root@mail ~]# db_stat -h /var/lib/imap/db -m

[root@mail ~]# db_stat -h /var/lib/imap/db -l

Shoot a few emails and check the logs how it goes. If users are no receiving emails correctly, the server is now back online. Keep monitoring until you are certain that everything is now back to normal.

Sunday, March 28, 2010

Cyrus-IMAP user is over quota

One of my user's mailbox is already being flagged by cyrus-imapd as over quota, I need to do something before she gets furious.

My email server's queue shows below:

3069F13F88A1 3625 Thu Mar 25 01:20:21
(host[/var/lib/imap/socket/lmtp] said: 452 4.2.2 Over quota (in reply to RCPT TO command))

I now need to do my act and login to my email server, then use cyradm to administer my Cyrus-IMAP server as below.

[root@mail ~]# su - cyrus
-bash-3.2$ cyradm -user cyrus localhost

IMAP Password:> lqr user.sales-tv
user.sales-tv STORAGE 150000/150000 (100.006%)> sq user. recipient 200000

I used lqr as listquotaroot shorthand and sq as setquota shorthand.

Verify it the new quota is set, then exit the cyradm admin tool and exit the email server as well. Your users new quota is now set and she is now very happy again.

Tuesday, March 23, 2010

Checking running queries on MySQL server

You are administering a MySQL server and suddenly your users are not so very happy with what is going on. Basically, they are getting errors like "too many connections" or the content they are accessing is basically crawling at all. In this situations, one can monitor "what is going on" on a loaded MySQL server to find out what is causing hiccups/bogs or what queries are eating CPU cycles available to the a system.

Upon logging in to the mysql database's interactive shell, we can use the "show processlist;" command. This will list the running querries currently to the database of the logged in user.

One one of the interactive shell, we somehow run for example.
mysql> select sleep(100);

mysql> show processlist;
| Id | User | Host | db | Command | Time | State | Info |
| 23 | root | localhost | NULL | Query | 2 | executing | select sleep(100)|
| 24 | root | localhost | NULL | Query | 0 | NULL | show processlist |
2 rows in set (0.00 sec)

We can somehow kill hte process if we elect to, using the "kill 23" (23 being the process id).

Monitoring Unix(-like) systems performance

One of the day to day tasks of the Systems Administrator is to monitor the servers he/she manages and makes sure that the services the servers are serving are all working correctly. The SA should be able to interpret the output from the systems monitoring tools when the system is bogging down. This skill alone will dramatically help the SA pinpoint and gather clues on what are the usual suspects that "bogs" the server down. This is very critical to what steps should be taken when dealing with slow/overloaded servers. Service availability are very critical to every organization to have the business running smoothly and continuously.

Now, enter the realm of systems monitoring. On every Unix system, there are a few monitoring tools available and they grow in number as days go by. The most commonly used commands to monitor a Unix systems performance follows (classics):

uptime - Tell how long the system has been running. (More onto this really.)

procinfo - display system status gathered from /proc

who - show who is logged on (Also more onto this.)

top - display top CPU processes (Resource hungry though...)

Those above commands are very useful in determining the actual System LA (Load Average), this metrics can also be used in performance analysis and capacity planning.

The following link below, you will learn System Load Average in the more in depth manner. I would like to thank Dr. Neil Gunther for his wonderful insight. And also everybody that contributes to the Unix and Unix-like Operating Systems. And I would like to encourage every Systems Administrators to always read the man pages.

Monday, March 22, 2010

Using "for" loop in automating repetitive tasks

The "for" loop is a very powerful tool in automating repetitive tasks. A good example would be cloning virtual hard drives in VirtualBox (I use this for my development and RnD as my sandbox, Thank you SUN!). Below shows the basic usage of the for loop on the bash cli.

In this example, I would like to clone my VirtualBox hard disk from one of my SuSE 10 servers hard disk, as I don't want to do repetitive installation. But instead, I will just modify the settings of my new "cloned" harddrive(s) tp the settings that will suite my new VirtualBox machine to my liking (or yours).

for i in {0..5} ; do VBoxManage clonehd SuSE.10.LVS.00.vdi SuSE.10.MYSQL.0$i.vdi ; done

The command above will iterate 'i' number of times as defined inside the range {0..5} which in this case will be 6 (0,1,2,3,4,5) that is.