Unable to mount root fs and solution The error is common as soon as the compile happens on a new partition and the most common error will be when the grub/lilo configuration is manually edited by the user, it is preferred to keep the settings to the default. If you drive into error then login to the machine using single user mode and have the grub configuration edited such that the drive letter is corresponded, normally adding /dev/hda0 instead of /dev/hda on the LABEL keyword help.
2. No Init found
1. Boot computer. As soon as Grub splash screen comes up, hit up or down arrow key to stop the clock.
2. Press "c" to get the Grub command line like this: grub>
3. Type:
root (
You should get a list of valid drives. If the result fails then assume that the grub does know the details of the root partition.
4. Press the next character corresponding to the drive OR partition where your /boot directory is and then press
5. Repeat step 4 until you have completed the line so it looks like
root (hdx,y)
where x and y are correct drive (x) and partition (y) where your /boot directory is. You should know already that Grub counts drives and partitions starting with zero for the first primary partition and 4 for the first extended partition.
6. If you do not have a separate /boot partition, type:
kernel /boot/vmlin
If you do have a separate /boot partition, do not enter the /boot and instead, just
kernel /vmlin
In either case, when you hit
7. Repeat step 6 until you have a complete filename but do not press enter yet.
8. Following the kernel filename, on the same line, add ro so the filesystems will be initially mounted read only so that integrity checks may be made without adding corruption, and add information telling Grub where your top level root partition is: / so that the line looks something like this:
kernel /vmlinuz-2.4.22-1.2115.nptl ro root=/dev/hda8
where, instead of "hda8" you have the correct drive and partition where your / partition is. If you make a mistake here, Grub will not complain. Instead, you will get the message saying there was no init found.
8a. If you want to boot in single user mode, without a graphic display, you should add the word single to the end of the line. When the line is complete, press enter.
9. If you do not have a separate /boot partition, type:
Code:
initrd /boot/initrd
If you do have a separate /boot partition, do not enter the /boot and instead, just
Code:
initrd /initrd
In either case, when you hit
10. Repeat step 9 until you have a complete filename.
11. Press "enter".
12. Finally, if the system doesn't boot automatically, type: boot and press enter.
Common Kernel Panic Errors
Kernel Panic's !
To keep it simple. Kernel panic errors are displayed by the server when it finds itself in a irrecoverable error. The error is mostly seen in linux machines and if you were to compile a new kernel for the machine with wrong settings it is that quick to view :).
Most of the unix like systems or linux systems have a seperate panic() routine which will be responsible for displaying the error output on a console and once this is done, it will be dumping the memory of the kernel on to the disk for further check or debugging. In panic states, you can either restart the machine manually or schedule a automatic reboot.
To set a automatic reboot during kernel panic sessions, use the following settings:
vi /etc/sysctl.conf
now hit i then copy paste this line
kernel.panic = 10
this should initiate a reboot in 10 seconds for normal servers.
A common cause for the kernel panic are memory dump error. The kernel may try accessing a memory area that is currently not available. Again, as mentioned, it can either be due to the a faulty hardware or error with the latest update of the operating system.
Causes for Kernel Panics
* With increasing set of applications or clients wherein for webservers, the increase of RAM becomes inevitable. This is the first and foremost cause for Kernel Panics.
* As mentioned earlier, recompile your kernel and expect it to happen. While recompiling the kernel it is common that we may try few available extensions or support modules which may drive back to this situation unless there is through fixing of the necessary dependencies.
* Hard disk failure, this is common one to happen, your disk may develop a bad sector or bad block
* Odd but a common problem, trouble with system file permissions can drive us to the kernel panic situation.
* Insufficient RAM or Harddisk is another common trouble to be viewed.
* Improperly installed software or hardware.
* Defective hardware like a trouble with CPU
* And very rare chance of having a hardware mismatch which shouldn't happen for most of the branded versions available.
Linux Commands : Kernel administration commands
Quick commands on linux administration continued...
Kernel administration command,
LSMOD is used to list the loaded modules on the kernel, the usage is:
$lsmod
Module Size Used by
autofs 11904 1 (autoclean)
3c59x 25568 1 (autoclean)
iptable_filter 2288 0 (autoclean) (unused)
md 59008 0 (unused)
usb-uhci 20912 0 (unused)
usbcore 53200 1 [usb-uhci]
**********************************************************************
MODINFO is the command used to learn about the modules active on the kernel.
usage:
$/sbin/modinfo usb-uhci
filename: /lib/modules/2.4.4-18k/kernel/drivers/usb/usb-uhci.o
description: "USB Universal Host Controller Interface driver"
author: "Georg Acher, Deti Fliegl, Thomas Sailer, Roman Weissgaerber"
**********************************************************************
INSMOD is the command used to activate or to add in the command to an active kernel. The syntax is :
$insmod msdos
************************************************************************
RMMOD is the command used to remove any modules that you find running on the server. The list of modules can be found using the command lsmod.
$rmmod msdos
************************************************************************
DEPMOD is the command used to create the dependencies list for the modules. Normally the details are fetched from /etc/modules.conf and have the descriptions added up.
The normal usage of the same is : /sbin/depmod -a
There are other options like depmod -A which should perform the quick check on the dependencies.
*************************************************************************
MODPROBE is another important command that helps the users to load the modules and the dependencies for the functioning. If we are to use
modprobe fat
then it should be loading up the fat module along with the supporting modules. Again,
modprobe -r fat
should remove the module fat along with the supporting modules for the fat.
This should provide you with the best removal technique.
*******************************************************************************
more coming...
quick commands : Linux administration - Hardware section
Linux will be having most of the hardware devices created at the start of the system but you can always create new devices using the command:
# /dev/MAKEDEV -v ttyS0
create ttyS0 c 4 64 root:dialout 0660
This will be creating a device /dev/ttyS0 with permissions 0660 and ownership as root and dialout as group.
The kernel will be using the major and minor node numbers for the system and the same indicates that the device so created is a serial device.
*************************************************************************
MKNOD is another command used in creating devices. MKDEV is normally the preferred way of creating devices which do not exist but in rare cases there is a chance that the device files may not be known to the MKDEV command.
For the perfect usage of mknod command you should be aware about the minor and major nodes, the file devices.txt should contain the canonical names and details of the nodes.
So for creating the same node as created using the MAKEDEV command the commands will be :
mknod /dev/ttyS0 c 4 24
chmod 0660 /dev/ttyS0
chown root:dialout /dev/ttyS0
*******************************************************************************
LSPCI command is used to list the number of PCI buses available for the server. It is normally used to diagnose the troubles with PCI buses.
usage: $ lspci -tv
*******************************************************************************
LSDEV command is used for learning the information and status of the virtual I/O Devices. The normal usage is:
lsdev -type disk -fields name status
the various types are :
adapter
Lists adapters
disk
Lists disks
lv
Lists logical volumes and volume groups
optical
Lists optical devices (cdrom/dvdrom)
tape
Lists tape devices
tty
Lists tty devices
ent4sea
Lists all physical Ethernet adapters and Etherchannel adapters available for creating a shared Ethernet adapter
ven4sea
Lists all virtual Ethernet adapters available for creating shared Ethernet adapter
ent4ip
Lists all adapters over which interface can be configured.
To display the parent of a devices, type:
lsdev –dev hdisk0 -parent
************************************************************************************
LSUSB is the command used to list the current connected USB connections on the drive.Normal installations may fail to have this command inbuilt you will need to get the packages updated on the distribution with usbutils to get this working.
usage: lsusb
************************************************************************************
lsraid is the command used for displaying the status of the md devices on the server. The details are as mentioned in the configuration file /etc/raidtab. Again the command is able to distinguish between the online and offline devices and can give out the detailed statistics.
usage : lsraid -A
*************************************************************************************
HDPARM is used to modify or view the statistics of the hard disk. The command allows us to pass on the parameters on to the system and also to modify the current disk parameters like DMA settings, power management, etc..
The options available with hdparm can be dangerous on occasions since the parameters if specified incorrectly can cause trouble.
Turn on DMA for the first hard drive.
hdparm -d1 /dev/hda
Turn off DMA for the first hard drive.
hdparm -d0 /dev/hda
*******************************************************************************
more coming up....
LightWeight Directory Access Protocol : LDAP installation configuration and authentication
Lightweight Directory Access Protocol is used for providing data for the individuals or system users or network devices and the systems in network which require authentication or information from the network. This can be useful for network authentication for critical data or to share address books between the email clients on the network.
LDAP was developed as a protocol to provide centralized and secure access to resources over the network. The earlier standard that was in use was X.500, this was developed towards 1988. X.500 was developed with hierarchial name space and was able to maintain a large quantity of information. There was specific communication link maintained between the directory client and the directory server and the protocol in use was named as Directory Access Protocol.
The X.500 protocol was mainly an application layer protocol and required the whole of OSI level to be installed for successful working. This was the major drawback, since the installation and setting of OSI layers will require high resources and the implementation of directory access protocol at a smaller level of organization will be cost intensive.
LDAP came into existence with protocol much less resource intensive and also had the use of TCP/IP stack compared to the OSI model which was earlier implemented. The LDAP had used few features from the X.500 and was able to remove few resource intensive features from the model.
Installation
The installation of LDAP is mainly with RPMs for redhat based systems and you will need the RPMs:
openldap-2.0.27-8
nss_ldap-202-5
openldap-clients-2.0.27-8
openldap-servers-2.0.27-8
openldap12
normall the redhat systems will work with the above details but some may require these additional packages:
slapd, ldap-utils, libldap2, libldap2-dev
configuration
The major configuration files with LDAP are at:
/etc/openldap/slapd.conf
The configuration contains the details of hostname, domain info, admin info and references.
Sample configuration of slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
#include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#pidfile /var/run/slapd.pid
#argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
#suffix "dc=stooges,dc=org"
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck on
lastmod on
#allow *
# Indices to maintain
#index objectClass eq
#index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index cn,sn,st eq,pres,sub
database ldbm
suffix "o=delta"
# Only one suffix allowed per database
#suffix "dc=delta,dc=org"
rootdn "cn=DeanWormer,o=delta"
rootpw secret2
directory /var/lib/ldap/fraternity
defaultaccess read
schemacheck on
lastmod on
index cn,sn,st eq,pres,sub
--------------------------------------------------
User Management Made Easy
who command displays the current active users on the server 'w' will still show the result in more compact method
Use who -uH for idle time and terminal info.
users Used to list the currently logged in users.
w Displays currently logged in users and processes they are running.
whoami To display the current username
groups Shows us the list of groups that the current user is in.
Use groups user-id to display groups for a given user.
set Used to define the environment variables normally during installation of softwares we will need to make these custom
settings
id Used to display the user id and the group id's for the user
Use id user-id to display info for another user id.
last Listing of most recent logins by users. Show where from, date and time of login (ftp, ssh, ...) Also see lastlog command.
Show last 100 logins: last -100
history Shell command to display previously entered commands.
If you wish to set a welcome message or warning messages for all SSH connections then it will be advised to add the same to /etc/issue for example and have the /etc/ssh/sshd_config
Specify text file: Banner /etc/issue
Again you can use the /etc/motd to modify the next welcome message which gets displayed on the login prompt. The file /etc/issue is used for welcome message on telnet login screen.
Memory Management: Common commands
vmstat is used to view the virtual memory usage for the server
cat /proc/meminfo or free is the command used to learn the amount of memory used and the free memory available for the server
pmap is used to understand the shared library and memory map usage.
sar -B is used to know the swaping page statistics on the server.
cat /proc/sys/vm/freepages is used to learn the free virtual memory pages on the system
/usr/bin/time -v date used to learn the page file usage for the programs. This should be used as /usr/bin/time to avoid the regular time command used to display time
/usr/bin/time -v processname
should give the details on paging for the particular program.
cat /proc/filesystems Display filesystems currently in use.
cat /proc/mounts displays the information on the currently mounted file systems on the server.
showmount command will display the current list of network filesystems mounted on to the server.
cat /proc/ide/hda/filename should display the diskinformation of files held by the kernel
mkfs : to create new files systems the general syntax will be:
mkfs -t ext3 /dev/drivename
mount -t ext3 /dev/drivename location
where location should be any part of your filesystem.
fdisk or fsdisk is used for the partitioning of drives on the server. Cfdisk is another partition table manipulator. Each of the commands are equally effective and the difference stays in the switches in use.
"sfdisk" is especially handy for scripting as it has direct support for reading actions from stdin. Again the operations and the flags for the command is different from normal fdisk usage.
Process management commands: Simple and easy to use
pstree -p The command is used to provide the details on the parent and child processes.
iostat Report the CPU Statistics and the details on the input/output statistics for partitions and devices.
uname -a provides the system information
cat /proc/version displays the kernel version
lsmod To get the details on the currently loaded modules on to the kernel; cat /proc/modules will also show up the same - result.
uptime will show the details of the system updtime.
IPC's : Semaphores, shared memory and queues
Linux uses the semaphores,shared memory and shared memory queues to communicate with each other or for inter process communication.
the common commands used for identifying this are:
ipcs -s lists the semaphores currently in use
ipcs -m shows the shared memory details for the server
ipcs -q shows the shared memory queue
ipcrm - the command used to remove the IPC parameters
ipcrm -s
psof : is used to identify the processes attached to a particular file or network ports
common usages are : lsof pid or file name
lsof - u user-id
netstat -punta
socklist
will provide the list of open network connections which can be further used to gain details on the active ports
lsof -i tcp:port-no
ulimit is another tool which should be helpful in creating user limits for number of processes and the memory access details for the
WebAdminstration Quick Tips: Unix Adminstrative commands
arp
usage: arp
command used for checking ethernet connectivity and IP address. The command displays the contents based on the results from route command and ifconfig details. Mostly used to get the IP address based on the configuration of network cards.
df
usage: df -h or df -i
Displays the filesystem informaton based on the requirements. -h option displays the information in human readable format and -i option is used for displaying information based on the i nodes usage.
du
usage : du -sch filename/foldername or du -sch *
Displays disk usage information based on the tags, the disk usage can be for a file or a specific directory. It can also be used to get the summary of disk usage on the specific folder or a specific partition based on the location from which the command is ran.
ifconfig
usage: ifconfig or ifconfig ethX:M ipaddress netmask
Ifconfig is normally used to configure the network addresses or to check the working of the current network interfaces on the server. Also you can use the command to add up a specific IP address to a network interface, the process can be alternatively done by editing the file at /etc/sysconfig/network-scripts/ifcfg-ethX file and then restarting the network. Please note that the directory location mentioned is only for redhat based servers, the location may be different in other flavours of linux.
init
usage: init a
where a will be the runlevel number to be started with.
netstat
usage: netstat -nlap
this is used to provide summary on the network usage and the sockets currently active on the server. Again the -r option will be providing the route for particular connections along with the socket details.
nslookup
usage: nslookup domainname
Used to find the IP address information for the particular host and checks the domainname.
ps
usage : ps aux
this is the process usage summary and displays the process id and the status of the process, whether it is in sleep ( S ) state or (R) running or (D) terminated state.
route
usage: route -n
used to find the routing table details on the computer will be effective on the times when there is a connectivity issue. Again using route add and route del commands can be defined to add or remove routing entries. Thank you.
shred
usage: shred -v filename
this will help you remove the files by overwriting the details there. This should be helpful in removing the data without of the fear of retreiving any useful information on this.
top
usage: top -c -d2
the options will help you get detailed list of commands and the operations active on the server and while running the top command you can type the key "h" and have the details sorted out for further use
traceroute
usage: traceroute domainname
this should be helpful to get the detailed route from the source to the destination domainname.
KeepAlive & KeepAliveTimeout : Another key performance upgrades
KeepAlive
This is the apache directive that helps the users to maintain persistant connections on to the server. This can help in maintaining the consistent performance upgrades for the clients. The value used is
KeepAlive on
this should help in maintaining the connections.
KeepAliveTimeout
KeepAliveTimeout 120
This directive is used to define in seconds on how long the persistant connections on to the server is to be maintained. Once the request is received the directive is used to set the timeout.
MaxKeepAliveRequests,MaxRequestsPerChild, ListenBacklog, MaxSpareServers, MinSpareServers: Some more quick limiting options
ListenBackLog: Used to define the maximum length of the queue of pending connections.
format:ListenBacklog 100
Normally the settings are tuned fine and should be able to work along with the normal running. But in special cases like constant TCP SYN attacks that are to act on the server, the enty will be effective in controlling the access. Most of the occassions will not require the number to be set out as specified since the operating systems may restrict the number of access using the system call 'Listen' clause and this should be much lesser a number than the current one. Again, there is the factor of operating system and this should change with each running operating system. The number may be higher at some instances that the ones specified in the example.
MaxKeepAliveRequests: Defines the the keep-alive requests per connection made on to the server.
MaxKeepAliveRequests 20
The directive is used to limit the number of keep-alive requests that are to arrive from a particular TCP/IP connection. The situation will be valid when the clause KeepAlive On is set on the server else you will find this function close to no use. 0 is used to specify the unlimited access and it is always advised to use high values to obtain maximum performance.
MaxRequestsPerChild : Defines the Number of connections made by server child process
MaxRequestsPerChild 10000
This limit defines the maximum number of child processes created on the server and after the count the new process will die. When the value is set as 0 then the processes does not die automatically. Again for the keep alive requests only the first request counts for the limit and thus will be equally effective with the maxkeepaliverequests clause.
MaxSpareServers : Defines the number of server child processes on the server.
MaxSpareServers 15
This is the count for the maximum number of idle processes by a server, a server process is counted as idle when it fails to serve any requests. The directive mentions the maximum number of idle processes and beyond this count the parent process will automatically kill the idle process.
MinSpareServers: The minimum count of server child processes.
This count is used to define the minimum number or idle processes on the server. If the server finds the count less than the limit then it will be creating a new process at a minimal rate of 1 per second.
MinSpareServers 10
Maximum number of Clients Limit: MaxClients
Apache does allow the administrators to limit the amount of requests that are to arrive at the server during any stage of the server run. The keyword MaxClients limits the number of simultaneous requests on to the webserver, by limiting this value the server will prevent the amount of requests and will not create any further requests once the limit is reached.
We can update the limit of 256 clients, for this one must edit the HARD_SERVER_LIMIT entry in httpd.h and recompile Apache.
For the current settings, for all those connections that are to exceed the maxclients limit will be queued up by the kernel as mentioned in the directive: ListenBackLog. This helps back at times when the process is free the server will be able to grant the request.
Resource limit Process count : RLimitNPROC
As discussed earlier the usage can be limited generally using the said techniques, here is few that should set the limitations and to provide good performance to the server. The tag RLimitNPROC is another useful tool in case of an active shared server. This will be effective in the case of apache servers which does have the suexec enabled, thereby to limit the number of processes active by users or for a specific userID. It accepts one or two arguments, namely they will be the soft and hard limits for the user processes.
RLimitNPROC soft-processes [hard-processes]
eg: RLimitNPROC 2 10
should be ideal for a normal running server with high number of users active on apache server.
It will be accepting the value as 'max' and this will be limiting the amount of processes as defined on the root of the system. Again, this will be a dangerous function to use if the CGI's are to run on the apache userID, and the function will be limiting the number of apache ID's created and the situation may rise where you will find the error message " cannot fork " on the apache server.
So when used wisely this will be a very effective tool on the apache based servers with suexec and also have the use on forums.