Increase CentOS 7’s MTU

Ethernet interfaces normally use an MTU of 1500 bytes. I recently needed to increase the MTU use by the NICs on a point-to-point link to 9000 bytes in order to improve DRBD performance. This is sometimes referred to as enabling jumbo frames. In the past I’ve used ifconfig to test this change out. For example, to increase the MTU of the eth0 interface from the default of 1500 bytes to 9000 bytes, I would run ifconfig eth0 mtu 9000 I could then verify that the new MTU had been applied by running: ifconfig eth0 Unfortunately for me the two servers that I was working on, like many CentOS 7 systems did not have the ifconfig command installed. If you want the ifconfig command, then you can install it by installing the net-tools package: yum install net-tools However, I wanted to avoid making any changes other than increasing the MTU, so I use the ip command instead. The ip command can be used in place of ifconfig for many purposes, including increasing the MTU. For example, to increase the MTU of the eth0 interface from the default of 1500 bytes to 9000 bytes, run: ip link set mtu 9000 dev eth0 You can then verify that the new MTU has taken effect by running: ip link show dev eth0 After you’ve applied the new MTU, and verified that all is working as expected, be sure to update the interface’s configuration file, so that this change persists the next time the server is rebooted. To edit the MTU for the eth0 interface, add an “MTU=” line to the /etc/sysconfig/network-scripts/ifcfg-eth0 file. For...

How to configure a BIND DNS Cache in CentOS 7

Introduction I recently configured a CentOS 7 server to run BIND as a DNS caching server. This post documents the process. Although I used CentOS 7, these instructions should be equally applicable to CentOS 5 through 7, and Red Hat Enterprise Linux 5 through 7. If you already know why and where you want to configure a DNS caching server, feel free to skip ahead to this page’s “DNS Cache Setup” section. Otherwise, read on. A DNS Cache is normally setup accomplish one or more of the following: Improve performance. This can be especially true for mail servers, which make a large number of DNS queries. Bypass a flaky DNS resolver. The DNS caching server configuration that’s described on this page is applicable to both situations. It’s important to restrict which clients can query your DNS caching server, so that you don’t create an open resolver. This document includes instructions for doing so using BIND’s “allow-recursion” directive. Performance Considerations All other things being equal, I recommend placing your DNS caching server as close as possible to the clients which will query it. If the DNS cache will be used by a single client, it could make sense to run the DNS cache on that client. For example, you could install a DNS cache on your mail server. By running the cache on the same system as the querying application, you bypass the network latency that there would normally be between the DNS cache, and client. If the clients are primarily in a single data center or geographic area, try to place the DNS cache within that same datacenter or...

Reset the GroundWork Monitor 6.0 Password

The GroundWork Monitor is a simple way to deploy Nagios monitoring to networks. It does a great job of monitoring Linux servers, and anything that speaks SNMP. I recently needed to make some updates to a GroundWork Community Edition VM, and found myself in a situation where the admin user’s dashboard (web browser interface) password had been changed to an unknown value. I was able to SSH into the GroundWork VM though (it’s CentOS Linux based). There’s info floating around the net on how to reset the admin password, but it was written for older versions of GroundWork, so some of the default password, and MySQL schema details have changed. Here’s what I did to reset the admin user’s password on GroundWork Monitor 6.0 Community Edition: SSH into the GroundWork VM. If you haven’t changed the root user’s default password, then it’s going to be “opensource” Login to MySQL, and run a query to reset the “admin” user’s password to “admin”. The admin password entered below uses a hash: /usr/local/groundwork/mysql/bin/mysql -u root monarch update users set password='21232f297a57a5a743894a0e4a801fc3' where...

Updating a Soekris net4511’s BIOS

I performed BIOS updates on a stack of Soekris net4511s and net4521s today. Here’s a quick-and-dirty howto for anyone who wants to do the same thing from a Linux host running minicom. Note that these instructions should work on any net45xx series Soekris board, including the net4501. Download the BIOS update from Soekris’ Downloads Page. As of the time of this writing, if you’re using anything prior to version 1.20 (my Soekris boards were all running 1.15), you’ll want to start with the update to 1.26a, then consider whether you want to upgrade to the latest BIOS from there. Soekris publishes a changelog of their BIOS updates to their website. Connect your serial port to the Soekris net45xx using a null-modem cable, and use minicom, or your  terminal emulator of choice to establish a connection. Connection settings should be 9600,8,N,1 with hardware and software flow control both turned off. If your Soekris net45xx’s serial console isn’t already configured to work at 9600bps, you can set this by entering Ctrl-P to enter the Monitor, then set the console speed to 9600bps, and reboot: > set ConSpeed=9600 > reboot Start up your Soekris box, and enter Ctrl-P when prompted to enter the Monitor. This should bring to you a “>” prompt. Enter the “download” command, and press Enter. > download In another terminal, run the following command to initiate an xmodem transfer of the updated Soekris BIOS. Substitute in name of the BIOS file: # sx -X b4501x_126a.bin > /dev/ttyS0 < /dev/ttyS0 Switch back to your minicom terminal. You should see a “File downloaded succesfully” message. If so, run the following...

Directadmin and “Error Parsing Cron File”

I migrated my web hosting servers from cPanel to Directadmin earlier this year. The transition was smooth for the most part, but one problem was that users with blank crontabs with cPanel had corrupted crontabs post-migration. They could ssh in, and issue crontab -e, but any attempts to manipulate the crontab via Directadmin’s web interface resulted in the following error: Error Parsing Cron File The fix for this problem is to clear out all the lines in...

Logging into a VMware Server stuck on the “Loading…” Page

VMware Server is a handy app to run in places where server virtualization is needed, but you can’t justify the expense or effort required to setup a VMware ESXi or Xen host. One of the reoccurring problems that I run into, even on lightly loaded servers is when trying to log into the VMware Infrastructure Web Access interface, the browser gets stuck at “Loading…”, and never brings up the login form. I’ve observed this on Firefox in Linux, Mac OS X and Windows; as well as within Internet Explorer. It turns out that the fix for this doesn’t involve the browser at all, but rather a VMware Server settings. Some Googling turned up this thread in VMware Communities, which spells out the following fix: Edit /etc/vmware/webAccess/proxy.properties Change the following line:proxy.noCache = false…to: proxy.noCache = true Restart the vmware-mgmt service: /etc/init.d/vmware-mgmt restart That’s it! You may need to refresh your browser one more time after this, but after completing these steps, you should now be prompted to login to VMware Infrastructure Web...

Joining the ACM – A Linux Sysadmin’s Perpective

The ACM, or the Association of Computing Machinery describes itself as “the world’s largest educational and scientific computing society”. Until recently, I assumed that since I was out of academia, and focused more on things that sysadmins do, like developing, and implementing real-world solutions than the stuff of research papers, the ACM didn’t have much to offer me. A contributor to this bias was the fact that I joined the ACM a few years ago while I was in college. I was working with a couple professors on a project that involved using Linux virtualization to teach networking concepts. Anyway, the reason I joined the ACM was that I was asked to give a presentation at an academic computing conference. As I recall, the two requirements for being a presenter were having a .edu email address (check), and ACM membership. I quickly signed up, and failed to investigate what benefits ACM membership would bring. Fast forward to today. I spend a lot of time reading to keep up on current technologies, and while I am able to do most of this online, I still spend a lot of money each year buying books. A significant portion of these are published by O’Reilly, which writes a lot of excellent Linux, Unix, and development books. Cisco Press’ books make up another significant portion of my collection. Most of the networking products that I work with run either Linux or one of the BSDs, but I’m yet to find a publisher that consistently covers such a wide range of networking topics as well as Cisco Press does. Many of these O’Reilly and...

Installing Linux using a serial console

Just a quick note on the command to use to start up a RHEL / CentOS 5.x install from the serial console. This can come in handy if you’re using a modem and serial port for out of band management, and the need to conduct a remote reinstall arises. These settings start up a console on ttys0 (Serial Port 1) with the standard 9600/8-N-1 settings. linux...

vsftpd's “500 OOPS: cannot change directory” error

I recently installed a vsftpd FTP server on a CentOS Linux 5.2 box. After changing the FTP user’s home directory, I received the following error message every time I attempted to login as ftp: 500 OOPS: cannot change directory500 OOPS: child died Permissions were setup correctly on the ftp user’s home directory, so I did some digging around, and discovered that there’s an SELinux setting that causes this problem. I didn’t want to turn SELinux off, so the solution was to run the following command, which enables access to the ftp user’s home directory. setsebool -P...

Resuming failed Firefox downloads

Firefox’s download manager doesn’t have a built-in mechanism for resuming failed downloads. My Internet connection was cut off just long enough this morning for a Firefox download of an ISO image to fail. To resume the download, I used the wget command, which is built into most Linux distributions, and installable if you’re running OS X or Windows. If you’re running Windows you can download wget from GnuWin32. If you’re running OS X, you can install wget with DarwinPorts. To resume the failed Firefox download, open up a terminal, change to the directory that the is located in, and issue the wget command with the -c option. The -c option tells wget to continue the failed Firefox download. For example: cd Downloadswget -c...