UNIX tricks and treats

Aller au contenu | Aller au menu | Aller à la recherche

mercredi 10 septembre 2008

Purging a sendmail mailqueue on AIX

Tested on: IBM AIX 5.2

Sendmail processes may run wild, due to huge process loads, or even badly configured applications sending automatized mails.

When sendmail processes are overloaded, they may clog up the mailqueue and spawn multiple sendmail processes to treat the mailqueue, ultimately consuming most of your server's swap area, degrading performance, or even prevent other applications from running.

Here are the steps needed to stop rogue sendmail processes, and cleanly purge the sendmail mailqueue on IBM AIX 5.2. The process is similar on other UNIXes, except for the sendmail stop and start commands, which vary, depending of your OS. On Solaris, for example, you would use your own stop and start scripts in /etc/rcX.d/ or in /etc/init.d/.

First, find and kill the multiple sendmail processes if they have gone havoc.

# ps -ef | grep sendmail
 
# kill -9 SENDMAIL_PIDS

Then, stop sendmail cleanly (the commands depend of your OS. This one works only on IBM AIX).

# stopsrc -s sendmail  

You may check the number of messages that are in the queue, which will give you an idea of the time it will take to process the queue:

# sendmail -bp 

Check that there are no longer any sendmail processes running:

# ps -ef | grep sendmail
 
# kill -9 SENDMAIL_PIDS

Rename the current mailqueue to another directory:

# mv /var/spool/mqueue /var/spool/omqueue 

Restart sendmail

# startsrc -s sendmail
0513-059 The sendmail Subsystem has been started. Subsystem PID is 62118
 

Now process the old queue (may take time, depending upon the number of messages to process):

# /usr/sbin/sendmail -oQ/var/spool/omqueue -q -v

Running /var/spool/omqueue/m7HKkOM60666 (sequence XXXX of XXXXX)
Running /var/spool/omqueue/m7HKkOM60666 (sequence XXXX+1 of XXXXX)...
etc... 

Now, you may safely delete all messages in the old queue:

# rm -rf /var/spool/omqueue

Create a new mailqueue directory.

# mkdir /var/spool/mqueue

Stop and start sendmail:

# stopsrc -s sendmail

# startsrc -s sendmail

You're done!

Happy computing.

Drop me a comment if this post has been useful to you, or if you see any reason for add-on or modification.

Nixman

mardi 12 août 2008

Installation et configuration de Proftpd sous AIX 5.2


Fonctionne sous: IBM AIX 5.2

Le serveur ftp historique d'IBM AIX étant relativement limité dans ses capacités de configuration, notamment dans l'utilisation d'environnements chrootés, il est parfois utile d'installer un daemon ftpd alternatif.

1 ) Télécharger coreutils et proftpd depuis le site d’IBM :

http://www-03.ibm.com/systems/p/os/aix/linux/toolbox/download.html


2 ) Installer coreutils-5.2.1-2.aix5.1.ppc.rpm et  proftpd-1.2.8-1.aix5.1.ppc.rpm :

rpm –Uvh coreutils-5.2.1-2.aix5.1.ppc.rpm
rpm –Uvh proftpd-1.2.8-1.aix5.1.ppc.rpm


3 ) Modifier /etc/proftpd.conf

####################################################
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

# Modif Nixman: on ne veut pas que le serveur affiche la version de proftpd
# On remplace ServerName par ServerIdent
ServerIdent     on      "Serveur FTP NIXBLOG.ORG"
# ServerName                    "Serveur FTP NIXBLOG.ORG"
# Modif Nixman:  Mettre ServerType a inetd au lieu de StandAlone
ServerType                      inetd
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
# Modif Nixman: Mettre Group a nobody, car le groupe par defaut n'existe pas
# sous AIX
User                            nobody
Group                           nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
# Modif Nixman: Tous les utilisateurs du groupe ftpjail sont chrootes
DefaultRoot ~ ftpjail

# Normally, we want files to be overwriteable.
<Directory />
  AllowOverwrite                on
</Directory>

# Ajout Nixman: on veut un log des transfert
Transferlog     /var/adm/xferlog.proftpd

## A basic anonymous configuration, no upload directories.  If you do not
## want anonymous users, simply delete this entire <Anonymous> section.
## Modif Nixman: On ne veut pas de compte ftp anonyme, donc on commente tout
## le paragraphe
#<Anonymous ~ftp>
#  User                         ftp
#  Group                                ftp
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                    anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients                   10
#
#  # We want 'welcome.msg' displayed at login, and '.message' displayed
#  # in each newly chdired directory.
#  DisplayLogin                 welcome.msg
#  DisplayFirstChdir            .message
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE>
#    DenyAll
#  </Limit>
#</Anonymous>
####################################################

4) modifier /etc/inetd.conf

#ftp     stream  tcp6    nowait  root    /usr/sbin/ftpd         ftpd
ftp     stream  tcp    nowait  root    /usr/sbin/proftpd         proftpd


5) Relancer inetd:

refresh –s inetd


6) Modifier ftpusers:

Enlever les utilisateurs qui ont droit de se connecter dans /etc/ftpusers, si le fichier a été créé à l’installation.


7) Créer le groupe ftpjail et y ajouter les utilisateurs à chrooter:

mkgroup ftpjail
vi /etc/group et y ajouter les utilisateurs qui doivent être chrootées.


8) Retour en arrière possible:

Il suffit de remettre /etc/inetd.conf à l’état d’origine :

ftp     stream  tcp6    nowait  root    /usr/sbin/ftpd         ftpd
#ftp     stream  tcp    nowait  root    /usr/sbin/proftpd         proftpd

Ensuite, refresh –s inetd.

Pour désinstaller coreutils et proftpd:
rpm –e proftpd-1.2.8-1
rpm –e coreutils-5.2.1-2


Laissez-moi un commentaire si cet article vous a été utile.

Vous pouvez également suivre quelques liens pour m'assurer un peu de revenu ;-).


Nixman

Guide rapide d'installation Apache 2 + PHP5 + OCI8 SOUS AIX 5.2


Fonctionne sous: IBM AIX 5.2

Les librairies OCI8 de PHP permettent de se connecter à une base de données Oracle depuis un serveur web comme Apache.

1)    Prérequis : installer bos.compat.termcap :

Installer le package bos.compat depuis le CD 1 de AIX 5.2. On peut simplement copier bos.compat depuis le CD dans un répertoire du serveur et l’installer avec smit.

2)    Installer le package amp (Apache Mysql PHP) :

Informations générales utiles sur :
http://www-941.ibm.com/collaboration/wiki/display/WikiPtype/aixopen

Télécharger le package complet pour AIX 5.2 depuis le site de pware :
ftp://ftp.hvcc.edu/pub/pware/aix52/bundles/amp/amp.pware-bundle.tar.gz

Gunzipper, détarer dans un répertoire et installer tous les paquets avec smit.

3)    Mettre à jour httpd.conf

Sous /opt/pware/conf, modifier httpd.conf comme il suit :

a) Ajouter les lignes :

LoadModule php5_module modules/libphp5.so

et :

<IfModule mod_php5.c>
  AddType application/x-httpd-php .php .phtml .php3
  AddType application/x-httpd-php-source .phps
</IfModule>

b) Modifier :

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

en :

<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>

c) Modifier :

User daemon
Group daemon

en :

User daemon
Group staff

On peut alors faire un /opt/pware/bin/apachectl start pour verifier que Apache démarre bien.
On peut éventuellement créer un petit fichier index.php avec un phpinfo() à l’intérieur pour vérifier que PHP fonctionne bien.

/opt/pware/bin/apachectl stop

4)    Créer un fichier tnsnames.ora

Le placer dans le répertoire spécifié par $TNS_ADMIN du .profile de root.

5)    Mettre à jour le .profile de root :

Ajouter /opt/pware/bin dans $PATH
Ajouter /opt/pware/instantclient_10_2 dans $LIBPATH
(Sous AIX, LIBPATH est utilisé en lieu et place de LD_LIBRARY_PATH)

Ajouter:
export TNS_ADMIN=/opt/pware/instantclient_10_2
export NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P1

Se déconnecter et se reconnecter de root

Se créer une petite page PHP testoci8.php et la mettre dans le répertoire htdocs.

apachectl start

Test de connexion. http://MON_SERVEUR/testoci8.php
Si vous obtenez une erreur ORA-12737, il faudra effectuer un mise à jour de la version basic light vers basic.

apachectl stop

6)    Mise à jour vers l’instant client basic :

Amp est installé avec les librairies instant client basic light, qui ne gère qu’une quantité limitée de NLS_LANG (client) et CHARACTER SET (serveur).

SQL> select * from nls_database_parameters where parameter IN ('NLS_LANGUAGE','N LS_TERRITORY','NLS_CHARACTERSET');

Si votre serveur Oracle a un character set un peu exotique (genre FRENCH_FRANCE. WE8ISO8859P15 ;-)), vous obtiendrez  une erreur ORA-12737 lors du test de connexion testoci8.php.

Télécharger les librairies instant client basic chez Oracle:
http://www.oracle.com/technology/tech/oci/instantclient/index.html

Prenez la verion pour AIX5L qui vous convient (bootinfo –k).
Dézippez-la dans un répertoire.
Copiez les fichiers de ce répertoire dans le répertoire /opt/pware/instantclient_10_2 en écrasant ceux qui s’y trouvent déjà.

apachectl start

Test de connexion. http://MON_SERVEUR/testoci8.php


7)    Démarrage automatique au boot:

Créer un script /opt/pware/bin/demarre_apache.sh

######################
#!/bin/ksh

PATH=$PATH:/opt/freeware/bin
export PATH

### Pour OCI8 PHP ###
LIBPATH=/usr/lib:/opt/pware/instantclient_10_2
export LIBPATH

TNS_ADMIN=/opt/pware/instantclient_10_2
export TNS_ADMIN

/opt/pware/bin/apachectl start

exit
######################

Le rendre exécutable.

Ajouter son lancement dans /etc/inittab :

apache:2:once:/opt/pware/bin/demarre_apache.sh


Laissez-moi un commentaire si cet article vous a été utile.

Nixman

jeudi 15 mai 2008

Installing a syslog server on AIX


Works on: AIX

AIX relies mostly on its own error reporting tools like errpt in order to keep track of incidents.

Thus, by default, AIX doesn't have a working configuration of syslog server, even though syslogd is installed. It simply lacks the proper configuration files.

Here are the steps to create a working configuration file and activate the service.

First, you have to create and edit the /etc/syslog.conf file. For example like this:

########
kern.debug;mail.none      /var/adm/messages       rotate size 2m files 3 compress
*.emerg;mail.none /var/adm/messages       rotate size 2m files 3 compress
*.alert;mail.none /var/adm/messages       rotate size 2m files 3 compress
*.crit;mail.none  /var/adm/messages       rotate size 2m files 3 compress
*.warning;mail.none       /var/adm/messages       rotate size 2m files 3 compress
*.err;mail.none   /var/adm/messages       rotate size 2m files 3 compress
*.notice;mail.none        /var/adm/messages       rotate size 2m files 3 compress
*.info;mail.none  /var/adm/messages       rotate size 2m files 3 compress
auth.notice     /var/adm/authlog        rotate size 2m files 3 compress
mail.info       /var/adm/mailerrors     rotate size 2m files 3 compress
########

This configuration allows you to rotate the logs on three files of 2MB each, and compress them.

Then, all you have to do is to run the following commands in order to create the log files, and restart the syslog service.
 
# touch /var/adm/messages
# touch /var/adm/authlog
# touch /var/adm/mailerrors
# refresh -s syslogd

 
If the configuration is successful, you will see a line resembling the following:
Nov 26 15:53:06 SERVER_NAME syslogd: restart
in the /var/adm/messages file right after running refresh -s syslogd

Happy computing.

Drop me a comment if this post has been useful to you, or if you see any reason for add-on or modification.

Nixman

Installer un serveur de syslog sous AIX


(The english version of this post is here)

Fonctionne sous: AIX IBM


L'UNIX AIX d'IBM utilisant ses propres systèmes de collecte d'informations et erreurs, comme errpt, il ne possède pas de serveur de syslog actif et configuré par défaut.

Voici les étapes pour le mettre en place:

Editer le fichier /etc/syslog.conf
 
Y ajouter les lignes suivantes:
 
########
kern.debug;mail.none      /var/adm/messages       rotate size 2m files 3 compress
*.emerg;mail.none /var/adm/messages       rotate size 2m files 3 compress
*.alert;mail.none /var/adm/messages       rotate size 2m files 3 compress
*.crit;mail.none  /var/adm/messages       rotate size 2m files 3 compress
*.warning;mail.none       /var/adm/messages       rotate size 2m files 3 compress
*.err;mail.none   /var/adm/messages       rotate size 2m files 3 compress
*.notice;mail.none        /var/adm/messages       rotate size 2m files 3 compress
*.info;mail.none  /var/adm/messages       rotate size 2m files 3 compress
auth.notice     /var/adm/authlog        rotate size 2m files 3 compress
mail.info       /var/adm/mailerrors     rotate size 2m files 3 compress
########
 
Cette configuration vous permet d'effectuer une rotation des logs sur trois fichiers de 2 Mo chacun et de les compresser.

Ensuite, il ne vous reste plus qu'à lancer les commandes suivantes:
 
# touch /var/adm/messages
# touch /var/adm/authlog
# touch /var/adm/mailerrors
# refresh -s syslogd

 
Si tout va bien, vous verrez une ligne du type:
Nov 26 15:53:06 NOM_SERVEUR syslogd: restart
dans le fichier /var/adm/messages après le refresh -s syslogd


Laissez-moi un commentaire si cet article vous a été utile.

Bonne journée.

Nixman

dimanche 4 mai 2008

Replacing a failing rootvg disk on AIX


Works on : AIX

Let's suppose you're getting permanent hardware errors on hdisk0  when running the errpt -a command on an IBM AIX server.

In order to check that both disks are really assigned to the volume group, you should start with:
lsvg -p rootvg
You should see both hdisk0 and hdisk1 under the PV name.

A second thing to check would be that the re really are copies:
lsvg -l rootvg
Just check that there is a 1:2 relationship between LPs and PPs, and that PVs is equal to 2. Otherwise, you should check that the volume that's not copied doesn't reside on the failing disk with:
lslv -l LV_NAME

Once you've done these preliminary checks, you can start detaching hdisk0 from the volume:
unmirrorvg rootvg hdisk0

After running the command, I've sometimes had these messages, which are mostly informational:
0516-1246 rmlvcopy: If hd5 is the boot logical volume, please run 'chpv -c <diskname>'
        as root user to clear the boot record and avoid a potential boot
        off an old boot image that may reside on the disk from which this
        logical volume is moved/removed.
0301-108 mkboot: Unable to read file blocks. Return code: -1
0516-1132 unmirrorvg: Quorum requirement turned on, reboot system for this
        to take effect for rootvg.
0516-1144 unmirrorvg: rootvg successfully unmirrored, user should perform
        bosboot of system to reinitialize boot records.  Then, user must modify
        bootlist to just include:  hdisk0.

Then we reduce the volume:
reducevg rootvg hdisk0

And remove the device from configuration:
rmdev -dl hdisk0

Then, we will have to power down the machine, as we're dealing with a rootvg disk. However, before doing so, it's preferable to check whether we will boot of from the right drive:
bootinfo -b will tell you which drive was last booted up.
If it's the failed drive (hdisk0 in our case), we should change it to the drive still usable (hdisk1 in our case) by creating the boot image on hdisk1 and recrcreating the fixed ipldevice link, which was deleted by the previous rmdev command  :
bosboot -ad /dev/hdisk1

ln /dev/rhdisk1 /dev/ipldevice

Then, we can check bootlist:
bootlist -m normal -o

... And now, we can finally power down our server, replace the failed drive, and power it back on...

Once the server has booted up, we should run:
cfgmgr
so that the OS will recognize the new disk.

To check that AIX really has done its job, run:
lsdev -Cc disk
which should list both disks hdisk0 and hdisk1

Now, we can assign the new disk to the rootvg volume group:
extendvg rootvg hdisk0

Then we mirror the group:
mirrorvg rootvg

Wait for hdisk1 to complete copying on hdisk0 (it can take some time, as you can imagine). You can check activity with iostat.

You should check that both disks are really assigned to rootvg by typing:
lsvg -p rootvg

An lsvg -l rootvg will show you whether mirroring has worked OK. You should once again have a 1:2 relationship between LPs and PPs.

Then, create the boot image on the new disk:
bosboot -a -d hdisk0

Finally, modify the bootlist to take into account both disks:
bootlist -m normal hdisk0 hdisk1
Check with:
bootlist -m -normal -o
 
And you're finally done!

Happy computing.

Drop me a comment if this post has been useful to you, or if you see any reason for add-on or modification.

Nixman