Author: kittycool only

by

Setting up 2 Gateways with a Default Gateway for most Traffic and the 2nd Gateway for selected Subnet Traffic on Rocky Linux 8

Issues:

Suppose you have 2 network cards and their own gateway. The challenge is that you can only have 1 default gateway. How do we work this out?

Solution:

Type the following command

$ ip route show
default via 192.168.1.254 dev eno0 proto static metric 104
192.168.2.0/24 via 192.168.2.254 dev eno1 proto static metric 103
10.10.1.0/24 via 192.168.2.254 dev eno1 proto static metric 103

That means the default route for traffic is via eno1. All traffic except 192.168.2.0 and 10.10.1.0 will pass through the second gateway. How do we do it?

Set Default Route for all traffic

To set all traffic through the default gateway, do the following

$ ip route add default via 192.168.1.254 dev eno0 proto static metric 104

Set Selected IP Subnet for 2nd Gateway

$ ip route add 192.168.2.0/24 via 192.168.2.254 dev eno1 proto static metric 103
$ ip route add 10.10.1.0/24 via 192.168.2.254 dev eno1 proto static metric 103

Setting the DNS Correctly for each Network Card

If each of the Network Cards requires a different DNS, do make sure you put in the /etc/sysconfig/network-scripts

$ vim /etc/sysconfig/network-scripts/ifcfg-eno0
....
....
DEVICE=eno0
ONBOOT=yes
IPADDR=192.168.1.1
GATEWAY=192.168.1.254
DNS1=192.168.1.252
DNS2=192.168.1.253
NETMASK=255.255.255.0

$ vim /etc/sysconfig/network-scripts/ifcfg-eno1
....
....
DEVICE=eno1
ONBOOT=yes
IPADDR=192.168.2.1
GATEWAY=192.168.2.254
DNS1=192.168.2.252
DNS2=192.168.2.253
NETMASK=255.255.255.0

Deleting Route from Table

ip route delete 192.168.2.0/24 via 192.168.2.254 dev eno1 proto static metric 103

Different DNS Servers and Different Domains (For RHEL 8)

You can configure dnsmasq service and NetworkManager to send DNS queries for a specific domain to a selected DNS server. The Information can be found in Chapter 38. Using different DNS servers for different domains

By default, Red Hat Enterprise Linux (RHEL) sends all DNS requests to the first DNS server specified in the /etc/resolv.conf file. If this server does not reply, RHEL uses the next server in this file.

In environments where one DNS server cannot resolve all domains, administrators can configure RHEL to send DNS requests for a specific domain to a selected DNS server. For example, you can configure one DNS server to resolve queries for example.com and another DNS server to resolve queries for example.net. For all other DNS requests, RHEL uses the DNS server configured in the connection with the default gateway.

Procedure 1: Install dnsmasq package

# dnf install dnsmasq

Procedure 2: Edit the /etc/NetworkManager/NetworkManager.conf file, and set the following entry in the [main] section:

dns=dnsmasq

Procedure 3: Reload the NetworkManager service:

# systemctl reload NetworkManager

Procedure 4: Verify that the nameserver entry in the /etc/resolv.conf file refers to 127.0.0.53:

# cat /etc/resolv.conf
nameserver 127.0.0.1

Procedure 5a: Verify using TCPDump Packet Sniffer

# dnf install tcpdump

Procedure 5b: On one terminal, start tcpdump to capture DNS traffic on all interfaces:

# tcpdump -i any port 53

Procedure 5c: On a different terminal, resolve host names for a domain for which an exception exists and another domain, for example:

# host -t A www.redhat.com
# host -t A www.MyInternalDomain.com

Verify in the tcpdump output that Rocky Linux sends only DNS queries for the http://www.redhat.com domain to the designated DNS server and through the corresponding interface and vice versa for the Internal Domain

References:

  1. Chapter 38. Using different DNS servers for different domains
  2. Two Default Gateways on One System
  3. Linux Set up Routing with IP Command
by

How to check Disk Usage

Checking whether the root partition has run out of inodes. Use the command. If it shows 100%, there are many small files. Perhaps, do look for some of these files at /tmp

df -i
Filesystem                                      Inodes        IUsed        IFree IUse% Mounted on
/dev/mapper/centos-root                        9788840       320849      9467991    4% /
devtmpfs                                      70101496          560     70100936    1% /dev
tmpfs                                         70105725            8     70105717    1% /dev/shm
tmpfs                                         70105725         1581     70104144    1% /run
.....
.....

You may want to check which directories is using the most space with the commands below

% du -hx -d 1 |sort -h
1.3M    ./Espresso-BEEF
4.9M    ./NB07
8.3M    ./Gaussian2
31M     ./Gaussian
65M     ./MATLAB
478M    ./Abaqus
647M    ./pytorch-GAN
10G     ./COMSOL
12G     .

-h argument produces the human-readable output
-x restricts the search to the current directory
-d 1 is the summary for each directory
sort -h produces human-readable output and the directories with the largest usage will appear at the bottom of the list.

by

Using SMART to predict the likelihood for disk failure

Modern Hard Disk implements a System called SMART (Self-Monitoring, Analysis and Reporting) that uses the electronics on the drive to store diagnostic and perform various tests which will help in the prediction of imminent failure of the Hard Disk.

Enable SMART in BIOS

Check and Enabled in the Computer’s BIOS/firmware menu if it not defaulted

Install smartmontools

# dnf install smartmontools

Check SMART data can be accessed

# smartctl --info /dev/sdb

SMART health check

# smartctl --health /dev/sdb

Depending on the amount of information. You need to either run a short test or a long run

# smartctl --test=short /dev/sdb
# smartctl --test=long /dev/sdb

When the smartctl test has completed, do take a look at 

# smartctl --log=selftest /dev/sdb
by

Quick Understanding on swap

Swap Space is virtual memory, using your HDD when you run out of memory. The system swaps some of the contents out of the RAM to the HDD (swap), then bring it back when required.

In the past, when RAM was very small in the single digit of GB or less, we take the rule of 2 times the memory. But with large memory available in your Server, it may not be necessary to configure as much, as we only need as much as we can suspend to disk. I like to use between 16GB to 32GB swap

To control the tendency for the system to use the swap. Configure the vm.swappiness at /etc/sysctl.conf. It is the percentage of memory free before using swap. If you have lots of memory, you can use it as low as 10 from the default 60.

Do take a look at Quick Understanding on Swap

by

Running process in the background

I have just started another blog to deal with more specific topics on Linux. Finally wrote one…… It is Running process in the background. The blog mentions 3 tools

Solution 1: Nohup and ampersand

$ myscript.sh &

The ampersand “&” tells the shell to run the script in the background. You will get the prompt back. But as the script is still a child of the shell. In other words, if you terminate the shell, the script will terminate as well.

To overcome this you may want to use the command “nohup” which ignore the HUP Termination signals. The output will be sent to the “nohup.out” in the current directory

$ nohup myscript.sh &

Alternatively, you may want to redirect to the standard output to standard error to /dev/null

$ nohub myscript.sh  > /dev/null 2>&1 &

Solution 2: Screen

There is a post written by me on Basic GNU Screen Usage on CentOS which you might want to read for more information.

You may want to use screen to run a shell. You may want to name a screen session

$ screen -S my_preferred_screen_name -m

You can also list running Screen Session

$ screen -ls
There is a screen on:
2109.myScreenA (Detached)
1 Socket in /var/run/screen/S-user1

To reattach the Screen Session

screen -r 2109

To detach from a screen session. [Press ctrl with “a” and “d” together]

Ctrl-a + d

Solution 3: tmux

If you prefer to use tmux. You may want to take a look at A beginner’s guide to tmux for more information. If you are starting a session

$ tmux new ./myscript.sh

If you are detaching a session

$ tmux new -d ./myscript.sh
by

Immersion Cooling Showcase – TACC Lonestar6 Supercomputing

As one of the world’s most successful and sustainable immersion-cooled data centers, it’s critical for TACC to overcome the pressures every data center face nowadays — increasing performance, trimming CapEx/OpEx, and developing a more sustainable operation. They turned to immersion cooling to overcome these pressures.

Watch the video Immersion Cooling Showcase – TACC Lonestar6 Supercomputing

by

Gaussian Error – $’\r’: command not found

If you see errors like

/var/spool/pbs/mom_priv/jobs/729107.hpc-mn1.SC: line 2: $'\r': command not found
/var/spool/pbs/mom_priv/jobs/729107.hpc-mn1.SC: line 5: $'\r': command not found
/var/spool/pbs/mom_priv/jobs/729107.hpc-mn1.SC: line 8: $'\r': command not found
/var/spool/pbs/mom_priv/jobs/729107.hpc-mn1.SC: line 11: $'\r': command not found
/var/spool/pbs/mom_priv/jobs/729107.hpc-mn1.SC: line 16: $'\r': command not found
/var/spool/pbs/mom_priv/jobs/729107.hpc-mn1.SC: line 19: $'\r': command not found
/var/spool/pbs/mom_priv/jobs/729107.hpc-mn1.SC: line 22: $'\r': command not found

These errors are usually due to Windows-style newline characters that can cause issues. Please use the commands

$ dos2unix yourfile

This will remove the Windows-style newline characters

by

Protecting Centrify Zones from accidental deletion on Active Directory

If you have been using Centrify for some time, Centrify store Zones and other objects within the Active Directory (AD) or OU. One question always surface, how to protect the objects from accidental deletion. There are 2 ways. The first way is the easiest way.

Method 1: (via Manual Way to disable ‘accidental deletion’ for specific AD object only):

  1. Ask your System Administrator or OU Administrator to open up the “Active Directory Users and Computers” application.
  2. 2Navigate to your intended AD object (or any AD object like your ‘Zone’).
  3. 3) Right-click on your intended AD object, and select ‘Properties’.
  4. 4) Click on the ‘Object’ tab.
  5. 5) Ensure to check the checkbox of ‘Protect object from accidental deletion’.
  6. 6) Click the ‘Apply’ and then the ‘Ok’ button to confirm the changes.

Method 2: (via Powershell to disable ‘accidental deletion for all objects under specified OU ):

1) Ask your System Administrator to open up the ‘Power Shell’ application.

2) For the command below modify the ‘distingushedName’ (DN name) so that it points to the OU relevant to your domain. The below command will set this for all objects in the specified OU:

    Powershell: Get-ADobject -Filter * -SearchBase “{DN_Name}” | Set-adobject -ProtectedFromAccidentalDeletion $true

    Example Command (for centrify  ‘Zone’ OU):: Get-ADobject -Filter * -SearchBase “CN=Zones,CN=Centrify,CN=Program Data,DC=win16org22,DC=pmm” | Set-adobject -ProtectedFromAccidentalDeletion $true

(Take Note; In order to attain the DN name, Right-click on your intended AD object, > select ‘Properties > and Click on the ‘Attribute Editor’ tab > Click on the ‘distinguishedName’ column > Copy the DN name and paste it in the PowerShell command specified above)

(Take Note: This creates a “deny” for deletion of all the objects under the specified OU. Now whoever tries to delete this will generate an event. Hence, the user will have to remove this permission before the object can be deleted.)