Posts

Posted on

Find Linux WWID’s and Fiber Channel Storage

Enterprise Linux the very term usually refers to some type of storage area network normally fiber channel.   In all my experience I have not yet met a storage administrator who went to formal storage training.  So it’s no doubt that there are some weaknesses when it comes to storage with linux.  Here are some of the storage basics.    This article assumes you already have a working knowledge of WWID’s, WWN’s and fiber channel storage.

There are multiple WWID’s involved in the process here are a few:

How many WWID's do we need

As you can see we need a lot of WWID’s to make fiber channel storage work.  This article will focus on getting the Storage LUN WWID from the server.  This will allow us to identify our mount points to storage LUN’s.

First thing to identify is the SCSI WWID this is used by Linux Native Multipathing (MPIO) this is found by using the following command (for device sda):

scsi_id -g -u -s /block/sda
38001438005dea3760000700002660000

This will return the SCSI device WWID not to be confused with any other WWID’s.  If you want to know more information about the device you can get a manufactures label by using:

scsi_id -g -u /dev/sda

A lot of this information is stored in /dev/disk in various directories:

[table id=3 /]

The information we want is inside /dev/disk/by-path which looks like this:

lrwxrwxrwx 1 root root   10 Jan 22 13:48 scsi-38001438005dea3760000700002660000 -> ../../sdfj

So in this case the SCSI WWID is 38001438005dea3760000700002660000 while the LUN WWID is :
8001-4380-05de-a376-0000-7000-0266-0000

That’s about it. Now just tie that to your storage system.

Posted on

iptables Block all outgoing traffic

What is the use of blocking out going traffic?  Imagine if you have a web server and you want to allow customers to access your webserver but you do not want to allow rogue software to send message from yoru web server to other people.  This rule is for you.

iptables -A OUTPUT -m state –state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -j REJECT

Posted on

iptables Personal PC Firewalls

The average personal PC has need to be able to reach out into the internet and communicate but no need for people to reach from the internet to your PC.  This set of rules takes advantage of the stateful nature of iptables to allow incomming messages on ESTABLISHED (prevously set by OUTPUT) connections.

iptables -A input -m state –state ESTABLISHED -j ACCEPT

iptables -A input -j REJECT

Posted on

Quick Script to identify WWID on New Lun’s in Linux when using MPIO

Well the other day I had to add a lot of LUN’s to a new system and one of the key elements is writting down the SCSI WWID when I add a LUN so I can tie that back to the storage.   So i wrote a simple script to scan the SCSI bus identify new lun’s and provide their WWID via multipath.   This will only work with some HBA’s and if your using Linux MPIO.

#!/bin/bash
echo "- - -" > /sys/class/scsi_host/host0/scan
echo "- - -" > /sys/class/scsi_host/host1/scan
echo "- - -" > /sys/class/scsi_host/host2/scan
echo "- - -" > /sys/class/scsi_host/host3/scan
ls -altr /dev/sd* | tail -n1 | awk '{ print $10 }' \
| sed 's/\/dev\///g' | awk '{print "/sbin/multipath -v3 \
| grep " $1 " | grep undef"}' > out
chmod 755 out
./out 
rm -f out
Posted on

MythTV Automatic Email of new Pilots Report

Over the years I have written a ton of reports for MythTV.  This particular report sends an email using an smtp email account with all the new shows with pilot as a subtitle.  This allows me to quickly scan new shows for things I want to record.  I wrote it in php since most Myth systems are running php for MythWeb.    I know it’s not the cleanest code but it works for me.  I have bolded items that you need to customize for your environment.  I load it in as a weekly cron job and it’s good to go:

new_pilot.php

Posted on

MythTV Automatic Email of TV pilots

Over the years I have written a ton of reports for MythTV.  This particular report sends an email using an smtp email account with all the Shows with pilot as a subtitle.  This allows me to quickly scan new shows for things I want to record.  I wrote it in php since most Myth systems are running php for MythWeb.    I know it’s not the cleanest code but it works for me.  I have bolded items that you need to customize for your environment.  I load it in as a weekly cron job and it’s good to go:

all_pilots.php

Posted on

iptables allow ssh and http

Allow web and ssh connections SSH and web both require out going messages on established tcp connections.

iptables -A OUTPUT -o eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

Then you need to allow incomming connections on port 80 and 22 and possibly 443

iptables -A INPUT -p tcp -i eth0 –dport 22 –sport 1024:65535 -m state –state NEW -j ACCEPT

iptables -A INPUT -p tcp -i eth0 –dport 80 –sport 1024:65535 -m state –state NEW -j ACCEPT

iptables -A INPUT -p tcp -i eth0 –dport 443 –sport 1024:65535 -m state –state NEW -j ACCEPT

Posted on

Mythdora Upgrade from .21 to .22 problems with mp4 playback

I have been having stability problems with my Myth backend and primary front end so I went for a upgrade.

yum upgrade \*myth\*

This worked perfectly except MP4’s would not play anymore.  Normally this would not be an issue except almost everything I have is in MP4 (H264) with (AAC) audio.    It took a little time to find the solution and I messed with all kinds of menu’s and such in the end it turns out a symlink is missing:

ln -s /usr/lib/libfaad.so.0  /usr/lib/libfaad.so

Then they magically worked.

The upgrade also changed a log of functionality which can be a learning curse read up before you upgrade.

MythVideo Transition Guide

Posted on

iptables rules for DNS server

To allow a DNS server to operate use the following rules (assuming your blocking inbound and outbound in iptables)

DNS communicated in to destination port 53 but can come from any port in the upper range. So these rules require a large section of ports to allow access as long as they want to talk to 53.

iptables -A OUTPUT -p udp –dport 53 –sport 1024:65535 -j ACCEPT

iptables -A INPUT -p udp –dport 53 –sport 1024:65535 -j ACCEPT