How to recover a failed software raid1 system

Jephe Wu - http://linuxtechres.blogspot.com

Objective: use mdadm and grub-install to replace a failed software raid1 hard disk
Environment: HP lp1000r server, 2 hard disk (sda and sdb) with software raid1 during OS installation time, Fedora core 3. One day, sdb failed with many I/O errors

Concept:
shutdown server, remove failed sdb hard disk, replace it with a new one, reboot system. Make partition for the new hard disk, use mdadm to hot add
the partitions to mdX. Finally, install grub for new hard disk.


Steps:
1.  partition the new hard disk after installing to the server
# sfdisk -d /dev/sda | sfdisk /dev/sdb

run partprobe to inform OS partition table changes:
# partprobe -s
/dev/sda: msdos partitions 1 2 3
/dev/sdb: msdos partitions 1 2 3


2. hot add partition to md devices
a. show the current settings
cat /proc/mdstat
mdadm -D /dev/md0
cat /etc/mdadm.conf


b. hotadd partitions to MD devices
mdadm /dev/md1 -a /dev/sdb1  (md1 is for /boot, 100m)
mdadm /dev/md0 -a /dev/sdb2  (md0 is for /, 1G)
mdadm /dev/md2 -a /dev/sdb3  (md2 is for other partitions, 18G, we use LVM on md2 for other partitions such as /usr, /var,/home etc)

note: waiting for the building process percentaga to finish. Initially it will appears as spared hard disk only just after you add the device, then it will start to rebuild, once finished, the removed and spared device informatioin will disappear and become active sync.

or use cat /proc/mdstat to monitor the building process.

3. install grub

you might encounter error 'md0 does not have a corresponding BIOS drive' when running command 'grub-install /dev/sdb'.

why do you get this error?
when you issue command grub-install /dev/sdb, firstly, it looks for /boot/grub/device.map because grub only knows hd0 hd1 etc which is the first and second hard disk found.

when installing grub on sdb by grub-install, it also needs files under /boot, it will look for /etc/mtab to decide where to find /boot. You need to change /boot line device which is /dev/md1 according to point b above. Change /dev/md1 to /dev/sda1 or /dev/sdb1(after hotadd and finished rebuilding)

# grub-install /dev/sdb
or
# grub-install hd1



4. How to monitor failed software raid

 
nohup mdadm --monitor --mail=[user] --delay=[checking_time_in_second] /dev/md[X] &


References:
1. http://radu.rendec.ines.ro/howto/raid1.html
2. http://en.wikipedia.org/wiki/Mdadm
3. http://www.howtoforge.com/replacing_hard_disks_in_a_raid1_array

Cognos and OpenLDAP authentication implementation best practice

Jephe Wu - http://linuxtechres.blogspot.com

Objective: design a better Openldap authentication machnisam for individual clients
Environment: Cognos 8.3 and OpenLDAP

Concept:
Company name corp1, some users are doing Cognos report for client name corp2 because corp1 provides outsourcing services for corp2.
There are some internal cognos ldap account in company corp1 and external users in client company corp2, all these users are trying to read pre-defined reports.


Steps:
1. create openldap database corp1 and corp2 as 2 different namespaces.
All company corp1 users will use namespace corp1 to login cognos and all client company corp2 users will use corp2 as namespace to login cognos.

2. create group 'admin' in openldap namespace corp1, add Jephe into that group. Jephe is the cognos administrator in corp1

3. In cognos security configuraiton 'cognos' namespace, add 'admin' group in namespace corp1 into 'System Administrators' group.

4. in client corp2 public folder , all reports can be granted to corp1 users.

5. you can also grant all users in corp2 into cognos default 'reports administrators' group and give above public folder full access for corp2 users so that corp2 users themselves can edit their reports and save it.

6. Directory access such as save report etc is different from report access. For giving directory full access including 'my folder', do this:

  • Launch Cognos Connection and Log on
  • When using IBM Cognos 8 BI 8.1 or IBM Cognos 8 BI 8.2, click on Tools > Directory
  • When using IBM Cognos 8 BI 8.3 or IBM Cognos 8 BI 8.4, click on Launch > Cognos Administration > Security
  • Click on your Namespace (e.g. Series 7 or LDAP)
  • Search the User Account and click on set properties for the affected User
  • Click on the Permissions tab and grant this user full permissions.
  • Select 'Delete the access permissions of all child entries' and click OK

How to setup Apache httpd 2.2 with openssl and tomcat

Objective: Use the latest httpd 2.2.X and openssl, mod_jk(tomcat connector) to setup a web server with tomcat service.


Steps:
1. download the latest openssl and follow the document to compile and make install

2. use the following configure parameters for httpd
./configure --prefix=/usr/local/apache2 --enable-mods-shared=most ssl rewrite deflate headers expires --with-ssl=/usr/local/ssl
make;make install

note: after that, you can comment out all unnecessary modules from httpd.conf.

3. follow document of mod_jk and use apxs to generate the module file then copy to apache modules directory

FAQ:
1.  when startup apache in chroot envirnment /chroot, got the following error in error.log
caught SIGTERM, shutting down
Digest: generating secret for digest authentication ...
no such file or directory: Digest: error generating secret: no such file or directory

note: you can just simply disable digest module auth_digest_module

2.  When startup httpd, got the following error:
syntax error on line xxx of /usr/local/apache2/conf/httpd.conf
Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration

Note: must enable module authz_host_module, in httpd 2.2.X, the module is replacing the old module mod_access which is required by order command in httpd.conf

3. How to know what configuration command I used before for compiling httpd
Find the config.nice file from httpd source directory.