How to reduce AWS EBS root volume size

Jephe Wu - http://linuxtechres.blogspot.com

Objective:  reduce the AWS EBS root volume size from 8G to 4G since file system only used less than 3G.
Environment:  Amazon Linux AMI 2015.03 (HVM), SSD Volume Type - ami-fd9cecc7, t2.macro instance type with 8G gp EBS volume as root volume (default creation steps with launch instance wizard)

Diagram

original instance: jephe-base, with 8G ebs root volume, need to shrink it to 5G 
lab1 instance: used for the whole shrink process test
ebs volume 'source': created from snapshot of root volume from original instance.
ebs volume 'dest':  manually created new volume with 5G 



Steps:
1.  create another small instance named lab1
Amazon Linux AMI 2015.03 (HVM), SSD Volume Type - ami-fd9cecc7 , t2.macro, 8G gp ebs volume.

2.  make snapshot backup and create volume from it
stop the original base instance, detach its 8G volume, make snapshot of it, then create test volume named 'source' from snapshot, so we can work on the source volume instead of original base volume 

3. create another new volume named 'dest' with expected size (5g) and within same AZ as instance lab1
Note: the actual file system size of base volume must be less than 5G

4. attach volume F and G to small instance lab1 as /dev/xvdf and /dev/xvdg respectively
so the Linux OS will see /dev/xvdf, /dev/xvdf1 and /dev/xvdg as follows

5. while lab1 instance is running, attach both volume source and dest to it as /dev/sdf and /dev/sdg.

[ec2-user@ip-10-0-11-185 ~]$ more /proc/partitions
major minor  #blocks  name

 202        0    8388608 xvda
 202        1    8386543 xvda1
 202       80    8388608 xvdf
 202       81    8386543 xvdf1
 202       96    5242880 xvdg


6. fsck and resize2fs to minimum 

[root@ip-10-0-11-185 mnt]# e2fsck -f /dev/xvdf1
e2fsck 1.42.12 (29-Aug-2014)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/: 38013/524288 files (0.2% non-contiguous), 606002/2096635 blocks

[root@ip-10-0-11-185 mnt]# resize2fs -M -p /dev/xvdf1
resize2fs 1.42.12 (29-Aug-2014)
Resizing the filesystem on /dev/xvdf1 to 944604 (4k) blocks.
Begin pass 2 (max = 139004)
Relocating blocks             XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Begin pass 3 (max = 64)
Scanning inode table          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Begin pass 4 (max = 4518)
Updating inode references     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/xvdf1 is now 944604 (4k) blocks long.

[root@ip-10-0-11-185 mnt]# resize2fs -M -p /dev/xvdf1
resize2fs 1.42.12 (29-Aug-2014)
Resizing the filesystem on /dev/xvdf1 to 940777 (4k) blocks.
The filesystem on /dev/xvdf1 is now 940777 (4k) blocks long.

[root@ip-10-0-11-185 mnt]# resize2fs -M -p /dev/xvdf1
resize2fs 1.42.12 (29-Aug-2014)
Resizing the filesystem on /dev/xvdf1 to 940770 (4k) blocks.
The filesystem on /dev/xvdf1 is now 940770 (4k) blocks long.

7. calculate the actual file system size after resize2fs -M, round it up a bit to 300
[root@ip-10-0-11-185 mnt]# echo "scale=5; 940770*4/(1024*16)" | bc
229.68017

8.  make partition for /dev/xvdg by fdisk
[root@ip-10-0-11-185 mnt]# fdisk /dev/xvdg
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xaa83e894.

Command (m for help): p

Disk /dev/xvdg: 5368 MB, 5368709120 bytes, 10485760 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xaa83e894

    Device Boot      Start         End      Blocks   Id  System

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-10485759, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-10485759, default 10485759):
Using default value 10485759
Partition 1 of type Linux and of size 5 GiB is set

Command (m for help): wq
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
[root@ip-10-0-11-185 mnt]# fdisk -l /dev/xvdg

Disk /dev/xvdg: 5368 MB, 5368709120 bytes, 10485760 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xaa83e894

    Device Boot      Start         End      Blocks   Id  System
/dev/xvdg1            2048    10485759     5241856   83  Linux

[root@ip-10-0-11-185 mnt]# cat /proc/partitions 
major minor  #blocks  name

 202        0    8388608 xvda
 202        1    8386543 xvda1
 202       80    8388608 xvdf
 202       81    8386543 xvdf1
 202       96    5242880 xvdg
 202       97    5241856 xvdg1

9.  use dd to copy file system 
[root@ip-10-0-11-185 mnt]# dd if=/dev/xvdf1 of=/dev/xvdg1 bs=16M count=230 
230+0 records in
230+0 records out
3858759680 bytes (3.9 GB) copied, 113.625 s, 34.0 MB/s

Note: you can run kill -USR1 pidofdd from another terminal to get the dd progress

10. mount /dev/xvdg1 to /mnt/g and bind mount /dev to /mnt/g/dev 

[root@ip-10-0-11-185 mnt]# mount /dev/xvdg1 g
[root@ip-10-0-11-185 mnt]# cd g
[root@ip-10-0-11-185 g]# ls
bin  boot  dev  etc  home  lib  lib64  local  lost+found  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var

[root@ip-10-0-11-185 g]# mount --bind /dev /mnt/g/dev/


11. install grub on /dev/xvdg

[root@ip-10-0-11-185 g]# chroot .
[root@ip-10-0-11-185 /]# ls
bin  boot  dev  etc  home  lib  lib64  local  lost+found  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var
[root@ip-10-0-11-185 /]# grub
Probing devices to guess BIOS drives. This may take a long time.


    GNU GRUB  version 0.97  (640K lower / 3072K upper memory)

 [ Minimal BASH-like line editing is supported.  For the first word, TAB
   lists possible command completions.  Anywhere else TAB lists the possible
   completions of a device/filename.]
grub> find /boot/grub/stage1
find /boot/grub/stage1
 (hd0,0)
 (hd1,0)
 (hd2,0)
grub> root (hd2,0)
root (hd2,0)
 Filesystem type is ext2fs, partition type 0x83
grub> setup (hd2)
setup (hd2)
 Checking if "/boot/grub/stage1" exists... yes
 Checking if "/boot/grub/stage2" exists... yes
 Checking if "/boot/grub/e2fs_stage1_5" exists... yes
 Running "embed /boot/grub/e2fs_stage1_5 (hd2)"...  29 sectors are embedded.
succeeded
 Running "install /boot/grub/stage1 (hd2) (hd2)1+29 p (hd2,0)/boot/grub/stage2 /boot/grub/grub.conf"... succeeded
Done.
grub> quit
quit
[root@ip-10-0-11-185 /]# exit
exit
[root@ip-10-0-11-185 g]# cd /

[root@ip-10-0-11-185 /]# umount /mnt/g/dev
[root@ip-10-0-11-185 /]# umount /mnt/g/
[root@ip-10-0-11-185 /]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      7.8G  919M  6.8G  12% /
devtmpfs        490M   72K  490M   1% /dev
tmpfs           499M     0  499M   0% /dev/shm


[root@ip-10-0-11-185 ec2-user]# e2fsck -f /dev/xvdg1
e2fsck 1.42.12 (29-Aug-2014)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/: 38013/237568 files (0.3% non-contiguous), 587515/940770 blocks

Now stop instance lab1, detach all 3 volumes including os base volume for lab1, attach dest volume to lab1 with root device as /dev/xvda. start up instance lab1 again to make sure it can start up successfully.

Now, stop test instance lab1, detach volume named 'dest' , stop original instance and detach its volume,  attach volume 'dest' to original instance to start up.

Note: during ec2 instance startup, it will automatically resize file sytem to the maximum.

Here is the df -h result after startup the 'dest' volume with original instance jephe-base.

[root@ip-172-31-13-17 ec2-user]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      4.8G  2.2G  2.7G  46% /
devtmpfs        490M   56K  490M   1% /dev
tmpfs           499M     0  499M   0% /dev/shm



How to create AWS NAT and Bastion Hosts in VPC

Jephe Wu - http://linuxtechres.blogspot.com


Objective:  Use VPC wizard to create public and private subnets in different AZ and use NAT service for private subnets and access servers on private subnets through bastion host.

Steps:


1. Use VPC wizard to create required subnets.


We will create the following VPC network and subnets:
10.0.0.0/16 with subnets:

10.0.0.0/24 public subnet A in ap-southeast-2a with Elastic IP 1 hosting company web server and NAT box
10.0.1.0/24 private subnet C in ap-southeast-2a  hosting SQL server, access Internet through NAT box in public subnet A
10.0.10.0/24 public subnet B in ap-southeast-2b with Elastic IP 2 hosting a bostion server which is Windows 2008 R2 base OS, jumphost for accessing SQL server in subnet C
10.0.11.0/24 private subnet D in ap-southeast-2b hosting other servers or applications, accessing Internet through NAT box in public subnet A


Above wizard will only create subnet A and C and NAT box. 
After that, follow normal procedure to create Internet facing web server instance with elastic IP and automatic assigned or manually specified private IP e.g. 10.0.0.104/24

Eventually, we need to create 2 more subnet in another AZ manually to make it like this:

Network Diagram:
----Internet --- public subnet A (with 10.0.0.0/24)  --- private subnet C ( with 10.0.1.0/24)  [ ap-southeast-2a ]
----Internet ----pubic subnet B  (with 10.0.10.0/24) ---- private subnet D  (with 10.0.11.0/24) [ ap-southeast-2b ]
          

2. Configure NAT box
After finishing wizard, the NAT is up and running, you still need to configure the following to make it as masquerading NAT box for your entire VPC network 10.0.0.0/16, by default, it only allow the outbound Internet traffic.

  • check security group configuration of NAT box instance, by default, it doesn't allow the entire VPC 10.0.0.0/16 for incoming traffic which will block Internet access for all private subnets.
Also, check other settings such as disable src/destination check, the routing table for private subnet hosts routing table (must be pointing to NAT box ENI).

You can also ssh into NAT box from Internet to check iptables rules and ip forwarding:

[root@ip-10-0-0-104 ec2-user]# iptables -L -v -n -t nat | grep 10.0
  531 31715 MASQUERADE  all  --  *      eth0    10.0.0.0/16          0.0.0.0/0 

[root@ip-10-0-0-104 ec2-user]# more /proc/sys/net/ipv4/ip_forward
1

[root@ip-10-0-0-104 ec2-user]# grep nameserver /etc/resolv.conf 
nameserver 10.0.0.2

2.1 use NAT instance as port forwarding for RDS instance (e.g. to RDS Postgres)
Firstly make sure from Nat box e.g 10.0.20.254, you can telnet to e.g. 10.0.23.114 port 5432, then run commands below on NAT box
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 5432 -j DNAT --to 10.0.23.114:5432
iptables -A FORWARD -p tcp -d 10.0.23.114 --dport 5432 -j ACCEPT (might be optional)
iptables -A POSTROUTING -t nat -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 --dport 5432 -j SNAT --to 10.0.20.254
Note: 10.0.23.114 is the RDS internal ip and 10.0.20.254 is NAT internal ip 
Now add the external application ip into the NAT box security group to allow connection.

3. Configure Bostion Windows Server in public subnet C

Create another 2 more subnets C and D in another AZ ap-southeast-2b,  replace public subnet C routing table from ENI of NAT box to igw so that we can access it from Internet as jumphost.


4. Create SQL server database host in private subnet B
configure security group setting to only allow the internal IP of Bostion Windows server or the whole private subnet 10.0.0.0/16.

Notes for security group:
You can also specify another security group groupid in the customer IP part to quote the same security group settings. 

For either Linux or Windows server, if you remove your current connection source IP from security group while you are on the servers, the existing connection will be still okay, but if you exit ssh/rdp, the new connection won't be able to make. 





Linux OpenSSH Advanced Video Tutorial

Jephe Wu - http://linuxtechres.blogspot.com

Objective: Value-add advanced Linux OpenSSH video tutorial made free to everyone.

Video course 1: OpenSSH chroot sftp part I  with PDF tutorial

Video course 2: OpenSSH chroot sftp part II with PDf tutorial

Video course 3: OpenSSH chroot sftp Part III with PDF tutorial

Video course 4: SSH passwordless login with PDF tutorial

Video course 5: SSH transparent proxy with PDF tutorial


Video course 6: SSH local port forwarding with PDF tutorial

Video course 7: SSH remote port forwarding with PDF tutorial

Video course 8: SSH gateway ports local  with PDF tutorial

Video course 9: SSH gateway ports remote with PDF tutorial

Video course 10: SSH socks proxy with PDF tutorial

Video course 11: SSH http proxy with PDF tutorial 


Video course 12: SSH agent with PDF tutorial 

Video course 13: OpenSSH screen with PDF tutorial

Video course 14: OpenSSH keepalive with PDF tutorial

Video course 15: OpenSSH troubleshooting I with PDF tutorial

Video course 16: OpenSSH troubleshooting II with PDF tutorial

How to Install Oracle VM Server 3.2 and 3.3 from USB Key

Jephe Wu - http://linuxtechres.blogspot.com


Objective:  to install Oracle VM server 3.2.8 or 3.3.2 from USB key for those server without DVD/CDROM drive

Steps on Linux Mint 17 

Preparing USB key
Make partition by fdisk /dev/sdb1, make it as W95 FAT32 (b) type
fdisk /dev/sdb
L , b , wq
format it by running mkfs -t vfat /dev/sdb1

use unetbootin 

install unetbootin software from Mint 17 software manager. 

copy ISO file into /dev/sdb1

mount /dev/sdb1 under Linux mint , copy OVS3.2.8 iso file to it directly, without creating any folder.

boot from USB to install OVMS 3.2.8

choose installation method 'Hard drive', selection partiton /dev/sdb1 which contain installation image 
at partition type screen, deselect sdb
at 'boot loader configuration' screen, choose 'change drive order' to use sda, then use sda to install MBR

Steps on Windows

Install unetbootin
format USB key as FAT format
use unetbootin to write iso file to it as above
copy iso file into USB key directly

FAQ

format it as ext2 or ext3 and use unetbootin to write iso file doesn't boot if you didn't install extlinux package from Mint software manager.
Notes
The size of OVM 3.3 iso file size is now doubled compared to OVMS 3.2.9. 1GB USB key is now not able to fit.



How to decide ethX layout after Oracle VM Server 3.2 Installation

Jephe Wu - http://linuxtechres.blogspot.com

Objective: to decide ethX layout remotely after Oracle VM Server 3.2 installation.
Environment: Oracle VM server 3.2.9

If you are in front of the physical server, you can decide ethX layout easily by running 'ethtool -p ethX' etc to blink each NIC light. e.g. ethtool -p eth0

How Oracle VM server to decide which NIC for which ethX
based on pci bus address from low to high to assign eth0, eth1 etc

Theory behind

  • Os will assign ethX sequence based on NIC PCI bus address sequence
  • 4 NICs onboard are actually 2 dualports cards
  • For additional PCI card, the ports near the bottom pins are getting high pci bus number, from ethX is assigned from top to bottom.
  • Sometimes, pci bus address has primary-secondary relationships, 


Check steps

Get server model, pci NIC slot direction, PCI numbering sequence physically etc first
/sys/class/net 
[root@cpnrglobovms13 device]# more /sys/class/net/eth0/device/label
Intel 82576 Ethernet Controller.
to decide pci bus address and ethX alighment
ll /sys/class/net
List ethX bus information - ethtool -i ethX
[root@ovms01 ~]# for i in `ifconfig -a | grep ^eth | awk '{print $1}' | xargs`; do echo -n "$i " && ethtool -i $i| grep -i bus ; done
eth0 bus-info: 0000:01:00.0
eth1 bus-info: 0000:01:00.1
eth2 bus-info: 0000:02:00.0
eth3 bus-info: 0000:02:00.1
eth4 bus-info: 0000:04:00.0
eth5 bus-info: 0000:04:00.1
eth6 bus-info: 0000:07:00.0
eth7 bus-info: 0000:07:00.1
eth8 bus-info: 0000:08:00.0
eth9 bus-info: 0000:08:00.1
lspci to get ethernet NICs - lspci | grep -i eth

[root@ovms01 ~]# lspci | grep -i eth
01:00.0 Ethernet controller: Broadcom Corporation Device 165f
01:00.1 Ethernet controller: Broadcom Corporation Device 165f
02:00.0 Ethernet controller: Broadcom Corporation Device 165f
02:00.1 Ethernet controller: Broadcom Corporation Device 165f
04:00.0 Ethernet controller: Intel Corporation Device 154d (rev 01)
04:00.1 Ethernet controller: Intel Corporation Device 154d (rev 01)
07:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)
07:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)
08:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)
08:00.1 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (Copper) (rev 06)

lspci bridge to secondary  - lspci -vvv | grep primary
05:00 -> 06:00 -> 07:00 and 08:00
[root@hmspglobovms01 device]# lspci -vvv | grep primary
Bus: primary=00, secondary=02, subordinate=02, sec-latency=0
Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
Bus: primary=00, secondary=04, subordinate=04, sec-latency=0
Bus: primary=00, secondary=03, subordinate=03, sec-latency=0
Bus: primary=00, secondary=05, subordinate=08, sec-latency=0
Bus: primary=00, secondary=09, subordinate=09, sec-latency=0
Bus: primary=00, secondary=0a, subordinate=0a, sec-latency=0
Bus: primary=00, secondary=0b, subordinate=0f, sec-latency=0
Bus: primary=00, secondary=10, subordinate=10, sec-latency=32
Bus: primary=05, secondary=06, subordinate=08, sec-latency=0
Bus: primary=06, secondary=07, subordinate=07, sec-latency=0
Bus: primary=06, secondary=08, subordinate=08, sec-latency=0
Bus: primary=0b, secondary=0c, subordinate=0f, sec-latency=0
Bus: primary=0c, secondary=0d, subordinate=0e, sec-latency=0
Bus: primary=0c, secondary=0f, subordinate=0f, sec-latency=0
Bus: primary=0d, secondary=0e, subordinate=0e, sec-latency=0
dmidecode to list PCI slot information 
[root@ovms01 ~]# dmidecode -t 9
# dmidecode 2.10
SMBIOS 2.7 present.
# SMBIOS implementations newer than version 2.6 are not
# fully supported by this version of dmidecode.

Handle 0x0900, DMI type 9, 17 bytes
System Slot Information
Designation: PCI1
Type: x8 <OUT OF SPEC>
Current Usage: In Use
Length: Long
Characteristics:
3.3 V is provided
PME signal is supported
Bus Address: 0000:04:00.0

Handle 0x0901, DMI type 9, 17 bytes
System Slot Information
Designation: PCI2
Type: x16 <OUT OF SPEC>
Current Usage: In Use
Length: Long
Characteristics:
3.3 V is provided
PME signal is supported
Bus Address: 0000:05:00.0

dmidecode to get onboard device information
[root@ovms01 ~]# dmidecode -t 41  or dmidecode -t slot
# dmidecode 2.10
SMBIOS 2.7 present.
# SMBIOS implementations newer than version 2.6 are not
# fully supported by this version of dmidecode.
Handle 0x2900, DMI type 41, 11 bytes
Onboard Device
Reference Designation: Integrated NIC 1
Type: Ethernet
Status: Enabled
Type Instance: 1
Bus Address: 0000:01:00.0
Handle 0x2901, DMI type 41, 11 bytes
Onboard Device
Reference Designation: Integrated NIC 2
Type: Ethernet
Status: Enabled
Type Instance: 2
Bus Address: 0000:01:00.1
Handle 0x2902, DMI type 41, 11 bytes
Onboard Device
Reference Designation: Integrated NIC 3
Type: Ethernet
Status: Enabled
Type Instance: 3
Bus Address: 0000:02:00.0
Handle 0x2903, DMI type 41, 11 bytes
Onboard Device
Reference Designation: Integrated NIC 4
Type: Ethernet
Status: Enabled
Type Instance: 4
Bus Address: 0000:02:00.1

lspci to get ethernet NIC information
[root@ovms01 ~]# lspci | grep -i ethernet

dmidecode to get PCI card information
[root@ovms01 ~]# dmidecode -t slot | grep -e Designation -e Bus

use ethtool to decide bus info
[root@ovms10 ~]# for i in `ifconfig -a | grep ^eth | awk '{print $1}' | xargs`; do echo -n "$i " && ethtool -i $i| grep -i bus ; done 
eth0 bus-info: 0000:01:00.0
eth1 bus-info: 0000:01:00.1
eth2 bus-info: 0000:04:00.0
eth3 bus-info: 0000:04:00.1
eth4 bus-info: 0000:42:00.0
eth5 bus-info: 0000:42:00.1
eth6_rename bus-info: 0000:07:00.0
eth7_rename bus-info: 0000:07:00.1
dmesg to get PCI slot cards MAC address
[root@ovms01 ~]# dmesg | grep 'PCI Express'
pciehp: PCI Express Hot Plug Controller Driver version: 0.4
ixgbe: Intel(R) 10 Gigabit PCI Express Network Driver - version 3.4.8-k
ixgbe 0000:08:00.0: (PCI Express:5.0GT/s:Width x8) 90:e2:ba:19:a6:80
ixgbe 0000:08:00.1: (PCI Express:5.0GT/s:Width x8) 90:e2:ba:19:a6:81
ixgbe 0000:0e:00.0: (PCI Express:5.0GT/s:Width x8) 90:e2:ba:19:a5:ac
ixgbe 0000:0e:00.1: (PCI Express:5.0GT/s:Width x8) 90:e2:ba:19:a5:ad
ixgbe 0000:0f:00.0: (PCI Express:5.0GT/s:Width x8) 90:e2:ba:19:58:20
ixgbe 0000:0f:00.1: (PCI Express:5.0GT/s:Width x8) 90:e2:ba:19:58:21
bnx2 0000:01:00.0: eth0: Broadcom NetXtreme II BCM5709 1000Base-T (C0) PCI Express found at mem f2000000, IRQ 36, node addr d4:ae:52:e6:83:a0
bnx2 0000:01:00.1: eth1: Broadcom NetXtreme II BCM5709 1000Base-T (C0) PCI Express found at mem f4000000, IRQ 48, node addr d4:ae:52:e6:83:a2
bnx2 0000:02:00.0: eth2: Broadcom NetXtreme II BCM5709 1000Base-T (C0) PCI Express found at mem f6000000, IRQ 37, node addr d4:ae:52:e6:83:a4
bnx2 0000:02:00.1: eth3: Broadcom NetXtreme II BCM5709 1000Base-T (C0) PCI Express found at mem f8000000, IRQ 49, node addr d4:ae:52:e6:83:a6


to get each PCI bus address MAC address:
[root@ovms1 ~]# dmesg | grep 02:00.0 | grep 'PCI Express'
Kickstart to swap eth2/eth3 and eth6/eth7 for better reading if necessary
echo "fixing ethX device sequence"
ETH2=`dmesg | grep Express | grep "30:00.0" | awk '{print $NF}'`
ETH3=`dmesg | grep Express | grep "30:00.1" | awk '{print $NF}'`
ETH6=`dmesg | grep Express | grep "88:00.0" | awk '{print $NF}'`
ETH7=`dmesg | grep Express | grep "88:00.1" | awk '{print $NF}'`


cd /etc/sysconfig/network-scripts
sed -i -e "s/^HWADDR.*/HWADDR=$ETH6/g" ifcfg-eth2
sed -i -e "s/^HWADDR.*/HWADDR=$ETH7/g" ifcfg-eth3
sed -i -e "s/^HWADDR.*/HWADDR=$ETH2/g" ifcfg-eth6
sed -i -e "s/^HWADDR.*/HWADDR=$ETH3/g" ifcfg-eth7

Draw ethX layout at last step
example below:
PCI1
RAID Controller
PCI2
00:42.00.1(eth5)(pin) 00:42.00.0(eth4)
PCI3
00:04:00.0(eth2) 00:04:00.1(eth3)(pin)
eth0
00:01:00.0
eth1
00:01:00.1
eth6 (X)
00:07:00.0
eth7 (X)
00:07:00.1
Ultimate way to associate ethX with PCI bus address
[root@ovms10 rules.d]# more 99-ethernet.rules
KERNEL=="eth*", ID=="0000:01:00.0", name="eth0"
KERNEL=="eth*", ID=="0000:01:00.1", name="eth1"
KERNEL=="eth*", ID=="0000:04:00.0", name="eth2"
KERNEL=="eth*", ID=="0000:04:00.1", name="eth3"
KERNEL=="eth*", ID=="0000:42:00.0", name="eth4"
KERNEL=="eth*", ID=="0000:42:00.1", name="eth5"
KERNEL=="eth*", ID=="0000:07:00.0", name="eth6"
KERNEL=="eth*", ID=="0000:07:00.1", name="eth7"

[root@ovms10 rules.d]# ethtool -i eth0
driver: ixgbe
version: 3.4.8-k
firmware-version: 4.2-8
bus-info: 0000:01:00.0