Shulou(Shulou.com)05/31 Report--

This article mainly introduces "what are the key skills of Linux administrators". In daily operation, I believe many people have doubts about the key skills of Linux administrators. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the questions of "what are the key skills of Linux administrators?" Next, please follow the editor to study!

Tip 1: uninstall an unresponsive DVD drive

The experience of a novice to the web: when you press the Eject button on the DVD drive of the server (running the Redmond-based operating system), it pops up immediately. He then complains that in most enterprise Linux servers, if you run a process in that directory, the pop-up won't happen. As a long-term Linux administrator, I will restart the machine. If I am not sure what is running and why I do not release the DVD drive, I will eject the disk. But it's inefficient.

Here's how to find the process that holds the DVD drive and easily eject the DVD drive: simulate first. Place a disk in the DVD drive, open a terminal, and load the DVD drive:

# mount / media/cdrom # cd / media/cdrom # while [1]; do echo "All your drives are belong to us!"; sleep 30; done

Now open the second terminal and try to eject the DVD drive:

# eject

You will get the following message:

Umount: / media/cdrom: device is busy

Before releasing the device, let's find out who is using it.

# fuser / media/cdrom

The process is running and it is our fault that the disk cannot be ejected. Now, if you are the root user, you can terminate the process at will:

# fuser-k / media/cdrom

Now you can finally uninstall the drive:

# eject

Fuser is normal.

Tip 2: restore the problem screen

Try the following:

# cat / bin/cat

Be careful! The terminal is like garbage. All the input is very messy. So what should I do?

Enter reset. However, entering reset is too close to entering reboot or shutdown. Your palms are sweating with fear-especially when performing this operation on a production machine.

Rest assured that the machine will not restart during this operation. Continue:

# reset

Now the screen is back to normal. This is much better than logging in again after closing the window, especially if you have to go through five machines and SSH to reach this machine.

Tip 3: screen collaboration

David, a senior maintenance user from product engineering, called and said, "Why can't I compile supercode.c on these new machines you deploy?"

You will ask him, "what kind of machine are you running?"

David replied, "Posh". The fictional company named its five production servers in honor of Spice Girls. Now you can show your skills. The other machine is operated by David:

# su-david

Go to posh:

# ssh posh

When you arrive, run the following code:

# screen-S foo

Then call David: "David, run the command # screen-x foo" on the terminal.

At this point, your conversation with David is connected in Linux shell. You can type, or he can type, but each can see what the other is doing. This avoids moving to other levels, and both sides have the same control. The advantage of this is that David can observe your troubleshooting skills and know exactly how to solve the problem.

Finally, everyone can see the problem: David's compilation script hard-codes an old directory that is not on this new server. Load it and compile it again to solve the problem, and then David continues to work. You can continue your previous entertainment.

One thing to note about this technique is that both parties need to log in as the same user. The screen command can also implement multiple windows and split screens. Please read the manual page for more information.

I have one last trick for screen conversation. To detach from it and have it open, enter

Ctrl-A D

(that is, hold down the Ctrl key and click the A key. Then press D). You can then reassemble it by running the screen-x foo command again.

Tip 4: find the root password

If you forget the root password, you must reinstall the entire machine. To make matters worse, many people do so. But it's easy to start the machine and change the password. This does not apply in all cases (such as setting a GRUB password but also forgetting it), but here is a Cent OS Linux example that illustrates what you would do in general.

First, restart the system. The GRUB screen shown in figure 1 will pop up when you restart. Move the arrow keys so that you can stay on this screen instead of entering the normal startup.

Figure 1. Rebooted GRUB screen

Then, use the arrow keys to select the kernel to boot and type E to edit the kernel line. You can then see the screen shown in figure 2:

Figure 2: preparing to edit kernel lines

Use the arrow keys again to highlight the lines that start with kernel, and press E to edit the kernel parameters. When you reach the screen shown in figure 3, append the number 1 to the parameters shown in figure 3:

Figure 3. Append the number 1 to the parameter

Then press Enter and B, and the kernel starts to single-user mode. Then run the passwd command to change the user root password:

Sh-3.00# passwd New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully

Now you can restart and the machine will start with a new password.

Skill 5:SSH back door

Many times, my site needed someone's remote support, but he was blocked by the company's fire prevention. Few people realize that if you can reach the outside through a firewall, you can easily let in external information. From the original intention, this is called "smashing a hole in the firewall". I call it the SSH back door. In order to use it, you must have a machine that acts as an intermediary to connect to the Internet. In this example, such a machine is called blackbox.example.com. The machine behind the corporate firewall is called ginger. The machines supported by this technology are called tech. Figure 4 illustrates the setup process.

Figure 4. Smash a hole in the firewall

Here are the steps:

Check what is allowed, but make sure you ask the right person. Most people are worried that you have opened the firewall, but they do not understand that it is fully encrypted. Moreover, the external machine must be cracked in order to enter the company. However, you may belong to the "aggressive" type. Make your own judgment in the way you should choose, but don't complain about others when you don't like it.

Use the-R flag to connect from ginger to blackbox.example.com via SSH. Suppose you are the root user on ginger, and tech needs the root user ID to help use the system. Use the-R flag to forward the description of port 2222 on blackbox to port 22 on ginger. This sets the SSH channel. Note that only SSH traffic can enter ginger: you don't put ginger on unprotected Internet. You can do this using the following syntax:

~ # ssh-R 2222:localhost:22 thedude@blackbox.example.com

After entering blackbox, you just need to stay logged in. I always enter the following command:

Thedude@blackbox:~$ while [1]; do date; sleep 300; done

Keep the machine busy. Then minimize the window.

Now instruct your friends on tech to connect to blackbox using SSH without using any special SSH tags. But you have to give them the password:

After root@tech:~# ssh thedude@blackbox.example.com tech is on blackbox, you can connect to ginger from SSH using the following command: thedude@blackbox:~$: ssh-p 2222 root@localhost

Tech prompts for a password. The root password of ginger should be entered. Now you and the support from tech can work together and solve the problem. You even need to use the screen together! (see tip 4).

Tip 6: remote VNC sessions over SSH channels

VNC or virtual network computing has been around for a long time. Usually, I need VNC when some kind of graphics program on a remote server can only be used on this server.

For example, suppose that in Tip 5, ginger is a storage server. Many devices use GUI programs to manage storage controllers. These GUI management tools usually require a direct connection to the storage server over a network that is sometimes kept in a dedicated subnet. Therefore, this GUI can only be accessed through ginger.

You can try to use the-X option to connect to the ginger through SSH and start it, but this requires a lot of bandwidth, and you have to endure the pain of waiting. VNC is a network-friendly tool that is suitable for almost all operating systems.

Suppose the settings are the same as in tip 5, but you want tech to access VNC instead of SSH. In this case, something similar needs to be done, but the VNC port is forwarded. Perform the following steps:

Start a VNC server session on ginger. Run the following command:

Root@ginger:~# vncserver-geometry 1024x768-depth 24: 99

These options indicate that the server is started with a resolution of 1024 × 768 and a pixel depth of 24 bits per pixel. If you use slower connection settings, 8 may be a better option. Use: 99 to specify the port on which you can access the VNC server. The VNC protocol starts at 5900, so 99 indicates that the server is accessible from port 5999.

When you start the session, you are asked to specify a password. The user ID is the same as the user who started the VNC server (in this case, the root user).

The SSH connected from ginger to blackbox.example.com forwards port 5999 on blackbox to ginger. This is done in ginger by running the following command:

Root@ginger:~# ssh-R 5999:localhost:5999 thedude@blackbox.example.com

After running this command, you need to keep this SSH session open in order to retain the port forwarded to ginger. At this point, if you are on blackbox, run the following command to access the VNC session on ginger:

Thedude@blackbox:~$ vncviewer localhost:99

This will forward the port to ginger through SSH, but we want VNC to access ginger through tech. To do this, another channel is needed. In tech, open a channel and forward port 5999 over SHH to port 5999 on blackbox. This is done by running the following command:

Root@tech:~# ssh-L 5999:localhost:5999 thedude@blackbox.example.com

The SSH used this time is marked-L, and instead of putting 5999 into the blackbox, it gets from it. Once you reach the blackbox, you need to keep this session open. You are now ready to use VNC in tech!

In tech, run the following command to connect VNC to ginger:

Root@tech:~# vncviewer localhost:99

Tech will now have a VNC session directly to ginger. Setting up is a bit troublesome, but it's much better than running around to repair the storage array. But it will be easier if you practice it a few times.

I would like to add one more point to this technique: if tech is running the Windows ®operating system and does not have a command-line SSH client, then tech can run Putty. Putty can be set to forward SSH ports by looking for options in the sidebar. If the port is 5902 instead of 5999 in this example, you can enter the contents in figure 5.

Figure 5. Putty can forward SSH used as a channel

If this setting is made, tech can connect to localhost:2 using VNC, as if tech were running on the Linux operating system.

Tip 7: check the bandwidth

Imagine: company A has a storage server named ginger and loads NFS through a client node named beckham. Company A determined that they needed more bandwidth from ginger because there were a large number of nodes that needed NFS to mount ginger's shared file system.

The most common and cheapest way to do this is to combine two Gigabit Ethernet NIC. This is the cheapest because you usually have an extra available NIC and an extra port.

So take this method. But the question now is: how much bandwidth is needed?

The theoretical limitation of Gigabit Ethernet is 128MBit/s. Where does this number come from? Look at these calculations:

1Gb = 1024Mb * 8 = 128MB; "b" = "bits,"B" = "bytes"

But what do you actually see, and are there any good methods of measurement? I recommend a tool called iperf. You can obtain iperf in the following ways:

# wget http://dast.nlanr.net/Projects/Iperf2.0/iperf-2.0.2.tar.gz

You need to install this tool on a shared file system where both ginger and beckham are visible, or compile and install it on both nodes. I will compile it in the home directory of the bob user where both nodes are visible:

Tar zxvf iperf*gz cd iperf-2.0.2. / configure-prefix=/home/bob/perf make make install

On ginger, run:

# / home/bob/perf/bin/iperf-s-f M

This machine will be used as a server and output execution speed in MBit/s.

On the beckham node, run:

# / home/bob/perf/bin/iperf-c ginger-P 4-f M-w 256k-t 60

The results on both screens indicate the speed. On a normal server that uses a gigabit adapter, you may see a speed of about 112MBit/s. This is a common bandwidth in TCP stacks and physical cables. I got about 220MBit/s bandwidth by connecting two servers end-to-end, each using two connected Ethernet cards.

In fact, the NFS seen on the connected network is about 150-160MBit/s. This still means that the bandwidth can achieve the desired results. If you see a smaller value, you should check for problems.

I recently encountered a situation in which a connection driver is used to connect two NIC using different drivers. This results in very low performance, with a bandwidth of about 20MBit/s, which is smaller than when you are not connected to an Ethernet card!

Tip 8: command line scripts and utilities

Linux system administrators become more efficient by using authoritative command line scripts. This includes clever use of loops and utilities that know how to use awk, grep, and sed to parse data. Usually this can reduce the number of keystrokes and reduce the user error rate.

For example, suppose you need to generate a new / etc/hosts file for the Linux cluster you are about to install. The general practice is to add an IP address to the vi or text editor. However, you can do this by using the existing / etc/hosts file and appending the following to this file. Run on the command line:

# Play1; for i in $(seq-w 200); do echo "192.168.99.roomP naughi"; done $(expr $P + 1); done > > / etc/hosts

Two hundred hostnames (N001 to N200) will be created by the IP address (192.168.99.1 to 192.168.99.200). Manually populating such a file can create duplicate IP addresses or hostnames, so this is a good example of using the built-in command line to eliminate user errors. Note that this is done within bash shell (the default for most Linux distributions).

As another example, suppose you want to check whether the memory size in each compute node in the Linux cluster is the same. In general, it is best to have a distribution or similar shell. But for demonstration purposes, use SSH below. Suppose SSH is set to not use password authentication. Then run:

# for num in $(seq-w 200); do ssh n$num free-tm | grep Mem | awk'{print $2}'; done | sort | uniq

Such a command line is quite concise. It would be even worse if you put regular expressions in it. Let's break it down and discuss the parts in detail.

First cycle from 001 to 200. Use the-w option of the seq command to populate the front with 0. Then replace the num variable to create a host connected through SSH. Once you have the target host, issue a command to it. In this example:

Free-m | grep Mem | awk'{print $2}'

1. This command means: use the free command to get the amount of memory in megabytes.

2. Get the result of this command and use grep to get the line containing the string Mem.

3. Get that line and use awk to output the second field, which is the total memory in the node. Perform this operation on each node.

After the command is executed on each node, the entire output of the two hundred nodes is passed (| d) to the sort command to sort all memory values. Finally, use the uniq command to eliminate duplicates. This command results in one of the following situations:

1. If all nodes (N001 to N200) have the same memory size, only one number is displayed. This number is the amount of memory seen by each operating system.

2. If the node memory size is different, you will see several memory size values.

3. Finally, if the SSH on a node fails, you will see some error messages.

This order is not perfect. If you find a different memory value than expected, you don't know which node has gone wrong or how many nodes there are. To do this, you need to issue another command.

This technique provides a quick way to view something, and if something goes wrong, you can know right away. Its value lies in quick inspection.

Tip 9: console reconnaissance

Some software outputs error messages to the console, which does not necessarily appear in the SHH session. Checks can be performed using the vcs device. In a SSH session, run the following command on the remote server # cat / dev/vcs1. This displays the contents of the first console. You can also use 2, 3, and so on to view other virtual terminals. If a user enters it on a remote system, you will see what he typed.

In most data farms, using a remote terminal server, KVM, or even Serial Over LAN is the best way to view such information; it also provides some of the benefits of out-of-band viewing. Using vcs devices can provide a quick in-band method, which can save time going to the computer room to check the console.

Tip 10: random system information collection

In tip 8, an example of using the command line to get information about the total memory in the system is introduced. In this tip, I'll introduce several other methods for gathering important information from systems that require verification, troubleshooting, or remote support.

First, collect information about the processor. It is easy to achieve with the following command:

# cat / proc/cpuinfo

This command gives information about the speed, number, and model of the processor. In many cases, you can get the desired value by using grep. The check I often do is to determine the number of processors in the system. So if I buy a quad-core server with a dual-core processor, I can run the following command:

# cat / proc/cpuinfo | grep processor | wc-l

And then I saw that the value should be 8. If not, I will call the supplier and ask them to send me another processor.

Another piece of information I need is disk information. It can be obtained using the df command. I always add the-h flag to see output in gigabytes or megabytes. # df-h also shows the partition of the disk.

At the end of the list is how to view the system firmware-- a way to get firmware information at the BIOS level and on the NIC.

To check the BIOS version, run the dmidecode command. Unfortunately, it is not easy to use grep to get information, so this is not a very effective method. For my Lenovo T61 laptop, the output is as follows:

# dmidecode | less... BIOS Information Vendor: LENOVO Version: 7LET52WW (1.22) Release Date: 08 Universe 27 2007.

This is much more efficient than booting the machine and looking at the POST output. To check the driver and firmware versions of the Ethernet adapter, run ethtool:

# ethtool-I eth0 driver: E1000 version: 7.3.20-k2-NAPI firmware-version: 0.3-0. At this point, the study on "what are the key skills of Linux administrators" is over. I hope to solve everyone's doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.