Notes of a Systems Administrator

Friday, 24 June 2016

GitLab CE update broke service!

A recent GitLab CE update left the service down. A restart of the service resulted in this error when trying to login:

Could not authenticate you from Ldapmain because "Pg::undefinedtable: error: relation "u2f registrations" does not exist line 5: where a.attrelid = '"u2f registrations"'::reg... ^ : select a.attname, format type(a.atttypid, a.atttypmod), pg get expr(d.adbin, d.adrelid), a.attnotnull, a.atttypid, a.atttypmod from pg attribute a left join pg attrdef d on a.attrelid = d.adrelid and a.attnum = d.adnum where a.attrelid = '"u2f registrations"'::regclass and a.attnum > 0 and not a.attisdropped order by a.attnum ".

A bit strange and worrying that maybe the database was corrupted and/or missing. But after an initial google for "gitlab u2f registrations" revealed that is was 2 factor authentication - which we are not using here. So first thing was to find out how to disable this system-wide - apparently this was the command: gitlab-rake gitlab:two_factor:disable_for_all_users, but running it resulted in the following:

[root@gitlab gitlab]# gitlab-rake gitlab:two_factor:disable_for_all_users
rake aborted!
ActiveRecord::StatementInvalid: PG::UndefinedTable: ERROR:  relation "u2f_registrations" does not exist
LINE 1: ...STINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_regist...
                                                             ^
: SELECT DISTINCT COUNT(DISTINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_registrations AS u2f ON u2f.user_id = users.id WHERE (u2f.id IS NOT NULL OR otp_required_for_login = 't')
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `async_exec'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `block in exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:472:in `block in log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activesupport-4.2.6/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:466:in `log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:584:in `execute_and_clear'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql/database_statements.rb:160:in `exec_query'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:356:in `select'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:32:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/query_cache.rb:70:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:264:in `execute_simple_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:221:in `perform_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:127:in `calculate'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:42:in `count'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/two_factor.rake:6:in `block (3 levels) in '
PG::UndefinedTable: ERROR:  relation "u2f_registrations" does not exist
LINE 1: ...STINCT "users"."id") FROM "users" LEFT OUTER JOIN u2f_regist...
                                                             ^
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `async_exec'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `block in exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:472:in `block in log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activesupport-4.2.6/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract_adapter.rb:466:in `log'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:592:in `exec_no_cache'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql_adapter.rb:584:in `execute_and_clear'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/postgresql/database_statements.rb:160:in `exec_query'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:356:in `select'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/database_statements.rb:32:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/connection_adapters/abstract/query_cache.rb:70:in `select_all'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:264:in `execute_simple_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:221:in `perform_calculation'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:127:in `calculate'
/opt/gitlab/embedded/service/gem/ruby/2.1.0/gems/activerecord-4.2.6/lib/active_record/relation/calculations.rb:42:in `count'
/opt/gitlab/embedded/service/gitlab-rails/lib/tasks/gitlab/two_factor.rake:6:in `block (3 levels) in '
Tasks: TOP => gitlab:two_factor:disable_for_all_users
(See full trace by running task with --trace)

So obviously that was not the problem. So let's take a snapshot of this gitlab VM and run a reconfigure:

[root@gitlab gitlab]# gitlab-ctl reconfigure
Starting Chef Client, version 12.6.0
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - package (0.0.0)
  - gitlab (0.0.1)
  - runit (0.14.2)
Compiling Cookbooks...
Recipe: gitlab::default
  * directory[/etc/gitlab] action create (up to date)
/sbin/init: unrecognized option '--version'
-.mount                                                                                                         loaded active mounted   /
  Converging 282 resources
  * directory[/etc/gitlab] action nothing (skipped due to action :nothing)
  * directory[/var/opt/gitlab] action create (up to date)
  * directory[/opt/gitlab/embedded/etc] action create (up to date)
  * template[/opt/gitlab/embedded/etc/gitconfig] action create (up to date)
Recipe: gitlab::web-server
  * group[gitlab-www] action create (up to date)
  * user[gitlab-www] action create (up to date)
Recipe: gitlab::users
  * directory[/var/opt/gitlab] action create (up to date)
  * group[git] action create (up to date)
  * user[git] action create (up to date)
  * template[/var/opt/gitlab/.gitconfig] action create (up to date)
Recipe: gitlab::gitlab-shell
  * directory[/var/opt/gitlab/git-data/repositories] action create (up to date)
  * directory[/var/opt/gitlab/git-data] action create (up to date)
  * directory[/var/opt/gitlab/.ssh] action create (up to date)
  * file[/var/opt/gitlab/.ssh/authorized_keys] action create (up to date)
  * directory[/opt/gitlab/embedded/service/gitlab-shell/hooks/] action create (up to date)
  * file[/opt/gitlab/embedded/service/gitlab-shell/authorized_keys.lock] action create (up to date)
  * execute[chcon --recursive --type ssh_home_t /var/opt/gitlab/.ssh] action runid: --context (-Z) works only on an SELinux-enabled kernel
 (skipped due to only_if)
  * directory[/var/log/gitlab/gitlab-shell/] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-shell] action create (up to date)
  * template[/var/opt/gitlab/gitlab-shell/config.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-shell/config.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-shell/gitlab_shell_secret] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret] action create (up to date)
Recipe: gitlab::gitlab-rails
  * directory[/var/log/gitlab] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/artifacts] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/lfs-objects] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/uploads] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-ci/builds] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/shared/pages] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/etc] action create (up to date)
  * directory[/opt/gitlab/etc/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/working] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/tmp] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails/upgrade-status] action create (up to date)
  * directory[/var/log/gitlab/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/backups] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-rails] action create (up to date)
  * directory[/var/opt/gitlab/gitlab-ci] action create (up to date)
  * template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/secret] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/.secret] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/database.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/database.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/resque.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/resque.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/aws.yml] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/aws.yml] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/relative_url.rb] action delete (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/relative_url.rb] action delete (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/gitlab.yml] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml] action create (up to date)
  * template[/var/opt/gitlab/gitlab-rails/etc/rack_attack.rb] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/rack_attack.rb] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret] action create (up to date)
  * directory[/opt/gitlab/etc/gitlab-rails/env] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/HOME] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/RAILS_ENV] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/SIDEKIQ_MEMORY_KILLER_MAX_RSS] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/BUNDLE_GEMFILE] action create (up to date)
  * file[/opt/gitlab/etc/gitlab-rails/env/PATH] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/tmp] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/public/uploads] action create (up to date)
  * link[/opt/gitlab/embedded/service/gitlab-rails/log] action create (up to date)
  * link[/var/log/gitlab/gitlab-rails/sidekiq.log] action create (skipped due to not_if)
  * file[/opt/gitlab/embedded/service/gitlab-rails/db/schema.rb] action create (up to date)
  * remote_file[/var/opt/gitlab/gitlab-rails/VERSION] action create (up to date)
  * remote_file[/var/opt/gitlab/gitlab-rails/REVISION] action create (up to date)
  * file[/var/opt/gitlab/gitlab-rails/RUBY_VERSION] action create (up to date)
  * execute[chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public] action run
    - execute chown -R root:root /opt/gitlab/embedded/service/gitlab-rails/public
  * execute[clear the gitlab-rails cache] action nothing (skipped due to action :nothing)
  * bash[generate assets] action nothing (skipped due to action :nothing)
  * file[/var/opt/gitlab/gitlab-rails/config.ru] action delete (up to date)
Recipe: gitlab::gitlab-ci-proxying
  * template[/var/opt/gitlab/nginx/conf/gitlab-ci-http.conf] action delete (up to date)
Recipe: gitlab::selinux
  * execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] action runDisabled
 (skipped due to not_if)
Recipe: gitlab::add_trusted_certs
  * directory[/etc/gitlab/ssl/trusted-certs] action create (up to date)
  * directory[/opt/gitlab/embedded/ssl/certs] action create (up to date)
  * file[/opt/gitlab/embedded/ssl/certs/README] action create (up to date)
  * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run

  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs
ERROR: /opt/gitlab/embedded/ssl/certs/pecacert.pem: OpenSSL error: nested asn1 error!


    ================================================================================
    Error executing action `run` on resource 'ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs]'
    ================================================================================

    RuntimeError
    ------------
    ERROR: Not a certificate: /opt/gitlab/embedded/ssl/certs/pecacert.pem / /opt/gitlab/embedded/ssl/certs/pecacert.pem

    Cookbook Trace:
    ---------------
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:514:in `raise_msg'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:460:in `block in move_existing_certificates'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:453:in `glob'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/libraries/helper.rb:453:in `move_existing_certificates'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb:31:in `block (2 levels) in from_file'

    Resource Declaration:
    ---------------------
    # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb

     28: ruby_block "Move existing certs and link to #{ssl_certs_dir}" do
     29:   block do
     30:     puts "\n\n  * Moving existing certificates found in #{ssl_certs_dir}\n"
     31:     cert_helper.move_existing_certificates
     32:     puts "\n  * Symlinking existing certificates found in #{trusted_certs_dir}\n"
     33:     cert_helper.link_certificates
     34:   end
     35:   only_if { cert_helper.new_certificate_added? }
     36:   notifies :restart, "service[unicorn]"
     37: end

    Compiled Resource:
    ------------------
    # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/add_trusted_certs.rb:28:in `from_file'

    ruby_block("Move existing certs and link to /opt/gitlab/embedded/ssl/certs") do
      action [:run]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      block_name "Move existing certs and link to /opt/gitlab/embedded/ssl/certs"
      declared_type :ruby_block
      cookbook_name "gitlab"
      recipe_name "add_trusted_certs"
      block #
      only_if { #code block }
    end


Running handlers:
Running handlers complete
Chef Client failed. 1 resources updated in 16 seconds

So the problem is that re-configure (an upgrade performs a reconfigure) failed leaving the gitlab service down... So the problem was moving the certificates. GitLab was now fixed by copying the certificates by hand into the required location and (re)moving the source directory:

[root@gitlab ~]# cd /opt/gitlab/embedded/ssl/certs/
[root@gitlab certs]# ls -la
total 256
drwxr-xr-x. 2 root root     55 Jun 24 10:03 .
drwxr-xr-x. 5 root root     76 Jun 23 03:45 ..
-rw-r--r--  1 root root 252499 Jun 22 11:05 cacert.pem
-rw-r--r--  1 root root    800 Apr  4 19:47 pecacert.pem
-rw-r--r--  1 root root    151 Jun 23 03:46 README
[root@gitlab certs]# cat README
This directory is managed by omnibus-gitlab.
 Any file placed in this directory will be ignored
. Place certificates in /etc/gitlab/ssl/trusted-certs.

[root@gitlab certs]# cp /opt/gitlab/embedded/ssl/certs/* /etc/gitlab/ssl/trusted-certs

[root@gitlab ssl]# mv certs certs.son
[root@gitlab ssl]# gitlab-ctl reconfigure
Starting Chef Client, version 12.6.0
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
  - runit (0.14.2)
  - package (0.0.0)
  - gitlab (0.0.1)
Compiling Cookbooks...
Recipe: gitlab::default
  * directory[/etc/gitlab] action create (up to date)
/sbin/init: unrecognized option '--version'


[successful reconfigure detail snipped]


Recipe: gitlab::add_trusted_certs
  * directory[/etc/gitlab/ssl/trusted-certs] action create (up to date)
  * directory[/opt/gitlab/embedded/ssl/certs] action create
    - create new directory /opt/gitlab/embedded/ssl/certs
    - change mode from '' to '0755'
  * file[/opt/gitlab/embedded/ssl/certs/README] action create
    - create new file /opt/gitlab/embedded/ssl/certs/README
    - update content in file /opt/gitlab/embedded/ssl/certs/README from none to e09a2d
    --- /opt/gitlab/embedded/ssl/certs/README   2016-06-24 10:14:17.275761125 +0100
    +++ /opt/gitlab/embedded/ssl/certs/.README20160624-29376-1q3bw7j    2016-06-24 10:14:17.275761125 +0100
    @@ -1 +1,4 @@
    +This directory is managed by omnibus-gitlab.
    + Any file placed in this directory will be ignored
    +. Place certificates in /etc/gitlab/ssl/trusted-certs.
    - change mode from '' to '0644'
  * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run

  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs

  * Symlinking existing certificates found in /etc/gitlab/ssl/trusted-certs

 Skipping /etc/gitlab/ssl/trusted-certs/cacert.pem.

 Skipping /etc/gitlab/ssl/trusted-certs/pecacert.pem.

 Skipping /etc/gitlab/ssl/trusted-certs/README.


[successful reconfigure detail snipped]


    - execute "bash"  "/tmp/chef-script20160624-29376-v5yl6q"
Recipe: gitlab::gitlab-rails
  * execute[clear the gitlab-rails cache] action run
    - execute /opt/gitlab/bin/gitlab-rake cache:clear
Recipe: gitlab::unicorn
  * service[unicorn] action restart
    - restart service service[unicorn]
Recipe: gitlab::sidekiq
  * service[sidekiq] action restart
    - restart service service[sidekiq]
Recipe: gitlab::unicorn
  * service[unicorn] action restart
    - restart service service[unicorn]
Recipe: gitlab::gitlab-workhorse
  * service[gitlab-workhorse] action restart
    - restart service service[gitlab-workhorse]
Recipe: gitlab::nginx
  * service[nginx] action restart
    - restart service service[nginx]

Running handlers:
Running handlers complete
Chef Client finished, 22/294 resources updated in 43 seconds
gitlab Reconfigured!

Service is up and running and login is just fine!

Friday, 13 May 2016

Shrinking filesystems with LVM - CentOS

So you have run out of space on one of your LVM volumes, but there's another volume with too much space that's not being used. You need to shrink one and grow the other! First thing first! DO NOT SHRINK A (LVM) VOLUME WITHOUT resizing the FILESYSTEM first! Your data (filesystem) will be screwed! So let's have a go. Here will have a full volume /filetek/sth/sthdbs, and we have a volume being used as a mount point with too much space /filetek. We need to shrink /filetek and expand /filetek/sth/sthdbs.

root@server /
$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root
                      969M  526M  394M  58% /
/dev/sda1             190M   85M   96M  47% /boot
/dev/mapper/volg0-home
                      4.7G  173M  4.3G   4% /home
/dev/mapper/volg0-usr
                      3.8G 1018M  2.6G  28% /usr
/dev/mapper/volg0-var
                      3.8G  470M  3.2G  13% /var
/dev/mapper/volg1-filetek
                      197G  9.4G  178G   6% /filetek
/dev/mapper/volg1-filetek--tmp
                       50G   52M   47G   1% /filetek/tmp
/dev/mapper/volg1-filetek--jrnl1
                       50G  885M   46G   2% /filetek/jrnl1
/dev/mapper/volg1-filetek--sthdbs
                      1.0T  970G  1.7G 100% /filetek/sth/sthdbs
/dev/mapper/volg1-filetek2
                      197G  1.6G  186G   1% /filetek2
/dev/mapper/volg1-filetek2--tmp2
                       50G   52M   47G   1% /filetek2/tmp2
/dev/mapper/volg1-filetek--jrnl2
                       50G  885M   46G   2% /filetek2/jrnl2

Let's umount all the volumes involved:

root@server ~
$ umount /filetek/tmp /filetek/jrnl1 /filetek/sth/sthdbs
root@server ~
$ umount /filetek

Let's resize (shrink) /filetek to 32GB by fsck'ing it first:

root@server ~
$ fsck -f /dev/mapper/volg1-filetek
fsck from util-linux-ng 2.17.2
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
filetek: 2119/13107200 files (2.1% non-contiguous), 3307507/52428800 blocks

Using resize2fs:

root@server ~
$ resize2fs /dev/mapper/volg1-filetek 32G
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/mapper/volg1-filetek to 8388608 (4k) blocks.
The filesystem on /dev/mapper/volg1-filetek is now 8388608 blocks long.

Now we can safely reduce the LVM volume size with the lvreduce command:

root@server ~
$ lvreduce -L 40G /dev/mapper/volg1-filetek
  WARNING: Reducing active logical volume to 40.00 GiB
  THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce filetek? [y/n]: y
  Size of logical volume volg1/filetek changed from 200.00 GiB (51200 extents) to 40.00 GiB (10240 extents).
  Logical volume filetek successfully resized

All, very good so let's expand our volume that has run out of space:

root@server ~
$ lvextend --size +200G /dev/mapper/volg1-filetek--sthdbs
  Size of logical volume volg1/filetek-sthdbs changed from 1.02 TiB (266240 extents) to 1.21 TiB (317440 extents).
  Logical volume filetek-sthdbs successfully resized

Now we need to grow the filesystem, but first let's fsck (e2fsck) it:

root@server ~
$ e2fsck -f /dev/mapper/volg1-filetek--sthdbs
e2fsck 1.41.12 (17-May-2010)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
filetek-sthdbs: 1170/68157440 files (21.9% non-contiguous), 258555686/272629760 blocks

root@server ~
$ resize2fs /dev/mapper/volg1-filetek--sthdbs
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/mapper/volg1-filetek--sthdbs to 325058560 (4k) blocks.
The filesystem on /dev/mapper/volg1-filetek--sthdbs is now 325058560 blocks long.

Let's re-mount both filesystems to file all is good!

root@server ~
$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root
                      969M  526M  394M  58% /
/dev/sda1             190M   85M   96M  47% /boot
/dev/mapper/volg0-home
                      4.7G  173M  4.3G   4% /home
/dev/mapper/volg0-usr
                      3.8G 1018M  2.6G  28% /usr
/dev/mapper/volg0-var
                      3.8G  470M  3.2G  13% /var
/dev/mapper/volg1-filetek2
                       32G  1.6G   29G   6% /filetek2
/dev/mapper/volg1-filetek--tmp
                       50G   52M   47G   1% /filetek/tmp
/dev/mapper/volg1-filetek--jrnl1
                       50G  885M   46G   2% /filetek/jrnl1
/dev/mapper/volg1-filetek2--tmp2
                       50G   52M   47G   1% /filetek2/tmp2
/dev/mapper/volg1-filetek--jrnl2
                       50G  885M   46G   2% /filetek2/jrnl2
/dev/mapper/volg1-filetek
                       32G  9.4G   21G  32% /filetek
/dev/mapper/volg1-filetek--sthdbs
                      1.2T  970G  189G  84% /filetek/sth/sthdbs

Tuesday, 10 May 2016

Resizing Filesystems with LVM - CentOS 7

See how much space is available on physical disk:

[root@centos ~]# pvs
  PV         VG    Fmt  Attr PSize   PFree
  /dev/sda2  volg0 lvm2 a--  199.00g 21.00g

See what sizes your logical volumes are:
[root@centos ~]# lvs
  LV   VG    Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home volg0 -wi-ao---- 16.00g
  opt  volg0 -wi-ao---- 32.00g
  root volg0 -wi-ao---- 32.00g
  swap volg0 -wi-ao---- 66.00g
  var  volg0 -wi-ao---- 32.00g

See what size your filesystems are:

[root@centos ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root   32G  1.2G   29G   4% /
devtmpfs                 32G     0   32G   0% /dev
tmpfs                    32G     0   32G   0% /dev/shm
tmpfs                    32G  9.0M   32G   1% /run
tmpfs                    32G     0   32G   0% /sys/fs/cgroup
/dev/sda1               976M  129M  796M  14% /boot
/dev/mapper/volg0-home   16G   45M   15G   1% /home
/dev/mapper/volg0-var    32G  172M   30G   1% /var
/dev/mapper/volg0-opt    32G   49M   30G   1% /opt
tmpfs                   6.3G     0  6.3G   0% /run/user/0

Resize your logical volume - in this case /var adding 10G to current 32G = 42G:

[root@centos ~]# lvresize -L 42G /dev/mapper/volg0-var
  Size of logical volume volg0/var changed from 32.00 GiB (8192 extents) to 42.00 GiB (10752 extents).
  Logical volume var successfully resized.

Underlining volume is expanded, but not filesystem on top:

[root@centos ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root   32G  1.2G   29G   4% /
devtmpfs                 32G     0   32G   0% /dev
tmpfs                    32G     0   32G   0% /dev/shm
tmpfs                    32G  9.0M   32G   1% /run
tmpfs                    32G     0   32G   0% /sys/fs/cgroup
/dev/sda1               976M  129M  796M  14% /boot
/dev/mapper/volg0-home   16G   45M   15G   1% /home
/dev/mapper/volg0-var    32G  172M   30G   1% /var
/dev/mapper/volg0-opt    32G   49M   30G   1% /opt
tmpfs                   6.3G     0  6.3G   0% /run/user/0

So resize filesystem on top:

[root@centos ~]# resize2fs /dev/mapper/volg0-var
resize2fs 1.42.9 (28-Dec-2013)
Filesystem at /dev/mapper/volg0-var is mounted on /var; on-line resizing required
old_desc_blocks = 4, new_desc_blocks = 6
The filesystem on /dev/mapper/volg0-var is now 11010048 blocks long.

See now filesystem is 42GB in size:

[root@centos ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/volg0-root   32G  1.2G   29G   4% /
devtmpfs                 32G     0   32G   0% /dev
tmpfs                    32G     0   32G   0% /dev/shm
tmpfs                    32G  9.0M   32G   1% /run
tmpfs                    32G     0   32G   0% /sys/fs/cgroup
/dev/sda1               976M  129M  796M  14% /boot
/dev/mapper/volg0-home   16G   45M   15G   1% /home
/dev/mapper/volg0-var    42G  172M   40G   1% /var
/dev/mapper/volg0-opt    32G   49M   30G   1% /opt
tmpfs                   6.3G     0  6.3G   0% /run/user/0

Job done:

[root@centos ~]#

Wednesday, 20 April 2016

Stop logging F5 probes - Apache 2

The log format for Apache to log real IP of requests on the F5 (make sure X-Forwarding is enabled) is:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" combined

To tell Apache not to log the probes from the F5 (which is needed for loadbalancing) is to have these directives:

SetEnvIf Remote_Addr IP_range_or_specific_IP dontlog

So IP_range_or_specific_IP is the regex in quotes, e.g "192\.168\.1\." for range and "192\.168\.1\.42" for IP. You will also need this setting on the statement that does the logging:

CustomLog "logs/access_log" combined env=!dontlog

Restart Apache with the graceful command.

Thursday, 14 April 2016

Error: /sbin/mingetty: hvc0: cannot open tty: No such device or address - CentOS 6

I get this annoying error message on some of my servers which fills up the /var/log/messages file. My solution for this is to edit the /etc/sysconfig/init file, removing it on this line:

# What ttys should gettys be started on?
ACTIVE_CONSOLES="/dev/tty[1-6] /dev/hvc0"

You will need to reboot to make the messages go away! Restarting init using 'telinit u' is not enough! Or you can just create the device file using mknod!

# mknod -m 600 /dev/hvc0 c 5 1

Thursday, 31 March 2016

Resizing VM system disk - LVM Partition 1 does not start on physical sector boundary - CentOS 7

So you have a virtual machine and you've just expanded your virtual disk, log on to your CentOS Linux system and performed a fdisk -l to find this error:

# fdisk -l

Disk /dev/sda: 236.2 GB, 236223201280 bytes, 461373440 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: dos
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1   209715199   104857599+  ee  GPT
Partition 1 does not start on physical sector boundary.

Disk /dev/mapper/centos-root: 34.4 GB, 34359738368 bytes, 67108864 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-swap: 4294 MB, 4294967296 bytes, 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-tmp: 4294 MB, 4294967296 bytes, 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-var: 34.4 GB, 34359738368 bytes, 67108864 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-opt: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-home: 7507 MB, 7507804160 bytes, 14663680 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Knowing that you have an /dev/sda2 and /dev/sda3 and want to create an /dev/sda4 but how? Install parted, and use this to fix the disk you've just expanded:

# parted
GNU Parted 3.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Error: The backup GPT table is not at the end of the disk, as it should be.  This might mean that another operating system believes the disk is smaller.  Fix, by
moving the backup to the end (and removing the old backup)?
Fix/Ignore/Cancel? Fix
Warning: Not all of the space available to /dev/sda appears to be used, you can fix the GPT to use all of the space (an extra 251658240 blocks) or continue with the
current setting?
Fix/Ignore? Fix
Model: Msft Virtual Disk (scsi)
Disk /dev/sda: 236GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size   File system  Name                  Flags
 1      1049kB  538MB   537MB  ext4
 2      538MB   1075MB  537MB  fat16        EFI System Partition  boot
 3      1075MB  107GB   106GB                                     lvm

(parted) q

Now you can see all three partitions and so will be able to create the fourth:

# fdisk /dev/sda
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): p

Disk /dev/sda: 236.2 GB, 236223201280 bytes, 461373440 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: gpt


#         Start          End    Size  Type            Name
 1         2048      1050623    512M  Microsoft basic
 2      1050624      2099199    512M  EFI System      EFI System Partition
 3      2099200    209713151     99G  Linux LVM

Command (m for help): n
Partition number (4-128, default 4):
First sector (34-461373406, default 209713152):
Last sector, +sectors or +size{K,M,G,T,P} (209713152-461373406, default 461373406):
Created partition 4


Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Now you have created the forth partition, you can see it with the fdisk -l command:

[root@troi st14988]# fdisk -l
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.

Disk /dev/sda: 236.2 GB, 236223201280 bytes, 461373440 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: gpt


#         Start          End    Size  Type            Name
 1         2048      1050623    512M  Microsoft basic
 2      1050624      2099199    512M  EFI System      EFI System Partition
 3      2099200    209713151     99G  Linux LVM
 4    209713152    461373406    120G  Linux filesyste

Disk /dev/mapper/centos-root: 34.4 GB, 34359738368 bytes, 67108864 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-swap: 4294 MB, 4294967296 bytes, 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-tmp: 4294 MB, 4294967296 bytes, 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-var: 34.4 GB, 34359738368 bytes, 67108864 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-opt: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes


Disk /dev/mapper/centos-home: 7507 MB, 7507804160 bytes, 14663680 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes

Once you have rebooted for the new partition table to take effect, you can add the new partition to the LVM volume group to extend the logical volumes you need to grow/resize:

# vgs
  VG     #PV #LV #SN Attr   VSize  VFree
  centos   1   6   0 wz--n- 99.00g 4.00m

# vgextend centos /dev/sda4
  Physical volume "/dev/sda4" successfully created
  Volume group "centos" successfully extended

# vgs
  VG     #PV #LV #SN Attr   VSize   VFree
  centos   2   6   0 wz--n- 218.99g 120.00g

Now that you have more space, we can extend any of our logical volumes we want:

# lvs
  LV   VG     Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home centos -wi-ao----  6.99g
  opt  centos -wi-ao---- 20.00g
  root centos -wi-ao---- 32.00g
  swap centos -wi-ao----  4.00g
  tmp  centos -wi-ao----  4.00g
  var  centos -wi-ao---- 32.00g

# lvextend -L +100G centos/opt
  Size of logical volume centos/opt changed from 20.00 GiB (5120 extents) to 120.00 GiB (30720 extents).
  Logical volume opt successfully resized.

# lvs
  LV   VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home centos -wi-ao----   6.99g
  opt  centos -wi-ao---- 120.00g
  root centos -wi-ao----  32.00g
  swap centos -wi-ao----   4.00g
  tmp  centos -wi-ao----   4.00g
  var  centos -wi-ao----  32.00g

# lvextend centos/home -l+100%FREE
  Size of logical volume centos/home changed from 6.99 GiB (1790 extents) to 26.99 GiB (6910 extents).
  Logical volume home successfully resized.

# lvs
  LV   VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home centos -wi-ao----  26.99g
  opt  centos -wi-ao---- 120.00g
  root centos -wi-ao----  32.00g
  swap centos -wi-ao----   4.00g
  tmp  centos -wi-ao----   4.00g
  var  centos -wi-ao----  32.00g

Thursday, 3 March 2016

MongoDB won't start - ERROR: dbpath (/data/db) does not exist.

For some reason - due to a bug probably - mongodb (or mongod) database won't start on default install because it is referencing the running direction /data/db to create a lock file. This error occurs even if you set the dbpath in /etc/mongod.conf to somewhere else (default installation says: /var/lib/mongodb). To fix this, simply create a simlink or the directory /data/db itself!

# service mongod start
Redirecting to /bin/systemctl start  mongod.service
Job for mongod.service failed because the control process exited with error code. See "systemctl status mongod.service" and "journalctl -xe" for details.
# systemctl status mongod.service
● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2016-03-03 09:50:01 GMT; 6s ago
  Process: 21502 ExecStart=/usr/bin/mongod $OPTIONS run (code=exited, status=45)

Mar 03 09:50:01 p0 systemd[1]: Starting High-performance, schema-free document-oriented database...
Mar 03 09:50:01 p0 mongod[21502]: about to fork child process, waiting until server is ready for connections.
Mar 03 09:50:01 p0 mongod[21502]: forked process: 21504
Mar 03 09:50:01 p0 mongod[21502]: ERROR: child process failed, exited with error number 45
Mar 03 09:50:01 p0 systemd[1]: mongod.service: control process exited, code=exited status=45
Mar 03 09:50:01 p0 systemd[1]: Failed to start High-performance, schema-free document-oriented database.
Mar 03 09:50:01 p0 systemd[1]: Unit mongod.service entered failed state.
Mar 03 09:50:01 p0 systemd[1]: mongod.service failed.

# mongod --repair
2016-03-03T09:55:49.905+0000 [initandlisten] MongoDB starting : pid=21520 port=27017 dbpath=/data/db 64-bit host=comp-sscm-p0
2016-03-03T09:55:49.906+0000 [initandlisten] db version v2.6.11
2016-03-03T09:55:49.906+0000 [initandlisten] git version: nogitversion
2016-03-03T09:55:49.906+0000 [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2016-03-03T09:55:49.906+0000 [initandlisten] build info: Linux buildvm-08.phx2.fedoraproject.org 4.1.4-100.fc21.x86_64 #1 SMP Tue Aug 4 03:25:05 UTC 2015 x86_64 BOOST_LIB_VERSION=1_53
2016-03-03T09:55:49.906+0000 [initandlisten] allocator: tcmalloc
2016-03-03T09:55:49.906+0000 [initandlisten] options: { repair: true }
2016-03-03T09:55:49.906+0000 [initandlisten] exception in initAndListen: 10296
*********************************************************************
 ERROR: dbpath (/data/db) does not exist.
 Create this directory or give existing directory in --dbpath.
 See http://dochub.mongodb.org/core/startingandstoppingmongo
*********************************************************************
, terminating
2016-03-03T09:55:49.906+0000 [initandlisten] dbexit:
2016-03-03T09:55:49.906+0000 [initandlisten] shutdown: going to close listening sockets...
2016-03-03T09:55:49.906+0000 [initandlisten] shutdown: going to flush diaglog...
2016-03-03T09:55:49.906+0000 [initandlisten] shutdown: going to close sockets...
2016-03-03T09:55:49.906+0000 [initandlisten] shutdown: waiting for fs preallocator...
2016-03-03T09:55:49.906+0000 [initandlisten] shutdown: closing all files...
2016-03-03T09:55:49.906+0000 [initandlisten] closeAllFiles() finished
2016-03-03T09:55:49.906+0000 [initandlisten] dbexit: really exiting now

# mkdir /data
# ln -s /var/lib/mongodb /data/db

# mkdir -p /data/db
# chown mongodb:mongodb /data/db

# service mongod start
Redirecting to /bin/systemctl start  mongod.service
# systemctl status mongod.service
● mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2016-03-03 09:58:15 GMT; 55s ago
  Process: 21863 ExecStart=/usr/bin/mongod $OPTIONS run (code=exited, status=0/SUCCESS)
 Main PID: 21865 (mongod)
   CGroup: /system.slice/mongod.service
           └─21865 /usr/bin/mongod --quiet -f /etc/mongod.conf run

Mar 03 09:58:15 p0 systemd[1]: Starting High-performance, schema-free document-oriented database...
Mar 03 09:58:15 p0 mongod[21863]: about to fork child process, waiting until server is ready for connections.
Mar 03 09:58:15 p0 mongod[21863]: forked process: 21865
Mar 03 09:58:15 p0 systemd[1]: Started High-performance, schema-free document-oriented database.
Mar 03 09:58:58 p0 systemd[1]: Started High-performance, schema-free document-oriented database.