Wednesday, 29 March 2017

Centos 7 - systemd messages flooding logs

The systemd process floods /var/log/messages with notifications whenever a user logs in or a cron job runs.

Mar 27 03:40:01 einstein systemd: Created slice user-0.slice.
Mar 27 03:40:01 einstein systemd: Starting user-0.slice.
Mar 27 03:40:01 einstein systemd: Started Session 1317 of user root.
Mar 27 03:40:01 einstein systemd: Starting Session 1317 of user root.
Mar 27 03:40:01 einstein systemd: Removed slice user-0.slice.
Mar 27 03:40:01 einstein systemd: Stopping user-0.slice.



Given sar runs every 10 minutes there is a lot of crud in the messages file.

You can create a filter for rsyslogd to tell it to junk the messages:

echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Removed slice user-" or $msg contains "Stopping user-") then stop' >/etc/rsyslog.d/ignore-systemd-session-slice.conf

systemctl restart rsyslog.service 


I take no credit for this, thanks to this article on the excellent Redhat Knowledgebase.
(I slightly adapted the solution to include the Removed & Stopping messages too) 

Saturday, 18 March 2017

Moving up to Centos 7

So I finally upgraded my entire setup to Centos 7 (7.3 to be precise).
Here are some useful notes

By default I do a minimal installation and add what I need. A few extra packages I always add:
epel-release, acpid, net-tools, bash-completion, bash-completion-extras, xauth

ntpd is replaced with chrony. /etc/chrony.conf is the config file and use chronyc sourcestats to see what's going on (equivalent of ntpq --peers)

systemd replaces init.d startup, here are some useful commands. (Because you've installed bash-completion you can hit tab to figure out the service names)
  • systemctl start/stop/status <service> (equiv of service start/stop/status)
  • systemctl enable/disable <service> (equiv of chkconfig off/on)
  • systemctl daemon-reload (if you edit services will reload configs)
  • /usr/lib/systemd/system is the dir containing the service definitions
  • systemctl list-units
  • systemctl list-unit-files (show state of all services, including those that have failed)
firewalld replaces iptables as the default firewall, here's some helpful stuff:
  • By default the public profile is active, this is fine add necessary ports to this
  • For neatness, if an app needs multiple ports create a service definition and let that through
  • New services are created in /etc/firewalld/services
  • firewall-cmd --list-all (show current config)
  • firewall-cmd --list-services (show only services allowed through firewall)
  • firewall-cmd --info-service <service> (show ports in a service)
  • firewall-cmd --permanent --add-service=<new service> (add service to config)
  • systemctl restart firewalld.service

New default disk format is xfs. Be aware xfs partitions can be grown but not shrunk but the metadata takes less space so are more efficient.
You no longer need to specify -cu options to fdisk, they are now default.

Finally a couple of notes just for the hypervisor:

Install the HP stuff; hp-ams, hp-health & hponcfg

Configure the libvirt-guests service to ensure guests startup & shutdown when the hypervisor does. Ensure the ON_SHUTDOWN=shutdown option is set otherwise guests will suspend which takes an age as it suspends to the USB stick.

rngd is broken and won't start but is easily fixable. Thanks to this website for showing me how.
In essence, the daemon needs "-r /dev/urandom" to tell it to use the correct random device.

When creating your raid configuration in mdadm.conf add MAILADDR <email> as an option to allow mdadm daemon to email you when there is a disk problem. This will also stop the mdmonitor service from throwing a warning on startup.

To import the virtual machines it's better to create them as brand new guests pointing at the original lvm disks rather than importing the xml configs. This will ensure QEMU configures them optimally for Centos 7. The new virt-manager is improved and makes this easy.

Friday, 17 March 2017

Backing Up My Hypervisor - the return

Following on from my previous post on this my hypervisor has been upgraded to Centos 7.3.

REAR is still working well for the backups, here's a few optimisations worth noting....

My new /etc/rear/local.conf:

TMPDIR="/backup/tmp"
export TMPDIR
OUTPUT=ISO
OUTPUT_URL=null
ISO_DIR="/backup/host"
BACKUP=NETFS
BACKUP_URL=file:///backup/host
BACKUP_PROG_EXCLUDE=("${BACKUP_PROG_EXCLUDE[@]}" '/media' '/var/tmp' '/var/crash')
EXCLUDE_RECREATE=( "${EXCLUDE_RECREATE[@]}" "fs:/isos" )

The TMPDIR makes REAR use my backup disk rather than /tmp on the very slow USB stick for creating the backup before moving it to /backup/host/einstein
OUTPUT_URL & ISO_DIR also stop REAR creating the rescue ISO on the USB stick and then copying it over. It's created direct into /backup/host


Recovery is as before. Don't be put off by these warnings, it will still work.
initramfs creation for Kernel 3.10.0-514.10.2.el7.x86_64 failed
You also wont need to recreate the ISO mount point or modify fstab. Everything just works.


Regarding recovery to a larger disk. A simpler solution is to just edit the disk size line in /var/lib/rear/layout/disklayout.conf with the size of the new disk. This will make REAR think the disk matches the original and it will restore without further modification. It will only use the original partition table so the extra space is wasted but for these purposes that's good enough.
disk /dev/sdc 7864320000 msdos
(A 16GB stick would be 16018046976)