Extend encrypted LVM By adding new physical disk

2014-01-23 / Linux, SAN, VMWare / 0 Comments

1. Verify the volume group and the logical volume name:

pvdisplay
lvdisplay

2. Add a new hard disk device to add to the volume group (in this example /dev/sdd):


pvcreate /dev/sdd
vgextend existing_volume_group /dev/sdd

3. After extending the volume group, extend the underlying Logical Volume (500GB):


sudo lvextend -L+500G /dev/existing_volume_group/logicalvolume_data

4. Resize the Crypt:

sudo cryptsetup resize /dev/mapper/

5. Resize filesystem:

sudo resize2fs /dev/mapper/

Read More

Ubuntu 12 LIO iSCSI Target with SCSI-3

2012-08-14 / Linux, SAN, Server / 0 Comments

Problem:
Needed a quick solution to add storage to a failover cluster in a lab environment. LIO iSCSI supports scsi-3 persistent reservation iscsi. I decided to go with this solution.

Solution:

1. Install Ubuntu
install ubuntu
apt-get update
apt-get upgrade
apt-get install lio-utils

2. configure lio

attach additional storage to your ubuntu server. The following configuration can be used via command line first to test. Once everything is working you can make it static by modifying the files listed.

a. setup your devices to be used.

nano /etc/target/tcm_start.sh

tcm_node --block iblock_0/iscsiarray1 /dev/sdb
tcm_node --block iblock_0/iscsiarray2 /dev/sdc
tcm_node --block iblock_0/iscsiarray3 /dev/sdd
tcm_node --block iblock_0/iscsiarray4 /dev/sde

b. setup your iscsi target

nano /etc/target/lio_start.sh

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun1 1 1 iscsi01 iblock_0/iscsiarray1
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun1 1 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun1 1
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun1 1 iqn.2012.com.microsoft:uranus.galaxy.local 1 1
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun1 1 iqn.2012.com.microsoft:neptune.galaxy.local 1 1
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun1 1

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun2 2 2 iscsi02 iblock_0/iscsiarray2
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun2 2 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun2 2
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun2 2 iqn.2012.com.microsoft:uranus.galaxy.local 2 2
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun2 2 iqn.2012.com.microsoft:neptune.galaxy.local 2 2
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun2 2

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun3 3 3 iscsi03 iblock_0/iscsiarray3
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun3 3 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun3 3
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun3 3 iqn.2012.com.microsoft:uranus.galaxy.local 3 3
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun3 3 iqn.2012.com.microsoft:neptune.galaxy.local 3 3
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun3 3

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun4 4 4 iscsi04 iblock_0/iscsiarray4
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun4 4 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun4 4
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun4 4 iqn.2012.com.microsoft:uranus.galaxy.local 4 4
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun4 4 iqn.2012.com.microsoft:neptune.galaxy.local 4 4
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun4 4
Read More

Configure mediawiki for LDAP authentication with Microsoft active directory

2011-08-15 / Linux, Random, Server / 3 Comments

Problem:

Needed to enable  Microsoft Active Directory authentication to our internal mediawiki site.

Solution:

enable Ldapauthentication.php extension. modify localsettings.php file to include the following:

require_once( “$IP/extensions/LdapAuthentication/LdapAuthentication.php” );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( “ADSITE” );
$wgLDAPServerNames = array( “ADSITE”=>”wcp01xdc.ADSITE.local”  );
$wgLDAPBaseDNs = array( “ADSITE”=>”dc=ADSITE,dc=local” );
$wgLDAPSearchStrings = array(“ADSITE” => “ADSITE\\USER-NAME”);
$wgLDAPSearchAttributes = array( “ADSITE”=>”sAMAccountName” );
$wgLDAPLowerCaseUsername = array( “ADSITE”=>true );
$wgLDAPRequiredGroups = array( “ADSITE”=>array(“cn=information technology,ou=users,ou=information technology,ou=ADSITE,dc=ADSITE,dc=local”) );
$wgLDAPGroupUseFullDN = array( “ADSITE”=>true );
$wgLDAPGroupsUseMemberOf = array( “ADSITE”=>true );
$wgLDAPGroupObjectclass = array( “ADSITE”=>”group” );
$wgLDAPGroupAttribute = array( “ADSITE”=>”member” );
$wgLDAPGroupSearchNestedGroups = array( “ADSITE”=>true );
$wgLDAPGroupNameAttribute = array( “ADSITE”=>”cn” );
$wgLDAPPreferences = array( “ADSITE”=>true );
$wgLDAPDisableAutoCreate = array( “ADSITE”=>false );
$wgMinimalPasswordLength = 1;
$wgLDAPUseSSL = false;
$wgLDAPEncryptionType = array( “ADSITE”=>”clear” );
$wgUseLocal = false;
#$wgLDAPDebug = 99;
#$wgDebugLogGroups[“ldap”] = “/tmp/wikildapdebug.log” ;

Replace “ADSITE” with the name of your domain. It is currently setup for clear text authentication. After you get clear text authentication working you should enable tsl or ssl authentication if need be.

the setting $wgLDAPRequiredGroups is optional and is used to allow only certain groups to login the wiki. in this case “Information Technology”

Read More