≡ Menu

production environment

Are the Solid-State Drive Supported on Linux?

A solid-state drive (SSD) is a data storage device that uses solid-state memory to store persistent data. A SSD emulates a hard disk drive interface, thus easily replacing it in most applications. An SSD using SRAM or DRAM (instead of flash memory) is often called a RAM-drive.
[click to continue…]

Linux Is Supposed To Be Easy?

Linux is extremely powerful, robust and flexible, which means it must have a significant amount of complexity. Do you think I learnt everything in a day? I don't know who told you Linux was easy, many times other people make it harder than it has to be by thinking they need to understand everything at once.

Some Preliminary Advice

Some recommendations I would give you before you began with Linux:

  • Take it easy. Frustration makes things worse for everyone.
  • Never try anything for the first time in a production environment. Always use test environment. For example, iptables firewall or complex security configurations. Always use a test computer or virtual machine to test the various applications, configurations and settings. It will save lots of time. Recommended virtualization software - Vmware or Xen or VirtualBox
  • Another option is start your journey with with LiveCDs. See the list of all Linux, BSD, LiveCDs and LiveDVDs here.
  • Always refer to hardware compatible list (HCL) and kernel source documentation directory (/usr/src/linux/Documentation/) to check your hardware compatibility.
  • Learn to read and search command man pages and vi / vim text editor. Type vimtutor at a shell prompt. The Vimtutor is useful for people that want to learn their first Vim commands.
  • Don't try to set or create ultra secure servers / services on your first shot. Mess with test system couple times i.e. play for a while until you understand everything. Don't stress out for the perfect solution, it will slow you down.
  • Stay away from advanced stuff until you learn the basic stuff like, ssh, vi text editor, directory structure, log files, searching and greping files, network configuration, package management, patch management, troubleshooting techniques using host, ping, route, ifconfig and other tools.
  • Learn regex and text utilities such as sed, awk, grep and others. It will save lots of time in a long run.
  • Learn to customize your own login environment. This will give you good idea about many configuration options such as ftp, vi, Gnome, Kde, GUI tools and much more. Get a good Linux book, it will be a big help (see below for recommend books).
  • Don't hesitate to ask your questions on the forums and mailing lists. Also help others in the forums when you can. You will be supervised to find out how explaining stuff to someone else helps you understand it better.
  • Learn to automate stuff using shell scripts.
  • When you run into a problem with a configuration, make sure you read:
    • The man pages
    • The info pages
    • Read package README.txt, INSTALL.txt and other files stored in a current directory or /usr/share/doc/package-name directory.
  • Use google / yahoo search engines to do several searches with different terms. My personal experience you may get answer in the forums / websites / mailing lists. Only rarely have my problems not already been answered in the forums.
  • Subscribe to security alert mailing lists.
  • Learn to compile packages using make, configure and other build tools.
  • Once you learnt terminology and basic things, start configuring basic services such as Apache. They idea is simple start by getting something up and visible. Take a time to explore stuff and get comfortable with each service / servers. Always configure one service at a time and get familiar with them one at a time.
  • Don't compare Windows utilities / software with equivalent Linux software. Windows is not Linux or vise versa.
  • Don't try to replace Windows desktop with Linux desktop. Windows desktop has better applications stack. Similarly, Windows can't replace Linux. You need to consider various factors before migrating from Windows systems.
  • Gather experience.
  • Finally, always ignore flame wars such as 'vim vs emacs editor' or 'BSD vs Linux'.

Good Luck!

References / Recommend Readings:

Adarsh asks:

Can someone steal my PHP code or program without hacking my Linux box? Can someone snoop script over plain HTTP session?

Short answer is no. PHP is server side thingy.

However a misconfigured webserver can easily give out php file to all end users. You need to make sure that mod_php / mod_fastcgi loaded and correct MIME type is setup. To avoid such problem always test your server before moving to production environment. Most Linux distro configures both Apache and PHP out of box.

How do I stop downloading php source code?

The first step should be stopping a webserver.
# /etc/init.d/httpd stop
OR
# /etc/init.d/lighttpd stop

If you are using Lighttpd...

Next bind webserver to 127.0.0.1 for testing purpose. Open lighttpd websever config file and bind server address to 127.0.0.1
# vi /etc/lighttpd/lighttpd.conf
Bind to localhost/127.0.0.1:
server.bind = "127.0.0.1"
Start lighttpd:
# /etc/init.d/lighttpd start
Now follow these instructions to configure php as fastcgi module. Now test your configuration using url http://127.0.0.1/test.php. PHP should work on server. If not working, refer to server log file.

If you are using Apache...

Open httpd.conf file and bind apache to 127.0.0.1:
# vi httpd.conf
The Listen directive instructs Apache to listen to more than one IP address or port; by default it responds to requests on all IP interfaces, but only on the port given by the Port directive.
Listen 127.0.0.1:80
Start apache:
# /etc/init.d/httpd start
Now make sure php is installed use apt-get or rpm command to verify the same:
# rpm -qa | grep -i php
OR
# dpkg --list | grep -i php
If PHP is not installed just follow these instructions to install PHP. Next make sure httpd.conf or php.conf has following directives:
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php

Note: the path may differ in your setup. Now restart httpd:
# /etc/init.d/httpd restart
A sample php code:

<HTML><HEAD>PHP</TITLE></HEAD>
<BODY>
<?php   phpinfo(); ?>
</BODY>
</HTML>

Finally when php started to work properly, make sure you bind back a server IP address from 127.0.0.1 to public IP address.

Another option is keep your source code out of webroot and server all php requests from php application server using mod_proxy and multiple back-end servers.

LVM is an implementation of a logical volume manager for the Linux kernel. The biggest advantage is that LVM provides the ability to make a snapshot of any logical volume.

In a production environment many users access the same file (file is open) or database. Suppose you start backup process when a file is open, you will not get correct or updated copy of file i.e. inconsistent backup (see accurate definition of inconsistent backup).

Read-only partition - to avoid inconsistent backup

You need to mount partition as read only, so that no one can make changes to file and make a backup:
# umount /home
# mount -o ro /home
# tar -cvf /dev/st0 /home
# umount /home
# mount -o rw /home

As you see, the draw back is service remains unavailable during backup time to all end users. If you are using database then shutdown database server and make a backup.

Logical Volume Manager snapshot to avoid inconsistent backup

This solution will only work if you have created the partition with LVM. A snapshot volume is a special type of volume that presents all the data that was in the volume at the time the snapshot was created. This means you can back up that volume without having to worry about data being changed while the backup is going on, and you don't have to take the database volume offline while the backup is taking place.

# lvcreate -L1000M -s -n dbbackup /dev/ops/databases

Output:

lvcreate -- WARNING: the snapshot must be disabled if it gets full
lvcreate -- INFO: using default snapshot chunk size of 64 KB for "/dev/ops/dbbackup"
lvcreate -- doing automatic backup of "ops"
lvcreate -- logical volume "/dev/ops/dbbackup" successfully created

Create a mount-point and mount the volume:
# mkdir /mnt/ops/dbbackup
# mount /dev/ops/dbbackup /mnt/ops/dbbackup

Output:

mount: block device /dev/ops/dbbackup is write-protected, mounting read-only

Do the backup
# tar -cf /dev/st0 /mnt/ops/dbbackup

Now remove it:
# umount /mnt/ops/dbbackup
# lvremove /dev/ops/databases

Please note that LVM snapshots cannot be used with non-LVM filesystems i.e. you need LVM partitions. You can also use third party commercial proprietary (see below for discussion) or GPL backup solutions/software.

MySQL Backup: Using LVM File System Snapshot

Login to your MySQL server:
# mysql -u root -p
At mysql prompt type the following command to closes all open tables and locks all tables for all databases with a read lock until you explicitly release the lock by executing UNLOCK TABLES. This is very convenient way to get backups if you have a file system such as Veritas or Linux LVM or FreeBD UFS that can take snapshots in time.
mysql> flush tables with read lock;
mysql> flush logs;
mysql> quit;

Now type the following command (assuming that your MySQL DB is on /dev/vg01/mysql):
# lvcreate --snapshot –-size=1000M --name=backup /dev/vg01/mysql
Again, login to mysql:
# mysql -u root -p
Type the following to release the lock:
mysql> unlock tables;
mysql> quit;

Now, move backup to tape or other server:
# mkdir -p /mnt/mysql
# mount -o ro /dev/vg01/backup /mnt/mysql
# cd /mnt/mysql
# tar czvf mysql.$(date +"%m-%d%-%Y).tar.gz mysql
# umount /mnt/tmp
# lvremove -f /dev/vg01/backup

If you are using a Veritas file system, you can make a backup like this (quoting from the official MySQL documentation):

Login to mysql and lock the tables:
mysql> FLUSH TABLES WITH READ LOCK;
mysql> quit;

Type the following at a shell prompt
# mount vxfs snapshot
Now UNLOCK TABLES:
mysql> UNLOCK TABLES;
mysql> quit;

Copy files from the snapshot and unmount the snapshot.

Further reading: