Pages

Monday, October 6, 2014

Controlling Shell-Fork-Bombing in linux User's

ulimit: Provides control over the resources available to the  shell  and to  processes started by it, on systems that allow such control. The -H and -S options specify that the hard or soft limit is set for  the  given resource.  A hard limit cannot be increased by a non-root user once it is set; a soft limit may be  increased  up to  the value of the hard limit.  If neither -H nor -S is speci- fied, both the soft and hard limits are set.  The value of limit can be a number in the unit specified for the resource or one of the special values hard, soft, or unlimited, which stand for the current  hard  limit,  the  current  soft  limit,  and no limit, respectively.  If limit is omitted, the  current  value  of  the soft  limit  of the resource is printed, unless the -H option is given.  When more than one resource is specified, the limit name and unit are printed before the value. 

 Other options are inter-preted as follows:
-a     All current limits are reported
-b     The maximum socket buffer size
-c     The maximum size of core files created
-d     The maximum size of a process’s data segment
-e     The maximum scheduling priority ("nice")
-f     The maximum size of files written by the  shell  and  its children
-i     The maximum number of pending signals
-l     The maximum size that may be locked into memory
-m     The  maximum resident set size (many systems do not honor this limit)
-n     The maximum number of open file descriptors (most systems do not allow this value to be set)
-p     The pipe size in 512-byte blocks (this may not be set)
-q     The maximum number of bytes in POSIX message queues
-r     The maximum real-time scheduling priority
-s     The maximum stack size
-t     The maximum amount of cpu time in seconds
-u     The maximum number of processes available to a single user
-v     The maximum amount of virtual memory available to the shell
-x     The maximum number of file locks
-T     The maximum number of threads

You can add the following to bashrc file for protecting the local shell users from fork bomb attack.

#unlimit so we can run the whoami
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null

LIMITUSER=$USER
if [ -e "/usr/bin/whoami" ]; then
        LIMITUSER=`/usr/bin/whoami`
fi
if [ "$LIMITUSER" != "root" ]; then
        ulimit -n 100 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
else
        ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
fi

Nova issue with deleting Vm

We can delete the nova instance which are in error/deleting state by following the steps mentioned below.

Get the instance ID from command “nova list ” and reset the state using “nova reset-state <ID>” command

nova list

[root@controller1 ~]# nova list
+--------------------------------------+-----------------+--------+------------+-------------+----------------------------------------------+
| ID                                   | Name            | Status | Task State | Power State | Networks                                     |
+--------------------------------------+-----------------+--------+------------+-------------+----------------------------------------------+
| 0ccfa148-97de-4be9-b85d-4283037746b1 | Ha-Porxy-F5     | ACTIVE | -          | Running     | Trusted-Internal-NIC=10.0.0.157, 10.1.15.140 |
| e61a759d-528c-423b-bb24-dcf7e3a5618e | Ha-Porxy-Mysql  | ACTIVE | -          | Running     | Trusted-Internal-NIC=10.0.0.158, 10.1.15.139 |

nova reset-state 0ccfa148-97de-4be9-b85d-4283037746b1


You can also use the --active parameter to force the instance back to an active state instead of an error state. For example:

$ nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485

Sunday, October 5, 2014

Neutron check Commands

To list all the virtual routers and dhcp server
>> ip netns ls

[root@neutronww1 ~]# ip netns
qrouter-641ca25a-7832-4818-b7ww5b-559c8f75ba5c
qdhcp-71ed8a34-a2d5-4d84-9dww47-e5e107dd8d7e
qdhcp-35a33370-d641-4dca-9wwdab-4ac2d9ffc7c6
qdhcp-e0b51c09-57dd-4b3a-a1ww1f-c83903d52e4d
qrouter-3b7f1bcc-0c95-47d7-a2ww17-9fe2aef7f0c0
qrouter-ac17d3c5-9bf4-4788-b2www6c-ca8aa249613b
[root@neutron1 ~]#

Here the virtual routers are once which start with extension qrouter and dhcp server are those which start with extension qdhcp.


To get more details about the virtual routers and dhcp server we can use following command

>>[root@n1 ~]# ip netns exec <virtual router/dhcp server IP from ip netns command> <network command>

Examples

ip netns exec qrouter-641ca25a-7832-4818-b7ww5b-559c8f75ba5c ip a
ip netns exec qrouter-641ca25a-7832-4818-b7www5b-559c8f75ba5c ifconfig
ip netns exec qrouter-641ca25a-7832-4818-b7www5b-559c8f75ba5c route -n
ip netns exec qrouter-641ca25a-7832-4818-bwww75b-559c8f75ba5c ping

In the above examples we use the commands like “ip a”, “ifconfig” and “route” to list different parameters of the virtual router and dhcp server.  We can use the route command to add up more routing rules if needed.  There we can use the commands like ip, ifconfig, route, ping etc just as we use it on the physical system. To tweak/troubleshoot the entire system.