Citrix Xenserver – Expanding Local Storage

Twice now, I have had the (dis)pleasure of expanding our local storage on a couple of XenServer boxes.  In a nutshell, here is how it works:

1.  Expand physical disk (add more RAID members, ect).  Use the procedure specific to your RAID card.

2.  Use fdisk to expand the partition your Local Storage resides on:

[root@vps1a ~]# pvscan
PV /dev/sda3 VG VG_XenStorage-4c69467e-0352-5bd4-3dee-e17cc18aee08 lvm2 [923.64 GB / 380.14 GB free]
Total: 1 [923.64 GB] / in use: 1 [923.64 GB] / in no VG: 0 [0 ]

Note the bold type to the left, /dev/sda3 is the partition we want to expand by deleting and re-adding to the maximum size in fdisk.  After you do this, you need to reboot so the OS will recognize the larger partition.  The bold type to the right is the UUID we need later.

3.  After rebooting, now we can expand the physical LVM volume:

pvresize /dev/sda3

4.  Now we tell XenServer that we increased the size, so you can actually use your extra space:

xe sr-scan uuid=4c69467e-0352-5bd4-3dee-e17cc18aee08

Note:  The UUID was discovered in step 2.

5.  All done!

Notes:  Rebooting the XenServer host is a real pain.  It can be avoided by adding your extra space as a separate partition or disk, then using vgextend to join the LVM physical volumes, instead of fdisk to expand an existing partition.  Using the vgextend method at step 2, you don’t have to reboot, but you lose the redundancy of having RAID5 or RAID10 backing your whole volume.

Alternate Row Shading in Excel

One way to make your data legible is to apply cell shading to every other row in a range. Excel’s Conditional Formatting feature (available in Excel or later) makes this a simple task.

  1. Select the range that you want to format
  2. Choose Format, Conditional Formatting
  3. In the Conditional Formatting dialog box, select Formula Is from the drop-down list, and enter this formula:
    =MOD(ROW(),2)=0
  4. Click the Format button, select the Patterns tab, and specify a color for the shaded rows.
  5. Click OK twice to return to your worksheet.

The best part is that the row shading is dynamic. You’ll find that the row shading persists even if you insert or delete rows within the original range.

Cpanel – Globally disabling the Email Catch-All feature

Spammers love nothing more than launching dictionary attacks on unsuspecting domains using the ‘catch-all’ feature.  This causes multiple problems — the main issues are excessive server load, disk usage, and spam volume.  The worse issue is that once spammers catch on to the fact your domain has a catch-all, they will launch spam campaigns with your domain as the sending domain and all of their backscatter will flood your inbox with legitimate bounces.  If you haven’t been the target of backscatter, keep it that way and disable your catch-all!

The following how-to explains how to manually disable the catch-all on every site.  Since there is no way to prevent a user from re-enabling the catch-all in their Cpanel account, you might consider setting this up to run via Cron every hour or so.

First, back up the virtual aliases:

mkdir /etc/valiasesbackup
cp -p /etc/valiases/* /etc/valiasesbackup

Then, check which sites have a catch-all enabled:

grep '*:' /etc/valiases/* | egrep -v ':fail:'

Disable the catch-all on any site(s) with catch-all enabled. After you do this, run the previous command again to make sure it worked — if it does, it shouldn’t return anything.

sed -i 's/^\*: [^ ]*$/*: :fail: ADDRESS DOES NOT EXIST/g' /etc/valiases/*

If something goes horribly wrong, you can restore the backup you just made:

cp -p –reply=yes /etc/valiasesbackup/* /etc/valiases

Enjoy

Cpanel / SuPHP Part 2 – Fix Ownership Issues

In addition to the correct chmod of files and folders (see part 1), you must ensure that all public_html files and folders have the correct (user and group) ownership.  The following Perl code will eliminate nobody/root ownership.  Place the Perl script into your /home directory and execute it.

#!/usr/bin/perl -w

my @dirs = grep -d,<*>;

foreach my $user (@dirs) {
`chown -R $user:$user $user/public_html/*`;
}

Cpanel / SuPHP – chmod All Files 644, All folders 755

When switching from DSO to SUPHP in cpanel (a must for anyone who takes security seriously on a public webserver), one must pay careful attention to the insecure permissions of user’s public_html folders.  The following commands will look in every user’s html folder and make the appropriate CHMOD to allow php to properly execute under SUPHP.  Don’t forget to also check for files owned by ‘nobody’ or ‘root’ — they will also fail with a 500 error.

find /home/*/public_html/ -type d -print0 | xargs -0 chmod 0755 # For directories
find /home/*/public_html/ -type f -not -name "*.pl" -not -name "*.cgi" -not -name "*.sh" -print0 | xargs -0 chmod 0644 # For files
find /home/*/public_html/ -type f -name "*.cgi" -print0 -o -name "*.pl" -print0 -o -name "*.sh" -print0 | xargs -0 chmod 0755 # For CGI/Scripts

UPDATE: Part 2 – Fixing Ownership

UPDATE: File permission command updated to exclude Perl/CGI. These still need to be 755 (not 644).

UPDATE: Exclude files in 644, add another for scripts/cgi. These still need to be 755 (not 644).