Wednesday, April 26, 2017

Mysql Warning Using a password on the command line interface can be insecure

In new versions of mysql you will get such warning not to specify password in command line. We can resolve this warning by specifying it in file using the utility mysql_config_editor.

Set the credentials using the following command:
mysql_config_editor set --login-path=local --host=localhost --user=username --password

Now you can run the command as:
mysql --login-path=local -e "statement"

Instead of:
mysql -u username -p pass -e "statement"


An alternate way for the older version is to use --defaults-extra-file option.

Create a credentials file my.cnf

cat my.cnf
[mysql]
host = hostname
user = username
password = password

Then when you execute the mysql command specify the path to my.cnf command as

mysql --defaults-extra-file=/path_to/my.cnf

Tuesday, April 25, 2017

Ethernet bonding in rhel7 and centos 7

Load the bonding module:
[root@localhost network-scripts]# modprobe --first-time bonding

Check the module:
[root@localhost network-scripts]# modinfo bonding

Create bond interface as below
[root@localhost network-scripts]# cat ifcfg-bond0
DEVICE=bond0
NAME=bond0
TYPE=Bond
BONDING_MASTER=yes
IPADDR=192.168.56.114
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="mode=1 miimon=100"

Create Slave 1:
[root@localhost network-scripts]# cat ifcfg-enp0s9
BOOTPROTO=none
NAME=enp0s9
DEVICE=enp0s9
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

Create Slave 2:
[root@localhost network-scripts]# cat ifcfg-enp0s10
BOOTPROTO=none
NAME=enp0s10
DEVICE=enp0s10
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
[root@localhost network-scripts]#

Bring the interfaces up and restart network:
[root@localhost network-scripts]# ifup bond0
[root@localhost network-scripts]# ifup ifcfg-enp0s9
[root@localhost network-scripts]# ifup ifcfg-enp0s10
[root@localhost network-scripts]# nmcli con reload
[root@localhost network-scripts]# systemctl restart network

Check the status of the bonding interface:
[root@localhost network-scripts]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: enp0s10
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: enp0s10
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 15
Permanent HW addr: 08:00:27:1d:16:27
Slave queue ID: 0

Slave Interface: enp0s9
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 15
Permanent HW addr: 08:00:27:0a:f8:11
Slave queue ID: 0
[root@localhost network-scripts]#

Wednesday, February 1, 2017

How to enable or disable offload features like TSO, GSO, SG, TX/RX Checksum

TCP offload engine or TOE is a technology used in network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. It is primarily used with high-speed network interfaces, such as gigabit Ethernet and 10 Gigabit Ethernet, where processing overhead of the network stack becomes significant.

Usually when a packet arrives at network interface, it sends a hard interrupt to the processor. So depends up on the traffic, processor has to work more, handle the interrupts, calculate and compare the checksum etc. This will increase the load on CPU.

So a lot of modern Ethernet cards comes up with inbuilt support for checking checksum, handling errors etc. Enabling this we can reduce some load on the CPU.

First we need to check what are features enabled on the interface. They will be shown as On or Off. They may ne associated with a [fixed] parameter which says the value is fixed and we cannot change it.

[root@sysadmin ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:24:21:A5:75:55
          inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::224:21ff:fea5:7555/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:144736 errors:0 dropped:0 overruns:0 frame:0
          TX packets:107522 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:134934140 (128.6 MiB)  TX bytes:11959446 (11.4 MiB)

[root@sysadmin ~]# ethtool --show-offload  eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: off
        tx-checksum-ipv4: off
        tx-checksum-unneeded: off [fixed]
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: off
        tx-scatter-gather: off
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
        tx-tcp-segmentation: off
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off [requested on]
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: off [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
loopback: off [fixed]

We can set the tx checksumming using the following command:
[root@sysadmin ~]# ethtool --offload  eth0  rx on  tx on
[root@sysadmin ~]# ethtool --show-offload  eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-unneeded: off [fixed]
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: off
        tx-scatter-gather: off
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
        tx-tcp-segmentation: off
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off [requested on]
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: off [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
loopback: off [fixed]
[root@sysadmin ~]#

We can enable scatter-gather using the following command:
[root@sysadmin ~]# ethtool --offload  eth0 sg on
[root@sysadmin ~]# ethtool --show-offload  eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-unneeded: off [fixed]
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: off [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
loopback: off [fixed]

We can eable TSO (TCP Segmentation offload) using the following command:
[root@sysadmin ~]# ethtool --offload eth0 tso on
[root@sysadmin ~]# ethtool --show-offload  eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-unneeded: off [fixed]
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: off [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
loopback: off [fixed]
[root@sysadmin ~]#

You can enable GSO(Generic Segmentation Offload) using the following command:
[root@sysadmin ~]# ethtool --offload  eth0 gso on
[root@sysadmin ~]# ethtool --show-offload  eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-unneeded: off [fixed]
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: off [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
loopback: off [fixed]

References:
1. https://en.wikipedia.org/wiki/TCP_offload_engine