.Dated: 05-Nov-2009
KVM in the CentOS 5.4 – How to fixing bridge Problem
When we use KVM in CentOS 5.4 we will notice that there is no bridge setup to allow your virtual guests to directly connect to the local network.
We need to do so simple steps to fix it.
As we are using libvirt,
We need to follwo steps below to fix it.
Step 1: Create the bridge script at /etc/sysconfig/network-scripts/ifcfg-br0
[root@babar /root]# vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
BOOTPROTO=static
TYPE=Bridge
IPADDR=192.168.0.100
NETMASK=255.255.255.0
ONBOOT=yes
NM_CONTROLLED=no
Save & exit
As you can see, I use static IP config.
Step 2: hook up eth0 to the bridge and remove it’s IP config in /etc/sysconfig/network-scripts/ifcfg-eth0
[root@babar /root]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
TYPE=Ethernet
Please restart the network service or your system and you will done. Now create a new virtual machine with virt-manager,we can select to have it directly hooked up to the physical network.
[root@babar ~]# ifconfig
br0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:febd:c94d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:168 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11475 (11.2 KiB) TX bytes:9580 (9.3 KiB)
eth0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx
inet addr:192.168.1.253 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:febd:c94c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3240 errors:0 dropped:0 overruns:0 frame:0
TX packets:5286 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:417544 (407.7 KiB) TX bytes:5574477 (5.3 MiB)
Memory:b1a20000-b1a40000
eth1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet6 addr: fe80::215:17ff:febd:c94d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9113 errors:0 dropped:0 overruns:0 frame:0
TX packets:122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:755212 (737.5 KiB) TX bytes:27911 (27.2 KiB)
Memory:b1a00000-b1a20000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:969 errors:0 dropped:0 overruns:0 frame:0
TX packets:969 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2744681 (2.6 MiB) TX bytes:2744681 (2.6 MiB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:9535 (9.3 KiB)
vnet0 Link encap:Ethernet HWaddr A2:F7:06:6D:C1:2F
inet6 addr: fe80::a0f7:6ff:fe6d:c12f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:57 errors:0 dropped:0 overruns:0 frame:0
TX packets:1035 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:9782 (9.5 KiB) TX bytes:208709 (203.8 KiB)
Now it is working fine.
Thursday, November 5, 2009
Monday, November 2, 2009
Video Cache server for Squid cache Server by Babar Zahoor
Video Cache Server Using Squid Apache and Python.
Purpose of this server is to cache all the websites like youtube.com blip.tv etc at our local squid cache server.
1. Requires
===========
a. squid >= 2.6
b. python >= 2.4
c. python-urlgrabber
d. python-iniparse
e. Apache (httpd) or any other Web Server
Note: For these steps your machine must be conneted with Internet & Preinstalled CentOS 5.3 or 5.4
Please follow the steps
[root@Squid ~]# yum install squid httpd python python-urlgrabber python-iniparse
Download the Package of videocache from http://cachevideos.com/download/ .
[root@Squid Desktop]# tar -xzvf videocache-1.9.1.tar.gz
videocache-1.9.1/
videocache-1.9.1/videocache-httpd.conf
videocache-1.9.1/scripts/
videocache-1.9.1/scripts/vccleaner
videocache-1.9.1/videocache.spec
videocache-1.9.1/setup.py
videocache-1.9.1/COPYING
videocache-1.9.1/Readme
videocache-1.9.1/videocache-sysconfig.conf
videocache-1.9.1/INSTALL
videocache-1.9.1/CHANGELOG
videocache-1.9.1/videocache.8.gz
videocache-1.9.1/videocache/
videocache-1.9.1/videocache/__init__.py
videocache-1.9.1/videocache/parser.py
videocache-1.9.1/videocache/config.py
videocache-1.9.1/videocache/Errors.py
videocache-1.9.1/videocache/videocache.py
videocache-1.9.1/update-vc
videocache-1.9.1/videocache.8.t2t
[root@Squid Desktop]#
[root@Squid Desktop]# cd videocache-1.9.1
[root@Squid videocache-1.9.1]#
[root@Squid videocache-1.9.1]# cp videocache-httpd.conf /etc/httpd/conf.d/videocache.conf
[root@Squid videocache-1.9.1]# cp videocache-sysconfig.conf /etc/videocache.conf
[root@Squid videocache-1.9.1]# cp update-vc /usr/sbin/update-vc
[root@Squid videocache-1.9.1]# chmod 744 /usr/sbin/update-vc
[root@Squid videocache-1.9.1]# cp vccleaner /usr/sbin/vccleaner
[root@Squid videocache-1.9.1]# chmod 744 /usr/sbin/vccleaner
[root@Squid videocache-1.9.1]# cp -r videocache /usr/share/
[root@Squid root]# cd /var/spool/
[root@Squid spool]# mkdir videocache
[root@Squid spool]# mkdir videocache/tmp videocache/youtube videocache/metacafe videocache/dailymotion videocache/google
videocache/vimeo videocache/wrzuta videocache/soapbox videocache/tube8 videocache/tvuol videocache/bliptv videocache/break
[root@Squid spool]# chown -R squid:squid videocache
[root@Squid spool]# chmod -R 755 videocache
[root@Squid ~]# mkdir -p /var/log/videocache
[root@Squid ~]# chmod -R 755 /var/log/videocache/
[root@Squid ~]# chown -R squid:squid /var/log/videocache/
Note: Please add these lines at the last of squid.conf file if it shows you some errors please copy prper and paste again it a
root@Squid videocache-1.9.1]#Vim /etc/squid/squid.conf
# --BEGIN-- videocache config for squid
url_rewrite_program /usr/bin/python /usr/share/videocache/videocache.py
url_rewrite_children 7
acl videocache_allow_url url_regex -i \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?
)\/videoplayback\?
acl videocache_allow_url url_regex -i
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?
)\/videoplay\?
acl videocache_allow_url url_regex -i
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?
)\/get_video\?
acl videocache_allow_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/
acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/
acl videocache_allow_url url_regex -i bitcast\.vimeo\.com\/vimeo\/videos\/
acl videocache_allow_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl videocache_allow_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl videocache_allow_url url_regex -i media[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ mobile[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/
acl videocache_allow_url url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv
acl videocache_allow_url url_regex -i \.video[a-z0-9]?[a-z0-9]?\.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram)
acl videocache_allow_url url_regex -i video\.break\.com\/(.*)\.(flv|mp4)
acl videocache_deny_url url_regex -i http:\/\/[a-z][a-z]\.youtube\.com http:\/\/www\.youtube\.com
url_rewrite_access deny videocache_deny_url
url_rewrite_access allow videocache_allow_url
url_rewrite_access allow videocache_allow_dom
redirector_bypass on
# --END-- videocache config for squid
[root@Squid root]# service httpd start
[root@Squid root]# chkconfig httpd --level 35 on
[root@Squid root]# chkconfig squid --level 35 on
[root@Squid root]# service squid reload
Last step then start using it. Please open the file videocache.conf in the /etc dir then place your squid machines ip there.
[root@Squid videocache-1.9.1]# cd /etc/
[root@Squid etc]# vim /etc/videocache.conf
[main]
# file : /etc/videocache.conf
######### Please put here your cache machine IP ########
cache_host = 192.168.1.254
######## please put here your squid machines IP & Port .i.e 3128 or 8080 which you are using .
proxy = http://192.168.1.254:3128/
save & exit.
then
restart squid and apache services.
Here we done it.
start browsing from youtube.com or blip.tv then you can see your machine will create cache.
We can check the service is running with this command.
[root@Squid etc]# ps -aux | grep squid
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root 3652 0.0 0.0 49868 1628 ? Ss 10:06 0:00 squid -D
squid 3654 0.0 0.5 57884 11392 ? S 10:06 0:02 (squid) -D
squid 3656 0.0 0.4 181916 10080 ? Ssl 10:06 0:02 (python) /usr/share/videocache/videocache.py
squid 3657 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3658 0.0 0.4 151184 9932 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3659 0.0 0.4 151184 9932 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3660 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3661 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3662 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3671 0.0 0.0 3640 252 ? Ss 10:06 0:00 (unlinkd)
root 4623 0.0 0.0 58956 528 pts/6 S+ 10:23 0:00 tail -f /var/log/squid/access.log
root 14153 0.0 0.0 61196 740 pts/8 S+ 12:43 0:00 grep squid
[root@Squid etc]#
We can check the log file of Video Cache
[root@Squid etc]# tail -f /var/log/videocache/videocache.log
2009-11-02 18:42:39,624 6257 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,624 6264 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,624 6262 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,624 6260 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,626 6263 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,627 6265 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,627 6261 - - RELOAD - videocache plugin was reloaded.
2009-11-03 10:06:57,731 3656 - - XMLRPCSERVER - Starting XMLRPCServer on port 9100.
2009-11-03 10:06:57,731 3656 - - SCHEDULEDER - Download Scheduler starting.
2009-11-03 10:06:59,987 3682 - - UPDATE_SIZE - Size of all caching directories updated successfully.
We can check the log of your apache server for who is accessing your videocache
[root@Squid etc]# tail -f /var/log/httpd/access_log
192.168.1.254 - - [02/Nov/2009:17:49:19 +0500] "GET /favicon.ico HTTP/1.0" 404 287 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4)
Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:17:32 +0500] "GET /sarg HTTP/1.1" 403 280 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121911
CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:17:32 +0500] "GET /favicon.ico HTTP/1.1" 404 283 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5)
Gecko/2008121911 CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:17:35 +0500] "GET /favicon.ico HTTP/1.1" 404 283 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5)
Gecko/2008121911 CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:19:40 +0500] "GET /sarg HTTP/1.1" 403 280 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121911
CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:24:28 +0500] "GET /favicon.ico HTTP/1.0" 404 287 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4)
Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /videocache/ HTTP/1.0" 200 3408 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4)
Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /icons/folder.gif HTTP/1.0" 304 - "http://192.168.1.254/videocache/" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /icons/blank.gif HTTP/1.0" 304 - "http://192.168.1.254/videocache/" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /icons/back.gif HTTP/1.0" 304 - "http://192.168.1.254/videocache/" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
we can check aur size of videocache is increasing
[root@Squid etc]# watch du -sh /var/spool/videocache/
Purpose of this server is to cache all the websites like youtube.com blip.tv etc at our local squid cache server.
1. Requires
===========
a. squid >= 2.6
b. python >= 2.4
c. python-urlgrabber
d. python-iniparse
e. Apache (httpd) or any other Web Server
Note: For these steps your machine must be conneted with Internet & Preinstalled CentOS 5.3 or 5.4
Please follow the steps
[root@Squid ~]# yum install squid httpd python python-urlgrabber python-iniparse
Download the Package of videocache from http://cachevideos.com/download/ .
[root@Squid Desktop]# tar -xzvf videocache-1.9.1.tar.gz
videocache-1.9.1/
videocache-1.9.1/videocache-httpd.conf
videocache-1.9.1/scripts/
videocache-1.9.1/scripts/vccleaner
videocache-1.9.1/videocache.spec
videocache-1.9.1/setup.py
videocache-1.9.1/COPYING
videocache-1.9.1/Readme
videocache-1.9.1/videocache-sysconfig.conf
videocache-1.9.1/INSTALL
videocache-1.9.1/CHANGELOG
videocache-1.9.1/videocache.8.gz
videocache-1.9.1/videocache/
videocache-1.9.1/videocache/__init__.py
videocache-1.9.1/videocache/parser.py
videocache-1.9.1/videocache/config.py
videocache-1.9.1/videocache/Errors.py
videocache-1.9.1/videocache/videocache.py
videocache-1.9.1/update-vc
videocache-1.9.1/videocache.8.t2t
[root@Squid Desktop]#
[root@Squid Desktop]# cd videocache-1.9.1
[root@Squid videocache-1.9.1]#
[root@Squid videocache-1.9.1]# cp videocache-httpd.conf /etc/httpd/conf.d/videocache.conf
[root@Squid videocache-1.9.1]# cp videocache-sysconfig.conf /etc/videocache.conf
[root@Squid videocache-1.9.1]# cp update-vc /usr/sbin/update-vc
[root@Squid videocache-1.9.1]# chmod 744 /usr/sbin/update-vc
[root@Squid videocache-1.9.1]# cp vccleaner /usr/sbin/vccleaner
[root@Squid videocache-1.9.1]# chmod 744 /usr/sbin/vccleaner
[root@Squid videocache-1.9.1]# cp -r videocache /usr/share/
[root@Squid root]# cd /var/spool/
[root@Squid spool]# mkdir videocache
[root@Squid spool]# mkdir videocache/tmp videocache/youtube videocache/metacafe videocache/dailymotion videocache/google
videocache/vimeo videocache/wrzuta videocache/soapbox videocache/tube8 videocache/tvuol videocache/bliptv videocache/break
[root@Squid spool]# chown -R squid:squid videocache
[root@Squid spool]# chmod -R 755 videocache
[root@Squid ~]# mkdir -p /var/log/videocache
[root@Squid ~]# chmod -R 755 /var/log/videocache/
[root@Squid ~]# chown -R squid:squid /var/log/videocache/
Note: Please add these lines at the last of squid.conf file if it shows you some errors please copy prper and paste again it a
root@Squid videocache-1.9.1]#Vim /etc/squid/squid.conf
# --BEGIN-- videocache config for squid
url_rewrite_program /usr/bin/python /usr/share/videocache/videocache.py
url_rewrite_children 7
acl videocache_allow_url url_regex -i \.youtube\.com\/get_video\?
acl videocache_allow_url url_regex -i \.googlevideo\.com\/videoplayback \.googlevideo\.com\/videoplay \.googlevideo\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.com\/videoplayback \.google\.com\/videoplay \.google\.com\/get_video\?
acl videocache_allow_url url_regex -i \.google\.[a-z][a-z]\/videoplayback \.google\.[a-z][a-z]\/videoplay \.google\.[a-z][a-z]\/get_video\?
acl videocache_allow_url url_regex -i
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?
)\/videoplayback\?
acl videocache_allow_url url_regex -i
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?
)\/videoplay\?
acl videocache_allow_url url_regex -i
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?
)\/get_video\?
acl videocache_allow_url url_regex -i proxy[a-z0-9\-][a-z0-9][a-z0-9][a-z0-9]?\.dailymotion\.com\/
acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/
acl videocache_allow_url url_regex -i bitcast\.vimeo\.com\/vimeo\/videos\/
acl videocache_allow_url url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
acl videocache_allow_url url_regex -i \.msn\.com\.edgesuite\.net\/(.*)\.flv
acl videocache_allow_url url_regex -i media[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/ mobile[a-z0-9]?[a-z0-9]?[a-z0-9]?\.tube8\.com\/
acl videocache_allow_url url_regex -i \.mais\.uol\.com\.br\/(.*)\.flv
acl videocache_allow_url url_regex -i \.video[a-z0-9]?[a-z0-9]?\.blip\.tv\/(.*)\.(flv|avi|mov|mp3|m4v|mp4|wmv|rm|ram)
acl videocache_allow_url url_regex -i video\.break\.com\/(.*)\.(flv|mp4)
acl videocache_deny_url url_regex -i http:\/\/[a-z][a-z]\.youtube\.com http:\/\/www\.youtube\.com
url_rewrite_access deny videocache_deny_url
url_rewrite_access allow videocache_allow_url
url_rewrite_access allow videocache_allow_dom
redirector_bypass on
# --END-- videocache config for squid
[root@Squid root]# service httpd start
[root@Squid root]# chkconfig httpd --level 35 on
[root@Squid root]# chkconfig squid --level 35 on
[root@Squid root]# service squid reload
Last step then start using it. Please open the file videocache.conf in the /etc dir then place your squid machines ip there.
[root@Squid videocache-1.9.1]# cd /etc/
[root@Squid etc]# vim /etc/videocache.conf
[main]
# file : /etc/videocache.conf
######### Please put here your cache machine IP ########
cache_host = 192.168.1.254
######## please put here your squid machines IP & Port .i.e 3128 or 8080 which you are using .
proxy = http://192.168.1.254:3128/
save & exit.
then
restart squid and apache services.
Here we done it.
start browsing from youtube.com or blip.tv then you can see your machine will create cache.
We can check the service is running with this command.
[root@Squid etc]# ps -aux | grep squid
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root 3652 0.0 0.0 49868 1628 ? Ss 10:06 0:00 squid -D
squid 3654 0.0 0.5 57884 11392 ? S 10:06 0:02 (squid) -D
squid 3656 0.0 0.4 181916 10080 ? Ssl 10:06 0:02 (python) /usr/share/videocache/videocache.py
squid 3657 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3658 0.0 0.4 151184 9932 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3659 0.0 0.4 151184 9932 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3660 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3661 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3662 0.0 0.4 151184 9928 ? Ss 10:06 0:00 (python) /usr/share/videocache/videocache.py
squid 3671 0.0 0.0 3640 252 ? Ss 10:06 0:00 (unlinkd)
root 4623 0.0 0.0 58956 528 pts/6 S+ 10:23 0:00 tail -f /var/log/squid/access.log
root 14153 0.0 0.0 61196 740 pts/8 S+ 12:43 0:00 grep squid
[root@Squid etc]#
We can check the log file of Video Cache
[root@Squid etc]# tail -f /var/log/videocache/videocache.log
2009-11-02 18:42:39,624 6257 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,624 6264 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,624 6262 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,624 6260 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,626 6263 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,627 6265 - - RELOAD - videocache plugin was reloaded.
2009-11-02 18:42:39,627 6261 - - RELOAD - videocache plugin was reloaded.
2009-11-03 10:06:57,731 3656 - - XMLRPCSERVER - Starting XMLRPCServer on port 9100.
2009-11-03 10:06:57,731 3656 - - SCHEDULEDER - Download Scheduler starting.
2009-11-03 10:06:59,987 3682 - - UPDATE_SIZE - Size of all caching directories updated successfully.
We can check the log of your apache server for who is accessing your videocache
[root@Squid etc]# tail -f /var/log/httpd/access_log
192.168.1.254 - - [02/Nov/2009:17:49:19 +0500] "GET /favicon.ico HTTP/1.0" 404 287 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4)
Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:17:32 +0500] "GET /sarg HTTP/1.1" 403 280 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121911
CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:17:32 +0500] "GET /favicon.ico HTTP/1.1" 404 283 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5)
Gecko/2008121911 CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:17:35 +0500] "GET /favicon.ico HTTP/1.1" 404 283 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5)
Gecko/2008121911 CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:19:40 +0500] "GET /sarg HTTP/1.1" 403 280 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.5) Gecko/2008121911
CentOS/3.0.5-1.el5.centos Firefox/3.0.5"
192.168.1.254 - - [03/Nov/2009:10:24:28 +0500] "GET /favicon.ico HTTP/1.0" 404 287 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4)
Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /videocache/ HTTP/1.0" 200 3408 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4)
Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /icons/folder.gif HTTP/1.0" 304 - "http://192.168.1.254/videocache/" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /icons/blank.gif HTTP/1.0" 304 - "http://192.168.1.254/videocache/" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
192.168.1.254 - - [03/Nov/2009:10:31:41 +0500] "GET /icons/back.gif HTTP/1.0" 304 - "http://192.168.1.254/videocache/" "Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)"
we can check aur size of videocache is increasing
[root@Squid etc]# watch du -sh /var/spool/videocache/
Friday, August 14, 2009
Friday, July 31, 2009
Linux Load Balancer Using LVS, HeartBeat Highly Available MySQL using DRBD & HeartBeat by Babar Zahoor
Wrritten By Babar Zahooor (RHCE)
Coordinated by Muhammad Farrukh Siddque(LPIC)
Speacial Thanks to
Mr.Muhammad Kamran Azeem
http://www.Wbitt.com, http://www.LinuxUrduCBTs.com
Linsux Load Balancer Video CBT's using Piranha,Pulse,IPVsadm and Highly Available MySQL using DRBD & HearTBeat.
6 Nodes Load Balancer
Two nodes for LVS (Piranha Pulse nannay Ipvsadm) as Load balancer
Two nodes for Web servers can be multiple upto your requirement.
Two nodes for mysql database server using Drbd & heartbeat for highly avaliable mysql database.
3 types of LoadBalancers
1. Nating
2. Direct Routing
3. Tunneling
CentOS 5.3 is used as Operating System.
In this setup we are using LVS(Linux virtual server) using Direct Routing Method these packages are available on Redhat5.x/CentOs5.x.
We will cover these in few steps.
1 . we will setup basic setup for whole 6 nodes
> Host file configuration (In real network use DNS or both.)
> Ssh key generation (For authentication betwen all 6 nodes)
> NTP Configuration (For time syncronization if possible use dedicated NTP server otherwise 1 node can be used)
2 . We need to configure LVS setup for the two highly available Load balancers. (If one down other will do the same function)
3 . We need to configure web servers for the Load balancing the web service. (Both will have apache php php-mysql php-gd service installaed We also install joomla on both server to check our web and Mysql service working.)
4 . We need to configure Drbd & heartbeat service on two db servers.(Db1 and Db2 will be active passive mode to give highly availabe mysql database service and it's data/databses).
5 . We need to configure joomla on both web server's and make thier connection with mysql databses servers.
1. Basic configurations of all 6 nodes.
On all Nodes. Please copy this file on all servers/nodes
[root@lb1 /]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
##### IP's of Load Balancers #####
10.0.0.1 lb1.linuxurducbts.com lb1
10.0.0.2 lb2.linuxurducbts.com lb2
##### IP's of Web Servers #####
10.0.0.30 www1.linuxurducbts.com www1
10.0.0.40 www2.linuxurducbts.com www2
##### IP's of MySQL DB servers #####
10.0.0.50 db1.linuxurducbts.com db1
10.0.0.51 db2.linuxurducbts.com db2
########## Here is Virtual IP/Service IP of Webserver and MySQL DB ##########
10.0.0.3 www.linuxurducbts.com www
10.0.0.190 db.linuxurducbts.com db
Copy this /etc/hosts file to all the servers
[root@lb1 /]#
Now generate ssh keys
[root@lb1 ~]# ssh-keygen -t rsa
[root@lb1 ~]# ssh-keygen -t dsa
[root@lb1 ~]# cd /root/.ssh/
[root@lb1 ~]# cat *.pub > authorized_keys
[root@lb1 ~]#scp -r /root/.ssh/ lb2:/root/
[root@lb1 ~]#scp -r /root/.ssh/ www1:/root/
[root@lb1 ~]#scp -r /root/.ssh/ www2:/root/
[root@lb1 ~]#scp -r /root/.ssh/ db1:/root/
[root@lb1 ~]#scp -r /root/.ssh/ db2:/root/
[root@lb1 ~]#ssh-keyscan -t dsa lb1 lb2 db1 db2 www1 www2
[root@lb1 ~]#ssh-keyscan -t rsa lb1 lb2 db1 db2 www1 www2
Stop Unwanted services on all nodes.
[root@lb1 ~]# /etc/init/sendmail stop
[root@lb1 ~]# chkconfig --level 235 sendmail off
3. NTP configuration.
Run this command on all nodes & Make sure the ntp is installed on all nodes.
[root@lb1 ~]# rpm -qa | grep ntp
ntp-4.2.2p1-9.el5.centos
chkfontpath-1.10.1-1.1
[root@lb1 ~]#
[root@lb1 ~]# vim /etc/ntp.conf ###Configuration for NTP server###
restrict 127.0.0.1
server 127.127.1.0 # local clock
save & quit
[root@lb1 ~]#
[root@lb1 ~]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@lb1 ~]#
Clinet side configuration
[root@db2 /]# vim /etc/ntp.conf
#restrict 127.0.0.1
#restrict -6 ::1
server 10.0.0.1 ##Put Server IP here##
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
save & quit
[root@db2 /]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@db2 /]#
[root@db2 /]#
[root@db2 /]# ntpdate -u 10.0.0.1
16 Jul 11:55:34 ntpdate[12101]: step time server 10.0.0.1 offset -3.069414 sec
[root@db2 /]#
Copy this file /etc/ntp.conf on all 4 nodes .i.e www1 www2 db1 db2 and restart the ntp service on those nodes.
Run this command on all nodes.
[root@db2 /]# ntpdate -u 10.0.0.1
LVS Setup configuration on LB1 and LB2
We need to install Piranha package it will automaticaly instll pulse,ipvsadm,nanny
install piranha on both nodes
[root@lb1 ~]# yum install piranha -y
[root@lb2 ~]# yum install piranha -y
[root@lb1 ~]# vim /etc/sysconfig/ha/lvs.cf
serial_no = 14
primary = 10.0.0.1
service = lvs
rsh_command = ssh
backup_active = 1
backup = 10.0.0.2
heartbeat = 1
heartbeat_port = 1050
keepalive = 2
deadtime = 10
network = direct ### use nat if nating method is used ###
debug_level = NONE
monitor_links = 1
virtual server1 {
active = 1
address = 10.0.0.3 eth0:1
port = 80
send = "GET / HTTP/1.1\r\n\r\n"
expect = "HTTP"
load_monitor = uptime
scheduler = rr
protocol = tcp
timeout = 10
reentry = 180
quiesce_server = 0
server www1 {
address = 10.0.0.30
active = 1
weight = 1
}
server www2 {
address = 10.0.0.40
active = 1
weight = 1
}
}
save & exit
[root@lb1 ~]# scp /etc/sysconfig/ha/lvs.cf lb2:/etc/sysconfig/ha/
[root@lb1 ~]# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
save & exit
[root@lb1 ~]# scp /etc/sysctl.conf lb2:/etc/
Run this command on both nodes
[root@lb1 ~]# [root@lb1 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[root@lb1 ~]#
Before starting service pulse start httpd on both web servers.
[root@www1 ~]#/etc/init.d/httpd start
[root@www1 ~]#/etc/init.d/httpd start
Start pulse service on both lvs/LoadBalancer servers
[root@lb1 ~]# /etc/init.d/pulse start
Starting pulse:
[root@lb1 ~]#
[root@lb1 ~]# /etc/init.d/pulse restart
Shutting down pulse: [ OK ]
Starting pulse: [ OK ]
[root@lb1 ~]# tail -f /var/log/messages
Jul 16 12:24:18 lb1 pulse[6363]: STARTING PULSE AS MASTER
Jul 16 12:24:28 lb1 pulse[6363]: partner dead: activating lvs
Jul 16 12:24:28 lb1 avahi-daemon[2940]: Registering new address record for 10.0.0.3 on eth0.
Jul 16 12:24:28 lb1 lvs[6367]: starting virtual service server1 active: 80
Jul 16 12:24:28 lb1 nanny[6376]: starting LVS client monitor for 10.0.0.3:80
Jul 16 12:24:28 lb1 lvs[6367]: create_monitor for server1/www1 running as pid 6376
Jul 16 12:24:28 lb1 nanny[6377]: starting LVS client monitor for 10.0.0.3:80
Jul 16 12:24:28 lb1 lvs[6367]: create_monitor for server1/www2 running as pid 6377
Jul 16 12:24:28 lb1 nanny[6376]: [ active ] making 10.0.0.30:80 available
Jul 16 12:24:28 lb1 nanny[6377]: [ active ] making 10.0.0.40:80 available
Jul 16 12:24:33 lb1 pulse[6369]: gratuitous lvs arps finished
it seems good now our pulse is working fine.
3. Web servers configuration On both servers.
[root@www1 ~]# yum install httpd php php-mysql php-gd
[root@www1 ~]# yum install arptables_jf
[root@www1 ~]#echo "Babar Zahoor
RHCE" > /var/www/html/test.html
[root@www2 ~]#echo "Muhammad Farrukh Siddique
LPIC" > /var/www/html/test.html
For both server we need to configure the Loopback interface
[root@www1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=10.0.0.3
NETMASK=255.255.255.255
NETWORK=10.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=10.255.255.255
ONBOOT=yes
NAME=loopback
[root@www1 ~]#
[root@www1 ~]#ifup lo:0
[root@www2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=10.0.0.3
NETMASK=255.255.255.255
NETWORK=10.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=10.255.255.255
ONBOOT=yes
NAME=loopback
[root@www2 ~]#
[root@www2 ~]# ifup lo:0
on both real servers
[root@www1 ~]#arptables -A IN -d 10.0.0.3 -j DROP
[root@www1 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.1
[root@www1 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.2
[root@www1 ~]#
[root@www1 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[root@www1 ~]#
[root@www2 ~]#arptables -A IN -d 10.0.0.3 -j DROP
[root@www2 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.1
[root@www2 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.2
[root@www2 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[root@www2 ~]#
We need to tell system to up lo:0 every time at boot.
[root@www1 ~]# echo "ifup lo:0" > /etc/rc.local
[root@www2 ~]# echo "ifup lo:0" > /etc/rc.local
Here we need to test the setup is working fine here we have two lvs and webservers
this command will show about the connections.
[root@lb1 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP www.linuxurducbts.com:ht rr
-> www2.linuxurducbts.com:h Route 1 0 0
-> www1.linuxurducbts.com:h Route 1 0 0
[root@lb1 ~]#
[root@lb1 ~]# watch ipvsadm -Lcn
Configuration of Drbd & Heartbeat on Both database servers
Here we need to configure partitions on both servers
PARTITION SETUP On Both Servers.
Partion setup on both server identical same with fdisk
We have 4GB disks on both servers.
Partition Setup for Cluster Servers
We need to create LVM partition
[root@db1 ~]# fdisk -l
[root@db1 ~]# fdisk /dev/sdb
[root@db1 ~]# fdisk /dev/sd
sda sda1 sda2 sdb sdb1
[root@db2 ~]# fdisk /dev/sdb
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 522 4192933+ 8e Linux LVM
Command (m for help): d
Selected partition 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-522, default 522): +4000M
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 83 Linux
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 8e Linux LVM
Command (m for help):
Command (m for help): w
[root@db1 ~]# partprobe
Create Physical Volume for LVM this is second step for LVM partition.
[root@db1 ~]# pvcreat /dev/sdb1 /dev/sdb2
Create Volume Group with this command
[root@db1 ~]# vgcreate vgdb /dev/sdb1
Create Logical volume partition
[root@db1 ~]# lvcreate -L +1000M -n /dev/mapper/vgdb/lvdb
[root@db1 ~]# lvcreate -L +256M -n /dev/mapper/vgdb/lvmeta
Note: Create LVM on Both servers identical same ...................
install drbd and configure it.
[root@db1 ~]# yum install drbd82 kmod-drbd82 -y
[root@db2 ~]# yum install drbd82 kmod-drbd82 -y
[root@db1 ~]modprobe drbd
[root@db2 ~]modprobe drbd
[root@db1 ~]echo "modprobe drbd" > /etc/rc.local
[root@db2 ~]echo "modprobe drbd" > /etc/rc.local
[root@db1 ~]#vim /etc/drbd.conf
global {
usage-count yes;
}
common {
syncer { rate 10M; }
}
resource r0 {
protocol C;
handlers {
pri-on-incon-degr "echo o > /proc/sysrq-trigger ; halt -f";
pri-lost-after-sb "echo o > /proc/sysrq-trigger ; halt -f";
local-io-error "echo o > /proc/sysrq-trigger ; halt -f";
outdate-peer "/usr/lib/heartbeat/drbd-peer-outdater -t 5";
}
startup {
}
disk {
on-io-error detach;
}
net {
after-sb-0pri disconnect;
after-sb-1pri disconnect;
after-sb-2pri disconnect;
rr-conflict disconnect;
}
syncer {
rate 10M;
al-extents 257;
}
on db1.linuxurducbts.com {
device /dev/drbd0;
disk /dev/vgdb/lvdb;
address 10.0.0.50:7788;
meta-disk /dev/vgdb/lvmeta[1];
}
on db2.linuxurducbts.com {
device /dev/drbd0;
disk /dev/vgdb/lvdb;
address 10.0.0.51:7788;
meta-disk /dev/vgdb/lvmeta[1];
}
}
save & exit
[root@db1 ~]#scp /etc/drbd.conf lb2:/etc/
[root@db1 ~]#vi /etc/sysctl.conf
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
save & quit
[root@db1 ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[root@db1 ~]#
save it........
[root@db1 ~]#
[root@db1 ~]# scp /etc/drbd.conf db2:/etc/drbd.conf
We need to run module on both servers to run drbd
Load DRBD module both nodes:
[root@db1 ~]# modprobe drbd
[root@db1 ~]# echo "modprobe drbd" >> /etc/rc.local
[root@db2 ~]# modprobe drbd
[root@db2 ~]# echo "modprobe drbd" >> /etc/rc.local
##### run this on both servers ######
[root@db1 ~]#drbdadm create-md r0
[root@db2 ~]#drbdadm create-md r0
[root@db1 ~]#drbdadm attach r0
[root@db2 ~]#drbdadm attach r0
[root@db1 ~]#drbdadm syncer r0
[root@db2 ~]#drbdadm syncer r0
[root@db1 ~]#drbdadm connect r0
[root@db2 ~]#drbdadm connect r0
On Primary Node only
[root@db1 ~]#drbdadm -- --overwrite-data-of-peer primary r0
On both Nodes:
[root@db1 ~]#drbdadm up all
[root@db2 ~]#drbdadm up all
On Primary Node only
[root@db1 ~]#drbdadm -- primary all #### ON Node one Only ####
[root@db1 ~]#watch cat /proc/drbd
only on db1 ########## Primary Node ########
[root@db1 ~]#mkfs.ext3 /dev/drbd0
[root@db1 ~]#mkdir /data/
[root@db1 ~]#mount /dev/drbd0 /data/
[root@db1 ~]#
[root@db1 ~]# df -hk
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
5967432 2625468 3033948 47% /
/dev/sda1 101086 12074 83793 13% /boot
tmpfs 257720 0 257720 0% /dev/shm
/dev/drbd0 4031516 107600 3719128 3% /data
[root@db1 ~]#
[root@db1 ~]# umount /dev/drbd0 /data
Note: HeartBeat will automatically handle this.
On db2 ####### Secondry Node #######
[root@db2 ~]#mkdir /data
Heartbeat Setup:
================
Install heartbeat package using yum
Note: Internet connection is required or configure yum repository on your local machine with extras.
[root@db1 ~]#yum install -y heartbeat heartbeat-pils heartbeat-stonith heartbeat-devel
[root@db1 ~]#vim /etc/ha.d/ha.cf ## Create this file and copy this text ##
logfacility local0
keepalive 2
#deadtime 30 # USE THIS!!!
deadtime 10
# we use two heartbeat links, eth2 and serial 0
bcast eth0
#serial /dev/ttyS0
baud 19200
auto_failback off
node db1.linuxurducbts.com
node db2.linuxurducbts.com
save & quit.
Server db1
[root@db1 ~]#vi /etc/ha.d/haresources
db1 IPaddr::10.0.0.190/8/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 mysql
Server db2:
[root@db2 ~]#vi /etc/ha.d/haresources
db2 IPaddr::10.0.0.190/8/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 mysql
On Both Servers:
[root@db1 ~]#vi /etc/ha.d/authkeys
auth 3
3 md5 redhat ######### Use Long name as password #########
both NODE:
[root@db1 ~]#chmod 600 /etc/ha.d/authkeys
[root@db1 ~]#scp /etc/ha.d/authkeys db2:/etc/ha.d/authkeys
[root@db1 ~]#chkconfig --level 235 heartbeat on
Note: if you have problem mounting /dev/drbd0 on /data then run these commands to check the status if you found the drbddisk stopped then start it.
Mysql Configuration.
cp /etc/my.cnf /etc/my.cnf.orig
vi /etc/my.cnf
[mysqld]
# datadir=/var/lib/mysql
datadir=/data/mysql
#socket=/var/lib/mysql/mysql.sock
socket=/data/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
[mysql.server]
user=mysql
#basedir=/var/lib
basedir=/data
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[mysql]
socket=/data/mysql/mysql.sock
Now it is time to add users/hosts to mysql server:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.0.0.30' IDENTIFIED BY 'redhat'
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.0.0.40' IDENTIFIED BY 'redhat'
mysql> FLUSH PRIVILEGES;
mysql>quit
Now we need to install joomla on both web servers
On Webserver 1
[root@www1 /]# yum install php php-mysql php-gd -y
[root@www1 ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog Joomla_1.5.13-Stable-Full_Package
[root@www1 ~]# cd Joomla_1.5.13-Stable-Full_Package/
[root@www1 Joomla_1.5.13-Stable-Full_Package]# ls
[root@www1 Joomla_1.5.13-Stable-Full_Package]# cp -avr * /var/www/html/
[root@www1 Joomla_1.5.13-Stable-Full_Package]# cd /var/www/html/
[root@www1 html]# ls
[root@www1 html]# cd ..
[root@www1 www]# ls
cgi-bin error html icons
[root@www1 www]# chown apache:apache html/ -R
[root@www1 www]#
[root@www1 www]# ls
cgi-bin error html icons
[root@www1 www]# cd html/
[root@www1 html]# ll
[root@www1 html]#
Now open internet explorer then open
http://10.0.0.30
Install Joomla follow the steps and give required information.
In Database section give
Host 10.0.0.190 IP use MySQL as database.
user root
passwdor redhat
database joomla
Must check install sample data.
Copy all the joomla code on www2
[root@www1 html]# scp -r * www2:/var/www/html/
We need to open this file and edit it on line 391 add index.php
[root@www1 html]#vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.html index.html.var index.php
save & quit
[root@www1 /]#
[root@www1 ~]# scp /etc/httpd/conf/httpd.conf www2:/etc/httpd/conf/
httpd.conf 100% 33KB 32.9KB/s 00:00
[root@www1 ~]#
[root@www1 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@www1 ~]#
On Web Server 2
[root@www2 html]# chown apache:apache * -R
[root@www2 html]# ll
[root@www2 /]# yum install php php-mysql php-gd -y
[root@www2 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@www2 ~]#
Remeber that each machine(LVS+Real) must have default gw the ip of router connected to these servers
[root@www1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 10.0.0.20 0.0.0.0 UG 0 0 0 eth0
[root@www1 ~]#
Now you can test all the network by accessing web on http://10.0.0.3 or http://www.LinuxUrudCBTs.com
[root@lb1 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP www.linuxurducbts.com:ht rr
-> www2.linuxurducbts.com:h Route 1 0 0
-> www1.linuxurducbts.com:h Route 1 0 0
[root@lb1 ~]#
[root@lb1 ~]# watch ipvsadm -Lcn
ALLHADULILLAH We have done it................
Coordinated by Muhammad Farrukh Siddque(LPIC)
Speacial Thanks to
Mr.Muhammad Kamran Azeem
http://www.Wbitt.com, http://www.LinuxUrduCBTs.com
Linsux Load Balancer Video CBT's using Piranha,Pulse,IPVsadm and Highly Available MySQL using DRBD & HearTBeat.
6 Nodes Load Balancer
Two nodes for LVS (Piranha Pulse nannay Ipvsadm) as Load balancer
Two nodes for Web servers can be multiple upto your requirement.
Two nodes for mysql database server using Drbd & heartbeat for highly avaliable mysql database.
3 types of LoadBalancers
1. Nating
2. Direct Routing
3. Tunneling
CentOS 5.3 is used as Operating System.
In this setup we are using LVS(Linux virtual server) using Direct Routing Method these packages are available on Redhat5.x/CentOs5.x.
We will cover these in few steps.
1 . we will setup basic setup for whole 6 nodes
> Host file configuration (In real network use DNS or both.)
> Ssh key generation (For authentication betwen all 6 nodes)
> NTP Configuration (For time syncronization if possible use dedicated NTP server otherwise 1 node can be used)
2 . We need to configure LVS setup for the two highly available Load balancers. (If one down other will do the same function)
3 . We need to configure web servers for the Load balancing the web service. (Both will have apache php php-mysql php-gd service installaed We also install joomla on both server to check our web and Mysql service working.)
4 . We need to configure Drbd & heartbeat service on two db servers.(Db1 and Db2 will be active passive mode to give highly availabe mysql database service and it's data/databses).
5 . We need to configure joomla on both web server's and make thier connection with mysql databses servers.
1. Basic configurations of all 6 nodes.
On all Nodes. Please copy this file on all servers/nodes
[root@lb1 /]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
##### IP's of Load Balancers #####
10.0.0.1 lb1.linuxurducbts.com lb1
10.0.0.2 lb2.linuxurducbts.com lb2
##### IP's of Web Servers #####
10.0.0.30 www1.linuxurducbts.com www1
10.0.0.40 www2.linuxurducbts.com www2
##### IP's of MySQL DB servers #####
10.0.0.50 db1.linuxurducbts.com db1
10.0.0.51 db2.linuxurducbts.com db2
########## Here is Virtual IP/Service IP of Webserver and MySQL DB ##########
10.0.0.3 www.linuxurducbts.com www
10.0.0.190 db.linuxurducbts.com db
Copy this /etc/hosts file to all the servers
[root@lb1 /]#
Now generate ssh keys
[root@lb1 ~]# ssh-keygen -t rsa
[root@lb1 ~]# ssh-keygen -t dsa
[root@lb1 ~]# cd /root/.ssh/
[root@lb1 ~]# cat *.pub > authorized_keys
[root@lb1 ~]#scp -r /root/.ssh/ lb2:/root/
[root@lb1 ~]#scp -r /root/.ssh/ www1:/root/
[root@lb1 ~]#scp -r /root/.ssh/ www2:/root/
[root@lb1 ~]#scp -r /root/.ssh/ db1:/root/
[root@lb1 ~]#scp -r /root/.ssh/ db2:/root/
[root@lb1 ~]#ssh-keyscan -t dsa lb1 lb2 db1 db2 www1 www2
[root@lb1 ~]#ssh-keyscan -t rsa lb1 lb2 db1 db2 www1 www2
Stop Unwanted services on all nodes.
[root@lb1 ~]# /etc/init/sendmail stop
[root@lb1 ~]# chkconfig --level 235 sendmail off
3. NTP configuration.
Run this command on all nodes & Make sure the ntp is installed on all nodes.
[root@lb1 ~]# rpm -qa | grep ntp
ntp-4.2.2p1-9.el5.centos
chkfontpath-1.10.1-1.1
[root@lb1 ~]#
[root@lb1 ~]# vim /etc/ntp.conf ###Configuration for NTP server###
restrict 127.0.0.1
server 127.127.1.0 # local clock
save & quit
[root@lb1 ~]#
[root@lb1 ~]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@lb1 ~]#
Clinet side configuration
[root@db2 /]# vim /etc/ntp.conf
#restrict 127.0.0.1
#restrict -6 ::1
server 10.0.0.1 ##Put Server IP here##
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
save & quit
[root@db2 /]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
Starting ntpd: [ OK ]
[root@db2 /]#
[root@db2 /]#
[root@db2 /]# ntpdate -u 10.0.0.1
16 Jul 11:55:34 ntpdate[12101]: step time server 10.0.0.1 offset -3.069414 sec
[root@db2 /]#
Copy this file /etc/ntp.conf on all 4 nodes .i.e www1 www2 db1 db2 and restart the ntp service on those nodes.
Run this command on all nodes.
[root@db2 /]# ntpdate -u 10.0.0.1
LVS Setup configuration on LB1 and LB2
We need to install Piranha package it will automaticaly instll pulse,ipvsadm,nanny
install piranha on both nodes
[root@lb1 ~]# yum install piranha -y
[root@lb2 ~]# yum install piranha -y
[root@lb1 ~]# vim /etc/sysconfig/ha/lvs.cf
serial_no = 14
primary = 10.0.0.1
service = lvs
rsh_command = ssh
backup_active = 1
backup = 10.0.0.2
heartbeat = 1
heartbeat_port = 1050
keepalive = 2
deadtime = 10
network = direct ### use nat if nating method is used ###
debug_level = NONE
monitor_links = 1
virtual server1 {
active = 1
address = 10.0.0.3 eth0:1
port = 80
send = "GET / HTTP/1.1\r\n\r\n"
expect = "HTTP"
load_monitor = uptime
scheduler = rr
protocol = tcp
timeout = 10
reentry = 180
quiesce_server = 0
server www1 {
address = 10.0.0.30
active = 1
weight = 1
}
server www2 {
address = 10.0.0.40
active = 1
weight = 1
}
}
save & exit
[root@lb1 ~]# scp /etc/sysconfig/ha/lvs.cf lb2:/etc/sysconfig/ha/
[root@lb1 ~]# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
save & exit
[root@lb1 ~]# scp /etc/sysctl.conf lb2:/etc/
Run this command on both nodes
[root@lb1 ~]# [root@lb1 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[root@lb1 ~]#
Before starting service pulse start httpd on both web servers.
[root@www1 ~]#/etc/init.d/httpd start
[root@www1 ~]#/etc/init.d/httpd start
Start pulse service on both lvs/LoadBalancer servers
[root@lb1 ~]# /etc/init.d/pulse start
Starting pulse:
[root@lb1 ~]#
[root@lb1 ~]# /etc/init.d/pulse restart
Shutting down pulse: [ OK ]
Starting pulse: [ OK ]
[root@lb1 ~]# tail -f /var/log/messages
Jul 16 12:24:18 lb1 pulse[6363]: STARTING PULSE AS MASTER
Jul 16 12:24:28 lb1 pulse[6363]: partner dead: activating lvs
Jul 16 12:24:28 lb1 avahi-daemon[2940]: Registering new address record for 10.0.0.3 on eth0.
Jul 16 12:24:28 lb1 lvs[6367]: starting virtual service server1 active: 80
Jul 16 12:24:28 lb1 nanny[6376]: starting LVS client monitor for 10.0.0.3:80
Jul 16 12:24:28 lb1 lvs[6367]: create_monitor for server1/www1 running as pid 6376
Jul 16 12:24:28 lb1 nanny[6377]: starting LVS client monitor for 10.0.0.3:80
Jul 16 12:24:28 lb1 lvs[6367]: create_monitor for server1/www2 running as pid 6377
Jul 16 12:24:28 lb1 nanny[6376]: [ active ] making 10.0.0.30:80 available
Jul 16 12:24:28 lb1 nanny[6377]: [ active ] making 10.0.0.40:80 available
Jul 16 12:24:33 lb1 pulse[6369]: gratuitous lvs arps finished
it seems good now our pulse is working fine.
3. Web servers configuration On both servers.
[root@www1 ~]# yum install httpd php php-mysql php-gd
[root@www1 ~]# yum install arptables_jf
[root@www1 ~]#echo "Babar Zahoor
RHCE" > /var/www/html/test.html
[root@www2 ~]#echo "Muhammad Farrukh Siddique
LPIC" > /var/www/html/test.html
For both server we need to configure the Loopback interface
[root@www1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=10.0.0.3
NETMASK=255.255.255.255
NETWORK=10.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=10.255.255.255
ONBOOT=yes
NAME=loopback
[root@www1 ~]#
[root@www1 ~]#ifup lo:0
[root@www2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=10.0.0.3
NETMASK=255.255.255.255
NETWORK=10.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=10.255.255.255
ONBOOT=yes
NAME=loopback
[root@www2 ~]#
[root@www2 ~]# ifup lo:0
on both real servers
[root@www1 ~]#arptables -A IN -d 10.0.0.3 -j DROP
[root@www1 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.1
[root@www1 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.2
[root@www1 ~]#
[root@www1 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[root@www1 ~]#
[root@www2 ~]#arptables -A IN -d 10.0.0.3 -j DROP
[root@www2 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.1
[root@www2 ~]#arptables -A OUT -d 10.0.0.3 -j mangle --mangle-ip-s 10.0.0.2
[root@www2 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[root@www2 ~]#
We need to tell system to up lo:0 every time at boot.
[root@www1 ~]# echo "ifup lo:0" > /etc/rc.local
[root@www2 ~]# echo "ifup lo:0" > /etc/rc.local
Here we need to test the setup is working fine here we have two lvs and webservers
this command will show about the connections.
[root@lb1 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP www.linuxurducbts.com:ht rr
-> www2.linuxurducbts.com:h Route 1 0 0
-> www1.linuxurducbts.com:h Route 1 0 0
[root@lb1 ~]#
[root@lb1 ~]# watch ipvsadm -Lcn
Configuration of Drbd & Heartbeat on Both database servers
Here we need to configure partitions on both servers
PARTITION SETUP On Both Servers.
Partion setup on both server identical same with fdisk
We have 4GB disks on both servers.
Partition Setup for Cluster Servers
We need to create LVM partition
[root@db1 ~]# fdisk -l
[root@db1 ~]# fdisk /dev/sdb
[root@db1 ~]# fdisk /dev/sd
sda sda1 sda2 sdb sdb1
[root@db2 ~]# fdisk /dev/sdb
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 522 4192933+ 8e Linux LVM
Command (m for help): d
Selected partition 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-522, default 522): +4000M
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 83 Linux
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 8e Linux LVM
Command (m for help):
Command (m for help): w
[root@db1 ~]# partprobe
Create Physical Volume for LVM this is second step for LVM partition.
[root@db1 ~]# pvcreat /dev/sdb1 /dev/sdb2
Create Volume Group with this command
[root@db1 ~]# vgcreate vgdb /dev/sdb1
Create Logical volume partition
[root@db1 ~]# lvcreate -L +1000M -n /dev/mapper/vgdb/lvdb
[root@db1 ~]# lvcreate -L +256M -n /dev/mapper/vgdb/lvmeta
Note: Create LVM on Both servers identical same ...................
install drbd and configure it.
[root@db1 ~]# yum install drbd82 kmod-drbd82 -y
[root@db2 ~]# yum install drbd82 kmod-drbd82 -y
[root@db1 ~]modprobe drbd
[root@db2 ~]modprobe drbd
[root@db1 ~]echo "modprobe drbd" > /etc/rc.local
[root@db2 ~]echo "modprobe drbd" > /etc/rc.local
[root@db1 ~]#vim /etc/drbd.conf
global {
usage-count yes;
}
common {
syncer { rate 10M; }
}
resource r0 {
protocol C;
handlers {
pri-on-incon-degr "echo o > /proc/sysrq-trigger ; halt -f";
pri-lost-after-sb "echo o > /proc/sysrq-trigger ; halt -f";
local-io-error "echo o > /proc/sysrq-trigger ; halt -f";
outdate-peer "/usr/lib/heartbeat/drbd-peer-outdater -t 5";
}
startup {
}
disk {
on-io-error detach;
}
net {
after-sb-0pri disconnect;
after-sb-1pri disconnect;
after-sb-2pri disconnect;
rr-conflict disconnect;
}
syncer {
rate 10M;
al-extents 257;
}
on db1.linuxurducbts.com {
device /dev/drbd0;
disk /dev/vgdb/lvdb;
address 10.0.0.50:7788;
meta-disk /dev/vgdb/lvmeta[1];
}
on db2.linuxurducbts.com {
device /dev/drbd0;
disk /dev/vgdb/lvdb;
address 10.0.0.51:7788;
meta-disk /dev/vgdb/lvmeta[1];
}
}
save & exit
[root@db1 ~]#scp /etc/drbd.conf lb2:/etc/
[root@db1 ~]#vi /etc/sysctl.conf
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
save & quit
[root@db1 ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[root@db1 ~]#
save it........
[root@db1 ~]#
[root@db1 ~]# scp /etc/drbd.conf db2:/etc/drbd.conf
We need to run module on both servers to run drbd
Load DRBD module both nodes:
[root@db1 ~]# modprobe drbd
[root@db1 ~]# echo "modprobe drbd" >> /etc/rc.local
[root@db2 ~]# modprobe drbd
[root@db2 ~]# echo "modprobe drbd" >> /etc/rc.local
##### run this on both servers ######
[root@db1 ~]#drbdadm create-md r0
[root@db2 ~]#drbdadm create-md r0
[root@db1 ~]#drbdadm attach r0
[root@db2 ~]#drbdadm attach r0
[root@db1 ~]#drbdadm syncer r0
[root@db2 ~]#drbdadm syncer r0
[root@db1 ~]#drbdadm connect r0
[root@db2 ~]#drbdadm connect r0
On Primary Node only
[root@db1 ~]#drbdadm -- --overwrite-data-of-peer primary r0
On both Nodes:
[root@db1 ~]#drbdadm up all
[root@db2 ~]#drbdadm up all
On Primary Node only
[root@db1 ~]#drbdadm -- primary all #### ON Node one Only ####
[root@db1 ~]#watch cat /proc/drbd
only on db1 ########## Primary Node ########
[root@db1 ~]#mkfs.ext3 /dev/drbd0
[root@db1 ~]#mkdir /data/
[root@db1 ~]#mount /dev/drbd0 /data/
[root@db1 ~]#
[root@db1 ~]# df -hk
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
5967432 2625468 3033948 47% /
/dev/sda1 101086 12074 83793 13% /boot
tmpfs 257720 0 257720 0% /dev/shm
/dev/drbd0 4031516 107600 3719128 3% /data
[root@db1 ~]#
[root@db1 ~]# umount /dev/drbd0 /data
Note: HeartBeat will automatically handle this.
On db2 ####### Secondry Node #######
[root@db2 ~]#mkdir /data
Heartbeat Setup:
================
Install heartbeat package using yum
Note: Internet connection is required or configure yum repository on your local machine with extras.
[root@db1 ~]#yum install -y heartbeat heartbeat-pils heartbeat-stonith heartbeat-devel
[root@db1 ~]#vim /etc/ha.d/ha.cf ## Create this file and copy this text ##
logfacility local0
keepalive 2
#deadtime 30 # USE THIS!!!
deadtime 10
# we use two heartbeat links, eth2 and serial 0
bcast eth0
#serial /dev/ttyS0
baud 19200
auto_failback off
node db1.linuxurducbts.com
node db2.linuxurducbts.com
save & quit.
Server db1
[root@db1 ~]#vi /etc/ha.d/haresources
db1 IPaddr::10.0.0.190/8/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 mysql
Server db2:
[root@db2 ~]#vi /etc/ha.d/haresources
db2 IPaddr::10.0.0.190/8/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 mysql
On Both Servers:
[root@db1 ~]#vi /etc/ha.d/authkeys
auth 3
3 md5 redhat ######### Use Long name as password #########
both NODE:
[root@db1 ~]#chmod 600 /etc/ha.d/authkeys
[root@db1 ~]#scp /etc/ha.d/authkeys db2:/etc/ha.d/authkeys
[root@db1 ~]#chkconfig --level 235 heartbeat on
Note: if you have problem mounting /dev/drbd0 on /data then run these commands to check the status if you found the drbddisk stopped then start it.
Mysql Configuration.
cp /etc/my.cnf /etc/my.cnf.orig
vi /etc/my.cnf
[mysqld]
# datadir=/var/lib/mysql
datadir=/data/mysql
#socket=/var/lib/mysql/mysql.sock
socket=/data/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
[mysql.server]
user=mysql
#basedir=/var/lib
basedir=/data
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[mysql]
socket=/data/mysql/mysql.sock
Now it is time to add users/hosts to mysql server:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.0.0.30' IDENTIFIED BY 'redhat'
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'10.0.0.40' IDENTIFIED BY 'redhat'
mysql> FLUSH PRIVILEGES;
mysql>quit
Now we need to install joomla on both web servers
On Webserver 1
[root@www1 /]# yum install php php-mysql php-gd -y
[root@www1 ~]# ls
anaconda-ks.cfg Desktop install.log install.log.syslog Joomla_1.5.13-Stable-Full_Package
[root@www1 ~]# cd Joomla_1.5.13-Stable-Full_Package/
[root@www1 Joomla_1.5.13-Stable-Full_Package]# ls
[root@www1 Joomla_1.5.13-Stable-Full_Package]# cp -avr * /var/www/html/
[root@www1 Joomla_1.5.13-Stable-Full_Package]# cd /var/www/html/
[root@www1 html]# ls
[root@www1 html]# cd ..
[root@www1 www]# ls
cgi-bin error html icons
[root@www1 www]# chown apache:apache html/ -R
[root@www1 www]#
[root@www1 www]# ls
cgi-bin error html icons
[root@www1 www]# cd html/
[root@www1 html]# ll
[root@www1 html]#
Now open internet explorer then open
http://10.0.0.30
Install Joomla follow the steps and give required information.
In Database section give
Host 10.0.0.190 IP use MySQL as database.
user root
passwdor redhat
database joomla
Must check install sample data.
Copy all the joomla code on www2
[root@www1 html]# scp -r * www2:/var/www/html/
We need to open this file and edit it on line 391 add index.php
[root@www1 html]#vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.html index.html.var index.php
save & quit
[root@www1 /]#
[root@www1 ~]# scp /etc/httpd/conf/httpd.conf www2:/etc/httpd/conf/
httpd.conf 100% 33KB 32.9KB/s 00:00
[root@www1 ~]#
[root@www1 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@www1 ~]#
On Web Server 2
[root@www2 html]# chown apache:apache * -R
[root@www2 html]# ll
[root@www2 /]# yum install php php-mysql php-gd -y
[root@www2 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@www2 ~]#
Remeber that each machine(LVS+Real) must have default gw the ip of router connected to these servers
[root@www1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 10.0.0.20 0.0.0.0 UG 0 0 0 eth0
[root@www1 ~]#
Now you can test all the network by accessing web on http://10.0.0.3 or http://www.LinuxUrudCBTs.com
[root@lb1 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP www.linuxurducbts.com:ht rr
-> www2.linuxurducbts.com:h Route 1 0 0
-> www1.linuxurducbts.com:h Route 1 0 0
[root@lb1 ~]#
[root@lb1 ~]# watch ipvsadm -Lcn
ALLHADULILLAH We have done it................
Tuesday, July 28, 2009
Load Balancer UrduCBT's By Babar Zahoor
Load Balancer using LVS, Highly Available MySQL using Drbd & HeartBeat.
Videos links are
http://babarzahoor.blip.tv
http://www.wbitt.com/contributed-cbts.html
Videos links are
http://babarzahoor.blip.tv
http://www.wbitt.com/contributed-cbts.html
Wednesday, July 8, 2009
User Management on Linux Part 2 URDU CBT by Babar Zahoor (RHCE)
User Management on Linux Part 2 URDU CBT by Babar Zahoor (RHCE)
User Management on Linux Part 1 URDU CBT by Babar Zahoor (RHCE)
User Management on Linux Part 1 URDU CBT by Babar Zahoor (RHCE)
Saturday, June 20, 2009
High Availability Cluster with DRBD & Heartbeat by Babar Zahoor Video Link
http://blip.tv/file/2264185/
Wednesday, June 17, 2009
High Availability Cluster with DRBD & Heartbeat
Created By Babar Zahoor (RHCE 5.0)
HA High Avalibility with DRBD & Heart Beat.
#### This How To belongs to My video on High Availability with drbd and heartbeat ####
OS CentOS 5.3 on both machines.
We will setup for Transparent squid on High Availability Cluster.
Packages are available on CentOS extras repository.
Our Scenario
We have two servers
baber 192.168.1.50 Primary server
farrukh 192.168.1.60 Secondry server
Setup for ip to name resolve ## we don't have DNS we need this step ##
Basic Setup Configuration.
[root@baber ~]# vim /etc/hosts
192.168.1.50 baber
192.168.1.60 farrukh
save & exit
[root@baber ~]# ping baber
PING baber (192.168.1.50) 56(84) bytes of data.
64 bytes from baber (192.168.1.50): icmp_seq=1 ttl=64 time=4.15 ms
64 bytes from baber (192.168.1.50): icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from baber (192.168.1.50): icmp_seq=3 ttl=64 time=1.88 ms
[1]+ Stopped ping baber
[root@baber ~]# ping farrukh
PING farrukh (192.168.1.60) 56(84) bytes of data.
64 bytes from farrukh (192.168.1.60): icmp_seq=1 ttl=64 time=1.32 ms
64 bytes from farrukh (192.168.1.60): icmp_seq=2 ttl=64 time=0.523 ms
64 bytes from farrukh (192.168.1.60): icmp_seq=3 ttl=64 time=1.79 ms
[2]+ Stopped ping farrukh
[root@baber ~]#
[root@baber ~]# scp /etc/hosts 192.168.1.60:/etc/hosts
On Node1 servers:
stop unwanted services on both servers
[root@baber ~]# /etc/init/sendmail stop
[root@baber ~]# chkconfig --level 235 sendmail off
[root@baber ~]# iptables -F
[root@baber ~]#service iptables save
[root@farrukh ~]# /etc/init/sendmail stop
[root@farrukh ~]# chkconfig --level 235 sendmail off
[root@farrukh ~]# iptables -F
[root@farrukh ~]#service iptables save
[root@baber ~]# rpm -qa | grep ntp
ntp-4.2.2p1-9.el5.centos.1
[root@baber ~]#
Then we need to open ntp server configuration file.
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
### Edited By Babar Zahoor Jun 16 2009 ###
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
########## for server use this and on clients comment this and use server serverIP ##################
server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
# driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
# Specify the key identifiers which are trusted.
# trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
# requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
keys /etc/ntp/keys
save quit.
[root@baber ~]#
[root@baber ~]# /etc/init.d/ntpd start
[root@baber ~]# chkconfig --level 235 ntpd on
[root@farrukh ~]# vim ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
#estrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.1.50 ### add this line on second server ###
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock ##### #####
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
save & exit
[root@farrukh ~]# /etc/init.d/ntpd start
[root@farrukh ~]# chkconfig --level 235 ntpd on
[root@farrukh ~]# ntpdate -u 192.168.1.50
[root@farrukh ~]# watch ntpq -p -n
[root@baber ~]# watch ntpq -p -n
PARTITION SETUP On Both Servers.
Partion setup on both server identical same with fdisk
We have 3GB disks on both servers.
Partition Setup for Cluster Servers
We need to create LVM partition
[root@baber ~]# fdisk -l
[root@baber ~]# fdisk /dev/sdb
[root@baber ~]# fdisk /dev/sd
sda sda1 sda2 sdb sdb1
[root@farrukh ~]# fdisk /dev/sdb
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 522 4192933+ 8e Linux LVM
Command (m for help): d
Selected partition 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-522, default 522): +4000M
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 83 Linux
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 8e Linux LVM
Command (m for help):
Command (m for help): w
[root@baber ~]# partprobe
Create Physical Volume for LVM this is second step for LVM partition.
[root@baber ~]# pvcreat /dev/sdb1
Create Volume Group with this command
[root@baber ~]# vgcreate vgdrbd /dev/sdb1
Create Logical volume partition
[root@baber ~]# lvcreate -n lvdrbd /dev/mapper/vgdrbd -L +4000M
Note: Create LVM on Both servers identical same ...................
add these three values in sysctl.conf
[root@baber ~]#vi /etc/sysctl.conf
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
save & quit
[root@baber ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[root@baber ~]#
DRBD Setup
==========
Install drbd82 & kmod-drbd82 rpms using yum command.
[root@baber ~]#yum install -y drbd82 kmod-drbd82
open /etc/drbd.conf
[root@baber ~]#vim /etc/drbd.conf
global {
usage-count yes;
}
common {
syncer { rate 10M; }
}
resource r0 {
protocol C;
handlers {
pri-on-incon-degr "echo o > /proc/sysrq-trigger ; halt -f";
pri-lost-after-sb "echo o > /proc/sysrq-trigger ; halt -f";
local-io-error "echo o > /proc/sysrq-trigger ; halt -f";
outdate-peer "/usr/lib/heartbeat/drbd-peer-outdater -t 5";
}
startup {
}
disk {
on-io-error detach;
}
net {
after-sb-0pri disconnect;
after-sb-1pri disconnect;
after-sb-2pri disconnect;
rr-conflict disconnect;
}
syncer {
rate 10M;
al-extents 257;
}
on baber {
device /dev/drbd0;
disk /dev/VGdrbd/lvdrbd;
address 192.168.1.50:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/VGdrbd/lvdrbd;
address 192.168.1.60:7788;
meta-disk internal;
}
}
save it........
[root@baber ~]#
[root@baber ~]# scp /etc/drbd.conf farrukh:/etc/drbd.conf
We need to run module on both servers to run drbd
Load DRBD module both nodes:
[root@baber ~]# modprobe drbd
[root@baber ~]# echo "modprobe drbd" >> /etc/rc.local
[root@farrukh ~]# modprobe drbd
[root@farrukh ~]# echo "modprobe drbd" >> /etc/rc.local
##### run this on both servers ######
[root@baber ~]#drbdadm create-md r0
[root@farrukh ~]#drbdadm create-md r0
[root@baber ~]#drbdadm attach r0
[root@farrukh ~]#drbdadm attach r0
[root@baber ~]#drbdadm syncer r0
[root@farrukh ~]#drbdadm syncer r0
[root@baber ~]#drbdadm connect r0
[root@farrukh ~]#drbdadm connect r0
On Primary Node only
[root@baber ~]#drbdadm -- --overwrite-data-of-peer primary r0
On both Nodes:
[root@baber ~]#drbdadm up all
[root@farrukh ~]#drbdadm up all
On Primary Node only
[root@baber ~]#drbdadm -- primary all #### ON Node one Only ####
[root@baber ~]#watch cat /proc/drbd
only on baber ########## Primary Node ########
[root@baber ~]#mkfs.ext3 /dev/drbd0
[root@baber ~]#mkdir /data/
[root@baber ~]#mount /dev/drbd0 /data/
[root@baber ~]#
[root@baber ~]# df -hk
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
5967432 2625468 3033948 47% /
/dev/sda1 101086 12074 83793 13% /boot
tmpfs 257720 0 257720 0% /dev/shm
/dev/drbd0 4031516 107600 3719128 3% /data
[root@baber ~]#
On farrukh ####### Secondry Node #######
[root@farrukh ~]#mkdir /data
Heartbeat Setup:
================
Install heartbeat package using yum
Note: Internet connection is required or configure yum repository on your local machine with extras.
[root@baber ~]#yum install -y heartbeat heartbeat-pils heartbeat-stonith heartbeat-devel
[root@baber ~]#vim /etc/ha.d/ha.cf ## Create this file and copy this text ##
logfacility local0
keepalive 2
#deadtime 30 # USE THIS!!!
deadtime 10
# we use two heartbeat links, eth2 and serial 0
bcast eth0 ####### We can use eth1 instead of eth0 it's better option ########
#serial /dev/ttyS0
baud 19200
auto_failback on ################## Active Active state #################
node baber
node farrukh
save & quit.
Server Baber
[root@baber ~]#vi /etc/ha.d/haresources
baber IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
Server farrukh:
[root@farrukh ~]#vi /etc/ha.d/haresources
farrukh IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
On Both Servers:
[root@baber ~]#vi /etc/ha.d/authkeys
auth 3
3 md5 redhat ######### Use Long name as password #########
both NODE:
[root@baber ~]#chmod 600 /etc/ha.d/authkeys
[root@baber ~]#scp /etc/ha.d/authkeys farrukh:/etc/ha.d/authkeys
[root@baber ~]#chkconfig --level 235 heartbeat on
Note: if you have problem mounting /dev/drbd0 on /data then run these commands to check the status if you found the drbddisk stopped then start it.
[root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 status
[root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 start
[root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 restart
[root@baber data]# service drbd status
drbd driver loaded OK; device status:
version: 8.0.13 (api:86/proto:86)
GIT-hash: ee3ad77563d2e87171a3da17cc002ddfd1677dbe build by buildsvn@c5-i386-build, 2008-10-02 13:31:44
m:res cs st ds p mounted fstype
0:r0 Connected Primary/Secondary UpToDate/UpToDate C /data ext3
we can see that servers are in Primary/Secondary state and working well with /data directory mounted.
To takeover the machine baber to node2 forcefully.
[root@baber ~]#/usr/lib/heartbeat/hb_takeover
Transparent Squid Configuration on both servers.
[root@baber ~]#vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 #### If it is 0 make it 1 for packet forwarding ####
save it
then
[root@baber ~]#scp /etc/sysctl.conf farrukh:/etc/sysctl.conf
[root@baber ~]#sysctl -p
[root@farrukh ~]# sysctl -p
[root@baber ~]#yum install -y squid
[root@baber ~]#vim /etc/squid/squid.conf
search these options using / and edit as required
http_port 3128 transparent
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
cache_dir ufs /data/squid 1000 32 256 ##### cache directories must be at /data/squid #####
visible_hostname squid.ha-cluster.com
save & exit
[root@baber ~]# cd /data
[root@baber ~]# mkdir squid
[root@baber ~]# chown squid:squid squid
Note: This is required on only primary server i.e baber
[root@baber ~]#scp /etc/squid/squid.conf farrukh:/etc/squid/squid.conf
[root@baber ~]#iptables -F
[root@baber ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
[root@baber ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@baber ~]#service iptables save
[root@farrukh ~]#iptables -F
[root@farrukh ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
[root@farrukh ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@farrukh ~]#service iptables save
On both servers
[root@baber ~]#/etc/init/heartbeat start
[root@baber ~]#ifconfig
[root@baber ~]#tail -f /var/log/squid/access.log
[root@farrukh ~]#/etc/init/heartbeat start
[root@farrukh ~]#ifconfig
Note: We must use VIP/Service IP which we define in heartbeat i.e. 192.168.1.190 as default gateway IP for accessing the internet transparently.
ALHAMDULILLAH We have Done it.............
HA High Avalibility with DRBD & Heart Beat.
#### This How To belongs to My video on High Availability with drbd and heartbeat ####
OS CentOS 5.3 on both machines.
We will setup for Transparent squid on High Availability Cluster.
Packages are available on CentOS extras repository.
Our Scenario
We have two servers
baber 192.168.1.50 Primary server
farrukh 192.168.1.60 Secondry server
Setup for ip to name resolve ## we don't have DNS we need this step ##
Basic Setup Configuration.
[root@baber ~]# vim /etc/hosts
192.168.1.50 baber
192.168.1.60 farrukh
save & exit
[root@baber ~]# ping baber
PING baber (192.168.1.50) 56(84) bytes of data.
64 bytes from baber (192.168.1.50): icmp_seq=1 ttl=64 time=4.15 ms
64 bytes from baber (192.168.1.50): icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from baber (192.168.1.50): icmp_seq=3 ttl=64 time=1.88 ms
[1]+ Stopped ping baber
[root@baber ~]# ping farrukh
PING farrukh (192.168.1.60) 56(84) bytes of data.
64 bytes from farrukh (192.168.1.60): icmp_seq=1 ttl=64 time=1.32 ms
64 bytes from farrukh (192.168.1.60): icmp_seq=2 ttl=64 time=0.523 ms
64 bytes from farrukh (192.168.1.60): icmp_seq=3 ttl=64 time=1.79 ms
[2]+ Stopped ping farrukh
[root@baber ~]#
[root@baber ~]# scp /etc/hosts 192.168.1.60:/etc/hosts
On Node1 servers:
stop unwanted services on both servers
[root@baber ~]# /etc/init/sendmail stop
[root@baber ~]# chkconfig --level 235 sendmail off
[root@baber ~]# iptables -F
[root@baber ~]#service iptables save
[root@farrukh ~]# /etc/init/sendmail stop
[root@farrukh ~]# chkconfig --level 235 sendmail off
[root@farrukh ~]# iptables -F
[root@farrukh ~]#service iptables save
[root@baber ~]# rpm -qa | grep ntp
ntp-4.2.2p1-9.el5.centos.1
[root@baber ~]#
Then we need to open ntp server configuration file.
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
### Edited By Babar Zahoor Jun 16 2009 ###
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
########## for server use this and on clients comment this and use server serverIP ##################
server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
# driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
# Specify the key identifiers which are trusted.
# trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
# requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
keys /etc/ntp/keys
save quit.
[root@baber ~]#
[root@baber ~]# /etc/init.d/ntpd start
[root@baber ~]# chkconfig --level 235 ntpd on
[root@farrukh ~]# vim ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
#estrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.1.50 ### add this line on second server ###
#server 0.centos.pool.ntp.org
#server 1.centos.pool.ntp.org
#server 2.centos.pool.ntp.org
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock ##### #####
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
save & exit
[root@farrukh ~]# /etc/init.d/ntpd start
[root@farrukh ~]# chkconfig --level 235 ntpd on
[root@farrukh ~]# ntpdate -u 192.168.1.50
[root@farrukh ~]# watch ntpq -p -n
[root@baber ~]# watch ntpq -p -n
PARTITION SETUP On Both Servers.
Partion setup on both server identical same with fdisk
We have 3GB disks on both servers.
Partition Setup for Cluster Servers
We need to create LVM partition
[root@baber ~]# fdisk -l
[root@baber ~]# fdisk /dev/sdb
[root@baber ~]# fdisk /dev/sd
sda sda1 sda2 sdb sdb1
[root@farrukh ~]# fdisk /dev/sdb
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 522 4192933+ 8e Linux LVM
Command (m for help): d
Selected partition 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-522, default 522): +4000M
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 83 Linux
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
Command (m for help): p
Disk /dev/sdb: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 487 3911796 8e Linux LVM
Command (m for help):
Command (m for help): w
[root@baber ~]# partprobe
Create Physical Volume for LVM this is second step for LVM partition.
[root@baber ~]# pvcreat /dev/sdb1
Create Volume Group with this command
[root@baber ~]# vgcreate vgdrbd /dev/sdb1
Create Logical volume partition
[root@baber ~]# lvcreate -n lvdrbd /dev/mapper/vgdrbd -L +4000M
Note: Create LVM on Both servers identical same ...................
add these three values in sysctl.conf
[root@baber ~]#vi /etc/sysctl.conf
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
save & quit
[root@baber ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[root@baber ~]#
DRBD Setup
==========
Install drbd82 & kmod-drbd82 rpms using yum command.
[root@baber ~]#yum install -y drbd82 kmod-drbd82
open /etc/drbd.conf
[root@baber ~]#vim /etc/drbd.conf
global {
usage-count yes;
}
common {
syncer { rate 10M; }
}
resource r0 {
protocol C;
handlers {
pri-on-incon-degr "echo o > /proc/sysrq-trigger ; halt -f";
pri-lost-after-sb "echo o > /proc/sysrq-trigger ; halt -f";
local-io-error "echo o > /proc/sysrq-trigger ; halt -f";
outdate-peer "/usr/lib/heartbeat/drbd-peer-outdater -t 5";
}
startup {
}
disk {
on-io-error detach;
}
net {
after-sb-0pri disconnect;
after-sb-1pri disconnect;
after-sb-2pri disconnect;
rr-conflict disconnect;
}
syncer {
rate 10M;
al-extents 257;
}
on baber {
device /dev/drbd0;
disk /dev/VGdrbd/lvdrbd;
address 192.168.1.50:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/VGdrbd/lvdrbd;
address 192.168.1.60:7788;
meta-disk internal;
}
}
save it........
[root@baber ~]#
[root@baber ~]# scp /etc/drbd.conf farrukh:/etc/drbd.conf
We need to run module on both servers to run drbd
Load DRBD module both nodes:
[root@baber ~]# modprobe drbd
[root@baber ~]# echo "modprobe drbd" >> /etc/rc.local
[root@farrukh ~]# modprobe drbd
[root@farrukh ~]# echo "modprobe drbd" >> /etc/rc.local
##### run this on both servers ######
[root@baber ~]#drbdadm create-md r0
[root@farrukh ~]#drbdadm create-md r0
[root@baber ~]#drbdadm attach r0
[root@farrukh ~]#drbdadm attach r0
[root@baber ~]#drbdadm syncer r0
[root@farrukh ~]#drbdadm syncer r0
[root@baber ~]#drbdadm connect r0
[root@farrukh ~]#drbdadm connect r0
On Primary Node only
[root@baber ~]#drbdadm -- --overwrite-data-of-peer primary r0
On both Nodes:
[root@baber ~]#drbdadm up all
[root@farrukh ~]#drbdadm up all
On Primary Node only
[root@baber ~]#drbdadm -- primary all #### ON Node one Only ####
[root@baber ~]#watch cat /proc/drbd
only on baber ########## Primary Node ########
[root@baber ~]#mkfs.ext3 /dev/drbd0
[root@baber ~]#mkdir /data/
[root@baber ~]#mount /dev/drbd0 /data/
[root@baber ~]#
[root@baber ~]# df -hk
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
5967432 2625468 3033948 47% /
/dev/sda1 101086 12074 83793 13% /boot
tmpfs 257720 0 257720 0% /dev/shm
/dev/drbd0 4031516 107600 3719128 3% /data
[root@baber ~]#
On farrukh ####### Secondry Node #######
[root@farrukh ~]#mkdir /data
Heartbeat Setup:
================
Install heartbeat package using yum
Note: Internet connection is required or configure yum repository on your local machine with extras.
[root@baber ~]#yum install -y heartbeat heartbeat-pils heartbeat-stonith heartbeat-devel
[root@baber ~]#vim /etc/ha.d/ha.cf ## Create this file and copy this text ##
logfacility local0
keepalive 2
#deadtime 30 # USE THIS!!!
deadtime 10
# we use two heartbeat links, eth2 and serial 0
bcast eth0 ####### We can use eth1 instead of eth0 it's better option ########
#serial /dev/ttyS0
baud 19200
auto_failback on ################## Active Active state #################
node baber
node farrukh
save & quit.
Server Baber
[root@baber ~]#vi /etc/ha.d/haresources
baber IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
Server farrukh:
[root@farrukh ~]#vi /etc/ha.d/haresources
farrukh IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
On Both Servers:
[root@baber ~]#vi /etc/ha.d/authkeys
auth 3
3 md5 redhat ######### Use Long name as password #########
both NODE:
[root@baber ~]#chmod 600 /etc/ha.d/authkeys
[root@baber ~]#scp /etc/ha.d/authkeys farrukh:/etc/ha.d/authkeys
[root@baber ~]#chkconfig --level 235 heartbeat on
Note: if you have problem mounting /dev/drbd0 on /data then run these commands to check the status if you found the drbddisk stopped then start it.
[root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 status
[root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 start
[root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 restart
[root@baber data]# service drbd status
drbd driver loaded OK; device status:
version: 8.0.13 (api:86/proto:86)
GIT-hash: ee3ad77563d2e87171a3da17cc002ddfd1677dbe build by buildsvn@c5-i386-build, 2008-10-02 13:31:44
m:res cs st ds p mounted fstype
0:r0 Connected Primary/Secondary UpToDate/UpToDate C /data ext3
we can see that servers are in Primary/Secondary state and working well with /data directory mounted.
To takeover the machine baber to node2 forcefully.
[root@baber ~]#/usr/lib/heartbeat/hb_takeover
Transparent Squid Configuration on both servers.
[root@baber ~]#vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 #### If it is 0 make it 1 for packet forwarding ####
save it
then
[root@baber ~]#scp /etc/sysctl.conf farrukh:/etc/sysctl.conf
[root@baber ~]#sysctl -p
[root@farrukh ~]# sysctl -p
[root@baber ~]#yum install -y squid
[root@baber ~]#vim /etc/squid/squid.conf
search these options using / and edit as required
http_port 3128 transparent
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
cache_dir ufs /data/squid 1000 32 256 ##### cache directories must be at /data/squid #####
visible_hostname squid.ha-cluster.com
save & exit
[root@baber ~]# cd /data
[root@baber ~]# mkdir squid
[root@baber ~]# chown squid:squid squid
Note: This is required on only primary server i.e baber
[root@baber ~]#scp /etc/squid/squid.conf farrukh:/etc/squid/squid.conf
[root@baber ~]#iptables -F
[root@baber ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
[root@baber ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@baber ~]#service iptables save
[root@farrukh ~]#iptables -F
[root@farrukh ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
[root@farrukh ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@farrukh ~]#service iptables save
On both servers
[root@baber ~]#/etc/init/heartbeat start
[root@baber ~]#ifconfig
[root@baber ~]#tail -f /var/log/squid/access.log
[root@farrukh ~]#/etc/init/heartbeat start
[root@farrukh ~]#ifconfig
Note: We must use VIP/Service IP which we define in heartbeat i.e. 192.168.1.190 as default gateway IP for accessing the internet transparently.
ALHAMDULILLAH We have Done it.............
Wednesday, May 27, 2009
Samba Configuration
[root@example ~]#
[root@example ~]# yum install samba-*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.nsc.liu.se
* updates: centosh.centos.org
* addons: centosh.centos.org
* extras: centosb2.centos.org
base
| 1.1 kB 00:00
updates
| 951 B 00:00
primary.xml.gz
| 131 kB 00:00
updates 196/196
addons
| 951 B 00:00
extras
| 1.1 kB 00:00
Setting up Install Process
Parsing package install arguments
Package samba-common-3.0.33-3.7.el5.i386 already installed and latest version
Package samba-3.0.33-3.7.el5.i386 already installed and latest version
Package samba-client-3.0.33-3.7.el5.i386 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba-swat.i386 0:3.0.33-3.7.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================\
=============================================================================
Package Arch Version
Repository Size
================================================================================\
=============================================================================
Installing:
samba-swat i386
3.0.33-3.7.el5 base
8.2 M
Transaction Summary
================================================================================\
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 8.2 M
Is this ok [y/N]: y
Downloading Packages:
samba-swat-3.0.33-3.7.el5.i386.rpm
| 8.2 MB 00:52
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : samba-swat [1/1]
Installed: samba-swat.i386 0:3.0.33-3.7.el5
Complete!
[root@example ~]# vi /etc/samba/smb.conf
#======================= Global Settings =====================================
[global]
# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
#####Edit this line with your NT workgroup name ########
#####Edited By Baber Zahoor dated 20090805 ########
workgroup = Workgroup
server string = Samba Server Version %v
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
######## go to on end of file and add your share ###############
A publicly accessible directory, but read only, except for people in
# the "staff" group
[Share]
comment = Public Stuff
path = /Share #### This can be your own share path #####
public = yes
writable = yes
printable = no
valid users = baber amalik ### can be your user ########
write list = +staff #### this is group name you can add your own.####
wq!
for adding the users in smbpasswd file use this command.
Note: users must be added before adding them into smbpasswd file.
[root@example ~]# smbpasswd -a baber
New SMB password:
Retype new SMB password:
Added user baber.
[root@example ~]#
[root@example ~]# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@example ~]#
now you can access the samba shares from the WidowsXp pc's
if you have firewall installed on your Linux server kindly open the ports.
[root@example ~]# system-config-securitylevel
enable the samba option in the firewall INPUT tables for incoming request.
Kind Regards,
Babar Zahoor
RHCE 5.0
[root@example ~]# yum install samba-*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.nsc.liu.se
* updates: centosh.centos.org
* addons: centosh.centos.org
* extras: centosb2.centos.org
base
| 1.1 kB 00:00
updates
| 951 B 00:00
primary.xml.gz
| 131 kB 00:00
updates 196/196
addons
| 951 B 00:00
extras
| 1.1 kB 00:00
Setting up Install Process
Parsing package install arguments
Package samba-common-3.0.33-3.7.el5.i386 already installed and latest version
Package samba-3.0.33-3.7.el5.i386 already installed and latest version
Package samba-client-3.0.33-3.7.el5.i386 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba-swat.i386 0:3.0.33-3.7.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================\
=============================================================================
Package Arch Version
Repository Size
================================================================================\
=============================================================================
Installing:
samba-swat i386
3.0.33-3.7.el5 base
8.2 M
Transaction Summary
================================================================================\
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 8.2 M
Is this ok [y/N]: y
Downloading Packages:
samba-swat-3.0.33-3.7.el5.i386.rpm
| 8.2 MB 00:52
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : samba-swat [1/1]
Installed: samba-swat.i386 0:3.0.33-3.7.el5
Complete!
[root@example ~]# vi /etc/samba/smb.conf
#======================= Global Settings =====================================
[global]
# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
#####Edit this line with your NT workgroup name ########
#####Edited By Baber Zahoor dated 20090805 ########
workgroup = Workgroup
server string = Samba Server Version %v
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
######## go to on end of file and add your share ###############
A publicly accessible directory, but read only, except for people in
# the "staff" group
[Share]
comment = Public Stuff
path = /Share #### This can be your own share path #####
public = yes
writable = yes
printable = no
valid users = baber amalik ### can be your user ########
write list = +staff #### this is group name you can add your own.####
wq!
for adding the users in smbpasswd file use this command.
Note: users must be added before adding them into smbpasswd file.
[root@example ~]# smbpasswd -a baber
New SMB password:
Retype new SMB password:
Added user baber.
[root@example ~]#
[root@example ~]# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@example ~]#
now you can access the samba shares from the WidowsXp pc's
if you have firewall installed on your Linux server kindly open the ports.
[root@example ~]# system-config-securitylevel
enable the samba option in the firewall INPUT tables for incoming request.
Kind Regards,
Babar Zahoor
RHCE 5.0
Tuesday, May 26, 2009
How to implement ACL
ACL Access Control List
Linux operating system supports ACL option.
if we want to implement ACL option we have to specify in witch partition we
want to implement ACL
e.g. / we want to implement ACL in this partition.
1st of all open fstab file "Be careful this is file system table file"
vim /etc/fstab
LABEL=/ / ext3 defaults 1 1
LABEL=/usr /usr ext3 defaults 1 2
LABEL=/var /var ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-hda6 swap swap defaults 0 0
add acl option in the line where / partition information is written.
add acl option after defaults option.
e.g. defaults,acl
then save file and exit.
run command on shell
# mount -o remount /
getfacl command is used to implement ACL
-m for adding and editing ACL
-x for removing.
u for user or userid
g for group or groupid
e.g.
# setfacl -m u:baber:rwx /data/file
this command will gives rwx permissions to user baber on specified file.
"/data/file"
# setfacl -m g:baber:rwx /data/file
this command will gives rwx permissions to group baber on specified file.
"/data/file"
to check ACL
# getfacl /data/file
To remove ACL
setfacl -x u:baber
setfacl -x g:baber
Babar Zahoor
RHCE 5.0
Linux operating system supports ACL option.
if we want to implement ACL option we have to specify in witch partition we
want to implement ACL
e.g. / we want to implement ACL in this partition.
1st of all open fstab file "Be careful this is file system table file"
vim /etc/fstab
LABEL=/ / ext3 defaults 1 1
LABEL=/usr /usr ext3 defaults 1 2
LABEL=/var /var ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-hda6 swap swap defaults 0 0
add acl option in the line where / partition information is written.
add acl option after defaults option.
e.g. defaults,acl
then save file and exit.
run command on shell
# mount -o remount /
getfacl command is used to implement ACL
-m for adding and editing ACL
-x for removing.
u for user or userid
g for group or groupid
e.g.
# setfacl -m u:baber:rwx /data/file
this command will gives rwx permissions to user baber on specified file.
"/data/file"
# setfacl -m g:baber:rwx /data/file
this command will gives rwx permissions to group baber on specified file.
"/data/file"
to check ACL
# getfacl /data/file
To remove ACL
setfacl -x u:baber
setfacl -x g:baber
Babar Zahoor
RHCE 5.0
Useradd
In redhat linux we can add users with useradd command
# useradd username
to assign passwd we must use passwd command..
# passwd username
then specify passwd..........
information about all users will be saved in /etc/passwd file....
all passwords of the users must be saved in /etc/shadow in encrypted form...
all information about groups will saved in /etc/group file
we can add group using
# groupadd groupname
# useradd username
to assign passwd we must use passwd command..
# passwd username
then specify passwd..........
information about all users will be saved in /etc/passwd file....
all passwords of the users must be saved in /etc/shadow in encrypted form...
all information about groups will saved in /etc/group file
we can add group using
# groupadd groupname
Files and Directory Permissions
Written by Babar Zahoor RHCE 5.0
baber@wbitt.com
We have three types of permissions
read = r
write = w
execute = x
we can change permissions for three categories
owner = u
group = g
others = o
if run ls -l
we see
-rw------- 1 root root 1648 Mar 13 13:47 anaconda-ks.cfg
drwx------ 11 root root 4096 Mar 20 08:56 Desktop
-rw-r--r-- 1 root root 41065 Mar 13 13:46 install.log
-rw-r--r-- 1 root root 5891 Mar 13 13:46 install.log.syslog
drwxr-xr-x 3 root root 4096 Mar 18 23:47 ispconfig
drwxr-xr-x 37 root root 4096 Mar 20 08:25 mplayer
-rw-r--r-- 1 root root 224 Mar 14 18:48 scsrun.log
please see install.log
-rw-r--r-- 1 root root 41065 Mar 13 13:46 install.log
we see here
permissions
- 1st dash show this is file (if d then directory, if we see l then indicates
this is link file or shortcut)
rw- for owner of the file
r-- for the owner's group
r-- for all others then owner and it's group
chmod command is used to change the permissions
+ is use to add
- is use to remove
if we consider file for changing permissions.
example: chmod u+rwx,g+rw,o+rw file
We have another method to implement permissions.
Number System
r = 4
w = 2
x = 1
4+2+1 = rwx = 7 for owner or group or others means
777 for all of them
example: chmod 755 file (same for directories)
We have default permissions in the system
umask is the value which can change default permissions.
umask (to see the default permissions)
0022
please subtract 022 from 777 for directories permissions.
777
-022
-----
755
please subtract 022 from 666 for files permissions.
666
-022
-----
644
these 755, 644 are default permissions for the directories and files as well.
Thanks
baber@wbitt.com
We have three types of permissions
read = r
write = w
execute = x
we can change permissions for three categories
owner = u
group = g
others = o
if run ls -l
we see
-rw------- 1 root root 1648 Mar 13 13:47 anaconda-ks.cfg
drwx------ 11 root root 4096 Mar 20 08:56 Desktop
-rw-r--r-- 1 root root 41065 Mar 13 13:46 install.log
-rw-r--r-- 1 root root 5891 Mar 13 13:46 install.log.syslog
drwxr-xr-x 3 root root 4096 Mar 18 23:47 ispconfig
drwxr-xr-x 37 root root 4096 Mar 20 08:25 mplayer
-rw-r--r-- 1 root root 224 Mar 14 18:48 scsrun.log
please see install.log
-rw-r--r-- 1 root root 41065 Mar 13 13:46 install.log
we see here
permissions
- 1st dash show this is file (if d then directory, if we see l then indicates
this is link file or shortcut)
rw- for owner of the file
r-- for the owner's group
r-- for all others then owner and it's group
chmod command is used to change the permissions
+ is use to add
- is use to remove
if we consider file for changing permissions.
example: chmod u+rwx,g+rw,o+rw file
We have another method to implement permissions.
Number System
r = 4
w = 2
x = 1
4+2+1 = rwx = 7 for owner or group or others means
777 for all of them
example: chmod 755 file (same for directories)
We have default permissions in the system
umask is the value which can change default permissions.
umask (to see the default permissions)
0022
please subtract 022 from 777 for directories permissions.
777
-022
-----
755
please subtract 022 from 666 for files permissions.
666
-022
-----
644
these 755, 644 are default permissions for the directories and files as well.
Thanks
Basic Commands
Some basic commands
cat
ls
head
tail
man
touch
mkdir
cd
less
more
grep
also see switches with --help or man or info command
please run these commands and post your views.............
Babar Zahoor
cat
ls
head
tail
man
touch
mkdir
cd
less
more
grep
also see switches with --help or man or info command
please run these commands and post your views.............
Babar Zahoor
Squid Transparent configuration
Please follow these steps you will INSHA ALLAH configure the squid with
transparent option.....
You can also you dhcpd server for ip assigning.
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
save & quit
vim /etc/squid/squid.conf
###......please enable these options......###
http_port 3128 transparent
acl our_networks src 192.168.1.0/24
http_access allow our_networks
cache_mem 16M
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
store_log /var/log/squid/store.log
cache_dir /var/spool/squid 2000 16 256
cache_mgr baber@wbitt.com
visible_hostname squid.linuxlab.int
save and quit
#squid -z
#service squid start
###........then if u want to make it transparent kindly add rule to iptables
firwall........###
#iptables -t nat -A PREROUTING -p tcp -i etho --dport 80 -j REDIRECT --to-port
3128
###......Note: eth0 is connected with your LAN switch......###
Baber Zahoor
RHCE 5.0
transparent option.....
You can also you dhcpd server for ip assigning.
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
save & quit
vim /etc/squid/squid.conf
###......please enable these options......###
http_port 3128 transparent
acl our_networks src 192.168.1.0/24
http_access allow our_networks
cache_mem 16M
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
store_log /var/log/squid/store.log
cache_dir /var/spool/squid 2000 16 256
cache_mgr baber@wbitt.com
visible_hostname squid.linuxlab.int
save and quit
#squid -z
#service squid start
###........then if u want to make it transparent kindly add rule to iptables
firwall........###
#iptables -t nat -A PREROUTING -p tcp -i etho --dport 80 -j REDIRECT --to-port
3128
###......Note: eth0 is connected with your LAN switch......###
Baber Zahoor
RHCE 5.0
Thursday, March 19, 2009
Subscribe to:
Posts (Atom)