Load Balanced Linux Web Cluster

Another example of a load balanced apache cluster, this time active-active using Pacemaker/Corosync/ldirectord.
This example is using CentOS.

10.11.1.40 – fixed IP of server1
10.11.1.41 – fixed IP of server 2
10.11.1.80 – apache site 1 (virtual IP)
10.11.1.50 – apache site 1 server 1
10.11.1.51 – apache site 1 server 2
10.11.1.90 – apache site 2 (virtual IP)
10.11.1.60 – apache site 2 server 1
10.11.1.61 – apache site 2 server 2

Some Munin Notes

Munin – its pretty handy for monitoring stuff over time to view trends. Some notes to get it up and running with a minimal config:

Install munin on monitoring server:
apt-get install munin

vi /etc/munin/munin.conf
Add something like:
[Webservers;webserver-01]
address 2.11.1.40
use_node_name yes
[Webservers;webserver-01]
address 2.11.1.40
use_node_name yes

Group by something sensible, i.e server type, location, domain?

Some LVM Notes

A few LVM notes to jog the brain

A. Steps to create the logical volume..

List the current physical volumes. In this instance, were interested in a blank 20GB SATA – /dev/sdb. You can extend a logical volume by adding additional phyical volumes later.

fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000b5a0f

High Availability Linux Web Server Example

Just a quick example of setting up a Linux HA failover environment for an Apache/MySQL web server. This runs through a Ubuntu installation, however RedHat shouldn’t vary too much.

2.11.1.24 – fixed IP of server1
2.11.1.25 – fixed IP of server2
2.11.1.30 – apache site1 (virtual IP)
2.11.1.31 – apache site2 (virtual IP)

Make sure both servers have a sensible hostname and ensure their hosts files relate to this:

etc/hosts
127.0.0.1 localhost
2.11.1.24 ubuntu-server-1.mydomain.com ubuntu-server-1
2.11.1.25 ubuntu-server-2.mydomain.com ubuntu-server-2

Some NFS Notes

A few notes on configuring NFS on RedHat or Ubuntu

The server packages to install are:
Ubuntu:
apt-get-install nfs-kernel-server nfs-common quota
RedHat:
yum install nfs-utils nfs-utils-lib quota

The client Packages are:
Ubuntu:
apt-get install nfs-common
RedHat:
yum install nfs-utils nfs-utils-lib

A few things to configure on the server:

/etc/hosts.allow
Any hosts listed here will be granted access to everything i.e
ALL: 2.11.1.2[4-5]
ALL: 192.168.1.*

Example IPTables rules for a webserver

Just a quick and basic example IPTables ruleset to secure a web/mail server:

# Allow outgoing traffic and disallow any passthroughs

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Allow traffic already established to continue

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Don’t be a Tw@t – Use At!

Sigh :( today I made a schoolboy error – making config changes to a live firewall on a remote server without giving myself any kind of safety net! Anyway, this is an example of where you should really use something like the at command to bail you out should anything go wrong:

get the current system time:
date

Schedule at to run a command 5 minutes from now:
at -m 13:50
service iptables stop
ctrl-d

Android Apps for a System Administrator

With phones getting smarter and smarter, its now possible to monitor servers and perform basic administration tasks from your android handset. Here are a few tools I find useful.

Connectbot is a great SSH client for the Android. It is fully functional, supporting SSH keys and copy/paste etc.

 

For Windows RDP connections, I found PocketCloud to be the nicest to use free app, but at the time of writing there was a keyboard bug on Samsung handsets. Remote RDP Lite does the same thing in a less elegant way.

Screen – Can be useful!

Screen is something I’ve never been interested in using previously, but to be honest, it has many benefits. Screen is basically a window manager that allows you to run many windows from your SSH session. By doing this you don’t need to initiate several SSH sessions to a box when running complex tasks. Also if your connection is terminated in the middle of your task, you can resume your screen session.

Basics:

Start screen:
screen

Create new screen window:
CTRL + A + C

Install Java 1.6 JRE and JDK On CentOS5

Very busy right now, so here’s a quick and dirty writeup for install Java 1.6 on centos5.

To install the JDK

yum install -y jpackage-utils
wget http://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/VerifyItem-Start/jdk-6u14-linux-x64-rpm.bin?BundledLineItemUUID=KxWJ_hCuwSUAAAEvTWRZB8TT&OrderID=WeuJ_hCuedUAAAEvLGRZB8TT&ProductID=tPxIBe.oz2IAAAEhmh0zLjfT&FileName=/jdk-6u14-linux-x64-rpm.bin
chmod +x jdk-6u14-linux-i586-rpm.bin
./jdk-6u14-linux-i586-rpm.bin