Installing subversion Server with LDAP on Ubuntu 9.04

A very popular version control is Subversion. However, many times subversion requires integration with other systems and protocols. First, Subversion can take advantage of apache to allow remote access and Second we need some kind of authentication and authorization. The following process will help you to put all this together ina very quick and easy way.

I assume you have a LDAP server already set up.
Install Apache, and Subvervion:

# apt-get install apache2 subversion libapache2-svn subversion-tools

Edit dav_svn.conf

#vi /etc/apache2/mods-available/dav_svn.conf

The file should have nothing enabled, so we need to add our configuration  

The following configuration uses LDAP authetication and SVN authorization.

On LDAP, users on svngroup GROUP will have access to the repository.

        DAV svn

        SVNParentPath /svn

        AuthzSVNAccessFile /svn/aclfile

        AuthName "Subversion Repos"

        AuthType Basic

        AuthBasicProvider ldap

        AuthzLDAPAuthoritative   on

        AuthLDAPURL ldap://ldap:389/ou=People,dc=example,dc=com?uid

        AuthLDAPGroupAttribute memberUid

        AuthLDAPGroupAttributeIsDN off

        Require ldap-group cn=svngroup,ou=Groups,dc=example,dc=com

Enabling module for LDAP authentication 

#a2enmod authnz_ldap

START APACHE

#/etc/init.d/apache2 start

Create the aclfile on /svn to set up the authorization for Repositories.

[groups]

sysadmin = user

[test:/]

@sysadmin=rw

Create the test repo.

#cd /svn

#svnadmin create test

Then you can test access to your SVN with your browser.

http://svn-server/svn/test/

Adding WEBSVN

Get the latest package from website.

# apt-get install websvn

Follow the configuration screen and done

Then edit the following file.

#vi /etc/websvn/svn_deb_conf.inc

Comment $config->addRepository("repos 1", "file:///svn");

and Save

Now you can access your repos on http://svn-server/websvn/

However we should put some security.

Go and Edit /etc/websvn/apache.conf and add the Authetication with LDAP.

   AuthName "WEBSVN "

   AuthType Basic

   AuthBasicProvider ldap

   AuthzLDAPAuthoritative   on

   AuthLDAPURL ldap://ldap:389/ou=People,dc=example,dc=com?uid

   # Require valid-user

   AuthLDAPGroupAttribute memberUid

   AuthLDAPGroupAttributeIsDN off

   Require ldap-group cn=svndev,ou=Groups,dc=example,dc=com

save and Restart Apache.

Configuration management: Puppet with Ubuntu 9.04

When you have a lot of machines to configure and manage, Configuration management tools like (Cfengine or Puppet)  becomes very handy.  The following procedure shows you how to have your Puppet Server installed and one client using Ubuntu 9.04.


For Server
#apt-get install puppetmaster

For Client

#apt-get install puppet


On Puppet server:

Edit /etc/puppet/puppet.conf

pluginsync=false

and add certname

[puppetmasterd]
templatedir=/var/lib/puppet/templates
certname = puppetserver.example.com

certname will guarantee that the cert is created right.


Edit /etc/puppet/fileserver.conf

This file will configure the path for files stored on the servers and who is allowed
to take them.


[files]
  path /etc/puppet/files
  allow *

Copy /etc/sudoers to /etc/puppet/files/etc/ so clients can take the file.

Now you have to make sure that on directory /etc/puppet/, you have all this directories.

root@puppetserver:/etc/puppet# ls
files  fileserver.conf  manifests  puppet.conf
root@puppetserver:/etc/puppet#

then go manifests and create a directory called classes.

Create a file /etc/puppet/manifests/classes/sudo.pp


# /etc/puppet/manifests/classes/sudo.pp


class sudo {
    file { "/etc/sudoers":
        owner => "root",
        group => "root",
        mode  => 440,
        source => "puppet://puppetserver.example.com/files/etc/sudoers"
    }
}

Create a file /etc/puppet/manifests/site.pp



import "classes/*"




# tell puppet on which client to run the class
node puppetclient {
    include sudo
}

Start puppet master /etc/init.d/puppetmasterd start


Note: You will get an error with xmlsimple.rb file. You will basically go to
/usr/lib/ruby/1.8/ and move xmlsimple.rb file to /usr/lib/ruby/1.8/lib/.


On Puppet client

Edit /etc/puppet/puppet.conf
Add

pluginsync=false


[puppetd]
certname = puppetclient.example.com
server = puppetserver.example.com
runinterval = 60   

runinterval will check puppet server every 60 seconds (Default 1800)

Then run the following command so the Puppet Server can issue a certificate.


# puppetd --test
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
notice: Set to run 'one time'; exiting with no certificate

GO TO PUPPET SERVER


#puppetca --list
puppetcliet.example.com

Then sign it.

# puppetca --sign puppetcliet.example.com
Signed puppetcliet.example.com

Now your client can talk with the master.

#/etc/init.d/puppet start


Enjoy it

Change Interface name (eth1 to eth0) on Ubuntu 9.04

Probably, many administrator has fallen with this problem before when the clone virtual machines on Virtual enviroments (VMware or Citrix Xen). After cloning the machine and turn it on, there is no IP and the ifconfig command shows that instead of eth0 you have eth1. Then  you go check the configuration for the interfaces on /etc/network/interfaces and you see eth0 configured but what you have it is eth1.

This procedure shows you how to change the name device to eth0 from eth1.

As root, go and  edit /etc/udev/rules.d/70-persistent-net.rules


SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:50:56:81:5a:fa", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"


Look for the line showing NAME="eth1" and change this value to NAME="eth0".
If there is another line showing NAME="eth0" delete it because it contains the configuration of the cloned machine.

Save the file.

Then open /etc/network/interfaces make sure you have the correct configuration for eth0.
For this case I will use dhcp configuration:

auto eth0
iface eth0 inet dhcp

Finally you can reboot or you can reload the rules with the new name.

# udevadm trigger


This command will reload the rules with the new name so then you can restart networking.

# /etc/init.d/networking restart

Hadoop 0.20 on Ubuntu 9.04

Hadoop is a combination of High Distributed File System and a Map/Reduce Framework based on java. In other words, you can have a cluster of servers that can share their hard drive as a big file system HDFS and then you can process data using Hadoop APIs (Map/Reduce). This tool is capable of sort and summarize data with speed that commercial and opensource Database can not reach. Hadoop belongs to the Apache group and is used by Yahoo, Facebook and Google.

With all that potential, I decided to give it a try to see how I could implement a cluster of 4 machines.

I used 4 machines (1 cpu, 1GB mem, 10GB hard drive) with Ubuntu 9.04 server.

hadoop01, hadoop02, hadoop03, and hadoop04

Install Java 6 on Ubuntu

#apt-get install sun-java6-jre
#apt-get install sun-java6-jdk

Create group hadoop
Create user hadoop
root@hadoop01:~# addgroup hadoop
Adding group `hadoop' (GID 1001) ...
Done.
root@hadoop01:~# adduser --ingroup hadoop hadoop

Configure ssh key for hadoop user
$ssh-keygen -t rsa -P ""
$cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys

Get the latest version of hadoop

http://apache.multihomed.net/hadoop/core/stable/hadoop-0.20.1.tar.gz

Install it on /usr/local/hadoop
Make sure everything under is own by hadoop:hadoop /usr/local/hadoop
Edit vi /usr/local/hadoop/conf/hadoop-env.sh

export JAVA_HOME=/usr/lib/jvm/java-6-sun

Define the Data partition for the node: example /data
Make sure everything under is own by hadoop:hadoop /data
Make sure /etc/hosts or DNS contains all the cluster node names

127.0.0.1 localhost localhost.localdomain
x.x.x.x   servername

Configuring Hadoop Master Node 

Since Hadoop contains to processes HDFS and Map/Reduce, the master node should contain both servers.
For HDFS, the service is called namenode.
For Map/Reduce, the service is called jobtracker.


Slave nodes will use the following processes:
For HDFS,  the service will be Datanode.
For Map/Reduce, the service will be Tasktracker.


Edit core-site.xml and mapred-site.xml (These files are used by Hadoop 0.20. Older version were using hadoop-site.xml)


For core-site.xml
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<!-- Put site-specific property overrides in this file. -->
<configuration>
<property>
<name>hadoop.tmp.dir</name>
<value>/data/tmp</value>
<description>A base for other temporary directories.</description>
</property>
<property>
<name>fs.default.name</name>
<value>hdfs://hadoop01:54310</value>
<description>The name of the default file system. A URI whose
scheme and authority determine the FileSystem implementation. The
uri's scheme determines the config property (fs.SCHEME.impl) naming
the FileSystem implementation class. The uri's authority is used to
determine the host, port, etc. for a filesystem.</description>
</property>
<property> 
<name>mapred.job.tracker</name>
<value>hadoop01:54311</value>
<description>The host and port that the MapReduce job tracker runs
at. If "local", then jobs are run in-process as a single map and reduce task.
</description>
</property>
<property>
<name>dfs.replication</name>
<value>3</value>
<description>Default block replication.
The actual number of replications can be specified when the file is created.
The default is used if replication is not specified in create time.
</description>
</property>
</configuration>


For mapred-site.xml


<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<!-- Put site-specific property overrides in this file. -->
<configuration>
<property>
     <name>mapred.job.tracker</name>
     <value>hadoop01:54311</value>
     <description>The host and port that the MapReduce job tracker runs
     at.  If "local", then jobs are run in-process as a single map
     and reduce task.
     </description>
</property>
</configuration>

These files assume the hadoop01 is the Master node for both processes.
These files assume that /data will contains the data for HDFS.
These files will be the same for all nodes and should be own by hadoop user.


Configuring Master and Slaves


On the master node, you will find these two files masters and slaves. (/usr/local/hadoop/conf directory).
These file must be modified on the master node.

The masters file contains the name of the master.

hadoop@hadoop01:/usr/local/hadoop/bin$ cat /usr/local/hadoop/conf/masters
hadoop01

The slaves file contains the list of slave servers.

hadoop@hadoop01:/usr/local/hadoop/bin$ cat /usr/local/hadoop/conf/slaves

hadoop01

hadoop02

hadoop03

hadoop04

Adding node to Hadoop Cluster(Ubuntu)
The nodes on the cluster must be installed basically the same as the Master node.

Install Java 6
#apt-get install sun-java6-jre
#apt-get install sun-java6-jdk


Create group hadoop
Create user hadoop


root@hadoop02:~# addgroup hadoop
Adding group `hadoop' (GID 1001) ...
Done.
root@hadoop02:~# adduser --ingroup hadoop hadoop

Have DNS or /etc/hosts setup for the cluster so any machine can be accessed by name.
Copy SSH keys for hadoop user on master node dir .ssh/*

Get Hadoop package installed
Probably you have it already in other hadoop datanode.
Untar the content on /usr/local/hadoop

Define your data directory: example /data
Copy configurations file from master node.

hadoop@hadoop01:/usr/local/hadoop/conf$ scp hadoop-env.sh hadoop03:/usr/local/hadoop/conf
hadoop-env.sh                                                                                                100% 2278     2.2KB/s   00:00
hadoop@hadoop01:/usr/local/hadoop/conf$ scp core-site.xml  hadoop03:/usr/local/hadoop/conf
core-site.xml                                                                                                100% 1321     1.3KB/s   00:00
hadoop@hadoop01:/usr/local/hadoop/conf$ scp mapred-site.xml   hadoop03:/usr/local/hadoop/conf
mapred-site.xml                                                                                              100%  455     0.4KB/s   00:00
hadoop@hadoop01:/usr/local/hadoop/conf$

Go to Master node and add the new node to the file


hadoop@hadoop01:/usr/local/hadoop/conf$ vi slave




Starting the cluster

Make sure that the /data is empty in all the nodes. Then on the master lets format the namenode.

$/usr/local/hadoop/bin/hadoop namenode -format

Start the HDFS cluster

$/usr/local/hadoop/bin/start-dfs.sh

Verify that Datanode has started in all the nodes running

Master:

hadoop@hadoop01:/usr/local/hadoop/bin$ jps
410 Jps
32161 SecondaryNameNode
32054 DataNode
31944 NameNode

Node:

hadoop@hadoop03:~$ jps
5832 Jps
5785 DataNode

Finally start the Map/Reduce Cluster.

$/usr/local/hadoop/bin/start-mapred.sh


Note: to stop the cluster, first run $/usr/local/hadoop/bin/stop-mapred.sh and then $/usr/local/hadoop/bin/stop-dfs.sh

Hadoop Web Interfaces

Hadoop comes with several web interfaces which are by default (see conf/hadoop-default.xml) available at these locations:

• http://localhost:50030/ - web UI for MapReduce job tracker(s)
• http://localhost:50060/ - web UI for task tracker(s)
• http://localhost:50070/ - web UI for HDFS name node(s)

Finally, you can start to use the Hadoop Cluster, however it will require that you learn Hadoop API or some kind of language. If you are looking for something more like SQL , try to use Hive.

Setting Up LDAP Client for Ubuntu 9.04

Before I showed how to set the ldap client on Centos , however Ubuntu has some differences.

Install

# apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db

Set LDAP server

ldap://ldap

Set search Base

dc=example

LDAP version 3

Local database (NO)

LDAP requires login (YES/NO)




go /etc/ldap.conf and add

nss_base_passwd ou=People,dc=example
nss_base_shadow ou=People,dc=example
nss_base_group ou=Groups,dc=example


Then go to /etc/nsswitch.conf

and modify the following lines

passwd: compat [SUCCESS=return] ldap
group: compat [SUCCESS=return] ldap
shadow: compat [SUCCESS=return] ldap

Traffic Shaping on Linux (Ubuntu or Red Hat)

Traffic Shaping or Bandwidth Management are  issues that concern many people when the Internet resources are limited. I think this can be a hot topic however it requires a lot of administration so it is probably not  a priority for most of the System Administrators. There a couple of traffic shapers out there however HTB is the most popular one and easiest to manage it. As you have seen before I also like to use some GUI interfaces as Webmin so I have attached the procedure to install the HTB module for webmin...

Download the HTB script (Hierarchy Token Bucket queuing)

#wget http://downloads.sourceforge.net/project/htbinit/HTB.init/0.8.5/htb.init-v0.8.5?use_mirror=voxel

Copy htb.init to /etc/init.d/htb.init

Create directory /etc/sysconfig/htb

Create rules on /etc/sysconfig/htb directory. Assuming only one interface (eth0), this is an example configuration:

# cd /etc/sysconfig/htb
# vi eth0

DEFAULT=30
R2Q=100

Save file

#  vi eth0-2.root

RATE=100Kbit

# root class containing outgoing bandwidth

Now you can start htb.init

# /etc/init.d/htb.init start

Checking status 

#/etc/init.d/htb.init stats

With webmin module 

Install Tree:DAG_Node


#apt-get install libtree-dagnode-perl

or

# cpan -i Tree::DAG_Node


Then install webmin module.

Go Webmin ---> Webmin Configuration --> Webmin Modules

on Third Party Module : http://sehier.fr/webmin-htb/webmin-htb.tar.gz

and Install it.

To check the module go Networking ---> Hierarchy Token Bucket queuing

Configuring the rules is the trick of this Bandwidth manager.

Tracking Stats with Webmin (Centos 5.3 64bit)

As I have said before Webmin is a powerful tool. Webmin has a Third party module that allows you to track performance and trends on the same server without rely on external tools.

Open a browser with webmin interface http://serverip:100000

Go Webmin --> Webmin configuration --> Webmin Modules

Copy this link on Third Party Modules

http://softlayer.dl.sourceforge.net/project/webminstats/Sysstats/1.4/wbm-sysstats-1.4-1.noarch.rpm

Then Install it

The package installed will be called Historic System Statistics

If you click on that you will get an error because there are some packages missing.

The missing package is RRDtool. You can get it from different sources however I suggest you 

to use rpmforge repos.

Go System --> Software Packages and copy this link on (From ftp or http URL)

http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Then you would have to clean yum database.

Go Others --> Command Shell and run yum clean all

Then go back to System --> Software Packages

On (Packages from Yum) : rrdtool perl-libwww-perl

Install them

Finally go System --> Historic System Statistic

The modules start to configure themselve and then Start Webminstats.

Now you can have stats and trends running on the server without using external tools.

IPMI Installation on Citrix Xen 5.5

IPMI is a standardized message-based hardware management interface. A hardware chip known as the Baseboard Management Controller (BMC), or Management Controller (MC), implements the core of IPMI.

BMC is already integrated in many servers, so you have to make sure that your system has this already. IBM, HP or Dell servers already have it.

Accessing remotely the BMC requires some kind of network access so when you see the servers in the back you probably can not see the BMC NIC. This NIC is already integrated with NIC1 so if you connect NIC1 to the network the BMC NIC can have access to the network.

Since Citrix Xen is becoming popular and Citrix Xen still does not provide info or repositories to install IPMI tools, I decided to show you how you can have this powerful on your system.

My configuration is two Citrix Xen Servers 5.5 running on HP proliant DL160.

Upgrade Ncurses package because ipmitools requires it.

#wget ftp://ftp.pbone.net/mirror/yum.trixbox.org/centos/5/old/ncurses-5.6-7.20070612.i386.rpm
#rpm -Uvh ncurses*

then Install IPMI server and drivers


#wget http://mirror.centos.org/centos/5/os/i386/CentOS/OpenIPMI-libs-2.0.6-11.el5.i386.rpm
#wget http://mirror.centos.org/centos/5/os/i386/CentOS/OpenIPMI-2.0.6-11.el5.i386.rpm


Install OpenIPMI-libs first because OpenIPMI requires this package


#rpm -ivh OpenIPMI-libs*
#rpm -ivh OpenIPMI-2.0*


I suggest you ipmitools as client because there is a lot more documentation in how to use it. This website has a lot of documentation to use ipmitool http://wiki.adamsweet.org/doku.php?id=ipmi_on_linux


# wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/netmax/Fedora_8/i386/ipmitool-1.8.9-38.1.i386.rpm
#rpm -ivh ipmitool*


Then start IPMI service


# /etc/init.d/ipmi start


Make sure the IPMI service starts when the machine reboots


# chkconfig ipmi on


NOW we can get local info from IPMI using ipmitool


#ipmitool sdr


It will give you stats of the motherboard


#ipmitool lan print


it will give you BMC NIC information.


[root@xen01 ~]# ipmitool lan set 2 ipsrc static
[root@xen01 ~]# ipmitool lan set 2 ipaddr x.x.x.x
Setting LAN IP Address to x.x.x.x
[root@xen01 ~]# ipmitool lan set 2 netmask x.x.x.x
Setting LAN Subnet Mask to x.x.x.x
[root@xen01 ~]# ipmitool lan set 2 defgw ipaddr x.x.x.x
Setting LAN Default Gateway IP to x.x.x.x
[root@xen01 ~]# ipmitool lan set 2 arp generate on
[root@xen01 ~]# ipmitool lan set 2 arp interval 5
[root@xen01 ~]# ipmitool lan set 2 access on
[root@xen01 ~]# ipmitool lan set 2 user


Then we need to set up user access to IPMI
the user list can be find with this command:

[root@xen01 ~]# ipmitool user list
[root@xen01 ~]# ipmitool user set name 2 root
[root@xen01 ~]# ipmitool user enable 2
[root@xen01 ~]# ipmitool channel setaccess 2 2 ipmi=on link=on privilege=4
[root@xen01 ~]# ipmitool user set password 2 secret
[root@xen01 ~]# ipmitool user list
[root@xen02 ~]# rmcp_ping -d x.x.x.x


If you do not get response, you will have to reboot the server and check BIOS.
Make sure that BIOS has IPMI setup to share NIC and save changes.
then


[root@xen02 ~]# rmcp_ping -d x.x.x.x


You should receive response from IPMI IP. Then you can try to access IPMI remotely.

[root@xen02 ~]# ipmitool -H x.x.x.x -U root -a chassis status
Password:
System Power : on
Power Overload : false
Power Interlock : inactive
Main Power Fault : false
Power Control Fault : false
Power Restore Policy : previous
Last Power Event :
Chassis Intrusion : inactive
Front-Panel Lockout : inactive
Drive Fault : false
Cooling/Fan Fault : false
Sleep Button Disable : allowed
Diag Button Disable : allowed
Reset Button Disable : allowed
Power Button Disable : allowed
Sleep Button Disabled: true
Diag Button Disabled : true
Reset Button Disabled: true
Power Button Disabled: true
[root@xen02 ~]#

Great!!! Now you can check IPMI stats remotely using any server that has ipmitool installed.


NOTE: This probably apply to any Centos 5 Linux, however I installed and tested it on Citrix Xen
because I think it should be cool to have IPMI funcionalities.

Webmin: a powerful system administration tool (Setup)

During several years as System Administrator, I have found people that do not like GUI interfaces for system administration work. I completely disagree this approach because GUI interfaces facilitate and standardize your work.

One of the big problems in a Network Infrastructure is the lack of documentation. Top management do not see advantage in having accurate documentation because they can not attached that to direct revenues. Accurate documentation is a utopia for real environment so System administrator must figure out how the environment was built to perform a good job. However, sysadmins tend to built and process changes in many different way that makes tracking changes very difficult.

I suggest WEBMIN as an alternative to standardize and make changes on uneven environments. Why?

• Webmin is OpenSource (Free)
• Webmin was created 10 years ago and It also part of Solaris Install Packages.
• Webmin is perl based, so it is portable to many OSes. 
• It has modules to manage many servers. (Apache, Mysql, postfix, sendmail, so on)
• It has Cluster administration capabilities. 
• It is very easy to install and does not load the server at all.

Do not be lazy and try it ...

Redhat or Centos installation

# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.490-1.noarch.rpm
#rpm -Ivh webmin*

Basic installation of Centos contains all dependencies.

then you can access webmin with root password on http://serverip:10000

Ubuntu and Debian

#wget http://prdownloads.sourceforge.net/webadmin/webmin_1.490_all.deb
#dpkg -i webmin*

Probably there were dependencies missing so then you should try

#apt-get install -f

After the installation, Webmin will identify all the server installed in your server, however to use the modules you have to make sure that module config for that specific module has been configured right.
Some people tend to discourage of using Webmin because they do not configure it right.

My experience Webmin has shown that new OS installations can have 95% of the Webmin Modules well configured and Current Server installations can have 60% of the Webmin Modules well configured.

Data Center Management with openQRM on Centos 5.3 64bit (Installation)

http://openqrm.com/

A year ago I tested this application and it was pretty awesome, although it was still in development. Now I would like to give it a try and see if it is ready for production environments.

Initially, I got a CentOs 5.3 64 bit installed with 1 cpu and 1GB mem.
First we need to get the packages.

[root@openqrm ~]# mkdir openqrm
[root@openqrm ~]# cd openqrm/
[root@openqrm openqrm]# wget http://sourceforge.net/projects/openqrm/files/openQRM%204.5/RPM%20CentOS5%2064bit/openqrm-server-entire-4.5-centos5.x86_64.rpm/download

Make sure you install the packages required by openQRM. Regular Centos repos are going to miss some of the packages so I suggest you to install RPMFORGE repos

[root@openqrm ~]# wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

[root@openqrm ~]# rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
warning: rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing...                ########################################### [100%]
   1:rpmforge-release       ########################################### [100%]
[root@openqrm ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning up Everything
Cleaning up list of fastest mirrors

Now you can start to install packages using rpmforge repos.

[root@openqrm openqrm]# rpm -ivh openqrm-server-entire-4.5-centos5.x86_64.rpm
error: Failed dependencies:
        /bin/ash is needed by openqrm-server-4.5-centos5.x86_64
        /usr/bin/expect is needed by openqrm-server-4.5-centos5.x86_64
        bind is needed by openqrm-server-4.5-centos5.x86_64
        dhcp is needed by openqrm-server-4.5-centos5.x86_64
        expect is needed by openqrm-server-4.5-centos5.x86_64
        httpd is needed by openqrm-server-4.5-centos5.x86_64
        iscsi-initiator-utils is needed by openqrm-server-4.5-centos5.x86_64
        mysql is needed by openqrm-server-4.5-centos5.x86_64
        mysql-server is needed by openqrm-server-4.5-centos5.x86_64
        nagios is needed by openqrm-server-4.5-centos5.x86_64
        nagios-devel is needed by openqrm-server-4.5-centos5.x86_64
        nagios-plugins is needed by openqrm-server-4.5-centos5.x86_64
        nagios-plugins-nrpe is needed by openqrm-server-4.5-centos5.x86_64
        perl(XML::Simple) is needed by openqrm-server-4.5-centos5.x86_64
        php is needed by openqrm-server-4.5-centos5.x86_64
        php-mysql is needed by openqrm-server-4.5-centos5.x86_64
        puppet-server is needed by openqrm-server-4.5-centos5.x86_64
        samba is needed by openqrm-server-4.5-centos5.x86_64
        screen is needed by openqrm-server-4.5-centos5.x86_64
        subversion is needed by openqrm-server-4.5-centos5.x86_64
        tftp-server is needed by openqrm-server-4.5-centos5.x86_64
        zabbix is needed by openqrm-server-4.5-centos5.x86_64
        zabbix-agent is needed by openqrm-server-4.5-centos5.x86_64


[root@openqrm openqrm]# yum install bind dhcp expect httpd iscsi-initiator-utils mysql mysql-server nagios nagios-devel nagios-plugins nagios-plugins-nrpe php php-mysql

[root@openqrm openqrm]# yum install puppet-server samba screen subversion tftp-server perl-XML-Simple




Ok we still need to get ash, zabbix, and zabbix-agent


[root@openqrm openqrm]# wget ftp://mirror.switch.ch/pool/3/mirror/centos/4.7/os/x86_64/CentOS/RPMS/ash-0.3.8-20.x86_64.rpm
[root@openqrm openqrm]# wget ftp://ftp.muug.mb.ca/mirror/fedora/epel/5/x86_64/zabbix-agent-1.4.6-1.el5.x86_64.rpm
[root@openqrm openqrm]# wget ftp://195.220.108.108/linux/epel/5/x86_64/zabbix-1.4.6-1.el5.x86_64.rpm

[root@openqrm openqrm]# yum install net-snmp-libs iksemel

Then you can install all the aditional RPMs and finally

[root@openqrm openqrm]# rpm -ivh openqrm-server-entire-4.5-centos5.x86_64.rpm

Done

After install you can access the openQRM console in http://openqrm-server-ip/openqrm/

user: openqrm
password: openqrm







 

Citrix Xen Server Setup

Setting up a Citrix Xen Server is very easy, however do you have to consider design before start to deploy a Citrix Xen Server farm.

First ,  I would like you to think about networking. For a single server, one nic is enough however if you want to grow your farm and add servers to your pool you should have to use a second nic.  Why??? well if you are going to use share storage in a pool of server (pools only make sense with share storage) Citrix Xen will require to have a nic for management and a second nic for storage. The storage nic can be shared for VM network traffic however it is not recomended for production enviroment.

Citrix Xen Server standalone = 1 NIC
Citrix Xen Server Pool (shared storage) = at least 2 NIC , For production enviroments at least 3 NIC

Second , make sure that you have a 64 bit processor. In addition, remember to enable VT on BIOS so you can create paravirtualized Guest OS.  Paravirtualization can give you a lot better performance.

Third, make sure you have a lot of memory. Basically, memory will limit the quantity of VMs that you can create. You can over provision memory however the overall performance of the virtual machine will be affected because VM memory will require to swap on disk.

Now, we have our server ready to install so you have to download the ISOs for Citrix Xen Server.


http://www.citrix.com/lang/English/lp/lp_1688615.asp

There are two ISOs, one is the Citrix Xen Server and the second one is the Linux Guest support. I suggest you to donwload both and burn them in CDs.  The Linux Guest support contains some addtional templates that they are good to have.

Boot the machine with the Citrix Xen Server CD and follow instructions.
Only configure one NIC with you management IP.

In addition, do not forget to download XenCenter on your windows desktop and install it.

After XenCenter installation, you can set the management ip and access Citrix Xen Server Remotely.

If you want to add another server, follow the installation procedure and then add it to XenCenter.

In XenCenter, you can configure everything else you need. I recommend you to configure the other NICs. If you only have one more and you want to enable VLANs, do so on the switch and then create the sub interfaces on XenCenter for each VLAN. If you want to create a pool, remember that all the server you have the same configuration or access on the network.

After the pool is created everything will be set up for the pool and no just for that server. 
For installing new VMs, I suggest you to use NFS or CIFS to maintain the ISOs. You just have to add that storage on the storage tab on XenCenter and all the ISOs will be available to all VMs.
You can create machines with any OS however Citrix Xen will tell you that they only support the ones that they have templates for. So try to use the templates for the creation and then boot the VM with the ISO for that template. The template will guarantee that the VMs is compatible with Xentools, however this package is not required by the machine to operate.

Finally , set up the shared storage. Shared Storage will give you the flexibility to move the machine from one server to another one (XenMotion) without losing service or network.  A normal set up will include some class of ISCSI target ( Shared Storage) which can be accessible by Citrix Xen Servers.
I recommend you to check any of the Opensource SAN (Openfiler, Freenas) solutions or if you have the budget go for Commercial solutions.

VMWare vs Citrix Xen Comparisons ....

I have used both products for long time and I can tell you that Citrix Xen has better virtualization strategy for any business size.

Let's make the point.

VMWARE Facts

•  it has been the longest time.
• They started offering VMware server for free however this product does not perform very well on production enviroments.
• After a while, They decided to offer ESXi version for free. It was a good move however ESXi does not have console access because they designed to be embedded. This means limited access and flexibility.
• VMware never allows public performance comparisons. This is very obvious, why a company would do that. Furthermore, they created their own performance benchmark. 
• VMware is a commercial product that requires license for everything. Call your sell rep and ask him about prices...Morevover VMWare needs to be careful with piracy. 
• VMware did not offer paravirtualization. If I remeber they started to offer paravirtulization recently. Paravirtualization gives a lot better performance than full-virtualization.
• VMware Virtual Center is sold separately and it only runs on windows. This product is required to perform most of the advantage of the virtualization.

Citrix Xen Facts

• Although it is pretty new product, the Xen Hypervisor has been around for a while.
• First people must distinguish between Citrix Xen and Xen. Citrix Xen is a whole suite that uses Xen. Xen is the free hypervisor built by Linux Community. You can use Citrix Xen or Xen separately.
• Initially, Citrix Xen was not free, because Citrix felt very confident about this product however VMware had basically most of the market. The market was reluctant to change to the new platform so Citrix offer was not too attractive.  Finally they decided to offer Citrix Xen 5 for free with all the features.
• Citrix Xen is commercial product based on Xen Opensurce. Citrix Xen Server is free with all features. If you want to go further you can add more features buying the Essential license or Platinun license.
• Citrix Xen has always offered paravirtualization. Paravirtualization was the core of Xen hypervisor.
• Citrix Xen Console ( vs VMware VC) is a client that connects directly to the pool of Citrix Xen Servers. It does not require a dedicated server.

Both products can offer you the same functionalities, however Do we use all those functionalities?

Let 's review what we need.

Required options:

• Storage Support (ISCSI, local storage,NFS)
• Cloning and Snapshot Capabilities.
• Guest OS support.
  
• Vmotion or Xenmotion capabilities. 
• Virtual switches support (multiple VLANs)
• Good Performance (Paravirtualization)
• Centralized console (Virtual Center or Citrix Xen console)
• Templates support.

Optional requirements.
These are options good to have however I have not seen people using them a lot. In addition, they can be provision in other ways.

• HA  and DR
  
• Specialized Storage support
• Automatic Load Balancing 
• Fast Provisioning

Now it is almost clear. If I have Citrix Xen 5 or 5.5 free I can provide all the required options, if I want to get the Optional requirements , I would have to pay or I can deploy different solutions. In VMware world, I can use ESXi for free however I am going to require to buy Virtual Center so I can manage all those servers. Moreover, I will require a windows license to install VC.

In Conclusion, both products are great, however I think that Citrix Xen can offer you more free so your learning curve and testing enviroment can be more productive.

Nagios replaced with Groundworks

After several years of using Nagios with its old interface, I realized that there should be something out there that it can simplify the configuration. Moreover, I tested a lot of configurations tools for Nagios but none was quite as good as I expected. Finally, I decided to test other monitor tools like Zenoss, Zabbix, Hyperic, Opsview, and Groundworks. 

Zenoss : Enterprise ready, Opensource/Commercial,  Nice GUI,  and support nrpe.

Zabbix : Enterprise ready, Opensource/Commercial,  Nice GUI,  and uses its own agent.

Hyperic: Enterprise ready, Opensource/Commercial,  Nice GUI, and uses its own agent.

Opsview: No Enterprise ready, Opensource, Clean GUI, and  Nagios based.

Groundworks:  Enterprise ready, Opensource/Commercial,  Nice GUI, and Nagios based.


All are wonderful tools, easy to install, and provide the service that you need. However, Nagios has been around for the longest time and people is very familiar with it , so I decided to be focused on Opsview and Groundworks.  Well ...as always , you must be covered by some kind of support ...so I suggest you to go Groundworks......

It is very easy to install ....

First , get a clean installation of linux ....I recommend Centos...(This is another discussion)

Second, download the binary file from http://www.groundworkopensource.com/community/downloads/6.0-download.html

Third, execute the file and follow the instruction.

 Finally, you can configure it through the web interface. You can use Autodiscovery, add your own commands and so on....

SSHFS for Windows

A very cool feature is to have a hard drive letter  mapped to your public server.
SSHFS allows to map a drive letter on your windows machine to a server via ssh.
Check this application ...

http://dokan-dev.net/en/download/

Install the libraries first and then the sshfs package.

Basically it is going to ask you a server IP and user/password ...and at the end the map drive letter.

Remember SSH filesystem is not the fastest way but it is very secure and easy to set up.

Breaking Windows or Linux without password

There are different options to take control of a Windows or Linux Machine, however I have found very interesting the following:

KON-BOOT
http://www.piotrbania.com/all/kon-boot/

You can just create a CD with this software , then boot your Windows or Linux machine and finally you can login without password ...Isn't it cool? You save a lot of time instead of using the Rescue mode on Linux or try to reset the Administrator password on linux...

Take a look ...

IO Scheduler and QUEUE on Linux

This is a good tweak to improve performance on Linux Servers.

First you should know the different types of IO schedulers:

CFQ [cfq] (Completely Fair Queuing) is an I/O scheduler for the Linux kernel and default under many Linux distributions.

Noop scheduler (noop) is the simplest I/O scheduler for the Linux kernel based upon FIFO queue concept.

Anticipatory scheduler (anticipatory) is an algorithm for scheduling hard disk input/output as well as old scheduler which is replaced by CFQ

Deadline scheduler (deadline) - it attempt to guarantecho noop > /sys/block/hda/queue/scheduleree a start service time for a request.

By Default, Most of the Red Hat style Linux choose CFQ, However CFQ is most multitask oriented.

You can check and modify the scheduler anytime using the following command:

# cat /sys/block/sda/queue/sc

noop anticipatory deadline [cfq]

The scheduler for this machine is CFQ

# echo noop > /sys/block/hda/queue/scheduler

This change the scheduler to noop

Changing the queue size

# cat /sys/block/sda/queue/nr_requests
128

# echo 100000 > /sys/block/sda/queue/nr_requests

According to http://yoshinorimatsunobu.blogspot.com/ increasing the size of the queue
can improve dramatically the performance.




Tethering with IPhone

Still waiting for the release of the new mobileconfig so I can use tethering on Iphone.

Visit http://help.benm.at/help.php

Setting Up LDAP Client for CentOS 5

LDAP Client Installation (Centos 5)

1-Run from command line

#setup

Select Authentication configuration

2- On User Information, Select Use LDAP

3- On Authetication, Select Use MD5, Use Shadow, Use LDAP, and Local Authetication

4- Go Next, put the server ldap://ldapserver/ and Base DN:dc=subdomain,dc=domain,dc=com . Finally hit OK

5- Quit the SetUP

6- Make sure that server is talking with LDAP. Run

#id anyuser ( anyuser that is on LDAP)

7- Then Edit /etc/nsswitch.conf

Make sure the only ldap entries are on
passwd: files ldap
shadow: files ldap
group: files ldap

Then modify them to

passwd: files [SUCCESS=return] ldap
shadow: files [SUCCESS=return] ldap
group: files [SUCCESS=return] ldap

Save and all is done.

Easy Open LDAP Server installation with webmin

This installation was performed for Centos 5.3
1- Install webmin
Grab the RPM from www.webmin.com

#wget http://prdownloads.sourceforge.net/webadmin/webmin-1.490-1.noarch.rpm
#rpm -ivh webmin*

2- Access webmin https://IP:10000/

3- Make sure LDAP Server module is installed
If it is not, Go Un-used Modules and select LDAP server
Install LDAP
This is the same that the following:
#yum install openldap-servers openldap-clients

4- Open file /etc/openldap/slapd.conf

Add restrictions

# ACL for LDAP . User only can read and change his own password.
access to attrs=userpassword
by self write
by anonymous auth
by * none

# Anyone can use LDAP but they require authetication
access to *
by self write
by users read
by anonymous read
by * none

Then define the domain you want to use dc=subdomain,dc=domain,dc=com

Change suffix dc=subdomain,dc=domain,dc=com
and select the rootdn cn=Manager,dc=subdomain,dc=domain,dc=com

Save file

Then we need to create password for rootdn

#slappasswd
New password:
Re-enter new password:
{SSHA}Lpjn5+zYw5iOIbWdldZs1

Copy the password
Edit /etc/openldap/slapd.conf
look for rootpw

rootpw {SSHA}Lpjn5+zYw5iOIbWdld


5- Make sure /var/lib/ldap is empty

Copy

# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

6- START LDAP

# /etc/init.d/ldap start
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]

6- GO webmin, LDAP Server Module
In Module Config add the rootdn as login and the password(no encrypted)

7- Create the ROOT. Webmin will ask you to create the root (Hit the button)

8- Now we need the OU for users and Groups

Create a file base.ldif and paste this

dn: ou=People,dc=subdomain,dc=domain,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
description: Parent object of all UNIX accounts


dn: ou=Groups,dc=subdomain,dc=domain,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit
description: Parent object of all UNIX groups


Save

Then run the following command to add

# ldapadd -x -h 127.0.0.1 -W -D "cn=Manager,dc=subdomain,dc=domain,dc=com" -f base.ldif -c
Enter LDAP Password:
adding new entry "ou=People,dc=subdomain,dc=domain,dc=com"

adding new entry "ou=Groups,dc=subdomain,dc=domain,dc=com"

9- Go Webmin and configure the LDAP Users and Groups
Add the rootdn, passwd, Base users, and Base Groups

Then you can add Users and Groups


10- Backup LDAP

ldapsearch -x -LLL -z 0 -D 'cn=Manager,dc=subdomain,dc=domain,dc=com' -b "dc=subdomain,dc=domain,dc=com" -w password -h localhost >backup.ldif

Then Save backup.ldif