Category: Redhat & Fedora

Redhat & Fedora

HAProxy Load Balancer

HAProxy Load Balancer

By | | Comments 2 comments

IT infra going day to day very critical and costly, So for that we need simple IP based load balancing solution that handles ssl traffic. Basically it’s very easy and secure way to manage your server load balancing.
This example will shows you how we use this with easy steps

The Configuration =
* Load Balancer:  <10.0.0.77>  // will be our haproxy server # This will listen on many ports that we will bind as per requirement
* Web Server 1: <10.0.1.209>  // web application server 1    #This will listen on tcp mode
* Web Server 2: <10.0.1.210>  // web application server 2   #This will listen on tcp mode
* Web Server 3: <10.0.1.227>  // web application server 3   #This will listen on http mode
* Admin Panel Port 8088: <10.0.0.77>  // Statistics Panel on port 8080  #This will listen on http mode

Get and Install haproxy
We’ll be using the 1.3.17 src files to install haproxy. You can get them from http://haproxy.1wt.eu/

wget http://haproxy.1wt.eu/download/1.3/src/haproxy-1.3.19.tar.gz

tar xvzf haproxy-1.3.19.tar.gz

cd haproxy-1.3.19

make TARGET=linux26 ARCH=x86_64

make install

Now add user haproxy or what ever need to run config

[root@ravi.com ~]# useradd haproxy

cp /path/to/haproxy-1.3.19/examples/haproxy.init /etc/init.d/haproxy

chmod +x /etc/init.d/haproxy

create the /etc/haproxy folder and create haproxy.cfg config file in it.

mkdir /etc/haproxy

Now Please add your config file haproxy.cfg in /etc/haproxy

Configure /etc/haproxy/haproxy.cfg

#[root@app71 haproxy]# more haproxy.cfg
global
log 127.0.0.1   local0
log 127.0.0.1   local1 notice
#log loghost    local0 info
maxconn 25000    # count about 1 GB per 25000 connections
#debug
#quiet
user ravi
group ravi

defaults
log         global
mode        tcp
option      dontlognull
retries 3
option         redispatch
maxconn     20000
contimeout      5000
clitimeout      50000
srvtimeout      50000

#Configuration for www.ravi.com
listen VIP:www.ravi.com:10.0.0.77:80
bind            10.0.0.77:80    # or any other IP:port combination we listen to.
bind            10.0.0.77:443    # or any other IP:port combination we listen to.
mode            tcp
option          ssl-hello-chk
option          forwardfor    # set the client’s IP in X-Forwarded-For.
balance         roundrobin
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
# you have to set server health check it it’s down it showing you on stat
# Set server weights normally it should be 1 for all
server          app139:10.0.1.209:80 10.0.1.209 weight 1 maxconn 5000 check
server          app140:10.0.1.210:80 10.0.1.210 weight 1 maxconn 5000 check

listen VIP:www.ravi.com:10.0.0.77:8080
bind            10.0.0.77:8080    # or any other IP:port combination we listen to.
mode            http
option          forwardfor    # set the client’s IP in X-Forwarded-For.
balance         roundrobin
# set the maxconn parameter below to match Apache’s MaxClients minus
# one or two connections so that you can still directly connect to it.
# you have to set server health check it it’s down it showing you on stat
# Set server weights normally it should be 1 for all
server          app127:10.0.1.227:8080 10.0.1.227 weight 1 maxconn 5000 check

# Enable the stats page on a dedicated port (8088). Monitoring request errors
# on the frontend will tell us how many potential attacks were blocked.
listen  ha_stats 10.0.0.77:8088
mode            http
stats enable
stats auth user:password ##Auth user pass

edit the /etc/sysctl.conf and add the end of file then run sysctl -p to load the setting

net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65023
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_max_tw_buckets = 400000
net.core.somaxconn = 10000

start haproxy using (/etc/init.d/haproxy start or /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid)

Configuring logging

Edit /etc/sysconfig/syslog

1.SYSLOGD_OPTIONS=”-m 0 -r”

Edit /etc/syslog.conf. Add the following:

1.local0.* /var/log/haproxy/haproxy.log
2.local1.* /var/log/haproxy/haproxy-1.log

Restart Syslog

service syslog restart

Now check with

ps auxwww | grep haproxy

Thanks

Ravi

How to disable core(s) of CPU

How to disable core(s) of CPU

By | | Comments 2 comments

Introduction ~

The question is why we  need to disable few core of CPU? Sometime it is necessary to run certain applications, which are not compatible with multi core processing.  Disabling core will not affect physically your hardware. Linux OS will simply ignore the core(s) you selected to disable.

Steps 1] How to do it?

Debian/Ubuntu ~

root@laptop:/home/arunsb# cat /boot/grub/menu.lst

title        Ubuntu 9.04, kernel 2.6.28-11-generic
kernel        /vmlinuz-2.6.28-11-generic root=UUID=55d33e45-75c7-54sc-b204-97b44e1d6a39 ro quiet splash maxcpus=1
initrd        /initrd.img-2.6.28-11-generic

Redhat/Fedora based system ~

root@laptop:/home/arunsb# cat /boot/grub/grub.conf

title Red Hat Enterprise Linux ES (2.6.9-78.ELsmp)
root (hd0,4)
kernel /boot/vmlinuz-2.6.9-78.ELsmp ro root=LABEL=/    maxcpus=1
initrd /boot/initrd-2.6.9-78.ELsmp.img

Note ~ after changing grub config file please reboot the system to apply changes!

As shown above “maxcpus=1” indicates that Linux will use only one CPU core. you can change this value as per your requirement and hardware available.

You can  also change this value during  starting of system from GRUB menu but it is temporary setting. To make it permanent you need to modify the  grub.conf (Redhat/Fedora) or menu.lst (debian/Ubuntu) GRUB config file.

Step 2] How to verify ~

I have dual core CPU as shown below and I have disable 1 core so After reboot I should get only one CPU core active

** Before above setting!

root@laptop:/home/arunsb# cat /proc/cpuinfo   | grep processor
processor    : 0
processor    : 1
root@laptop:/home/arunsb#

* Verify after above setting ~

root@laptop:/home/arunsb# cat /proc/cpuinfo   | grep processor
processor       : 0
root@laptop:/home/arunsb#

* How to Disable CPU without Reboot?
root@arunb:~# echo 0 > /sys/devices/system/cpu/cpu1/online

* Confirm ?
root@arunb:~# cat /proc/cpuinfo | grep -i ‘Processor’
processor : 0
root@arunb:~#

Thank you,
Arun Bagul

How to create edit/extract initrd in Ubuntu/Debian and Redhat/Fedora Linux ?

How to create edit/extract initrd in Ubuntu/Debian and Redhat/Fedora Linux ?

By | | Comments 3 comments

Introduction ~

Long back I edited initrd as  old linux (Ubuntu 6.06) box was not able to boot with SCSI hard disk? One of my friend wanted to do the same for other purpose. So got a chance to write article on the same? Let’s start with what is initrd?

What is initrd ?

initrd (Initial Ram Disk) is a temporary file system ( used as /) commonly used in the boot process of the Linux kernel. It is typically used for making preparations before the real root file system can be mounted.

Why someone want to edit/modify initrd ?

I assume that you all are familier with Linux booting process? Once Linux kernel loaded in to memory (RAM) it start init (father/mother of all  process) process. is that true? Let me ask you one question. Before loading actual physical root file system (/) how kernel access /sbin/init script? what is the use by specifying “initrd” file in GRUB ?  hold on!!

Suppose your root partion resides on some SCSI device and driver for this SCSI devices is compiled as a kernel module. Of course this module is required at boot time to have access to the root partion — but it is not in the kernel. Thus the need for an initrd image. Additionally after udev subsystem become common, somebody has to start udev to create device nodes. This is initrd’s duty too.

See the GRUB menu as shown below ~

title        Ubuntu 9.04, kernel 2.6.28-11-generic
kernel        /vmlinuz-2.6.28-11-generic root=/dev/sda3  ro quiet splash
initrd        /initrd.img-2.6.28-11-generic

GRUB loads  kernel and initrd image in to memory(RAM). When kernel boots  it checks for initrd image, and if it exists starts init script that resides on this image. init script is usually written in bash. When init script on initrd image is finished, kernel usually start standard init process ie /sbin/init

Step 1] Copy original initrd image file to temp location  ~

** Create temporary directory and copy initrd file in that temp directory

arunsb@laptop:~$ cp /boot/initrd.img-2.6.28-11-generic  /tmp/

arunsb@laptop:~$ mkdir /tmp/initrd-src

** Now extract “initrd” image –

arunsb@laptop:~$ cd /tmp/initrd-src

arunsb@laptop:/tmp/initrd-src$ gzip -dc  /tmp/initrd.img-2.6.28-11-generic  | cpio -id
38791 blocks
arunsb@laptop:/tmp/initrd-src$ ls -l
total 36
drwxr-xr-x 2 arunsb arunsb 4096 2009-07-12 16:32 bin
drwxr-xr-x 3 arunsb arunsb 4096 2009-07-12 16:32 conf
drwxr-xr-x 6 arunsb arunsb 4096 2009-07-12 16:32 etc
-rwxr-xr-x 1 arunsb arunsb 4825 2009-07-12 16:32 init
drwxr-xr-x 5 arunsb arunsb 4096 2009-07-12 16:32 lib
drwxr-xr-x 2 arunsb arunsb 4096 2009-07-12 16:32 sbin
drwxr-xr-x 8 arunsb arunsb 4096 2009-07-12 16:32 scripts
drwxr-xr-x 3 arunsb arunsb 4096 2009-07-12 16:32 usr
arunsb@laptop:/tmp/initrd-src$

** Check how “init” looks like ~

arunsb@laptop:/tmp/initrd-src$ head init
#!/bin/sh

echo “Loading, please wait…”

[ -d /dev ] || mkdir -m 0755 /dev
[ -d /root ] || mkdir -m 0700 /root
[ -d /sys ] || mkdir /sys
[ -d /proc ] || mkdir /proc
[ -d /tmp ] || mkdir /tmp
mkdir -p /var/lock
arunsb@laptop:/tmp/initrd-src$

Step 2] Edit/Modify as per your requirement

Step 3] How to create initrd image  ~

Create initrd image from scratch –

root@laptop:/home/arunsb# mkinitramfs  -v -o  /tmp/initrd-arun-$(uname -r)

root@laptop:/home/arunsb# ls -l /tmp/initrd-arun-2.6.28-11-generic
-rw-r–r– 1 root root 7536506 2009-07-12 17:11 /tmp/initrd-arun-2.6.28-11-generic

root@laptop:/home/arunsb# du -sh /tmp/initrd-arun-2.6.28-11-generic
7.2M    /tmp/initrd-arun-2.6.28-11-generic
root@laptop:/home/arunsb#

mkinitramfs ~ is the tool used to create initrd image. “initrd” image is a gzipped cpio archive.

** After all modifcation create initrd image as shown below…

arunsb@laptop:/tmp/initrd-src$ find . | cpio –quiet –dereference -o -H newc | gzip -9 > /tmp/initrd.img-2.6.28-11-arun
arunsb@laptop:/tmp/initrd-src$ ls -l /tmp/initrd.img-2.6.28-11-arun
-rw-r–r– 1 arunsb arunsb 7505955 2009-07-12 16:56 /tmp/initrd.img-2.6.28-11-arun
arunsb@laptop:/tmp/initrd-src$

* Enjoy !!

Regards,
Arun Bagul

How to smarthost on linux using sendmail

How to smarthost on linux using sendmail

By | | Comments 0 Comment

This will describe you how to set up a smarthost using sendmail. This is to send emails using your
linux server as your smtp server, and it will use your ISP email server to send all your emails through it, to the final users.

For setting up smarthost you have to add open relay smtp in your /etc/hosts
111.111.111.111 smtp.yourdomain.com
222.222.222.222 smtp.yourdomain.com

Now open /etc/mail/sendmail.mc
and find SMART_HOST
edit with your smtp domain, example below

define(`SMART_HOST’, `smtp.yourdomain.com’)dnl

now add belows 4 line at the end of /etc/mail/sendmail.mc above “MAILER(smtp)dnl”

FEATURE(masquerade_envelope)dnl
FEATURE(`genericstable’)dnl
GENERICS_DOMAIN(`localhost.localdomain’)dnl
FEATURE(`authinfo’, `hash /etc/mail/authinfo’)

save and close the sendmail.mc file

Now follow the steps below

$ vi /etc/mail/genericstable
root ravi@yourdomain.com

arun arun@yourdomain.com

list your users, default is root, save and exit

now run the following command.
$ makemap hash /etc/mail/genericstable < /etc/mail/genericstable

$ vi /etc/init.d/authinfo
AuthInfo:smtp.yourdomain.com “U:arun@smtp.yourdomain.com” “I:arun” “P:password” “M:LOGIN PLAIN”

save and exit authinfo and run
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
chmod 600 /etc/mail/authinfo

Now apply all changes to sendmail.cf to run following command

$ make -C /etc/mail

and last restart the sendmail service
service sendmail restart ; chkconfig sendmail on

Now you can send emails from command line using your external smtp server.

Thanks

Ravi

yum for RHEL

yum for RHEL

By | | Comments 0 Comment

 There is more to Red Hat Enterprise Linux 5 (RHEL5) than Xen. I, for one, think people will develop a real taste for YUM (Yellow dog Updater Modified), an automatic update and package installer/remover for RPM systems.

YUM has already been used in the last few Fedora Core releases, but RHEL4 uses the up2date package manager. RHEL5 will use YUM 3.0. Up2date is used as a wrapper around YUM in RHEL5. Third-party code repositories, prepared directories or websites that contain software packages and index files, will also make use of the Anaconda-YUM combination.

Essentially, YUM automatically computes dependencies and figures out what actions need to happen in order to successfully install packages. The Yellowdog Update Modified package manager is actually a variant of the Yellowdog Update Package (YUP), which is used by the Yellowdog Linux project to manage its applications. Yum is a version of YUP that is compatible with RPMs.

Using YUM makes it much easier to maintain groups of machines without having to manually update each one using RPM. Some of its features include:

  • Multiple repositories

  • Simple config file

  • Correct dependency calculation

  • Fast operation

  • RPM-consistent behavior

  • comps.xml group support, including multiple repository groups

  • Simple interface

RHEL5 moves the entire stack of tools which install and update software to YUM. This includes everything from the initial install (through Anaconda) to host-based software management tools, like system-config-packages, to even the updating of your system via Red Hat Network (RHN). New functionality will include the ability to use a YUM repository to supplement the packages provided with your in-house software, as well as plugins to provide additional behavior tweaks.

YUM automatically locates and obtains the correct RPM packages from repositories. It frees you from having to manually find and install new applications or updates. You can use one single command to update all system software, or search for new software by specifying criteria.

Keep in mind that it is always useful to keep your packages in a local YUM repository. The advantage of this is that when you install a package, YUM will automatically resolve any dependencies, not only by downloading the necessary packages from the other repositories you might have in you list, but also by using your local repository as a resource for potential dependencies. When installing a package with YUM, you must have already created RPM packages for all your dependences. That way, YUM can resolve all the dependencies. You won’t be able to install your package if the dependencies do not exist in the repositories on your list.

Creating your own repository in RHEL5

To install the RPM, you’ll need to type this command:

# yum install createrepo

What this will do is put all your customer RPM packages in a directory, where you can then create the necessary metadata that is needed for your local repository. You would do that by running this command:

# createrepo /mnt/fc_local_repo/

Your local YUM repository has been created. Whenever you put in any new RPMs, you’ll have to run this command, so that the new repository metadata gets updated. To install an RPM package and all the other packages that it depends on, you only need to run:

# yum install my_package.RPM

To install the package group MySQL Database, enter the command:

# yum groupinstall “MySQL Database”

If you need to upgrade the packages for MYSQL: # yum groupupdate “MySQL Database”

To search for packages which provide for Mail Transfer Agents (MTAs), or that have MTA in the name:

# yum provides MTA

Let’s say we want to update our entire system. It’s as simple as typing:

# yum update

To activate automatic daily updates:

/sbin/chkconfig –level 345 yum on; /sbin/service yum start

Configuring access to repositories in RHEL5

To add an extra repository, place a definition file in the /etc/yum.repos.d/ directory on your system. Package providers make the definition files for their repositories available on their websites. You must have root access to add a file to the definitions directory. To copy the definition file example.repo, type this command:

# cp example.repo /etc/yum.repos.d/

The configuration file for each repository should include a gpgkey setting. This setting specifies the location of a public key that verifies the packages provided by that repository. This public key is automatically imported the first time that you install software from the repository.

In conclusion, if you have used YUM before, you should have no problem getting used to this change in RHEL5. If you have not used YUM, once you get passed the initial learning curve, I’m certain that you will love it.

for Yum for RHE4 just checkout official centos wiki pages on centos.org

http://wiki.centos.org/HowTos/PackageManagement/YumOnRHEL

Thanks

Ravi