Boiling Linux and Windows: August 2008

Wednesday, August 27, 2008

Mysql Clustering with DRBD and Heartbeat

OS and Software Specs:
- OS : Ubuntu Hardy Heron 8.04
- DRBD Version : 8.2.5
- Heartbeat Version : Heartbeat-2

I started with LAMP installation on Ubuntu Hardy so MySQL already installed as default.

1. Install DRBD on both server, please refer to link below for DRBD manual installation
Step by Step / HOWTO install DRBD 8.2.6 in Ubuntu 8.04 Hardy Heron

Change to root mode to make it easier.

# sudo -s

2. Install Heartbeat on both server

# apt-get install heartbeat-2

3. Heartbeat configuration. There are 3 important files for heartbeat configuration inside /etc/ha.d/ folder. You'll not found this 3 files inside the folder, you must create or copy the files inside /etc/ha.d/ by your self.

- authkeys
auth 2
#1 crc
2 sha1 yourpasswordhere
#3 md5 Hello!
Make this file unreadable for all other user except root.
# chmod 600 authkeys

- haresources
masterdrbd.myhost.com 172.16.172.105 drbddisk::db Filesystem::/dev/drbd0::/mysql::ext3 mysql
* masterdrbd.myhost.com : your hostname for master.
* 172.16.172.105 : your virtual ip for mysql service.
* /dev/drbd0 : your drbd disk .
* /mysql : your mounting point for drbd disk.
* ext3 : filesystem type for the disk.
* mysql : mysql service that you want to start when heartbeat start.

- ha.cf ( More detail refer to http://www.linux-ha.org/ha.cf )
debugfile /var/log/ha-debug
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
warntime 10
initdead 120
udpport 699
bcast eth0
auto_failback on
node masterdrbd.myhost.com
node slavedrbd.myhost.com
ping 172.16.172.200
ping 172.16.172.1
apiauth ipfail gid=haclient uid=hacluster

After finish with file configuration, copy those 3 files to slave box and move it to /etc/ha.d/

4. Preparing mysql for clustering
I moved mysql data directory to /mysql, so i must change mysql and apparmor setting if i want to run mysql service in different data directory.

- Edit /etc/mysql/my.cnf

change this detail
datadir = /var/lib/mysql
to
datadir = /mysql

- Edit /etc/apparmor.d/usr.sbin.mysqld

change this detail
# /var/lib/mysql/ r,
# /var/lib/mysql/** rwk,
to
/mysql/ r,
/mysql/** rwk,

- Restart apparmor service

# /etc/init.d/apparmor restart

- Move mysql data from /var/lib/mysql to /mysql

# mkdir /mysql
# cd /var/lib/mysql
# cp -r * /mysql
# chown -r mysql.mysql /mysql

- Try to restart your mysql service, make it sure it still can start the mysql service.

- Copy /etc/mysql/my.cnf and /etc/mysql/debian.cnf to slave machine and replace mysql slave machine configuration with this copied files. [You must have the same setting for mysql for both server.]

master# scp /etc/mysql/*.cnf admin@slave.com:
move console to slave machine
slave# cp /home/admin/*.cnf /etc/mysql/

- Disable Mysql Service from startup on both server.

# sysv-rc-conf --level 012456S mysql off
[ sysv-rc-conf has similar function with chkconfig ]

5. Start heartbeat service.
- Make sure drbd service on both server running and the status is correct. Master DRBD must role as Primary and Slave DRBD roles as Secondary.

master# /etc/init.d/drbd status

drbd driver loaded OK; device status:
version: 8.0.11 (api:86/proto:86)
GIT-hash: b3fe2bdfd3b9f7c2f923186883eb9e2a0d3a5b1b *****
m:res  cs         st                 ds                 p  mounted  fstype
0:db   Connected  Primary/Secondary  UpToDate/UpToDate  C  /mysql   ext3

slave# /etc/init.d/drbd status
drbd driver loaded OK; device status:
version: 8.0.11 (api:86/proto:86)
GIT-hash: b3fe2bdfd3b9f7c2f923186883eb9e2a0d3a5b1b *****
m:res  cs         st                 ds                 p  mounted  fstype
0:db   Connected  Secondary/Primary  UpToDate/UpToDate  C
[ There is no sync status in my drbd status because they already fully sync each other, in your status might be bit different, you will see sync status. ]

- Start Heatbeat service on both server.

master# /etc/init.d/heartbeat start
[ Small part of my /var/log/ha-log when heartbeat successfully start. ]

ResourceManager[6699]:  2008/08/28_10:01:01 info: Running /etc/ha.d/resource.d/IPaddr 172.16.172.105 start
IPaddr[6796]:   2008/08/28_10:01:01 INFO: Using calculated nic for 172.16.172.105: eth0
IPaddr[6796]:   2008/08/28_10:01:01 INFO: Using calculated netmask for 172.16.172.105: 255.255.255.0
IPaddr[6796]:   2008/08/28_10:01:01 INFO: eval ifconfig eth0:0 172.16.172.105 netmask 255.255.255.0 broadcast 172.16.172.255
IPaddr[6781]:   2008/08/28_10:01:01 INFO:  Success
ResourceManager[6699]:  2008/08/28_10:01:01 info: Running /etc/ha.d/resource.d/drbddisk db start
Filesystem[6948]:       2008/08/28_10:01:01 INFO:  Resource is stopped
ResourceManager[6699]:  2008/08/28_10:01:01 info: Running /etc/ha.d/resource.d/Filesystem /dev/drbd0 /mysql ext3 start
Filesystem[7024]:       2008/08/28_10:01:01 INFO: Running start for /dev/drbd0 on /mysql
Filesystem[7015]:       2008/08/28_10:01:01 INFO:  Success
ResourceManager[6699]:  2008/08/28_10:01:01 info: Running /etc/init.d/mysql  start

slave# /etc/init.d/heartbeat start
[ Small part of my /var/log/ha-log when heartbeat successfully start. ]

heartbeat[8661]: 2008/07/06_04:38:56 info: local resource transition completed.
heartbeat[8661]: 2008/07/06_04:38:56 info: Initial resource acquisition complete (T_RESOURCES(us))
heartbeat[8710]: 2008/07/06_04:38:56 info: No local resources [/usr/share/heartbeat/ResourceManager listkeys slavedrbd.myhost.com] to acquire.
heartbeat[8661]: 2008/07/06_04:38:57 info: remote resource transition completed.

Monday, August 25, 2008

Step by Step / HOWTO install DRBD 8.2.6 in Ubuntu 8.04 Hardy Heron

Start from fresh Ubuntu Server Installation for 64 bits machine. Big part of this manual i copied from http://www.cb1inc.com/2008/05/18/installing-drbd-8.2.5-on-ubuntu-8.04-hardy-heron.

Install prerequisites:

# apt-get install build-essential autotools-dev flex

Prepare build kernel to compile DRBD

# apt-get install libncurses5-dev linux-source-2.6.24

Then extract the kernel source:

# cd /usr/src
# tar -xvf linux-source-2.6.24.tar.bz2
# cd /usr/src/linux-source-2.6.24

Next, lets clean up any unneeded files (which there shouldn't be any the first time):

# make mrproper

Before you can build the kernel, you need to copy your existing kernel build configuration into the kernel source directory:

# cp /boot/config-2.6.24-16-server /usr/src/linux-source-2.6.24/.config

Now we run the menuconfig which will read in our kernel build configuration and build some version files. As soon as the GUI appears, just exit immediately. You don't have to change any of the settings.

# make menuconfig

Finally we need to prepare the kernel and compile it. This will take quite some time.

# make prepare make

Now that we have the kernel source compiled and ready to go, let's get the DRBD source.

# cd /root
# wget http://oss.linbit.com/drbd/8.2/drbd-8.2.6.tar.gz
# tar -xvf drbd-8.2.6.tar.gz
# cd /root/drbd-8.2.6

We need to build the DRBD driver and specify the path to the kernel source, then install the driver in the /lib path:

# make KDIR=/usr/src/linux-source-2.6.24
# make install

Once the driver is compiled, we need to move/copy it to the appropriate lib directory:

# mv /lib/modules/2.6.24.3/kernel/drivers/block/drbd.ko \
/lib/modules/2.6.24-16-server/kernel/drivers/block

Next we need to start the driver and tell Linux to load it the next time it boots:

# modprobe drbd
# echo 'drbd' >> /etc/modules
# update-rc.d drbd defaults

Now that everything is installed, verify the driver is loaded:

# lsmod | grep drbd

Setup drbd config file /etc/drbd.conf:

resource db
{
protocol C;
startup { wfc-timeout 0; degr-wfc-timeout 20; }
disk { on-io-error detach; } # or panic, ...
syncer {
rate 30M;
}
on masterdrbd.myhost.com {
device /dev/drbd0;
disk /dev/sda1;
address 172.16.172.103:7778;
meta-disk internal;
}
on slavedrbd.myhost.com {
device /dev/drbd0;
disk /dev/sda1;
address 172.16.172.104:7778;
meta-disk internal;
}
}

Start drbd and make it primary

# /etc/init.d/drbd start
# drbdadm create-md db
# drbdadm -- --overwrite-data-of-peer primary db

Setting up slave machine
- Copy /root/drbd-8.2.6 folder and drbd.conf to slave machine

# tar cfvz drbd.tgz /root/drbd-8.2.6
# scp drbd.tgz /etc/drbd.conf myuser@slavedrbd.myhost.com:

- On Slave Box unzip drbd.tgz and make install

slave# cd /home/myuser
slave# tar xfvz drbd.tgz
slave# cd drbd-8.2.6
slave# make install

- Copy drbd.conf to /etc/

slave# cp drbd.conf /etc/

- Start drbd slave

slave# modprobe drbd
slave# drbdadm create-md db
slave# drbdadm secondary db

- Finish with slave configuration

Check your drbd status:
- Primary Node -

# cat /proc/drbd

GIT-hash: b3fe2bdfd3b9f7c2f923186883eb9e2a0d3a5b1b build by phil@mescal, 2008-02-12 11:56:43
0: cs:SyncSource st:Primary/Secondary ds:UpToDate/Inconsistent C r---
ns:21414688 nr:0 dw:0 dr:21414688 al:0 bm:1307 lo:0 pe:16 ua:0 ap:0
[===>................] sync'ed: 20.0% (83985/104897)M
finish: 2:50:38 speed: 8,160 (5,120) K/sec
resync: used:0/31 hits:1337094 misses:1308 starving:0 dirty:0 changed:1308
act_log: used:0/127 hits:0 misses:0 starving:0 dirty:0 changed:0

[ Make sure your primary node is Primary. ]

- Slave Node -

# cat /proc/drbd

GIT-hash: b3fe2bdfd3b9f7c2f923186883eb9e2a0d3a5b1b build by phil@mescal, 2008-02-12 11:56:43
0: cs:SyncTarget st:Secondary/Primary ds:Inconsistent/UpToDate C r---
ns:0 nr:22034720 dw:22034720 dr:0 al:0 bm:1344 lo:0 pe:0 ua:0 ap:0
[===>................] sync'ed: 20.6% (83379/104897)M
finish: 3:59:49 speed: 5,880 (5,116) K/sec
resync: used:0/31 hits:1375825 misses:1345 starving:0 dirty:0 changed:1345
act_log: used:0/127 hits:0 misses:0 starving:0 dirty:0 changed:0

[ Make sure your slave node status is Secondary. ]

How to check the replication data at both side?
1. On primary box try to mount the drbd disk to any folder then put file inside the folder.

# mkfs.ext3 /dev/drbd0
# mount /dev/drbd0 /drbd
# mkdir /drbd
# cd /drbd
# cp -r * /home/ /drbd/
# ls (check bunch of file inside /drbd and remember it)
drbd-8.2.6 drbd_8.2.6.orig.tar.gz drbd-8.2.6.tar.gz

2. Unmount /drbd and make Primary Machine as Secondary DRBD so Slave Machine can take over Primary DRBD status.

# cd /
# umount /drbd
# drbdadm secondary db
# cat /proc/drbd (check Primary Machine DRBD status)
GIT-hash: b3fe2bdfd3b9f7c2f923186883eb9e2a0d3a5b1b build by phil@mescal, 2008-02-12 11:56:43
0: cs:SyncSource st:Secondary/Secondary ds:UpToDate/Inconsistent C r---
ns:26125696 nr:0 dw:1145208 dr:24980841 al:1334 bm:1625 lo:0 pe:0 ua:0 ap:0
[===>................] sync'ed: 24.1% (79709/104897)M
finish: 3:20:03 speed: 6,640 (5,272) K/sec
resync: used:0/31 hits:1761848 misses:2416 starving:0 dirty:0 changed:2416
act_log: used:0/127 hits:284968 misses:12165 starving:41 dirty:10828 changed:1334

[ Make sure the status already changed to Secondary. ]

3. Move the console to slave machine and set drbd status to primary. Mount the drbd disk to folder then check the file inside.

- Make Slave Machine became Primary DRBD.

slave# drbdadm primary db
slave# cat /proc/drbd
GIT-hash: b3fe2bdfd3b9f7c2f923186883eb9e2a0d3a5b1b build by phil@mescal, 2008-02-12 11:56:43
0: cs:SyncTarget st:Primary/Secondary ds:Inconsistent/UpToDate C r---
ns:0 nr:27057704 dw:27057704 dr:0 al:0 bm:1583 lo:1 pe:0 ua:0 ap:0
[===>................] sync'ed: 24.9% (78799/104897)M
finish: 7:00:15 speed: 3,040 (5,268) K/sec
resync: used:0/31 hits:1820058 misses:2474 starving:0 dirty:0 changed:2474
act_log: used:0/127 hits:0 misses:0 starving:0 dirty:0 changed:0

[ We got new status for slave machine, drbd status became Primary. ]

- Mount drbd disk to folder and check the file.

slave# cd /
slave# mkdir /drbd
slave# mount /dev/drbd0 /drbd

[ Don't need to make filesystem again like we did in the Primary Machine. ]

slave# cd /drbd
slave# ls
drbd-8.2.6 drbd_8.2.6.orig.tar.gz drbd-8.2.6.tar.gz

[ You'll get the same file with what you saw in Primary Machine. ]

What we did only to check whether the drbd replication is working or not. Usually, we will use heartbeat to do the failover.

Thursday, August 21, 2008

Windows Administrator Important to remember

To Install Software remotely to remote client :

PSEXEC \\REMOTECLIENT -s -i -d msiexec /package packagename.msi /q

update group policy / gpupdate, restart, shutdown, start remote client pc with Specops Gpupdate

Special Operations Software, Specops, is an international software vendor, offering management products enhancing Active Directory and Group Policy based technology. The company has released their own remote policy updating solution, and the best part is that it is completely free to use. The current version of Specops Gpupdate is 1.0.2.13 (2006-10-25) and the utility can be downloaded here. This tool not only brings the functionality we have developed in the above scripts, but also adds some more management features. Let’s take a look at this nice utility…

Installing Specops Gpupdate

Installing the MSI application is very easy; all it requires is the Active Directory Users & Computers (ADUC) MMC and the Microsoft .NET Framework version 2.0.

Figure 1: The install process is as simple as most MSI package installations (next, next, next)

After installing the MSI file nothing is changed in the GUI, only “Add/Remove Programs” tell us that Specops is installed. So we have to perform an additional task for the magic to appear…

Active Directory User & Computers extended

The first time Specops Gpupdate is installed in the AD Forest, a special command must be run:

“Program Files\Common Files\Specopssoft\Specops ADUC Extension\SpecopsAducMenuExtensionInstaller.exe” /add

This is not a schema update, even though you must be Enterprise Admin to run this. This update is completely reversible, just run it again with the “/remove” switch instead. What it does is to register so called “Display Specifiers” to extend the view from within ADUC.

When right clicking an OU or a computer object, four new options are added: Gpupdate, Restart, Shut down and Start. It’s possible to make a selection of multiple computers and OU’s by holding down [Ctrl] while left clicking the wanted objects.

Figure 2: ADUC MMC extended

If you are wondering, as I did, if the changes also apply to non-DC’s (or management computers ), the answer is: Yes! After installing the Windows Server 2003 Admin Pack Service Pack 1 Administration Tools Pack on a Windows XP Professional client, the .NET Framework 2.0 and Specops Gpupdate, the management console looked just as nice as on the DC and had the same features available.

The Gpupdate option

The first option we have is to perform a Gpupdate command remotely on the selected computers. After choosing Gpupdate we must confirm the selection, see figure 7, and select if we want to use the force option.

Figure 3

After clicking OK a dynamic graph is presented, see figure 8, and a status report on how the update went.

Figure 4

The Restart and Shutdown option

The next two options, ‘Restart’ and ‘Shutdown’ are both “nice to have” management features, right where we need them, in ADUC. We can force the restart or shutdown, specify the number of seconds the user will have to close any open applications and send the user a customized message. Scripting this is not that hard to do using WMI or sending Shutdown.exe with the proper switches – but with Specops Gpupdate we get this functionality for free, no additional work to be done.

Figure 5: The confirm restart dialog

The Start option

The last of the four options, called ‘Start’, is actually Wake on LAN (WOL) functionality built-in to ADUC. When selecting and confirming this, see figure 10, so called Magic packets are sent against the clients MAC address to make them boot. WOL must be supported by the BIOS of computers of course. Specops Gpupdate communicates with Microsoft DHCP servers in the enterprise to find the info needed to perform this process, so it’s only possible to wake DHCP clients and only in network environments with Microsoft DHCP servers deployed.

Figure 6: Confirm starting remote WOL enabled computers

Wednesday, August 20, 2008

disable windows local firewall on remote client via group policy

Windows Firewall in Windows XP SP2 within an SBS 2003 network is enabled by
default. It is controlled by the GPO "Small Business Server Windows
Firewall" on the SBS 2K3 Server.

I suggest you read through my suggestion and then perform following steps
to disable Firewall:

1. On the SBS Server, go to Start -> Administrative Tools -> Group Policy
Management.
2. Expand to Forest\Domains\Yourdomain.local\MyBusiness\Computers.
3. Right click Computers and select New Organization Unit to create a new
OU. Move the client workstation which you want to disable Firewall to this
OU.
4. Expand to Forest\Domains\Yourdomain.local\Group Policy Objects.
5. Right click Group Policy Objects and select New to create a new GPO.
6. Right click the New GPO and select Edit.
7. Expand to Computer configuration ->Administrative templates ->Network
->Network connections -> Windows Firewall -> Domain Profile.
5. On the right pane, double click "Windows Firewall: Protect all network
connections" and select "Disable" or "Not Configure" as your require.
6. Close the GPO Editor window and link the GPO to the OU you create on
step 3.
7. On the SBS Server, go to Start -> Run, type "gpupdate /force" (without
quotation marks).
8. Ask the client to log off and log in the client workstation.
9. Test the issue.

Wednesday, August 13, 2008

Howto Install / Activate Telnet Server in Ubuntu

Telnet is not secure feature for a remote console. My suggestion, use ssh or ssh2 rather than telnet because using telnet all your data will transmit in plain text. So every one who sniffing your network can read all data that you type in telnet.

How to install:

# apt-get install telnetd
# /etc/init.d/openbsd-inetd restart

or if there is no inetd application inside /etc/init.d, please check file /etc/inetd.conf make sure there is telnet service stated in there then do reboot.

After reboot, try to connect from other box using telnet service.

# telnet [your telnet server ip]
example:
# telnet 10.0.0.1

Boiling Linux and Windows