auth sufficient pam_krb5.so try_first_pass
auth sufficient pam_unix.so shadow nullok try_first_pass
account required pam_unix.so broken_shadow
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
When you start the loadbalancer.org appliance you will see the following:
Default login:
Username: root
Password: loadbalancer
Access to webclient from an external client is:
http://192.168.1.129:9080
http://192.168.1.129:9443
You can access the web administrator using the IP and ports described onscreen.
For the sri lanka porject we are looking for performance and the network diagram indicates we are happy to have the cluster on the same subnet as the rest of the network.
Direct routing is the fasted performance possible, it has the advantage over NAT that the Loadbalancer does not become a bottleneck for incoming and outgoing packets. With DR the loadbalancer simply examines incoming packets and the servers to route the packets directly back to the requesting user.
The web interfaceis the only way to fully configure the loadbalancer vm. The console tool lbwizard will get it initiallised and any further configurations can then be done via the webinterface.
Using lbwizard for the Sri lanka configuration follow these steps.
On the first Loadbalancer:
//Start
Is this unit part for a HA Pair?
YES
Have you already setup the Slave?
NO
Is this a one-armed configuration?
YES
Enter the IP Address for the interface eth0?
Enter IP address you wish to be assigned to the SLAVE loadbalancer.
Enter the netmask for interface eth0?
Enter netmask for the subnet.
Enter the Floating IP adrress?
Enter the IP address that will be IP assosiacted the the HA-pair of loadbalancers.
//Finish
On the 2nd loadbalancer VM, run the lbwizard.
//Start
Is this unit part of an HA-Pair?
YES
Have you already set up the Slave?
YES
What is the slave units UP address?
Enter the IP which you entered when configuring the other loadbalancer VM.
Is this a one-armed configuration?
YES
Enter the IP Address for the interface eth0?
Enter the IP that will be assigned to the MASTER loadbalancer
Enter the netmask for interface eth0?
Enter the subnet netmask.
Enter the Floating IP address?
Enter the IP address that will be IP assosiacted the the HA-pair of loadbalancers.
Enter the address of the default gateway?
Enter the deafult gateway for the subnet.
Enter the IP of the nameserver?
Enter the dns server.
Enter the port for the first Virtual server?
Enter 22 for ssh
Enter the IP address of the first real server?
Enter the real IP of the first appserver
//Finish
Now this is complete we need to go to the web admin interface to configure the 2nd Real Server. As the lbwizard program will only allow you to configure 1 real server.
Now login to the web admin using the default password:
username: loadbalancer
password: loadbalancer
Note: Connect to the IP you have now set for your master loadbalancer
Goto the edit configuration tab
Now click add a real server:
Enter a label
IP address of the server plus the port of the service i.e. 192.168.1.125:22
Edit Configuration -> Virtual Servers
persistancte -> NO
Scheduler-> LC
LC - Least-Connection: assign more jobs to real servers with
fewer active jobs.
Service to check -> custom1
Check port -> 22
Forwarding Method -> DR
Feedback Method -> Agent
Arp Problem when using DR
Every real server must be configured to respond to the VIP address as well as the RIP
address.
You can use iptables (netfilter) on the real server to re-direct incoming packets destined for the virtual
server IP address.
This is a simple case of adding the following command to your start up script (rc.local):
//replace 10.0.0.21 with the Virtual Server IP
iptables -t nat -A PREROUTING -p tcp -d 10.0.0.21 -j REDIRECT
chkconfig iptables on
Recital 10 Express Edition Linux x86 Free Download.
Recital 10 introduces the free single-user developer edition called Recital Express that can be used to develop and test multi-user Recital, Recital Server and Recital Web applications. Once the applications are ready for deployment a commercial license must be purchased. Recital Express, Recital Server Express and Recital Web Express can be used unlicensed for non-commercial purposes only.What does this download include:
 |
Recital 10 A powerful scripting language with an embedded database used for developing desktop database applications on Linux and Unix. Recital has a high degree of compatibility with Microsoft FoxPRO enhanced with many additional enterprise class extensions. |
 |
Recital 10 Web A server-side scripting language with an embedded database for creating web 2.0 applications. Includes plugins for apache and IIS. Coming soon! Recital Web Framework, a comprehensive OO framework built on YUI for building RIA (Rich Internet Applications) in Recital Web. |
 |
Recital 10 Server A cross-platform SQL database and application server which includes client drivers for ODBC, JDBC and .NET enabling Recital data to be accessed client/server from Windows, Linux and Mac. |
 |
Recital 10 Replication A comprehensive replication product that addresses urgent data movement and synchronization needs to help support disaster recovery and business continuity for Recital applications. |
Recital 10 Quick Start:
Graphical Installation
Note: The installation must be run as root. For systems with a hidden root account, please use ’Run as Root’.
- Download the distribution file into a temporary directory
- Check that the distribution file has the execute permission set
- Run the distribution file
- Follow the on screen instructions:
- License agreement
- Select components
- Installation directory and shortcuts
- Linking to /usr/bin
- ODBC Installation type (Recital Server / Recital Client Drivers)
- Java Virtual Machine selection (Recital Server / Recital Client Drivers)
- TomCat Installation type (Recital Server / Recital Client Drivers)
- Apache Firecat Plugin Installation (Recital Web Developer)
- Replication Service Type (Recital Replication Server)
- Install license file
Text Installation
Note: The installation must be run as root. For systems with a hidden root account, please precede commands with ’sudo’.
- Download the distribution file into a temporary directory
- Check that the distribution file has the execute permission set
- Run the distribution file
- Follow the on screen instructions:
- License agreement
- Select components
- Installation directory and shortcuts
- Linking to /usr/bin
- ODBC Installation type (Recital Server / Recital Client Drivers)
- Java Virtual Machine selection (Recital Server / Recital Client Drivers)
- TomCat Installation type (Recital Server / Recital Client Drivers)
- Apache Firecat Plugin Installation (Recital Web Developer)
- Replication Service Type (Recital Replication Server)
- Install license file
lslk lists information about locks held on files with local inodes on systems running linux.
Install it with:
yum install lslk
Here's how to set up field validation based on dynamic values from another table.
Using the products.dbf table from the southwind sample database, validation can be added to the categoryid field to ensure it matches an existing categoryid from the categories.dbf table.
open database southwindThe rlookup() function checks whether an expression exists in the index (master or specified) of the specified table . An attempt to update categoryid with a value not in the list will give an error: Validation on field 'CATEGORYID' failed.
alter table products add constraint;
(categoryid set check rlookup(products.categoryid,categories))
If you have access to the Recital Workbench, you can use the modify structure worksurface to add and alter your dictionary entries, including a customized error message if required.
If you are using the Oracle Gateway in Recital, make sure the Oracle environment (ORACLE_HOME, ORACLE_SID etc.) is set up before starting the Recital Server. If not, you will see the error ORA-01019. A call to the Oracle environment setup script can be added to the /etc/init.d/recital script if your Recital Server is set to run on startup.
If you have 4 GB or more RAM use the Linux kernel compiled for PAE capable machines. Your machine may not show up total 4GB ram. All you have to do is install PAE kernel package.
This package includes a version of the Linux kernel with support for up to 64GB of high memory. It requires a CPU with Physical Address Extensions (PAE).
The non-PAE kernel can only address up to 4GB of memory. Install the kernel-PAE package if your machine has more than 4GB of memory (>=4GB).
# yum install kernel-PAE
If you want to know how much memory centos is using type this in a terminal:
# cat /proc/meminfo
SE Linux is a feature of the Linux kernel that provides mandatory access control. This policy based access control system grants far greater control over the resources on a machine than standard Linux access controls such as permissions.
Many modern Linux distributions are shipping with SELinux enabled by default, Fedora 14 and Rhel 6 both install with it enabled.
When you run Recital Web on a SELinux enabled machine and navigate to the default.rsp page you will see something similar to the screen shot below.
If you launch the SELinux troubleshooter you will see the following problem.
SELinux is blocking the apache server from accessing the Recital server running on port 8001.
To manage you SELinux policy you must have the policycoreutils package group installed. The policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system.
If you wish to use a GUI tool, you must install the policycoreutils-gui package.
At the command prompt execute the following:
As root
$ yum install policycoreutils
$ semanage port -a -t http_port_t -p tcp 8001
$ service recital restart
$ service httpd restart
We use the semanage command here to allow the http server access to port 8001. Once you have completed the steps detailed above you can go and navigate back to the default.rsp page in your borwser, where you will find the permission denied message is now replaced by the default.rsp page.
SELinux does a great job of restricting services and daemons so rather than simply disabling it, why not work with it!
When it comes to security, every little bit helps...