I am pleased to finally report that the Centos release of Redhats 5.3 has been built and is available for download from http://www.centos.org/
The highlights of this release can be found at the following URL: http://www.redhat.com
The main areas of interest in my opinion excluding critical secirty fixes are:
- Updated hardwaresupport support for the new Intel Core i7 (Nehalem) chips
- Beefed up virtualiseation support increasing CPU and Ram limits of Virtual machines.
- Inclusion of the fully open sourced OpenJDK. This makes Red Hat Enterprise Linux 5.3 the first enterprise-ready solution with a fully open source Java stack when combined with JBoss Enterprise Application Platform.
For those who already have Centos 5.2 installed you can simply receive the update via Yum.
Before you do the following, check that you do not have 3rd party repo's and the Centos-testing repo enabled.
You can display the currently enabled repo's using the following command.
$ yum repolist
Then as root at the prompt type:
$ yum update
The goal of the SCPlugin project is to integrate Subversion into the Mac OS X Finder.
- Support for Subversion.
- Access to commonly used source control operations via contextual menu [screenshot]
- Dynamic icon badging for files under version control. Shows the status of your files visually. [ screenshot ]
The Compatibility Dialog settings are written to the compat.db file in <path>/conf - please ensure that the user setting the compatibility settings has write access to this file and directory. Once these settings are written, the dialog will not be displayed unless SET COMPATIBLE is issued.
SE Linux is a feature of the Linux kernel that provides mandatory access control. This policy based access control system grants far greater control over the resources on a machine than standard Linux access controls such as permissions.
Many modern Linux distributions are shipping with SELinux enabled by default, Fedora 14 and Rhel 6 both install with it enabled.
When you run Recital Web on a SELinux enabled machine and navigate to the default.rsp page you will see something similar to the screen shot below.
If you launch the SELinux troubleshooter you will see the following problem.
SELinux is blocking the apache server from accessing the Recital server running on port 8001.
To manage you SELinux policy you must have the policycoreutils package group installed. The policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system.
If you wish to use a GUI tool, you must install the policycoreutils-gui package.
At the command prompt execute the following:
As root
$ yum install policycoreutils
$ semanage port -a -t http_port_t -p tcp 8001
$ service recital restart
$ service httpd restart
We use the semanage command here to allow the http server access to port 8001. Once you have completed the steps detailed above you can go and navigate back to the default.rsp page in your borwser, where you will find the permission denied message is now replaced by the default.rsp page.
SELinux does a great job of restricting services and daemons so rather than simply disabling it, why not work with it!
When it comes to security, every little bit helps...
When you start the loadbalancer.org appliance you will see the following:
Default login:
Username: root
Password: loadbalancer
Access to webclient from an external client is:
http://192.168.1.129:9080
http://192.168.1.129:9443
You can access the web administrator using the IP and ports described onscreen.
For the sri lanka porject we are looking for performance and the network diagram indicates we are happy to have the cluster on the same subnet as the rest of the network.
Direct routing is the fasted performance possible, it has the advantage over NAT that the Loadbalancer does not become a bottleneck for incoming and outgoing packets. With DR the loadbalancer simply examines incoming packets and the servers to route the packets directly back to the requesting user.
The web interfaceis the only way to fully configure the loadbalancer vm. The console tool lbwizard will get it initiallised and any further configurations can then be done via the webinterface.
Using lbwizard for the Sri lanka configuration follow these steps.
On the first Loadbalancer:
//Start
Is this unit part for a HA Pair?
YES
Have you already setup the Slave?
NO
Is this a one-armed configuration?
YES
Enter the IP Address for the interface eth0?
Enter IP address you wish to be assigned to the SLAVE loadbalancer.
Enter the netmask for interface eth0?
Enter netmask for the subnet.
Enter the Floating IP adrress?
Enter the IP address that will be IP assosiacted the the HA-pair of loadbalancers.
//Finish
On the 2nd loadbalancer VM, run the lbwizard.
//Start
Is this unit part of an HA-Pair?
YES
Have you already set up the Slave?
YES
What is the slave units UP address?
Enter the IP which you entered when configuring the other loadbalancer VM.
Is this a one-armed configuration?
YES
Enter the IP Address for the interface eth0?
Enter the IP that will be assigned to the MASTER loadbalancer
Enter the netmask for interface eth0?
Enter the subnet netmask.
Enter the Floating IP address?
Enter the IP address that will be IP assosiacted the the HA-pair of loadbalancers.
Enter the address of the default gateway?
Enter the deafult gateway for the subnet.
Enter the IP of the nameserver?
Enter the dns server.
Enter the port for the first Virtual server?
Enter 22 for ssh
Enter the IP address of the first real server?
Enter the real IP of the first appserver
//Finish
Now this is complete we need to go to the web admin interface to configure the 2nd Real Server. As the lbwizard program will only allow you to configure 1 real server.
Now login to the web admin using the default password:
username: loadbalancer
password: loadbalancer
Note: Connect to the IP you have now set for your master loadbalancer
Goto the edit configuration tab
Now click add a real server:
Enter a label
IP address of the server plus the port of the service i.e. 192.168.1.125:22
Edit Configuration -> Virtual Servers
persistancte -> NO
Scheduler-> LC
LC - Least-Connection: assign more jobs to real servers with
fewer active jobs.
Service to check -> custom1
Check port -> 22
Forwarding Method -> DR
Feedback Method -> Agent
Arp Problem when using DR
Every real server must be configured to respond to the VIP address as well as the RIP
address.
You can use iptables (netfilter) on the real server to re-direct incoming packets destined for the virtual
server IP address.
This is a simple case of adding the following command to your start up script (rc.local):
//replace 10.0.0.21 with the Virtual Server IP
iptables -t nat -A PREROUTING -p tcp -d 10.0.0.21 -j REDIRECT
chkconfig iptables on
Usually, you do not need to setup an email server under Linux. Most GUI email clients support Gmail POP3 and IMAP configurations. But, how do you send mail via the standard /usr/bin/mail user agents in a shell script? Programs such as sendmail / postfix / exim can be configured as a gmail smarthost but they are largely overkill for this use. The ssmtp program is a neat utility that does just that for you via gmail.
A quick tip for optimizing TCP performance on linux.
edit /etc/sysctl.conf add the lines:
If using gigabit ethernet:
net.ipv4.tcp_mem= 98304 131072 196608
net.ipv4.tcp_window_scaling=1
net.core.wmem_default = 65536
net.core.rmem_default = 65536
net.core.wmem_max=8388608
To reload these use:
# sysctl -p
If using infiniband:
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_sack=0
net.ipv4.tcp_rmem=10000000 10000000 10000000
net.ipv4.tcp_wmem=10000000 10000000 10000000
net.ipv4.tcp_mem=10000000 10000000 10000000
net.core.rmem_max=524287
net.core.wmem_max=524287
net.core.rmem_default=524287
net.core.wmem_default=524287
net.core.optmem_max=524287
net.core.netdev_max_backlog=300000
// determine how many Recital users are on the system
nusers = pipetostr("ps -ef | grep db.exe | wc -l")
After split brain has been detected, one node will always have the resource in a StandAlone connection state. The other might either also be in the StandAlone state (if both nodes detected the split brain simultaneously), or in WFConnection (if the peer tore down the connection before the other node had a chance to detect split brain).
At this point, unless you configured DRBD to automatically recover from split brain, you must manually intervene by selecting one node whose modifications will be discarded (this node is referred to as the split brain victim). This intervention is made with the following commands:
# drbdadm secondary resource
# drbdadm disconnect resource
# drbdadm -- --discard-my-data connect resource
On the other node (the split brain survivor), if its connection state is also StandAlone, you would enter:
# drbdadm connect resource
You may omit this step if the node is already in the WFConnection state; it will then reconnect automatically.
If all else fails and the machines are still in a split-brain condition then on the secondary (backup) machine issue:
drbdadm invalidate resource
open database southwind
// open child table
use order_details order orderid in 0
// open parent table
use orders order orderid in 0
set relation to orderid into order_details
do while not eof()
? orders.orderid, order_details.productid
skip
enddo
The code above will display the productid from the first related record, but you will often want to display information from all the related records in the child or detail table as in an SQL Left Outer Join.
open database southwind
select orders.orderid, order_details.productid;
from orders left outer join order_details;
on orders.orderid = order_details.orderid
In this case, we can use a second nested DO WHILE loop, for example:
open database southwind
use order_details order orderid in 0
use orders order orderid in 0
set relation to orderid into order_details
do while not eof()
// Display first or 0 child record
? orders.orderid, order_details.productid
// Display any additional child records
do while not eof(order_details)
? orders.orderid, order_details.productid
skip in order_details
enddo
skip
enddo
Or we can use the SET SKIP command. The SET SKIP command can be used with DISPLAY, LIST and REPORT and automatically skips through all the related records in the child table.
open database southwind
use order_details order orderid in 0
use orders order orderid in 0
set relation to orderid into order_details
set skip on
set skip to order_details
list orders.orderid, order_details.productid
LIST and DISPLAY offer a number of keyword options to allow you to configure the display output. REPORT offers full column based report design.