DRBD:
DRBD (Distributed Replicated Block Device) forms the storage redundancy portition of a HA cluster setup. Explained in basic terms DRBD provides a means of achieving RAID 1 behavoir over a network, where whole block devices are mirrored accross the network.
To start off you will need 2 indentically sized raw drives or partitions. Many how-to's on the internet assume the use of whole drives, of course this will be better performance, but if you are simply getting familar with the technology you can repartition existing drives to allow for two eqaully sized raw partitions, one on each of the systems you will be using.
There are 3 DRBD replication modes:
• Protocol A: Write I/O is reported as completed as soon as it reached local disk and local TCP send buffer
• Protocol B: Write I/O is reported as completed as soon as it reached local disk and remote TCP buffer cache
• Protocol C: Write I/O is reported as completed as soon as it reached both local and remote disks.
If we were installing the HA cluster on a slow LAN or if the geogrphical seperation of the systems involved was great, then I recommend you opt for asyncronous mirroring (Protocol A) where the notifcation of a completed write operation occurs as soon as the local disk write is performed. This will greatly improve performance.
As we are setting up our HA cluster connected via a fast LAN, we will be using DRBD in fully syncronous mode, protocol C.
Protocol C involves the file system on the active node only being notified that the write operation was finished when the block is written to both disks of the cluster. Protocol C is the most commonly used mode of DRBD.
/etc/drbd.conf
global { usage-count yes; }
common { syncer { rate 10M; } }
resource r0 {
protocol C;
net {
max-buffers 2048;
ko-count 4;
}
on bailey {
device /dev/drbd0;
disk /dev/sda4;
address 192.168.1.125:7789;
meta-disk internal;
}
on giskard {
device /dev/drbd0;
disk /dev/sda3;
address 192.168.1.127:7789;
meta-disk internal;
}
}
drbd.conf explained:
Global section, usage-count. The DRBD project keeps statistics about the usage of DRBD versions. They do this by contacting a HTTP server each time a new DRBD version is installed on a system. This can be disabled by setting usage-count no;.
The common seciton contains configurations inhereted by all resources defined.
Setting the syncronisation rate, this is accoimplished by going to the syncer section and then assigning a value to the rate setting. The syncronisation rate refers to rate in which the data is being mirrored in the background. The best setting for the syncronsation rate is related to the speed of the network with which the DRBD systems are communicating on. 100Mbps ethernet supports around 12MBps, Giggabit ethernet somewhere around 125MBps.
in the configuration above, we have a resource defined as r0, the nodes are configured in the "on" host subsections.
"Device" configures the path of the logical block device that will be created by DRBD
"Disk" configures the block device that will be used to store the data.
"Address" configures the IP address and port number of the host that will hold this DRBD device.
"Meta-disk" configures the location where the metadata about the DRBD device will be stored.
You can set this to internal and DRBD will use the physical block device to store the information, by recording the metadata within the last sections of the disk.
Once you have created your configuration file, you must conduct the following steps on both the nodes.
Create device metadata.
$ drbdadm create-md r0
v08 Magic number not found
Writing meta data...
initialising activity log
NOT initialized bitmap
New drbd meta data block sucessfully created.
success
Attach the backing device.
$ drbdadm attach r0
Set the syncronisation parameters.
$ drbdadm syncer r0
Connect it to the peer.
$ drbdadm connect r0
Run the service.
$ service drbd start
Heartbeat:
Heartbeat provides the IP redundancy and the service HA functionailty.
On the failure of the primary node the VIP is assigned to the secondary node and the services configured to be HA are started on the secondary node.
Heartbeat configuration:
/etc/ha/ha.conf
## /etc/ha.d/ha.cf on node1
## This configuration is to be the same on both machines
## This example is made for version 2, comment out crm if using version 1
// replace the node variables with the names of your nodes.
crm no
keepalive 1
deadtime 5
warntime 3
initdead 20
bcast eth0
auto_failback yes
node bailey
node giskard
/etc/ha.d/authkeys
// The configuration below set authentication off, and encryption off for the authentication of nodes and their packets.
//Note make sure the authkeys file has the correct permisisions chmod 600
## /etc/ha.d/authkeys
auth 1
1 crc
/etc/ha.d/haresources
//192.168.1.40 is the VIP (Virtual IP) assigned to the cluster.
//the "smb" in the configuration line represents the service we wish to make HA
// /devdrbd0 represents the resource name you configured in the drbd.conf
## /etc/ha.d/haresources
## This configuration is to be the same on both nodes
bailey 192.168.1.40 drbddisk Filesystem::/dev/drbd0::/drbdData::ext3 smb
Here's how to set up field validation for a field with a small static number of acceptable values.
Using the example.dbf table from the southwind sample database, validation can be added to the title field to ensure it matches one of a list values.
open database southwindThe inlist() function checks whether the specified expression exists in the comma-separated list which follows. An attempt to update title with a value not in the list will give an error: Validation on field 'TITLE' failed.
alter table example add constraint;
(title set check inlist(alltrim(title),"Miss","Mr","Mrs","Ms"))
If you have access to the Recital Workbench, you can use the modify structure worksurface to add and alter your dictionary entries, including a customized error message if required.
Specifying this seems to reslove the problem:
-Xmx512m -XX:MaxPermSize=512m
Key features of the Recital scripting language include:
What are the key feature of the Recital database?
- High performance database application scripting language
- Modern object-oriented language features
- Easy to learn, easy to use
- Fast, just-in-time compiled
- Develop desktop or web applications
- Cross-platform support
- Extensive built-in functions
- Superb built-in SQL command integration
- Navigational data access for the most demanding applications
- New MD5( expC ) function to calculate an MD5 crypto key from any character expression
- New MD5FILE( expC ) function calculates an MD5 crypto key for a given filename. If the filename is a pattern e.g *.* it will calculate the key across all files matching the pattern
- New mod_recital.so available for using Recital Web on linux x86_32
- New mod_recital64.so available for using Recital Web on linux x86_64
Here's how to set up field validation based on dynamic values from another table.
Using the products.dbf table from the southwind sample database, validation can be added to the categoryid field to ensure it matches an existing categoryid from the categories.dbf table.
open database southwindThe rlookup() function checks whether an expression exists in the index (master or specified) of the specified table . An attempt to update categoryid with a value not in the list will give an error: Validation on field 'CATEGORYID' failed.
alter table products add constraint;
(categoryid set check rlookup(products.categoryid,categories))
If you have access to the Recital Workbench, you can use the modify structure worksurface to add and alter your dictionary entries, including a customized error message if required.
This article talks about the log files available in Recital products and how to enable logging when required.
Overview
When discussing a problem with the Recital Support Team, one of the most common requests is that you enable logging and send them the log files produced. Log files along with error files are designed to provide detailed information about Recital processes and the prevailing environment and can be a fast-track to resolving a problem.
Log Files
There are three main types of log file:
- System Log
- Client/Server Communication Logs
- Custom Logs
System Log
The System log is a system-wide all product log. It tracks all login and logout operations from either Recital or the Recital Server. Logout details include the exit code: 0 for an error-free, 'normal' exit and the error number and message when an error has occurred. It also shows the licenses that have been loaded and any license error codes and messages. The system log filename is recital.log.
Client/Server Communication Logs
The Client/Server communication logs track the requests and responses between the Recital Server and its clients. The log files are as follows:
| Filename | Type | Description |
|---|---|---|
|
dbserver.log |
System-wide |
The Recital Server startup log. This logs any problems with the Recital Server startup. |
|
port.log |
System-wide |
The port listener log. The port listener (or portserver) listens on port 8001 for client connection requests and spawns the appropriate server process. |
|
net.log |
Connection |
The netserver log. The netserver is the Recital Server database and 4GL engine. |
|
rsi.log |
Connection |
The Recital Server Interface (RSI) Gateway log. This logs communication with the Database Gateways to SQL databases. |
|
rec.log |
Connection |
The Recital Database Gateway log. The Recital Database Gateway (or recserver) is the SQL database engine for Recital Gateway data access. |
|
mys.log |
Connection |
The MySQL Database Gateway log. |
|
ora.log |
Connection |
The Oracle Database Gateway log. |
|
inf.log |
Connection |
The Informix Database Gateway log. |
|
ing.log |
Connection |
The Ingres Database Gateway log. |
|
pos.log |
Connection |
The PostgreSQL Database Gateway log. |
|
jdb.log |
Connection |
The JDBC Driver Database Gateway log. |
Custom Logs
The Recital/4GL USERLOG() function can be used to log information to a user-specific log file for debugging or audit trail purposes. For full information on this function, please see the USERLOG() documentation.
Enabling Log Files
For instructions on enabling log files for individual products, please follow these links:
- Recital Server for Windows
- Recital Server for Linux
- Recital Server for UNIX
- Recital Server for OpenVMS
- Recital for Linux
- Recital for UNIX
- Recital for OpenVMS
Enabling Log Files: Recital Server for Windows
To enable the system log file for the Recital Universal Application Server for Windows, include the following command in the UAS\config.db file:
set syslogging on
The Recital Server Manager System Logging tab allows for the viewing and resetting of the System log.
Section
Item
Description
System Logging
DateTime
Date and time stamp of the action.
Name
Login name used by connection
Action
Action logged: Login, Logoff, Errot
Details
Details of action
Buttons
Purge
Allows the log file to be reset
Refresh
Refreshes the display
To set up Client/Server logging, use the Recital Server Manager Settings tab to update the server's Registry entries:
The following Log file settings can be configured:
|
Item |
Description |
|---|---|
|
Log files Directory Path |
Enter the directory in which log files will be created. The default is the UAS\log directory. |
|
Enabled |
Check to enable log file creation. |
|
Versions |
Check to enable log file versioning. |
|
Listener |
Click to view the current port listener log file |
|
Server |
Click to view the current netserver log file |
|
Purge |
Click to purge all log files |
Enabling Log Files: Recital Server for Linux
To enable the system log file for the Recital Server for Linux, include the following command in the conf/config.db file:
set syslogging on
To set up Client/Server logging, the Recital Server can be started with the 'logging' parameter, in which case, all relevant logging will take place.
# service startup logging<
Alternatively, one or more of the following environment variables can be added to the dbserver.conf file or set at the Operating System prompt. The Recital Server must be restarted before environment variable changes will be recognized. Each environment variable should be set to the name of a log file.
Environment Variable
Logs Activity of...
UASLOG_PORT
Port Server (db_rsiserver)
UASLOG_NET
(Net) Server (db_netserver)
UASLOG_ORA
Oracle Server (db_oraserver)
UASLOG_INF
Informix Server (db_infserver)
UASLOG_ING
Ingres Server (db_ingserver)
UASLOG_JDB
JDBC Server (db_jdbserver)
UASLOG_REC
Recital Server (db_recserver)
Extract from recital.conf:
UASLOG_PORT="port.log" ; export UASLOG_PORT UASLOG_NET="net.log" ; export UASLOG_NET UASLOG_ORA="ora.log" ; export UASLOG_ORA UASLOG_INF="inf.log" ; export UASLOG_INF UASLOG_ING="ing.log" ; export UASLOG_ING UASLOG_JDB="jdb.log" ; export UASLOG_JDB UASLOG_REC="rec.log" ; export UASLOG_REC
DB_LOGDIR
If the environment variable DB_LOGDIR is set to an existing directory, all log files will be written to this directory. If not, the log files will be created in the bin directory.
DB_LOGDIR is set in the conf/recital.conf file. By default it is set to the log directory:
DB_LOGDIR=${ROI_ROOT}log/ ; export DB_LOGDIR
DB_LOGVER
If the environment variable DB_LOGVER is greater than 0, version numbers are added to the file names. For example, the activity of the first Net Server process will be logged to net.log, the second to net001.log, the third to net002.log etc. up to the maximum value of DB_LOGVER.
DB_LOGVER is set in the conf/recital.conf file:
DB_LOGVER=10; export DB_LOGVER
Enabling Log Files: Recital Server for UNIX
To enable the system log file for the Recital Server for UNIX, include the following command in the conf/config.db file:
set syslogging on
To set up Client/Server logging, the Recital Server can be started with the 'logging' parameter, in which case, all relevant logging will take place.
# service startup logging
Alternatively, one or more of the following environment variables can be added to the <em>dbserver.conf</em> file or set at the Operating System prompt. The Recital Server must be restarted before environment variable changes will be recognized. Each environment variable should be set to the name of a log file.
Environment Variable
Logs Activity of...
UASLOG_PORT
Port Server (db_rsiserver)
UASLOG_NET
(Net) Server (db_netserver)
UASLOG_ORA
Oracle Server (db_oraserver)
UASLOG_INF
Informix Server (db_infserver)
UASLOG_ING
Ingres Server (db_ingserver)
UASLOG_JDB
JDBC Server (db_jdbserver)
UASLOG_REC
Recital Server (db_recserver)
Extract from recital.conf:
UASLOG_PORT="port.log" ; export UASLOG_PORT UASLOG_NET="net.log" ; export UASLOG_NET UASLOG_ORA="ora.log" ; export UASLOG_ORA UASLOG_INF="inf.log" ; export UASLOG_INF UASLOG_ING="ing.log" ; export UASLOG_ING UASLOG_JDB="jdb.log" ; export UASLOG_JDB UASLOG_REC="rec.log" ; export UASLOG_REC
DB_LOGDIR
If the environment variable DB_LOGDIR is set to an existing directory, all log files will be written to this directory. If not, the log files will be created in the bin directory.
DB_LOGDIR is set in the conf/recital.conf file. By default it is set to the log directory:
DB_LOGDIR=${DB_ROOT}log/ ; export DB_LOGDIR
DB_LOGVER
If the environment variable DB_LOGVER is greater than 0, version numbers are added to the file names. For example, the activity of the first Net Server process will be logged to net.log, the second to net001.log, the third to net002.log etc. up to the maximum value of DB_LOGVER.
DB_LOGVER is set in the conf/recital.conf file:
DB_LOGVER=10; export DB_LOGVER
Enabling Log Files: Recital Universal Application Server for OpenVMS
To enable the system log file for the Recital Universal Application Server for OpenVMS, include the following command in the db_uas:config.db file:
set syslogging on
To set up Client/Server logging, one or more of the following symbols can be added to the <em>db_uas:login.com</em> file. The Recital Server must be restarted before symbol changes will be recognized. Each symbol should be set to the name of a log file.
Symbol
Logs Activity of…
UASLOG_PORT
Port Server (db_rsiserver)
UASLOG_NET
(Net) Server (db_netserver)
UASLOG_ORA
Oracle Server (db_oraserver)
UASLOG_INF
Informix Server (db_infserver)
UASLOG_ING
Ingres Server (db_ingserver)
UASLOG_JDB
JDBC Server (db_jdbserver)
UASLOG_REC
Recital Server (db_recserver)
Extract from db_uas:login.com
$ uaslog_port :== port.log $ uaslog_net :== net.log $ uaslog_ora :== ora.log $ uaslog_inf :== inf.log $ uaslog_ing :== ing.log $ uaslog_jdb :== jdb.log $ uaslog_rec :== rec.log
DB_LOGDIR
If the symbol DB_LOGDIR is set to an existing directory, all log files will be written to this directory. If not, the log files will be created in the UAS directory.
DB_LOGDIR is set in the db_uas:login.com file. By default it is set to the UAS.log] directory:
$db_logdir :== 'db_root'.log] ! system logging directory
DB_LOGVER
If the symbol DB_LOGVER is enabled, version numbers are added to the file names. For example, the activity of the first Net Server process will be logged to net.log, the second to net001.log, the third to net002.log etc.
DB_LOGVER is set in the db_uas:login.com file:
$db_logver :== true ! enable multiple log files
Enabling Log Files: Recital for Linux
To enable the system log file for Recital for Linux, include the following command in the conf/config.db file:
set syslogging on
Enabling Log Files: Recital for UNIX
To enable the system log file for Recital for UNIX, include the following command in the conf/config.db file:
set syslogging on
Enabling Log Files: Recital for OpenVMS
To enable the system log file for Recital for OpenVMS, include the following command in the db_ovd:config.db file:
set syslogging on
In Brief
- Log files provide important information to aid problem resolution, but they are also an overhead, so logging should only be enabled when required, not in normal production operation.
- The System log provides a system-wide view of logins, exits and error codes.
- The System log can be viewed in table format via the SYSLOGGING System Table.
- The System log is enabled using the SET SYSLOGGING ON Recital/4GL command in the conf/config.db file.
- Client/Server logs provide detailed information on client/server requests and responses.
- Client/Server logs are enabled using environment variables, symbols or Registry entries or by specifying the 'logging' parameter when starting the Recital Server.
- The location of log files is determined by the DB_LOGDIR setting.
- Versioning of log files is determined by the DB_LOGVER setting.
After split brain has been detected, one node will always have the resource in a StandAlone connection state. The other might either also be in the StandAlone state (if both nodes detected the split brain simultaneously), or in WFConnection (if the peer tore down the connection before the other node had a chance to detect split brain).
At this point, unless you configured DRBD to automatically recover from split brain, you must manually intervene by selecting one node whose modifications will be discarded (this node is referred to as the split brain victim). This intervention is made with the following commands:
# drbdadm secondary resource
# drbdadm disconnect resource
# drbdadm -- --discard-my-data connect resource
On the other node (the split brain survivor), if its connection state is also StandAlone, you would enter:
# drbdadm connect resource
You may omit this step if the node is already in the WFConnection state; it will then reconnect automatically.
If all else fails and the machines are still in a split-brain condition then on the secondary (backup) machine issue:
drbdadm invalidate resource
SE Linux is a feature of the Linux kernel that provides mandatory access control. This policy based access control system grants far greater control over the resources on a machine than standard Linux access controls such as permissions.
Many modern Linux distributions are shipping with SELinux enabled by default, Fedora 14 and Rhel 6 both install with it enabled.
When you run Recital Web on a SELinux enabled machine and navigate to the default.rsp page you will see something similar to the screen shot below.
If you launch the SELinux troubleshooter you will see the following problem.
SELinux is blocking the apache server from accessing the Recital server running on port 8001.
To manage you SELinux policy you must have the policycoreutils package group installed. The policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system.
If you wish to use a GUI tool, you must install the policycoreutils-gui package.
At the command prompt execute the following:
As root
$ yum install policycoreutils
$ semanage port -a -t http_port_t -p tcp 8001
$ service recital restart
$ service httpd restart
We use the semanage command here to allow the http server access to port 8001. Once you have completed the steps detailed above you can go and navigate back to the default.rsp page in your borwser, where you will find the permission denied message is now replaced by the default.rsp page.
SELinux does a great job of restricting services and daemons so rather than simply disabling it, why not work with it!
When it comes to security, every little bit helps...