Virtual Box Machine Settings Urdu CBT by Babar Zahoor

Virtual Box Machine Settings

Virtual Box Machine Settings Urdu CBT by Babar Zahoor

Bind DNS Server Configuration in Chrooted Environment by Babar Zahoor

Updated :08-01-2011

Purpose: Configuration of DNS (Bind) server in chroot environment.

OS CentOS 5.4 X86_64

——————————————————-
Please Install the bind packages
——————————————————-

[root@ns1 ~]# yum install bind bind-utils bind-*
 Loaded plugins: fastestmirror
 Loading mirror speeds from cached hostfile
 * addons: virror.hanoilug.org
 * extras: ftp.hostrino.com
 * updates: ftp.hostrino.com
 addons | 951 B 00:00
 extras | 1.1 kB 00:00
 ftp | 2.1 kB 00:00
 updates | 1.9 kB 00:00
 updates/primary_db | 444 kB 00:00
 Setting up Install Process
 Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-sdb-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-chroot-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Package 30:bind-libs-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libs-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Package 30:bind-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-utils-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.x86_64 already installed and latest version
 Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.1.i386 already installed and latest version
 Nothing to do

———————————————————————
Please Configure Static IP and Default Gateway
———————————————————————

[root@ns1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE=eth0
 BOOTPROTO=static
 IPADDR=192.168.1.100
 NETMASK=255.255.255.0
 ONBOOT=yes
 HWADDR=00:16:36:73:7e:4f
wq!

[root@ns1 ~]# ifconfig
 eth0 Link encap:Ethernet HWaddr 00:16:36:73:7E:4F
 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
 inet6 addr: fe80::216:36ff:fe73:7e4f/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:1641 errors:0 dropped:0 overruns:0 frame:0
 TX packets:950 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:192907 (188.3 KiB) TX bytes:117111 (114.3 KiB)
lo Link encap:Local Loopback
 inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:16436 Metric:1
 RX packets:105 errors:0 dropped:0 overruns:0 frame:0
 TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:10213 (9.9 KiB) TX bytes:10213 (9.9 KiB)
[root@ns1 ~]#
 [root@ns1 ~]# vi /etc/sysconfig/network
 NETWORKING=yes
 NETWORKING_IPV6=no
 HOSTNAME=dns.compnay.com
 GATEWAY=192.168.1.1

wq!

——————————————————————————————————————————————————————————
Now we are going to configure the Bind service please copy the files content and modify with your network settings
——————————————————————————————————————————————————————————

[root@ns1 ~]#
 [root@ns1 ~]# cd /var/named/chroot/
 [root@ns1 chroot]# ll
 total 24
 drwxr-x—- 2 root named 4096 Dec 1 00:00 dev
 drwxr-x—- 2 root named 4096 Jan 4 04:42 etc
 dr-xr-xr-x 85 root root 0 Jan 11 22:41 proc
 drwxr-x—- 6 root named 4096 Dec 1 00:00 var
 [root@ns1 chroot]#

———————————————-
Now create zone file named.conf
———————————————-

 

[root@ns1 chroot]# vi etc/named.conf
options
 {
 directory “/var/named”; // the default
 dump-file “data/cache_dump.db”;
 statistics-file “data/named_stats.txt”;
 memstatistics-file “data/named_mem_stats.txt”;
};
zone “.” IN {
 type hint;
 file “named.root”;
 };
zone “localhost” IN {
 type master;
 file “localhost.fwd”;
 allow-update { none; };
 };
zone “0.0.127.in-addr.arpa” IN {
 type master;
 file “localhost.rev”;
 allow-update { none; };
 };
zone “compnay.com” IN {
 type master;
 file “compnay.com.fwd”;
 allow-update { none; };
 };
zone “1.168.192.in-addr.arpa” IN {
 type master;
 file “compnay.com.rev”;
 allow-update { none; };
 };
wq!
[root@ns1 chroot]# cd var/named
[root@ns1 named]#

—————————————
Now create named.root file
—————————————

[root@ns1 named]#

First We confiure named.root file for root dns

 

[root@ns1 named]# vi named.root
 . 6D IN NS A.ROOT-SERVERS.NET.
 . 6D IN NS B.ROOT-SERVERS.NET.
 . 6D IN NS C.ROOT-SERVERS.NET.
 . 6D IN NS D.ROOT-SERVERS.NET.
 . 6D IN NS E.ROOT-SERVERS.NET.
 . 6D IN NS F.ROOT-SERVERS.NET.
 . 6D IN NS G.ROOT-SERVERS.NET.
 . 6D IN NS H.ROOT-SERVERS.NET.
 . 6D IN NS I.ROOT-SERVERS.NET.
 . 6D IN NS J.ROOT-SERVERS.NET.
 . 6D IN NS K.ROOT-SERVERS.NET.
 . 6D IN NS L.ROOT-SERVERS.NET.
 . 6D IN NS M.ROOT-SERVERS.NET.
 A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
 B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
 C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
 D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
 E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
 F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
 G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
 H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
 I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
 J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
 L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
wq!
—————————————————————————————————————————————————————————————————
 Now create zone db files one by one localhost.fwd and the localhost.rev are must then your network zone files forward and reverse
 —————————————————————————————————————————————————————————————————

 

[root@ns1 named]# vi localhost.fwd
 $ORIGIN localhost.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS dns.compnay.com.
localhost. IN A 127.0.0.1
wq! ##### Save the file after copying the content from here. #####
[root@ns1 named]# vi localhost.rev
 $ORIGIN 0.0.127.in-addr.arpa.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
1.0.0.127.in-addr.arpa. IN PTR localhost.
wq!
[root@ns1 named]# vi compnay.com.fwd
 $ORIGIN compnay.com.
 $TTL 86400
 @ IN SOA ns1.compnay.com. ns1.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
proxy.compnay.com. IN A 192.168.1.253
wq!
[root@ns1 named]# vi compnay.com.rev
 $ORIGIN 1.168.192.in-addr.arpa.
 $TTL 86400
 @ IN SOA ns1.compnay.com. root.compnay.com. (
 20100104 ; Serial number
 3H ; Refresh 1 day
 15M ; Retry 2 hours
 1W ; Expire 41.67 days
 1D ) ; Minimum TTL 2 days
@ IN NS ns1.compnay.com.
 253.1.168.192.in-addr.arpa. IN PTR proxy.compnay.com.
wq!
[root@ns1 ~]# vi /etc/resolv.conf
 search compnay.com
 nameserver 192.168.1.254
wq!

————————————————————————————————-
Configuration has been done now start “/etc/init.d/named” service
————————————————————————————————-

 

[root@ns1 ~]# /etc/init.d/named start
 Starting named: [ OK ]
 [root@ns1 ~]# dig yahoo.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» yahoo.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 46559
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 21600 IN A 209.191.93.53
yahoo.com. 21600 IN A 69.147.114.224
yahoo.com. 21600 IN A 209.131.36.159

;; AUTHORITY SECTION:
yahoo.com. 172800 IN NS ns1.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
yahoo.com. 172800 IN NS ns6.yahoo.com.
yahoo.com. 172800 IN NS ns8.yahoo.com.

;; ADDITIONAL SECTION:
ns6.yahoo.com. 172800 IN A 202.43.223.170
ns8.yahoo.com. 172800 IN A 202.165.104.22

;; Query time: 643 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:01:01 2010
;; MSG SIZE rcvd: 233

[root@ns1 ~]#

—————————————————————————
Now please open ports for named server for network
—————————————————————————

 

[root@ns1 ~]# iptables -A INPUT -p tcp -m multiport —dport 53,953 -j ACCEPT
[root@ns1 ~]# iptables -A INPUT -p udp -m multiport —dport 53,953 -j ACCEPT
[root@ns1 ~]#
[root@ns1 ~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@ns1 ~]#
[root@ns1 ~]# dig ns1.compnay.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» ns1.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 29732
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.compnay.com. IN A

;; ANSWER SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100

;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:13:33 2010
;; MSG SIZE rcvd: 66

[root@ns1 ~]#
[root@ns1 ~]# dig www.compnay.com

; «» DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.1 «» www.compnay.com
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 10800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.compnay.com. IN A

;; ANSWER SECTION:
www.compnay.com. 86400 IN A 192.168.1.102

;; AUTHORITY SECTION:
compnay.com. 86400 IN NS ns1.compnay.com.

;; ADDITIONAL SECTION:
ns1.compnay.com. 86400 IN A 192.168.1.100

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Tue Jan 12 03:14:09 2010
;; MSG SIZE rcvd: 86

[root@ns1 ~]#

ALLHAMDULILLAH We have configured proper bind server on CentOs 5.4

Note:Please install bind packages and then copy the files text from this configuration and paste to your server.
Also modify the settings as per your network machine names and their IP’s.

High Availability Linux Cluster for SQUID Proxy using DRBD and HeartBeat on CentOS /RHEL / Fedora by Babar Zahoor

High Availability Linux Cluster Setup using DRBD and Heart Beat on CentOS 5.x 6.x /RHEL 5.x 6.X/ Fedora

#### This How To belongs to My video on High Availability Squid Cache using DRBD and HeartBeat ####

OS CentOS 5.3 on both machines.redhat-logo1

We will setup for Transparent squid on High Availability Cluster.

Packages are available on CentOS extras repository.

Our Scenario

We have two servers

baber 192.168.1.50 Primary server

farrukh 192.168.1.60 Secondry server

Setup for ip to name resolve ## we don’t have DNS we need this step ##

Basic Setup Configuration.

[root@baber ~]# vim /etc/hosts
 192.168.1.50 baber
 192.168.1.60 farrukh
 save & exit
 [root@baber ~]# ping baber
 PING baber (192.168.1.50) 56(84) bytes of data.
 64 bytes from baber (192.168.1.50): icmp_seq=1 ttl=64 time=4.15 ms
 64 bytes from baber (192.168.1.50): icmp_seq=2 ttl=64 time=0.126 ms
 64 bytes from baber (192.168.1.50): icmp_seq=3 ttl=64 time=1.88 ms
 [1]+ Stopped ping baber
 [root@baber ~]# ping farrukh
 PING farrukh (192.168.1.60) 56(84) bytes of data.
 64 bytes from farrukh (192.168.1.60): icmp_seq=1 ttl=64 time=1.32 ms
 64 bytes from farrukh (192.168.1.60): icmp_seq=2 ttl=64 time=0.523 ms
 64 bytes from farrukh (192.168.1.60): icmp_seq=3 ttl=64 time=1.79 ms
 [2]+ Stopped ping farrukh
[root@baber ~]#
[root@baber ~]# scp /etc/hosts 192.168.1.60:/etc/hosts

On Node1 servers:

Please before going to next step, stop unwanted services on both servers

[root@baber ~]# /etc/init/sendmail stop
 [root@baber ~]# chkconfig --level 235 sendmail off
 [root@baber ~]# iptables -F
 [root@baber ~]#service iptables save
 [root@farrukh ~]# /etc/init/sendmail stop
 [root@farrukh ~]# chkconfig --level 235 sendmail off
 [root@farrukh ~]# iptables -F
 [root@farrukh ~]#service iptables save
 [root@baber ~]# rpm -qa | grep ntp
 ntp-4.2.2p1-9.el5.centos.1
 [root@baber ~]#

Then we need to open ntp server configuration file.

[root@baber ~]#vi /etc/ntp.conf
 # Permit time synchronization with our time source, but do not
 # permit the source to query or modify the service on this system.
 restrict default kod nomodify notrap nopeer noquery
 # Permit all access over the loopback interface. This could
 # be tightened as well, but to do so would effect some of
 # the administrative functions.
 restrict 127.0.0.1
 # Hosts on local network are less restricted.
 #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
 # Use public servers from the pool.ntp.org project.
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 ### Edited By Babar Zahoor Jun 16 2009 ###
 #server 0.centos.pool.ntp.org
 #server 1.centos.pool.ntp.org
 #server 2.centos.pool.ntp.org
 #broadcast 192.168.1.255 key 42 # broadcast server
 #broadcastclient # broadcast client
 #broadcast 224.0.1.1 key 42 # multicast server
 #multicastclient 224.0.1.1 # multicast client
 #manycastserver 239.255.254.254 # manycast server
 #manycastclient 239.255.254.254 key 42 # manycast client
 # Undisciplined Local Clock. This is a fake driver intended for backup
 # and when no outside source of synchronized time is available.
 ########## for server use this and on clients comment this and use server serverIP ##################
 server 127.127.1.0 # local clock
 #fudge 127.127.1.0 stratum 10
 # Drift file. Put this in a directory which the daemon can write to.
 # No symbolic links allowed, either, since the daemon updates the file
 # by creating a temporary in the same directory and then rename()'ing
 # it to the file.
 # driftfile /var/lib/ntp/drift
 # Key file containing the keys and key identifiers used when operating
 # with symmetric key cryptography.
 # Specify the key identifiers which are trusted.
 # trustedkey 4 8 42
 # Specify the key identifier to use with the ntpdc utility.
 # requestkey 8
 # Specify the key identifier to use with the ntpq utility.
 #controlkey 8
 keys /etc/ntp/keys
 save quit.

 [root@baber ~]#
 [root@baber ~]# /etc/init.d/ntpd start
 [root@baber ~]# chkconfig --level 235 ntpd on
 [root@farrukh ~]# vim ntp.conf
 # Permit time synchronization with our time source, but do not
 # permit the source to query or modify the service on this system.
 restrict default kod nomodify notrap nopeer noquery
 # Permit all access over the loopback interface. This could
 # be tightened as well, but to do so would effect some of
 # the administrative functions.
 #restrict 127.0.0.1
 #estrict -6 ::1
 # Hosts on local network are less restricted.
 #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
 # Use public servers from the pool.ntp.org project.
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
 server 192.168.1.50 ### add this line on second server ###
 #server 0.centos.pool.ntp.org
 #server 1.centos.pool.ntp.org
 #server 2.centos.pool.ntp.org
 #broadcast 192.168.1.255 key 42 # broadcast server
 #broadcastclient # broadcast client
 #broadcast 224.0.1.1 key 42 # multicast server
 #multicastclient 224.0.1.1 # multicast client
 #manycastserver 239.255.254.254 # manycast server
 #manycastclient 239.255.254.254 key 42 # manycast client
 # Undisciplined Local Clock. This is a fake driver intended for backup
 # and when no outside source of synchronized time is available.
 #server 127.127.1.0 # local clock ##### #####
 #fudge 127.127.1.0 stratum 10
 # Drift file. Put this in a directory which the daemon can write to.
 # No symbolic links allowed, either, since the daemon updates the file
 # by creating a temporary in the same directory and then rename()'ing
 # it to the file.
 driftfile /var/lib/ntp/drift
 # Key file containing the keys and key identifiers used when operating
 # with symmetric key cryptography.
 keys /etc/ntp/keys
 # Specify the key identifiers which are trusted.
 #trustedkey 4 8 42
 # Specify the key identifier to use with the ntpdc utility.
 #requestkey 8
 # Specify the key identifier to use with the ntpq utility.
 #controlkey 8
 save & exit
 [root@farrukh ~]# /etc/init.d/ntpd start
 [root@farrukh ~]# chkconfig --level 235 ntpd on
 [root@farrukh ~]# ntpdate -u 192.168.1.50
 [root@farrukh ~]# watch ntpq -p -n
 [root@baber ~]# watch ntpq -p -n

PARTITION SETUP On Both Servers.

Partition setup on both server identical same with fdisk here we have 3GB disks on both servers, here we will setup partition for HA Cluster Servers. We need to create LVM partitions on both machines, we will explain one server named as farrukh.

[root@baber ~]# fdisk -l
[root@baber ~]# fdisk /dev/sdb
[root@baber ~]# fdisk /dev/sd
sda sda1 sda2 sdb sdb1

[root@farrukh ~]# fdisk /dev/sdb
 Command (m for help): m
 Command action
 a toggle a bootable flag
 b edit bsd disklabel
 c toggle the dos compatibility flag
 d delete a partition
 l list known partition types
 m print this menu
 n add a new partition
 o create a new empty DOS partition table
 p print the partition table
 q quit without saving changes
 s create a new empty Sun disklabel
 t change a partition's system id
 u change display/entry units
 v verify the partition table
 w write table to disk and exit
 x extra functionality (experts only)
 Command (m for help): p
 Disk /dev/sdb: 4294 MB, 4294967296 bytes
 255 heads, 63 sectors/track, 522 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes
 Device Boot Start End Blocks Id System
 /dev/sdb1 1 522 4192933+ 8e Linux LVM
 Command (m for help): d
 Selected partition 1
 Command (m for help): n
 Command action
 e extended
 p primary partition (1-4)
 p
 Partition number (1-4): 1
 First cylinder (1-522, default 1):
 Using default value 1
 Last cylinder or +size or +sizeM or +sizeK (1-522, default 522): +4000M
 Command (m for help): p
 Disk /dev/sdb: 4294 MB, 4294967296 bytes
 255 heads, 63 sectors/track, 522 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes
 Device Boot Start End Blocks Id System
 /dev/sdb1 1 487 3911796 83 Linux
 Command (m for help): t
 Selected partition 1
 Hex code (type L to list codes): 8e
 Changed system type of partition 1 to 8e (Linux LVM)
 Command (m for help): p
 Disk /dev/sdb: 4294 MB, 4294967296 bytes
 255 heads, 63 sectors/track, 522 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes
 Device Boot Start End Blocks Id System
 /dev/sdb1 1 487 3911796 8e Linux LVM
 Command (m for help):
 Command (m for help): w
 [root@baber ~]# partprobe

New Create Physical Volume for LVM this is second step for LVM partition

[root@farrukh ~]# pvcreat /dev/sdb1
 Create Volume Group with this command
 [root@farrukh ~]# vgcreate vgdrbd /dev/sdb1
 Create Logical volume partition
 [root@farrukh ~]# lvcreate -n lvdrbd /dev/mapper/vgdrbd -L +4000M

Note: Create LVM on Both servers identical same ……………….

Note:Please also add these three values in sysctl.conf

[root@baber ~]#vi /etc/sysctl.conf
 net.ipv4.conf.eth0.arp_ignore = 1
 net.ipv4.conf.all.arp_announce = 2
 net.ipv4.conf.eth0.arp_announce = 2
 save & quit
 [root@baber ~]# sysctl -p
 net.ipv4.ip_forward = 0
 net.ipv4.conf.default.rp_filter = 1
 net.ipv4.conf.eth0.arp_ignore = 1
 net.ipv4.conf.all.arp_announce = 2
 net.ipv4.conf.eth0.arp_announce = 2
 net.ipv4.conf.default.accept_source_route = 0
 kernel.sysrq = 0
 kernel.core_uses_pid = 1
 net.ipv4.tcp_syncookies = 1
 kernel.msgmnb = 65536
 kernel.msgmax = 65536
 kernel.shmmax = 4294967295
 kernel.shmall = 268435456
 [root@baber ~]#

DRBD Setup

Now install drbd82 & kmod-drbd82 or latest available package rpms using yum command on both servers

[root@baber ~]#yum install -y drbd82 kmod-drbd82

Now open /etc/drbd.conf using any text editor, I am using here VIM for this purpose

[root@baber ~]#vim /etc/drbd.conf
 global {
 usage-count yes;
 }
 common {
 syncer { rate 10M; }
 }
 resource r0 {
 protocol C;
 handlers {
 pri-on-incon-degr "echo o > /proc/sysrq-trigger ; halt -f";
 pri-lost-after-sb "echo o > /proc/sysrq-trigger ; halt -f";
 local-io-error "echo o > /proc/sysrq-trigger ; halt -f";
 outdate-peer "/usr/lib/heartbeat/drbd-peer-outdater -t 5";
 }
 startup {
 }
 disk {
 on-io-error detach;
 }
 net {
 after-sb-0pri disconnect;
 after-sb-1pri disconnect;
 after-sb-2pri disconnect;
 rr-conflict disconnect;
 }
 syncer {
 rate 10M;
 al-extents 257;
 }
 ####add the below information according to your HA server setup####
 on baber {
 device /dev/drbd0;
 disk /dev/VGdrbd/lvdrbd;
 address 192.168.1.50:7788;
 meta-disk internal;
 }
 on node2 {
 device /dev/drbd0;
 disk /dev/VGdrbd/lvdrbd;
 address 192.168.1.60:7788;
 meta-disk internal;
 }
 }
 save it........
 [root@baber ~]#
 [root@baber ~]# scp /etc/drbd.conf farrukh:/etc/drbd.conf

 Now we need to run modules on both servers to run drbd

Load DRBD module both nodes:

[root@baber ~]# modprobe drbd
 [root@baber ~]# echo "modprobe drbd" >> /etc/rc.local
 [root@farrukh ~]# modprobe drbd
 [root@farrukh ~]# echo "modprobe drbd" >> /etc/rc.local
 ##### Please run these command on both servers ######
[root@baber ~]#drbdadm create-md r0
[root@farrukh ~]#drbdadm create-md r0
[root@baber ~]#drbdadm attach r0
[root@farrukh ~]#drbdadm attach r0
[root@baber ~]#drbdadm syncer r0
[root@farrukh ~]#drbdadm syncer r0
[root@baber ~]#drbdadm connect r0
[root@farrukh ~]#drbdadm connect r0

Please run below command on Primary Node only
[root@baber ~]#drbdadm -- --overwrite-data-of-peer primary r0

Now please run below commands on both Nodes:

[root@baber ~]#drbdadm up all
[root@farrukh ~]#drbdadm up all

Please run below command on Primary Node only
[root@baber ~]#drbdadm -- primary all
[root@baber ~]#watch cat /proc/drbd

Please run this command on Primary Node only

[root@baber ~]#mkfs.ext3 /dev/drbd0
[root@baber ~]#mkdir /data/
[root@baber ~]#mount /dev/drbd0 /data/
[root@baber ~]#
[root@baber ~]# df -hk
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
5967432 2625468 3033948 47% /
/dev/sda1 101086 12074 83793 13% /boot
tmpfs 257720 0 257720 0% /dev/shm
/dev/drbd0 4031516 107600 3719128 3% /data
[root@baber ~]#


 Please run this command on Secondary Node only and no need to mount the partition here
[root@farrukh ~]#mkdir /data

Heartbeat Setup:

Install heartbeat package using yum and for installing these packages Internet connection is required or you can configure yum repository on your local machine with extras where the servers / both nodes will be able to found these packages

 

[root@baber ~]#yum install -y heartbeat heartbeat-pils heartbeat-stonith heartbeat-devel

Now we will configure HA configuration file, if you can’t find this file please create new file and copy below test into that file

[root@baber ~]#vim /etc/ha.d/ha.cf ## Create this file and copy this text ##
 logfacility local0
 keepalive 2
 #deadtime 30 # USE THIS!!!
 deadtime 10
 # we use two heartbeat links, eth2 and serial 0
 bcast eth0 ####### We can use eth1 instead of eth0 it's better option ########
 #serial /dev/ttyS0
 baud 19200
 auto_failback on ################## Active Active state #################
 node baber
 node farrukh
 save & quit.
 Again below configuration on same primary server "Baber"
[root@baber ~]#vi /etc/ha.d/haresources
 baber IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
 Now please configure HARESOURCES file on secondary Server farrukh:
[root@farrukh ~]#vi /etc/ha.d/haresources
farrukh IPaddr::192.168.1.190/24/eth0 drbddisk::r0 Filesystem::/dev/drbd0::/data::ext3 squid
 Below configuration for authorization to access the remote resources on Both Servers:
[root@baber ~]#vi /etc/ha.d/authkeys
 auth 3
 3 md5 redhat ######### Use Long name as password #########
 Again on both Nodes
[root@baber ~]#chmod 600 /etc/ha.d/authkeys
 [root@baber ~]#scp /etc/ha.d/authkeys farrukh:/etc/ha.d/authkeys
 [root@baber ~]#chkconfig --level 235 heartbeat on

Note: if you have problem mounting /dev/drbd0 on /data then run these commands to check the status if you found the drbddisk stopped then start it.

[root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 status
 [root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 start
 [root@baber ~]#/etc/ha.d/resource.d/drbddisk r0 restart
[root@baber data]# service drbd status
 drbd driver loaded OK; device status:
 version: 8.0.13 (api:86/proto:86)
 GIT-hash: ee3ad77563d2e87171a3da17cc002ddfd1677dbe build by buildsvn@c5-i386-build, 2008-10-02 13:31:44
 m:res cs st ds p mounted fstype
 0:r0 Connected Primary/Secondary UpToDate/UpToDate C /data ext3
We can see that servers are in Primary/Secondary state and working well with /data directory mounted and to takeover the machine node1 to node2 forcefully
[root@baber ~]#/usr/lib/heartbeat/hb_takeover
Now configuration of service on both server and we are configuring Squid Transparent
[root@baber ~]#vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 #### If it is 0 make it 1 for packet forwarding ####
save it
Then
[root@baber ~]#scp /etc/sysctl.conf farrukh:/etc/sysctl.conf
[root@baber ~]#sysctl -p
[root@farrukh ~]# sysctl -p
[root@baber ~]#yum install -y squid
[root@baber ~]#vim /etc/squid/squid.conf
search these options using / and edit as required
http_port 3128 transparent
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
cache_dir ufs /data/squid 1000 32 256 ##### cache directories must be at /data/squid #####
visible_hostname squid.ha-cluster.com
save & exit
[root@baber ~]# cd /data
[root@baber ~]# mkdir squid
[root@baber ~]# chown squid:squid squid
Note: This setup is required on only on primary server i.e baber
[root@baber ~]#scp /etc/squid/squid.conf farrukh:/etc/squid/squid.conf
[root@baber ~]#iptables -F
[root@baber ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
[root@baber ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@baber ~]#service iptables save
[root@farrukh ~]#iptables -F
[root@farrukh ~]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
[root@farrukh ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@farrukh ~]#service iptables save
On both servers
[root@baber ~]#/etc/init/heartbeat start
[root@baber ~]#ifconfig
[root@baber ~]#tail -f /var/log/squid/access.log
[root@farrukh ~]#/etc/init/heartbeat start
[root@farrukh ~]#ifconfig
Note: We must use VIP/Service IP which we define in heartbeat i.e. 192.168.1.190 as default gateway IP for accessing the internet transparently.

ALHAMDULILLAH We have Done it………….

How to implement ACL (Access control list) in CentOS / RHEL /Fedora by Babar Zahoor

ACL  is Access Control List

Linux operating system supports ACL option &  if we want to implement ACL option we have to specify in witch partition we
want to implement ACL  i.e. We want to implement ACL in this partition.

First of all open fstab file “Be careful this is file system table file”
root@localhost# vim /etc/fstab

LABEL=/ / ext3 defaults 1 1
LABEL=/usr /usr ext3 defaults 1 2
LABEL=/var /var ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-hda6 swap swap defaults 0 0

add acl option in the line where / partition information is written.
add acl option after defaults option.
e.g. defaults,acl

then save file and exit.

run command on shell
root@localhost# mount -o remount /

getfacl command is used to implement ACL

-m for adding and editing ACL
-x for removing.
u for user or userid
g for group or groupid
e.g.
root@localhost# setfacl -m u:baber:rwx /data/file

this command will gives rwx permissions to user baber on specified file. “/data/file”
root@localhost# setfacl -m g:baber:rwx /data/file
this command will gives rwx permissions to group baber on specified file.
“/data/file”

to check ACL
# getfacl /data/file

To remove ACL

setfacl -x u:baber
setfacl -x g:baber

 

Files and Directory Permissions in Linux /*Nix / Unix Operating Systems

 

In Unix / Linux / *Nix Operating Systems we have three types of permissions

read = r
write = w
execute = x

we can change permissions for three categories
owner = u
group = g
others = o

if we run ls -l
we see
-rw——- 1 root root 1648 Mar 13 13:47 anaconda-ks.cfg
drwx—— 11 root root 4096 Mar 20 08:56 Desktop
-rw-r–r– 1 root root 41065 Mar 13 13:46 install.log
-rw-r–r– 1 root root 5891 Mar 13 13:46 install.log.syslog
drwxr-xr-x 3 root root 4096 Mar 18 23:47 ispconfig
drwxr-xr-x 37 root root 4096 Mar 20 08:25 mplayer
-rw-r–r– 1 root root 224 Mar 14 18:48 scsrun.log

please see install.log
-rw-r–r– 1 root root 41065 Mar 13 13:46 install.log
we see here
permissions
– 1st dash show this is file (if d then directory, if we see l then indicates
this is link file or shortcut)

rw-   for owner of the file
r–    for the owner’s group
r–    for all others then owner and it’s group

chmod command is used to change the permissions
+ is use to add
– is use to remove

if we consider file for changing permissions.

example: chmod u+rwx,g+rw,o+rw file

We have another method to implement permissions.
Number System
r = 4
w = 2
x = 1
4+2+1 = rwx = 7 for owner or group or others means
777 for all of them

example: chmod 755 file (same for directories)

We have default permissions in the system

umask is the value which can change default permissions.

umask (to see the default permissions)
0022
please subtract 022 from 777 for directories permissions.
777
-022
—–
755

please subtract 022 from 666 for files permissions.
666
-022
—–
644

these 755, 644 are default permissions for the directories and files as well.

Thanks