ActiveMQ 5.4.x install under RHEL 5.x

Posted on by
Reply

Tested with ActiveMQ 5.4.3, Red Hat Linux Enterprise 5.7 64 bits with Sun JVM 1.5

ActiveMQ 5.5.x requires JVM 1.6

The following is a simple copy and paste howto. Simply adapt the install variables and you’re good to go.

Let’s declare some variables for the install process :

AMQDIR="/usr/local"
VERSION="5.4.3"

Download and installation :

cd /root
wget http://apache.cu.be//activemq/apache-activemq/$VERSION/apache-activemq-$VERSION-bin.tar.gz
cp /root/apache-activemq-$VERSION-bin.tar.gz $AMQDIR
cd $AMQDIR
tar xvzf apache-activemq-$VERSION-bin.tar.gz
chown root. apache-activemq* -R
ln -f -s apache-activemq-$VERSION activemq

Configuration :

sed -i 's#ACTIVEMQ_HOME.*#ACTIVEMQ_HOME="$AMQDIR/activemq"#g' $AMQDIR/activemq/bin/linux-x86-64/activemq

sed -i 's#set.default.ACTIVEMQ_HOME=.*#set.default.ACTIVEMQ_HOME=$AMQDIR/activemq#g' $AMQDIR/activemq/bin/linux-x86-64/wrapper.conf

sed -i 's#set.default.ACTIVEMQ_BASE=.*#set.default.ACTIVEMQ_BASE=$AMQDIR/activemq#g' $AMQDIR/activemq/bin/linux-x86-64/wrapper.conf

Init script and making ActiveMQ start at boot :

ln -s $AMQDIR/activemq/bin/linux-x86-64/activemq /etc/init.d/activemq
chkconfig --add activemq
chkconfig activemq on
service activemq start

Logs :

tail -f /usr/local/activemq/data/wrapper.log

Accessing the admin section :

http://$SERVER:8161/admin/index.jsp

Two step authentication on SSH with Google Authenticator under Debian Sid

Posted on by
2

On a Debian Sid system, install the following :

apt-get install libpam-google-authenticator

Edit /etc/ssh/sshd_config and set :

ChallengeResponseAuthentication yes

Restart the service :

service ssh restart

Now run :

google-authenticator

Scan the barcode from the Google Authenticator app on your mobile device.

Edit /etc/pam.d/sshd and add at the very beginning of the file :

auth required pam_google_authenticator.so

Now test a SSH connection. You should be prompted by a cool “Verification code :”
Then by the regular password prompt.

Spin down external USB drive on Debian Squeeze

Posted on by
Reply

It seems like I have at least two options to spin down my external USB drive used for rsnapshot backups (Iomega 1TB). In the first place, I assumed it would spin down by itself by simply unmounting the volume, like on the Mac. But it doesn’t.

So I gave sdparm a try :

sdparm --command=stop /dev/backupdrive

It doesn’t work :-)

I found a working solution at http://forums.debian.net/viewtopic.php?f=7&t=60122

sg_start --readonly --stop /dev/backupdrive

sg_start is part of sg3-utils package.
YMMV, I guess ?

Use the cmd_postexec option in rsnapshot to trigger the spin down.

Want the same device name for your external USB drive ? Check out http://blog.wains.be/2010/04/10/udev-always-the-same-device-name-for-your-usb-drives/

Large files uploading fail with Apache + PHP + APC

Posted on by
5

We had one quite interesting problem at work.

We had a Drupal site where we couldn’t upload files larger than 32 MB, while having in php.ini :

upload_max_filesize = 200 MB
post_max_size = 200M

After disabling APC, we could upload larger files.

It turns out, it seems changing the following in apc.ini

apc.rfc1867_freq=0

to

apc.rfc1867_freq=100k

fixed the problem.

Doc : http://www.php.net/manual/en/apc.configuration.php#ini.apc.rfc1867-freq

apc.rfc1867_freq string

The frequency that updates should be made to the user cache entry for upload progress. This can take the form of a percentage of the total file size or a size in bytes optionally suffixed with "k", "m", or "g" for kilobytes, megabytes, or gigabytes respectively (case insensitive). A setting of 0 updates as often as possible, which may cause slower uploads.

I’m pretty sure this should not be related, as I have apc.rfc1867=0 in apc.ini.

If someone has a clue, drop me a line :-)

Authenticate Linux Red Hat with Microsoft Active Directory

Posted on by
10

Tested with Active Directory 2003 and RHEL 6.0

What we want to do :

- authentication against AD using Winbind and Kerberos
- allowing local and remote (SSH) authentication to members of a specific AD group (linuxadmin)
- allowing members of linuxadmin to use sudo
- UID/GID mapping against AD
- user homedir will be created at first log using pam_mkhomedir
- still possible to log in using local accounts, in case AD is unavailable

Check if resolution works :

# host -t srv _kerberos._tcp.intranet.example.org
_kerberos._tcp.intranet.example.org has SRV record 0 100 88 ad01.intranet.example.org.
_kerberos._tcp.intranet.example.org has SRV record 0 100 88 ad02.intranet.example.org.
_kerberos._tcp.intranet.example.org has SRV record 0 100 88 ad03.intranet.example.org.

Install necessary packages and enable Winbind at boot :

# yum install samba-common pam_krb5 sudo authconfig
# chkconfig winbind on

Create directory where homedirs will be stored :

# mkdir /home/EXAMPLE
# chmod 0777 /home/EXAMPLE

IMPORTANT : before proceeding, we need to make sure “hostname -f” returns a FQDN, THE SUBDOMAIN MUST MATCH THE AD DOMAIN.

# hostname -f
srv.intranet.example.org

Enable authentication :

# authconfig
--disablecache
--enablewinbind
--enablewinbindauth
--smbsecurity=ads
--smbworkgroup=EXAMPLE
--smbrealm=INTRANET.EXAMPLE.ORG
--enablewinbindusedefaultdomain
--winbindtemplatehomedir=/home/EXAMPLE/%U
--winbindtemplateshell=/bin/bash
--enablekrb5
--krb5realm=INTRANET.EXAMPLE.ORG
--enablekrb5kdcdns
--enablekrb5realmdns
--enablelocauthorize
--enablemkhomedir
--enablepamaccess
--updateall

Under RHEL 5.0, authconfig didn’t have the enablemkhomedir and enablepamaccess options. (you’ll get “authconfig: error: no such option: –enablemkhomedir”)

Winbind should restart by itself, if not :

# service winbind restart

authconfig will modify a couple of files : /etc/samba/smb.conf, /etc/pam.d/system-auth, /etc/nsswitch.conf, etc.

By default, UID/GID will be stored locally, and will differ from one system to another.

In order to always get the same UID/GID for our AD users/groups, we’ll map the ID’s against AD, by modifying /etc/samba/smb.conf :

From :

workgroup = EXAMPLE
realm = INTRANET.EXAMPLE.ORG
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/EXAMPLE/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false

To :

workgroup = EXAMPLE
realm = INTRANET.EXAMPLE.ORG
security = ads
idmap domains = EXAMPLE
idmap config EXAMPLE:backend = rid
idmap config EXAMPLE:base_rid = 500
idmap config EXAMPLE:range = 500-1000000
#idmap uid = 16777216-33554431
#idmap gid = 16777216-33554431
template homedir = /home/EXAMPLE/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false

Now, in order to only allow members of linuxadmin group, edit :

For RHEL5.6 : /etc/pam.d/system-auth
For RHEL6.0 : /etc/pam.d/password-auth

I’ll also change the default homedir creation umask.

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so user ingroup linuxadmin debug
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_access.so
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_krb5.so use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_mkhomedir.so umask=0077
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_krb5.so

Restart Winbind :

# service winbind restart

Now, join the machine to the domain, in this example user01 has domain admin permissions.

# net ads join -U user01
user01's password:
Using short domain name -- example
Joined 'SRV' to realm 'INTRANET.EXAMPLE.ORG'

When joining the domain, you could get error about DNS updates (maybe because the record already exists). This is not a problem.

Restart Winbind again :

# service winbind restart

Check if it works, by listing AD groups :

# wbinfo -g

Now, allow users in the linuxadmin group to use sudo :

# echo "%linuxadmin ALL=(ALL) ALL" >> /etc/sudoers

Test authentication using an AD account (in the linuxadmin group) and access to root account :

On the server check the logs :
tail -f /var/log/secure

On the client :
$ ssh user01@srv.intranet.example.org
user01@srv.intranet.example.org's password:
Creating directory '/home/EXAMPLE/user01'.
[user01@srv ~]$ sudo su -
[sudo] password for user01:
[root@srv ~]#

Test with another account, not being part of linuxadmin group, this time. User should be disconnected.

Logs should look something like this :

Apr 17 17:15:52 x sshd[27114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1  user=user-01
Apr 17 17:15:52 x sshd[27114]: pam_krb5[27114]: authentication succeeds for 'user-01' (user-01@INTRANET.EXAMPLE.ORG)
Apr 17 17:15:52 x sshd[27114]: pam_winbind(sshd:account): [pamh: 0x7f6910199390] ENTER: pam_sm_acct_mgmt (flags: 0x0000)
Apr 17 17:15:52 x sshd[27114]: pam_winbind(sshd:account): user 'user-01' granted access
Apr 17 17:15:52 x sshd[27114]: pam_winbind(sshd:account): [pamh: 0x7f6910199390] LEAVE: pam_sm_acct_mgmt returning 0 (PAM_SUCCESS)
Apr 17 17:15:52 x sshd[27114]: pam_succeed_if(sshd:account): requirement "user ingroup linuxadmin" was met by user "user-01"
Apr 17 17:15:52 x sshd[27114]: Accepted password for user-01 from 192.168.1.1 port 59369 ssh2
Apr 17 17:15:53 x sshd[27114]: pam_unix(sshd:session): session opened for user user-01 by (uid=0)

Useful commands :

# wbinfo -n user05
S-1-5-21-x-x-x-1129 User (1)

# getent passwd user05
user05:*:1129:519:John Doe:/home/example/user05:/bin/bash

# getent group linuxadmin
linuxadmin:*:7579:user01,user02,user03,user04

# wbinfo -u
# wbinfo -g

# wbinfo -D EXAMPLE
Name              : EXAMPLE
Alt_Name          : intranet.example.org
SID               : S-1-5-21-x-x-x
Active Directory  : Yes
Native            : Yes
Primary           : Yes
Sequence          : -1

Sources :
http://lanestechblog.blogspot.com/2010/11/ad-authentication-with-rhel-6.html
http://conigliaro.org/2008/12/19/active-directory-authentication-with-winbind-on-red-hat-linux/

Importing certificates on Android (CA and client)

Posted on by
4

Tested on my HTC Hero running Android 2.2.1

They do not make it terribly obvious, so I believe this is worth a post.

Android will not import CA cert in the PEM format, you’ll get a “no certificate to install” message at some point.

You actually have to export a P12 certificate containing the client certificate and the CA.

Use this command :
openssl pkcs12 -export -in clientcert.pem -inkey clientcert.key -certfile cacert.pem -name "VPN" -out clientcert.p12

Drop the resulting file (clientcert.p12) at the root of your sdcard.

Go under Settings > Location & Security > Install from SD card (under the section “Credential storage”).

After a few questions, you’re ready to go and you can proceed with the configuration of your Wi-Fi or VPN client (in my case WPA Enterprise Wi-Fi and OpenVPN).

Red Hat Cluster : VMware ESX fencing

Posted on by
1

Tested on Red Hat Enterprise Linux 5.6 64 bits and VMware ESX 3.5
Edit November 2011 : Tested on RHEL6.1 and VMware ESX 4.1

If you set up a cluster, in case of failure, you’ll probably want the surviving host to be able to “fence” or “stonith” the faulty node.

Red Hat Cluster provides a collection of scripts for that purpose (for APC, ILO, DRAC, etc. and VMware).

The vmware script doesn’t work out of the box :

# fence_vmware -a "esx.intranet.example.org" -l "fence_vmware_account" -p "xxx" -n 'node01'
fence_vmware_helper returned Please install VI Perl API package to use this tool!
Perl error: Can't locate VMware/VIRuntime.pm in @INC (@INC contains: /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at (eval 1) line 1.
BEGIN failed--compilation aborted at (eval 1) line 1.

Please use '-h' for usage

Go to http://www.vmware.com/support/developer/viperltoolkit/ (you’ll need to register)

Grab either one of those :

ESX 3.5

VMware-VIPerl-1.6.0-104313.i386.tar.gz
VMware-VIPerl-1.6.0-104313.x86_64.tar.gz

ESX 4.1

VMware-vSphere-Perl-SDK-4.1.0-*.i386.tar.gz
VMware-vSphere-Perl-SDK-4.1.0-*.x86_64.tar.gz

You’ll need to install some stuff on your system :

RHEL5

# yum install openssl-devel

Dependencies Resolved

========================================================================================================================================================================
 Package                                   Arch                         Version                                 Repository                                         Size
========================================================================================================================================================================
Installing:
 openssl-devel                             i386                         0.9.8e-12.el5_5.7                       rhel-5Server-x86_64-updates                       1.9 M
 openssl-devel                             x86_64                       0.9.8e-12.el5_5.7                       rhel-5Server-x86_64-updates                       1.9 M
Installing for dependencies:
 e2fsprogs-devel                           x86_64                       1.39-23.el5_5.1                         rhel-5Server-x86_64-updates                       633 k
 keyutils-libs-devel                       x86_64                       1.2-1.el5                               rhel-5Server-x86_64-updates                        27 k
 krb5-devel                                x86_64                       1.6.1-55.el5                            rhel-5Server-x86_64-updates                       1.9 M
 libselinux-devel                          x86_64                       1.33.4-5.7.el5                          rhel-5Server-x86_64-updates                       149 k
 libsepol-devel                            x86_64                       1.15.2-3.el5                            rhel-5Server-x86_64-updates                       192 k
 zlib-devel                                x86_64                       1.2.3-3                                 rhel-5Server-x86_64-updates                       102 k

Transaction Summary
========================================================================================================================================================================
Install       8 Package(s)
Upgrade       0 Package(s)

Total download size: 6.7 M
Is this ok [y/N]:

RHEL6

# yum install openssl-devel perl-Compress-Raw-Zlib perl-Compress-Zlib
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssl-devel.x86_64 0:1.0.0-10.el6_1.5 will be installed
--> Processing Dependency: pkgconfig for package: openssl-devel-1.0.0-10.el6_1.5.x86_64
--> Processing Dependency: zlib-devel for package: openssl-devel-1.0.0-10.el6_1.5.x86_64
--> Processing Dependency: krb5-devel for package: openssl-devel-1.0.0-10.el6_1.5.x86_64
--> Processing Dependency: /usr/bin/pkg-config for package: openssl-devel-1.0.0-10.el6_1.5.x86_64
---> Package perl-Compress-Raw-Zlib.x86_64 0:2.023-119.el6_1.1 will be installed
---> Package perl-Compress-Zlib.x86_64 0:2.020-119.el6_1.1 will be installed
--> Processing Dependency: perl(IO::Uncompress::Gunzip) >= 2.020 for package: perl-Compress-Zlib-2.020-119.el6_1.1.x86_64
--> Processing Dependency: perl(IO::Compress::Gzip) >= 2.020 for package: perl-Compress-Zlib-2.020-119.el6_1.1.x86_64
--> Processing Dependency: perl(IO::Compress::Gzip::Constants) >= 2.020 for package: perl-Compress-Zlib-2.020-119.el6_1.1.x86_64
--> Processing Dependency: perl(IO::Compress::Base::Common) >= 2.020 for package: perl-Compress-Zlib-2.020-119.el6_1.1.x86_64
--> Running transaction check
---> Package krb5-devel.x86_64 0:1.9-9.el6_1.2 will be installed
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.9-9.el6_1.2.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.9-9.el6_1.2.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.9-9.el6_1.2.x86_64
---> Package perl-IO-Compress-Base.x86_64 0:2.020-119.el6_1.1 will be installed
---> Package perl-IO-Compress-Zlib.x86_64 0:2.020-119.el6_1.1 will be installed
---> Package pkgconfig.x86_64 1:0.23-9.1.el6 will be installed
---> Package zlib-devel.x86_64 0:1.2.3-25.el6 will be installed
--> Running transaction check
---> Package keyutils-libs-devel.x86_64 0:1.4-1.el6 will be installed
---> Package libcom_err-devel.x86_64 0:1.41.12-7.el6 will be installed
---> Package libselinux-devel.x86_64 0:2.0.94-5.el6 will be installed
--> Processing Dependency: libsepol-devel >= 2.0.32-1 for package: libselinux-devel-2.0.94-5.el6.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.0.94-5.el6.x86_64
--> Running transaction check
---> Package libsepol-devel.x86_64 0:2.0.41-3.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================
 Package                              Arch                 Version                           Repository                                 Size
=============================================================================================================================================
Installing:
 openssl-devel                        x86_64               1.0.0-10.el6_1.5                  rhel-6Server-x86_64-updates               1.1 M
 perl-Compress-Raw-Zlib               x86_64               2.023-119.el6_1.1                 rhel-6Server-x86_64-updates                67 k
 perl-Compress-Zlib                   x86_64               2.020-119.el6_1.1                 rhel-6Server-x86_64-updates                43 k
Installing for dependencies:
 keyutils-libs-devel                  x86_64               1.4-1.el6                         rhel-6Server-x86_64-updates                28 k
 krb5-devel                           x86_64               1.9-9.el6_1.2                     rhel-6Server-x86_64-updates               1.2 M
 libcom_err-devel                     x86_64               1.41.12-7.el6                     rhel-6Server-x86_64-updates                30 k
 libselinux-devel                     x86_64               2.0.94-5.el6                      rhel-6Server-x86_64-updates               135 k
 libsepol-devel                       x86_64               2.0.41-3.el6                      rhel-6Server-x86_64-updates                64 k
 perl-IO-Compress-Base                x86_64               2.020-119.el6_1.1                 rhel-6Server-x86_64-updates                66 k
 perl-IO-Compress-Zlib                x86_64               2.020-119.el6_1.1                 rhel-6Server-x86_64-updates               133 k
 pkgconfig                            x86_64               1:0.23-9.1.el6                    rhel-6Server-x86_64-updates                70 k
 zlib-devel                           x86_64               1.2.3-25.el6                      rhel-6Server-x86_64-updates                43 k

Transaction Summary
=============================================================================================================================================
Install      12 Package(s)

Total download size: 3.0 M
Installed size: 6.4 M
Is this ok [y/N]:

Unzip VMware-*.tar.gz and run :
./vmware-install.pl

Accept the terms. (yes, this is needed).

Then you should get to this :

The installation of VMware VIPerl Toolkit 1.6.0 build-104313 for Linux
completed successfully. You can decide to remove this software from your system
at any time by invoking the following command:
"/usr/bin/vmware-uninstall-viperl.pl".

Make sure you add “virtual machine administrator” permissions to “vmware_fence_account”, for the VM’s it needs to stonith.

From now on, you should be able to stonith VM’s.

Here’s a working RHCS config (/etc/cluster/cluster.conf) :

<?xml version="1.0"?>
<cluster alias="ServiceClusterTEST" config_version="4" name="ServiceTEST">
<totem token="45000"/>
<fence_daemon post_fail_delay="0" post_join_delay="3"/> <fence_daemon clean_start="1"/>
<clusternodes>
<clusternode name="node01.intranet.example.org" nodeid="1" votes="1">
<fence>
<method name="1">
<device name="node01"/>
</method>
</fence>
</clusternode>
<clusternode name="node02.intranet.example.org" nodeid="2" votes="1">
<fence>
<method name="1">
<device name="node02"/>
</method>
</fence>
</clusternode>
</clusternodes>
<cman expected_votes="1" two_node="1"/>
<fencedevices>
<fencedevice agent="fence_vmware" ipaddr="esx.intranet.example.org" login="vmware_fence_account" passwd="password" name="node01" port="node01"/>
<fencedevice agent="fence_vmware" ipaddr="esx.intranet.example.org" login="vmware_fence_account" passwd="password" name="node02" port="node02"/>
</fencedevices>
<rm>
<resources>
[whatever resources you have]
</resources>
<service name="Service" autostart="1">
[whatever services the cluster is in charge of]
</service>
</rm>
</cluster>

DRBD on Red Hat Enterprise Linux 5

Posted on by
14

This is a rough guide and really for future personal references so I can rebuild a DRBD cluster in 3 minutes, without having to dig into DRBD docs again.
Please correct me if something is wrong (I’m thinking about DRBD gurus, Arrfab coming to mind :-) ) .

This worked for me on RHEL5.6 64 bits and DRBD 8.2.

I’ll call the DRBD resource “DRBDCluster”

Install drbd8X and kmod-drbd8X (grab the RPMS at your favorite RPM retailer.. Seems like http://elrepo.org/linux/elrepo/el5/ a good place to start, thought I haven’t tried their RPMS)

On both node, create /etc/drbd.conf with something like this :

global {
    usage-count yes;
}
common {
    syncer {
        rate 1M;
    }
}

resource DRBDCluster {
    protocol C;
    net {
        cram-hmac-alg sha1;
        shared-secret "sdfdskljdfklfjsdkljfsdkljflk";
    }
    on srv1.intranet.example.org {
        device    /dev/drbd0;
        disk      /dev/sdb1;
        address   1.1.1.1:7789;
        meta-disk internal;
    }
    on srv2.intranet.example.org {
        device    /dev/drbd0;
        disk      /dev/sdb1;
        address   1.1.1.2:7789;
        meta-disk internal;
    }
}

On the “master” (srv1) :

- create the partition found in config (DO NOT FORMAT) :
fdisk /dev/sdb1
- Then create the actual DRBD device :
drbdadm create-md DRBDCluster
- if not already done :
modprobe drbd
- start DRBD. It will complain that it can’t “see” the other node, type “yes” at “To abort waiting enter ‘yes’”. :
service drbd start
- set the node as primary :
drbdadm -- --overwrite-data-of-peer primary DRBDCluster
- format /dev/drbd0 :
mkfs.ext3 /dev/drbd0

On the slave node (srv2) :
service drbd start

Now you can check the status of the DRBD cluster.

It’s sync’ing.

srv2# cat /proc/drbd
version: 8.2.6 (api:88/proto:86-88)
GIT-hash: 3e69822d3bb4920a8c1bfdf7d647169eba7d2eb4 build by buildsvn@c5-x8664-build, 2008-10-03 11:30:17
0: cs:SyncTarget st:Secondary/Primary ds:Inconsistent/UpToDate C r---
ns:0 nr:6016 dw:6016 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 oos:10476008
[>....................] sync'ed: 0.2% (10230/10236)M
finish: 1:49:07 speed: 1,504 (1,504) K/sec

The “oos” flag expresses the amount of data to be synced, in KB.

When the sync is done it will look like this :

srv1# cat /proc/drbd
version: 8.2.6 (api:88/proto:86-88)
GIT-hash: 3e69822d3bb4920a8c1bfdf7d647169eba7d2eb4 build by buildsvn@c5-x8664-build, 2008-10-03 11:30:17
0: cs:Connected st:Primary/Secondary ds:UpToDate/UpToDate C r---
ns:10482024 nr:0 dw:298456 dr:10482072 al:121 bm:640 lo:0 pe:0 ua:0 ap:0 oos:0

If for some reason the slave node becomes unavailable, it will resync what it has missed when it comes back (here 20 MB of data) :

version: 8.2.6 (api:88/proto:86-88)
GIT-hash: 3e69822d3bb4920a8c1bfdf7d647169eba7d2eb4 build by buildsvn@c5-x8664-build, 2008-10-03 11:30:17
0: cs:SyncSource st:Primary/Secondary ds:UpToDate/Inconsistent C r---
ns:10486540 nr:0 dw:319096 dr:10486693 al:130 bm:642 lo:0 pe:0 ua:0 ap:0 oos:16124
[=========>..........] sync'ed: 50.0% (16124/20640)K
finish: 0:00:10 speed: 1,504 (1,504) K/sec

Useful commands :

Set the sync speed on a running DRBD cluster :
drbdsetup /dev/drbd0 syncer -r 10M

There’s plenty of discussion on the right speed to set. It really all depends on your application, network, etc.

More useful commands to come later.

I have integrated DRBD into a RHCS Cluster (for Zarafa), check the doc here : http://www.drbd.org/users-guide/ch-rhcs.html

Find IP ranges from an ASN

Posted on by
6

$ whois 217.136.0.0 | grep origin:
origin: AS5432

$ whois -h whois.ripe.net -i origin -T route AS5432 | grep -w "route:" | awk '{print $NF}' |sort -n
46.178.0.0/15
62.4.128.0/17
80.200.0.0/15
81.169.0.0/17
81.240.0.0/14
81.244.0.0/14
87.64.0.0/14
91.176.0.0/14
91.180.0.0/14
91.198.203.0/24
92.48.128.0/18
109.128.0.0/14
109.132.0.0/14
109.136.0.0/14
109.140.0.0/14
125.213.216.0/22
138.203.0.0/16
161.195.143.0/24
165.26.216.0/21
170.252.120.0/24
178.144.0.0/15
188.5.0.0/16
188.95.86.0/24
192.133.103.0/24
192.23.170.0/24
193.104.159.0/24
193.106.227.0/24
193.110.92.0/24
193.178.174.0/24
193.221.87.0/24
193.221.89.0/24
193.235.106.0/24
193.239.113.0/24
193.41.158.0/23
193.53.200.0/21
193.53.208.0/20
193.53.224.0/20
193.53.238.0/24
193.53.240.0/22
193.53.242.0/24
193.53.244.0/24
193.53.40.0/24
193.53.8.0/24
193.58.231.0/24
194.0.173.0/24
194.0.174.0/23
194.0.174.0/24
194.0.175.0/24
194.41.15.0/24
194.41.96.0/20
194.78.0.0/16
194.78.231.0/24
195.13.0.0/19
195.238.0.0/19
206.193.172.0/24
213.181.32.0/19
217.136.0.0/16

Related : Find IP ranges for a country