Monthly Archives: March 2016
Love to set keepalive option with my MacBook Pro for SSHing …
vahric:~ vahricmuhtaryan$ ssh -o “ServerAliveInterval 10” yupyop@8.8.8.8
Hehehehe , funny , sorry its a joke , no any idea about username of google dns server nor password ..
OpenLDAP Hakkinda Bilinmesi Gerekenler
Sadece OpenLDAP kurulumunda bir sikinti yok , rpm veya apt ile ilgili openldap , openldap-servers ve openldap-clients paketlerini kullandiniz linux dagitimina gore kurmaniz yeterli ama benim konum bu degil …
Konfig Dosyalari :
- /etc/sysconfig/ldap –> Kendisi openldap client konfigrasyon dosyasi , bu dosya uzerindeki tum degisiklikler aninda devreye girer herhangi restart edilecek veya acip kapatilacak bir deamon yok
- /etc/openldap/slapd.conf –> Kendisi openldap server konfigrasyon dosyasi , restart gereksinimi duyariz bu dosya uzerindeki degisikliklerde
- Eger slapd konfigrasyon dosyasini kontrol etmek istiyorsaniz “slaptest -u” komutunu cli> da calistirmaniz yeterli
- OpenLDAP 2.4 ile beraber slapd servisini resetlemeden konfigrayonda degisiklik yapmak icin “cn=config” adinda bir format var ki kendisini /etc/openldap/slapd.d altinda bulabilirsiniz
- Mesela /etc/openldap/slapd.d/cn=config/ alintda DB veya monitoring’i editleyin …
- Elimizdeki slapd.conf’dan “cn=config” olusturmak icin “slaptest -f /yol/su/slapd.conf -F /etc/openldap/slapd.d” komutunu cli> da calistirmaniz yeterli (Unutmayin eger slapd.conf’u degistirdiyseniz ilgili /etc/openldap/slapd.d altindaki tum dosyalari silmelisiniz)
- Komuta dokersek ;
-
rm -f /var/lib/ldap/*rm -rf /etc/openldap/slapd.d/*cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
-
- chown -R ldap:ldap( /etc/openldap/slapd.d ve
/var/lib/ldap) veya chown -Rf root:ldap (sertifika) mutlaka obur turlu ya openldap servisi calismaz veya sertifikayi okuyamaz
Eger TLS/SSL ile secure LDAP baglantisi yapmak iletisimi sifreli yapmak istiyorsaniz sertifika (self ve orjinal) ve bir iki konfigrasyona ihtiyac var.
Self-Signed Sertifikalar Icin ;
- Mutlaka ama mutlaka sunucu hostname ile yarattiginiz sertifikadaki hostname lere dikkat edin , en onemli konu. Eger hostname “ldap” ise sertifika yaratirken “ldap” eger hostname “ldap.bilmemne.com” ise yine certifika yaratilirken “ldap.bilmemne.com” kullanmalisiniz.
- SLAPD_LDAPS=yes
- Sertifika yaratmak icin
- openssl req -new -x509 -nodes -out /etc/pki/tls/certs/oveyabu.pem -keyout /etc/pki/tls/certs/oveyabu.pem -days 365 (Dikkat key de ayni dosyada)
- Ilgili dizini her zaman kontrol edin /etc/pki/tls/certs/:) Guzel seyler bulabilirsiniz mesela “ca-bundle.crt”
- Sertifikayi slapd.conf da tanitmak icin
-
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/oveyabu.pemTLSCertificateKeyFile /etc/pki/tls/certs/oveyabu.pem
-
LDAP CLI ile Kayit Girmek veya Yapiyi Olusturmak icin
ldapadd -x -D “cn=admin,dc=bilmemne,dc=com” -W -f orjbase.ldif
Tahmin edebileceginiz gibi yaraticaginiz OU , Group , User artik ne ise bunlari bir ldif dosyasina gommeniz yeterli.
Yukardaki ornek daha yeni kurulmus bir ldap server ve basedn icin ayarlamalar yapilmis durumda dosya icersine
LDAP GUI ile Yonetmek icin
Eger centos kullaniyorsaniz once repo’yu genisletin (http://fedoraproject.org/wiki/EPEL) (lutfen dikkat ilgili linux versionuna ait rpm dosyasini indirin) ve phpldapadmin’i kurun
Test Yapmak / Debug Icin Gerekli Komutlar
- openssl s_client -connect localhost:636 -showcerts –> Eger hem secure baglantiyi hemde sertifikayi gormek istiyorsaniz
- 636 varsayili ldap TLS/SSL portu
- d1 veya d2 veya d3 bu parametreyi ldapsearch veya ldapadd ile calistirdiginizda debug amacli kullanabilirsiniz
- ldapadd
- ldapsearch
- Meseka ldapsearch ile TLS / SSL baslatilabilir
-ZSpecifies that SSL is to be used for the search request. -ZZSpecifies the Start TLS request. Use this option to make a cleartext connection into a secure one. If the server does not support Start TLS, the command does not have to be aborted; it will continue in cleartext. -ZZZEnforces the Start TLS request. The server must respond that the request was successful. If the server does not support Start TLS, such as Start TLS is not enabled or the certificate information is incorrect, the command is aborted immediately.
- Meseka ldapsearch ile TLS / SSL baslatilabilir
Hepsi bu … Kolay Gelsin …
SafeNet HSM Client HTL Communication Problem
Never delete dhparams.pem
Thats it !
Messages in log
OTT found for server
Connecting to HTL server
Error during HTL setup sequence
Closing connection to
Ilk Client ve Ceph Performans Test Ornekleri
Once sisteme bir bakalim, rbd imajlarini yaratabilecegimiz pool lar mevcut mu ?
vahric:~ vahricmuhtaryan$ rados lspools
data
metadata
rbd
volumes
vms
images
backups
Simdi 20 GB lik bir disk yaratalim client uzerinden
vahric:~ vahricmuhtaryan$ rbd create rbd_disk1 –size 20480
Varsayili olarak “rbd” adli pool uzerinde yaratilacak eger siz bunu degistirmek isterseniz bu kez “-p pool_adi” parametresini kullanabilirsiniz.
Yarattigimiz diski gorelim
vahric:~ vahricmuhtaryan$ rbd ls
rbd_disk1
Ilgili disk hakkinda daha fazla bilgi alalim , gordugumuz gibi 5120 obje uzerine yayilmis kendisi
vahric:~ vahricmuhtaryan$ rbd –image rbd_disk1 info
rbd image ‘rbd_disk1’:
size 20480 MB in 5120 objects
order 22 (4096 kB objects)
block_name_prefix: rb.0.348f6.238e1f29
format: 1
Client a ilgili diski tanitalim
vahric:~ vahricmuhtaryan$ sudo rbd map rbd/rbd_disk1
Percinleyelim
vahric:~ vahricmuhtaryan$ rbd showmapped
id pool image snap device
0 rbd rbd_disk1 – /dev/rbd0
Klasik Bir Partition Yaratalim
vahric:~ vahricmuhtaryan$ sudo mkfs.xfs /dev/rbd0
log stripe unit (4194304 bytes) is too large (maximum is 256KiB)
log stripe unit adjusted to 32KiB
meta-data=/dev/rbd0 isize=256 agcount=17, agsize=326656 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0 finobt=0
data = bsize=4096 blocks=5242880, imaxpct=25
= sunit=1024 swidth=1024 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=8 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Mount Edelim
vahric:~ vahricmuhtaryan$ sudo mount /dev/rbd0 /mnt/
/dev/rbd0 on /mnt type xfs (rw,relatime,attr2,inode64,sunit=8192,swidth=8192,noquota)
Simdi Ufak bir Yazma Testi
vahric:~ vahricmuhtaryan$ sudo dd if=/dev/zero of=/mnt/dosya1 count=100 bs=1M
100+0 records in
100+0 records out
104857600 bytes (105 MB) copied, 0.0541026 s, 1.9 GB/s
stack@helion-cp1-c0-m1-mgmt:~$ ls -al /mnt/
total 102404
drwxr-xr-x 2 root root 35 Mar 18 11:44 .
drwxr-xr-x 23 root root 4096 Feb 26 16:09 ..
-rw-r–r– 1 root root 104857600 Mar 18 11:44 dosya1
-rw-r–r– 1 root root 0 Mar 18 11:39 test1.txt
Performans Test Ornekleri
Performans testleri yapmadan once bilinmelidirki OSD rolune sahip nodelar CPU-Intensive olup olasi bir recovery durumda dahada CPU-Intensive olacaklardir.
Memory bakimindan OSD/HDD basina 1GB-2GB Ram mutlaka olmali sistemde
Network kismi goreceli olcumleme yapmak lazim kullanim oraninza gore 10G diyip gaza gelelim
Disk , burada bizi asil etkileyen faktor Ceph i sadece object storage olarak mi yoksa ayni zamanda block access icinde kullanip kullanmayacaginiz.
Ceph kullaniyorsaniz bilinki journaling var ve bizim icin bir disk’i ikiye bolup birini journaling icin digerini data icin kullanacagiz. Ilk yazma istegi journal alana daha sonra Client’a ACK daha sonra veri data alanina gecer. Burada hizi artirmak icin journal partition’i data partition’dan ayirmak ve SSD uzerine koymak gerekli block erisimler icin bject bazli erisimler icin bu gerekli olmayabilir cunku object erisiminden bahsederken daha dusuk bir yukten bahsediyor olacagiz.
Burada 4 OSD de bir SSD kullanmak gibi bir oneride bulunmus ceph , test edilebilir bir deger gibi duruyor.
Birde filesystem sonuc olarak ceph de objeleri bir file system uzerinde tutuyor brtfs , xfs ve ext4 gibi , sececeginiz fs inde bu ise katkisi var kuskusuz.
Ceph built-in test performans olcum programi olan “rados bench” ile geliyor. Ornek olarak asagidaki komut cok olabilir ama -t 64 kaldirabilirsiniz .
Komutu incelersek ;
“data” adli pool’a , 60 saniye boyunca , yazma islemi yaptik ve 64 paralel islem belkide 64 adet instance bu isi yapiyr gibi sekillendirdik.
vahric:~ vahricmuhtaryan$ rados bench -p data 60 write –no-cleanup -t 64
Maintaining 64 concurrent writes of 4194304 bytes for up to 60 seconds or 0 objects
Object prefix: benchmark_data_
sec Cur ops started finished avg MB/s cur MB/s last lat avg lat
0 0 0 0 0 0 – 0
1 63 179 116 463.884 464 0.38101 0.37249
2 63 345 282 563.897 664 0.366082 0.371803
3 63 518 455 606.567 692 0.323779 0.379964
4 64 697 633 632.902 712 0.633568 0.375212
5 64 870 806 644.701 692 0.323645 0.372506
6 63 1052 989 659.232 732 0.324917 0.370092
7 63 1261 1198 684.468 836 0.289412 0.359564
8 64 1448 1384 691.895 744 0.640746 0.355492
9 63 1636 1573 699.005 756 0.375221 0.354127
10 63 1825 1762 704.695 756 0.296463 0.35258
11 63 2009 1946 707.533 736 0.313 0.352625
12 64 2212 2148 715.898 808 0.281 0.34923
13 63 2400 2337 718.973 756 0.301415 0.347757
14 63 2597 2534 723.895 788 0.316924 0.346277
15 63 2780 2717 724.427 732 0.352922 0.345955
16 63 2976 2913 728.144 784 0.291264 0.345326
17 63 3162 3099 729.07 744 0.345573 0.34483
18 63 3345 3282 729.226 732 0.360665 0.344803
19 64 3535 3471 730.63 756 0.355096 0.34454
2016-03-18 15:35:15.960296min lat: 0.255346 max lat: 1.08089 avg lat: 0.345816
sec Cur ops started finished avg MB/s cur MB/s last lat avg lat
20 63 3707 3644 728.693 692 0.688611 0.345816
21 63 3886 3823 728.084 716 0.380712 0.346103
22 64 4042 3978 723.167 620 0.391788 0.347741
23 63 4222 4159 723.199 724 0.637858 0.349523
24 63 4398 4335 722.395 704 0.350302 0.349731
25 64 4583 4519 722.935 736 0.324349 0.349799
26 63 4762 4699 722.818 720 0.397335 0.349641
27 63 4923 4860 719.895 644 0.320317 0.351497
28 63 5107 5044 720.466 736 0.354695 0.351503
29 64 5290 5226 720.723 728 0.357651 0.351386
30 63 5477 5414 721.762 752 0.346044 0.35118
31 63 5665 5602 722.733 752 0.322997 0.350751
32 64 5856 5792 723.895 760 0.286673 0.350305
33 63 6056 5993 726.319 804 0.286453 0.349562
34 63 6241 6178 726.718 740 0.382151 0.348804
35 64 6418 6354 726.067 704 0.70621 0.349417
36 63 6603 6540 726.562 744 0.330412 0.349448
37 63 6793 6730 727.463 760 0.307236 0.34913
38 63 6996 6933 729.685 812 0.304802 0.348192
39 64 7194 7130 731.177 788 0.308319 0.347657
2016-03-18 15:35:35.963088min lat: 0.243614 max lat: 1.09487 avg lat: 0.347097
sec Cur ops started finished avg MB/s cur MB/s last lat avg lat
40 64 7387 7323 732.195 772 0.336614 0.347097
41 63 7568 7505 732.09 728 0.305704 0.347322
42 63 7741 7678 731.133 692 0.298869 0.347838
43 64 7915 7851 730.221 692 0.385897 0.348186
44 63 8109 8046 731.349 780 0.31149 0.347653
45 63 8293 8230 731.451 736 0.341667 0.347736
46 63 8486 8423 732.329 772 0.314524 0.347356
47 63 8675 8612 732.831 756 0.319864 0.347313
48 63 8871 8808 733.894 784 0.297605 0.34688
49 63 9071 9008 735.241 800 0.294334 0.346284
50 64 9276 9212 736.854 816 0.266206 0.345516
51 64 9446 9382 735.738 680 0.322462 0.345893
52 63 9623 9560 735.28 712 0.373721 0.346026
53 64 9807 9743 735.216 732 0.351035 0.346179
54 63 9963 9900 733.229 628 0.772809 0.346678
55 63 10138 10075 732.623 700 0.36974 0.347414
56 63 10310 10247 731.824 688 0.728308 0.347864
57 64 10479 10415 730.773 672 0.326227 0.348262
58 63 10670 10607 731.414 768 0.353456 0.348211
59 63 10859 10796 731.828 756 0.304951 0.348066
2016-03-18 15:35:55.965885min lat: 0.234814 max lat: 1.11278 avg lat: 0.348373
sec Cur ops started finished avg MB/s cur MB/s last lat avg lat
60 55 11024 10969 731.163 692 0.234814 0.348373
Total time run: 60.166694
Total writes made: 11024
Write size: 4194304
Bandwidth (MB/sec): 732.897
Stddev Bandwidth: 109.541
Max bandwidth (MB/sec): 836
Min bandwidth (MB/sec): 0
Average Latency: 0.348392
Stddev Latency: 0.0837083
Max latency: 1.11278
Min latency: 0.172449
Bu arada OSD node larin CPU kuyruk ve I/O wait degerlerine dikkat …. (vmstat ciktisi)
Dikkat ederseniz cok fazla “interrupts” ve “context” islemi var bunu icinded cpu kuyruguda isler var …
2 0 0 119779248 301012 9027476 0 0 0 1020508 39561 81965 9 16 57 18 0 4 3 0 119050680 301012 9723692 0 0 0 1484501 45600 99320 9 17 52 22 0 1 4 0 118306992 301012 10419900 0 0 0 1453172 43269 89217 7 16 54 22 0 4 2 0 117552920 301012 11151764 0 0 0 1417888 47453 95868 10 17 53 20 0 2 3 0 116816936 301012 11863880 0 0 0 1441024 59888 102892 10 17 48 26 0 3 5 0 116025456 301012 12621544 0 0 0 1573439 65494 109183 10 21 49 21 0 1 1 0 115153008 301012 13466820 0 0 0 1790724 69421 125151 11 21 43 25 0 1 3 0 114280216 301012 14284316 0 0 0 1672340 66805 108805 12 21 41 25 0 1 5 0 113504304 301012 15012172 0 0 0 1482380 66205 109008 11 17 51 21 0 2 1 0 112705664 301012 15778160 0 0 0 1523221 66547 113069 9 19 48 24 0 3 5 0 111925152 301012 16550136 0 0 0 1595473 67025 116527 11 20 48 21 0 2 2 0 111107920 301012 17342984 0 0 0 1697492 67898 121723 11 21 46 22 0 3 4 0 110227744 301012 18188932 0 0 0 1722688 71108 120435 11 22 43 24 0 3 6 0 109411400 301012 18981508 0 0 0 1602492 67416 110758 10 21 46 23 0 4 3 0 108644624 301012 19716368 0 0 0 1496712 74043 111431 9 19 49 22 0 2 2 0 107804960 301012 20534756 0 0 0 1657152 82051 119790 11 21 44 24 0 3 4 0 107011064 301012 21308212 0 0 0 1672845 75802 113841 10 20 48 22 0 3 5 0 106253024 301012 22056944 0 0 0 1569166 73200 105035 10 19 48 23 0 4 1 0 105449408 301012 22834144 0 0 0 1522580 74871 107535 10 19 46 25 0 2 6 0 104693064 301012 23557616 0 0 0 1478552 66217 106022 10 17 52 21 0 4 0 0 103984384 301012 24243168 0 0 0 1387364 66384 106223 9 18 53 20 0 1 3 0 103327632 301012 24888936 0 0 0 1413308 66325 97587 9 16 55 19 0 2 2 0 102538480 301012 25643540 0 0 0 1539750 67207 101545 9 19 49 24 0 2 1 0 101758240 301012 26402912 0 0 0 1508559 73090 103293 10 19 51 21 0 4 4 0 100997856 301012 27141676 0 0 0 1508552 73194 110821 10 19 47 23 0 3 1 0 100307072 301012 27825040 0 0 0 1395524 71138 104815 9 18 54 20 0 1 5 0 99576872 301012 28523204 0 0 0 1531928 68252 106490 8 19 52 21 0 2 2 0 98788992 301012 29293932 0 0 0 1583288 74612 107305 11 19 48 22 0 12 4 0 98010560 301012 30050480 0 0 0 1515286 73645 106091 10 19 51 21 0 5 5 0 97250712 301012 30797468 0 0 0 1512376 76516 110708 9 20 49 22 0 4 2 0 96409528 301012 31580792 0 0 0 1606716 81483 119983 11 21 46 22 0 5 2 0 95567696 301012 32378328 0 0 0 1707854 80155 121890 13 21 43 24 0 4 2 0 94736072 301012 33180668 0 0 0 1656548 77087 111518 11 20 46 24 0
Ayni testi birde read icin yapalim (seq)
vahric:~ vahricmuhtaryan$ rados bench -p data 60 seq -t 64
2016-03-18 15:47:38.961955min lat: 0.168118 max lat: 0.690079 avg lat: 0.24984
sec Cur ops started finished avg MB/s cur MB/s last lat avg lat
40 63 10259 10196 1019.44 1012 0.217678 0.24984
41 64 10512 10448 1019.16 1008 0.245161 0.2499
42 63 10769 10706 1019.46 1032 0.213964 0.249931
43 63 11024 10961 1019.47 1020 0.082318 0.249911
Total time run: 43.147236
Total reads made: 11024
Read size: 4194304
Bandwidth (MB/sec): 1021.989
Average Latency: 0.249893
Max latency: 0.690079
Min latency: 0.082318
Ayni testi birde read icin yapalim (random)
vahric:~ vahricmuhtaryan$ rados bench -p data 60 rand -t 64
Guzel Linkler
Daha fazla rbd kullanimi icin : http://docs.ceph.com/docs/master/man/8/rbd/
https://www.thomas-krenn.com/en/wiki/Linux_Performance_Measurements_using_vmstat
vmknowledge 