Category Archives: Linux

KVM, Benim icin yeni bir baslangic – Sanal Sunucu Yaratma (ubuntu-vm-builder)

Simdi sira geldi sanal makine yaratmaya, normalde vmware veya hyper-v kullananlar birkez sanal makine yaratip isletim sistemine gore “sysprep” veya benzeri islemleri yapip daha sonra benzeri sanal makineleri yaratmak icin bu imajlari kullanip yollarina devam ederler , openstack dokumanlarina bakildiginda hazir indirilebilir imajlar mevcut ama nasil iliskilendiriliyor bir sonraki makalede inceleyecegim -> http://docs.openstack.org/image-guide/ubuntu-image.html, ek olarak birde virt-install uygulamasina bakacagim cunku openstack olayinda ilk ornekler virt-install ile 🙂

ubuntu-vm-builder

Burada fazla konusmaktansa direkt komut ve aldigi parametreleri gormek daha guzel olacak 🙂

->libvirt + bridge <-

noroot@kvmci:~$ sudo ubuntu-vm-builder kvm trusty –addpkg linux-image-generic –addpkg openssh-server –arch amd64 –hostname server4 –dest server4 –libvirt qemu:///system –bridge bridge1 –mem 1024 –cpus 1 –ip xxx.yyy.zzz.212 –mask 255.255.255.224 –net xxx.yyy.zzz.192 –bcast xxx.yyy.zzz.223 –gw xxx.yyy.zzz.193 –dns 8.8.8.8 ;

Burada onemli konular ;

  • ilk parametre (kvm|xen) gibi , burada hypervisor olarak kvm kullandigimiz icin kvm yazdim
  • isletim sistemi release adini vermelisiniz mesela “trusty” . Hazirda calistiginiz Ubuntu release adini ogrenmek icin “lsb_release -a” komutunu calistirabilirsiniz.
  • Burada onemli bir bug var , ubuntu trusty derlerken mutlaka “–addpkg linux-image-generic” paramteresini ekleyin aksi taktirde islem sonuclanmayacak, ilgili bug id ve link – > https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/1037607
  • Ubuntu icin lutfen dikkat “–addpkg openssh-server” eklemezseniz SSH yapamazsiniz 😀
  • Eger sanal makineyi libvirt ile manage edecekseniz mutlaka bu parametreyi ekleyin “–libvirt qemu:///system”
  • Sanal makinenin sanal network interface’nin baglanacagi bridge’i belirtiyoruz “–bridge bridge1”
  • Memory/cpu gibi bilgiler set edilmis durumda
  • Bunun disinda geri kalan diger paramtereleri vermedik ve onlarin hepsi varsayili olanlar olacak, mesela ;
    • Disk 4 G
    • istenir ise ayretten /opt belirtilebilir ama parametreyi set etmedigimiz icin olmayacak
    • Kullanici adi varsayili olarak ubuntu sifre ubuntu
    • Dil UTC
  • Ek ne tip parametreler set edebilmek icin “sudo ubuntu-vm-builder kvm trusty –help” yazip kontrol edin lutfen
  • Kurulum asamasinda ne oldugunu gormek icin (eger temp path’ini  ubuntu-vm-builder komutunu calistirirken farkli bir yol tanimlamadiysaniz) tail -f /tmp/tmpnMt5S_ bakabilirsiniz
  • Islem bittikten sonra isletim sisteminin icersinde oldugu sanal makinenin qcow2 uzantili dosya ile ilgili ubuntu-vm-builder komutunu nerede calistirdiysaniz, orada olacatir. Islem sonunda tum isletim sistemleri paketleri temp dosyasi adinda ve qcow2 uzantili bir dosyada birlestirilecektir.

 

ubuntu-vm-builder yarattigi isletim sistemi imaji nerede ?

noroot@kvmci:~$ pwd

/home/noroot

noroot@kvmci:~$ ls -al server1/

total 751636

drwxr-xr-x 2 noroot noroot      4096 Nov 27 12:06 .

drwxr-xr-x 9 noroot noroot      4096 Nov 27 15:01 ..

-rwxrwxr-x 1 noroot noroot        68 Nov 27 12:03 run.sh

-rw-r–r– 1 noroot noroot 769720320 Nov 27 12:03 tmpSCgVIU.qcow2

Eger –libvirt qemu:///system eklemezseniz ne olur ? Sanal makineyi libvirt uzerinden yonetemezsiniz , makineyi calistirmak icin islem sonrasi yaratilan bash script’ini kullanmalisiniz.

noroot@kvmci:~$ cd server1/

noroot@kvmci:~/server1$ ls -al

total 751636

drwxr-xr-x 2 noroot noroot      4096 Nov 27 12:06 .

drwxr-xr-x 9 noroot noroot      4096 Nov 27 15:01 ..

-rwxrwxr-x 1 noroot noroot        68 Nov 27 12:03 run.sh

-rw-r–r– 1 noroot noroot 769720320 Nov 27 12:03 tmpSCgVIU.qcow2

run.sh icerigi ….

noroot@kvmci:~/server1$ cat run.sh

#!/bin/sh

exec kvm -m 1024 -smp 1 -drive file=tmpSCgVIU.qcow2 “$@”

Simdi sunucuyu gorelim, burada dikkat etmemiz gereken konu “–all” olayi eger bunu eklemezseniz ilgili makineyi goremezsiniz 😀

 

virsh # list –all

Id    Name                           State

—————————————————-

9     server6                        running

–     server5                        shut off

Calistiralim

noroot@kvmci:~$ virsh start server5

setlocale: No such file or directory

Domain server5 started

Not : Bu arada ben komutlari hep direkt calistiriyorum iserseniz ayni sekilde once “virsh” diyerek virsh# console’a sonrada geri kalan komutu yani “start server5” diyebilirsiniz

Ilgili sanal sunucuyu durdurmak icin , burada “destory” korkutucu gelmesin stop ediyor kendisi 🙂

noroot@kvmci:~$ virsh destroy server5

setlocale: No such file or directory

Domain server5 destroyed

veya

noroot@kvmci:~$ virsh shutdown server5

setlocale: No such file or directory

Domain server5 is being shutdown

Peki sanki bir VMware sanal sunucu gibi vmx dosyasini ve icergini gormek istesek 

noroot@kvmci:~$ virsh edit server5

setlocale: No such file or directory

<domain type=’kvm’>

<name>server5</name>

<uuid>649ccb80-622e-48d2-8a5c-28e5c6f444fd</uuid>

<memory unit=’KiB’>1048576</memory>

<currentMemory unit=’KiB’>1048576</currentMemory>

<vcpu placement=’static’>1</vcpu>

<os>

<type arch=’x86_64′ machine=’pc-i440fx-trusty’>hvm</type>

<boot dev=’hd’/>

</os>

<features>

<acpi/>

</features>

<clock offset=’utc’/>

<on_poweroff>destroy</on_poweroff>

<on_reboot>restart</on_reboot>

<on_crash>destroy</on_crash>

<devices>

<emulator>/usr/bin/kvm</emulator>

<disk type=’file’ device=’disk’>

<driver name=’qemu’ type=’qcow2’/>

<source file=’/home/noroot/server5/tmp9QV2Om.qcow2’/>

<target dev=’hda’ bus=’ide’/>

<address type=’drive’ controller=’0′ bus=’0′ target=’0′ unit=’0’/>

</disk>

<controller type=’usb’ index=’0′>

<address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x01′ function=’0x2’/>

</controller>

<controller type=’pci’ index=’0′ model=’pci-root’/>

<controller type=’ide’ index=’0′>

<address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x01′ function=’0x1’/>

</controller>

<interface type=’bridge’>

<mac address=’52:54:00:39:f8:8e’/>

<source bridge=’bridge1’/>

<model type=’virtio’/>

<address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x03′ function=’0x0’/>

</interface>

<input type=’mouse’ bus=’ps2’/>

<input type=’keyboard’ bus=’ps2’/>

<graphics type=’vnc’ port=’-1′ autoport=’yes’ listen=’0.0.0.0′>

<listen type=’address’ address=’0.0.0.0’/>

</graphics>

<video>

<model type=’cirrus’ vram=’9216′ heads=’1’/>

<address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x02′ function=’0x0’/>

</video>

<memballoon model=’virtio’>

<address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x04′ function=’0x0’/>

</memballoon>

</devices>

</domain>

Bundan sonrasi vi editor kullanmak gibi, eger degisiklik yapicaginiz birsey var ise onu degisitip “wq” save edip sanal sunucuyu tekrardan calistiriyorsunuz.

Interface kismina dikkat, burada sanal sunucunun hangi bridge , sunucuya hangi MAC atandigina ve kart tipini gorebilirsiniz.
“virtio” bizim icin onemli cunku cunku yuksek performans’li network ve disk gereksinimleri icin gerekli, kendisini Xen paravirtualized device veya VMware Guest Tools gibi.

<interface type=’bridge’>

<mac address=’52:54:00:39:f8:8e’/>

<source bridge=’bridge1’/>

<model type=’virtio’/>

<address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x03′ function=’0x0’/>

</interface>

Aaaaa network calisiyor mu diye kontrol etmeyi unuttuk 😦 

ubuntu@server6:~$ ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=49 time=36.1 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=49 time=35.5 ms

64 bytes from 8.8.8.8: icmp_seq=3 ttl=49 time=35.4 ms

Guzel calisiyor… , birde bridge ve ifconfig gorunumune bakalim , asagida bridge’e bagli MAC adresleri aktif olup olmadiklari var

noroot@kvmci:~$ brctl showmacs bridge1

port no mac addr is local? ageing timer

1 00:17:a4:77:0c:95 yes   0.00

1 00:1f:9e:78:e8:87 no   0.32

1 00:24:38:99:bf:00 no   3.57

3 52:54:00:5b:f5:0c no   70.08

1 9c:b6:54:91:cb:2d no   21.43

1 c8:cb:b8:a5:7c:a9 no   0.57

3 fe:54:00:5b:f5:0c yes   0.00

vnet1 bridge e baglanmis , vnet’lerin her biri sanal sunucularin network interface’leri oluyor

noroot@kvmci:~$ brctl show

bridge name bridge id STP enabled interfaces

bridge1 8000.0017a4770c95 no em2

vnet1

ifconfig ciktilarida asagidaki gibi 

vnet1     Link encap:Ethernet  HWaddr fe:54:00:5b:f5:0c

inet6 addr: fe80::fc54:ff:fe5b:f50c/64 Scope:Link

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:629 errors:0 dropped:0 overruns:0 frame:0

TX packets:26569 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:500

RX bytes:67253 (67.2 KB)  TX bytes:1662178 (1.6 MB)

Birde console a nasil dusuyoruzu yapar isek bu is biter 😀 basit anlamda islemleri yapmis olacagiz bunun icin bir iki ayari degisitirip sanal sunucuyu tekrardan calistiracagiz.

Oncelikle sanal sunucu konfograsyon dosyasindaki “graphics”  kisminda 127.0.0.1 yazan kismi asagidaki gibi degisitir ve sanal sunucuyu tekrardan baslatin

<graphics type=’vnc’ port=’-1′ autoport=’yes’ listen=’0.0.0.0′>
<listen type=’address’ address=’0.0.0.0’/>
</graphics>

Yok ise VNC Client indirip , calisitirin. Hangi VNC port’u kullanacaginizi asagidaki komut ile ogrenebilirsiniz

noroot@kvmci:~$ virsh vncdisplay server6

setlocale: No such file or directory

:1

KVM node’un ip adresinin yanina display numarasini ekleyin xxx.yyy.zzz.ttt:1 gibi yukardaki gibi ….

Screen Shot 2015-11-27 at 17.38.29

ve guzellllllll

Screen Shot 2015-11-27 at 17.34.50

Serial Console uzerinden baglanmak icin ; 

https://jaredkipe.com/blog/programming/general/ubuntu-kvm-3-virsh-console-fix/ veya https://help.ubuntu.com/community/KVM/Access

 

VNC Download for MAC : https://www.realvnc.com/download/get/1734/eula/

VM

Advertisements

KVM, Benim icin yeni bir baslangic – Networking 1

Network zamanimizda SDDC ile beraber degisime baslasmis ve VMware NSX , Openstack Networking Neutron , OpenDaylight gibi SDN yaklasimlariylada network alt yapilarini sekillendirme gereksinimlerini koruklemektedir.

Acikcasi o kadar cok VMware ile ilgilenmekten vSwitch , vDS , Virtual Port , Port group , Uplink Port ,  NSX derken KVM, Xen , Openstack networking e donunce soyle bir ne oluyor dedim kendi kendime , onun icin bu konu biraz genis.

Ubuntu dokumantasyonu KVM/Networking anlatirken iki tip seyden bahsediyor ;

  • Usermode Networking
    • Cok basitce guest OS lar network servislerine erisebilirken (NAT yapilmis bir ortam) mesela bir web sayfasini gezip bir yerlere FTP yapabilirken , host edilen ve disariya acik olan servislerin (mesela bir web server olarak calismak (google.com web sitesini host etmek gibi)) sunulmasina imkan verilmez.
  • Bridged Networking –> Bunu simdi uzun uzadiya anlatacagim fakat kisaca kendisi guest OS larin sanal network kartlarinin bagli oldugu bridge ve bu bridge uplink i konumunda olan fiziksel arabirim uzerinden dis network lere erisim saglar.

Oncelikle “Bridge” : Bridge aslinda cok eski bir network deyimi –> http://www.just2good.co.uk/bridgeSwitch.php

Bridge

Essentially, the problem with extending LANs with hubs and repeaters is that signals are amplified, but so too is the noise. Since these devices are dumb, all data is forwarded onto the rest of the network. With many nodes, the result is that the amount of network traffic becomes too volumous and the collision rate increases.

A way around this is to use a more intelligent device such as a bridge. It should be noted that a bridge can be a dedicated piece of hardware, or may also be a suitably configured workstation with two Ethernet network cards.

Bridges allow LANs to be split up into smaller ‘segments’ (called internetworking), yet all machines in the divided network still form a single IP network. A node within a segment in this internetwork will only see frames transmitted by nodes within the same segment, and not frames from nodes in other segments of the internetwork, unless they are forwarded from one segment to the other by the bridge. Hence the bridge performs the filtering of frames in order to limit the amount of network traffic. This is possible because bridges work at Layer 2 (Data Link) of the OSI model. This means that they can examine the data being sent and determine which segment the data needs to be forwarded to.

Gorevi transparan olarak iki network interface i arasinda trafigi gecirmek , OSI ye gore ikinci katmanda calisir yani MAC adresleri ile hasir nesir olur ,  bunu yaparkende protokol bagimsizdir IP , IPX , NetBEUI (heygidi hey) , STP destekler, multiple-bridge destekler

Linux da bridging kernel kodunda ve sanal olarak yapilmakla beraber hardware cihazlara gore birtakim avatajlarida vardir mesela filtering ve traffic shaping gibi . Mesela filtering e ornek olarak “ebtables” verilebilir. Iptables in L2 de calisani gibi dusumebilirsiniz neler yapabilir derseniz buna , ornek derseniz buna tiklayin. Traffic Shaping icin ise Linux da Traffic-Control (tc) ornek verilebilir.

KVM ve sanal makine gozunden baktigimizda bridge = vswitch veya bridge = L2 Switch , yani KVM uzerinde kosan sanal makineleri sanal network interface lerinin baglandigi yazilim tabanli switch. VMware gozunden vSS (vSphere Standard Switches) . Sonuc olarak hypervisor VM ler arasi ve dis networklere dogru trafigi bridge’ler sayesinde iletir.

Burada TUN/TAP , MacVLAN , MacVTap , VEPA diye kavramlar onu sonradan inceleyecegiz. (elde var bir)

Peki Open vSwitch ne ? 

Anahtar konular, elimizde eger birden fazla KVM nodu var ise , network islemlerini bir programatige kavusturmak istiyor isek ve standart trafik bilgi ve olcumleme araclarini  (NetFlow,IPFIX) kullanacaksaniz bu durumda adres Open vSwitch oluyor, biraz daha ayrintiya girecek olur isek.

Durumun Tasinabilirligi : Herhangi bir sanal sunucunun durumunun kolayca saptanabilmesi ve farkli bir KVM host a tasinabilir olmasi gerekir , bunu yaparkende halihazirda sistem calisirken ogrenilmis  L2 learning tablo’larinin , L3 Forwarding tablo’larinin ve set edilmis Access List , QoS , policy routing ve monitoring (NetFlow,IPFIX) ayarlarinin ayni sekilde sanal makinenin yeni yerinde calisiyor olmasi gerekir. Open vswitch bunu saglar.

Network Dinamiklerine cevap verme : Sanal ortamlarda sayisiz vm yaratma , silme , migrate etme gibi islemler yapilir , eger bu islemleri izleyip birseyler tetiklemek istiyorsaniz open vswitch size OVSDB (Network State Database) ve NetFlow gibi araclarla degisiklikleri izleyip aksiyon almanizi saglarlar. Mesela OVSDB sorgulayarak VM Migration lari izleyebilirsiniz. OpenvSwitch hakkinda daha sonra daha ayrintili bakacagim (elde oldu 2)

Baslangic icin bu kadar yeterli, zaten ilk basta linux bridging kullanacagimiz icin , openstack olaylarinida daha sonra girecegimden yola devam (Bu arada openstack e girdigimizde birde ML2 adli plugin le karsilasacagiz ki o da bize KVM host uzerinde networking icin linux bridge mi , openvswitch mi , cisco nexus mu artik ne kullanacagimizi belirleyen bir arabirim olacak) (elde oldu 3)

Simdi bir onceki “KVM, Benim icin yeni bir baslangic – Kurulum” uzerinden devam edelim ;

KVM icin gerekli seyler kurulduktan sonra birkac noktayi belirlemek lazim ;

Oncelikle bir “ifconfig” yapalim , goreceksiniz ki loopback ve ethernet interface’inden farkli bir interface daha var

virbr0    Link encap:Ethernet  HWaddr 76:81:28:9d:b2:05

inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0

UP BROADCAST MULTICAST  MTU:1500  Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Eger “cat /etc/network/interfaces” derseniz hic birsey goremeyeceksiniz 🙂

Bu arada ortada 192.168.122.0/24 bir network turemis ve sart olmasada bridge interface “virbr0” atanmis


Kurulum esnasinda “virbr0” adinda bir bridge yaratilmis ve KVM host uzerindeki herhangi bir fiziksel interface’e atanmamis.

noroot@kvmci:~$ brctl show

bridge name bridge id STP enabled interfaces

virbr08000.000000000000yes


 

Normalde ilk kurulumda herhangi firewall kurali aktif degil idi Ubuntu sunucuda , ne ufw (gufw) nede iptables fakat ilgili kurallar ilgili bridge interface icin otomatik olarak gelmis

noroot@kvmci:~$ sudo iptables -L -v -n

[sudo] password for noroot:

Chain INPUT (policy ACCEPT 236 packets, 20251 bytes)

pkts bytes target     prot opt in     out     source               destination

0     0 ACCEPT     udp  —  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53

0     0 ACCEPT     tcp  —  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53

0     0 ACCEPT     udp  —  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67

0     0 ACCEPT     tcp  —  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target     prot opt in     out     source               destination

0     0 ACCEPT     all  —  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED

0     0 ACCEPT     all  —  virbr0 *       192.168.122.0/24     0.0.0.0/0

0     0 ACCEPT     all  —  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0

0     0 REJECT     all  —  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

0     0 REJECT     all  —  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 160 packets, 18157 bytes)

pkts bytes target     prot opt in     out     source               destination

0     0 ACCEPT     udp  —  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68


 

Birde libvirt kurulumu ile beraber “dnsmasq” turemis durumda , boylece hizli bir sekilde DHCP , DNS , BOOTP/PXE boot gibi servisler hizlica kullanilabilir durumda.

noroot@kvmci:~$ ps -fe | grep dnsmasq

libvirt+  1647     1  0 18:39 ?        00:00:00 /usr/sbin/dnsmasq –conf-file=/var/lib/libvirt/dnsmasq/default.conf

noroot    1824  1714  0 19:04 pts/0    00:00:00 grep –color=auto dn


 

Libvirt api daha onceki makalemizde dedigimiz gibi sadece hypervisor’leri degil ayni zamanda storage, network gibi bilesenleride yonetiyor fakat makalenin bundan sonraki kisminda libvirt virtual networking ile ilgili herhangi birsey yazmayacagim, yapmak istedigim cok kabaca bir VM’e public ip adresi vermek ve onu internet e cikartmak yani bridge i sanki Pass-True cihaz gibi kullanmak.

Oncelikle su fazlaliklari bir atalim , yaratilan bridge , iptables rule lari falan hepsi bir gitsin . Burada libvirt varsayili olarak bu ayarlamalari yaptigindan kaldirmasida cok kolay.

Asagidaki komut  sayesinde libvirt kurulumunda varsayili olarak kurulan default network’unu acilista devreye girmemesini saglayacagiz

noroot@kvmci:~$ virsh net-autostart default –disable

setlocale: No such file or directory

Network default unmarked as autostarted

Durum bu sekilde olacak

noroot@kvmci:~$ virsh net-list

setlocale: No such file or directory

Name                 State      Autostart     Persistent

———————————————————-

default              active     no            yes

Simdi hersey temiz olsun makineyi bir reboot edelim bridge’in kayboldugunu ve iptables kurallarinin gittigini gorelim

Uzerinde calisacagimiz yapinin resmi asagidaki gibi olacak ;

Screen Shot 2015-11-27 at 14.39.02

Yukardaki resimde gordugunuz gibi bir KVM node mevcut ve iki adet network interface’i var, ilgili interface’ler “access mode” tanimli, burada ben ikinci interface’imi “bridge” gereksinimleri icin kullanacagim. Daha sonra sanal makineler yaratilacak ve bridge interface’i kullanaraktan yollarina devam edecekler.

Oncelikle herhangi bir ip adresi atanmamis olan ikinci interface’imi up ediyorum

noroot@kvmci:~$ sudo ifconfig em2 up

brctl” komutu ile “bridge1” adinda bir bridge yaratiyorum

noroot@kvmci:~$ sudo brctl addbr bridge1

[sudo] password for noroot:

Bridge’in kullanacagi network interface’ini set ediyorum

 

noroot@kvmci:~$ sudo brctl addif bridge1 em2

Kontrol edelim ….

noroot@kvmci:~$ brctl show

bridge name bridge id STP enabled interfaces

bridge1 8000.0017a4770c95 no em2

Bridge interface’ini up edelim

noroot@kvmci:~$ sudo ifconfig bridge1 up

Bu islemden sonra “ifconfig” dediginizde bridge interface’inizde gormeye baslayacaksiniz, elimizde henuz makine olmadigindan geri kalan sanal sunucu yaratma ve ilgili bridge interface baglanma olayini o zaman yapacagiz.

Son olarak burada bridge interface yarattigim network interface’i “trunk” ayarlida olabilir , bir baglanti uzerinden birden fazla bridge’de yaratabiliriz ama buradaki makale cok basit bir sekilde neyin ne oldugunu anlamak icin var.

Bu arada ilgili bridge konfigrasyonu KVM Node reboot edildiginde gidecek , kalici ayarlanmis degil.

Guzel Linkler

OVS Hakkinda bunuda izlemeden gecememek lazim bu arada 🙂 https://www.openstack.org/summit/openstack-paris-summit-2014/session-videos/presentation/migrating-production-workloads-from-ovs-to-linux-bridge-w-ml2

http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD
https://github.com/openvswitch/ovs/blob/master/WHY-OVS.md

 

KVM, Benim icin yeni bir baslangic – Kurulum

Biraz acyip olacak simdi /proc/cpuinfo dan islemcinin sanallastirma destegi var mi yokmuyu sorgulamak fakat guzel bir paket varmis “cpu-checker” hic ihtiyacim olmamisti , “kvm-ok” diye bir komut var bu da hos herseyi gosteriyormus ….


 

noroot@kvmci:~$ sudo apt-get install cpu-checker

 

 

noroot@kvmci:~$ kvm-ok

INFO: /dev/kvm exists

KVM acceleration can be used


 

KVM Kurulumuna baslamadan once “libvirt” nedir bi onu anlamak gerek , aslinda daha cok “virsh” komutunu goruyordum her yerde fakat “libvirt” tam olarak nedir pek dikkat etmemistim , simdi anliyorumki “libvirt” aslinda generic bir API , “virsh” komut satirinda calisan libvirt api sini kullanan bir executable, “libvirtd” ise calisan deamon’in adi.

Libvirt API sinin amaci tek bir kutuphane ile birden fazla sanallastirma platform’unun (KVM,VMware,Xen) ve diger network , storage  gibi bilesenleri  yonetmek.

Libvirt FAQ bence onu anlamak icin baslanmasi gereken en guzel yer http://wiki.libvirt.org/page/FAQ#What_is_libvirt.3F
Birde cok kafalara takilan (belkide sadece benim kafama takilmistir) QEMU , KVM-QEMU , KVM diye seyler var ; QEMU emulator olarak geciyor, islemcideki sanallastirma ile gelen ozelliklerini kullanamiyor (Intel-VT ile gelen CPU,RAM,SR-IOV gibi ) fakat virtualizer kullanarak (bu KVM olabilir Xen olabilir) beraber calismaya basladiginda bu kez guest diye adlandirilan sanal makinelerdeki process ler host in CPU sunda direkt calisabilir oluyor
Simdi KVM Kurulumu

vahric:~ vahricmuhtaryan$ sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils

Yukardaki kurulumda dikkatimi ceken paketlerden ikisi ; ubuntu-vm-builder ki kendisi Ubuntu tabali sanal makineler yaratmal icin kullaniliyor, birde “virt-install” var  ki kendisi python script olup Red-Hat tarafindan gelistirilmistir.

Bridge-utils , Linux uzerinde bridge yonetimi yapmak icin gerekli olan araclari kuracaktir.

Ubuntu da 14.04 ve sonrasi icin artik kullanici yaratmak ve bu kullaniciyi libvirtd gurubuna eklemek gibi seyler yapmaya gerek yok.

Kurulum bittikten sonra saglama yapalim ;

KVM modulu yuklenmis

noroot@kvmci:~$ lsmod | grep kvm

kvm_intel             143630  0

kvm                   452096  1 kvm_intel

Libvirtd calisiyor

noroot@kvmci:~$ ps -fe | grep libvirtd

root     11766     1  0 19:36 ?        00:00:00 /usr/sbin/libvirtd -d

noroot   12101 12008  0 19:53 pts/2    00:00:00 grep –color=auto libvirtd

Aslinda direkt ‘virsh’ yazip cli> a dusup’de “list” yazabilirsiniz fakat direk console dan -c ile localhost a baglanipda yazabiliyoruz

noroot@kvmci:~$ virsh -c qemu:///system list

setlocale: No such file or directory

Id    Name                           State

—————————————————-

noroot@kvmci:~$

Bundan sonra yonetmek icin eger krafik aramabirim istiyorsaniz “virt-manager” kurabilirsiniz …..

Bir sonraki adimda Networking ….

 

Guzel Linkler :

http://www.qemu.org

4 in 1 fast config of DHCP NTP NFS and RSYSLOGD for me

Step 1 –> I need a DHCP server for multiple subnets, here is the config

->To install DHCP packages
sudo apt-get install isc-dhcp-server

->To set which interface will listen DHCP requests
sudo vi /etc/default/isc-dhcp-server

->Here configure INTERFACES=”” section for multiple interface use like this INTERFACES=”eth1 eth2″

->Do some config for subnets , i did not change something about general just added the lines end of the file

sudo vi /etc/dhcp/dhcpd.conf

# vCenter Site A Mng Block
subnet 10.111.31.0  netmask 255.255.255.0 {
range 10.111.31.100 10.111.31.150;
option routers                  10.111.31.1;
option subnet-mask              255.255.255.0;
option broadcast-address        10.111.31.255;
option domain-name-servers      8.8.8.8;
}

->To see the dhcp deamon
sudo service isc-dhcp-server start

->To see the process
dhcpd     1705     1  0 11:35 ?        00:00:00 dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf eth1

->To see the leases
cat /var/lib/dhcp/dhcpd.leases

Thats it !

Step 2 –> I need a Local Time Server because my nodes do not have internet connectivity

-> To install ntp packages

sudo apt-get install ntp

-> Jump in to config , i changed already ubuntu time server with my local
vi /etc/ntp.conf

-> These are for Turkey local NTP provider

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
server ntp1.ulakbim.gov.tr
server ntp2.ulakbim.gov.tr

-> These are default don’t touch

# By default, exchange time with everybody, but don’t allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

->Add you nodes network to query time from you

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
restrict 10.111.31.0 mask 255.255.255.0 nomodify notrap
restrict 10.111.34.0 mask 255.255.255.0 nomodify notrap

->Start the service

noroot@ubudhcpdns:~$ sudo /etc/init.d/ntp restart
* Stopping NTP server ntpd                                                                                                                                           [ OK ]
* Starting NTP server ntpd

-> Query it
noroot@ubudhcpdns:~$ ntpq -c lpeer
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+samur.ulak.net. 131.188.3.221    2 u  565   64    0    9.141    3.471   0.184
*193.140.100.41  130.149.17.21    2 u   97   64  326    9.018    2.773   1.273
juniperberry.ca .INIT.          16 u    –  512    0    0.000    0.000   0.000

->I used it for local ESX i nodes, check it

[root@vCENTER-sITE-a:~] ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*10.111.31.3     193.140.100.41   3 u   51   64  377    0.072    8.987   0.408

Thats it !

Step 3 –> I need a iso store , install nfs and share it

-> To install ntp packages
noroot@ubudhcpdns:~$ sudo apt-get install nfs-kernel-server

-> Configure export , first create the folder start to upload iso files and then export it

sudo vi /etc/exports

/isos  *(ro,sync,no_root_squash)

noroot@ubudhcpdns:/$ sudo /etc/init.d/nfs-kernel-server start
* Exporting directories for NFS kernel daemon…                                                                                            exportfs: /etc/exports [1]: Neither ‘subtree_check’ or ‘no_subtree_check’ specified for export “*:/isos”.
Assuming default behaviour (‘no_subtree_check’).
NOTE: this default has changed since nfs-utils version 1.0.x

[ OK ]
* Starting NFS kernel daemon

Thats it !

Step 4 –> Configure rsyslogd to convert your server central logging

–> First create a folder name “loggs” then change the owner of it

noroot@rabbitmq:/var/log$ sudo chown syslog:adm /logss

Above i used syslog:adm because under /var folder some of folders owner set like that

–> Edit rsyslogd.conf and add/changes realated lines

(myself i activated udp/tcp together)
# provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 514

# provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 514

and add such lines end of the file

# Dynamic Remote Loggin Config

$template FILENAME,”/logss/%fromhost-ip%/syslog.log”

*.* ?FILENAME

–> Restart rsyslogd and try you get the logs or not !

Some notes :

its possible to use %PROGRAMNAME% tag for file creation

*.* ?FILENAME –> get all type of events not just only “cron.*” or others and ?FILENAME is like a placeholder

then under the path with host ip address logs are will be stored

VM

 

 

Centos&Redhat6 and NIC Bonding

Today i learned that on Centos6 and of course on Redhat6 also i can say Oracle Linux6 modprobe config is changed

Part 1 

Lets quick configure the bonding

its same like before you have to create a ifcfg-bond0 and  configure nics which will join the bonding

vi /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
IPADDR=your.ip.add.ress
NETWORK=your.net.work.0
NETMASK=255.255.255.0
USERCTL=no
BOOTPROTO=none
ONBOOT=yes

Then configure nics which will join the bonding

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

same for other nics which will be slave of  bond0

Now, we arrived modprobe config. Old versions of Centos/Redhat bonding configurations should be set with /etc/modprobe.conf but with Centos6 its little different. You have to get in /etc/modprobe.d folder and create a file  like below

vi /etc/modprobe.d/bonding.conf

alias bond0 bonding
options bond0 mode=balance-alb miimon=100

Be sure that cables are connected to nics

You can find on some articles like modprobe bonding and restart the service network, these are not worked for me , pls try to restart server

Related commands will help you for see everything

cat /proc/net/bonding/bond0
ifconfig

For balancing mode pls check this article http://www.cyberciti.biz/howto/question/static/linux-ethernet-bonding-driver-howto.php

Part 2

This is update after over this article

Pls be sure that NetworkManager service is closed

chkconfig NetworkManager off

Second , its very important that move options line from /etc/modprobe.d/bonding.conf to /etc/sysconfig/network-scripts/ifcfg-bond0 like below

[root@kahin02-11g ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond1
DEVICE=bond1
IPADDR=10.79.79.2
NETWORK=10.79.79.0
NETMASK=255.255.255.0
USERCTL=no
ONBOOT=yes
BONDING_OPTS=”mode=6 miimon=100″

Also if you disable NetworkManager you have to care about DNS like below

DEVICE=bond0
IPADDR=xxx.yyy.zzz.ttt
NETWORK=xxx.yyy.zzz.ttt
NETMASK=255.255.255.0
USERCTL=no
ONBOOT=yes
DNS2=8.8.8.8
DNS1=8.8.4.4
BONDING_OPTS=”mode=6 miimon=100″

And one more , i couldn’t fix the default gw issue to solve this added such line in rc.local

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
route add default dev bond0 gw you.gateway.ip.address

Also i would like to add such out, if you see this think that you have a mistake, you should not see xxx.yyy.ttt.fff everywhere , just only under of bonding interfaces.

bond0 Link encap:Ethernet HWaddr E4:1F:13:68:6E:20
inet addr:xxx.yyy.ttt.fff Bcast:81.21.160.255 Mask:255.255.255.0
inet6 addr: fe80::e61f:13ff:fe68:6e20/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:359 errors:0 dropped:0 overruns:0 frame:0
TX packets:520 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:55635 (54.3 KiB) TX bytes:37727 (36.8 KiB)

bond1 Link encap:Ethernet HWaddr 00:15:17:CF:7F:A0
inet addr:10.79.79.2 Bcast:10.79.79.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:fecf:7fa0/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:256 errors:0 dropped:1 overruns:0 frame:0
TX packets:410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:20137 (19.6 KiB) TX bytes:26388 (25.7 KiB)

eth0 Link encap:Ethernet HWaddr E4:1F:13:68:6E:20
inet addr:xxx.yyy.ttt.fff Bcast:81.21.160.255 Mask:255.255.255.0
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:359 errors:0 dropped:0 overruns:0 frame:0
TX packets:520 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:55635 (54.3 KiB) TX bytes:37727 (36.8 KiB)

eth1 Link encap:Ethernet HWaddr E4:1F:13:68:6E:22
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth2 Link encap:Ethernet HWaddr 00:15:17:CF:7F:A1
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:26 Memory:97c60000-97c80000

eth3 Link encap:Ethernet HWaddr 00:15:17:CF:7F:A0
inet addr:xxx.yyy.ttt.fff Bcast:81.21.160.255 Mask:255.255.255.0
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:256 errors:0 dropped:0 overruns:0 frame:0
TX packets:410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20137 (19.6 KiB) TX bytes:26388 (25.7 KiB)
Interrupt:25 Memory:97c20000-97c40000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2028 (1.9 KiB) TX bytes:2028 (1.9 KiB)

usb0 Link encap:Ethernet HWaddr E6:1F:13:5A:6E:23
inet addr:xxx.yyy.ttt.fff Bcast:81.21.160.255 Mask:255.255.255.0
inet6 addr: fe80::e41f:13ff:fe5a:6e23/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3640 (3.5 KiB) TX bytes:468 (468.0 b)

VM

After Redhat/Centos come to Debian, hey where are all my known commands,apps and files ….. Round2

Round 2, need to be install ngix and apache together and side effects (sorry this is very long article,pls do not lost inside)

Need to be check the apt index means repository update, second one show the which software have a update

apt-get update

apt-get upgrade –show-upgraded

apt-get -u upgrade (this command also have same result like –show-upgraded)

To see whats inside repository pls execute such command like below with what you would like to search

apt-cache search apache | less

Now switch to better command then apt-get 🙂 its another api use apt-get http://wiki.debian.org/Aptitude

root@WebApp02:~# aptitude search apache2-mpm

v apache2-mpm –
p apache2-mpm-event – Apache HTTP Server – event driven model
p apache2-mpm-itk – multiuser MPM for Apache 2.2
p apache2-mpm-prefork – Apache HTTP Server – traditional non-threaded model
p apache2-mpm-worker – Apache HTTP Server – high speed threaded model

if you see any <i< on first column instead of <p< then its means that related software already installed

apache2ctl -l

the command on the top is another way to understand core files which apache compiled

I’m installing apache-mpm-event software, for worker or pre fork replace after mpm- with required one …
Be aware that if you are using event or worker you can not install php5 later 🙂 heheh you should install php fast cgi because of compatibility between php5 software and apache-mpm, actually  you can install but package manager apt will remove event or worker one and install pre fork when you install the php5 not php fast cgi

root@WebApp02:~# aptitude install apache2-mpm-event

The following NEW packages will be installed:

apache2-mpm-event apache2-utils{a} apache2.2-bin{a} apache2.2-common{a} libapr1{a} libaprutil1{a}

libaprutil1-dbd-sqlite3{a} libaprutil1-ldap{a} ssl-cert{a}

0 packages upgraded, 9 newly installed, 0 to remove and 0 not upgraded.

Need to get 2,170 kB of archives. After unpacking 7,385 kB will be used.

Do you want to continue? [Y/n/?] y

installed and running, very fast to me 😀

Apache config files are under /etc/apache2, very interesting for me because i’m very familiar apache on redhat/centos almost one file and go but okay, go
i found some new folders like site-enabled or site-available, meanings ? find good explanation from this link http://www.debian-administration.org/articles/207

This is from end of the apache2.conf

# Include the virtual host configurations: Include sites-enabled/

This is the folder inside, all request redirected to default site , but we will change it shortly

root@WebApp02:/etc/apache2# cd sites-enabled/
root@WebApp02:/etc/apache2/sites-enabled# ls -al total
8 drwxr-xr-x 2 root root 4096 Sep 3 00:25 .
drwxr-xr-x 7 root root 4096 Sep 3 00:34 ..
lrwxrwxrwx 1 root root 26 Sep 3 00:25 000-default -> ../sites-available/default

Before installation of ngix i went to ports.conf and 000-default files , on ports.conf changed listen and NameVirtualHost to 8080, and same on 000-default
Restarted apache2 with /etc/init.d/apache2 stop and /etc/init.d/apache2 start and i can access the working page with server ip and port 8080

For nginx, no any result when i search it

root@WebApp02:~# aptitude search ngix
root@WebApp02:~#

i need to learn Debian version, pls expect that i don’t know what version of installed, very closer file on Debain like Redhat heheheh

root@WebApp02:~# cat /etc/debian_version
6.0.5

Add such lines in apt repo source file , first edit it

root@WebApp02:~# vi /etc/apt/sources.list

second add such lines and save the file

## For Ngix
deb http://nginx.org/packages/debian/ squeeze nginx
deb-src http://nginx.org/packages/debian/ squeeze nginx

Related Nginx repo need to be update with apt-get update but you will get an error to fix it do like below

root@WebApp02:~# gpg –keyserver keyserver.ubuntu.com –recv-key ABF5BD827BD9BF62
gpg: requesting key 7BD9BF62 from hkp server keyserver.ubuntu.com
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 7BD9BF62: public key “nginx signing key <signing-key@nginx.com>” imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)

root@WebApp02:~# gpg -a –export ABF5BD827BD9BF62 | apt-key add – OK

if you don’t know what is gig pls read this http://www.gnupg.org/

You got it !

root@WebApp02:~# aptitude search nginx p nginx – HTTP and reverse proxy server, as well as a mail proxy server p nginx-common – small, powerful, scalable web/proxy server – common files p nginx-dbg – Debugging symbols for nginx p nginx-debug – not stripped version of nginx build with the debugging log p nginx-doc – small, powerful, scalable web/proxy server – documentation p nginx-extras – nginx web/proxy server (extended version) p nginx-extras-dbg – nginx web/proxy server (extended version) – debugging symbols p nginx-full – nginx web/proxy server (standard version) p nginx-full-dbg – nginx web/proxy server (standard version) – debugging symbols p nginx-light – nginx web/proxy server (basic version) p nginx-light-dbg – nginx web/proxy server (basic version) – debugging symbols p nginx-naxsi – nginx web/proxy server (version with naxsi) p nginx-naxsi-dbg – nginx web/proxy server (version with naxsi) – debugging symbols p nginx-naxsi-ui – nginx web/proxy server – naxsi configuration front-end

You will see that nginx is on list :), go install it, after install nginx will run with default configuration

root@WebApp02:~# apt-get install nginx

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following NEW packages will be installed:

nginx

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 483 kB of archives.

After this operation, 1,061 kB of additional disk space will be used.

Get:1 http://nginx.org/packages/debian/ squeeze/nginx nginx amd64 1.2.3-1~squeeze [483 kB]

Fetched 483 kB in 2s (177 kB/s)

Selecting previously deselected package nginx.

(Reading database … 34219 files and directories currently installed.)

Unpacking nginx (from …/nginx_1.2.3-1~squeeze_amd64.deb) …

———————————————————————-

Thanks for using NGINX!

Check out our community web site:

* http://nginx.org/en/support.html

If you have questions about commercial support for NGINX please visit:

* http://www.nginx.com/support.html

———————————————————————-

Setting up nginx (1.2.3-1~squeeze) …

Check the processes, you should see the nginx processes

root@WebApp02:~# ps -fe

root 12253 1 0 01:12 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 12254 12253 0 01:12 ? 00:00:00 nginx: worker process
root 12255 10647 0 01:14 pts/3 00:00:00 ps -fe

See whats listening

root@WebApp02:~# netstat -an

Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:54476 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 213.155.101.195:22 212.58.13.11:59474 ESTABLISHED tcp 0 0 213.155.101.195:22 212.58.13.11:60528 ESTABLISHED tcp 0 0 213.155.101.195:22 212.58.13.11:64825 ESTABLISHED tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN udp 0 0 0.0.0.0:38324 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:654 0.0.0.0:*

After request you will see that nginx is working , okay back to the apache again

Install php scripting language and module for apache2 modules(do not execute something before read next paragraph )

root@WebApp02:~# aptitude install php5 libapache2-mod-php5

This installation will inform you to remove mpm-event and install mpm-prefork, if you want to use mpm-event use fastcgi instead of mod-php5

After i install all i saw that i need more new version php then installed , on centos we generally use atomic, need to be learn same thing available on debian or not. Of course, some guys working on it for example i used http://www.dotdeb.org/

From this link you can get related lines need to be added apt source list http://www.dotdeb.org/instructions/
Very import an pls read the dot deb before install because maybe you should not install php5 before add dot deb repo, on my installation i do not have a chance but its worked.
My colleague Salih said that another possibility too, maybe you can need https://launchpad.net/~ondrej/+archive/php5

How i told you if you installed php5 before add dot deb to source list debian package manager do not upgrade the php5 to last version or what dot deb provide
Here need to be use different command which is below . Read the change log installation time very important for developers of site also because of compatibility issue  read what will be removed. From change log you can quit with type <q< key (hope i remember well,sorry)

root@WebApp02:~# apt-get dist-upgrade

Reading package lists… Done

Building dependency tree

Reading state information… Done

Calculating upgrade… Done

The following packages will be REMOVED:

php5-suhosin

The following packages will be upgraded:

libapache2-mod-php5 php5 php5-cli php5-common php5-mysql

5 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.

Need to get 6,158 kB of archives.

After this operation, 1,079 kB of additional disk space will be used.

Do you want to continue [Y/n]? y

Get:1 http://packages.dotdeb.org/ squeeze-php54/all php5-cli amd64 5.4.6-1~dotdeb.0 [2,695 kB]

Get:2 http://packages.dotdeb.org/ squeeze-php54/all php5-mysql amd64 5.4.6-1~dotdeb.0 [79.6 kB]

Get:3 http://packages.dotdeb.org/ squeeze-php54/all libapache2-mod-php5 amd64 5.4.6-1~dotdeb.0 [2,802 kB]

Get:4 http://packages.dotdeb.org/ squeeze-php54/all php5-common amd64 5.4.6-1~dotdeb.0 [580 kB]

Get:5 http://packages.dotdeb.org/ squeeze-php54/all php5 all 5.4.6-1~dotdeb.0 [1,012 B]

Fetched 6,158 kB in 8s (716 kB/s)

Reading changelogs… Done

You can add mysql client support on php5

root@WebApp02:~# apt-get install php5-mysql

Now,remove the old default redirection

root@WebApp02:~# a2dissite default
Site default disabled.
Run ‘/etc/init.d/apache2 reload’ to activate new configuration!

root@WebApp02:~# /etc/init.d/apache2 reload
Reloading web server config: apache2apache2: Could not reliably determine the server’s fully qualified domain name, using xxx.xxx.xxx.xxx for ServerName
[Mon Sep 03 17:55:55 2012] [warn] NameVirtualHost *:8080 has no VirtualHosts
.

Do you remember default000, its gone

root@WebApp02:/etc/apache2/sites-enabled# ls -al
total 8
drwxr-xr-x 2 root root 4096 Sep 3 17:55 .
drwxr-xr-x 7 root root 4096 Sep 3 00:51 ..

Go to /etc/apache2/sites-available folder and create a file name with what domain you will host, for example example.net

<VirtualHost *:8080>

ServerAdmin webmaster@example.net

ServerName example.net

ServerAlias http://www.example.net

DocumentRoot /srv/www/example.net/public_html/

ErrorLog /srv/www/example.net/logs/error.log

CustomLog /srv/www/example.net/logs/access.log combined

</VirtualHost>

Create related folders

mkdir -p /srv/www/example.net/public_html

mkdir /srv/www/example.net/logs

Enable domain for hosting , execute such line on console

a2ensite example.net

and restart apache , for test upload your test content in related folder

One note to you, i couldn’t find out module and php handlers informations, i feel like junior , go to /etc/apache2/mods-enabled folder , .load files what red hat/centos users familiar in httpd.conf module loads rows , confs are again configs for such modules for example after install php5.conf you will see the handlers.

root@WebApp02:/etc/apache2# cd mods-enabled/

root@WebApp02:/etc/apache2/mods-enabled# ls -al

total 8

drwxr-xr-x 2 root root 4096 Sep  3 22:55 .

drwxr-xr-x 7 root root 4096 Sep  3 23:23 ..

lrwxrwxrwx 1 root root   28 Sep  3 00:25 alias.conf -> ../mods-available/alias.conf

lrwxrwxrwx 1 root root   28 Sep  3 00:25 alias.load -> ../mods-available/alias.load

lrwxrwxrwx 1 root root   33 Sep  3 00:25 auth_basic.load -> ../mods-available/auth_basic.load

lrwxrwxrwx 1 root root   33 Sep  3 00:25 authn_file.load -> ../mods-available/authn_file.load

lrwxrwxrwx 1 root root   36 Sep  3 00:25 authz_default.load -> ../mods-available/authz_default.load

lrwxrwxrwx 1 root root   38 Sep  3 00:25 authz_groupfile.load -> ../mods-available/authz_groupfile.load

Last thing, configure nginx quickly and without complex config , go to /etc/nginx/conf.d , copy the content of default somewhere and replace it with below and restart nginx service , thats it everything should be work

server {

listen 80;

server_name _;

proxy_set_header Host $http_host;

proxy_set_header  X-Real-IP  $remote_addr;

proxy_connect_timeout 6000;

location ~ .+$ {

proxy_set_header  X-Real-IP  $remote_addr;

proxy_set_header Host $http_host;

proxy_pass   http://127.0.0.1:8080;

}

}

Good Links

http://articles.slicehost.com/2010/5/20/configuring-the-apache-mpm-on-debian
http://kb.parallels.com/en/113007
http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-debian-lenny-lamp (LAMP)
http://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-debian-lenny (Fast-Cgi)
http://www.hardened-php.net/suhosin/

After Redhat/Centos come to Debian, hey where are all my known commands and files ….. Round1

i’m too new to Debian, really its very hard to adapt after Redhat and Centos but have to 🙂

First error after installation on log files, its good to fine out messages file on there

WebApp01 mpt-statusd: detected non-optimal RAID status

Aaa, i couldn’t find out great solution but too much people think that its a bug and seen on vmware, but good that i know how can i stop to get such error

issue come from mph-statusd deamon , its looks like used query LSI SCSI HBAs , related process like below

root      1293     1  0 22:05 ?        00:00:00 /usr/bin/daemon /etc/init.d/mpt-statusd check_mpt
root      1294  1293  0 22:05 ?        00:00:00 /bin/sh /etc/init.d/mpt-statusd check_mpt

Need to be stop such deamon on status, but how 😀 this is fantastic, no any command i know but found it

install the related tools to do it like below

apt-get install rcconf

and then run rcconf and its easy remove the asterisk from mph-statusd, if you want remove then its gone

its exactly execute command update-rc.d, command out like below

update-rc.d: using dependency based boot sequencing
update-rc.d: warning: mpt-statusd start runlevel arguments (none) do not match LSB Default-Start values (2 3 4 5)
update-rc.d: warning: mpt-statusd stop runlevel arguments (0 1 2 3 4 5 6) do not match LSB Default-Stop values (0 1 6)

Second error is locale , i was afraid zoo much but same thing on my article helped me , just add lines below under /etc/environment, logout and logon, perfect, working

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = “en_US:en”,
LC_ALL = (unset),
LC_CTYPE = “UTF-8”,
LANG = “en_US.UTF-8”
are supported and installed on your system.
perl: warning: Falling back to the standard locale (“C”).

to fix ->

LANG=en_US.utf-8
LC_ALL=en_US.utf-8

Just wonder that vmware tools work with it ? I don’t know, downloaded , untar it under /usr/local/src and execute perl vmware-install.pl , error 😀

Error: Unable to find the binary installation directory (answer BINDIR)
in the installer database file “/etc/vmware-tools/locations”.

Nice article http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1013159

rm /etc/vmware-tools/locations

This is happened because i was started installation for test the perl, after some overwrite questions now real questions like where is the binary files 🙂

But before the installation pls check you have gcc and kernel headers , if you do not have install it

apt-get install gcc

apt-get install linux-headers-$(uname -r)

apt-get install make

Note : Still first DVD is mounted

Then install the vmware tools again, reboot the system and check vmware tools status, for me its working

Round 1 over 😉

VM

Scan FC or iSCSİ Disk on Linux, remove and format without reboot if fdisk want reboot it and find out WWN of HBA

Many times i was searching on internet and collect many thing from many page about add a new disk to linux OS after that decide to put everything on one place

After assign the LUN from storage to host , on command line of you server pls type below

echo “- – – ” > /sys/class/scsi_host/*host_number*/scan

You can find out host number under ;

/sys/class/scsi_host

On my servers i can see many hosts there like host0,host1,host2 then don’t need to think twice execute the command with all or I’m not %100 sure but on Redhat6/Centos6 you can find out vi execute command below to get HBA ports

 cat /sys/class/fc_host/host

then with fdisk -l you should find the disk , if you are using MPIO then you should check /dev/mapper/mpath* or /dev/dm-*

When execute fdisk and save the new partition sometimes you can get “You should restart to host to use new partition” , don’t worry execute command below

partprobe

but sometimes only execute this can work, sometimes no , then pls execute below

partprobe /dev/mapper/mpath1

Also sometime you need to remove such assigned partition , to do it pls unmount from OS, unassign from storage and read the last link under related links for short see below

# echo 1 > /sys/block/devName/device/delete
# echo 1 > /sys/block/sdc/device/delete

Extra ….

To find out HBA WWNs pls execute below

[root@kahin1 ~]# cat /sys/class/fc_host/host5/port_name
0x21000024ff03f0b0

Related Links and many thanks to they

http://jreypo.wordpress.com/2010/10/28/how-to-rescan-the-scsi-bus-in-linux/
http://zhigang.org/blog/using-partprobe-to-avoid-reboot-after-re-partition/
http://www.linuxquestions.org/questions/linux-hardware-18/how-to-configure-a-hba-card-and-see-its-wwn-676199/
http://www.cyberciti.biz/tips/vmware-add-a-new-hard-disk-without-rebooting-guest.html

Pls command this article if something missing and not working or you do not find out what you are searching

VM