two node heartbeat cluster for fallover

We’ve got 2 machines colo’d at work for the project we’re currently developing, a nice beefy main machine an a lightweight backup.
The plan is to have the main machine with 2 VMs, 1 for Apache2/PHP5.3 the other just as MySQL, these would be on separate disk drives too. The backup would be similar except no second drive and the MySQL would be replicated from the primary.
One is 32bit lucid other is 64bit lucid, the R200 backup wont take 64bit VMs for some reason.

root@mauve:/home/gabriel# uname -n
mauve
address 172.16.250.17

root@lavender:/home/gabriel# uname -n
lavender
address 172.16.250.14

These commands are to be used on both machines.

aptitude install build-essential
aptitude install heartbeat
cd /etc/ha.d/
cp /usr/share/doc/heartbeat/authkeys ./
cp /usr/share/doc/heartbeat/ha.cf.gz ./
cp /usr/share/doc/heartbeat/haresources.gz ./
gunzip ha.cf.gz
gunzip haresources.gz

root@lavender:/etc/ha.d# ls
authkeys  conf  cts  ha.cf  harc  haresources  rc.d  README.config  resource.d  shellfuncs

nano authkeys

and append to the file

auth 2
2 sha1 test-ha

chmod 600 /etc/ha.d/authkeys
nano ha.cf

and uncomment

logfile /var/log/ha-log
keepalive 2
deadtime 30
initdead 120
bcast   eth0            # Linux
udpport 694
node    lavender
node    mauve

we mark mauve as the primary node, with the virtual ip it’s to be on, and the service we want to show as high availability

nano haresources

append to file

mauve 172.16.250.16 apache2

nano /etc/apache2/sites-available/site.conf

DocumentRoot /var/www/site/public
ServerName site.domain.com

Tags: apache, fallover, heartbeat, howto, linux, monitoring, server

ssh key problems with encrypted home dir

I recently installed two VMs, both 10.04, both set up exactly the same way, encrypted home dirs, seperate partitions for / /var /home, but one of them refused to accept my key pair,

Jun 13 21:15:52 indigo sshd[1860]: pam_sm_authenticate: Called
Jun 13 21:15:52 indigo sshd[1860]: pam_sm_authenticate: username = [gabriel]
Jun 13 21:15:52 indigo sshd[1862]: Passphrase file wrapped
Jun 13 21:15:53 indigo sshd[1862]: Error attempting to add filename encryption key to user session keyring; rc = [1]
Jun 13 21:15:53 indigo sshd[1860]: Accepted password for gabriel from 172.16.100.13 port 58556 ssh2
Jun 13 21:15:53 indigo sshd[1860]: pam_unix(sshd:session): session opened for user gabriel by (uid=0)

found this bug report with a fix inside it

/sbin/umount.ecryptfs_private
cd $HOME
chmod 700 .
mkdir -m 700 .ssh
chmod 500 .
echo publickey > .ssh/authorized_keys
/sbin/mount.ecryptfs_private

Tags: keypair, linux, server, ssh, ubuntu

installing vmware server 2.0.2 on ubuntu lucid problems

After getting vmware server 2 working, once more, under hardy and writing this post

http://autonomicpilot.co.uk/installing-vmware-server-2/

I encountered a few problems

/tmp/vmware-config2/vmmon-only/./include/vm_asm_x86_64.h:56:7: warning: "_MSC_VER" is not defined
In file included from /tmp/vmware-config2/vmmon-only/linux/driver.c:119:
/tmp/vmware-config2/vmmon-only/./common/hostif.h:53:7: warning: "WINNT_DDK" is not defined
/tmp/vmware-config2/vmmon-only/linux/driver.c: In function ‘LinuxDriverSyncCallOnEachCPU’:
/tmp/vmware-config2/vmmon-only/linux/driver.c:1423: error: too many arguments to function ‘smp_call_function’
/tmp/vmware-config2/vmmon-only/linux/driver.c: In function ‘LinuxDriver_Ioctl’:
/tmp/vmware-config2/vmmon-only/linux/driver.c:1987: error: ‘struct task_struct’ has no member named ‘euid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:1987: error: ‘struct task_struct’ has no member named ‘uid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:1988: error: ‘struct task_struct’ has no member named ‘fsuid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:1988: error: ‘struct task_struct’ has no member named ‘uid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:1989: error: ‘struct task_struct’ has no member named ‘egid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:1989: error: ‘struct task_struct’ has no member named ‘gid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:1990: error: ‘struct task_struct’ has no member named ‘fsgid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:1990: error: ‘struct task_struct’ has no member named ‘gid’
/tmp/vmware-config2/vmmon-only/linux/driver.c:2007: error: too many arguments to function ‘smp_call_function’
make[2]: *** [/tmp/vmware-config2/vmmon-only/linux/driver.o] Error 1
make[1]: *** [_module_/tmp/vmware-config2/vmmon-only] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-22-server'
make: *** [vmmon.ko] Error 2
make: Leaving directory `/tmp/vmware-config2/vmmon-only'
Unable to build the vmmon module.

We have a dev server in the office, and prior to upgrading the real servers in the DC to lucid I thought it best to upgrade the devserver, which has a similar set up from hardy to lucid.
The upgrade itself went without a hitch, however when it came to getting vmware server under way there were some major headaches.
It seems that once again vmware is having a major fit working with the latest kernel release, this normally results in a panicked couple of hours hunting for scripts via google. Thankfully I was able to find this guide from a chap who had created his own patch, which works beautifully.

http://radu.cotescu.com/2009/10/30/how-to-install-vmware-server-2-0-x-on-ubuntu-9-10-karmic-koala/

First download the script

wget http://codebin.cotescu.com/vmware/vmware-server-2.0.x-kernel-2.6.3x-install.sh

You actually end up with an archive, presumably due to some redirection

tar -zxvf raducotescu-vmware-server-linux-2.6.3x-kernel-592e882.tar.gz
cp VMware-server-2.0.2-203138.x86_64.tar.gz raducotescu-vmware-server-linux-2.6.3x-kernel-592e882/
cd raducotescu-vmware-server-linux-2.6.3x-kernel-592e882
./vmware-server-2.0.x-kernel-2.6.3x-install.sh

and away his script goes, patching the files. There comes up a plethora of warnings but it gets through without the huge errors I was getting before.
It takes you fully through the install and setup as it usually would, and a minute or 2 later I’m able to log into vmware and get the VMs going

Tags: howto, kernel 2.6.3x, server, ubuntu, vmware, vmware server 2

setting up munin monitoring on ubuntu lucid

On you munin hosting machine, munin.autonomicpilot.co.uk with an ip of 111.11.1.2

aptitude install apache2 munin munin-node

nano /etc/apache2/conf.d/munin
Allow from all
#Allow from localhost 127.0.0.0/8 ::1

nano /etc/munin/munin.conf
[munin.autonomicpilot.co.uk]
address 127.0.0.1
use_node_name yes
#another server to monitor
[alpha.autonomicpilot.co.uk]
address 111.11.1.3
use_node_name yes

nano /etc/munin/munin-node.conf
user munin
group munin
allow ^127\.0\.0\.1$

And then on another machine you wish to keep tabs on, alpha.autonomicpilot.co.uk with ip 111.11.1.3

sudo aptitude install munin-node

nano /etc/munin/munin-node.conf
user munin
group munin
allow ^111\.11\.1\.2$

Tags: howto, linux, monitoring, munin, server, ubuntu

sending email from zend framework via gmail

3 posts in a week, I don’t know how the internet copes.

This is the usual sort of reminder to myself on how to do something,
specifically use zend framework to send mail via gmail.
I already have zend framework on my php path so away we go

Read more…

Tags: email, gmail, howto, smtp, zend, zend framework

adding ssl certs to apache under ubuntu

This is kind of a blog to myself, since it always takes me ages to remember and figure it out

openssl genrsa -des3 -out server.key 1024
or if you want to not have to put a password in everytime apache restarts
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

sudo a2enmod ssl

-c create -m md5
root@alpha:/var/www# htpasswd -cm .htpasswd icheevers
don’t need -c
root@alpha:/var/www# htpasswd -m .htpasswd icheevers2

<VirtualHost *:>
    DocumentRoot /var/www/public_html
    ServerName www.autonomicpilot.co.uk
    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
    <Location />
        AuthType Basic
        AuthName 'Devlopement site'
        AuthUserFile /var/www/htpasswd
        Require valid-user</p>
    </Location>
</VirtualHost>

Tags: apache, howto, https, server, ssl, ubuntu

Installing vmware server 2

sudo aptitude install build-essential
sudo aptitude install linux-headers-`uname -r`
download
scp it to server
tar xvfz VMware-server-*.tar.gz
cd vmware-server-distrib
sudo ./vmware-install.pl
just keep smacking enter

If you wanna use root as athe user who can access it that’s fine, but you have to give root a passwd then, which ubuntu doesn’t do by default.
The disadvantage to giving the root as the user means you can’t seperate the user who is the main person in charge of the vmware from the person who can go in as root on the hardware machines. Just something to think about.

There are some huge problems sometime with actually being able to see the web management interface, sometimes it’s fine other times for some reason it just wont display.

Chrome, any browser on mac os, possibly opera are all useless for using the console in the wmi because the plugin won’t work. It has to be firefox or IE in either linux or windows.

There’s also the problem that when installing linux (ubuntu in my case, I don’t know if it’s specifically that) and using the console to do it from a linux machine (so you have vmware installed on $host, you’re trying to install $guestos onto $guest from $workdesktop) that some of the keys don’t get recognised, up, down, left, right, page up etc are all unusable, which is a pain when trying to select options.

fin

Tags: install, linux, server, ubuntu, vmware, vmware server 2

unit tests for PECL extensions and how to make them work

Recently I’ve been installing a few PECL extensions, I dev on Snow Leopard which is PHP 5.3 but my colod server is Ubuntu 8.04 LTS which is PHP 5.2, so being me I ignored the various warnings on the sqlite3 page of php.net ( Note: This extension was briefly a PECL extension but that version is only recommended for experimental use. ).
I managed to get the extension installed fine ( phpize, ./configure, sudo make, sudo make install )

wget http://pecl.php.net/get/sqlite3-0.6.tgz
tar xvzf sqlite3-0.6.tgz
cd sqlite3-0.6/
phpize
./configure
sudo make
sudo make install

Now the last line for make install asks you kindly to “Don’t forget to run ‘make test’.”
So let’s do that
Lots of output
Read more…

Tags: pecl, php, sqlite3, ubuntu

istat server monitoring via iphone

So last night I decided that with my shiny new iPhone I was gonna check out a few apps for monitoring servers, obviously running my own server and a few VMs on it monitoring it is very important (but until now has basically been me checking top/free etc when I remember and getting an email if any vm doesn’t respond for a preset time).
I knew the company that produced istat pro (a mac os widget for monitoring your local system) had something so I decided to give that a try, cunningly named istat. £0.60 spent at the app store and I was sorted, it was easy enough to set up monitoring my mac book from the iphone when on the same wifi (it does it via bonjour) but a little trickier to setup the port forwarding on my airport base station (yes I’m an extreme Apple user now, but not an evangelist of Apple so I get to avoid the fanboi name tag, at least that’s what I tell myself). After checking I could still monitor my mac book via 3G it was time to move on to the servers.
Now the company the produces the istat monitoring app and istat pro (islayer aka bjango) doesn’t officially have a daemon for running on *nix, but some kind soul had created one which bjango links to from their home page, called istatd (istats daemon, geddit?) which is available via google code.

Read more…

Tags: iphone, monitoring, server

PHP and PECL Extensions on Snow Leopard

This is a quick post that I could possibly come back and improve later

This is based on something being in a users home dir/sites/ directory.
Although it doesn’t really matter for a cli script
So we have
/Users/gabriel
/Users/gabriel/Sites
/etc/apache2/users/gabriel.conf
is the conf file for the vhost in your user dir which you shouldn’t really have to worry about, but always good to know where it is.

sudo nano /etc/apache2/httpd.conf

uncomment the php line that is found in here, I also uncommented the fastcgi line after it for kicks

sudo apachectl restart

And that’s you sorted for php on apache, note this is php5.3 on apache 2.2.13

For this I’m installing the runkit PECL extension “For all those things you…. probably shouldn’t have been doing anyway….”
We need to install the sex that is xcode, grab the latest one from the Apple Developer Connection website http://developer.apple.com/tools/xcode/

We have svn installed already so grab a copy of it, http://svn.php.net/repository/pecl/runkit/trunk/ is the repo and http://svn.php.net/viewvc/pecl/runkit/trunk/ is the fancy human readable version

svn checkout http://svn.php.net/repository/pecl/runkit/trunk runkit
cd runkit
phpize
./configure
sudo make
sudo make install

and we’re nearly done!
I couldn’t find a default php.ini and a simple phpinfo(); seems to indicate there isn’t one, so we:

sudo cp /etc/php.ini.default /etc/php.ini
sudo nano /etc/php.ini

find the long list of commented out modules
and add

extension=runkit.so

Quit and save and

sudo apachectl restart

you don’t really need todo that since you’re probably using it in cli but it’s fun to do anyway

Tags: howto, mac os x, pecl, php, snow leopard