nareshovの日記

(TL note: nareshov's diary)

Archive for the ‘Software’ Category

OpenVZ on a Softlayer managed server

leave a comment »

A post to record list of changes that were made to the configuration to get networking to work within the VZ containers on a managed hardware node.

Softlayer provisions CentOS machines with two bonded network interfaces: bond0 connected to their private network and bond1 to the public. We got a “portable” private network subnet and got them converted to “routed to subnet” so that all IPs in that subnet are usable (instead of 3 of them getting reserved into a broadcast IP, gateway IP and broadcast IP).

OpenVZ sends ARP requests when it’s trying to initialise a container and the interface to which the requests are to be sent has to be explicitly specified in this multi-network case. So, fix the NEIGHBOUR_DEVS variable in /etc/vz/vz.conf before you pick IPs from your portable subnet pool and start assigning it to your containers.

With that, you should be able to ping these containers from other nodes in your primary private subnet and vice versa. But you won’t be able to ping public IPs from within the containers yet. This doesn’t require you to assign public IPs to the containers too. A NAT rule on the host node should fix this: iptables -t nat -A POSTROUTING -o bond1 -j MASQUERADE

Took me a while to recall/realise that the lack of ARP requests in SL’s network was necessary. The NAT rule was something I found later on on the internet.

Advertisements

Written by Naresh

April 19, 2012 at 4:04 pm

Posted in LAN, Software

UCARP for IP failover on CentOS 6

with one comment

At $work – 1, I’ve been familiar with the spread + wackamole combo to float and failover two IPs amongst two hosts.

A typical use-case is when we have a couple (or more) web servers independent of each other (say, webmail web servers: webmail.mydomain.com), I’d add multiple A records for the same domain so that DNS resolution happens in a round-robin manner at the client’s end. i.e.,

dig +short webmail.mydomain.com
184.xx.yy.154
184.xx.yy.155

The client uses the first IP it gets during resolution and as the number of clients that are resolving your domain (and making HTTP requests) grow, you’ll start seeing a more or less equitable distribution of HTTP requests hitting each of your hosts.

These IPs are meant to float and be handled by your spread/wackamole tools. (i.e., they’re not hard-configured into network config files like permanent configs: i.e. /etc/sysconfig/networking/ifcfg-*). Say, the .154 IP was on host A and .155 on host B, host B goes down, spread daemon on host A detects that host B isn’t responding to "are you alive?" requests and instructs wackamole daemon on host A to take over the IP that host B had (.155). Sometimes – depending on the router in your environment – one might have to send a gratuitous ARP packet to the router and hook this up with wackamole’s "post-up" action.

This post is about how I couldn’t find usable RPMs for spread/wackamole (and was in a time crunch to shave that yak) and looked for an alternative.

Pacemaker and Keepalived are known entities in the market. So is UCARP (as userland implementation of BSD’s CARP for Linux). Being on a time crunch and noticing how the former options seemed a little complex at first sight, I settled on deploying UCARP.

The configurations on the Internet typically show how one IP is floated around between two hosts. Now this doesn’t let me have DNS-based round-robin’d "load" balanced incoming requests. So here’s how I configured UCARP on host A (assuming you have installed from EPEL repo as `yum install ucarp’):

[root@web02-dal07 nvenkateshappa]# cat /etc/ucarp/vip-001.conf
# Virtual IP configuration file for UCARP
# The number (from 001 to 255) in the name of the file is the identifier

# In the simple scenario, you want a single virtual IP address from the _same_
# network to be taken over by one of the routers.
ID="001"
VIP_ADDRESS="184.xx.yy.154"
PASSWORD="love"
BIND_INTERFACE="eth1"
SOURCE_ADDRESS="184.xx.yy.179"

# In more complex scenarios, check the "vip-common" file for values to override
# and how to add options.

And on host B:

[root@web01-dal07 nvenkateshappa]# cat /etc/ucarp/vip-001.conf
# Virtual IP configuration file for UCARP
# The number (from 001 to 255) in the name of the file is the identifier

# In the simple scenario, you want a single virtual IP address from the _same_
# network to be taken over by one of the routers.
ID="001"
VIP_ADDRESS="184.xx.yy.154"
PASSWORD="love"
BIND_INTERFACE="eth1"
SOURCE_ADDRESS="184.xx.yy.180"
OPTIONS="--shutdown --preempt --advskew=10"

# In more complex scenarios, check the "vip-common" file for values to override
# and how to add options.

The above vip-001.conf on the two hosts is for managing the first floating IP, and the following are for the second: vip-002.conf

Copy over the same configs on each host, change ID to 002, VIP_ADDRESS to 184.xx.yy.155 and swap the OPTIONS line.

The –advskew option (advertisement skew) is what gives a sense of affinity for your virtual IPs.

Let me know in what other interesting use-cases you’ve used UCARP in.

Written by Naresh

December 22, 2011 at 1:00 pm

Posted in Software

rpmbuild behaviour: CentOS5 vs. CentOS6

with 2 comments

Those of you who’ve tried building RPMs for c5 on a c6 machine might’ve faced the symptoms described in http://samixblog.blogspot.com/2011/11/yum-errno-3-error-performing-checksum.html

The cause seems to involve a couple of things: 1. c6 having adopted a stronger file digest algorithm (sha256 as opposed to md5 in c5) and 2. compressing the payload with xz (as opposed to nothing in c5).

This is easily remedied by passing relevant options to `rpmbuild’ and `createrepo’.

If you’re using fpm in your CI, you can now append the following to your fpm command invocation:

--rpm-rpmbuild-define '_source_filedigest_algorithm md5' \
--rpm-rpmbuild-define '_binary_filedigest_algorithm md5' \
--rpm-rpmbuild-define '_source_payload nil' \
--rpm-rpmbuild-define '_binary_payload nil' \

And invoke createrepo as `createrepo -d -s sha1 –update /path/to/rpms/for/c5′

UPDATE (2012-04-23):

fpm now supports quick shortcuts to the above:

% fpm --help
[...]
--rpm-digest sha512|md5|sha384|sha256|sha1 (rpm only) Select a digest
algorithm. md5 works on the most platforms. (default: "md5")
--rpm-compression xz|gzip|bzip2 (rpm only) Select a compression method.
gzip works on the most platforms. (default: "gzip")

Written by Naresh

December 22, 2011 at 12:24 pm

Posted in Software

On Oracle, Sun and Google

with one comment

I haven’t had the opportunity nor the inclination to use software from either of these corporations for longer durations of time. Java was my first real programming language at college and I did very little of it. Never have I touched an Oracle database, nor have I had stories to tell of Solaris or Opensolaris as much as I’ve told stories about Gentoo or OpenSuse on this blog.

Yesterday’s news about Oracle planning to put Opensolaris to rest wasn’t as much of shocker as it was a late announcement.

The other news about Oracle trying to sue Google for Java is a little, what should I say, not completely serious?

Oracle seriously suing Google or what?

Written by Naresh

August 14, 2010 at 2:12 pm

Posted in Software, Worldly Matters

Tagged with , , ,

On (Adobe) Flash

with 3 comments

I despise it.

Being a Linux user for a while now, there have been very few instances when I haven’t cursed Flash for what it is. An abomination on the web. I have not investigated whom exactly to blame here – the list of shared objects in `ldd /usr/lib/flashplayer-mozilla/libflashplayer.so` or the actual shit that’s in libflashplayer.so or the browser’s interface with this blob.

Awesome Web 2.0(tm) sites such as slideshare use it and trying to view a presentation fullscreen is more painful than watching your laptop die due to overheating. I’ve given up on watching youtube on the browser too. These days I wait for the video content to load into /tmp and play Flash* file with dear old mplayer. Such is life. Can’t wait to get my copy of Windows 7 license now.

Yes, I’m beating a dead horse here but I post this at the backdrop of the news of Mr. Jobs having announced that the iPad(sic) isn’t going to have Flash on it. I don’t know if I’m ever going to use this piece of locked hardware ever – maybe it’s useful in the hospitals – but the “no-flash” stance makes me happy.

I sincerely hope that HTML5 and related bling really does take off and take Flash off of my laptop.

Written by Naresh

February 6, 2010 at 11:43 pm

Posted in Software

Tagged with , , , ,

On resizing filesystems and LVM2 logical volumes

leave a comment »

I’ve been using Debian squeeze/sid for a while now (with apt-pinning) and for the past few days I’ve been facing the “no space left to write” problem. I used the default LVM2-based disk partitioning scheme offered by the Debian installer. I thought it was okay to have a 6.5G root partition and the rest for the swap and my home partitions. Looks like 6.5G wasn’t enough for me. And the root and home partitions used the ext4(!) file-systems.

Now, here’s how you go about reducing your home’s size and increasing your root’s size.

  1. Reduce the filesystem size of the partition which has enough free space to spare using resize2fs.
  2. Then reduce the logical volume in which this filesystem resides using lvreduce.
  3. Now extend the logical volume in which the “starving” filesystem resides  using lvextend by the same amount you used in step 2.
  4. Then simply issue resize2fs /dev/VGNAME/LVNAME which should simply fill up the unallocated space in the logical volume it resides.
  5. (optional), if your reduced filesystem doesn’t mount due to a block-size mismatch, e2fsck it and apply step 4. to it.

Glad that it all worked out fine. I didn’t have to use a live cd to do this (was too lazy for that anyway). I dropped into a vt, unmounted my home (which has the “important” data) and performed steps 1 and 2 on it. My root was still mounted while I did steps 3 and 4 on it.

Written by Naresh

November 13, 2009 at 12:41 pm

Posted in Linux/BSD

Tagged with , , , , ,

Playing with LISP on Debian Squeeze

with 2 comments

I haven’t looked up at how you play with LISP using Vim. Not really interested either since I’m committed to Emacs *rolls eyes*.
So, assuming you’ve already done aptitude install emacs23, Let’s go ahead and aptitude install sbcl cl-asdf slime. When in doubt aptitude show sbcl or aptitude show cl-asdf.

My motivation for this post in the first place was to document the quirks with the installation I was facing last night. If you happen to notice the following with the above aptitude install:

Setting up cl-asdf (1:20090819-3) ...
Reinstalling for sbcl
Recompiling Common Lisp Controller for sbcl
/usr/lib/common-lisp/bin/sbcl.sh loading and dumping clc.
; loading system definition from /usr/lib/sbcl/sb-grovel/sb-grovel.asd into
; #
; registering # as SB-GROVEL
;
; compilation unit aborted
; caught 1 fatal ERROR condition

Error running init-common-lisp-controller-v4: Lock on package SB-IMPL violated
when interning NATIVE-FILE-KIND.
See also:
The SBCL Manual, Node "Package Locks"
mv: cannot stat `sbcl-new.core': No such file or directory
FAILED

Done rebuilding
Setting up cl-swank (1:20090908-1) ...
Setting up emacs (23.1+1-4) ...
Setting up sbcl (1:1.0.25.0-1) ...
/usr/lib/common-lisp/bin/sbcl.sh loading and dumping clc.
; loading system definition from /usr/lib/sbcl/sb-grovel/sb-grovel.asd into
; #
; registering # as SB-GROVEL
;
; compilation unit aborted
; caught 1 fatal ERROR condition

Error running init-common-lisp-controller-v4: Lock on package SB-IMPL violated
when interning NATIVE-FILE-KIND.
See also:
The SBCL Manual, Node "Package Locks"
mv: cannot stat `sbcl-new.core': No such file or directory
FAILED

Your slime setup isn’t going to be functional. Fret not. Read on.

From Debian BTS bug #549528

=======BEGIN PATCH===================
--- /usr/share/common-lisp/source/common-lisp-controller/post-sysdef-install.lisp.orig 2009-10-21 14:42:00.000000000 -0400
+++ /usr/share/common-lisp/source/common-lisp-controller/post-sysdef-install.lisp 2009-10-21 14:40:59.000000000 -0400
@@ -61,7 +61,7 @@
#+sbcl
(defun get-owner-and-mode (directory)
(when (eq :directory
- (sb-impl::native-file-kind (namestring directory)))
+ (sb-impl::unix-file-kind (namestring directory)))
;; check who owns it
(multiple-value-bind (res dev ino mode nlink uid gid rdev size atime mtime)
(sb-unix:unix-stat (namestring directory))
=======END PATCH=================

Followed by,

dpkg-reconfigure cl-asdf
dpkg-reconfigure sbcl

Append the following to your .emacs, if you haven’t already.
;; Slime
(add-to-list 'load-path "/usr/share/common-list/source/slime/")
(setq inferior-lisp-program "/usr/bin/sbcl")
(require 'slime)
(slime-setup)

And your Emacs is ready to roll.

Written by Naresh

November 8, 2009 at 10:57 pm

Posted in Emacs, Linux/BSD, Software

Tagged with , , , , , ,