Hi All,
The other day I was asked to create a proxy. But not just any proxy. A proxy that could handle content and that could forward on and return login requests to a 3rd party.
Ok. So that bit was new. They have just asked me to configure a tiny Content Delivery Network.
So first things first. I cracked out the 12.04 server version of Ubuntu, installed it, configured it then installed Apache.
Nice and easy.
The reason why I chose Ubuntu over the other Linux builds is that the way Ubuntu package Apache makes it really, really easy to configure. I'm not going to go into which flavour of Linux is the best, neither do I care. This is because I AM A GROWN UP.
On with the show!
So you will need some bits and pieces to go with Apache. You will need the proxy, proxy_http and headers mods. You can install these by typing the following as root (or sudo):
a2enmod proxy
a2enmod proxy_http
a2enmod headers
Again, this is really easy stuff.
Now we have our mods installed lets go and configure something. First make sure that Apache is working.
sudo service apache2 restart
then point a browser at your server. You should get an 'It's Worked!' message.
Now for the config.
Go to /etc/apache2/sites-enabled
now use a text editor to edit 000-default.
Here is my config:
ProxyPreserveHost On
ProxyVia full
<proxy>
Order deny,allow
Allow from all
</proxy>
ProxyPass / http://xxx.xxx.xxx.xxx:8888/
ProxyPassReverse / http://xxx.xxx.xxx.xxx:8888/
Header edit location 192.168.1.2 192.168.1.2:81
Let's go through this bit by bit.
ProxyPreserveHost....this preserves the host IP in the headers
ProxyVia full...Adds the Via tag to the outgoing headers so we can see where the request came from
The next bit is the permissions for the proxy. Configure the permissions in this as if it was a website. Don't dump your proxy onto the internet with the settings above. It's not secure. This is instructions on how to make a proxy, not to make a secure proxy.
No we're into the fun bit.
ProxyPass / http://whateverIPorSite.com/
This makes incoming connections proxy out to whatever the target is.
ProxyPassReverse / http://whateverIPorSite.com/
This makes returning connections proxy back correctly
That is basically a proxy right there. It'll work. Restart Apache, point your browser at it and it'll work.
Now let's have some fun.
I have an authentication server somewhere up stream. It's a 3rd party service. My clients need to authenticate with that before getting the content they want. there are 2 streams to this. The authentication stream and the content stream. to make my life easier I decided that I would use 2 ports. Port 80 would handle authentication with the 3rd party provider and 81 would serve the content. to that end I created a new site on port 81 and put the content on it. Now we need to address that Header edit location line up there.
When you authenticate your 3rd party it should return a 302, in that return code you will get a header called "Location" this is where content is due to be served from. When you have a 3rd party site handling your authentication you don't necessarily want to download your content from them. You'd rather use Akamai or something. This means rewriting the header at the proxy, before it gets back to the client.
In my case I needed to change the port number. First the command:
Header edit Location
This tells the mod I want to edit one of the returning headers called Location.
Next I have: 192.168.1.2 192.168.1.2:81
What this does is tell the mod to replace the IP of the server, with the IP and the new port of the server. When the client gets the location header, it will pop off and download it from this source rather than the 3rd party authorisation provider.
Thats about it. Questions below.
thanks for reading.
Tuesday 25 September 2012
Tuesday 28 August 2012
CPU Load Tester - Yahtzee
Hi All,
Bit of a weird one this.
I wanted a CPU load tester and I didn't want to use one of the ones online. It should be fairly easy to write one that can heat up a CPU.
Question is what?
Prime numbers are normally good, but that's been done. So I went with Yahtzees.
2 reasons for this:
1. The maths is pretty cool
2. I've been watching the Numberphile videos on youtube and the subject is raging over there.
Here is the code for my Yahtzee counter:
#!/usr/bin/perl
use strict;
my $randnum;
my $dice1;
my $dice2;
my $dice3;
my $dice4;
my $dice5;
my $dice6;
my $yahtzee;
my $checker;
my $rollcount;
my $checknum;
my $result;
my $yahtzeeswanted = 10;
my $dicesides = 6;
my @dice;
sub numbergen {
my $range = 6;
return int(rand($range)) + 1;
}
sub rollcount {
$rollcount++;
#print "Rollcount: $rollcount \n";
}
sub yahtzee() {
$yahtzee++;
@dice[$_[0]]++;
#print "Number of yahtzees: $yahtzee \n";
}
while ($yahtzee < $yahtzeeswanted){
$checker = 0;
rollcount;
$dice1 = numbergen();
$dice2 = numbergen();
$dice3 = numbergen();
$dice4 = numbergen();
$dice5 = numbergen();
$dice6 = numbergen();
while ($checker <= $dicesides){
$checker++;
if ($dice1 == $checker && $dice2 == $checker && $dice3 == $checker && $dice4 == $checker && $dice5 == $checker && $dice6 == $checker){
&yahtzee($checker);
}
}
}
print "Sided Dice: $dicesides \n";
print "Rollcount: $rollcount \n";
print "Number of yahtzees: $yahtzee \n";
print "Number of 1's: @dice[1] \nNumber of 2's: @dice[2] \nNumber of 3's: @dice[3] \nNumber of 4's: @dice[4] \nNumber of 5's: @dice[5] \nNumber of 6's: @dice[6]\n";
#print "$dice1 $dice2 $dice3 $dice4 $dice5 $dice6 \n";
If you take a look at the code you will see there are 2 declarations, one is for the number of yahtzees you want to generate, the other is for the number of sides you want your dice to have.
Have a play, and thanks for reading
Monday 21 May 2012
VMWare - THE AUDITORS ARE COMING!
Hi All,
The Auditors are coming!
Here are 2 handy scripts for you to run against your VMWare database. Written for Oracle, but willprobably work for MSSQL too.
This one, returns the OS type and name of a virtual machine, and the host it runs on:
This one returns build version, name, boot-time and some blank and prefilled columns (because of the spreadsheet we had to use) You will need to replace [VCNAME] with your Virtual Center name. Funny that
Some useful tables/views:
Tables:
vpx_lic_licenses
vpx_lic_assets
vpx_lic_context
vpx_vm
vpx_host
Views:
vpxv_hosts
Thanks for reading,
The Auditors are coming!
Here are 2 handy scripts for you to run against your VMWare database. Written for Oracle, but will
This one, returns the OS type and name of a virtual machine, and the host it runs on:
select v.DNS_name, h.dns_name, v.guest_osfrom vpx_vm vinner join VPX_HOST h on h.id = v.host_idwhere v.DNS_NAME is not nullorder by h.dns_name;
This one returns build version, name, boot-time and some blank and prefilled columns (because of the spreadsheet we had to use) You will need to replace [VCNAME] with your Virtual Center name. Funny that
select l.product_name, l.edition_name, l.product_version, '', h.boot_time, h.name, '[VCNAME]', '', '', 'Production', 'Location', '', '', '', '', h.cpu_core_count / h.cpu_count, h.cpu_count, h.product_name from vpx_lic_assets aThis should help with the most basic questions. Other people want more, or less info.
inner join vpx_lic_context c on a.asset_id = c.asset_id
inner join vpx_lic_licenses l on c.license_id = l.license_id
inner join vpxv_hosts h on a.name = h.dns_name;
Some useful tables/views:
Tables:
vpx_lic_licenses
vpx_lic_assets
vpx_lic_context
vpx_vm
vpx_host
Views:
vpxv_hosts
Thanks for reading,
Install and configuration of SRM 4.1
Hi All,
Configuration of SRM:
For the initial config of SRM, I installed it onto the same server as the Virtual Center. I am only supporting 25 VMs at these early stages. I won't cover the installation procedure here as its a piece of cake, what I will say is that you need to set up your database, login and you will also need to go into ODBC and set up your database connection before running setup.
Once this has been done, log into your virtual center server through the client.
Click on plugins, then install the vCenter Site recovery manager extension.
I'm going to take you into the GUI for this so you can see what needs configuring.
Once it has installed, you will have another tree under "Solutions and Applications"
Go into Site recovery.
First things first then.
Create a new user on the SRM (live site) server.
I did this simply by creating a local user on the VC server. If you have a seperate SRM server, you'll need to create a domain account. It will need full admin priviledges on VMware though.
Create a new user on the SRM (DR/Failover) server. Same as above.
Go into the site recovery manager, click on "Site Recovery" on the tree view on the left hand side.
In the main pane, under "Protection Setup", click configure.
Follow the prompts. All you are doing is putting the user accounts in that you set up above.
Once that is done, you should notice that the local site and paired site boxes are populated. If they aren't, something has gone wrong.
Next step:
Array managers. Storage, basically.
Once they are installed restart the SRM services.
Back to the Vsphere client.
Click the configure button next to array managers
Click Add
fill in the IP address details and the username and password for your primary storage.
It will refresh and you should see the array ID and the device count. (device count is the number of luns or presented storage from that device.)
Add all your storage arrays like that, then hit next.
Same again, this time adding your secondary (DR) sites storage username and password
press next and this should show you a list of all replicated data stores. If you have replication switched on, you should get a list of datastores. Hit Finish.
Nearly there!
Inventory Mappings - hit configure.
Here is where you map you current live directories/networks/clusters etc... to the DR site resources. Easy enough done if you map things the same either side.
Protection Groups.
First thing you need to do, is to go onto your DR storage and present a small LUN where you can put your placeholder data files for all your protected machines. Then go back to the VClient
Click Create to create a protection group
This is volume based VM protection groups, so choose your volume
Choose where to put your placeholder data files (you're new lun would be great)
then click finish.
You're done. Now its time to create a basic plan. Plans are always created on the secondary or DR side.
Test networks. Right, if you run the test plan, then SRM will either create "fake" vswitches, or you can make it do the "real" networking. Map the networks to the correct type here. Auto means create a non-uplinked test switch.
Suspend local VMs - if your secondary site hosts test or development machines, they rank below production machines that are going through DR process. You can configure SRM to suspend these machines, releasing those resources.
Click finish.
Want to test it?
Choose a recovery plan in the tree view on the left.
Under the summary tab you can see some buttons.
Click Test.
There you go, all done.
If you want to see what its doing, log into another client session.
On your original session drive SRM from the recovery steps tab.
Click it and click the test button (top left)
Now you can see what steps its got to. On your second session you can see what the machines are doing.
There you have it.
Basic failover in SRM.
Thanks for reading
Configuration of SRM:
For the initial config of SRM, I installed it onto the same server as the Virtual Center. I am only supporting 25 VMs at these early stages. I won't cover the installation procedure here as its a piece of cake, what I will say is that you need to set up your database, login and you will also need to go into ODBC and set up your database connection before running setup.
Once this has been done, log into your virtual center server through the client.
Click on plugins, then install the vCenter Site recovery manager extension.
I'm going to take you into the GUI for this so you can see what needs configuring.
Once it has installed, you will have another tree under "Solutions and Applications"
Go into Site recovery.
- You need to provide a login for the local (primary) site and the paired site (DR)
- You also need to create a connection between the 2 sites
- You need to provide a driver and login details for your Storage device.
- Inventory mappings are source folders/datacenters and destination datacenters/resource groups
- Protection Groups are bunches of machines carved up into lumps. The lumps depend on various things like OLAs, applications, server teams and other logical groups
First things first then.
Create a new user on the SRM (live site) server.
I did this simply by creating a local user on the VC server. If you have a seperate SRM server, you'll need to create a domain account. It will need full admin priviledges on VMware though.
Create a new user on the SRM (DR/Failover) server. Same as above.
Go into the site recovery manager, click on "Site Recovery" on the tree view on the left hand side.
In the main pane, under "Protection Setup", click configure.
Follow the prompts. All you are doing is putting the user accounts in that you set up above.
Once that is done, you should notice that the local site and paired site boxes are populated. If they aren't, something has gone wrong.
Next step:
Array managers. Storage, basically.
- Set up your LUNs and your snapmirrors/data protection transfers/remote clones, whatever your storage vendor wants to call it this week. This needs to be done first as when we get to the next bit it scans your storage to get this information. If you don't do this bit first, you'll have to run the same scan again and depending on the number of luns, you could be sat there for quite some time.
- You will need to provide a user account for both the live and DR sides of your storage arrays. It will need to ability to snapclone a replicated lun (for testing) and to break a mirrored volume, delete a volume etc... pretty low level stuff.
- Pop onto the vmware website and search for your storage vendors driver for SRM. Download the right ones for you (either block or CIFS or both) and copy it to your SRM server. They should come as MSI packages, or self-installing executables so run them.
Once they are installed restart the SRM services.
Back to the Vsphere client.
Click the configure button next to array managers
Click Add
fill in the IP address details and the username and password for your primary storage.
It will refresh and you should see the array ID and the device count. (device count is the number of luns or presented storage from that device.)
Add all your storage arrays like that, then hit next.
Same again, this time adding your secondary (DR) sites storage username and password
press next and this should show you a list of all replicated data stores. If you have replication switched on, you should get a list of datastores. Hit Finish.
Nearly there!
Inventory Mappings - hit configure.
Here is where you map you current live directories/networks/clusters etc... to the DR site resources. Easy enough done if you map things the same either side.
Protection Groups.
First thing you need to do, is to go onto your DR storage and present a small LUN where you can put your placeholder data files for all your protected machines. Then go back to the VClient
Click Create to create a protection group
This is volume based VM protection groups, so choose your volume
Choose where to put your placeholder data files (you're new lun would be great)
then click finish.
You're done. Now its time to create a basic plan. Plans are always created on the secondary or DR side.
- Point your VClient at your secondary VC and login.(oh quick stop here....look at all those machines!!! Don't turn them on, they are placeholders)
- Click solutions and Applications -> Site Recovery
- Click recovery plans. (we'll just do a very, very basic one. Although if your secondary and primary sites match exactly, this plan would be amazing for you)
- Click create
- Give it a name click next.
- Choose a Protection Group
- Click next - Leave the timeouts as default as we won't be doing either.
Test networks. Right, if you run the test plan, then SRM will either create "fake" vswitches, or you can make it do the "real" networking. Map the networks to the correct type here. Auto means create a non-uplinked test switch.
Suspend local VMs - if your secondary site hosts test or development machines, they rank below production machines that are going through DR process. You can configure SRM to suspend these machines, releasing those resources.
Click finish.
Want to test it?
Choose a recovery plan in the tree view on the left.
Under the summary tab you can see some buttons.
Click Test.
There you go, all done.
If you want to see what its doing, log into another client session.
On your original session drive SRM from the recovery steps tab.
Click it and click the test button (top left)
Now you can see what steps its got to. On your second session you can see what the machines are doing.
There you have it.
Basic failover in SRM.
Thanks for reading
Thursday 19 January 2012
Solaris and ZFS Including ISCSI target recovery
Hi all,
I had a rough day the other day. I was using Nexentastor to present iscsi storage to my VM Test Environment, and the repository.db file became corrupt. After a reboot the server failed to boot. At all.
I don't like Nexenta. The GUI, its main selling point, keeps crashing and I have a lack of faith in it. So I thought I'd give Solaris 11 a punt. Here is how I recovered my ZFS luns and presented them.
First, install Solaris. This is a piece of cake, just make sure you don't install solaris on disks being used by your ZFS volumes.
Once you have your OS up and running, sort your networking out. I installed the Gnome version so I did this using the GUI tool. I will cover aggregates and command line networking in another post.
If your storage is DAS based, ie its directly attached to your Solaris server, and you have more than 15 SAS disks and you can't see the others, you will need to modify one of the OS files and reboot.
The filename is /kernel/drv/sd.conf
You should see lines like this:
name="sd" class="scsi" target=16 lun=0;
Add more lines for the number of disks you have, incrementing for each line, save and reboot.
Next thing is to rescue your ZFS volumes.
Running zpool import will scan all your disks and report back on the volumes it has found. It won't import them. to actually import them run this command:
To see your imported pool type
zpool list -L
I have 3 pools, 3 volumes, 1 per pool. When I did mine, I only "rescued" one volume or pool at a time, then presented them, then did the next one. You can do yours however you want.
Next thing is to install the iscsi target software. If you are hiding behind a proxy, the easiest way of doing this is to open a terminal, then do this as root:
export http_proxy=http://username:password@yourproxy.fqdn:portnum
Then run the following:
pkg install storage-server SUNWiscsitr
Once it has installed, we can start presenting volumes. First off, we need to identify the shares. You should know what they were called. Run this command:
sbdadm import-lu /dev/zvol/rdsk/[Volumename]/[sharename]
That will import your lun. Then run:
sbdadm list-lu
This will list your luns. The number you will need is the GUID so copy it and get ready to paste.
Run this command:
stmfadm add-view [GUID]
This will share your iscsi lun with every device but also from every IP on your solaris server. This is fine for me, you may need to lock it down. I haven't investigated this as I don't need it.
Next you need to create the target process itself. Run these 2 commands to complete the storage side config:
svcadm -l target
itadm create-target
check it with:
itadm list-target
Thats you done, sort your initiators out now on your other servers. I haven't covered creating new volumes, luns or whatever. I'm hoping you find this article when you are in the shit and need some quick answers!
Thanks for reading,
Trev
I had a rough day the other day. I was using Nexentastor to present iscsi storage to my VM Test Environment, and the repository.db file became corrupt. After a reboot the server failed to boot. At all.
I don't like Nexenta. The GUI, its main selling point, keeps crashing and I have a lack of faith in it. So I thought I'd give Solaris 11 a punt. Here is how I recovered my ZFS luns and presented them.
First, install Solaris. This is a piece of cake, just make sure you don't install solaris on disks being used by your ZFS volumes.
Once you have your OS up and running, sort your networking out. I installed the Gnome version so I did this using the GUI tool. I will cover aggregates and command line networking in another post.
If your storage is DAS based, ie its directly attached to your Solaris server, and you have more than 15 SAS disks and you can't see the others, you will need to modify one of the OS files and reboot.
The filename is /kernel/drv/sd.conf
You should see lines like this:
name="sd" class="scsi" target=16 lun=0;
Add more lines for the number of disks you have, incrementing for each line, save and reboot.
Next thing is to rescue your ZFS volumes.
Running zpool import will scan all your disks and report back on the volumes it has found. It won't import them. to actually import them run this command:
zpool import -f [poolname]
To see your imported pool type
zpool list -L
I have 3 pools, 3 volumes, 1 per pool. When I did mine, I only "rescued" one volume or pool at a time, then presented them, then did the next one. You can do yours however you want.
Next thing is to install the iscsi target software. If you are hiding behind a proxy, the easiest way of doing this is to open a terminal, then do this as root:
export http_proxy=http://username:password@yourproxy.fqdn:portnum
Then run the following:
pkg install storage-server SUNWiscsitr
Once it has installed, we can start presenting volumes. First off, we need to identify the shares. You should know what they were called. Run this command:
sbdadm import-lu /dev/zvol/rdsk/[Volumename]/[sharename]
That will import your lun. Then run:
sbdadm list-lu
This will list your luns. The number you will need is the GUID so copy it and get ready to paste.
Run this command:
stmfadm add-view [GUID]
This will share your iscsi lun with every device but also from every IP on your solaris server. This is fine for me, you may need to lock it down. I haven't investigated this as I don't need it.
Next you need to create the target process itself. Run these 2 commands to complete the storage side config:
svcadm -l target
itadm create-target
check it with:
itadm list-target
Thats you done, sort your initiators out now on your other servers. I haven't covered creating new volumes, luns or whatever. I'm hoping you find this article when you are in the shit and need some quick answers!
Thanks for reading,
Trev
Subscribe to:
Posts (Atom)