2010年12月6日月曜日
Nginx (Load balancer)
I installed Nginx on Debian. I’ve written the installation document below. Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
= Nginx Load balancer on Debin
> aptitude install nginx
> vi /etc/nginx/sites-enabled/default
## ADD upstream for load balancer ##
upstream backend {
server 192.168.0.10 weight=5;
server 192.168.0.11 weight=2;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/localhost.access.log;
location / {
#root /var/www/nginx-default; ##comment out
#index index.html index.htm; ##comment out
proxy_pass http://backend; ##ADD
}
> /etc/init.d/nginx restart
= Nginx Load balancer on Debin
> aptitude install nginx
> vi /etc/nginx/sites-enabled/default
## ADD upstream for load balancer ##
upstream backend {
server 192.168.0.10 weight=5;
server 192.168.0.11 weight=2;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/localhost.access.log;
location / {
#root /var/www/nginx-default; ##comment out
#index index.html index.htm; ##comment out
proxy_pass http://backend; ##ADD
}
> /etc/init.d/nginx restart
Windows Domain Auth with LDAP,LDAP Replication + SAMBA,PDC,BDC
I installed Windows Domain Auth with LDAP,LDAP Replication + SAMBA,PDC,BDC. I’ve written the installation document below. Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
Windows認証 (LDAP,LDAP Replication + SAMBA,PDC,BDC) on Debian
ホスト設定
vim /etc/hosts
127.0.0.1 ldap1.com #
192.168.24.71 ldap1.com mail.ldap1.com
192.168.24.72 ldap2.com mail.ldap2.com
以下PDCのみのLDAPとSAMBA設定
以下インストール
aptitude install slapd ldap-utils libldap-dev
aptitude install samba smbclient swat smbldap-tools samba-doc
aptitude install migrationtools
zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema
以下で得たMD5をslapd.confのrootpwに適用する。
ldap1:/etc/ldap# slappasswd -s PASSWORD -h {MD5}
{MD5}MZ9NJuPFNrXdhxuyxS4xeA==
vim /etc/ldap/slapd.conf
include /etc/ldap/schema/samba.schema #add
suffix "dc=ldap1,dc=com" #change
rootdn "cn=admin,dc=ldap1,dc=com" #change
rootpw {MD5}k3pcIXcHEYMlTicw3RGw7w== #add
#検索用
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# アクセス制限 他のaccessはコメントアウト
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by self write
by dn="cn=admin,dc=ldap1,dc=com" write
by anonymous auth
by * none
access to *
by dn="cn=admin,dc=ldap1,dc=com" write
by self write
by * read
以下設定、ldapsearchで見るLDAP、BDCを設定する場合は以下をBDCのLDAPに向ける。
vim /etc/ldap/ldap.conf
BASE dc=ldap1, dc=com #change
URI ldap://ldap1.com #change
LDAP起動
/etc/init.d/slapd restart
以下sambaの設定
vim /etc/samba/smb.conf
[global]
workgroup = MYDOMAIN
dos charset = CP932
unix charset = UTF-8
display charset = UTF-8
netbios name = PDC
security = user
domain logons = yes
domain master = yes
local master = yes
os level = 64 #PDCのため値を大きくしておく。BDCはこの数値以下にしておく
preferred master = yes
wins support = yes
logon path =
logon home =
#Sambaのアドミンユーザー
admin users = Administrator
passdb backend = ldapsam:ldap://ldap1.com/
ldap suffix = dc=ldap1, dc=com
ldap admin dn = cn=admin,dc=ldap1,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
# リナックスとWindwosのパスワード同期
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*up
dated*
# windows managerからの変更のため
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
interfaces = 192.168.24.0/24 127.0.0.1 eth0
guest account = nobody
#ログインした際に時間を合わせたりするスクリプト等を置く場所
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
#プロファイル情報格納場所
[profiles]
comment = Users profiles
path = /home/samba/profiles
guest ok = no
browseable = no
create mask = 0600
directory mask = 0700
#[printers]
# comment = All Printers
# browseable = no
# path = /var/spool/samba
# printable = yes
# public = no
# writable = no
# create mode = 0700
#[print$]
# comment = Printer Drivers
# path = /var/lib/samba/printers
# browseable = yes
# read only = yes
# guest ok = no
[homes]
comment = Home Directories
path = %H/samba #change
writable = yes #change
browseable = no
vfs objects = recycle #add ごみ箱設定
recycle:repository = .recycle #add
recycle:keeptree = no #add
recycle:versions = yes #add
recycle:touch = no #add
recycle:maxsize = 0 #add
recycle:exclude = *.tmp ~$* #add
load printers = no #プリンタは不要
disable spoolss = yes
mkdir -p /home/samba/netlogon
mkdir -p /home/samba/profiles
chown -R nobody /home/samba
chmod 1777 /home/samba/profiles
以下でチェック
testparm
既存ユーザーのsambaディレクトリの作成
mkdir /etc/skel/samba
vi mkhomedir.sh
for user in `ls /home`
do
id $user > /dev/null 2>&1
[ $? -eq 0 ] && \
[ ! -d /home/$user/samba ] && \
mkdir /home/$user/samba && \
chown $user:$user /home/$user/samba && \
echo "/home/$user/samba create"
done
sh mkhomedir.sh
vi /etc/cron.weekly/recyclewatch
#!/bin/bash
for user in `ls /home/`
do
if [ -d /home/$user/samba/.recycle ]; then
tmpwatch -f 720 /home/$user/samba/.recycle/
fi
done
chmod +x /etc/cron.weekly/recyclewatch
#プリンターエラーの対応
touch /etc/printcap
/etc/init.d/samba start
SambaとLDAPの認証パスワードの設定ツール
zcat /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz > /etc/smbldap-tools/smbldap.conf
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/smbldap_bind.conf
以下で得たSIDをsmbldap.conに適用
net getlocalsid
vim /etc/smbldap-tools/smbldap.conf
SID="S-1-5-21-3869316386-1369744062-3351931823" #change, get sid from command as "net getlocalsid"
sambaDomain="MYDOMAIN" # change
ldapTLS="0" # change
#verify="require"
#cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem"
#clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem"
#clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"
usersdn="ou=People,${suffix}"
hash_encrypt="CRYPT" #change
#defaultMaxPasswordAge="45"
suffix="dc=ldap1,dc=com" #change
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" #change
userSmbHome="\\PDC\%U" #change
userProfile="\\PDC\profiles\%U" #change
userHomeDrive="Z:" #change ネットワークドライブ名
mailDomain="ldap1.com" #change
上記の項目でslaveLDAPとmasterLDAPはPDCとBDCを設定する場合にはそれぞれのIPを設定しておく
vim /etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=admin,dc=ldap1,dc=com"
slavePw="PASSWORD"
masterDN="cn=admin,dc=ldap1,dc=com"
masterPw="PASSWORD"
LDAPにサンバ初期化登録
smbldap-populate
以下でSambaアドミニストレーターを設定
getent passwd
getent group で アドミンやドメイングループの確認をして以下設定
smbldap-populate -a Administrator -k 998 -m 512
smbldap-passwd Administrator
サンバのアドミンパスワード設定
smbpasswd -w PASSWORD
以下でユーザー登録 -a 追加 -m ディレクトリを作成
smbldap-useradd -a -m sakai PASSWORD
smbldap-passwd sakai
ディレクトリごと削除 -r で以下削除可能
smbldap-userdel -r sakai
以下でLDAPのユーザを認識、id等で確認可能
apt-get install libnss-ldap
vim /etc/libnss-ldap.conf
vim /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
サーバーのSSH等もLDAPで管理したい場合は、PAMを設定
apt-get install libpam-ldap
vim /etc/pam_ldap.conf
vim /etc/pam.d/common-auth
auth sufficient pam_ldap.so
vim /etc/pam.d/common-account
auth sufficient pam_ldap.so
WindowsでMy Computerの右クリック、DomainをChangeをクリックして、ユーザー名にAdministrator、設定したパスワードを入力してドメインに登録する。
再起動後、ユーザー名(sakai)とパスワードでログイン
== LDAPのレプリケーション設定
- slave
ssh 192.168.24.72
rm -rf /var/lib/ldap/*
suffix "dc=ldap1,dc=com" #change
rootdn "cn=admin,dc=ldap1,dc=com" #change
rootpw PASSWORD #change
vim /etc/ldap/slapd.conf
updatedn cn=admin,dc=ldap1,dc=com
updateref ldap://ldap1.com
- master
ssh 192.168.24.71
/etc/init.d/slapd stop
以下LDAP情報をコピー
scp /var/lib/ldap/* 192.168.24.72:/var/lib/ldap/.
vim /etc/ldap/slapd.conf
replogfile /var/lib/ldap/replog
replica uri=ldap://ldap2.com:389
binddn="cn=admin,dc=ldap1,dc=com"
bindmethod=simple credentials=PASSWORD
- slave
chown -R openldap:openldap /var/lib/ldap/
apt-get install libnss-ldap
/etc/libnss-ldap.conf
base dc=ldap1,dc=com
uri ldap://ldap2.com/ #BDCのためにスレーブを見る用にしておく
ldap_version 3
rootbinddn cn=admin,dc=ldap1,dc=com
- master and slave
/etc/init.d/slapd start
==BDCの設定
- slave
マスターから設定ファイルをコピー
scp 192.167.24.71:/etc/samba/smb.conf /etc/samba/.
以下書き換える
vim /etc/samba/smb.conf
passdb backend = ldapsam:ldap://ldap2.com/ #スレーブを見るようにしておく
domain master = no
os level = 33 #PDCより下げておく。Windowsのデフォルトが32なので33にあたりにしておく。'
wins support = no
wins server = 192.168.24.71
smbpasswd -w PASSWORD
自分のLDAPを見るようにしておく
vim /etc/ldap/ldap.conf
BASE dc=ldap1, dc=com
URI ldap://ldap2.com
PDCを落としてWindowsからDomainで入れるか確認、以下のログファイルでBDCが昇格したことを確認
cd /var/log/samba/
=============================
その他LDAP用コマンド
以下既存のユーザーをLDAPにmigrationする際のツール
vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "ldap1.com"; #add
$DEFAULT_BASE = "dc=ldap1,dc=com"; #add
$DEFAULT_MAIL_HOST = "mail.ldap1.com"; #add
以下のLDAPの基本情報等を登録
vi base.ldif
dn: dc=ldap1,dc=com
objectClass: dcObject
objectclass: organization
o: ldap1 Organization
dc: ldap1
dn: cn=admin, dc=ldap1,dc=com
objectclass: organizationalRole
cn:admin
dn: ou=People,dc=ldap1,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=ldap1,dc=com
objectClass: organizationalUnit
ou: Group
ldapadd -h localhost -x -D "cn=admin,dc=ldap1,dc=com" -W -f base.ldif
ldapsearch -x -b 'dc=test,dc=com' uid=test1
ldapmodify -x -Dcn=admin,dc=test,dc=com -W -f add.ldif
vim add.ldif
dn: uid=test1,ou=People,dc=test,dc=com
changetype: modify
add: userPassword
userPassword: PASSWORD
=============================
== subversion と Apache Basic Authentication as LdAP
aptitude install subversion libapache2-svn
mkdir /var/svn
svnadmin create --fs-type fsfs /var/svn
chown -R www-data:513 /var/svn
cd /tmp
svn checkout http://localhost/svn
ln -s /etc/apache2/mods-available/authnz_ldap.load /etc/apache2/mods-enabled/authnz_ldap.load
ln -s /etc/apache2/mods-available/ldap.load /etc/apache2/mods-enabled/ldap.load
vim /etc/apache2/mods-enabled/dav_svn.conf
DAV svn
SVNPath /var/svn
AuthType Basic
AuthName "LDAP Auth"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://test.com/ou=People,dc=test,dc=com?uid?sub?(objectclass=posixAccount)
Require valid-user
svn checkout http://localhost/svn
svn import http://localhost/svn -m "init"
cd svn touch test.txt
svn add test.txt
svn commit -m "up test.txt"
svn checkout http://localhost/svn/
Authentication realm: LDAP Auth
Password for 'root':
以下でも可。SSHの証明書をauthorized_keysに加えてパスワード入力なし設定をしてもOK.
svn checkout svn+ssh://localhost/var/svn
== CVS
apt-get install cvs
mkdir /var/cvs
chown -R root:513 /var/cvs
export CVSROOT=/var/cvs
cvs init
SSHの証明書をauthorized_keysに加えてパスワード入力なし設定をしてもOK.
export CVSROOT=:ext:sakai@192.168.24.71:/var/cvs
Windows認証 (LDAP,LDAP Replication + SAMBA,PDC,BDC) on Debian
ホスト設定
vim /etc/hosts
127.0.0.1 ldap1.com #
192.168.24.71 ldap1.com mail.ldap1.com
192.168.24.72 ldap2.com mail.ldap2.com
以下PDCのみのLDAPとSAMBA設定
以下インストール
aptitude install slapd ldap-utils libldap-dev
aptitude install samba smbclient swat smbldap-tools samba-doc
aptitude install migrationtools
zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > /etc/ldap/schema/samba.schema
以下で得たMD5をslapd.confのrootpwに適用する。
ldap1:/etc/ldap# slappasswd -s PASSWORD -h {MD5}
{MD5}MZ9NJuPFNrXdhxuyxS4xeA==
vim /etc/ldap/slapd.conf
include /etc/ldap/schema/samba.schema #add
suffix "dc=ldap1,dc=com" #change
rootdn "cn=admin,dc=ldap1,dc=com" #change
rootpw {MD5}k3pcIXcHEYMlTicw3RGw7w== #add
#検索用
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# アクセス制限 他のaccessはコメントアウト
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by self write
by dn="cn=admin,dc=ldap1,dc=com" write
by anonymous auth
by * none
access to *
by dn="cn=admin,dc=ldap1,dc=com" write
by self write
by * read
以下設定、ldapsearchで見るLDAP、BDCを設定する場合は以下をBDCのLDAPに向ける。
vim /etc/ldap/ldap.conf
BASE dc=ldap1, dc=com #change
URI ldap://ldap1.com #change
LDAP起動
/etc/init.d/slapd restart
以下sambaの設定
vim /etc/samba/smb.conf
[global]
workgroup = MYDOMAIN
dos charset = CP932
unix charset = UTF-8
display charset = UTF-8
netbios name = PDC
security = user
domain logons = yes
domain master = yes
local master = yes
os level = 64 #PDCのため値を大きくしておく。BDCはこの数値以下にしておく
preferred master = yes
wins support = yes
logon path =
logon home =
#Sambaのアドミンユーザー
admin users = Administrator
passdb backend = ldapsam:ldap://ldap1.com/
ldap suffix = dc=ldap1, dc=com
ldap admin dn = cn=admin,dc=ldap1,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
# リナックスとWindwosのパスワード同期
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*up
dated*
# windows managerからの変更のため
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
interfaces = 192.168.24.0/24 127.0.0.1 eth0
guest account = nobody
#ログインした際に時間を合わせたりするスクリプト等を置く場所
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
#プロファイル情報格納場所
[profiles]
comment = Users profiles
path = /home/samba/profiles
guest ok = no
browseable = no
create mask = 0600
directory mask = 0700
#[printers]
# comment = All Printers
# browseable = no
# path = /var/spool/samba
# printable = yes
# public = no
# writable = no
# create mode = 0700
#[print$]
# comment = Printer Drivers
# path = /var/lib/samba/printers
# browseable = yes
# read only = yes
# guest ok = no
[homes]
comment = Home Directories
path = %H/samba #change
writable = yes #change
browseable = no
vfs objects = recycle #add ごみ箱設定
recycle:repository = .recycle #add
recycle:keeptree = no #add
recycle:versions = yes #add
recycle:touch = no #add
recycle:maxsize = 0 #add
recycle:exclude = *.tmp ~$* #add
load printers = no #プリンタは不要
disable spoolss = yes
mkdir -p /home/samba/netlogon
mkdir -p /home/samba/profiles
chown -R nobody /home/samba
chmod 1777 /home/samba/profiles
以下でチェック
testparm
既存ユーザーのsambaディレクトリの作成
mkdir /etc/skel/samba
vi mkhomedir.sh
for user in `ls /home`
do
id $user > /dev/null 2>&1
[ $? -eq 0 ] && \
[ ! -d /home/$user/samba ] && \
mkdir /home/$user/samba && \
chown $user:$user /home/$user/samba && \
echo "/home/$user/samba create"
done
sh mkhomedir.sh
vi /etc/cron.weekly/recyclewatch
#!/bin/bash
for user in `ls /home/`
do
if [ -d /home/$user/samba/.recycle ]; then
tmpwatch -f 720 /home/$user/samba/.recycle/
fi
done
chmod +x /etc/cron.weekly/recyclewatch
#プリンターエラーの対応
touch /etc/printcap
/etc/init.d/samba start
SambaとLDAPの認証パスワードの設定ツール
zcat /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz > /etc/smbldap-tools/smbldap.conf
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf /etc/smbldap-tools/smbldap_bind.conf
以下で得たSIDをsmbldap.conに適用
net getlocalsid
vim /etc/smbldap-tools/smbldap.conf
SID="S-1-5-21-3869316386-1369744062-3351931823" #change, get sid from command as "net getlocalsid"
sambaDomain="MYDOMAIN" # change
ldapTLS="0" # change
#verify="require"
#cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem"
#clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem"
#clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"
usersdn="ou=People,${suffix}"
hash_encrypt="CRYPT" #change
#defaultMaxPasswordAge="45"
suffix="dc=ldap1,dc=com" #change
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" #change
userSmbHome="\\PDC\%U" #change
userProfile="\\PDC\profiles\%U" #change
userHomeDrive="Z:" #change ネットワークドライブ名
mailDomain="ldap1.com" #change
上記の項目でslaveLDAPとmasterLDAPはPDCとBDCを設定する場合にはそれぞれのIPを設定しておく
vim /etc/smbldap-tools/smbldap_bind.conf
slaveDN="cn=admin,dc=ldap1,dc=com"
slavePw="PASSWORD"
masterDN="cn=admin,dc=ldap1,dc=com"
masterPw="PASSWORD"
LDAPにサンバ初期化登録
smbldap-populate
以下でSambaアドミニストレーターを設定
getent passwd
getent group で アドミンやドメイングループの確認をして以下設定
smbldap-populate -a Administrator -k 998 -m 512
smbldap-passwd Administrator
サンバのアドミンパスワード設定
smbpasswd -w PASSWORD
以下でユーザー登録 -a 追加 -m ディレクトリを作成
smbldap-useradd -a -m sakai PASSWORD
smbldap-passwd sakai
ディレクトリごと削除 -r で以下削除可能
smbldap-userdel -r sakai
以下でLDAPのユーザを認識、id等で確認可能
apt-get install libnss-ldap
vim /etc/libnss-ldap.conf
vim /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
サーバーのSSH等もLDAPで管理したい場合は、PAMを設定
apt-get install libpam-ldap
vim /etc/pam_ldap.conf
vim /etc/pam.d/common-auth
auth sufficient pam_ldap.so
vim /etc/pam.d/common-account
auth sufficient pam_ldap.so
WindowsでMy Computerの右クリック、DomainをChangeをクリックして、ユーザー名にAdministrator、設定したパスワードを入力してドメインに登録する。
再起動後、ユーザー名(sakai)とパスワードでログイン
== LDAPのレプリケーション設定
- slave
ssh 192.168.24.72
rm -rf /var/lib/ldap/*
suffix "dc=ldap1,dc=com" #change
rootdn "cn=admin,dc=ldap1,dc=com" #change
rootpw PASSWORD #change
vim /etc/ldap/slapd.conf
updatedn cn=admin,dc=ldap1,dc=com
updateref ldap://ldap1.com
- master
ssh 192.168.24.71
/etc/init.d/slapd stop
以下LDAP情報をコピー
scp /var/lib/ldap/* 192.168.24.72:/var/lib/ldap/.
vim /etc/ldap/slapd.conf
replogfile /var/lib/ldap/replog
replica uri=ldap://ldap2.com:389
binddn="cn=admin,dc=ldap1,dc=com"
bindmethod=simple credentials=PASSWORD
- slave
chown -R openldap:openldap /var/lib/ldap/
apt-get install libnss-ldap
/etc/libnss-ldap.conf
base dc=ldap1,dc=com
uri ldap://ldap2.com/ #BDCのためにスレーブを見る用にしておく
ldap_version 3
rootbinddn cn=admin,dc=ldap1,dc=com
- master and slave
/etc/init.d/slapd start
==BDCの設定
- slave
マスターから設定ファイルをコピー
scp 192.167.24.71:/etc/samba/smb.conf /etc/samba/.
以下書き換える
vim /etc/samba/smb.conf
passdb backend = ldapsam:ldap://ldap2.com/ #スレーブを見るようにしておく
domain master = no
os level = 33 #PDCより下げておく。Windowsのデフォルトが32なので33にあたりにしておく。'
wins support = no
wins server = 192.168.24.71
smbpasswd -w PASSWORD
自分のLDAPを見るようにしておく
vim /etc/ldap/ldap.conf
BASE dc=ldap1, dc=com
URI ldap://ldap2.com
PDCを落としてWindowsからDomainで入れるか確認、以下のログファイルでBDCが昇格したことを確認
cd /var/log/samba/
=============================
その他LDAP用コマンド
以下既存のユーザーをLDAPにmigrationする際のツール
vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "ldap1.com"; #add
$DEFAULT_BASE = "dc=ldap1,dc=com"; #add
$DEFAULT_MAIL_HOST = "mail.ldap1.com"; #add
以下のLDAPの基本情報等を登録
vi base.ldif
dn: dc=ldap1,dc=com
objectClass: dcObject
objectclass: organization
o: ldap1 Organization
dc: ldap1
dn: cn=admin, dc=ldap1,dc=com
objectclass: organizationalRole
cn:admin
dn: ou=People,dc=ldap1,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=ldap1,dc=com
objectClass: organizationalUnit
ou: Group
ldapadd -h localhost -x -D "cn=admin,dc=ldap1,dc=com" -W -f base.ldif
ldapsearch -x -b 'dc=test,dc=com' uid=test1
ldapmodify -x -Dcn=admin,dc=test,dc=com -W -f add.ldif
vim add.ldif
dn: uid=test1,ou=People,dc=test,dc=com
changetype: modify
add: userPassword
userPassword: PASSWORD
=============================
== subversion と Apache Basic Authentication as LdAP
aptitude install subversion libapache2-svn
mkdir /var/svn
svnadmin create --fs-type fsfs /var/svn
chown -R www-data:513 /var/svn
cd /tmp
svn checkout http://localhost/svn
ln -s /etc/apache2/mods-available/authnz_ldap.load /etc/apache2/mods-enabled/authnz_ldap.load
ln -s /etc/apache2/mods-available/ldap.load /etc/apache2/mods-enabled/ldap.load
vim /etc/apache2/mods-enabled/dav_svn.conf
DAV svn
SVNPath /var/svn
AuthType Basic
AuthName "LDAP Auth"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://test.com/ou=People,dc=test,dc=com?uid?sub?(objectclass=posixAccount)
Require valid-user
svn checkout http://localhost/svn
svn import http://localhost/svn -m "init"
cd svn touch test.txt
svn add test.txt
svn commit -m "up test.txt"
svn checkout http://localhost/svn/
Authentication realm:
Password for 'root':
以下でも可。SSHの証明書をauthorized_keysに加えてパスワード入力なし設定をしてもOK.
svn checkout svn+ssh://localhost/var/svn
== CVS
apt-get install cvs
mkdir /var/cvs
chown -R root:513 /var/cvs
export CVSROOT=/var/cvs
cvs init
SSHの証明書をauthorized_keysに加えてパスワード入力なし設定をしてもOK.
export CVSROOT=:ext:sakai@192.168.24.71:/var/cvs
ラベル: LDAP
Lustre
I installed Lustre. I've written the installation document below. Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
= Lustre on CetnOS 5.3
> rpm -ivh kernel-lustre-smp-2.6.18-128.1.6.el5_lustre.1.8.0.1.x86_64.rpm
> rpm -ivh lustre-modules-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-client-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-client-modules-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-ldiskfs-3.0.8-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> vim /etc/grub.conf
default=0 ########## Change to 0 ###########
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-128.1.6.el5_lustre.1.8.0.1smp)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.1.6.el5_lustre.1.8.0.1smp ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-128.1.6.el5_lustre.1.8.0.1smp.img
title CentOS (2.6.18-128.2.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.2.1.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-128.2.1.el5.img
title CentOS (2.6.18-128.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-128.el5.img
> reboot
> vim /etc/hosts
192.168.0.11 lustre1
192.168.0.12 lustre2
192.168.0.13 lustre3
= MDT Server
> mkfs.lustre --fsname=test --mgs --mdt --device-size=262144 /tmp/mdt0
> mkdir -p /mnt/mdt0
> mount -t lustre -o loop /tmp/mdt0 /mnt/mdt0
= OST Server 1
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost0
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost1
> mkdir -p /mnt/ost0 /mnt/ost1
> mount -t lustre -o loop /tmp/ost0 /mnt/ost0
> mount -t lustre -o loop /tmp/ost1 /mnt/ost1
= OST Server 2
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost2
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost3
> mkdir -p /mnt/ost2 /mnt/ost3
> mount -t lustre -o loop /tmp/ost2 /mnt/ost2
> mount -t lustre -o loop /tmp/ost3 /mnt/ost3
= Client
> mkdir -p /mnt/test
> mount -t lustre lustre1:/test /mnt/test
= Lustre on CetnOS 5.3
192.168.0.10
[client]
|
|
|
----------------------------
| | |
| | |
[MDT] [OST1] [OST2]
192.168.0.11 192.168.0.12 192.168.0.13
> rpm -ivh kernel-lustre-smp-2.6.18-128.1.6.el5_lustre.1.8.0.1.x86_64.rpm
> rpm -ivh lustre-modules-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-client-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-client-modules-1.8.0.1-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> rpm -ivh lustre-ldiskfs-3.0.8-2.6.18_128.1.6.el5_lustre.1.8.0.1smp.x86_64.rpm
> vim /etc/grub.conf
default=0 ########## Change to 0 ###########
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-128.1.6.el5_lustre.1.8.0.1smp)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.1.6.el5_lustre.1.8.0.1smp ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-128.1.6.el5_lustre.1.8.0.1smp.img
title CentOS (2.6.18-128.2.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.2.1.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-128.2.1.el5.img
title CentOS (2.6.18-128.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-128.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-128.el5.img
> reboot
> vim /etc/hosts
192.168.0.11 lustre1
192.168.0.12 lustre2
192.168.0.13 lustre3
= MDT Server
> mkfs.lustre --fsname=test --mgs --mdt --device-size=262144 /tmp/mdt0
> mkdir -p /mnt/mdt0
> mount -t lustre -o loop /tmp/mdt0 /mnt/mdt0
= OST Server 1
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost0
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost1
> mkdir -p /mnt/ost0 /mnt/ost1
> mount -t lustre -o loop /tmp/ost0 /mnt/ost0
> mount -t lustre -o loop /tmp/ost1 /mnt/ost1
= OST Server 2
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost2
> mkfs.lustre --fsname=test --ost --mgsnode=lustre1 --device-size=1048576 /tmp/ost3
> mkdir -p /mnt/ost2 /mnt/ost3
> mount -t lustre -o loop /tmp/ost2 /mnt/ost2
> mount -t lustre -o loop /tmp/ost3 /mnt/ost3
= Client
> mkdir -p /mnt/test
> mount -t lustre lustre1:/test /mnt/test
ラベル: Distribute Storage
IOmeter on Linux
I installed IOmeter. I’ve written the installation document below. Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
= iometer install into CentOS5.2 64bit.
windows, iometer GUI, 192.168.1.20
linux, dynomo, 192.168.1.30
- linux
> yum install kernel-devel
> yum install gcc gcc-c++
> unzip iometer-2006_07_27.common-src.zip
> cd iometer-2006_07_27.linux.i386-bin/src/iomtr_kstat
> cp Makefile-Linux.x86_64 Makefile
> make
###./dynamo -i iometer_computer_name -m manager_computer_name] ###
> ./dynamo -i 192.168.1.20 -m 192.168.1.30
- windows
install iometer and run GUI iometer on windows,
you can see the linux client on iometer
= iometer install into CentOS5.2 32bit
> tar xvf iometer-2006_07_27.linux.i386-bin.tgz
> cd iometer-2006_07_27.linux.i386-bin/src/iomtr_kstat
> cp Makefile-Linux26 Makefile
> vi Makefile
#KERNELSRC = /tmp/tmpwork/linux-2.6.0.xscale/
KERNELSRC = /lib/modules/`uname -r`/build/
> make
> cd ../
###./dynamo -i iometer_computer_name -m manager_computer_name] ###
> ./dynamo -i 192.168.1.20 -m 192.168.1.30
install iometer and run GUI iometer on windows,
you can see the linux client on iometer
= iometer install into CentOS5.2 64bit.
windows, iometer GUI, 192.168.1.20
linux, dynomo, 192.168.1.30
- linux
> yum install kernel-devel
> yum install gcc gcc-c++
> unzip iometer-2006_07_27.common-src.zip
> cd iometer-2006_07_27.linux.i386-bin/src/iomtr_kstat
> cp Makefile-Linux.x86_64 Makefile
> make
###./dynamo -i iometer_computer_name -m manager_computer_name] ###
> ./dynamo -i 192.168.1.20 -m 192.168.1.30
- windows
install iometer and run GUI iometer on windows,
you can see the linux client on iometer
= iometer install into CentOS5.2 32bit
> tar xvf iometer-2006_07_27.linux.i386-bin.tgz
> cd iometer-2006_07_27.linux.i386-bin/src/iomtr_kstat
> cp Makefile-Linux26 Makefile
> vi Makefile
#KERNELSRC = /tmp/tmpwork/linux-2.6.0.xscale/
KERNELSRC = /lib/modules/`uname -r`/build/
> make
> cd ../
###./dynamo -i iometer_computer_name -m manager_computer_name] ###
> ./dynamo -i 192.168.1.20 -m 192.168.1.30
install iometer and run GUI iometer on windows,
you can see the linux client on iometer
ラベル: Analystic Tool
FreeRADIUS with LDAP
I installed FreeRADIUS with LDAP. I’ve written the installation document below. Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
== FreeRadius + LDAP
apt-get install freeradius freeradius-ldap
vim /etc/freeradius/radiusd.conf
modules{
ldap {
server = "ldap1.com"
basedn = "dc=ldap1,dc=com"
basedn = "ou=People,dc=ldap1,dc=com"
filter ="(&(objectclass=posixAccount)(uid=%{Stripped-User-Name:-%{User-Name}}))"
#access_attr = "dialupAccess"
}
authorize {
ldap #coment out
}
}
authenticate {
Auth-Type LDAP {
ldap
}
}
以下書き換える。
vim /etc/freeradius/users
DEFAULT Auth-Type = LDAP
Fall-Through = 1
view /etc/freeradius/clients.conf
client 127.0.0.1/24 {
secret = testing123
shortname = localhost
}
/etc/init.d/freeradius restart
radtest sakai PASSWORD localhost 0 testing123
== TLS
TLSやTTLSの場合は、debianのapt-getではモジュールが入らないので、ソースからいれる。
apt-get install build-essential
apt-get install apt-src
apt-src update
mkdir ~/build_freeradius
cd ~/build_freeradius
apt-src install freeradius
vim ~/build_freeradius/freeradius-1.1.3/debian/rules
#buildssl=--without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp
--without-rlm_sql_postgresql --without-snmp
#modulelist=krb5 ldap sql_mysql sql_iodbc
buildssl=--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir`
--with-rlm_sql_postgresql_include_dir=`pg_config --includedir`
modulelist=krb5 ldap sql_mysql sql_iodbc sql_postgresql
vim ~/build_freeradius/freeradius-1.1.3/debian/control
Source: freeradius
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev,
libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2),
libperl-dev, libtool, dpkg-dev (>= 1.13.19), libssl-dev, libpq-dev
Build-Conflicts:
cd ~/build_freeradius/freeradius-1.1.3/debian
cat control.postgresql >> control
以下加える
vim ~/build_freeradius/freeradius-1.1.3/debian/changelog
freeradius (1.1.3-3tls) unstable; urgency=low
* Add TLS. Closes: #403389.
-- Jun Sakai Sat, 16 Dec 2006 20:45:11 +0000
# cd ~/build_freeradius
# apt-src build freeradius
dpkg -i freeradius_1.1.3-3tls_i386.deb freeradius-ldap_1.1.3-3tls_i386.deb
秘密鍵の生成と、証明書発行要求の作成
% openssl req -new -newkey rsa:2048 -keyout rad-privkey.pem -out rad-req.pem
証明書発行要求の処理
# openssl ca -out rad-cert.pem -infiles rad-req.pem
秘密鍵のパスワードの解除
# openssl rsa -in rad-privkey.pem -out rad-priv.pem
DSAパラメータファイルの作成
# openssl dsaparam -out dh2048.pem 2048
CAの証明書 (OpenSSLでCAを設定した時に出来る)
WindowsXPに読み込ませる為に、DER形式の証明書を作成。
% openssl x509 -in cacert.pem -out cacert.der -outform DER
vim /etc/freeradius/eap.conf
eap {
#default_eap_type = md5
default_eap_type = peap
tls {
private_key_password = 88390LPP
private_key_file = /usr/local/RADIUS/rad-priv.pem
# If Private key & Certificate are located in
# the same file, then private_key_file &
# certificate_file must contain the same file
# name.
certificate_file = /usr/local/RADIUS/rad-cert.pem
# Trusted Root CA list
CA_file = /usr/local/CA/cacert.pem
dh_file = /usr/local/RADIUS/dh2048.pem
random_file = /dev/urandom
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
== FreeRadius + LDAP
apt-get install freeradius freeradius-ldap
vim /etc/freeradius/radiusd.conf
modules{
ldap {
server = "ldap1.com"
basedn = "dc=ldap1,dc=com"
basedn = "ou=People,dc=ldap1,dc=com"
filter ="(&(objectclass=posixAccount)(uid=%{Stripped-User-Name:-%{User-Name}}))"
#access_attr = "dialupAccess"
}
authorize {
ldap #coment out
}
}
authenticate {
Auth-Type LDAP {
ldap
}
}
以下書き換える。
vim /etc/freeradius/users
DEFAULT Auth-Type = LDAP
Fall-Through = 1
view /etc/freeradius/clients.conf
client 127.0.0.1/24 {
secret = testing123
shortname = localhost
}
/etc/init.d/freeradius restart
radtest sakai PASSWORD localhost 0 testing123
== TLS
TLSやTTLSの場合は、debianのapt-getではモジュールが入らないので、ソースからいれる。
apt-get install build-essential
apt-get install apt-src
apt-src update
mkdir ~/build_freeradius
cd ~/build_freeradius
apt-src install freeradius
vim ~/build_freeradius/freeradius-1.1.3/debian/rules
#buildssl=--without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp
--without-rlm_sql_postgresql --without-snmp
#modulelist=krb5 ldap sql_mysql sql_iodbc
buildssl=--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir`
--with-rlm_sql_postgresql_include_dir=`pg_config --includedir`
modulelist=krb5 ldap sql_mysql sql_iodbc sql_postgresql
vim ~/build_freeradius/freeradius-1.1.3/debian/control
Source: freeradius
Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev,
libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2),
libperl-dev, libtool, dpkg-dev (>= 1.13.19), libssl-dev, libpq-dev
Build-Conflicts:
cd ~/build_freeradius/freeradius-1.1.3/debian
cat control.postgresql >> control
以下加える
vim ~/build_freeradius/freeradius-1.1.3/debian/changelog
freeradius (1.1.3-3tls) unstable; urgency=low
* Add TLS. Closes: #403389.
-- Jun Sakai
# cd ~/build_freeradius
# apt-src build freeradius
dpkg -i freeradius_1.1.3-3tls_i386.deb freeradius-ldap_1.1.3-3tls_i386.deb
秘密鍵の生成と、証明書発行要求の作成
% openssl req -new -newkey rsa:2048 -keyout rad-privkey.pem -out rad-req.pem
証明書発行要求の処理
# openssl ca -out rad-cert.pem -infiles rad-req.pem
秘密鍵のパスワードの解除
# openssl rsa -in rad-privkey.pem -out rad-priv.pem
DSAパラメータファイルの作成
# openssl dsaparam -out dh2048.pem 2048
CAの証明書 (OpenSSLでCAを設定した時に出来る)
WindowsXPに読み込ませる為に、DER形式の証明書を作成。
% openssl x509 -in cacert.pem -out cacert.der -outform DER
vim /etc/freeradius/eap.conf
eap {
#default_eap_type = md5
default_eap_type = peap
tls {
private_key_password = 88390LPP
private_key_file = /usr/local/RADIUS/rad-priv.pem
# If Private key & Certificate are located in
# the same file, then private_key_file &
# certificate_file must contain the same file
# name.
certificate_file = /usr/local/RADIUS/rad-cert.pem
# Trusted Root CA list
CA_file = /usr/local/CA/cacert.pem
dh_file = /usr/local/RADIUS/dh2048.pem
random_file = /dev/urandom
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
ラベル: RADIUS
OCFS2 + DRBD8 on CentOS 5.3
I tried the OCFS2 + DRBD8 on CentOS 5.3. I’ve written the document below.
Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
= OCFS2
download rpm pacakge from ocfs2 site.
> yum -y install vte
> rpm -ivh ocfs2-tools-1.4.2-1.el5.x86_64.rpm
> rpm -ivh ocfs2console-1.4.2-1.el5.x86_64.rpm
> rpm -ivh ocfs2-2.6.18-128.2.1.el5-1.4.2-1.el5.x86_64.rpm
> vi /etc/sysconfig/o2cb
O2CB_ENABLED=true
> vi /etc/ocfs2/cluster.conf
node:
ip_port = 7777
ip_address = 10.0.0.74
number = 0
name = ocfs21
cluster = ocfs2
node:
ip_port = 7777
ip_address = 10.0.0.75
number = 1
name = ocfs22
cluster = ocfs2
cluster:
node_count = 2
name = ocfs2
== DRBD8
> yum -y install drbd82 kmod-drbd82
> vim /etc/drbd.conf
global {
usage-count yes;
}
common {
syncer {
rate 100M;
al-extents 257;
}
}
resource r0 {
protocol C;
startup {
become-primary-on both; ### For Primary/Primary ###
degr-wfc-timeout 60;
wfc-timeout 30;
}
disk {
on-io-error detach;
}
net {
allow-two-primaries; ### For Primary/Primary ###
cram-hmac-alg sha1;
shared-secret "FooFunFactory";
after-sb-0pri discard-zero-changes;
after-sb-1pri violently-as0p;
after-sb-2pri violently-as0p;
}
on ocfs21 {
device /dev/drbd0;
disk /dev/sdc;
address 10.0.0.81:7788;
meta-disk /dev/sdb[0];
}
on ocfs22 {
device /dev/drbd0;
disk /dev/sdc;
address 10.0.0.82:7788;
meta-disk /dev/sdb[0];
}
}
=Create Metadata
> dd if=/dev/zero of=/dev/sda3 bs=1M count=1024
> drbdadm create-md r0
> /etc/init.d/drbd stop
> /etc/init.d/drbd start
=Make them Primary/Primary
> drbdsetup /dev/drbd0 primary -o
> cat /proc/drbd
version: 8.3.0 (api:88/proto:86-89)
GIT-hash: 9ba8b93e24d842f0dd3fb1f9b90e8348ddb95829 build by ivoks@ubuntu, 2009-01-17 07:49:56
0: cs:Connected ro:Primary/Primary ds:UpToDate/Diskless C r---
ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:4883760
> mkfs.ocfs2 /dev/drbd0
> /etc/init.d/o2cb start
> mount -t ocfs2 /dev/drbd0 /data
Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
= OCFS2
download rpm pacakge from ocfs2 site.
> yum -y install vte
> rpm -ivh ocfs2-tools-1.4.2-1.el5.x86_64.rpm
> rpm -ivh ocfs2console-1.4.2-1.el5.x86_64.rpm
> rpm -ivh ocfs2-2.6.18-128.2.1.el5-1.4.2-1.el5.x86_64.rpm
> vi /etc/sysconfig/o2cb
O2CB_ENABLED=true
> vi /etc/ocfs2/cluster.conf
node:
ip_port = 7777
ip_address = 10.0.0.74
number = 0
name = ocfs21
cluster = ocfs2
node:
ip_port = 7777
ip_address = 10.0.0.75
number = 1
name = ocfs22
cluster = ocfs2
cluster:
node_count = 2
name = ocfs2
== DRBD8
> yum -y install drbd82 kmod-drbd82
> vim /etc/drbd.conf
global {
usage-count yes;
}
common {
syncer {
rate 100M;
al-extents 257;
}
}
resource r0 {
protocol C;
startup {
become-primary-on both; ### For Primary/Primary ###
degr-wfc-timeout 60;
wfc-timeout 30;
}
disk {
on-io-error detach;
}
net {
allow-two-primaries; ### For Primary/Primary ###
cram-hmac-alg sha1;
shared-secret "FooFunFactory";
after-sb-0pri discard-zero-changes;
after-sb-1pri violently-as0p;
after-sb-2pri violently-as0p;
}
on ocfs21 {
device /dev/drbd0;
disk /dev/sdc;
address 10.0.0.81:7788;
meta-disk /dev/sdb[0];
}
on ocfs22 {
device /dev/drbd0;
disk /dev/sdc;
address 10.0.0.82:7788;
meta-disk /dev/sdb[0];
}
}
=Create Metadata
> dd if=/dev/zero of=/dev/sda3 bs=1M count=1024
> drbdadm create-md r0
> /etc/init.d/drbd stop
> /etc/init.d/drbd start
=Make them Primary/Primary
> drbdsetup /dev/drbd0 primary -o
> cat /proc/drbd
version: 8.3.0 (api:88/proto:86-89)
GIT-hash: 9ba8b93e24d842f0dd3fb1f9b90e8348ddb95829 build by ivoks@ubuntu, 2009-01-17 07:49:56
0: cs:Connected ro:Primary/Primary ds:UpToDate/Diskless C r---
ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:4883760
> mkfs.ocfs2 /dev/drbd0
> /etc/init.d/o2cb start
> mount -t ocfs2 /dev/drbd0 /data
ラベル: Cluster
Parascale for huge storage
I installed Parascale. I’ve written the installation document below. Please give me advice/suggestions on it. I would appreciate any kind of advice/suggestion!
Console server : 192.168.0.10, 172.16.0.10 + 1LUN
Storage server1 : 192.168.0.1, 172.16.0.1 + 1LUN
Storage server2 : 192.168.0.2, 172.16.0.2 + 1LUN
Storage server3 : 192.168.0.3, 172.16.0.3 + 1LUN
Virtual ip: 192.168.0.10
External pool: 192.168.10.20-23
Internal Pool: 172.16.0.
= install console server
> mkdir /tmp/pscl
> cd /tmp/pscl
> tar zxvf pcs_v1.3.0-r4788-64bit.tgz
> ./pcsinstall -c
> vi /root/.bash_profile
export PATH=$PATH:/opt/pscl/vsn/bin
export MANPATH=$MANPATH:/opt/pscl/vsn/man
> source /root/.bash_profile
= install storage server
> mkdir /tmp/pscl
> mv pcs_v1.3.0-r4788-64bit.tgz /tmp/pscl/
> cd /tmp/pscl
> tar zxvf pcs_v1.3.0-r4788-64bit.tgz
> ./pcsinstall -s
= metenance
access http:///admin/
Console server : 192.168.0.10, 172.16.0.10 + 1LUN
Storage server1 : 192.168.0.1, 172.16.0.1 + 1LUN
Storage server2 : 192.168.0.2, 172.16.0.2 + 1LUN
Storage server3 : 192.168.0.3, 172.16.0.3 + 1LUN
Virtual ip: 192.168.0.10
External pool: 192.168.10.20-23
Internal Pool: 172.16.0.
= install console server
> mkdir /tmp/pscl
> cd /tmp/pscl
> tar zxvf pcs_v1.3.0-r4788-64bit.tgz
> ./pcsinstall -c
> vi /root/.bash_profile
export PATH=$PATH:/opt/pscl/vsn/bin
export MANPATH=$MANPATH:/opt/pscl/vsn/man
> source /root/.bash_profile
= install storage server
> mkdir /tmp/pscl
> mv pcs_v1.3.0-r4788-64bit.tgz /tmp/pscl/
> cd /tmp/pscl
> tar zxvf pcs_v1.3.0-r4788-64bit.tgz
> ./pcsinstall -s
= metenance
access http://
ラベル: Distribute Storage
登録 投稿 [Atom]