This is the last, and the most difficult part of our exercise on DRBD. We needed four computers, one for the database, two for the servers, and another one for the client. The two servers should have heartbeat installed so when the primary server failed, a secondary one will take over. The database and these servers will be connected using DRBD. Same procedures with the Heartbeat and DRBD Set up (see Exer 5 (Part II), Exer 6 (Part II)) will be done here. But after setting up, we must make it access the database on the other computer.
Unfortunately, we were not able to do it because of Heartbeat. We were stuck making it work and could not move on to the next steps. We could not try to connect it with the database. :(
Wednesday, October 9, 2013
Monday, September 9, 2013
Exer 6 (Part II): DRBD Set-up
1. Using GParted, we created a new partition with unknown file system type.
3. We loaded its kernel module, then backed up the drbd configuration file and created a new one on both servers.
4. We then initialized the meta data storage and started DRBD on both servers/nodes.
6. On server 2, we used cat /proc/drbd to see some progress on synchronization.
7. Then on server 1, we also used cat /proc/drbd. This was the output:
8. Also on server 1 (only), we created an ext4system filesystem and a directory (named data) then mounted the filesystem on that directory:
mkfs.ext4 /dev/drbd0
mkdir /data
mount /dev/drbd2/data
To checked if it was mounted, we used the command mount and df -h.
9. To test the configuration we made, we created files on the /data directory and checked if they were replicated to server 2.
10. We unmounted the /data directory on server1 then assigned the secondary role to it: drbdadm secondary r0.
11. We assigned the primary role to server 2: drbdadm primary r0 and checked the output of cat /proc/drbd to know if it was the primary server. Then a directory /data was created and /dev/drbd2 was mounted on it.
12. We checked the contents of the data directory. The files that we created on server 1 were there.
It took us almost three hours to do this exercise successfully. We repeated some steps more than once because of some errors that appeared. There were times that we needed to restart our computers. But all of our efforts paid off.
References:
http://www.howtoforge.com/setting-up-network-raid1-with-drbd-on-ubuntu-11.10
Exer 6 (Part I): Intro on DRBD + Making a Dynamic Website
I. DRBD
DRBD or Distributed Replicated Block Device refers to block devices designed as a building block to form high availability (HA) clusters. - drbd.orgIt can be used as the basis of:
- Conventional and shared disk file systems
- another logical blocking device
- applications which require direct access to a blocking device
-Wikipedia
Do visit drbd.org to learn more on DRBD. Also, please read my succeeding entries about installation and configuration of DRBD, and integration of it with Heartbeat.
II. Dynamic Website
After reading on DRBD, we created a dynamic website using PHP and mySQL. This website will be used for DRBD on the next parts of this exercise.First, we installed all the applications that we needed:
- apache2
- php5
- mysql
Then, we made a database of users. It has only one table named user with column names username and password.
There are four functionalities /parts for this website: add user/sign up, log in, edit account, delete account.
Here are some screenshots of the website. Unfortunately, we lost the other screenshots.
Saturday, August 17, 2013
Exercise 5 (Part III): Investigation/Experiment on Heartbeat
For the first part of the investigation, we needed to repeat the process we did on our last exercise to set up heartbeat on two servers. When we remove the LAN cable on the primary server, here is what happen/the result when we used ping to test the set up.
Considering the first time result on each test, the average delay before the server responds is 0.7493 ms.
After getting the result for the first part of the investigation, we needed to add a server with heartbeat to be used for the second part. We had two secondary servers this time. When the LAN of the primary server was removed, one of the two secondary servers took over. The delay of the secondary server is 1.15ms.
When we removed the LAN of the slave server which responded earlier, the other/remaining slave server took over.
Exercise 5 (Part II): Server Backup
In our exercise, we were tasked to do a network configuration where a passive server backs up the active server whenever it is not available. We used three computers to accomplish this exercise: (1) an active server, (2) a passive server and (3) a client.
Here are the steps that we did:
1. We installed Heartbeat, Pacemaker and Apache to the computers who acted as servers.
2. We assigned a static IP address to each server:
192.168.21.2 - active server
192.168.21.3 - passive server
3. Next, we changed the hostname of the servers (server1 - active; server2 - passive) then edited /etc/hosts file:
192.168.21.1 is the cluster IP which will be accessed by the client.
4. We edited the configuration files of heartbeat for both servers:
a. /etc/ha.d/authkeys
b. /etc/ha.d/ha.cf
c. /etc/ha.d/haresources
5. We started heartbeat on both servers using /etc/init.d/heartbeat command.
6. Finally, we tried if our set up worked.
We accessed 192.168.21.1 (cluster IP).
Then, we shutdown server1; server2 (192.168.21.3) took over.
Reference:
http://www.langeder.org/wordpress/high-available-server-using-heartbeat/
Here are the steps that we did:
1. We installed Heartbeat, Pacemaker and Apache to the computers who acted as servers.
2. We assigned a static IP address to each server:
192.168.21.2 - active server
192.168.21.3 - passive server
3. Next, we changed the hostname of the servers (server1 - active; server2 - passive) then edited /etc/hosts file:
192.168.21.1 is the cluster IP which will be accessed by the client.
4. We edited the configuration files of heartbeat for both servers:
a. /etc/ha.d/authkeys
 |
| tells heartbeat to use the key #1 which is onethreeseven as md5 password |
c. /etc/ha.d/haresources
5. We started heartbeat on both servers using /etc/init.d/heartbeat command.
6. Finally, we tried if our set up worked.
We accessed 192.168.21.1 (cluster IP).
Then, we shutdown server1; server2 (192.168.21.3) took over.
Reference:
http://www.langeder.org/wordpress/high-available-server-using-heartbeat/
Monday, August 5, 2013
Exercise 5 (Part I): Introduction to Web Server, High-Availability and Cluster Resource Management
Web Server
Web server is an application which delivers web contents as they are requested. It uses a client-server model. Its main function is to provide web pages to clients using HTTP.
How does it work?
- When a web user requests a URL to be loaded, the web server fetches it then sends it to the user's browser.
Apache
Apache is an HTTP web server application that provides a full range of web server features. It is a free software distributed by Apache Software Foundation. It was originally designed for Unix environments, but has been eventually ported to Windows and other OS.
- Installation
In Linux, just type sudo apt-get install apache2 on your terminal. Wait for it to be downloaded and installed.
- Configuration
Once installed, look for httpd.conf (configuration file) in /etc/httpd/conf directory. Use a text editor to edit the file.
You may check if Apache is properly installed and configured by opening in a web browser the file index.html located at /var/www directory.
High Availability
It is a system or component that is continuously operational for a long period of time. This refers to the ability of system to be "100% operational" or "never-failing".
- For a 3-year old child: A girl broke or lost her favorite doll. She cried hard because it was really her favorite. To stop her from crying, her parents bought her another doll which looked like the same as the old one that the girl did not even mind.
Heartbeat
It is used to observe and manage the web servers. When the active server fails to deliver the web page a client has requested, another (passive) web server must take over.
- Installation
In Linux, just type sudo apt-get install heartbeat on your terminal. Wait for it to be downloaded and installed.
Cluster Resource Manager (Pacemaker)
It achieves maximum availability for your clusters services by detecting and recovering from node and resource-level failures by using the functions provided by a cluster infrastructure (example: Heartbeat).
References:
Monday, July 29, 2013
Exercise 4: DHCP
For our 4th exercise, we learned how to configure a linux computer to act as a router and a DHCP server. DHCP or Dynamic Host Configuration Protocol, is a network protocol used to configure devices that are connected to a network, so they can communicate on that network using Internet Protocol.
We first prepared and configured Computer B (connected to a wired connection and will act as the router) and Computer A . We manually assigned a static IP address (192.168.8.254) to the interface connected to Computer A and to Computer B. We needed the subnet, gateway, and subnetmask. (Answer to Question 3) Then, we checked if IP forwarding is enabled in linux kernel in Computer B. It was disabled, so we enabled it for the Computer B to act as a router.
After that, we set the appropriate firewall settings.
(Answer to Question 1.)
iptables -F -> flushes the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one
iptables -P INPUT ACCEPT -> sets the policy for the chain to the target (INPUT).
iptables -P OUTPUT ACCEPT -> sets the policy for the chain to OUTPUT
iptables -P FORWARD ACCEPT -> sets the policy for the chain to FORWARD
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-> specifies the packet matching table nat (consulted when a packet that creates a new connection is encountered) , then appends POSTROUTING to the selected chain, sets the name of the interface (eth0), and specifies the MASQUERADE (target of the rule).
To check if the configuration for both computers were successful, we pinged Computer B using Computer A. Then, we copied the contents of Computer B's /etc/resolv.conf file to Computer A's. We successfully accessed a website after those steps.
Now, the challenging part was to automate the configuration of Computer A. We created the configuration file /etc/dhcp/dhcpd.conf in Computer B. We used domain-name, domain-name-servers, subnet-mask, broadcast-address, and routers for the option. (Answer to Question 2)
Then, we ran dhclient command on computer A to request for host configuration information on the server. And to check if Computer B is properly configured, we viewed the leases files which contain the current IP addresses on lease by the DHCP server.
We also successfully accessed a website after doing the above steps for automation. We did the cleanup after.
References:
Handouts given
Wikipedia
http://linux.die.net/man/8/iptables
We first prepared and configured Computer B (connected to a wired connection and will act as the router) and Computer A . We manually assigned a static IP address (192.168.8.254) to the interface connected to Computer A and to Computer B. We needed the subnet, gateway, and subnetmask. (Answer to Question 3) Then, we checked if IP forwarding is enabled in linux kernel in Computer B. It was disabled, so we enabled it for the Computer B to act as a router.
After that, we set the appropriate firewall settings.
(Answer to Question 1.)
iptables -F -> flushes the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one
iptables -P INPUT ACCEPT -> sets the policy for the chain to the target (INPUT).
iptables -P OUTPUT ACCEPT -> sets the policy for the chain to OUTPUT
iptables -P FORWARD ACCEPT -> sets the policy for the chain to FORWARD
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-> specifies the packet matching table nat (consulted when a packet that creates a new connection is encountered) , then appends POSTROUTING to the selected chain, sets the name of the interface (eth0), and specifies the MASQUERADE (target of the rule).
To check if the configuration for both computers were successful, we pinged Computer B using Computer A. Then, we copied the contents of Computer B's /etc/resolv.conf file to Computer A's. We successfully accessed a website after those steps.
Now, the challenging part was to automate the configuration of Computer A. We created the configuration file /etc/dhcp/dhcpd.conf in Computer B. We used domain-name, domain-name-servers, subnet-mask, broadcast-address, and routers for the option. (Answer to Question 2)
References:
Handouts given
Wikipedia
http://linux.die.net/man/8/iptables
Monday, July 15, 2013
Exercise 3: DNS
Domain Name System or DNS is a hierarchical, distributed database that contains mappings of domain names to various types of data. DNS allows us to use friendly names to easily locate computers and other resources on a TCP/IP-based network. (http://technet.microsoft.com/en-us/network/bb629410.aspx)
When we access a website, the web server checks it with the DNS Resolver, a built-in component in operating systems. It translates the domain name to its IP address and do the domain name-IP mapping on different databases until it is found.
Functions of DNS include caching and redundancy. DNS resolvers store the answers they get from other DNS servers. Those are added in a cache, an internal database. When you access a same website again, it does not need to look up the host again. Caching and redundancy help DNS to respond faster to queries.
Zone File
Zone file is a part of configuring a DNS server. It describes a DNS zone and contains list of all the hosts in the domain and their corresponding IP address. Here are its parts:
We learned how to make a domain name for an IP address and connect to other computers using their domain names. We used BIND, a DNS software use to configure a DNS server.
I needed some patience to make this work.
References:
When we access a website, the web server checks it with the DNS Resolver, a built-in component in operating systems. It translates the domain name to its IP address and do the domain name-IP mapping on different databases until it is found.
Functions of DNS include caching and redundancy. DNS resolvers store the answers they get from other DNS servers. Those are added in a cache, an internal database. When you access a same website again, it does not need to look up the host again. Caching and redundancy help DNS to respond faster to queries.
Zone File
Zone file is a part of configuring a DNS server. It describes a DNS zone and contains list of all the hosts in the domain and their corresponding IP address. Here are its parts:
- SOA (Start of Authority) - states that this server is authoritative for the specific domain.
- NS (Name Server) - specifies the name server to use to look up a domain
- MX (Mail Exchange) - specifies mail server/s for the domain
- A (A record) - used for linking FQDN to an IP address
- CNAME (Canonical Name) - assigns aliases to existing A records
- PTR - reveres map IP addresses to an FQDN
 |
| forward zone file |
 |
| reverse zone file |
 |
| named.conf.local |
I needed some patience to make this work.
 |
| pinging |
References:
- http://technet.microsoft.com/en-us/network/bb629410.aspx
- http://www.inetdaemon.com/tutorials/internet/dns/servers/caching.shtml
- http://www.hansenonline.net/networking/zonefile.html
Monday, July 1, 2013
Exercise 2: IP Routing
Last Tuesday, June 25, our laboratory topic was all about Internet Protocol and routing. The discussion was okay and I learned many things about IP, but dealing with the exercise was way better because we experienced how IP routing is done.
IP address has two parts: network address/id and host address/id. The hosts and networks depend on the class of IP. Here are they:
A : 0N.H.H.H - for IPv4, it has 27 bits for network and 224 bits for host
B : 10N.N.H.H - for IPv4, it has 214 bits for network and 216 bits for host
C : 110N.N.N.H - for IPv4, it has 221 bits for network and 28 bits for host
D : Multicast
E: Experimental
The default Subnet Mask for Classes A,B and C are the following:
A: 255.0.0.0
B: 255.255.0.0
C. 255.255.255.0
After the discussion on IP, we proceeded with routing of computers/IP addresses with the use of Scalable Cisco IOS Simulator for Virtual Networks. As a guide for our exercise, our laboratory instructor taught us how to route two IP addresses. He discussed it step-by-step.
For our exercise, we were tasked to do the routing to three(3) IP addresses/computers. At first, I really did not know how to do it, but upon rereading the handout, I already got the idea.
First, I connected each computer to a router, and connected those three routers through a switch. Then, I configured the three computers.
The next step I did was to configure each router through the console. I connected each router to the other two using the ip route <interface> <netmask> <gateway> command.
To check and to make sure that the IP routing worked, I pinged the IP addresses of the other two computers connected to a computer.
Pinged IP addresses of Computer 2 and 3 using Computer 1.
Pinged Computer 1 and 3 using Computer 2.
Pinged Computer 1 and 2 using Computer 3.
I was so happy for what I have learned and happier I finished the exercise within the laboratory hours. Kudos! :)
IP address has two parts: network address/id and host address/id. The hosts and networks depend on the class of IP. Here are they:
A : 0N.H.H.H - for IPv4, it has 27 bits for network and 224 bits for host
B : 10N.N.H.H - for IPv4, it has 214 bits for network and 216 bits for host
C : 110N.N.N.H - for IPv4, it has 221 bits for network and 28 bits for host
D : Multicast
E: Experimental
The default Subnet Mask for Classes A,B and C are the following:
A: 255.0.0.0
B: 255.255.0.0
C. 255.255.255.0
After the discussion on IP, we proceeded with routing of computers/IP addresses with the use of Scalable Cisco IOS Simulator for Virtual Networks. As a guide for our exercise, our laboratory instructor taught us how to route two IP addresses. He discussed it step-by-step.
For our exercise, we were tasked to do the routing to three(3) IP addresses/computers. At first, I really did not know how to do it, but upon rereading the handout, I already got the idea.
First, I connected each computer to a router, and connected those three routers through a switch. Then, I configured the three computers.
 |
| Configuration for Computer 1 |
 |
| Configuration for Computer 2 |
 |
| Configuration for Computer 3 |
To check and to make sure that the IP routing worked, I pinged the IP addresses of the other two computers connected to a computer.
Pinged IP addresses of Computer 2 and 3 using Computer 1.
Pinged Computer 1 and 3 using Computer 2.
Pinged Computer 1 and 2 using Computer 3.
I was so happy for what I have learned and happier I finished the exercise within the laboratory hours. Kudos! :)
Monday, June 17, 2013
Exercise 1: SSH
This is my first entry on this blog, and I will discuss to you my experiences and learning for our activity today.
For today's laboratory class, Sir Joman introduced to us Data Communications and Networking.
First, he discussed about Security Shell (SSH) and SSH Security. Here is a definition of Security Shell: a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between to networked computer. I also learned from him and from the handout given that there are to ways to secure SSH, one is the traditional username-password combination, the other one is the public-private keys.
After the discussion, he asked us to do our exercise. Here are the things that I have learned from it:
Adding a user on local computer
To add a user on local computer,type sudo adduser <username> on terminal. Then, provide password and some information for that username.
Logging in to a remote computer (server) via SSH using username-password combination
You do this, you must first log in your account ($su <username>). Out teacher provided a username and password to be used to connect to a remote computer using ssh. To do this, type ssh <username>@<IPAdressOfServer>
Configuring local computer for a passwordless login (public key cryptography)
First, logout from the remote computer ($exit), then go to your local computer's home directory under your home folder and go to that directory. Execute the following command to login to a remote computer without using a password:
$ssh-keygen -t rsa
$<enter>
$<enter>
$<enter>
First, logout from the remote computer ($exit), then go to your local computer's home directory under your home folder and go to that directory. Execute the following command to login to a remote computer without using a password:
$ssh-keygen -t rsa
$<enter>
$<enter>
$<enter>
Execute $ssh-copy-id username@IPAddressOfServer and log in again to the remote server using your username: $ssh username@<IPAddressOfServer>
Broadcasting a message to other connected users to the remote computer
This is done using wall (write to all). First, make sure that your mesg is set to yes. Then, use any of the following command to broadcast message:
$wall <<< "<message>"
$echo "<message>" | wall
$wall <file name]
To terminate wall, type Ctrl+D.
Sending a message to a particular user only
This is done using write ($write <username-of-the-other-user> [enter]). Write your message after. To reply, make sure you first initiated the write program to the user who is writing to you (do the write command). Type Ctrl+D to end the conversation.
Additional information:
After setting up passwordless login in your workstation to the remote computer, if you log in to the remote server using different workstation, it would not be passwordless anymore because you need configure again your current workstation to the remote computer.
This is done using write ($write <username-of-the-other-user> [enter]). Write your message after. To reply, make sure you first initiated the write program to the user who is writing to you (do the write command). Type Ctrl+D to end the conversation.
Additional information:
After setting up passwordless login in your workstation to the remote computer, if you log in to the remote server using different workstation, it would not be passwordless anymore because you need configure again your current workstation to the remote computer.
Subscribe to:
Posts (Atom)