Showing post in category: Work
While working on implementing failover for a JBoss application in heartbeat I had it sometimes fail miserably. After examining the logs files for a while I noticed that it tried to start my service twice.. why?
This was due to multiple errors from my side:
- I hadn’t implemented the status call for my heartbeat resource script
- My script didn’t return true when asked to start and it was already started.
According to LSB standard your start / stop scripts should return true even though your service is already started.
Note to self: Learn to read the documentation and not just assume you know how it works (especially not with failover clusters… they are meant to have uptime you know.
Good readings about heartbeat and the resouces scripts.
One of our customers have a JBoss application which they wanted to monitor with a script (in the long run Heartbeat2).
By making a specific HTTP POST request to which the answer is known, it is possible to check if the server is running as expected. The HTTP POST request consist of a header and a body. The header is automaticaly generate from the parameters you provide curl and the body is provided in the --data parameter.
The following is an example close to what I used, and beneath a description of the parameters used parameters:
curl --insecure \
--user monitor_user:heykcnhre \
--header extra-header:12345678 \
--include \
--data '
7
get_email
' https://localhost:5011/check
--insecure ignores unverified SSL certificates--user authentication information need to access the server and make the http request in the first place.--header provides extra header information. You can add as many of theese as you need.--include includes the header in the response (not only the body)
Curl takes many different parameters use man curl for more info.
Sometimes you have to get primitive … duh.
Today I got really annoyed about the “Package Management” tool on Red Hat EL 4 update 4. When I tried to install the “Development tools” I just got an error that krb5-libs could not be found which was a dependencie of krb5-workstation (1.3.4, 33). Both krb5-libs and krb5-workstation was installed…?!? I’m not Red Hat expert… and that is probably my biggest problem here 
Back to the commandline… it always works.
I had to search the CD’es (afterwards I found that all the packages I needed was on CD3). I made a little search script… dont think anyone can use it… just thought it was fun:
for i in 1 2 3 4 5
do
mount -o loop /root/RHEL4-U4-i386-ES-disc$i.iso /mnt/
echo "Results on cd $i"
find /mnt/RedHat/RPMS/ -iname $1\*
umount /mnt/
done
Today I wanted to install Suse Linux Enterprise Server 10 (SLES10) from my USB DVD drive on my VMware Server (the free edition). I went though the wizard and powered on the machine but when the SUSE installer started to read the initial ramdisk it never got any further.
Troubleshooting VMware issues…
First I seached Google but didn’t really found anything usefull. My problem was to generic. Then I found that each VMware machine has its own log file at the same location as the vmx files etc. I found that when the machine stopped responding the log file would say something like this:
Jan 19 12:04:22: vcpu-0| VIDE: (0x170) Rep INSW ATAPI Unknown Cmd 0x52 Data len 8
Jan 19 12:04:22: vcpu-0| VIDE: (0x170) Rep INSW ATAPI Unknown Cmd 0x52 Data len 28
Jan 19 12:04:22: vmx| CDROM_SG: AIOCallbackSGIO: Unexpected errno: Input/output error (5)
Jan 19 12:04:22: vmx| VIDE: ATAPI DMA 0x28 Failed: key 0x2, asc 0x0, ascq 0x0
Okay now this seems to be a CD/DVD drive problem. I found another working version of SLES 10 on VMware and compared the 2 vmx files.
diff working.vmx not_working.vmx
...
11,12c10,11
< ide1:0.fileName = "/dev/cdrom"
ide1:0.fileName = "/dev/scd0"
> ide1:0.deviceType = "cdrom-raw"
Now shut down the virtual machine and edited the vmx fil to use atapi-cdrom and now I was able to install.
When I install a server I usually make a minimal install and put on the software which is needed for the task the machine is to perform. Less packages which needs security updates the better IMO. Today I was setting up a heartbeat cluster on a SLES10. When the heartbeat package is installed the system also installs shaitloads of other packages like gtk pango and some X-libs… and I simply dont get why?!?
It feels so Windows like…. eeeeekkk.
Sorry just had to get it out.
This have been an awesome Christmas. I didn’t really realize that Christmas was upon us until December the 22. when my and my girlfriend headed for Jutland to spend Christmas with my side of the family. Work have been stressing in December, so when I got home I didn’t have the energy to think of Christmas. Anyways…now it is over
My girlfriend gave me one of the best gifts ever: Nintendo Wii
And my little sister and her boyfriend gave me: Rayman Raving Rabbits
Just wanted to wish my readers a merry Christmas. MERRY CHRISTMAS GUYS.
You can download smbldap-tools from their homepage… don’t!
If have searched yast for smbldap-tools, you will probably (like me) have found nothing. I tried to install the platform independent RPM package. Only to find that I was missing:
perl(Unicode::MapUTF8) is needed by smbldap-tools
Well there is not specific package for smbldap-tools for SLES 10… but I found that the perl scrips is included in the samba-doc package. After you have installed the samba-doc package, you will be able to find somewhere like this:
/usr/share/doc/packages/samba/examples/LDAP/smbldap-tools-0.9.1
The version might vary when new service packs arrive.
Now copy the the following files to /usr/local/sbin/:
smbldap-groupadd
smbldap-groupmod
smbldap-passwd
smbldap-tools.spec
smbldap-userdel
smbldap-usermod
smbldap_tools.pm
smbldap-groupdel
smbldap-groupshow
smbldap-populate
smbldap-useradd
smbldap-userinfo
smbldap-usershow
And copy the following configuration files to /etc/smbldap-tools:
smbldap.conf
smbldap_bind.conf
From here you are on your own
With the latest version of Windows Server 2003 R2 it is no longer needed to install Windows Services for UNIX, since this is now a part of Windows Server 2003, though not enabled by default.
To enable it open Control Panel -> Add or Remove Programs. Now click on Add/Remove Windows Components. Double click on Active Directory Services and select Identity Management for Unix.
After this… surprise… you have to restart the Windows Server 
Now you should be able to see the “Unix Attributes”-tab when looking on properties for a user.
First install a minimum SLES10 (only using selectiong Server Base).
I have a few issues with the minimum install thing in SLES10 (I had kind of the same feeling with SLES9):
- Why do I have to use CD2 to install a 76 kilobyte
Zenwork Managemnet Daemon. Why not put it on CD1? It seems really lame that you cannot make a minimum install with CD1.
- No I really don’t want the
Network Mmanager to manage my ethernet interface on my server… I want to give it a static ip. Ahhh I can disabled it. But why do SLES10 still want to install the network-manager package?… and worse all its dependencies is the reason why I choose the minimum install in the first place.
Luckily after the install you can choose to use the old way of configuring network from within YAST.
Besides from that SLES10 have so far made a good impression on me.
I usually turn off the services slpd and portmap.
Preparing server for VMware
Extra packages needed:
xorg-x11-libs
gcc
kernel-source
Now install the the free VMware Server from www.vmware.com:
I am looking into authenticating users on Solaris 9 via Active Directory (AD) as an LDAP server. To chop the problem into smaller problems I started to try and connect to the LDAP interface of the AD from a platform which I know. I’m no Solaris expert
So I installed Ubuntu edgy (server install from alternative CD) and a evaluation Windows 2003 R2 server in the free VMware Server product. Then I install an Active Directory (and a DNS server) on the Windows Server.
The I tried to connect to the AD with PHP scripts to test how it worked. I found a good article on www.developer.com about PHP LDAP connections to AD. I also found an article about various handy LDAP search filters for Active Directory.
First create a normal Windows user in the AD which you use to connect to the AD with. You don’t need to add this user to any special groups to allow it to connect to the AD. Just a plain normal user. You might wanna disable password expiration if you are gonna use it in a production environment
The I made a php script on my Ubuntu server somewhat like the following:
#!/usr/bin/php
Trouble shooting
49: Invalid credentials
Remember when you tell PHP script which user you want to connect with, also supply the realm in which the user resides. In my test setup I used my own user je (Jacob Emcken), and my realm testdomain.com which means I’m connecting with to LDAP with the following user:
je@testdomain.com
1: Operations error
This error can come from to things:
You have used DN instead of DC in you distinct name:
DN=testdomain,DN=com (didn't work for me)
This worked for me:
DC=testdomain,DC=com
You get this if you are trying to search the root of the tree and you haven’t set the following:
ldap_set_option($ldap_connect_resource, LDAP_OPT_REFERRALS, 0);
