Skip to Content

keepalived setup for application high availability in centos7

Written on March 14, 2017 at 8:08 AM, by

The requirement was to setup a HA application environment. We had two tomcat servers as backend nodes (application hosting servers). An nginx server was put in front of these two servers to give two functinalities: load-balancing and reverse proxy.

Two Nginx servers were setup. One would be acting as a backup node if the primary server fails. This failover mechanism was achieved using keepalived tool.

Keepalived can be installed using yum in centos7. The current version of keepalived provided through centos7 is v1.2.13.

Environment diagram:

 

 

VIP is 192.168.7.22

Master node is 192.168.7.47

Backup node is 192.168.7.44

 

In keepalived we have a master server and backup servers. Backup servers act as a failover point depending on the priority set for them. keepalived uses a protocol called VRRP (virtual Router Redundancy Protocol) to communicate between the master node and the backup nodes. So it is important we make sure VRRP traffic is allowed between the servers in firewalld (to and fro communication should be allowed). The master server at an interval of 1 sec (default value) will multicast packets to the network which is identified by the backup nodes in the same network using a parameter in keepalived.conf called “virtual_router_id”. It is just a unique number (between 0 … 255) that identifies the packets in the network. So make sure this value is kept the same in Master and backup nodes.

We will need to setup a Virtual IP address (VIP) for keepalived to failover to the backup node if the Master fails. This is not something we need to get from the network admin, but we just need to mention a free IP in the keepalived conf and keepalived will start using it as a VIP. Note that we do not need to configure this IP as a new interface in the server, as the linux systems can add multiple IPs to the same ethernet card virtually. You can view the VIP ip getting assigned to the active node automatically whenever a failover happens using the command:

Read more

Watch realtime HTTP requests per second

Written on February 27, 2017 at 5:03 AM, by

watch -n 1 'a="$(date +%d/%b/%Y:%H:%M:$(($(date +%S)-1)))";grep -c "$a" access.log'


reference website : http://dgtool.treitos.com

Learn to Docker (Basic referral commands)

Written on September 29, 2016 at 1:53 AM, by

Install Docker:

curl -fsSL https://get.docker.com/ | sh

Test docker :

docker run hello-world

– The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can access it with sudo. For this reason, docker daemon always runs as the root user.

** Command to get docker info:
docker info

** Search for a package:
docker search ubuntu

** Download an image to local:
docker pull ubuntu

** list all available images in your system:
docker images

** To remove a docker image:
docker rmi ubuntu

When you execute a command against an image you basically obtain a container. After the command that is executing into container ends, the container stops (you get a non-running or exited container). If you run another command into the same image again a new container is created and so on.

** To get container ID:
docker ps -l

Once the container ID has been obtained, you can start the container again with the command that was used to create it, by issuing the following command:

docker start c629b7d70666

*** A more elegant alternative so you don’t have to remember the container ID would be to allocate a unique name for every container you create by using the –name option on command line, as in the following example:

# docker run –name myname  ubuntu cat /etc/debian_version

*** In order to interactively connect into a container shell session, and run commands as you do on any other Linux session, issue the following command:

# docker run -it ubuntu bash

-i => interactive
-t => gives a tty for input and output

*** To detach from a container bash shell hit ctl+p and ctl+q
*** to attach back again use :
# docker attach <container id>

To stop a running container from the host session issue the following command:

# docker kill <container id>

*** Installing ngin inside a docker ubuntu container:

– start the container with the nginx package installed

docker run –name kevin-nginx ubuntu bash -c “apt-get -y install nginx”

**** Commit changes to a docker: Commiting changes to a container will create a new docker image (`docker images`)

docker commit <container ID> <new image tag name to be given>

*** tag a docker image:

docker tag <docker id> <repo_name:tag_name>

*** Running an interactive terminal on an docker image that was created :
docker run -it kevin:nginx bash

docker run -it <repo_name:tag_name> bash

*** Run a command inside an image without entering the image:
docker run kevin:nginx which nginx

docker run <repo_name:tag_name> <command_to_excecute>

*** execute a command with an image by giving the container thus formed with a custom name :
# docker run –name <custum_name> <repo_name:tag_name> <command_to_excecute>

eg: docker run –name test kevin:nginx /etc/init.d/nginx stop

*** We need to map the nginx port running inside a docker container to the host to make it available for access. For that, start the container by mapping the nginx port to an arbitary unused port of the host :
# docker run -it -p <host_port>:<docker_contnr_port> <repo_name:tag_name> /bin/bash

eg: docker run -it -p 81:80 kevin:nginx bash   (nginx will be available from port 81 of your host IP)

 

 

 

References:

Install Docker and Learn Basic Container Manipulation in CentOS and RHEL 7/6 – Part 1

https://docs.docker.com

 

Give network access to a folder in windows

Written on March 8, 2016 at 4:47 AM, by

To give access for network windows service to a folder use the below command :

icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys  /grant “NETWORK SERVICE”:(R)

 

 

Extract cert and key file from java keystore file [.jks]

Written on March 8, 2016 at 4:34 AM, by

In jboss configuration file we are specify ssl certificate and key in the .jks format. In-order to extract cert and key file from the jks file use the below commands:

To extract the .crt:

keytool -export -alias mydomain -file mydomain.der -keystore mycert.jks

.der has to be coverted to .pem :

openssl x509 -inform der -in mydomain.der -out certificate.pem

certificate.pem can be viewed in a text editor to view the certificate.

To extract the key file:

keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12

concert PKCS12 key to unencrypted PEM:

openssl pkcs12 -in keystore.p12  -nodes -nocerts -out mydomain.key

Helpful commands for postfix mail server

Written on November 18, 2015 at 8:38 AM, by

The basic troubleshooting starts with the log : /var/log/maillog

Search for errors there.

Some basic commands which can be used to check some parameters can be:

“mailq” or “postqueue -p” –> list all the emails in the mail queue.

postcat -q <mail queue id of that mail>  –> read the contents of an email in queue.

postsuper -d <mail queue id of that mail>  –> delete a mail in the queue

postsuper -h ALL  –> put the mail queue on hold; it will stop all mail delivery. To remove from hold execute the same command.

postqueue -f  –> to forcefully send all emails in the queue. Flushes the queue.

 

Run a logrotate conf manually

Written on November 17, 2015 at 6:32 AM, by

Run a logrotate conf manually without waiting for the default time to lapse by using command:

 

/usr/sbin/logrotate -f  <path_to_Newlogrotate_conf_file>

Installations in ServeRAID C105

Written on July 8, 2015 at 4:28 AM, by

 

In order to install the legacy OS in the software RAID, you have to set the SAS Controller as the first device in the option ROM execution order and make sure that ServeRAID H1135 is not installed.

ServeRAID C105 is automatically disabled when ServeRAID H1135 is installed.


Setting Option ROM Execution Order.

Use these instructions to set option ROM execution order.

 

To set option ROM execution order, complete the following steps:

 

Turn on the blade server, and make sure that the blade server is the owner of the keyboard, video, and mouse.

Note: Approximately 1 to 3 minutes after the server is connected to ac power, the power-control button becomes active after the power-on LED flashes slowly.

When the prompt <F1 Setup> is displayed, press F1. If you have set an administrator password, you are prompted to type the password.

Under System Settings, select Devices and I/O Ports.

Under Devices and I/O Ports, select Set Option ROM Execution Order.

Change the order list.

When you have finished changing settings, press Esc to exit from the program; select Save to save the settings that you have changed.

 

Single command to get information of all zones from global zone in solaris

Written on May 27, 2015 at 7:15 AM, by

for i in `zoneadm list -vi | egrep -v ‘NAME|global’ | awk {‘print $2’}`; do zonecfg -z $i info| grep address; done;

script to change cpanel password for many users in server

Written on April 2, 2013 at 5:13 AM, by

First get all the users name in a file : users.txt

then touch a file script.sh

chmod 755 script.sh

copy the following code to that file:

 

——————————————————-

#!/bin/bash
for i in `more users.txt`
do
randstring=`tr -dc _#$%^\&*\(\)\=A-Za-z0-9\~\+@! < /dev/urandom | head -c 8`
echo “$i $randstring” >> newpass.txt
/usr/local/cpanel/scripts/realchpass $i $randstring
/scripts/mysqlpasswd $i $randstring
done

————————————————

save the file and run the script :

sh script.sh

When the script completes run, issue the following command:

/scripts/ftpupdate

The new passwords with username will be available in the file : newpass.txt

DONE!