Location aware Bind for RedHat 5.3
Previously I wrote about RPMs I built to GeoIP enable Bind using the original patches at http://www.caraytech.com/geodns/.
I have now refreshed this for the latest CentOS 5.3, the details of the patch, install instructions etc has not changed, read the previous article I wrote for the details, the new RPMs are below:
NOTE: When you install these RPMs you won't see a /etc/named.conf being created and a few other odd things, these are bugs that exist in the CentOS provided RPMs, they do the same.
bind-9.3.4-10.P1geodns.el5.i386.rpm
bind-chroot-9.3.4-10.P1geodns.el5.i386.rpm
bind-devel-9.3.4-10.P1geodns.el5.i386.rpm
bind-libbind-devel-9.3.4-10.P1geodns.el5.i386.rpm
bind-libs-9.3.4-10.P1geodns.el5.i386.rpm
bind-utils-9.3.4-10.P1geodns.el5.i386.rpm
bind-sdb-9.3.4-10.P1geodns.el5.i386.rpm
caching-nameserver-9.3.4-10.P1geodns.el5.i386.rpm
bind-9.3.4-10.P1geodns.el5.x86_64.rpm
bind-chroot-9.3.4-10.P1geodns.el5.x86_64.rpm
bind-libbind-devel-9.3.4-10.P1geodns.el5.x86_64.rpm
bind-devel-9.3.4-10.P1geodns.el5.x86_64.rpm
bind-libs-9.3.4-10.P1geodns.el5.x86_64.rpm
bind-sdb-9.3.4-10.P1geodns.el5.x86_64.rpm
bind-utils-9.3.4-10.P1geodns.el5.x86_64.rpm
caching-nameserver-9.3.4-10.P1geodns.el5.x86_64.rpm
RedHat 5.1 tunable kernel ticks per second
For some time the default clock rate on RedHat machines (and probably others) have been 1000HZ, this is great to keep your mouse moving smooth while something big is happening in the background, but not so great for hosting 10 virtual machines on one poor physical machine as it will have to try and satisfy 10000 ticks per second.
I've been using a guest kernel repository by one of the VMWare users that rebuilds the std CentOS/RedHat kernels with HZ=100 and it's been great, chopped massive amounts off my CPU usage on the host.
Now with RedHat 5.1 this is not needed anymore see this post for a bit of a graph on the impact and the background. The short of it is, simply append divider=10 to your guest kernel boot parameters and enjoy a much happier host. I found that time keeping also becomes more predictable in the guest.
RedHat Linux and Java
I am in the process of building a automated RedHat Linux installer which requires me to configure the following on a RedHat Enterprise Machine:
RedHat has stopped providing any kind of Java binaries with their base OS, you have to buy a copy of the RedHat Application Server for $999.
As is often the case in this kind of situation there are other options that does not cost money, the group over at JPackage.Org does a great job of packaging all things Java in generic RPMs that will work on most RPM based distributions.
There are limitations though, jpackage is not allowed to distribute binaries of the non-free code such as the Sun JVM itself but they do provide source RPMs that lets you build this on your own after downloading the source from the Sun website.
I have written up a Wiki entry that details from start to end the process in getting the above working on CentOS. CentOS is of course a binary distribution of RedHat Enterprise Linux, they take the opensource SRPMs as provided by RedHat and removes all RedHat branding from the OS giving you a functional equivalent to RedHat Enterprise without the price tag. I use it on my development systems and so for the moment this guide only applies directly to CentOS though the differences are small.
This may look daunting at first but it really is not, once you've built the binary RPMs of the non-free code it is a breeze to install many machines with these RPMs using only a few commands and 1 config file. So you'll soon reap the benefits especially if you are tasked with configuring a cluster of webservers that should all be on the same patch levels.
You can find the full guide here: Tomcat 5 on RedHat Enterprise Linux using JPackage.org Packages.
Linux ethernet bonding
I purchased a IBM BladeCenter for a number of our systems. It is a compact blade system that puts 14 servers in 7U.
My typical server config is a dual P4 3Ghz, 2Gig RAM, 2 x 40 Gb IDE drives and the machines come with a AMI IDE Raid card. The RAID card is very impressive in that it presents the OS with a single SCSI device, much nicer than the Promise cards etc.
Individual servers have dual gigabit Ethernet cards that goes out the back through dual Layer 7 Nortel switches. Obviously I wanted to bond these for high availability and load sharing
Read on for details on how this was done using RedHat Enterprise
First thing to know is that this stuff is in the kernel and there is a good doc in your kernel source tree under Documentation/networking/bonding.txt this has a lot more detail than I am going to provide here.
A virtual network interface gets created, bond0 in my case, this gets done in /etc/modules.conf
alias bond0 bonding
options bond0 miimon=100 mode=balance-rr
The above creates the bond0 interface and sets some options. It will check the MII state of the card every 100 milliseconds for state change notification. It will also use their round robin balancing policy. More on the various options for these and many more in bonding.txt
RedHat's RC scripts support this bonding configuration without much modification though there aren't any GUI tool to configure it. RedHat network config gets stored in /etc/sysconfig/network-scripts/ifcfg-int
You need to create a config file for the bond0 interface, ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.70.101
NETMASK=255.255.255.0
NETWORK=192.168.70.0
BROADCAST=192.168.70.255
GATEWAY=192.168.70.1
And for each network card that belongs to this group you need to modify the existing files to look more or less like this:
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
MASTER=bond0
SLAVE=yes
Once you created these for each of your ethernet cards you can reboot or restart your networking using service network restart and you should see something like this:
bond0 Link encap:Ethernet HWaddr 00:0D:60:9D:24:68 inet addr:192.168.70.101 Bcast:192.168.70.255 Mask:255.255.255.0 UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:58071 errors:0 dropped:0 overruns:0 frame:0 TX packets:1465 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4315472 (4.1 Mb) TX bytes:120360 (117.5 Kb) eth0 Link encap:Ethernet HWaddr 00:0D:60:9D:24:68 UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:26447 errors:0 dropped:0 overruns:0 frame:0 TX packets:1262 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1992430 (1.9 Mb) TX bytes:95078 (92.8 Kb) Interrupt:16 eth1 Link encap:Ethernet HWaddr 00:0D:60:9D:24:68 UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:31624 errors:0 dropped:0 overruns:0 frame:0 TX packets:203 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2323042 (2.2 Mb) TX bytes:25282 (24.6 Kb) Interrupt:17
You can tcpdump the individual interfaces to confirm that traffic goes shared between them, weirdly though on my machine my tcpdump on eth0 and eth1 does not show incoming traffic just outgoing, dumping bond0 works a charm though.
To test it I just turned the power off to one of my switch modules, the networking dies for a couple of seconds but soon resumes without a problem. I am sure I could tweak the times a bit but for now this is all I need.
No more free RedHat
Today comes the official notice from RedHat that it is pulling out of the Free distribution business and focussing on its Enterprise market.
Their recent allignment with Fedora Linux project will no doubt be the future for the free RedHat in what seems to be a re-branding rather than a huge shift in their business. I have been a RedHat user since pre version 1 and this is a bit of a sad thing for me, but on the other hand I have become rather unimpressed with RedHat since the 6.2 days and later.
I have now installed a little working machine running Debian and am considering moving my single production Linux server to that rather than the current RedHat 7.2 which runs out of support end of December. I am hoping that before then the options from Fedora will become clear and I will be able to make a more educated decision, but for now I am all for Debian, it certainly seems nice and minimal while doing just what you ask it and no more.
RedHat and the Linux Kernel
CNet News.com has a very interesting article on the stance that RedHat and others are taking on the 2.6 Linux Kernel.
The bottom line is that there seems to be some lack of trust in the stability of the kernel at release time and that the big players will rather wait and spend money on backporting features from 2.6 to 2.4 and stick to 2.4 for a while. RedHat also has unfortunate timing with the release of its Enterprise Edition that came out recently and they stick to making yearly releases of that.
I think finally the world has learnt from the burning it took on the 2.4 kernel branch, the file corruption and other bugs that was present in a number of "production" kernels, and is now being more cautious about what it will take and what it will not. This is a very good step one that may bring Linux - in my mind - back to being something you can trust in production. I can only hope that the Linux developers learn from this and treat the stable branch more like a stable branch and less like a play pen.
Experiences in upgrading RedHat and FreeBSD
Today I had to upgrade Exim on my RedHat and my FreeBSD machine.
The experience was hugely different in the two cases and highlights to me again that RPM is from the Devil.
Links
- @ripienaar
- Flashpolicyd
- Flickr
- London DevOps Group
- MCollective Plugins
- R.I.Pienaar
- Ruby PDNS
- The Marionette Collective
- Wiki
Tweets
- Sent a bug report about broken ruby stomp gem in 1.1.4, hopefully this mail does not fall on deaf ears like previous ones :( #activemq
- Damn you apple for inviting me to reserve an iPad when I do not live in the states and so cannot.
- Blog Post: New release of my Puppet Concat tool with 0.24.8+ support http://bit.ly/aA9RYh #puppet
- French village went insane after CIA spiked its bread with LSD http://bit.ly/9r2307
- It's ironic how you cannot send email with google charts api images to gmail users and expect it to work. way to go.
- Google charting API really is very sexy
- High Scalability: Saying Yes to NoSQL; Going Steady with Cassandra at Digg http://bit.ly/9Kli5f
- Caffiene infused. 2am to bed day before delivering the last talk of the day is not recommended
- Once again discovering that something as simple as correct MX and NS records is a very effective CAPTCHA to weed out idiot hosting companies
- I love the E4 ipad ripoff ad http://srt.ly/epad
Reading
Planned books:
- The Science of Fear: How the Culture of Fear Manipulates Your Brain by Daniel Gardner
- Relentless by Dean Koontz
- Mind Over Ship by David Marusek
- The New Space Opera by Gardner Dozois
- The New Space Opera 2 by Gardner Dozois, Jonathan Strahan
Current books:
-
Ariel: A Book of the Change by Steven R. Boyett
Recent books:
- Hacking Vim: A Cookbook to Get the Most Out of the Latest Vim Editor by Kim Schulz
- Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Design by Diomidis Spinellis , Georgios Gousios
Categories
Archives
Licence
