Archive for the ‘Sysadmin’ Category

Oracle VM Manager on CentOS 5 i386 Install Notes

Saturday, November 17th, 2007

So everybody knows by now that Oracle just jumped into the virtualization fray with their new Oracle VM product. If you’ve been under a rock, go to the oracle website to check it out. Given that I’m cheap and currently using VMWare’s free offering, I jumped at the chance to check out a supposedly ‘enterprise ready’ Xen implementation for free. The 1/3 the overhead claim is just gravy!

Anyway, as cool as Oracle Enterprise (Unbreakable?!) Linux may be, I’m running CentOS and am perfectly happy with it. Oracle VM wants a dedicated machine for the management station, which I can arrange for with a little tweaking. However, I build most of my machines up from ‘minimal’ installs. I read in the Oracle documentation that I would need libaio installed to make things go, which I did without any trouble.

However, I also needed to install the ‘bc’ package in order for the install script to work. I had to install the oracle XE .rpm by hand in order to figure this out. Note to Oracle. Get with the program and put a dependency on the ‘bc’ package! You’ll also need to install vixie-cron if you built up from minimum, as Oracle VM expects to be able to install a cron.d script.

In addition, it wasn’t entirely obvious from the documentation that’ll need a jdk installed. Well, you will. I’m using jdk-6u2-linux-i586.rpm, you can likely download it from java.sun.com.

Next, while the installer does tell you that the oc4jadmin default password is ‘oracle’, when I was asked for it I kept trying to use the passwords I’d already provided for all the other services. This didn’t work well, so bear in mind you’ll need to supply the ‘oracle’ default password at that state.

So, to recap:


yum install libaio vixie-cron bc
rpm -Uvh jdk-6u2-linux-i586.rpm
sh ./runInstaller.sh


Follow the prompts, remembering to supply 'oracle' as the oc4jadmin password.

Maybe this will save somebody the couple hours of messing around I wasted trying to get this to run! It does appear as if the install has completed, and I’m able to see the console, so look forward to an actual report soon.

Posted in Computing, Sysadmin | No Comments »

Authenticating CentOS 4 against Win2k3 R2 Active Directory

Wednesday, July 18th, 2007

Prescript: I wrote this over a month ago and still haven’t found an authoring plugin I like so it still looks terrible. See my next post and give me ideas or just call me lazy, thanks!

Based on http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/

First, install windows 2003 R2 and install the identity management for unix option. Open control panel, select add remove programs, click add/remove windows components. It will grind a while and give you a list of possible services. You’ll need to expand ‘Active Directory Services’ and check the ‘Identify Management for Unix’ service. You will need to be in the schema admins group to do this.

In order to test, you’ll want go to the ‘Unix Attributes’ tab on a user and activate them as a unix user. You’ll need to pick a NIS domain (you’ll probably only have one if you haven’t done this before) and add a unix ID and home directory. Typically the default values will be fine to get you started.

Now, log into your unix machine. Make sure it can resolve the dns name of your active directory server(s).

Run authconfig.

Check [] Use LDAP
Check [] Use LDAP Authentication
Check [] Use Kerberos
Check [] Local authorization is sufficient

You can check [] Cache Information if you want. I wouldn’t until you know things work, as nscd can get out of sync with server and cause confusion.

Select [ Next ]

Enter your AD server dns name in the server. For example, adserver.corp.example.com
Enter your AD base DN in the Base DN field. For example, dc=corp,dc=example,dc=com

Select [ Next ]

Enter your local dns name, in ALL CAPS in the realm field. For example, corp.example.com.
Enter your server name:88 in the KDC field. For example adserver.corp.example.com:88
Enter your server name:749 in the admin server field. For example adserver.corp.example.com:749
Check [] Use DNS to resolve hosts to realms
Check [] Use DNS to locate KDCs for realms

Select [ Finish ]

Now a lot of things are set up, but of course we’re not quite done. We’ll need to add lines to /etc/ldap.conf in order to allow us to query ldap. Ideally, you’ll have created an account specifically for this purpose (Domain Users group seems to work). I use linux_auth but it truly doesn’t matter.

echo “binddn linux_auth@corp.example.com” >> /etc/ldap.conf
echo “bindpw secret” >> /etc/ldap.conf

you will also need to uncomment or add the RFC2307 AD mappings from the /etc/ldap.conf file. You can also just run this:

cat >> /etc/ldap.conf < <-ENDDOC
# RFC 2307 (AD) mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
ENDDOC

Test your config exactly like Scott’s directions say. Using your regular user account for the test should be fine. If you get the error kinit(5): KDC reply did not match expectations while getting initial credentials, it’s because you didn’t log in using the kerberos realm, which is in ALL CAPS! Scott’s directions aren’t real explicit about this and I spent a while figuring it out. Maybe you won’t have to.

kinit user@CORP.EXAMPLE.COM

It will ask for your password and should just return blank if it was successful. You can then use klist to check and see if you got a TGT.

getent passwd user

You’ll see something like this:

user:x:10000:10000:User:/home/user:/bin/sh

Now we’re almost done. We just need to use samba to join the computer to the domain. you’ll need the following in your smb.conf

  workgroup = CORP
  security = ads
  realm = corp.example.com
  use kerberos keytab = true
  password server = adserver.corp.example.com

Then you need to destroy any old kerberos tickets

kdestroy

Then authorize kerberos with a domain admin account to join active directory

kinit Administrator@CORP.EXAMPLE.COM

Then finally join the domain

net ads join

That will grind for a little while and you’ll be all set. You should get something like this:

[root@vpc-dev0 ~]# net ads join
Using short domain name — CORP
Joined ‘VPC-DEV0′ to realm ‘CORP.EXAMPLE.COM’

Finally, you’ll need to get everybody home directories. I always use autofs, something like this:

echo /home /etc/auto.home >> /etc/auto.master
echo *       -rw,bg,intr,hard,rsize=32768,wsize=32768,tcp,vers=3       nfsserver:/vol/work/users_unix/& >> /etc/auto.home
chkconfig autofs on
service autofs start

So now the final test… try to log in with ssh!

Posted in Computing, Sysadmin | No Comments »

Solaris BrandZ Zones

Thursday, October 12th, 2006

Sun has really been pushing innovation with Solaris recently, and since it’s now freely available and open sourced, what better time to give it a test drive? With the Solaris Express Nevada 49 release (get it from http://www.opensolaris.org/os/downloads/on/ and click the CD Version or DVD Version links under step 3b) Sun has officially included their BrandZ extension to Solaris containers. BrandZ allows containers to be ‘Branded’, the upshot of it is that you can run an entire system under a lxrun-like technology.

Currently they fully support running CentOS 3 in a zone, which conveniently enough is what all our production services still run on. See http://www.opensolaris.org/os/community/brandz/install/ for the official howto guide. Here’s how to I set up a CentOS 3 development system for testing on my SNV49 machine:


#zonecfg -z centos3-dev-2

centos3-dev-2: No such zone configured
Use 'create' to begin configuring a new zone.

zonecfg:centos3-dev-2> create -t SUNWlx
zonecfg:centos3-dev-2> set zonepath=/tank/centos3-dev-2
zonecfg:centos3-dev-2> add net
zonecfg:centos3-dev-2:net> set address=192.168.2.31/24
zonecfg:centos3-dev-2:net> set physical=e1000g0
zonecfg:centos3-dev-2:net> end
zonecfg:centos3-dev-2> commit
zonecfg:centos3-dev-2> exit



#zoneadm -z centos3-dev-2 install -d /tank/public/centos_fs_image.tar.bz2


cannot create ZFS dataset tank/centos3-dev-2: dataset already exists
Installing zone 'centos3-dev-2' at root directory '/tank/centos3-dev-2'
from archive '/tank/public/centos_fs_image.tar.bz2'

This process may take several minutes.

Posted in Sysadmin | No Comments »

Disk Benchmarks, Round 1

Tuesday, October 10th, 2006

In the process of trying to figure out my VM performance problems, I’ve been doing a lot of filesystem benchmarking. Unfortunately, there isn’t a lot of consistency between platforms or machine classes as to benchmarking methodology, so I’ve had some trouble generating comparable numbers. However, I’ve gotten the solaris filebench suite running on linux, and bonnie++ running on solaris, so I can now generate comparable numbers across both platforms.

One of my primary interests is the throughput I can get out of the 3ware 7506 raid controller in my unix nas box, both in order to optimize it and in order to compare to other solutions and determine if they will actually be an upgrade or not. In the process, I’ve been benchmarking an older Dell Precision Workstation 420. It has 4 wd1200jb drives plugged into its onboard IDE boards (yes, they are sharing ide channels), and is currently running opensolaris nv47. I played around with a few different ZFS configurations, but eventually settled on raidz, leaving me with 360G usable disk space. Here’s some of the numbers I got:

Filebench Benchmarks

Webserver IO Summary: 848559 ops 16865.4 ops/s, (5440/544 r/w)  91.8mb/s,    249us cpu/op,   0.3ms latency
Varmail IO Summary: 96110 ops 1913.1 ops/s, (294/295 r/w)   9.6mb/s,    618us cpu/op,  26.1ms latency
Fileserver IO Summary: 8000 ops 3964.1 ops/s, (497/493 r/w)  72.8mb/s,   1130us cpu/op,   0.9ms latency

Here are some benchmarks from my production file server, at a low load time but nonetheless serving vmdk images for 8 virtual machines. It is a 2x P4 Xeon 2.4ghz ,3GB RAM, 3ware 7506 controller with raid5 x 5 + 1 hotswap WD1200JB PATA disks.

Varmail IO Summary: 87754 ops 1454.5 ops/s, (224/224 r/w)   7.3mb/s,    142us cpu/op,  35.5ms latency
Webserver  IO Summary: 20312 ops 20208.2 ops/s, (6499/660 r/w) 108.4mb/s,    215us cpu/op,   0.7ms latency
Fileserver IO Summary: 7997 ops 1587.9 ops/s, (202/196 r/w)  29.8mb/s,   1122us cpu/op,  37.8ms latency

Posted in Sysadmin | No Comments »