Redeeming creation one byte at a time
Paradigm Shift
Chronicling my latest paradigm shift. This will be a log of the transition of my knowledgebase from IIS to Apache and the detail of switching my work’s site over.
rsync part 2 – eloquent!
12152 days
Some additional notes about specifically setting up rsync.
http://overtone.org/articles/rsync.php is a simple, wonderfully written article on how to setup a basic rsync setup on your host to mirror out a website to different boxes. Granted, this is a bit chatty and time consuming to do (I could imagine how it would be with a larger site), but for the size of the site I’m doing and the importance of the data, I’m pretty pleased with the results.
The end result is I now have a privately addressed ‘staging server’ that will have samba enabled and users will map to shares with. The content rsyncs itself out to my mirrors via a static route to the private address of the mirror (I haven’t done static routes before and it was cool and fairly easy to set that up); because I set up a DMZ (which was really easy to do in SUSE), the private has a whole ton of ports open and the public end only has two (I’ll let you guess which two those are 
).
One small edit since I was redoing the server today and I’d forgotten how to make those edits. For you GUI ppl, it’s under YAST, network devices and properties for the network card. You basically need to setup a connection on both ends of the link in order to make routing work. On the server, the link looks like this:
IP: Management console or staging server
GW: private address gateway
SM: 255.255.255.255
Pick the private NIC for the interface.
The on the client:
IP: Server IP Address
GW: default gateway
SM: 255.255.255.255
I’m finding that the further I get into this setup I’m *choke* loving Linux a ton more. Everything has a hosts allow option on it which means that I can control who specifically gets access to what in the setup. In a situation like this where security is a concern those options are proving to be their weight in Gold. I also get a measure of failover if the staging server goes down, it’s a few minutes of reconfiguration and I can turn a mirror into the staging server and have it be mappable.
Too….much….fun.
–pete
rsync and the search for a perfect distro (part 1)
02155 days
This post was originally going to be just about rsync and it was going to be a week or so ago.
After piecing together rsync and getting it operational, I found a couple of problems. In the course of getting SUSE 10.0 up and operational, I discovered that the machine got compromised through a ssh hole that wasn’t patched. Sucks to be me. I then tweaked the model a little bit to setup a DMZ for the site. Each of my mirrors is going to have a public interface only having port 80 and 445 open and a private interface that is only open to the private network (with the variety of ports open).
This involved setting up two interfaces/gateways/subnet masks and configuring the firewall to attach to the appropriate interface. The only problem was that SUSE does not allow more than one default gateway; the end result is that I could only open either the public interface or the private interface and couldn’t open both.
My first idea was to look for a different distro for the mirrors, one specifically that could support two default gateways (similar to what I have setup in Server 2003). After looking at Ubuntu, great distro for a desktop – sucky server, and FreeBSD, what the heck is this crap?, I ended up finding out that the paid version of SUSE did this. I downloaded the evaulation copy of SUSE that ended up not doing this in 10.0. I was dedjected, but I had an epiphany when I realized that I could use this situation to my advantage. What I ended up doing was setting up a static route between the mirror and the staging server sitting in the private network and viola, I have connectivity for rsync and connectivity for the web on the other end.
After doing some initial research, rsync works really well and does what it does incredibly efficently. More on this when I can get to my bookmarks list @ work.
Paradigm Shift: setting up a server from scratch
02176 days
Well, the PE 1425SC came in a couple of days ago and I got it set up and plugged into the rack.
I’m one for asthetics, and this server is super cool looking when it’s plugged in. Dell boxes have this status indicator on the front to let you know the health of the box at a glance and usually these are blue if they are plugged in and happy and a bright orange if they are not. Well, the blue light on this box is incredibly bright and small and it reminds me of HAL in 2001. So, now if you walk into the server room there is the 1425 at the top of the rack is the bright blue eye that beckons you to enter.
Well, today’s project was getting the OS installed and getting samba/AD authentication up and rolling as well.
The OS:
It was incredibly easy. For this box, I downloaded SUSE OSS 10.0 64 bit edition and it screams once it’s running. There were two small issues. First, is that I set up a hardware array of RAID 1 before installing an OS and when it came to partitioning, the system still allowed me to utilize the second 250GB drive. After working with it for a little while, I just assumed that creating the partition on the first drive would do the job. Once I get the server how I want it, I may do some testing to make sure that assumption was correct. The second weird aspect to the install was that my 4 network interfaces (long story…) were duplicated in the available NIC connections. When I picked a interface to plug into, I had basically a 1 in 8 chance of getting it right (realistically a 1 in 4 because two of the nics were different chipsets than the other two).
There were a couple of things I verified I wanted in the install as well: Apache (of course), rsync, mysql, PHP, samba, and windbind. For now, I just verified that the os was installing those and I am going with the built in copies of each of those pieces of software. The better choice may be to install them from scratch, but getting going, I’m going with the version that I can figure out the best within the framework of the OS; as I get better, I can tweak it as necessary.
Samba,AD authentication:
Again, fairly easy. It suprises me how well things get rolling in this setup when you have a basic knowledge and a little patience. There are some steps that you need to follow, however. There were two main websites that I used to get this rolling. First, you have to get kerberos up and rolling and a really great article at http://www.windowsnetworking.com/articles_tutorials/Authenticating-Linux-Active-Directory.html
shows how to do that. You may want to note that as you put in the domain name, you type it in all caps; it seems to not work if it is lower case; do the tests that the article mentions. The only real problem is that you’re tied to one specific domain controller (we have 5 available, but if one goes down…well…) for kerberos authentication.
From my understanding, rather than monkeying with all the different pam authentications, I followed the directions at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 which turned out to be stellar as well. Once I got that up and rolling, I can and have created shares though smb.conf (it’s a bit to specific to talk about here and there’s mounds of documentation on it) and in the allow list I can type domainname\usergroup and it works.
The next step will be rsync.
EDIT: One file I forgot (and forgot to mention) is /etc/nsswitch.conf which tells the system where to get authentication information from. You need to add winbind to it – the relevant part of the file for this project is:
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files nis
aliases: files
One final thought on paradigm shifts.
02195 days
by Pete
in Paradigm Shift
For those of you this bores to tears or you just don’t care about it, I’ve included a separate catagory under ‘tech’ for these notes. Either you can filter them out, or just not look if you see posts in that catagory.
Part of my ethos, I believe, as a Christian geek is to do my job well. My desire with this particular project is do it detailed…there’s going to be a lot to it and I want to make sure I know what I’m talking about.
Welcome to the shift
22195 days
by Pete
in Paradigm Shift
Hi all -
I’ve been a professional now for about a decade and some change (4 weeks to be exact) and in that time there have been moments of my career that have been, by definition, paradigm shifts; these have been moments of transition where a body of knowledge that I’d gained is now no longer needed and a new phase is beginning.
This particular one I’d like to chronicle, if you will, in this format for a couple of reasons. First, I think it’s useful information and contexts like this have helped me figure some things out from time to time as I’ve hit google looking for answers. Secondly, for my own benefit I can provide some internal documentation for myself as to how I reproduce what I’ve been building.
The project that I’m about to start is taking our web presence from IIS 6.0 (which I have loved dearly) to Apache. Like any long term relationship that ends, there are a couple of reasons for doing this.
First, my experience with Open Source Software (OSS) has been stellar. The applications that we’ve used it for have been ones that have been robust and ‘set and forget’ type setups. One particular one that I’m fond of is using CUPS (Common Unix Printing System) to serve out a dozen or so printers that I’ve set up on timers for our classroom labs. Students come in, and at the start of each class a crontab on the server issues a command for the printer to start its queue and accept jobs and at the stop of the scheduled class the printer turns off the queue automatically. It’s saved us a ton on printing costs and it’s been a nice service to students who need to use printing for class.
My second reason for switching right now really has to do with scaling an application. I’ve been really challenging myself to start thinking in terms of services for our LAN instead of servers and it’s been fun to start building out horizontally. We’ve clustered our main data presence and provided a couple of layers of backup for it. I’d like to do the same with our web presence. The model we have currently with IIS 6 I feel doesn’t allow me to do that without some significant hardware purchases.
With that said, I’ve already been setting up some tests with different pieces of the model and I’ll be reviewing those as time goes on. For now, here’s my model:
Machines
Four seperate boxes will be involved in this setup. Two of the three main servers will be a Dell PowerEdge SC 1425 with the following specs:
Dual 3.2 Ghz Intel Xeon processors
2GB of RAM
2 250GB 7200 RPM SATA drives in a RAID 1 configuration
I’ll have an existing PowerEdge 2650 (the link is to a 2850) which has been consistently my favorite server of choice for a few years running. This particular box is:
Dual 2.8Ghz Xeon processors
3GB of RAM
146GB of storage in a RAID5 array
Software
After looking at a few distros out there, I’m choosing the 64bit version of SUSE OSS. There is just something to having a professional corporation throw its resources behind a distro; they have a bit more of an idea how to put together a GUI and even for a geek, how to put tools out there.
The Model
Basically it boils down to this. I’m privately addressing a box that I’ve yet to determine and I’m going to setup Samba, Winbind, and apache on it. I’m then going to rsync out my data to the other three severs, two of which will be located in our datacenter and a third to be located elsewhere.
Why I think this is a compellling read for you is that I’m juding myself a relative apache novice. I understand it, I appreciate it, and these next few months I’d like to move my knowledge over to it from IIS. There’s a fairly complicated IIS setup that we run that each piece of the puzzle will need to have an apache counterpart. For my own sanity and keeping track of things, this is where this blog will come into play. Hope you enjoy the ride…