To all those who needs uninterrupted webservice here is an article that describes basic settings of how it can be done using linux servers.

For this purpose we can use any Red-Hat distribution and another utility called Heartbeat.

The heartbeat service provides the basic functions required for the HA system. In a cluster environment, a high availability (HA) system is responsible for starting and stopping services, mounting and dismounting resources, monitoring the system availability in the cluster environment, and handling the ownership of the virtual IP address that’s shared between cluster nodes.

The most common cluster configuration is called standby configuration, as described here. In the standby cluster configuration, one node performs all the work while the other node is idle. Heartbeat monitors health of particular service(s) usually through a separate Ethernet interface used only for HA purposes using special ping. If a node fails for some reason, heartbeat transfers all the HA components to the healthy node. When the node recovers, it can resume its former status.

Installing and Configuring

First of all install heartbeat in a centos machine.

yum install -y heartbeat

To test High Availability Linux, you need a second Ethernet adapter devote to heartbeat on each nodes. Install the Apache Web server and the heartbeat program on both nodes.

The configuration files for heartbeat are not in place when the software is installed. You need to copy them from the documentation folder to the /etc/ha.d/ folder:

cp /usr/share/doc/heartbeat*/ha.cf /etc/ha.d/

cp /usr/share/doc/heartbeat*/haresources /etc/ha.d/

cp /usr/share/doc/heartbeat*/authkeys /etc/ha.d/

Imagine you have two servers in a famous Datacenter and owns few public IP’s. In the /etc/hosts file you must add hostnames and IP addresses to let the two nodes see each other. In my case it looks like this:

201.200.100.1 node1.sparksupport.com    node1

201.200.100.2 node2.sparksupport.com    node2

127.0.0.1   localhost.localdomain     localhost

The two nodes will have same gateway IP and that will be set by Datacenter. For our example let node1 be primary and node2 backup or secondary. The primary will run an extra IP address (assigned using IP aliasing) and with that IP you will have to configure your webserver. Now configure these IP’s on eth0 and eth1 can be configured with private IP address for the use of hearbeat. The node1 and node2 should be connected using a crossover cable across these second Ethernet Card eth1.
Now ifconfig on node1 should provide following results.

eth0      inet addr:201.200.100.1  Bcast:201.200.100.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:18617 errors:0 dropped:0 overruns:0 frame:0

          TX packets:14682 errors:0 dropped:0 overruns:0 carrier:0

          collisions:3 txqueuelen:100

          Interrupt:10 Base address:0x6800

eth0:0    Link encap:Ethernet  HWaddr 00:60:97:9C:52:28

          inet addr:201.200.100.5  Bcast:201.200.100.255 Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          Interrupt:10 Base address:0x6800

eth1      Link encap:Ethernet  HWaddr 00:60:08:26:B2:A4

          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:15673 errors:0 dropped:0 overruns:0 frame:0

          TX packets:17550 errors:0 dropped:0 overruns:0 carrier:0

          collisions:2 txqueuelen:100

          Interrupt:10 Base address:0x6700

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:3924  Metric:1

          RX packets:38 errors:0 dropped:0 overruns:0 frame:0

          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

And ifconfig on node2 should provide the following results.

eth0      inet addr:201.200.100.2  Bcast:201.200.100.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:18617 errors:0 dropped:0 overruns:0 frame:0

          TX packets:14682 errors:0 dropped:0 overruns:0 carrier:0

          collisions:3 txqueuelen:100

          Interrupt:10 Base address:0x6800

eth1      Link encap:Ethernet  HWaddr 00:60:08:26:B2:A4

          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:15673 errors:0 dropped:0 overruns:0 frame:0

          TX packets:17550 errors:0 dropped:0 overruns:0 carrier:0

          collisions:2 txqueuelen:100

          Interrupt:10 Base address:0x6700

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:3924  Metric:1

          RX packets:38 errors:0 dropped:0 overruns:0 frame:0

          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

We will have to edit three more files and these files should be exactly the same in both nodes.

/etc/ha.d/ha.cf

/etc/ha.d/haresources

/etc/ha.d/authkeys

Next, modify the configuration file /etc/ha.d/ha.cf. Edit the following entries in order to get heartbeat to work:

logfile /var/log/ha-log         #where to log everything from heartbeat

logfacility     local0          #Facility to use for syslog/logger

keepalive 2                     # the time between the heartbeats

deadtime 30                     #how long until the host is declared dead

warntime 10                     #how long before issuing "late heartbeat" warning

initdead 120                    # Very first dead time (initdead)

udpport 694                     #udp port for the bcast/ucast communication

bcast   eth1                    #on what interface to broadcast

ucast eth1 192.168.1.1          #this is a 2-node cluster, so no need to use multicast here

auto_failback on                #we want the resources to automatically fail back to its primary node

node  node1.sparksupport.com    #the name of the first node

node  node2.sparksupport.com    #the name of the second node

The ucast in node2 should be ucast eth1 192.168.1.2

The next file is /etc/ha.d/haresources with the following entry

node1.sparksupport.com 201.200.100.5 httpd

The last heartbeat-related file is /etc/ha.d/authkeys with the entry.

auth 1

1 crc

The file should be readable only by root user for security reasons

chmod 600 /etc/ha.d/authkeys 

Now configure httpd.conf with the public IP address.

Listen 201.200.100.5:

DocumentRoot "/home/spark/www"

It’s important for the Apache service to not start automatically at boot time, since heartbeat will start and stop the service as needed. Disable the automatic start with the command (on a Red Hat-based system):

chkconfig httpd remove

Make sure you have the same Apache configuration on both nodes.

Testing Fail-over cluster

At this point we’re done with configuration. Now it’s time to start the newly created cluster. Start the heartbeat service on both nodes:

/etc/init.d/heartbeat start

Watch the /var/log/ha-log on both nodes. If everything is configured correctly, you should see something like this in your log files:

Configuration validated. Starting heartbeat 1.2.3.cvs.20050927

heartbeat: version 1.2.3.cvs.20050927

Link node1.sparksupport.com:eth1 up.

Link node2.sparksupport.com:eth1 up.

Status update for node node2.sparksupport.com: status active

Local status now set to: 'active'

remote resource transition completed.

Local Resource acquisition completed. (none)

node2.example.com wants to go standby [foreign]

acquire local HA resources (standby).

local HA resource acquisition completed (standby).

Standby resource acquisition done [foreign].

Initial resource acquisition complete (auto_failback)

remote resource transition completed.

Now test the failover. Reboot the master server. The slave should take over the Apache service. If everything works well, you should see something like this:

Received shutdown notice from 'node1.sparksupport.com'.

Resources being acquired from node1.sparksupport.com.

acquire local HA resources (standby).

local HA resource acquisition completed (standby).

Standby resource acquisition done [foreign].

Running /etc/ha.d/rc.d/status status

Taking over resource group 201.200.100.5

Acquiring resource group: node1.sparksupport.com 201.200.100.5 httpd

mach_down takeover complete for node node1.sparksupport.com

node node1.sparksupport.com: is dead

Dead node node1.sparksupport.com gave up resources.

Link node1.sparksupport.com:eth1 dead.

And when the master comes back online again, he should take over the Apache service:

Heartbeat restart on node node1.sparksupport.comheartbeat

Link node1.sparksupport.com:eth1 up.

node2.sparksupport.com wants to go standby [foreign]

standby: node1.sparksupport.com can take our foreign resources

give up foreign HA resources (standby).

Releasing resource group: node1.sparksupport.com 201.200.100.5 httpd

Local standby process completed [foreign].

remote resource transition completed.

Other node completed standby takeover of foreign resources.

Conclusion

This is a basic setup you can increase the number of services. You should sync the data in primary and secondary nodes.

Shijil T S Articles, linux linux clustering, linux failover cluster

This article will guide you through the installation of Ruby on Rails in a linux machine. As you are aware Ruby on Rails made a splash with its simplicity and ease of use for devoloping web applications.

What is Ruby?

Ruby is a pure object-oriented programming language with a super clean syntax that makes programming elegant and fun. Ruby successfully combines Smalltalk’s conceptual elegance, Python’s ease of use and learning, and Perl’s pragmatism. Ruby originated in Japan in the early 1990s, and has started to become popular worldwide in the past few years as more English language books and documentation have become available.

What is Rails?

Rails is an open source Ruby framework for developing database-backed web applications. Rails is designed from the ground up to create dynamic Web sites that use a relational database backend. It adds key words to the Ruby programming language that make Web applications easier to configure. In addition, it’s designed to automatically generate a complete, if somewhat crude, Web application from an existing database schema. The latter is both Ruby’s greatest strength and its Achilles’ heel. Rails makes assumptions about database schema naming conventions that, if followed, make generating a basic Web site a matter of executing single command.

Installing the Software on CentOS

1. Install Ruby

Need to install the testing repository so add a file named “testing” to the directory /etc/yum.repos.d/ That will allow you to rock ruby 1.8.4.

# packages in testing

[testing]

name=CentOS-$releasever - Testing

baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/

gpgcheck=1

enabled=1

gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing

Now you can use yum to install ruby
yum update

yum install ruby ruby-devel ruby-libs irb rdoc

2. Install Gem

cd /usr/local/src

wget http://rubyforge.org/frs/download.php/5207/rubygems-0.8.11.tgz

tar -xvzf rubygems-0.8.11.tgz

cd rubygems-0.8.11

ruby setup.rb

cd ..

3. Install fast-cgi

cd /usr/local/src

wget http://www.fastcgi.com/dist/fcgi-2.4.0.tar.gz

tar xzvf fcgi-2.4.0.tar.gz

cd fcgi-2.4.0

./configure

make

make install

cd ..

4. Install fast-cgi Bindings

cd /usr/local/src

wget http://sugi.nemui.org/pub/ruby/fcgi/ruby-fcgi-0.8.6.tar.gz

tar zxvf ruby-fcgi-0.8.6.tar.gz

cd ruby-fcgi-0.8.6

ruby install.rb config

ruby install.rb setup

ruby install.rb install

cd ..

5. Install Rails

gem install rails –include-dependencies

Ruby and Rails on Red Hat Enterprise Linux

Make sure you have installed zlib-devel installed otherwise Gem will fail.
up2date zlib-devel

First you need to install ruby installed using rpm’s from the machine.
To determine which all rpm’s installed

rpm -qa | egrep '(ruby)|(irb)'

To uninstall the installed ruby rpm’s

rpm -e ruby-docs-1.8.1-7.EL4.2 \

ruby-1.8.1-7.EL4.2 \

irb-1.8.1-7.EL4.2 \

ruby-libs-1.8.1-7.EL4.2 \

ruby-mode-1.8.1-7.EL4.2 \

ruby-tcltk-1.8.1-7.EL4.2 \

ruby-devel-1.8.1-7.EL4.2

Install Ruby from source

wget ftp://ftp.ruby-lang.org/pub/ruby/stable/ruby-1.8.4.tar.gz

tar xvzf ruby-1.8.4.tar.gz

cd ruby-1.8.4

./configure --prefix=/usr

make

make install

Install Ruby Gems

wget http://rubyforge.org/frs/download.php/5207/rubygems-0.8.11.tgz

tar xvzf rubygems-0.8.11.tgz

cd rubygems-0.8.11

ruby setup.rb

Install Rails

cd

gem update

gem update --system

rm `gem env gempath`/source_cache

rm -f ~/.gem/source_cache

gem update

gem install rails --include-dependencies

Now configuring mod_fastcgi Apache (1.3) config file httpd.conf

1. Install mod_fcgi module

curl -O http://fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz

or

wget http://fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz

tar xvfz mod_fastcgi-2.4.2.tar.gz

cd mod_fastcgi-2.4.2

/usr/local/apache/bin/apxs -cia mod_fastcgi.c

2. Configuring httpd.conf

LoadModule fastcgi_module modules/mod_fastcgi.so

AddHandler fastcgi-script .fcgi .fcg .fpl

service httpd restart

3. Edit the .htaccess file

change /dispatch.cgi to /dispatch.fcgi

4. This server has been upgraded to MySQL 4.1

The default Ruby mysql driver will not connect because it is running in old_password compatibility mode (otherwise Ensim cannot connect). In order to fix it we need to reinstall the mysql-ruby client

wget http://www.tmtm.org/en/mysql/ruby/mysql-ruby-2.5.tar.gz

tar vxzf mysql-ruby-2.5.tar.gz

cd mysql-ruby-2.5

ruby extconf.rb --with-mysql-config=/usr/bin/mysql_config

5. Edit your .htaccess with following entries

#Set to development, test, or production

DefaultInitEnv RAILS_ENV production

 Options Indexes ExecCGI FollowSymLinks

RewriteEngine On

RewriteRule ^$ index.html [QSA]

RewriteRule ^([^.]+)$ $1.html [QSA]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]

Shijil T S Articles, general, linux howto install ruby, ruby installation steps

Now I am going introduce you to a set of commands that may come handy

FIND

find -perm 777 -type d -exec chmod 755 {} \;   #Command to change all the folders under present directory with 777 to 755

find -perm 755 -type f -exec chmod 644 {} \;   #Command to change all the folders under present directory with 755 to 644

find -type d -maxdepth 3 -exec cp file {} \;   #Copy file to 3 levels of directories below the present directory

find . -name "*.trn" -ctime +3 -exec rm -f {} \;  #Forcible remove files with .trn extension and 3 days old.

find . -cmin -5   #Find all files created or updated in the last five minutes:

(Great for finding effects of make install)

LS

ls -lSh        #List files by their size

ls -ltr        #List files by date

ls -F          #Appends a symbol after files and directories

RSYNC

rsync -e ssh -az /currentdirectory IP:/remotedirectory  #Sync remote directory with our current directory.

rsync --bwlimit=1000 fromfile tofile                    #Locally copy with rate limit

GPG

gpg -c file                                             #Encrypt file

gpg file.gpg                                            #Decrypt file

DF

du -h --max-depth 1             #Show disk space used by all the files and directories.

du -s * | sort -k1,1rn | head   #Show top disk users in current directory.

df -h                           #Show free disk space

df -i                           #Show free inodes

Add system swap space for virtual memory paging

Swap space may be a swap partition, a swap file or a combination of the two. One should size swap space to be at least twice the size of the computer’s RAM. (but less than 2GB)

dd if=/dev/zero of=/swapfile bs=1024 count=265032 - #Create file filled with zeros of size 256Mb

mkswap /swapfile                                    #Create swap file

swapon /swapfile                                    #Begin use of given swap file.

Assign a priority with the “-p” flag.

swapon -s                                           #List swap files

scat /proc/swaps                                    #Same as above

This example refers to a swap file. One may also use a swap partition.
Make entry to /etc/fstab to permanently use swap file or partition.

/swapfile               swap                    swap    defaults        0 0

Note: To remove the use of swap space, use the command swapoff. If using a swap partition, the partition must be unmounted.

Debugging Tools

strace -c ls >/dev/null                 #Summarise/profile system calls made by command

strace -f -e open ls>/dev/null         #List system calls made by
command

ltrace -f -e getenv ls >/dev/null       #List library calls made by command

lsof -p $$                              #List paths that process id has open

lsof -p PID                             #List paths PID has open

lsof ~                                  #List processes that have specified path open

last reboot                             #Indicates last reboot time

renice +15 PID #To give lower priority for a PID -19 is highest and +20 is lowest

To check number of IP’s connecting to port 80

netstat -tanpu |grep :80 |awk {'print $5'} |cut -d: -f1 |sort -n |uniq -c

tcpdump not port 22                     #To show network traffic except on port 22

Perl Administration

Installation of perl module can be done from tar file.

tar xzf yourmodule.tar.gz               #Untar Module

perl Makefile.PL                        #Build with PERL makefile:

make

make install                            #Install

You can also do this from cpan shell

perl -MCPAN -e shell                    #First time through it will ask questions Answer "no" to the first question for

autoconfigure

cpan> install URI

cpan> i /PerlMagick/                    #Inquire about module. (Search by keyword)

Distribution    J/JC/JCRISTY/PerlMagick-5.36.tar.gz

Module          Image::Magick   (J/JC/JCRISTY/PerlMagick-5.36.tar.gz)

cpan> install Image::Magick

cpan>force install Image::Magick       #Install a module forcefully.

YUM :RPM Updater

YUM (Yellowdog Updater, Modified) is a client command line application for updating an RPM based system from an internet repository (YUM “yum-arch” server) accessible by URL (http://xxx, ftp://yyy or even file://zzz local or NFS)

yum -y install package-name            #To install a package along with its dependencies

yum remove package-name                 #To remove package

yum list                                #To list available packages version and state

yum list extras                         #To list packages not available in repositories but listed in config file

yum list obsoletes                      #To list packages which are obsoleted by repositories

yum clean all                           #To list packages which are obsoleted by packages in yum repository

yum update                              #Update all packages on your system

yum update package-name                 #Update a package

yum update package-name-prefix\*        #Update all with same prefix

You can add new repos in /etc/yum.repos.d with files named file.repo For the option “gpgcheck=1″ to work, use the “rpm –import GPG-KEY

rpm --import /usr/share/rhn/RPM-GPG-KEY

rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora

File: /etc/yum.repos.d/fedora.repo with following entry

[base]

name=Fedora Core $releasever - $basearch - Base

#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/

mirrorlist=http://fedora.redhat.com/download/mirrors/fedora-core-$releasever

enabled=1

gpgcheck=1

Additional Commands

tzselect                                #To change time zone of the machine

command 2>&1 | tee outputfile.txt       #Output of a command is send to a text file

wget --mirror http://www.example.com    #To mirror a site

wget -c http://www.example.com/largefile #To continue downloading partially downloaded file

Many more tricky commands to be updated soon

Shijil T S Articles, linux linux command line tools, linux commands

Domain Name Server

The DNS system forms one of the largest and most active distributed databases on the world, without which Internet would stop working. Domain name servers translate domain names to IP addresses. Every time you use a domain name, you use the Internet’s domain name servers (DNS) to translate the human-readable domain name into the machine-readable IP address.

How It Works

Assuming no caching, let’s discuss how a name server converts the domain name sparksupport.com into an IP address. A name server would start its search for an IP address by contacting one of the root name servers. The root servers know the IP address for all of the name servers that handle the top-level domains ( .COM, .NET etc domains ). Your name server would ask the root for sparksupport.com, and the root would say (assuming no caching), “I don’t know the IP address for sparksupport.com, but here’s the IP address for the COM name server.” Your name server then sends a query to the COM name server asking it if it knows the IP address for sparksupport.com. The name server for the COM domain knows the IP addresses for the name servers handling the SPARTKSUPPORT.COM. Your name server then contacts the name server for SPARKSUPPORT.COM and asks if it knows the IP address for sparksupport.com. It does, so it returns the IP address to your name server. Hurray !! human-readable domain address is so converted to machine-readable IP address.

BIND Name Server

The Berkeley Internet Name Domain (BIND) server implements the Internet Domain Name Service (DNS) for Linux operating system. BIND is based on a server-client relationship. There are several different classes of servers, with varying degrees of authority. Different BIND server configurations possible are Primary Server, Secondary Server, Caching-only Server, Forwarder Server, Slave Server.

A primary master server for a domain is the authority for that domain. This server maintains all the data corresponding to its domain. Each domain should have at least two master servers: a primary master, and a secondary master to provide backup service if the primary is unavailable or overloaded. A server can be a master for multiple domains, serving as primary for some domains and secondary for others.

A secondary master server is a server that is delegated authority and receives its data for a domain from a primary master server. At boot time, the secondary server requests all the data for the given domain from the primary master server. This server then periodically checks with the primary server to see if it needs to update its data.

A slave-and-forwarder configuration is useful when you do not want all the servers at a given site to interact with the rest of the Internet servers. A slave server always forwards queries it cannot satisfy locally to a fixed list of forwarding servers, instead of interacting with the master name server for the root and other domains. The forwarding server would forward the queries and interact with other name servers on the Internet to resolve each query before returning the answer.

How to verify whether DNS is working correctly ?

After you have setup your DNS Server, it’s very important to check that the entries which are populated to the Internet are correct. You can use the following checklist using nslookup.

Hands on…….

Querying DNS entries for sparksupport.com at the DNS Server 72.232.109.82

[root@spark root]# nslookup

Note:  nslookup is deprecated and may be removed from future releases.

Consider using the `dig' or `host' programs instead.  Run nslookup with

the `-sil[ent]' option to prevent this message from appearing.

>; server 72.232.109.82

Default server: 72.232.109.82

Address: 72.232.109.82#53

> set q=any

> sparksupport.com

Server:         72.232.109.82

Address:        72.232.109.82#53

sparksupport.com        mail exchanger = 0 ASPMX.L.GOOGLE.com.

sparksupport.com        text = "v=spf1 a mx ~all"

sparksupport.com

        origin = ns1.sparksupport.com

        mail addr = sales.sparksupport.com

        serial = 2006110200

        refresh = 1200

        retry = 7200

        expire = 1209600

        minimum = 86400

sparksupport.com        nameserver = ns2.sparksupport.com.

sparksupport.com        nameserver = ns1.sparksupport.com.

Name:   sparksupport.com

Address: 72.232.109.82

> exit

[root@spark root]#

Every domain has a domain name server somewhere that handles its requests, and there is a person maintaining the records in that DNS. This is one of the most amazing parts of the DNS system — it is completely distributed throughout the world on millions of machines administered by millions of people, yet it behaves like a single, integrated database!

admin Articles, linux dns howto

A realtime experience that depicts MysQl Replication

Install mysql in both machines. The first machine will act as Master 1 and Slave 2 M1/S2 with ip (10.0.0.1) and the second will act as Slave 1 and Master 2 S1/M2 (10.0.0.2)

Plan out which all database you want to replicate and which all you want to ignore. Synchronize both database in master and slave using rsync first. If its brand new machines then create databases in both machines, as replication doesn’t mean that if you create a database in the master it will automatically get created on the slave. It will replicate only the data inside the databases.

In the master M1 open my.cnf and add the following entries under [mysqld] section.

server-id =1 #this value should be unique

log-bin=db-bin

relay-log=db-relay-bin

binlog-do-db=shijil #database that needs to be replicated

binlog-ignore-db=mysql #database that doesn't needs to be replicated

auto_increment_increment=2  #This is added in order to avoid collision with slave

auto_increment_offset=1

Now in M1 create a user replication such that S1 have the privilege to access all the databases of M1

mysql> GRANT ALL PRIVILEGES ON *.* TO REPLICATION@'10.0.0.2' IDENTIFIED BY 'pass1';
Restart the master mysql
/etc/init.d/mysqld restart
Enter the mysql prompt and issue the command
mysql>show master status \G;

The output will be something like below

show master status \G;

*************************** 1. row ***************************

File: db-bin.000001

Position: 220159222

Binlog_Do_DB: shijil

Binlog_Ignore_DB: mysql

1 row in set (0.00 sec)

ERROR:

No query specified

************************************************

Now in the S1 10.0.0.2 open its my.cnf and add the entry under [mysqld] section

server-id=2

master-host = 10.0.0.1

master-user = replication

master-password = pass1

master-port = 3306

It is also good to add the host entries from mysql command prompt and it should be like this

mysql> CHANGE MASTER TO

->MASTER_HOST='10.0.0.1',

-> MASTER_USER='replication',

-> MASTER_PASSWORD='pass1',

-> MASTER_LOG_FILE='db-bin.000001' ;

Remember the master log file is the same as the output shown by show master status \G; in the master server.

mysql> start slave ;

mysql> show slave status \G;

If there is no errors and the entries below

Slave_IO_Running: Yes

Slave_SQL_Running: Yes

are both showing Yes then you are good to go. Also check the mysql log file and make sure it is connected to master.

Phase II

Now we are going to setup the Slave as Master2 M2 (10.0.0.1) and Master as S1 (10.0.0.1)
Again open my.cnf and add the entries under [mysqld] section

log-bin=db-bin

relay-log=db-relay-bin

binlog-do-db=shijil #database that needs to be replicated

binlog-ignore-db=mysql #database that doesn't needs to be replicated
auto_increment_increment=2

auto_increment_offset=2

and create a user replication so that S2 (10.0.0.1) will have all the privilege to access all the database in M2 (10.0.0.2)
mysql> GRANT ALL PRIVILEGES ON *.* TO REPLICATION@'10.0.0.1' IDENTIFIED BY 'pass2';
Now restart the mysql in s2
/etc/init.d/mysqld restart
Go to mysql prompt and issue the command;
show master status \G;

It will show the output as something like below

show master status \G;

*************************** 1. row ***************************

File: db-bin.000001

Position: 220153453

Binlog_Do_DB: shijil

Binlog_Ignore_DB: mysql

1 row in set (0.00 sec)

ERROR:

No query specified

************************************************

Now log into S2 and edit its my.cnf add the following entries

master-host = 10.0.0.2

master-user = replication

master-password = pass2

master-port = 3306

After saving it issue the command in mysql prompt

mysql> CHANGE MASTER TO

-> MASTER_HOST='10.0.0.2',

-> MASTER_USER='replication',

-> MASTER_PASSWORD='pass2',

-> MASTER_LOG_FILE='db-bin.000001' ;

mysql> start slave ;

mysql>show slave status \G;

Here there shouldn’t be any errors also check the log file and make sure it is connected to master.

Now create a table named epson in shijil in M1 and check for the table epson in S1.

Troubleshooting
If at all any errors stop both mysql servers and remove all the log files from /var/lib/mysql

rm -fv db-bin* master.info relay*

This should be done on both servers and then start Master first and then Slave.

Sai Kottuvally Articles, MySQL Mysql replication

What if your Windows-Plesk server got crashed and surprisingly you see you don’t have a plesk backup to restore. The only option remain then is to copy the plesk database, domains data, mail data, configurations,mysql databases,mssql database manually from the crashed hard drive.

This article explains to how to recover data from a crashed windows-plesk server.

I assume you are using plesk with mailserver as MailEnable.If you are using any other mailserver other MailEnable you have to follow their support sections to get the corresponding commands to restore the mail data’s.

Follow the steps to complete the recovery of domains from a crashed windows-server to a new server. Remember here is what you have

.a hard drive with a windows OS installed.
.the old crashed hard drive.

1) Find the version of Plesk the server had earlier:

Open the file “[Old drive]:\Program Files\Swsoft\Plesk\version” to know the plesk version you had installed.

2) Download the same version of plesk from swsoft.com and install it.

For Plesk 7 series ftp://download1.swsoft.com/Plesk/Plesk7/Windows

For Plesk 7.5.* series ftp://download1.swsoft.com/Plesk/Plesk7.5/Windows/

For Plesk 7.5.6 series http://www.swsoft.com/en/download/plesk75win/

Installation Instruction of plesk is out of scope of this article, please refer the swsoft installation manuall to know about it.

3) Obtain the old license key.

PSA key is stored in Registry. If only you have backup of the registry of old plesk, you will be able to obtain the key. Path to key in registry is:

HKEY_LOCAL_MACHINE\SOFTWARE\PLESK\PSA Config\PSA Key

[bash]

If you don't have registry backup, you should probably contact your NOC and ask them to get a renewed plesk license for your server.

<strong>4) Obtain old psa database.</strong>

If you have a psa backup in .sql format, restore it as "psa" database.

[bash]
>%NEW_plesk_bin%mysql -u admin -p"psa_password psa < psa_backup.sql

If you don’t have a plesk backup, copy the

%OLD_plesk_dir%/mysql/Data/psa as %NEW_plesk_dir%/mysql/Data/psa.

5) Now its time to use Plesk Reconfigurator Tool.

You can find it in the Start menu, under the swsoft–>plesk section. Plesk Reconfigurator creates the users and groups required for proper functioning of Plesk, Plesk services, and sets the proper security settings for files and folders created and used by the Plesk software.

Plesk Reconfigurator also checks and corrects permissions for the following folders

%plesk_dir%

%SystemRoot%\temp

%plesk_vhosts%

%plesk_vhosts%\default

%plesk_vhosts%\sqladmin

%plesk_vhosts%\webmail

%plesk_vhosts%\.skel.

Also, for folders %plesk_dir%, %SystemRoot%\temp permissions for their content are checked.

7) Now, we are going to restore VirtualHost,Database from old drive to the newly installed hard drive.

a)Copying VirtualHost directory.
>copy [Old_drive]:\inetpub\vhosts to [New_Drive]:\inetpub\vhosts\

b)Copying Databases.
>copy [Old_Drive]:\Program files\swsoft\plesk\Databases\mysql\Data 

                [New_Drive]:\Program files\swsoft\plesk\Databases\mysql\Data

8)Now, move to the following folder:

 >cd [New_Drive]:\%plesk_dir%\admin\
And run the command
>websrvmng.exe --reconfigure-all

This command will recreate the domains in IIS and Create DNS db files and will reset the permission of the virtualhost folders under each domains.
This will take some time. Now go and have a cappuccino with a sandwich and relax

All your VirtualHosts are now restored, 75% of your work is now completed.

19) Restoring the Mail accounts.

I suppose you have installed MailEnable as MailServer.

a) Copy the MailEnable PostOffices to the new server.

    >copy [Old_Drive]:\%plesk_dir%/MailServer/MailEnbale/PostOffice 

                [New_Drive]:\%plesk_dir%/MailServer/MailEnbale/PostOffice

b) Copy the MailEnable config folder to the new server.
    >copy [Old_Drive]:\%plesk_dir%/MailServer/MailEnbale/config 

                [New_Drive]:\%plesk_dir%/MailServer/MailEnbale/config

c) Use MEInstaller.exe
Run the MEInstaller.exe command to add all the MailEnable email accounts and set the mail folder permissions.
>cd [New_Drive]:\%plesk_dir%/MailServer/MailEnbale/Bin/

>MEInstaller.exe

Sai Kottuvally Articles, Windows windows plesk restoration

Here we will be covering some steps to take to help protect servers from common attacks

Main Topics
Local security measures
Protecting against common remote attacks
Having and following a Security Policy
Make sure existing users have decent pass words

Crack your own users’ passwords using JTR, crack. Preferably run the crackers on a dedicated machine, not the server, due to load

Crack your own users’ passwords using JTR, crack Preferably run the crackers on a dedicated machine, not the server, due to load
Turning off unrequired daemons in

    Check /etc/xinetd.conf

    Check /etc/xinetd.d/*

Common ones are cupsd (printing daemon nfs/statd (unless using nfs mounted FS)

gpm and xfs services

Find locally running processes

Often script kiddies will launch backdoor scripts on the server using vulnerable php scripts,bad clients or hacked accounts will be used to launch IRC bots / bouncers

`ps auxww`

`lsof -n`

Try to find processes hidden by a rootkit, such as

mpid=`sysctl kernel.pid_max | cut -d " " -f 3`; for i in

`seq 1 $mpid`; do test -f /proc/$i/cmdline && (echo -n

"[$i] "; strings /proc/$i/cmdline; echo); done

Login Access

Setting login access definitions

/etc/login.defs

­    Expire passwords after PASS_MAX_DAYS

     Set minimum password length to PASS_MIN_LEN

     Set number of days before pass expires to send reminder with PASS_WARN_AGE

There are more options that are well documented in the default file
/etc/hosts.allow and /etc/hosts.deny

Suggest to use firewall instead as it will protect all services, not just the ones written to obey the rules set in the hosts.* files

Shell limits

Setting resource limits for shell accounts Set in /etc/security/limits.conf Protect against fork bombs and out of control applications, scripts.Will want to start out very lax, make stricter after testing with current settings; as need arises

Example settings:

    @users     hard  nofile 500

    @users     hard  cpu 30

    @users     hard  nproc 150

    @users     soft  nproc 100

    @users     hard  rss 50000

    @users     maxlogins 3

    nobody     hard  nofile 16384

Permissions

Find all world writable files and directories

find / \( -perm -a+w \) ! -type l >> world_writable.txt

reveals target locations an attacker can use to store their file fixing bad perms breaks some poorly written php/cgi scripts leave (/var)/tmp alone, secure it with /scripts/securetmp

Find all setuid/gid files

find / \( -perm -4000 -o -perm -2000 \) -exec ls -ldb {} \; >> suid_files.txt

Many files need these elevated permissions, do not “fix” without knowing exactly how it will affect the system. sudo, su, mount, traceroute, etc

 Find all files with no owner/group
    find / -nouser -o -nogroup

Mount Points

Use "nosuid" option when mounting /tmp and /home

Consider "noexec" on /tmp after cPanel installation

Use /scripts/securetmp to have /tmp be mounted nosuid,noexec on a temporary file

IDS / Basic Forensics

Tripwire

Monitors checksums of files, reports when they have changed. A good way of helping ensure files are not replaced by rootkits/trojans/etc

Commercial : http://www.tripwire.com

OSS Branch: http://sourceforge.net/projects/tripwire

Chkrootkit

http://www.chkrootkit.org

Scans system for common signs of rootkits, backdoors, lkm, etc.

Rkhunter

http://www.rootkit.nl/projects/rootkit_hunter.html

Same as chkrootkit

Logwatch

http://www.logwatch.org

Scans through logs and emails a daily report of system activity

Remote Attacks
Bound ports

Find out what programs are listening on what ports

netstat -nap

Backdoor scripts/irc apps are usually launched from a writable directory, /tmp or in the user’s directory. Most will bind to a port and wait for connections, some will “call home” in an attempt to get around P/NAT firewalling

‘/proc’ tunables
tcp syn cookies
Helps protect against SYN flood DoS attacks

sysctl -w net.ipv4.tcp_syncookies=1

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Firewalling

ipchains/iptables

Suggest using APF or similar if not familiar with iptables for ease of use and quality protection

Be sure to enable all the ports cPanel requires:

http://faq.cpanel.net/show.cgi?qa=108499296901804

Apache

Most all attacks are against poorly coded web-based applications php makes poor programming easy to pull off, most target scripts are written in php Backdoors, shell imitation scripts, etc can be launched to give full shell access to the server, even if the account has no shell access itself

Enable openbase_dir protection in WHM

This will stop some scripts from accessing other user accounts.

Enable suexec for perl scripts, phpsuexec for php scripts

This allows tracking of scripts and forces them to run as the user of the account, rather that the “nobody” user.

Enforces sane permissions and environment, such as not running if world writable, or in a world writable directory Greatly helps when tracking exploited scripts used by spammers

Keeps users from doing stuff like

system("killall -11 httpd");
enable "safe_mode" for php

Edit the relevant php.ini

php -i |grep php.ini

safe_mode = On

Edit “disable_functions” for php

disable_functions = exec, shell_exec, system, passthru,popen,virtual, show_source, readfile, pclose

Using mod_security

Can be installed in WHM in the addons section.
Main website at http://www.modsecurity.org/

General Policy

Give users a jailshell rather than a fullfledged shell Have clients use sftp, scp, smtp+ssl, pop+ssl, https://site.tld/cpanel whenever possible to avoid plain text passwords Use SSHv2 only, as SSHv1 is decryptable on the fly. Change root/admin passwords frequently using a mix of upper/lowercase letters, num- bers and symbols Constantly monitor logs.

Prince Joseph Articles, Controlpanel cpanel security