CMSC 137 Baylosis: July 2013

Tuesday, July 30, 2013

Heartbeat Pacemaker

PRE-GUIDED BLOG

(see GUIDED BLOG below for updates)

[This is a theoretical blog on how to setup HA-HB server]

What you need?

2 Connected computers

Heartbeat (Daemon)

Pacemaker (Cluster Resource Manager / CRM)

In the original discussion the setup is created using a switch ( connected to the internet ) 2 servers (computers) one will be the primary and the other one is the backup. This servers are connected directly via a ethernet crosscable and a serial cable ( in order to pass data ). Since we do not have a ethernet cross cable at our disposal. We will copy the setup that we did in our last exercise (DHCP configuration). Instead of using a ethernet cross cable we will connect them wirelessly.

After creating the topology we will now proceed into configuring the 3 core files in heartbeat these are:

/etc/ha.d/ha.cf
http://www.linux-ha.org/doc/users-guide/_creating_an_initial_heartbeat_configuration.html#_the_literal_ha_cf_literal_file

autojoin none
mcast bond0 239.0.0.43 694 1 0
bcast eth2
warntime 5
deadtime 15
initdead 60
keepalive 2
node alice
node bob
pacemaker respawn

/etc/ha.d/authkeys
http://www.linux-ha.org/doc/users-guide/_the_literal_authkeys_literal_file.html

auth <num>
<num> <algorithm> <secret>

or

( echo -ne "auth 1\n1 sha1 "; \
  dd if=/dev/urandom bs=512 count=1 | openssl md5 ) \
  > /etc/ha.d/authkeys
chmod 0600 /etc/ha.d/authkeys

/etc/ha.d/haresources

http://voices.yahoo.com/installing-configuring-heartbeat-ubuntu-server-3778384.html?cat=15

Then we configure the pacemaker:
http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/
or
http://www.zivtech.com/blog/setting-ip-failover-heartbeat-and-pacemaker-ubuntu-lucid

After doing the steps in the link above hopefully we are done.

REFERENCES:

HEARTBEAT - http://www.linux-ha.org/doc/users-guide/users-guide.html
PACEMAKER - http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/
HEARTBEAT + PACEMAKER - http://www.zivtech.com/blog/setting-ip-failover-heartbeat-and-pacemaker-ubuntu-lucid
http://voices.yahoo.com/installing-configuring-heartbeat-ubuntu-server-3778384.html?cat=15

[This part is what I did step by step in configuring the heartbeat only using : http://voices.yahoo.com/installing-configuring-heartbeat-ubuntu-server-3778384.html?cat=15]

Configuring /etc/ha.d/ha.cf

Configuring /etc/ha.d/authkeys

Configuring /etc/ha.d/haresources

Starting Heartbeat

In this part I have failed to start the heartbeat because node2 is non existent that's why on the upper portion of the blog I have stated that we need 2 Computers because I have overlooked the fact that each node corresponds to a computer. This steps also failed to accomplish the pacemaker part thus I think this setup is incomplete.

GUIDED BLOG

After failing to configure heartbeat successfully during the first two sessions, we have now a guide on how to accomplish the task. Here is the list of tasks that are needed to be done in order to accomplish heartbeat.

Step 0: Remove/Purge Heartbeat and Apache2

Since other students have used the computer, their previous configurations are present so we need to do a sudo apt-get purge apache2 heartbeat or sudo apt-get remove --purge apache2 heartbeat in order to remove their configurations. (Note: we can eliminate redundant typing of sudo by typing first sudo -s).

Removing Previous Installations.

Step 1: Changing host names

We need to change hostnames in order to identify computer1 from computer2 since all computer in the pclab are named user. To change the hostnames we need to do to steps.

Type sudo hostname <your_hostname> // in our case it is server1
Edit /etc/hostname and change the content of it to <your_hostname>

Step 2: Installing Heart Beat and Apache2

After removing we need to install both heartbeat and apache again to both computers. We can do this by typing sudo (or w/o it) apt-get install apache2 heartbeat on the terminal.

Installing Heartbeat and Apache on Server1

Installing on Server2

After installing. We configure the index.html in both servers to identify which server is which. We can do this by editing index.html in the www where index.html is the default file opened when we access the servers. Afterwards we restart apache.

It seemed awkward to me because if the goal of the exercise is to fetch the data if server1 died out. Then why is it that the returned html file if server1 died out is not the html file of server1 instead it is the html file of server2. I think this can be answered by a principle in DBMS, maybe server1 and server2 are connected to a remote server thus serving same file. We only show different kind of html to demonstrate that server2 catches the requests if server1 dies out.

Modifying index.html

Step 3: Configuring

ha.cf
haresources
authkeys

After installing the needed tools, we will now proceed in configuring the setup of heartbeat.

1. ha.cf configuration

We configure ha.cf in vi. We can do this by typing vi /etc/ha.d/ha.cf, type the necessary lines of codes shown in the picture below on both server 1 and 2. The lines here configures the needed configurations in order for the heartbeat to run.

Configuring ha.cf

2. haresources

After configuring ha.cf we now configure haresources. This file tells us what the Virtual IP of the main server is and what server application it is using. In our case it is apache2. Do this for both server1 and 2

Configuring haresources

3. authkeys

We now edit authkeys (or authentication keys in longer terms). This file is needed in order to ensure that the one accessing the server1 w/c is the backup server is the legit backup server. This file contains an encrypted password(in our case it is sha1, another example is md5). After that we need to set the permissions to 600 by typing chmod 600. This will ensure us that it can only be edited by our server.

Configuring authkeys

Step 4: Edit /etc/hosts

In our previous exercises we already have configured this file. This file contains table with a combination of IP and sitename of hosts. So we can route to them. We need to configure this in order for our server to establish connections.

Editing /etc/hosts

Step 5: crm configure edit

After editing /etc/hosts we now proceed to editing our cluster resource manager. This crm is pre installed in heartbeat (I think?). The problem is whenever I tried to do this by typing crm configure edit it will return an error that it cannot be configured because line one of the XML file is not found. Me and my partner anaylzed the problem and have found out that even though the XML file is there in /etc/var/lib? (i forgot the whole path, but it is where the xml file is located) the XML file is there. This may have been caused that we need permissions( but remember I already typed sudo -s at the start, I even tried sudo crm configure edit but did it did not work). This is the part where I have reached in configuring the heartbeat setup. This is also the second last part of the exercise.

Step 6: Restarting apache2 and heartbeat

We need to restart heartbeat and apache2 in order to apply the changes we have made in the configuration. After this we should test if our setup works.

Questions:

1. What are the problems encountered?

One of the major problem encountered is that even if you purge the current configurations of heartbeat and apache. The configuration file is still present. So after you installed them again, the previous configurations still persists.

Another problem is that students forgot to clean up what they have done. It gives us a hard time to configure since initial or some configurations have been altered already and some can't be altered for some unknown reason and most of us in the lab cannot even successfully run the program even though we followed the step by step procedure.

2. What are your insights about HA-HB?

I think ha-hb concept is great, because a website needs to be up at all times. Like in the movie "The Social Network" Mark Zuckerberg states that facebook must not shutdown ever.That is how crucial website up time is and I think HA-HB is perfect for this task.

3. State your ideas about the possible application of HA-HB?

Aside from facebook that I have mentioned earlier I think a potential application of HA-HB is in online banking, computer registration systems ( ie. Systemone, CRS of UPD) or any site that performs transactions.

4. What can you say about the mode of discussion?

I think it is good for the students to let them fend for themselves. With the theory given, they will learn more efficient because they are learning at their own pace. Although it is good I think they still need the supervision from their respective lab instructors just in case they suffer some problems that is not fully related or is out of scope of the exercise.

Tuesday, July 23, 2013

Linux Router and Protocol Analysis

This exercises focuses on establishing a connection on a remote computer using another computer to act as a router. To be able to perform this we need to follow the steps below.

A. Linux Router Configuration

Topology

We need to accomplish this topology but with minor variations. We will not use Cross cable in connecting Computer A and Computer B. Instead we will be using Wifi Connection to establish a network connection between A and B then use a cable directly connected to the internet.

In this exercise we used Ubuntu 12.04 to act as a server and a client. Then follow the steps below.

Step 1: We need to have a root access in order to modify the settings. Type sudo -s then enter your password.

Root Access

Step 2: Get the information on which devices your computer use that will be configured. In our case it is wlan0 and eth0. We will not be using eth1 since eth1 is used on a wired connection. On computer B eth0 is used in the wire directly connected to the internet while wlan0 is the connection between computer A and B.

Acquiring Device Information

Step 3 (Configuring the Router):

In this step we configured Computer B to act as a router for Computer A. We changed the IP address of wlan0 (the interface connected to Computer A) to 192.168.1.254 with a netmask of 255.255.255.0 . Then we checked if is Disabled. If disabled we set it to 1 to enable it. After checking the IP forwarding setting we now configure the Firewall settings using IPTABLES. The parameters used will be discussed later.

Configuring Computer B

Step 4 (Configuring the Client):

After configuring the router we now configure the client. First we assign the IP 192.168.1.1 to wlan0 (this is the interface of computer A connected to computer B). Afterwards we set the IP Address of Computer B as a default gateway using route.

Configuring the Client ( Computer A )

Now that we have configured computer A. We will try to ping the address 10.0.4.254 and 10.0.4.0.
Notice that this will result to a unreachable state because we have now changed the IP of Computer B to 192.168.1.254. Also the /etc/resolv.conf of computer A is empty. We need to copy the resolv.conf of computer B to A in order to have internet access. Resolv.conf contains a setting with nameserver and search. I think this is the default setup used by the network to connect to the internet.

Copying result.conf

Pinging Computer B

Since we have succesfully pinged our router Computer B. We are now sure that we can connect to the internet since computer B that is acting as a router has an internet access (As of this moment I'm currently using the connection from A to B to write this blog).

B. DHCP Server Configuration

In the previous activity we have successfully established a connection in Computer A manually. Now we will try the same but only using DHCP. This means that we will make a that will enable our router Computer B to assign IP addresses automatically to other computers that is connected to its network. We need to edit /etc/dhcp/dhcpd.conf in oreder to achieve this.

dhcpd.conf

The parameters used in dhcpd.conf will be discussed later.

After we have configured dhcpd.conf we will now try to acquire IP of Computer A automatically by using dhclient wlan0 (since wlan0 is the one used by comptuer A to connect to computer B). Next we will check the information that Computer B gave to Computer A using cat /var/lib/dhcp/dhcpd.leases.

dhclient wlan0

Lease information

We have successfully assigned an automatic IP on computer A using dhclient

QUESTIONS:

1. Using the man pages for iptables, briefly explain what was done in step 5 in configuring

Computer B. Describe the parameters used in the iptables command. (5 points)

Iptables -F = flush all the chains in the table if none is given, equivalent to deleting all the rules one by one

iptables -P = set the policy for the chain to the given target.

Iptables -t = specifies the packet matching table which the command should operate on.

nat = table consulted when a packet that creates a new connection is encountered.

2. What are the options you used in /etc/dhcpd.conf? (5 points)

We used router, broadcast-address, subnet-mask, domain-name-servers as options. We also added range (this is used if there are many computers connecting to the router), max-lease time and default lease time. Lease time is used in defining how long the computer can keep the connection established.

3. How do you assign a fixed IP address to a computer?What information do you need? (3 points)

ifconfig - we need the device to be used, the netmask and an optional broadcast.

Tuesday, July 9, 2013

DNS Configuration

Acitivities

1. Preparing linux box for the exercise

2. Configuring IP address using ifconfig

3. Modification of named.conf.local

named.conf.local

4. Creation of zone files

db.cmscwantriseben.com

db.192.168.3

5. Usage of named-checkconf and named-checkzone

named-checkconf on named.conf.local

named-checkzone on db.cmscwantriseben.com

named-checkzone on db.192.168.3

6. Starting the server

bind9 restart

7. Specifying the DNS Servers to be used

Modifying DNS Servers to be used

8. Testing DNS Servers

using Dig

9. Ping

Pinging rclha

Pinging vre

Pinging sgs

10. Reflection
DNS Configuration , like TCP/IP, is fun to do although at the last part of the exercise I was a bit of annoyed because I forgot to take 3 screenshots of Pings.
In setting up a DNS configuration after doing step 1 I used ifconfig. Ifconfig allows the user to modify the assigned IP address of a given machine in the network. Afterwards I configurated the named.conf.local using VI Editor. Named.conf.local contains the forward and backward zone configuration of the "network name" we are using. This includes (1) State of Authority and (2) file (contains the file path). The first block of the code is for the domain name comsciwantriseben and the second block contains its IP written in backwards. The next step ( 4 ) defines a list of the set of all addresses the computer can connect to and its corresponding name. It is almost identical to TCP/IP configuration when I used ifconfig last time. The file also contains a configuration on how the computer behaves when connecting(or being connected to?).
After configuring. I used named-checkconf and named-checkzone to check if the syntax(not the semantics) of the conf file and zone files are correct. This outputs the serial number and an OK when the file has no syntax errors. After the test is successful we can now proceed to starting up the server, but before we can fully check for connection we must configure also the resolv.conf. Resolv.conf contains the settings of the network to be used. If i remembered correctly in SSH exercise Intranet UPLB is the network we accessed in order for us to communicate with one another. Now that we have started the server , we now check if we can communicate in other computers with the network. I used dig to check if there are response to the IP's that i have included. After that when there are no problems. I can now finally a specific host w/c is shown in Step 9.
In conclusion DNS Configuration is a bit simple in idea, because, it's like setting up how to connect to sockets. The only difference is that these sockets must names in order for them to be accessed in another way if you do not wish to memorize IPs. DNS Configuration can also be tedious if you are to reconfigure since you may need to redo some process if you wish to change something. A big part on it is on named-checkconf, named-checkzone, starting the server.

Extra :
In step9 Picture 3. I pinged MRA but resulted into SGS, this is because . when i asked MRA about the IP address of her computer I think she gave the wrong number, instead i got the IP of the computer beside her SGS. I observed that in modifying the DNS it is identically similar to the Phonebook analogy. Even if you put different names. It will always depend on the IP as long as it is mapped to there.

Wednesday, July 3, 2013

IP Routing

In this session we have discussed IP Routing.

At the end of the session designed a network using the Network Simulator (netsim3.0) created by M.Detras and V.Lee.

Final Network Design

So how did we accomplish this desgin?

First let's start at the fundamentals of connecting 2 Computers

Basic Connection Between 2 Computers

In order to achieve this we must follow these simple steps

Step 1: Instantiate the Objects.

Click the button on the left side to create the appropriate objects accordingly and rename them according to the figure.

Step 1: Instantiate the Objects

Step 2: Connecting The Objects

After instantiating we must connect the objects
For Host -> Router

Right Click Host
Select Add Connection
Click the red text "ether0/0"
Connect it to its corresponding router selecting also "fastethernet0/0" as a port
fastethernet0/0 is used in connecting Host to Network
Do this to the other Host

For Router->Router

Right Click Router
Select Add Connection
Since we connected the "fastethernet0/0" it should be lit green
Now Select "ethe0/1"
Connect it to the other router by also selecting "ether0/1"
Now we have established to create a connection between 2 networks

Output

Step 3: Configuring the Connection

After doing step 2 we just accomplished the hardware part, now we need to configure it so the hosts can communicate with one another

Right Click the 1st router then click configure
Type this set of commands to assign an IP address of fastEthernet0/0 port (Host -> Router). This represents the set of all addresses in the network of Router1

Configuring the IP of fastEthernet0/0

After configuring the IP Address of fastEthernet0/0 we need to do the same for fastEthernet0/1. This represents the IP address of the whole sub network handled by router1

Configuring the IP of Ethernet0/1

Next, we will set the IP route of router1. This tells the router where to route it's request. It is in the format of Destination Subnetmask Gateway. Destination is the Network

IP Config

Do this for both router1 and router2. Changing the appropriate IP values

Step 4: Configuring the Hosts

Right Click on the host Computer -> Configure
Input the appropriate values

Configuring Host1

Configuring Host2

Step 5: Testing the Connection

After we have finished the setup we now test if we achieved network connectivity.

Rightclick on a host then -> Ping
Input the IP Address of the Router/Host you want to ping
Click Ping. Results are posted below

Host 1 Pinging Host 2

Now we have successfully replicated the Basic network setup and sent packets from Host1 to Host2. In order to do the Final Network Design, we only need to replicate the same steps as above, but we need to add another step in IP Config. The additional step requires you to add the route of the other computer (eg. in configuring Router1, you need to add Router2 and Router3. Same thing follows if you are configuring for Router2 and 3). We also need to add a Switch ( need not to be configured, just conenct the ethe0/1 of routers to the ethernet ports of the switch). Afterwards test if the network is working.

SCREEN SHOTS (for the Final Network Design Connectivity)

Host1 Pinging Host2

Host1 Pinging Host3

Host2 Pinging Host1

Host2 Pinging Host3

Host3 Pinging Host1

Host3 Pinging Host2

Conclusion

Creating a network connection is quite a tedious task. You also need to be careful in putting the values because one wrong value can result to a lost of connectivity.