 |
HacksAndMore640 Kb should be enough memory for anybody... |
| 27 August |
The new Qnap nas has also NFS service onboard, so I want try to use it as “addon datastore” for my VMware infrastructure.
I know poor performance but I’ll use it to keep CD/DVD images, test virtual machines an why not, backup.
First of all we have to check if our esx hosts can reach the NAS, I mean the VMKERNEL, not the management, so ssh into your ESX and try with
root@esxhost# vmkping your.nas.ip
If you get response you are done, if not you have 2 solutions:
- put your nas in the vmkernel’s network
- add another vmkernel
I’ve added another vmkernel, because we use the first for Vmotion and I want keep this separate.
So, open VI client, from inventory view choose “Hosts and Clusters” select the first Esx host and go to “configuration tab.”, select “Networking” then “Add Networking”.
Using the Wizard, select VMkernel and click Next. According with your network configuration, select the VSwitch that can communicate with your NAS
Give a name, IP Address and netmask (on the same netwok of NAS) to the new interface
Click Next and finish.
Try to “vmkping” and you should see response.
Now repeat these steps for all ESX hosts you have
Instruction From QNAP to use NFS on with VMware are not correct, because ESX is able to use NFS only over TCP; unforntunatley Qnap nas use NFS over UDP.
So we have to “force” the QNAP to use TCP instead of UDP…
In the configuration page on NAS there’s no way to change this; so we have to connect in SSH and edit this file:
/etc/init.d/nfs
the line to change is #132
NO_V4="-N 4 --no-udp"
Reload the NFS service
/etc/initd/nfs restart
Now through the web management we can set permission to the share we want use
I permit full access from both esx hosts to this share
So, open VI client, from inventory view choose “Hosts and Clusters” select the first Esx host and go to “configuration tab.”, select “Storage” then “Add Storage”.
Follow the wizard for configuration:
Select “Network File System”
Fill with ip address or name of your NAS, in the Path field put the name of the share you previously defined on the NAS
Click Next and finish.
Repeat this step with same data for all ESX hosts and you are done.
N.B.
this how to require you know what are you doing.
I'm not responsible if you destroy your production machine following my instruction.
| 30 July |
This powerful NAS (linux core inside) have 2 NICs that you can use in various mode.
I’ve choose to aggregate these 2 NICs to have load balance and failover.
Through the web page go to System administration, then to network; here flag “Enable port trunking” option.
in the dropdown menu ou have to choose “IEEE 802.3ad”. and apply settings.
Let’s go to the cisco switch ( I have Cisco IOS, not CAT OS)
i’m assuming the two NICs are connectet to Gi1/1 and Gi1/2 (adapt to you)
interface GigabitEthernet1/1 description to NAS switchport access vlan 10 switchport mode access speed 1000 duplex full channel-protocol lacp channel-group 64 mode active end interface GigabitEthernet1/2 description to NAS switchport access vlan 10 switchport mode access speed 1000 duplex full channel-protocol lacp channel-group 64 mode active end interface Port-channel64 description Connessione NAS switchport switchport access vlan 10 switchport mode access end
With this configuration on the switch, when you disconnect one NIC you will not loose connection to the NAS even if you are transferring data.
| 22 July |
After year working with Mailscanner installed I’ve decided to try another way;
So, in our servers room (after server consolidation) I had an IBM x226 configured with
- 2x Intel Xeon 3GHz;
- 6 GB RAM,
- 4x 40GB SCSI
- IBM Server Raid controller
- 2X NetXtreme BCM5703 Gigabit Ethernet controller
I know this is too to do this job, but in future I don’t know if will be sufficient.
Installed Centos 5.5 final; purged and updated; next installed postfix, postgrey, and after enable (only this time ) rpmforge repo I’ve installed clamav-milter.
Next I’ve configured postfix to act as mailgateway for our internal mailserver, and I’ve enabled some controls on sender, look my posfix.conf:
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unauth_destination,
reject_unauth_pipelining,
check_sender_access hash:/etc/postfix/whitelist
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_unknown_recipient_domain,
reject_unverified_recipient
in “check_sender_access” I’ve Whitelists some sender that use blacklisted mailservers.
Now It’s time to setup postgrey, so in “smtpd_recipient_restrictions” section of main.cf add this line at the end of the section:
check_policy_service inet:127.0.0.1:10025
In /etc/sysconfig/postgrey you have to set options. This is mine:
OPTIONS="--greylist-text=\"You are greylisted...try again later. \" --inet=127.0.0.1:10025 --user=postfix --group=postfix"
You can also use unix socket instead of tcp socket It’s your choice.
Clamav-milter need to be configured, his configuration file is in /etc/clamav-milter.conf,
I’ve changed these parameter:
MilterSocket unix:/var/clamav/clmilter.socket User clamav AllowSupplementaryGroups yes ClamdSocket unix:/var/run/clamav/clamd.sock LogFile /var/log/clamav/clamav-milter.log LogSyslog yes LogFacility LOG_MAIL LogInfected Basic
To instruct postfix to use clamav-milter, add these two lines in /etc/postfix/main.cf after “smtpd_recipient_restrictions” section:
smtpd_milters = unix:/var/clamav/clmilter.socket non_smtpd_milters = unix:/var/clamav/clmilter.socket
With this settings we have no false positive, and we can catch 99 % of spam.
| 4 May |
In an earlier post I’ve told you how to use an eebox as a cache proxy and content filter…Today I’ve added also an antivirus control with HAVP ( http://www.server-side.de/ ) and ClamAV ( http://www.clamav.net )
let’s go:
me@linuxbox# apt-get update && apt-get install havp
Now we need to configure havp so open /etc/havp/havp.config and edit these values:
PARENTPROXY localhost
PARENTPORT 8081
FORWARDED_IP true
BIND_ADDRESS 127.0.0.1
TEMPLATEPATH /etc/havp/templates/"yourlang"
These are “sufficient” so read the manual and config HAVP to fit your needs.
Now edit /etc/squid/squid.conf and add these options
http_port localhost:8081 acl Scan_HTTP proto HTTP never_direct allow Scan_HTTP cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer_access 127.0.0.1 allow Scan_HTTP
Reload Squid and start HAVP and you can test if the system is working downloading an “eicar test” here http://www.eicar.org/anti_virus_test_file.htm
| 30 April |
Today I’ll explain how to move an IBM System i partition between phisical blades; this can be done if you are using an external storage (SAN) and not internal disks..
This is the configuration:
BLADE 6
partition 1 ->Vios
partition 2 ->Galileo (production System i)
partition 3 -> ArchimedeBK (backup partition)
BLADE 7
partition 1 ->Vios
partition 2 -> Archimede (production System i partition)
partition 3 -> GalileoBK (backup partition)
The goal is to move Archimede production partition from BLADE 7 host to ArchimedeBK partition in BLADE6.
First of all power down the partition, then from the BLADE 7 Vios web interface, check what are disks attached to this partition:
then login to the Vios console with padmin user and check the hdisk devices assignment (in my configuration HDISK>1 because hdisk1 is the internal SAS disk)
$ lsmap all
SVSA Physloc Client Partition ID
vhost0 U7778.23X.067976AV1C11 0×00000000
VTD vtopt0
Status Available
LUN 0×8400000000000000
Backing device
Physloc
VTD vtscsi0
Status Available
LUN 0×8100000000000000
Backing device hdisk2
Physloc U78A5.001.WIH68A0P1C11L1T2W200500A0B8500BB8L1000000000000
VTD vtscsi1
Status Available
LUN 0×8200000000000000
Backing device hdisk3
Physloc U78A5.001.WIH68A0P1C11L1T2W200500A0B8500BB8L2000000000000
VTD vtscsi2
Status Available
LUN 0×8300000000000000
Backing device hdisk4
Physloc U78A5.001.WIH68A0P1C11L1T2W200500A0B8500BB8L3000000000000
SVSA Physloc Client Partition ID
vhost1 U7778.23X.067976AV1C12 0×00000000
VTD vttape0
Status Available
LUN 0×8100000000000000
Backing device rmt0
Physloc U78A5.001.WIH68A0P1T5LC000L0
SVSA Physloc Client Partition ID
vhost2 U7778.23X.067976AV1C14 0×00000000
VTD vtopt1
Status Available
LUN 0×8400000000000000
Backing device /var/vio/VMLibrary/AbetSystemi1
Physloc
VTD vtscsi3
Status Available
LUN 0×8100000000000000
Backing device hdisk6
Physloc U78A5.001.WIH68A0P1C11L1T2W200500A0B8500BB8LA000000000000
VTD vtscsi4
Status Available
LUN 0×8200000000000000
Backing device hdisk7
Physloc U78A5.001.WIH68A0P1C11L1T2W200500A0B8500BB8LB000000000000
VTD vtscsi5
Status Available
LUN 0×8300000000000000
Backing device hdisk8
Physloc U78A5.001.WIH68A0P1C11L1T2W200500A0B8500BB8LC000000000000
Now you can remove vtscsiX devices relative to hdisksX
$ rmdev dev vtscsiX Then remove the hdiskX devices
$ rmdev dev hdiskX
Now open the DS storage manager (I have an IBM DS4700 SAN)
Select the Phisical blade containing the partition you want move, on the right, select (once at time) the logical drives and select change mapping and assign to the BLADE 6.
Be carefully to maintain the current LUN ID….
Now login into the Vios console of the second blade (padmin user) and list current devices:
$ lsdev |grep hdisk
hdisk0 Available SAS Disk Drive
hdisk1 Available MPIO Other DS4K Array Disk
we have no disks (or you can see other System i partition’s disks); so scan for new disks:
$ cfgdev
and relist devices
$ lsdev |grep hdisk
hdisk0 Available SAS Disk Drive
hdisk1 Available MPIO Other DS4K Array Disk
hdisk2 Available MPIO Other DS4K Array Disk
hdisk3 Available MPIO Other DS4K Array Disk
hdisk4 Available MPIO Other DS4K Array Disk
On the new blade vios’s web interface we can assign the “new” disks to the preconfigured backup partition by going to the Storage tab, and flagging the relative hdisks
You can now power on the partition on the second blade..
N.B.
this how to require you know what are you doing.
I'm not responsible if you destroy your production machine following my instruction.
Top