 |
HacksAndMore640 Kb should be enough memory for anybody... |
| 27 August |
The new Qnap nas has also NFS service onboard, so I want try to use it as “addon datastore” for my VMware infrastructure.
I know poor performance but I’ll use it to keep CD/DVD images, test virtual machines an why not, backup.
First of all we have to check if our esx hosts can reach the NAS, I mean the VMKERNEL, not the management, so ssh into your ESX and try with
root@esxhost# vmkping your.nas.ip
If you get response you are done, if not you have 2 solutions:
- put your nas in the vmkernel’s network
- add another vmkernel
I’ve added another vmkernel, because we use the first for Vmotion and I want keep this separate.
So, open VI client, from inventory view choose “Hosts and Clusters” select the first Esx host and go to “configuration tab.”, select “Networking” then “Add Networking”.
Using the Wizard, select VMkernel and click Next. According with your network configuration, select the VSwitch that can communicate with your NAS
Give a name, IP Address and netmask (on the same netwok of NAS) to the new interface
Click Next and finish.
Try to “vmkping” and you should see response.
Now repeat these steps for all ESX hosts you have
Instruction From QNAP to use NFS on with VMware are not correct, because ESX is able to use NFS only over TCP; unforntunatley Qnap nas use NFS over UDP.
So we have to “force” the QNAP to use TCP instead of UDP…
In the configuration page on NAS there’s no way to change this; so we have to connect in SSH and edit this file:
/etc/init.d/nfs
the line to change is #132
NO_V4="-N 4 --no-udp"
Reload the NFS service
/etc/initd/nfs restart
Now through the web management we can set permission to the share we want use
I permit full access from both esx hosts to this share
So, open VI client, from inventory view choose “Hosts and Clusters” select the first Esx host and go to “configuration tab.”, select “Storage” then “Add Storage”.
Follow the wizard for configuration:
Select “Network File System”
Fill with ip address or name of your NAS, in the Path field put the name of the share you previously defined on the NAS
Click Next and finish.
Repeat this step with same data for all ESX hosts and you are done.
N.B.
this how to require you know what are you doing.
I'm not responsible if you destroy your production machine following my instruction.
| 30 July |
This powerful NAS (linux core inside) have 2 NICs that you can use in various mode.
I’ve choose to aggregate these 2 NICs to have load balance and failover.
Through the web page go to System administration, then to network; here flag “Enable port trunking” option.
in the dropdown menu ou have to choose “IEEE 802.3ad”. and apply settings.
Let’s go to the cisco switch ( I have Cisco IOS, not CAT OS)
i’m assuming the two NICs are connectet to Gi1/1 and Gi1/2 (adapt to you)
interface GigabitEthernet1/1 description to NAS switchport access vlan 10 switchport mode access speed 1000 duplex full channel-protocol lacp channel-group 64 mode active end interface GigabitEthernet1/2 description to NAS switchport access vlan 10 switchport mode access speed 1000 duplex full channel-protocol lacp channel-group 64 mode active end interface Port-channel64 description Connessione NAS switchport switchport access vlan 10 switchport mode access end
With this configuration on the switch, when you disconnect one NIC you will not loose connection to the NAS even if you are transferring data.
| 22 July |
After year working with Mailscanner installed I’ve decided to try another way;
So, in our servers room (after server consolidation) I had an IBM x226 configured with
- 2x Intel Xeon 3GHz;
- 6 GB RAM,
- 4x 40GB SCSI
- IBM Server Raid controller
- 2X NetXtreme BCM5703 Gigabit Ethernet controller
I know this is too to do this job, but in future I don’t know if will be sufficient.
Installed Centos 5.5 final; purged and updated; next installed postfix, postgrey, and after enable (only this time ) rpmforge repo I’ve installed clamav-milter.
Next I’ve configured postfix to act as mailgateway for our internal mailserver, and I’ve enabled some controls on sender, look my posfix.conf:
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_unauth_destination,
reject_unauth_pipelining,
check_sender_access hash:/etc/postfix/whitelist
reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_unknown_recipient_domain,
reject_unverified_recipient
in “check_sender_access” I’ve Whitelists some sender that use blacklisted mailservers.
Now It’s time to setup postgrey, so in “smtpd_recipient_restrictions” section of main.cf add this line at the end of the section:
check_policy_service inet:127.0.0.1:10025
In /etc/sysconfig/postgrey you have to set options. This is mine:
OPTIONS="--greylist-text=\"You are greylisted...try again later. \" --inet=127.0.0.1:10025 --user=postfix --group=postfix"
You can also use unix socket instead of tcp socket It’s your choice.
Clamav-milter need to be configured, his configuration file is in /etc/clamav-milter.conf,
I’ve changed these parameter:
MilterSocket unix:/var/clamav/clmilter.socket User clamav AllowSupplementaryGroups yes ClamdSocket unix:/var/run/clamav/clamd.sock LogFile /var/log/clamav/clamav-milter.log LogSyslog yes LogFacility LOG_MAIL LogInfected Basic
To instruct postfix to use clamav-milter, add these two lines in /etc/postfix/main.cf after “smtpd_recipient_restrictions” section:
smtpd_milters = unix:/var/clamav/clmilter.socket non_smtpd_milters = unix:/var/clamav/clmilter.socket
With this settings we have no false positive, and we can catch 99 % of spam.
| 4 May |
In an earlier post I’ve told you how to use an eebox as a cache proxy and content filter…Today I’ve added also an antivirus control with HAVP ( http://www.server-side.de/ ) and ClamAV ( http://www.clamav.net )
let’s go:
me@linuxbox# apt-get update && apt-get install havp
Now we need to configure havp so open /etc/havp/havp.config and edit these values:
PARENTPROXY localhost
PARENTPORT 8081
FORWARDED_IP true
BIND_ADDRESS 127.0.0.1
TEMPLATEPATH /etc/havp/templates/"yourlang"
These are “sufficient” so read the manual and config HAVP to fit your needs.
Now edit /etc/squid/squid.conf and add these options
http_port localhost:8081 acl Scan_HTTP proto HTTP never_direct allow Scan_HTTP cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer_access 127.0.0.1 allow Scan_HTTP
Reload Squid and start HAVP and you can test if the system is working downloading an “eicar test” here http://www.eicar.org/anti_virus_test_file.htm
| 4 March |
Hello,
last week my new SSD drive is arrived, so I’ve want tell you the REAL performance of this disk.
We bought a 128GB Kingston SSDNow V+ Series sata2 drive model SNVP325-S2/128GB to use on a IBM thinkpad T60.
Before installing this drive I’ve ran a test on the original sata2 drive from IBM and these are detail:
Writing 1GB
crash@hal9000:~$ dd if=/dev/zero of=test1GB bs=4k count=250000
250000+0 records in
250000+0 records out
1024000000 bytes (1,0 GB) copied, 38,6391 s, 26,5 MB/s
Reading 1 GB
crash@hal9000:~$ dd if=test1GB of=/dev/null bs=4k count=250000
250000+0 records in
250000+0 records out
1024000000 bytes (1,0 GB) copied, 22,2653 s, 46,0 MB/s
As you can the real performance are 26,5 MB/s (write) and 46 MB/s (read)
Then I’ve cloned my system (use the tool you prefer) an installed the new SSD.
Restored the O.S. with no problem and the operating system (debian squeeze) boot in 7 second….
Amazing…
Then I’ve repeated the test
Writing 1GB
crash@HAL9000:~$ dd if=/dev/zero of=test1gb bs=4k count=250000
250000+0 records in
250000+0 records out
1024000000 bytes (1,0 GB) copied, 7,39791 s, 138 MB/s
Reading 1 GB
crash@hal9000:~$ dd if=test1GB of=/dev/null bs=4k count=250000
250000+0 records in
250000+0 records out
1024000000 bytes (1,0 GB) copied, 3,50632 s, 292 MB/s
So.. the new performance are 138 MB/s (write) and 292 MB/s (read)
Amazing….
*****************************************
UPDATE more Info about:
HAL9000:~# hdparm -t /dev/sda
/dev/sda:
Timing buffered disk reads: 334 MB in 3.01 seconds = 110.84 MB/sec
Top