I use KVM and OpenNebula on Ubuntu for virtualization. Getting such a cluster up and running is easy, but making it perform well takes much more work. Many times, the statement “my virtualization cluster works well” is equivalent to “I’m not paying attention.” My FreeBSD hosts help point out problems, though. All of my FreeBSD servers send me a daily email to tell me they’re still alive and to point out potential issues. That’s how I found out I was getting network collisions on my virtualized hosts, and here’s how I investigated them. Continue reading “Network collisions running hosts under KVM”
debugging iSCSI
Post summary: Get wireshark. Use it. It might not solve your problem, but it will tell you who to blame. Continue reading “debugging iSCSI”
Finding a SIP DoS attack via flow analysis
I’m leaving my getting hit in the head lesson when the boss calls. Some unmentionable orifice is firing DOS attacks at a couple of our SIP servers. My mission, should I choose to accept it, is to find and block the attackers. (Should I choose to not accept it, then my mission will be to listen to Fearless Leader whine about it. I can’t stand whining.) Fortunately, I have flow data for one of the servers under attack. Continue reading “Finding a SIP DoS attack via flow analysis”
Automated CARP/HAST Failover
Earlier I discussed using HAST to mirror a ZFS across two machines. I also discussed using devd with CARP interfaces, to run a script when a machine changes between master and backup. Now let’s glue these together to synchronize a ZFS switch with CARP state, and to run scripts when the system becomes the master or the backup. Continue reading “Automated CARP/HAST Failover”
CARP and devd on FreeBSD
In my last post I discussed using HAST with ZFS. That tells you how to replicate a filesystem back and forth between two machines. That’s nice, as far as it goes, but I want automatic failover. Clustering. I want to wake up in the morning to a message that says “machine 1 failed, machine 2 took over, and nobody noticed” instead of a lot of messages from angry customers. The standard FreeBSD failover mechanism is CARP, the Common Access Redundancy Protocol. Here’s the basics of CARP. Continue reading “CARP and devd on FreeBSD”
HAST and ZFS
There’s a nice tutorial on using HAST (Highly Available STorage) with UFS and ucarp. That’s very nice, but in my failover scenario I can’t use UFS; a fsck would take too long, and a background fsck would be most likely to lose the data I’m most likely to need. And FreeBSD comes with a kernel-side CARP implementation; why would I use the userland implementation instead? So: the tutorial is great, except it doesn’t do what I want. I’ll attack this problem in two phases: one, get HAST with ZFS running, and experiment with it. Two, get CARP failover to trigger HAST failover automatically. (I believe I can use devd for CARP-initiated failover, but I’ll need to do further research on that. That’ll be another posting.) Today I’m experimenting with HAST and ZFS. Continue reading “HAST and ZFS”
iSCSI boot FreeBSD?
Daisuke Aoyama (Google translation) has created a kernel module to glue an iSCSI disk to a boot drive. While the driver was intended for use with iBFT, you can also use it with gpxeboot. He has even made FreeBSD install ISOs with iSCSI support available. The server has limited bandwidth, so start the download well before you want to use it. (I have previously looked at using iSCSI disks on FreeBSD.)
Thank you, Aoyama-san!
Uninstalling Windows 7 Games, with Prejudice
I’m making an effort to work in the same way as my co-workers. This means using a Windows laptop, after fifteen years of Unixish desktops. I like to change desktop operating systems every couple of years anyway, so this isn’t a huge deal. The new work laptop came with Windows Vista, HP Bastardized Overloaded Nagware Edition, so the company Supreme Leader got me a Windows 7 DVD and license. I threw the disk into the laptop, kept hitting ENTER until the OS was installed, fed it my license key, and was up and running. That almost destroyed my productivity forever.
Continue reading “Uninstalling Windows 7 Games, with Prejudice”
my fourth Cacti template
We got a new Synaccess NetBooter networked power switch. Not only does this device do SNMP, but it supposedly reports on temperature and power utilization via SNMP. These are useful things to alarm on, and even to graph. So, I’m creating Cacti templates for them. Continue reading “my fourth Cacti template”
rancid and cvsweb
Rancid, or a similar program, is a necessity in network management. You can find a decent rancid tutorial at http://www.joe-ma.co.za/page.php?9, so I’m not going to flog that dead horse. I can’t expect my coworkers to learn either CVS or Subversion, however. They want a pretty Web interface, or they won’t use the tool. Continue reading “rancid and cvsweb”