Developers Club geek daily blog

Server administration most recent articles

Installation and the Puppet setup of version 3.8 on the example of Centos 6.5

 2 years, 11 months ago
Puppet, Chef, Ansible are so-called management systems configurations which can be met often in foreign IT vacancies like Server/DevOps Admin. Actually it is powerful tools which can configure completely the nulyovy server or quickly enough in large quantities recustomize a set of 1-100+ servers. Work with packets, with the command line, files of settings, everything is available.

The high-level overview can be read in a post How to become the puppeteer

Actually to writing of this initial article for Puppet I was moved by extremely scanty description in the results which are found on the Internet. And even when using official documentation you manage to come across a heap grabel and reefs and to receive not that expected.

The reason of use of a branch 3.8, instead of 4.3 consists in use of this version on "my" servers because of existence of these packets in a repo. The paid Enterprise option is also not considered since I did not work with it. The reason of use of Centos – it is rather widespread, including modifed versions from Amazon.

For local tests it is possible to use two virtualka on VirtualBox under CentOS-6.5-x86_64.

For a start two interfaces are configured: for an output in the external Internet and for creation of a local area network for puppet. Hostname will be conditional pmaster.test.net, and a node for the client (more nodes are possible) stage.test.net. Let's register them on all nodes in hosts (of course if only you have under them no DNS of the server).

Read more »

You want to integrate Telegram into Redmine? There is a solution

 2 years, 11 months ago
Some time ago I told from volume "How to Keep Difficult Hierarchy of Settings in the Redmine Projects". This story was based on experience of development of a plug-in of redmine_intouch. In this publication I will tell about the plug-in and what it can be useful to you.

Our company grows, it is harder and harder to rely on a human factor, and numerous clients expect instant reaction to the requests.

In this regard we try to automate as much as possible all possible processes, to remind administrators of need in time to write the status on open tasks to clients …

So there was an idea to create a plug-in which will send notifications to a wide range of persons — the contractor, the author, observers behind a task, and also to specialized group chats.

image

Read more »

FlexPod DataCenter: Direct-Attached Storage

 2 years, 11 months ago
In the previous article I told about "a не-FlexPod of DC" to architecture which can be supported from "one hands" according to the Cisco "Solution Support for Critical Infrastructure" (SSCI) program. Its main feature consists that in it there are no Nexus series switches and if there to add them, such architecture can become full-fledged FlexPod DataCenter.

Here the speech about new design of a network, for FlexPod DataCenter, with a live broadcast of SHD NetApp will go to the UCS domain. Difference from standard architecture of FlexPod DataCenter is that the switches Nexus are located not between UCS and NetApp, and "over" UCS.

In spite of the fact that and before SHD NetApp of the FAS series it was possible to connect directly to Fabric Interconnect (FI), officially the architecture of FlexPod DataCenter did not predusmarivat such design. Now the design with a live broadcast is supported and to saportitsya as FlexPod DataCenter architecture.

The general design of the FC and FCoE network with a live broadcast
Opisny switching circuits on the image are higher
Simultaneous connection on FC and FCoE is represented for two reasons:
  1. It is so really possible to make and it will work
  2. To show that it is possible for FC and/or FCoE.

Ethernet connection between two NetApp FAS controllers are represented for two reasons:
  1. To show that it is two notes of one NA of system (if it is more notes, on the picture surely there would be cluster switches).
  2. External cluster link obligatory accessory of the Clustered DataONTAP operating system.

FC a link from FI to Nexus of the switch is represented for two reasons:
  1. For the future. When we need to switch NetApp to Nexus switches and FI got access to the Lun'am. Then the scheme will become more scaled, it will be possible to add still UCS domains.
  2. To take away resources from storage from other servers which do not enter the UCS domain. For example UCS Rack of servers (UCS C a series) not connected to FI or servers of other vendors.



For traffic Ethernet jointly as with a live broadcast and the iSCSI protocol, and a live broadcast and the FCP protocol — by means of the multipasing which is built in these protocols there are no problems in setup of fault tolerance and balancing on links.
And here for NAS protocols, with a live broadcast (NFS v2/NFS v3 and CIFS v1/CIFS v2), in a type of lack of balancing of loading and a multipasing in these protocols, their function have to fulfill some other, underlying protocols, such as LACP and vPC (FI does not support vPC), thus fault tolerance for Ethernet of a network will have to build somehow in a different way. For example fault tolerance for Ethernet can be made at the level of a virtual switch (that can have problems with performance of such switch) or by means of active-passive of switching of the aggregated network link, without LACP (that the traffic on all available links will not allow to balance), ifgrp link for this purpose aggregated, from SHD, has to be configured in the single-mode mode.
The question with a live broadcast for NAS protocols not so sharply looks for NFS v4 and CIFS v3.0, but demands support of these protocols on the party of clients and SHD (all systems of FAS with cDOT are supported by NFS v4 and CIFS v3.0) as both protocols at last purchased a certain similarity of a multipasing.
to configure FCoE and CIFS/NFS a traffic over one link
  • First the version of a firmware Cisco UCS firmware 2.1 or above is necessary
  • Secondly the storage with 10GB CNA/UTA ports is necessary

Further we go on settings:
From NetApp storage it is necessary to transfer ports to CNA status (existence of CNA ports, normal Ethernet 1/10Gbs is necessary ports of it do not support), by means of the ucadmin command on SHD (restart of SHD will be required). In system independently "virtual" ports Ethernet and "virtual" FC ports, separately will be displayed (though the physical port for one such "virtual" Ethernet and one "virtual" FC will be used one). Such ports separately as normal physical ports are configured.
On FI it is necessary to include the FC mode in a status of "Switching mode", in the Fabric A/B settings on the Equipment tab. This setup will demand restart of FI.
After restart of FI on the Equipment tab it will be necessary to transfer convergent ports to the Appliance port mode, after several seconds the port will pass into online mode. Then recustomize port in the FCoE Storage Port mode, on the right panel you will see type of Unified Storage port. Now will be vozmozhnocht to select VSAN and VLAN for such port. And the important point created earlier VSAN has to have included "FC zoning" on FI to execute a zoning.

Setup of a zoning for FI:
SAN-> Storage Cloud-> Fabric X-> VSANs-> Create "NetApp-VSAN-600"->
VSAN ID: 600
FCoE VLAN ID: 3402
FC Zonning Settings: FC Zonning-> Enabled

SAN-> Policies-> vHBA Templates-> Create "vHBA-T1"-> VSAN "NetApp-VSAN-600"

SAN-> Policies-> Storage Connectivity Policies-> Create "My-NetApp-Connectivity"-> Zoning Type-> Sist (or Simt if is necessary)-> Create->
FC Target Endpoint: "NetApp LIF's WWPN" (begins with 20:)

SAN-> Policies-> SAN Connectivity Policies-> Create "NetApp-Connectivity-Pol1"-> vHBA Initiator Group->
Create "iGroup1"-> Select vHBA Initiators "vHBA-T1"
Select Storage Connectivity Policy: "My-NetApp-Connectivity"

During creation of Server Profile to use the created politicians and vHBA a template.

Read more »

Configuration management in the program project

 2 years, 11 months ago
At first everything was simple. Youth, enthusiasm. The project was sawn by several programmers. All incensed, in process of readiness copied a code on the general virtualka, occasionally popinyvat the administrator regarding to deliver some packet or to correct a config. As soon as understood that everything, went to do release. At first backup, brought together then by senior all the steepness in a fist, copied the project on production the server and, with assistance of the administrator, tried to obtain that it earned there. The command waited two days, was convinced that queue with hatchets was not formed of grateful users, and, with a pride for the performed work, went to drink beer.

Then all slightly matured. Appeared and began somehow to be used by redmine/jira/etc, git/svn, jenkins, spinx-docs/rubydoc/doxygen/etc, wiki, unit tests. There were subprojects, the stand grew up. Production of servachok became a little. The administrator lifted salt/puppet/etc, monitoring, sits in the den as a spider, governs configs on salt-master and pulls state.highstate from there.

Read more »

Security audit on the server. Search in a safety zhuranal. Power Powershell

 2 years, 11 months ago
Audit of the log of safety helped my colleague to control practically any actions of employees which have though some access to servers or ActiveDirectory.

In a topic there will be a lot of code which, I hope, to you will be useful.

First of all it was necessary to define the event list which needed to be traced. To reduce the number of the text, I created procedure which on ID of an event issues its description:

Read more »

Reliability and durability of server hardware

 2 years, 11 months ago

Read more »

We invite to December meetings of IT community in Samara, Omsk, Novosibirsk and Krasnoyarsk

 2 years, 11 months ago
As promised in the last post about meetings — new meetings of IT community in Samara, Omsk, Novosibirsk and Krasnoyarsk. This time a subject of meetings — Windows 10. The Windows 10 operating system left about 4 months ago and in anticipation of the next year, it is possible to meet quietly colleagues and to discuss what new appeared in Windows 10 what new scenarios of implementation it supports as it can be managed in corporate and not really to Wednesday how to manage the Windows 10 updates and many other questions which arise at any IT shnika when it learns about new OS.

We invite you to the meetings of IT community in Samara, Omsk, Novosibirsk and Krasnoyarsk organized by IT community and MCP clubs with assistance of community Microsoft Most Valuable Professionals!

Read more »

Asterisk: Prioritizing of VoIP of a traffic and reservation of Internet access of two providers on MikroTik

 2 years, 11 months ago
It would seem the things which are taken out in heading, are rather trivial and described in a set of places of a wide area network, but it only at first sight. Having tested the most often meeting councils I found several "reefs", blocks and even rocky educations.

But all this words, keep to the point.
Rather widespread situation — Asterisk in LKS, behind MikroTik router.
To select a server traffic where PBX is set, the administrator cuts off part of the canal of provider selecting it only for specific IP.
Or other implementation when the necessary traffic is determined not only by the IP address PBX, but also by the size of packets and the protocol.
Tried — works. It is possible to forget? Here not.

What if the administrator wants to merge something from the Internet being in a server konsolka, or on the contrary to send somewhere to the Internet a large number of traffic? Correctly — it is prioritized on MikroTik as well as a useful traffic from PBX that as a result will lead to problems with IP telephony.

The solution is old as IPv4 here — to mark a traffic on the server with Asterisk generated only by it and so that MikroTik could "see", otmatchit it (forgive for so rough anglicism) and to prioritize only it.

The following item we have a reservation of channels from two Internet service providers.
I think that the script from wiki — wiki.mikrotik.com/wiki/Failover_Scripting is familiar to each system administrator using MikroTik routers in the economy
It all is good, but as well as in the previous situation there is a row "but".
To the most powerful of them the name "Connection tracking" also consists it here in what:
when our main ISP desires to have a rest from works just, traffic switches to reserve.

All are seemingly happy, YouTube works, yap too, but how many we would not shout ekspekto potronum
sip reload

and in despair did not try to apply magic of the higher orders
core restart now

SIP registration do not rise.

And the matter is that in the Connection tracking mechanism records from a "old" (main) Internet channel remained to hang and they need to be deleted then registration will successfully rise and calls will begin to pass.

If it is interesting to you how to prove Mikrotik'U who after all a camel, and just as to automate in a script reset of "old" connections, then to you directly under kat.

Read more »

The cloudy hosting in 5 minutes. Part 3: Consul, Registrator, Consul-Template

 2 years, 11 months ago
Docker friends

Hi Habr! I continue a cycle of articles about how to construct the cloudy hosting in 5 minutes. In last article we considered tools which will help to solve to us a problem of detection of services (Service Discovery). In it parts we will start practice, we will construct a cloud and we will look as these tools behave in real life.

As before, the normal programmer within 5 minutes can perform all work, having just started a set of scenarios for Ansible which I prepared especially for you and laid out on GitHub.

In spite of the fact that our cloud became more difficult and now in it the bigger number of tools is used, it became simpler to construct it. I completely rewrote a set of scenarios of last articles, deleted all superfluous, simplified other so as far as it in general is possible.

Read more »

Method of fast performance measurement of the accidental server

 2 years, 11 months ago
In the world of web development often there is a problem of selection of the server according to a web application, or on - analogies check of performance of the available server. Perhaps, we need to purchase the new server that it maintained estimated loading. Perhaps, the customer gives us for deploya the available server. Anyway, if after expansion and an application launch it shows poor performance, then will ask from command.

The main problem is that it is necessary to expedite a server performance assessment, without use special (read, difficult) tools and, certainly, to release. We have to be able to remove certain metrics from the server and, having increased them by the known indicators of the application, to receive application performance assessment on this server.

In life not each developer can carry out this task, and from remained not everyone wants to execute it.

In this article I want to tell about those acceptances and tools which we use for a server performance assessment.

Read more »