Developers Club geek daily blog

Proxmox 4.0: The root partition into ZFS RAID1 or how to increase fault tolerance if in the server only 2 disks

2 years, 10 months ago
The task — to start Proxmox and several virtualok on the server with only 2 disks turned up to me. At the same time it was required to provide well though some reliability and simplicity of correction of problems of one of disks connected with failure. Further in a note the detailed description of testing of a solution at the stand.

Read more »

Feature of creation of the installation carrier for Windows 10 editions "House for one language"

2 years, 10 months ago
Faced that during creation of the installation carrier by means of the official utility of MediaCreationTool it is impossible to select edition "House for one language" at the selected Russian. Only 2 options are available: Windows 10 and Windows 10 N:

To select edition "House for one language" it is necessary to change language to English (United States) at first.

Read more »

As we won against a twilight between testing and operation

2 years, 10 months ago
Some time ago we in HeadHunter found "a twilight zone" by transfer of the new version of the website from testing in operation. The insufficient attention to a difference between test and fighting infrastructure periodically led to falling of the website.

Выйти из сумрака

Old test stands considerably differed on the internal device from a working cluster. Init-scripts for start of services differed, files of a configuration on an arrangement and contents differed. Interaction of services among themselves happened without features of a fighting environment.

I will show logic of our solution which allowed to achieve qualitatively new results of testing.

This article continues my report on SQA Days-18.

Read more »

Reservation of internal and external communication channels, static routing, corporate network on MikroTik

2 years, 10 months ago
I work as the technical support engineer in ISP. In article I will share experience of creation of a corporate network with static routing and reservation of communication channels, and also automatic informing on accident on email, at the limited budget for a distribution network of shops. For experienced network engineers article will hardly be interesting. This article can be useful for administrators to whom the similar task is set.

I consider that dynamic routing in this task would work not so quickly and possibly reliably as that is demanded by the project. I have nothing against dynamic routing, but negative responses about its work on the equipment MikroTik and some specifics of a network (about it below), influenced the choice towards a statics and scripts.

Read more »

Systemd and containers: acquaintance to systemd-nspawn

2 years, 10 months ago

Containerization today — one of the most actual subjects. The number of publications about such popular tools as LXC or Docker, is calculated by thousands if not in tens of thousands.
In this article we would like to discuss one more solution about which publications in Russian meanwhile a little. It is about systemd-nspawn — the tool for creation of the isolated environments which is one of the systemd components. And fixing of systemd as the standard in the world of Linux — already come true fact. In the light of this fact there are all bases to believe that soon scope of systemd-nspawn will significantly extend, and  it is worth getting acquainted with this tool closer already now.

Read more »

FlexPod DataCenter: Direct-Attached Storage

2 years, 10 months ago
In the previous article I told about "a не-FlexPod of DC" to architecture which can be supported from "one hands" according to the Cisco "Solution Support for Critical Infrastructure" (SSCI) program. Its main feature consists that in it there are no Nexus series switches and if there to add them, such architecture can become full-fledged FlexPod DataCenter.

Here the speech about new design of a network, for FlexPod DataCenter, with a live broadcast of SHD NetApp will go to the UCS domain. Difference from standard architecture of FlexPod DataCenter is that the switches Nexus are located not between UCS and NetApp, and "over" UCS.

In spite of the fact that and before SHD NetApp of the FAS series it was possible to connect directly to Fabric Interconnect (FI), officially the architecture of FlexPod DataCenter did not predusmarivat such design. Now the design with a live broadcast is supported and to saportitsya as FlexPod DataCenter architecture.

The general design of the FC and FCoE network with a live broadcast
Opisny switching circuits on the image are higher
Simultaneous connection on FC and FCoE is represented for two reasons:
  1. It is so really possible to make and it will work
  2. To show that it is possible for FC and/or FCoE.

Ethernet connection between two NetApp FAS controllers are represented for two reasons:
  1. To show that it is two notes of one NA of system (if it is more notes, on the picture surely there would be cluster switches).
  2. External cluster link obligatory accessory of the Clustered DataONTAP operating system.

FC a link from FI to Nexus of the switch is represented for two reasons:
  1. For the future. When we need to switch NetApp to Nexus switches and FI got access to the Lun'am. Then the scheme will become more scaled, it will be possible to add still UCS domains.
  2. To take away resources from storage from other servers which do not enter the UCS domain. For example UCS Rack of servers (UCS C a series) not connected to FI or servers of other vendors.

For traffic Ethernet jointly as with a live broadcast and the iSCSI protocol, and a live broadcast and the FCP protocol — by means of the multipasing which is built in these protocols there are no problems in setup of fault tolerance and balancing on links.
And here for NAS protocols, with a live broadcast (NFS v2/NFS v3 and CIFS v1/CIFS v2), in a type of lack of balancing of loading and a multipasing in these protocols, their function have to fulfill some other, underlying protocols, such as LACP and vPC (FI does not support vPC), thus fault tolerance for Ethernet of a network will have to build somehow in a different way. For example fault tolerance for Ethernet can be made at the level of a virtual switch (that can have problems with performance of such switch) or by means of active-passive of switching of the aggregated network link, without LACP (that the traffic on all available links will not allow to balance), ifgrp link for this purpose aggregated, from SHD, has to be configured in the single-mode mode.
The question with a live broadcast for NAS protocols not so sharply looks for NFS v4 and CIFS v3.0, but demands support of these protocols on the party of clients and SHD (all systems of FAS with cDOT are supported by NFS v4 and CIFS v3.0) as both protocols at last purchased a certain similarity of a multipasing.
to configure FCoE and CIFS/NFS a traffic over one link
  • First the version of a firmware Cisco UCS firmware 2.1 or above is necessary
  • Secondly the storage with 10GB CNA/UTA ports is necessary

Further we go on settings:
From NetApp storage it is necessary to transfer ports to CNA status (existence of CNA ports, normal Ethernet 1/10Gbs is necessary ports of it do not support), by means of the ucadmin command on SHD (restart of SHD will be required). In system independently "virtual" ports Ethernet and "virtual" FC ports, separately will be displayed (though the physical port for one such "virtual" Ethernet and one "virtual" FC will be used one). Such ports separately as normal physical ports are configured.
On FI it is necessary to include the FC mode in a status of "Switching mode", in the Fabric A/B settings on the Equipment tab. This setup will demand restart of FI.
After restart of FI on the Equipment tab it will be necessary to transfer convergent ports to the Appliance port mode, after several seconds the port will pass into online mode. Then recustomize port in the FCoE Storage Port mode, on the right panel you will see type of Unified Storage port. Now will be vozmozhnocht to select VSAN and VLAN for such port. And the important point created earlier VSAN has to have included "FC zoning" on FI to execute a zoning.

Setup of a zoning for FI:
SAN-> Storage Cloud-> Fabric X-> VSANs-> Create "NetApp-VSAN-600"->
VSAN ID: 600
FCoE VLAN ID: 3402
FC Zonning Settings: FC Zonning-> Enabled

SAN-> Policies-> vHBA Templates-> Create "vHBA-T1"-> VSAN "NetApp-VSAN-600"

SAN-> Policies-> Storage Connectivity Policies-> Create "My-NetApp-Connectivity"-> Zoning Type-> Sist (or Simt if is necessary)-> Create->
FC Target Endpoint: "NetApp LIF's WWPN" (begins with 20:)

SAN-> Policies-> SAN Connectivity Policies-> Create "NetApp-Connectivity-Pol1"-> vHBA Initiator Group->
Create "iGroup1"-> Select vHBA Initiators "vHBA-T1"
Select Storage Connectivity Policy: "My-NetApp-Connectivity"

During creation of Server Profile to use the created politicians and vHBA a template.

Read more »

Reliability and durability of server hardware

2 years, 10 months ago

Read more »

We invite to December meetings of IT community in Samara, Omsk, Novosibirsk and Krasnoyarsk

2 years, 10 months ago
As promised in the last post about meetings — new meetings of IT community in Samara, Omsk, Novosibirsk and Krasnoyarsk. This time a subject of meetings — Windows 10. The Windows 10 operating system left about 4 months ago and in anticipation of the next year, it is possible to meet quietly colleagues and to discuss what new appeared in Windows 10 what new scenarios of implementation it supports as it can be managed in corporate and not really to Wednesday how to manage the Windows 10 updates and many other questions which arise at any IT shnika when it learns about new OS.

We invite you to the meetings of IT community in Samara, Omsk, Novosibirsk and Krasnoyarsk organized by IT community and MCP clubs with assistance of community Microsoft Most Valuable Professionals!

Read more »

Network monitoring: as we monitor that all nodes worked for the large companies

2 years, 11 months ago

By the form this optics going on the wood to a collector it is possible to conclude that the assembler did not observe technology a little. Fastening on a photo also prompts that it is, probably, the seaman – a node sea.

I from command of ensuring physical operability of a network, in other words – the technical support which is responsible for that bulbs on routers blinked as it is necessary. We have "under a wing" different large companies with infrastructure over all country. In their business we do not climb, our task – that worked a network at the physical control layer and the traffic passed as it is necessary.

The general sense of work – permanent poll of nodes, removal of telemetry, runs of tests (for example, check of settings for search of vulnerabilities), ensuring working capacity, application monitoring, a traffic. Sometimes inventories and other perversions.

I will tell how it is organized also to steam of stories from departures.

Read more »

Asterisk: Prioritizing of VoIP of a traffic and reservation of Internet access of two providers on MikroTik

2 years, 11 months ago
It would seem the things which are taken out in heading, are rather trivial and described in a set of places of a wide area network, but it only at first sight. Having tested the most often meeting councils I found several "reefs", blocks and even rocky educations.

But all this words, keep to the point.
Rather widespread situation — Asterisk in LKS, behind MikroTik router.
To select a server traffic where PBX is set, the administrator cuts off part of the canal of provider selecting it only for specific IP.
Or other implementation when the necessary traffic is determined not only by the IP address PBX, but also by the size of packets and the protocol.
Tried — works. It is possible to forget? Here not.

What if the administrator wants to merge something from the Internet being in a server konsolka, or on the contrary to send somewhere to the Internet a large number of traffic? Correctly — it is prioritized on MikroTik as well as a useful traffic from PBX that as a result will lead to problems with IP telephony.

The solution is old as IPv4 here — to mark a traffic on the server with Asterisk generated only by it and so that MikroTik could "see", otmatchit it (forgive for so rough anglicism) and to prioritize only it.

The following item we have a reservation of channels from two Internet service providers.
I think that the script from wiki — is familiar to each system administrator using MikroTik routers in the economy
It all is good, but as well as in the previous situation there is a row "but".
To the most powerful of them the name "Connection tracking" also consists it here in what:
when our main ISP desires to have a rest from works just, traffic switches to reserve.

All are seemingly happy, YouTube works, yap too, but how many we would not shout ekspekto potronum
sip reload

and in despair did not try to apply magic of the higher orders
core restart now

SIP registration do not rise.

And the matter is that in the Connection tracking mechanism records from a "old" (main) Internet channel remained to hang and they need to be deleted then registration will successfully rise and calls will begin to pass.

If it is interesting to you how to prove Mikrotik'U who after all a camel, and just as to automate in a script reset of "old" connections, then to you directly under kat.

Read more »