沒放到颱風假的颱風天啊

昨天卡玫基颱風侵台,南台灣到處都是大風大雨,雖然我們是窩在客戶的機房裡,依然可以感受到機房鐵皮蓋外面那股恐怖的風力和磅礡的雨勢,從吃完午餐開始下,到一點多時,整個機房外面已經都被積水給包圍了,連客戶的長官來巡察機房都得捲起褲管,渡過水深過膝的積水區,才能進到機房來。

首先這是由機房上方鐵皮沿著排水管所接下來的積水,看得出雨勢很大,排水量也很大:
前面一點的地方地勢稍高,倒是沒有像機房前面積水這麼深:
倒是靠機房前方的積水已經到了膝蓋以上,每個人都得捲起褲管才能進出說:
下班要離開時,才發現車子居然發動不了,原來今天早上太匆忙了,居然沒關大燈!!!幸好 Fred 還沒離開太遠,兩人七手八腳在大風大雨中過電,終於讓小ㄅㄨㄅㄨ發動起來,不過,身上也已經從裡到外全濕透了,趕忙開向高雄市區的飯店,準備回去洗個暖呼呼的熱水澡,沒想到....
往高速公路岡山交流道的路居然都淹水了,沿路看到一堆機車騎士推著機車逆向推著車走回來,而且汽車完全動不了,沿路以時速還不到5公里慢慢的推進,而且,到了一段距離後來被指揮交通的人員說"前方路段淹水已經封閉",要我們改道行駛,在我換了四條路線之後,才發現往高雄市區的路幾乎都不通了,只好改北邊往路竹方向前進,再由路竹交流倒轉回高雄九如....在歷經將近5個小時的車程之後,終於在10點多回到了飯店,唉,5個小時,都可以三峽跟台南老家間往返一次了說,沒想到沒放到颱風假,還被困高雄淹水區,真是讓人嘔氣啊....

今天的雨勢已經稍小了,但岡山的機房依舊是積水:
還好今天大家都長記性學聰明了,大多穿著短褲拖鞋來上班,一副來觀光的痞子樣說....呵呵....
要來送貨的小貨車一樣得涉水開進來,幸好積水已經沒那麼深了:
(詳全文...)

把 SELinux 關閉的方法

網路上看到的,先當筆記吧...
vi /etc/sysconfig/selinux
找到 SELINUX=enforcing 並改成 SELINUX=disabled
重啟動測試:
setsebool -P httpd_disable_trans=1
(詳全文...)

LINUX DHCP (Dynamic Host Configuration Protocol) Failover 實作

在完成單台 DHCP server 的設定後,便是開始兩台 DHCP server redundancy 的實作囉,在 DHCP failover 中,有分成 Primary server 和 Secondry server,這裡要做的例子是:
第一台 Primary DHCP server (Host name: KHXDHCPS1, IP: 10.69.10.30)
第二台 Secondary DHCP server (Host name: KHXDHCPS2, IP: 10.69.10.31)
這兩台都是 RedHat EL ES4 Update6,dhcpd 的版本是 dhcp-3.0.1-59.EL4。

接下來的部分我將要讓 DHCP client 連上來時取得一個 10.69.100.1~10.69.100.240 之間
的 IP address (Netmask:255.255.255.0),Default gateway 為:10.69.100.254。

這裡我的 dhcpd 是跑在 eth0, 如果有需要跑在另一張網卡的話,可以自行去修改/etc/sysconfig/dhcpd 的內容:
例如要跑在eth1的話:
[root@KHXDHCPS1 ~]# cat /etc/sysconfig/dhcpd
# Command line options here
DHCPDARGS=eth1
當然也可以直接去修改 start 那一段:
start() {
# Start daemons.
echo -n $"Starting $prog: "

daemon /usr/sbin/dhcpd ${DHCPDARGS} 2>/dev/null

上面的第三行便是定義 dhcpd daemon 啟動時的 option,其中 ${DHCPDARGS} 就是剛剛 /etc/sysconfig/dhcpd 裡面給的值,
其他還有一些可用的 option 如下:
-f — 把 daemon 跑在 fg。這在測試時最常用。
-d — 把 DCHP daemon 記錄到標準錯誤描述器中。也是在測試時最常用。如果沒指定將被寫入 /var/log/messages。
-cf filename — 指定設定檔的位置。Default 是 /etc/dhcpd.conf。
-lf filename — 指定IP 租用記錄的位置。如果檔案已存在,在 DHCP service 每次啟動時使用同一個文件是很重要的。
強烈建議你只在無關緊要的機器上為調試目的才使用該選項。Default 的位置是 /var/lib/dhcp/dhcpd.leases.
-q — 在啟動該 daemon 時,不顯示整篇版權信息。

像上一篇提到的 /usr/sbin/dhcpd -d -f eth0 -lf /var/lib/dhcp/dhcpd.leases 就是我用來測試的。

以下便是實作開始:
首先就先編輯 Primary DHCP server 的設定檔:
這是第一台 DHCP server 的 dhcpd.conf 的內容:
[root@KHXDHCPS1 ~]# cat /etc/dhcpd.conf
ddns-update-style none;
ignore client-updates;
#ignore unknown-clients;

authoritative;
failover peer "dhcp-failover" {
primary;
address 10.69.10.30;
port 690;
peer address 10.69.10.31;
peer port 691;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
mclt 1800;
split 128;
}

subnet 10.69.0.0 netmask 255.255.0.0 {
option routers 10.69.100.254;
option subnet-mask 255.255.255.0;
option mobile-ip-home-agent 10.69.10.35;
option domain-name-servers 10.69.10.22;
default-lease-time 21600;
max-lease-time 43200;
pool {
failover peer "dhcp-failover";
range 10.69.100.1 10.69.100.240;
deny dynamic bootp clients;
}
}
這是第二台 DHCP server 的 dhcpd.conf 的內容:
[root@KHXDHCPS2 ~]# cat /etc/dhcpd.conf
ddns-update-style none;
ignore client-updates;
#ignore unknown-clients;

authoritative;
failover peer "dhcp-failover" {
secondary;
address 10.69.10.31;
port 691;
peer address 10.69.10.30;
peer port 690;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}

subnet 10.69.0.0 netmask 255.255.0.0 {
option routers 10.69.100.254;
option subnet-mask 255.255.255.0;
option mobile-ip-home-agent 10.69.10.35;
option domain-name-servers 10.69.10.22;
default-lease-time 21600;
max-lease-time 43200;
pool {
failover peer "dhcp-failover";
range 10.69.100.1 10.69.100.240;
deny dynamic bootp clients;
}
}
這裡有幾個重點要注意一下:
1. 這一行一定要有,ddns-update-style 動態更新 DNS 資料,設定方式有三種:
ddns-update-style ad-hoc
ddns-update-style interim
ddns-update-style none
2. 關於 "deny dynamic bootp clients;" 這一行,因為 failover 不支援 bootp 用戶端,必須拒絕才行,
所以如果你想搞個 Boot Server 帶 DHCP failover 的話,恐怕要失望了...
3. failover peer "dhcp-failover" 這是定義一下 failover 的名字
4. primary; 是指定這台 DHCP server 為 Master server。
5. secondary; 是指定這台 DHCP server 為 Slave server。
6. address 10.69.10.30 監聽 failover 訊息的 IP address。
7. port 690; 與 peer port 691; 監聽 failover 訊息的 TCP port。
8. peer address 10.69.10.31; 指定 Slave server 的 IP address。
9. max-response-delay 30; 同步信息最大延遲時間。
10. max-unacked-updates 10; 在收到對端 BNDACK 訊息之前最大可發送 BNDUPD 訊息的數量。
11. mclt 1800; 節點在互相通知之前更新一個租約的時間。
12. split 128; 固定值,必須是 128;這個值和 mclt 都只需設定在 primary 的設定檔上就好。
13. option mobile-ip-home-agent 10.69.10.35; 這是我測試環境裡給 WiMAX 用的 Home Agent 的 IP address。

接下來是驗證的課程囉:
把 dhcpd service 先打開然後到兩台 DHCP server 上去看一下 /var/log/messages 的內容吧:
[root@KHXDHCPS1 ~]# service dhcpd restart
Shutting down dhcpd: [ OK ]
Starting dhcpd: [ OK ]
這是第一台 DHCP server 的 dhcpd 啟動訊息:
[root@KHXDHCPS1 ~]# tail -f /var/log/messages
Jul 10 10:38:14 KHXDHCPS1 dhcpd: dhcpd shutdown succeeded
Jul 10 10:38:14 KHXDHCPS1 dhcpd: dhcpd shutdown succeeded
Jul 10 10:59:54 KHXDHCPS1 sshd(pam_unix)[29885]: session opened for user root by (uid=0)


Jul 10 11:02:29 KHXDHCPS1 dhcpd: Internet Systems Consortium DHCP Server V3.0.1
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Copyright 2004 Internet Systems Consortium.
Jul 10 11:02:29 KHXDHCPS1 dhcpd: All rights reserved.
Jul 10 11:02:29 KHXDHCPS1 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Internet Systems Consortium DHCP Server V3.0.1
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Copyright 2004 Internet Systems Consortium.
Jul 10 11:02:29 KHXDHCPS1 dhcpd: All rights reserved.
Jul 10 11:02:29 KHXDHCPS1 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Wrote 0 leases to leases file.
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Wrote 0 leases to leases file.
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Listening on LPF/eth0/00:1e:c9:ad:55:bf/10.69/16
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Sending on LPF/eth0/00:1e:c9:ad:55:bf/10.69/16
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Sending on Socket/fallback/fallback-net
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Listening on LPF/eth0/00:1e:c9:ad:55:bf/10.69/16
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Sending on LPF/eth0/00:1e:c9:ad:55:bf/10.69/16
Jul 10 11:02:29 KHXDHCPS1 dhcpd: Sending on Socket/fallback/fallback-net
Jul 10 11:02:29 KHXDHCPS1 dhcpd: failover peer dhcp-failover: I move from recover to startup
Jul 10 11:02:29 KHXDHCPS1 dhcpd: failover peer dhcp-failover: I move from recover to startup
Jul 10 11:02:29 KHXDHCPS1 dhcpd: dhcpd startup succeeded
Jul 10 11:02:29 KHXDHCPS1 dhcpd: dhcpd startup succeeded
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: peer moves from unknown-state to recover
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: requesting full update from peer
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: I move from startup to recover
Jul 10 11:02:31 KHXDHCPS1 dhcpd: Sent update request all message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: peer moves from recover to recover
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: requesting full update from peer
Jul 10 11:02:31 KHXDHCPS1 dhcpd: Sent update request all message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS1 dhcpd: Sent update done message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS1 dhcpd: Update request all from dhcp-failover: nothing pending
Jul 10 11:02:31 KHXDHCPS1 dhcpd: Sent update done message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS1 dhcpd: Update request all from dhcp-failover: nothing pending
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: peer update completed.
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: I move from recover to recover-done
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: peer update completed.
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: peer moves from recover to recover-done
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: I move from recover-done to normal
Jul 10 11:02:31 KHXDHCPS1 dhcpd: failover peer dhcp-failover: peer moves from recover-done to normal
Jul 10 11:02:31 KHXDHCPS1 dhcpd: pool 9d0e008 10.69/16 total 240 free 240 backup 0 lts -120
Jul 10 11:02:31 KHXDHCPS1 dhcpd: pool 9d0e008 10.69/16 total 240 free 240 backup 0 lts 120
這是第二台 DHCP server 的 dhcpd 啟動訊息:
[root@KHXDHCPS2 ~]# tail -f /var/log/messages
Jul 10 10:38:08 KHXDHCPS2 dhcpd: dhcpd shutdown succeeded
Jul 10 10:38:08 KHXDHCPS2 dhcpd: dhcpd shutdown succeeded
Jul 10 10:59:57 KHXDHCPS2 sshd(pam_unix)[31706]: session opened for user root by (uid=0)


Jul 10 11:02:30 KHXDHCPS2 dhcpd: Internet Systems Consortium DHCP Server V3.0.1
Jul 10 11:02:30 KHXDHCPS2 dhcpd: Copyright 2004 Internet Systems Consortium.
Jul 10 11:02:30 KHXDHCPS2 dhcpd: All rights reserved.
Jul 10 11:02:30 KHXDHCPS2 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jul 10 11:02:30 KHXDHCPS2 dhcpd: Internet Systems Consortium DHCP Server V3.0.1
Jul 10 11:02:30 KHXDHCPS2 dhcpd: Copyright 2004 Internet Systems Consortium.
Jul 10 11:02:30 KHXDHCPS2 dhcpd: All rights reserved.
Jul 10 11:02:30 KHXDHCPS2 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jul 10 11:02:30 KHXDHCPS2 dhcpd: Wrote 0 leases to leases file.
Jul 10 11:02:30 KHXDHCPS2 dhcpd: Wrote 0 leases to leases file.
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Listening on LPF/eth0/00:1e:c9:ad:55:a6/10.69/16
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sending on LPF/eth0/00:1e:c9:ad:55:a6/10.69/16
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sending on Socket/fallback/fallback-net
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Listening on LPF/eth0/00:1e:c9:ad:55:a6/10.69/16
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sending on LPF/eth0/00:1e:c9:ad:55:a6/10.69/16
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sending on Socket/fallback/fallback-net
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: I move from recover to startup
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: I move from recover to startup
Jul 10 11:02:31 KHXDHCPS2 dhcpd: dhcpd startup succeeded
Jul 10 11:02:31 KHXDHCPS2 dhcpd: dhcpd startup succeeded
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: peer moves from unknown-state to recover
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: requesting full update from peer
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: I move from startup to recover
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sent update request all message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: peer moves from recover to recover
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: requesting full update from peer
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sent update request all message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sent update done message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Update request all from dhcp-failover: nothing pending
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Sent update done message to dhcp-failover
Jul 10 11:02:31 KHXDHCPS2 dhcpd: Update request all from dhcp-failover: nothing pending
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: peer update completed.
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: I move from recover to recover-done
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: peer update completed.
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: peer moves from recover to recover-done
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: I move from recover-done to normal
Jul 10 11:02:31 KHXDHCPS2 dhcpd: failover peer dhcp-failover: peer moves from recover-done to normal
Jul 10 11:02:31 KHXDHCPS2 dhcpd: pool 9399ed0 10.69/16 total 240 free 240 backup 0 lts 120
明顯的 KHXDHCPS1 目前的確是 primary server,而 KHXDHCPS2 則是 secondary server。

接著把 Quanta Beceem BCS200 的 WiMAX 卡插上電腦開始嘗試著去取得 IP 吧,DHCP Client 向 DHCP Server 要求 IP 時主要的四個動作 ( DHCPDISCOVER , DHCPOFFER , DHCPREQUEST , DHCPACK ),如果能看到這四個動作,這就代表 Client 已經成功獲得 IP .而 /var/lib/dhcp/dhcp.lease 就會將此 IP 租用紀錄下來,所以這時會看到 KHXDHCPS1 (Master server) 上的 log 出現:
Jul 10 11:03:37 KHXDHCPS1 dhcpd: pool 9d0e008 10.69/16 total 240 free 120 backup 120 lts 0
Jul 10 11:03:37 KHXDHCPS1 dhcpd: DHCPDISCOVER from 00:17:c4:12:77:97 via 10.69.10.11
Jul 10 11:03:38 KHXDHCPS1 dhcpd: DHCPOFFER on 10.69.100.120 to 00:17:c4:12:77:97 (WiMAX-demoXX) via 10.69.10.11
Jul 10 11:03:38 KHXDHCPS1 dhcpd: DHCPREQUEST for 10.69.100.120 (10.69.10.30) from 00:17:c4:12:77:97 (WiMAX-demoXX) via 10.69.10.11
Jul 10 11:03:38 KHXDHCPS1 dhcpd: DHCPACK on 10.69.100.120 to 00:17:c4:12:77:97 (WiMAX-demoXX) via 10.69.10.11
而這時 KHXDHCPS2 (Slave server) 上的 log 則只出現:
Jul 10 11:03:37 KHXDHCPS2 dhcpd: pool 9399ed0 10.69/16 total 240 free 120 backup 120 lts 0
到 Client 上去看,果然有拿到正確的 IP address 了:
C:\Documents and Settings\Demo>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : WiMAX-demoXX
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-18-DE-19-B5-92

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/1000 PL Network Connection
Physical Address. . . . . . . . . : 00-15-58-30-80-C5

Ethernet adapter Local Area Connection 4:


Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Beceem Communications Inc. BCS200
Physical Address. . . . . . . . . : 00-17-C4-12-77-97
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.69.100.120
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.69.100.254
DHCP Server . . . . . . . . . . . : 10.69.10.30
DNS Servers . . . . . . . . . . . : 10.69.10.22
Lease Obtained. . . . . . . . . . : Thursday, July 10, 2008 11:07:15 PM
Lease Expires . . . . . . . . . . : Thursday, July 10, 2008 12:37:15 PM
這時我們看一下 /var/lib/dhcp/dhcpd.leases 的內容多了剛剛 IP 的租用訊息:
lease 10.69.100.120 {
starts 4 2008/07/10 03:03:38;
ends 4 2008/07/10 03:33:38;
cltt 4 2008/07/10 03:03:38;
binding state active;
next binding state expired;
hardware ethernet 00:17:c4:12:77:97;
uid "\001\000\027\304\022w\227";
client-hostname "WiMAX-demoXX";
}
當然在 Slave 的機器上也會有一筆相同的紀錄在。

接著測試一下 IP Rlease 跟 IP Renew 都可以得到相同的 IP address:

這是 Master DHCP server 的訊息:
Jul 10 11:05:31 KHXDHCPS1 dhcpd: DHCPRELEASE of 10.69.100.120 from 00:17:c4:12:77:97 (WiMAX-demoXX) via 10.69.10.11 (found)
Jul 10 11:05:35 KHXDHCPS1 dhcpd: DHCPDISCOVER from 00:17:c4:12:77:97 via 10.69.10.11
Jul 10 11:05:36 KHXDHCPS1 dhcpd: DHCPOFFER on 10.69.100.120 to 00:17:c4:12:77:97 (WiMAX-demoXX) via 10.69.10.11
Jul 10 11:05:36 KHXDHCPS1 dhcpd: DHCPREQUEST for 10.69.100.120 (10.69.10.30) from 00:17:c4:12:77:97 (WiMAX-demoXX) via 10.69.10.11
Jul 10 11:05:36 KHXDHCPS1 dhcpd: DHCPACK on 10.69.100.120 to 00:17:c4:12:77:97 (WiMAX-demoXX) via 10.69.10.11
這是 Slave DHCP server 的訊息:
Jul 10 11:05:31 KHXDHCPS2 dhcpd: DHCPRELEASE of 10.69.100.120 from 00:17:c4:12:77:97 via 10.69.10.11 (found)
Jul 10 11:05:35 KHXDHCPS2 dhcpd: pool 9399ed0 10.69/16 total 240 free 120 backup 120 lts 0
這是 /var/lib/dhcp/dhcpd.leases 的部分:
lease 10.69.100.120 {
starts 4 2008/07/10 03:03:38;
ends 4 2008/07/10 03:05:31;
cltt 4 2008/07/10 03:03:38;
binding state released;
next binding state free;
hardware ethernet 00:17:c4:12:77:97;
uid "\001\000\027\304\022w\227";
client-hostname "WiMAX-demoXX";
}
lease 10.69.100.120 {
starts 4 2008/07/10 03:03:38;
ends 4 2008/07/10 03:05:31;
tstp 4 2008/07/10 03:05:31;
cltt 4 2008/07/10 03:03:38;
binding state free;
hardware ethernet 00:17:c4:12:77:97;
uid "\001\000\027\304\022w\227";
}
lease 10.69.100.120 {
starts 4 2008/07/10 03:05:36;
ends 4 2008/07/10 03:35:36;
cltt 4 2008/07/10 03:05:36;
binding state active;
next binding state expired;
hardware ethernet 00:17:c4:12:77:97;
uid "\001\000\027\304\022w\227";
client-hostname "WiMAX-demoXX";
好了,以上便是今天的實作報告~

相關的參考資料:
DHCP Failover/load balancing
Failover with ISC DHCP
(詳全文...)

LINUX AutoFS 實作

昨天做到在 DHCP server 上把將遠端 KHXDB server (也就是 Veritas cluster 的 VIP) 上的 /DB mount 到 DHCP server 上的 /DB 來,然後再將 /var/lib/dhcp/DB/dhcp mount 到 /var/lib/dhcp 來,不過由於是將 Mount 的動作寫在 /etc/fstab 裡面,所以今天一早來就先把他改成 Automount,需要讀寫IP 租用紀錄檔時才自動去掛載遠端 KHXDB server 的 mount point。

Autofs 與 Mount/Umount 的不同之處在于,它是一種看守程序。如果它檢測到有任何使用者的動作試圖存取一個尚未掛載的檔案或目錄,它就會自動檢測該目錄或檔案,如果存在,那麼 Autofs會自動將其掛載。另外,如果它檢測到某個已掛接的目錄在一段時間內沒有被使用,那麼 Autofs會自動將其卸載。因此一旦執行了 Autofs後,使用者就不用再手動做系統的 Mount/Umount。

接下來就是實作的部分了,首先,在這次的範例中,要掛載遠端機器 KHXDB server 上的 /DB/dhcp 目錄到 DHCP server 的 /NFSDB/dhcp 掛載點,所以我們先編輯一下 /etc/auto.master
將下列這一行加入到 auto.master 檔案中:
/NFSDB /etc/auto.nfs --timeout 60
接著增加下列這一行至 /etc/auto.nfs 檔案中:
dhcp -rw,bg,soft,rsize=8192,wsize=8192 KHXDB:/DB/dhcp
其中 /etc/auto.nfs 檔案的第一個欄位 dhcp 是 /DBNFS 之下子目錄的名稱,這個目錄是由 automount 動態建立的,
它不應該實質上存在於近端機器上也就是 DHCP server 啦,第二個欄位包含掛載選項,如 rw 代表允許讀取與寫入的存取,第三個欄位就是 NFS 所匯出的位置,包括遠端主機名稱與目錄。

千萬要注意喔:
/NFSDB 目錄必須存在於本機的檔案系統中,而且 /NFSDB 目錄下不可以含有任何的子目錄喔。
Autofs 是一項服務,如要啟動這個服務,請在 shell 提示符號下輸入下列指令:
/sbin/service autofs restart
如果要檢視現行的掛載點,可以在 shell 提示符號下輸入下列指令:
[root@KHXDHCPS1 ~]# service autofs status
Configured Mount Points:
------------------------
/usr/sbin/automount --timeout=60 /NFSDB file /etc/auto.nfs

Active Mount Points:
--------------------
/usr/sbin/automount --timeout=60 /NFSDB file /etc/auto.nfs
假如在 autofs 執行中的情況下修改了 /etc/auto.master 設定檔案,那就必須在 shell 提示符號下輸入以下指令來讓 automount 系統程式重新載入:
[root@KHXDHCPS1 ~]# service autofs reload
Checking for changes to /etc/auto.master ....
Reload map /usr/sbin/automount --timeout=60 /NFSDB file /etc/auto.nfs
最後,可以有幾個方式確認一下遠端 mount 過來的狀況,第一個當然是直接去 ls 一下最後的 mount point,像是在這個例子中:
[root@KHXDHCPS1 ~]# ls -alrt /var/lib/dhcp
total 72
drwxr-xr-x 17 root root 4096 Jul 7 19:36 ..
-rw-r--r-- 1 root root 0 Jul 9 11:52 dbserver-id.donot-delete-me
-rw-r--r-- 1 root root 34779 Jul 9 19:47 dhcpd.leases~
drwxr-xr-x 2 root root 4096 Jul 9 19:47 .
-rw-r--r-- 1 root root 18033 Jul 9 19:47 dhcpd.leases
其中 dbserver-id.donot-delete-me 便是我擺在遠端 KHXDB server 上當作辨識用的檔案囉。

另一種方式便是直接去看 mount status:
[root@KHXDHCPS1 ~]# mount
/dev/sda2 on / type ext3 (rw)
none on /proc type proc (rw)
none on /sys type sysfs (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/sda1 on /boot type ext3 (rw)
none on /dev/shm type tmpfs (rw)
/dev/sda3 on /inactive_root type ext3 (rw)
/dev/sda6 on /others type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

automount(pid18972) on /NFSDB type autofs (rw,fd=5,pgrp=18972,minproto=2,maxproto=4)
/NFSDB/dhcp on /var/lib/dhcp type none (rw,bind)
KHXDB:/DB/dhcp1 on /NFSDB/dhcp type nfs (rw,bg,soft,rsize=8192,wsize=8192,addr=10.69.10.41)
(詳全文...)

DHCP server 上發生 Can't open lease database /var/lib/dhcp/dhcpd.leases: Permission denied -- 的錯誤訊息

這兩天為了將 DHCP server 的 IP 租用紀錄檔變更到另外兩台有裝 Veritas cluster 的機器所 mount 的 Dell-MD3000 storage 上,首先,我所想到的方法有兩個,第一個是直接更改 /etc/rc.d/init.d/dhcpd 檔案中關於 daemons start 的那一部份,加上 -lf /path-of-leases-file (例如:/NFSDB/dhcp/dhcpd.leases) 的 option,另一種方法是直接把遠端的 /DB/dhcp mount 到 DHCP server 的 /var/lib/dhcp 來,沒想到不管哪一種都發生了 DHCP server 上的 dhcpd 起不來的問題。

以下的範例是將遠端 KHXDB server (也就是 Veritas cluster 的 VIP) 上的 /DB mount 到 DHCP server 上的 /NFSDB 來,然後再將 /NFSDB/dhcp mount 到 /var/lib/dhcp 來:
[root@KHXDHCPS1 ~]# mount -o bind /NFSDB/dhcp /var/lib/dhcp
[root@KHXDHCPS1 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 4.0G 1.8G 2.1G 46% /
/dev/sda1 1012M 40M 921M 5% /boot
none 4.0G 0 4.0G 0% /dev/shm
/dev/sda3 4.0G 41M 3.7G 2% /inactive_root
/dev/sda6 21G 77M 19G 1% /others

KHXDB:/DB 537G 105M 510G 1% /NFSDB
/NFSDB/dhcp 537G 105M 510G 1% /var/lib/dhcp
原來的 /var/lib/dhcp/dhcpd.leases 在這時已經被指到 KHXDB:/DB/dhcp/dhcpd.leases 去了:
然後將 dhcpd servive 重啟,就出現了 Can't open lease database /var/lib/dhcp/dhcpd.leases: Permission denied -- 的錯誤訊息,
[root@KHXDHCPS1 ~]# service dhcpd start
Starting dhcpd: Internet Systems Consortium DHCP Server V3.0.1
Copyright 2004 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Can't open lease database /var/lib/dhcp/dhcpd.leases: Permission denied --
check for failed database rewrite attempt!
Please read the dhcpd.leases manual page if you
don't know what to do about this.

If you did not get this software from ftp.isc.org, please
get the latest from ftp.isc.org and install that before
requesting help.

If you did get this software from ftp.isc.org and have not
yet read the README, please read it before requesting help.
If you intend to request help from the dhcp-server@isc.org
mailing list, please read the section on the README about
submitting bug reports and requests for help.

Please do not under any circumstances send requests for
help directly to the authors of this software - please
send them to the appropriate mailing list as described in
the README file.

exiting.
[FAILED]
偏偏,在開啟除錯模式,並把 dhcpd 放到“幕前” (foreground)來執行後發現一切正常:
[root@KHXDHCPS1 ~]# /usr/sbin/dhcpd -d -f eth0 -lf /var/lib/dhcp/dhcpd.leases
Internet Systems Consortium DHCP Server V3.0.1
Copyright 2004 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 leases to leases file.
Listening on LPF/eth0/00:1e:c9:ad:55:bf/0/0
Sending on LPF/eth0/00:1e:c9:ad:55:bf/0/0
Sending on Socket/fallback/fallback-net
在幾次測試之後,終於發現只要改到 IP 租用紀錄檔的指定路徑 (例如:/NFSDB/dhcp/dhcpd.leases),或是這個路徑是經過 mount 過的路徑,都會造成 service dhcpd start 失敗。幾經波折,才發現原來這一台 DHCP server 是使用公司精裝的 OS 版本 (RHEL ES4 U6一片 CD 裝),而且重點是,居然把 SELinux 給 enable 了......真是給他一個無語,以前自己裝的 RHEL OS 都習慣性的把 SELinux 給 disable 掉,所以這次才完全沒想到這個方向去,所以接下來便是進去改設定囉:

這裡就直接進 X GUI 畫面,到安全配制項目內,於 SELinux 項目內把 dhcp 部分設定為不監控處理即可。首先:
接著,點開 Modify SELinux Policy 底下 SELinux Service Protection,然後把第一項 Disable SELinux protection for dhcpd daemon 打勾,再按 OK 就行了~
當然要關閉整個 SELinux 也是可行方式,不過這裡就以第一種方式來處理囉。
改完之後,已經可以直接用 service dhcpd start 的方式成功的帶起 dhcpd service 囉:
root@KHXDHCPS1 ~]# service dhcpd restart
Shutting down dhcpd: [ OK ]
Starting dhcpd: [ OK ]
[root@KHXDHCPS1 ~]#
[root@KHXDHCPS1 ~]# ps -aef |grep dhcp
root 21218 1 0 21:08 ? 00:00:00 /usr/sbin/dhcpd eth0
root 21223 20605 0 21:08 pts/0 00:00:00 grep dhcp

檢查一下新的 IP 租用紀錄檔果然已經有新的租用訊息寫進來囉:
[root@KHXDHCPS1 ~]# cat /var/lib/dhcp/dhcpd.leases
# All times in this file are in UTC (GMT), not your local timezone. This is
# not a bug, so please don't ask about it. There is no portable way to
# store leases in the local timezone, so please don't request this as a
# feature. If this is inconvenient or confusing to you, we sincerely
# apologize. Seriously, though - don't ask.
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.0.1


lease 10.69.100.244 {
starts 2 2008/07/08 13:02:25;
ends 2 2008/07/08 19:02:25;
binding state active;
next binding state free;
hardware ethernet 00:17:c4:12:77:65;
uid "\001\000\027\304\022we";
client-hostname "WiMAX-demoXX";
}
這裡加註一下:可以用 ls -Z 去觀察一下 /var/lib/dhcp 的目錄屬性,可以秀出關於 SELinux 的權限部分喔:
下面第一部份是修改 SELinux 之前:
[root@KHXDHCPS1 ~]# ls -alZ /var/lib/
drwxr-xr-x root root system_u:object_r:var_lib_t .
drwxr-xr-x root root system_u:object_r:var_t ..
drwxr-xr-x root root system_u:object_r:rpm_var_lib_t alternatives
drwxr-xr-x root root system_u:object_r:var_lib_t cs
drwx------ apache apache system_u:object_r:var_lib_t dav
drwxr-xr-x root root system_u:object_r:dhcp_state_t dhcp
drwxr-x--- root root system_u:object_r:var_lib_t dhcpv6
drwxr-xr-x root root system_u:object_r:var_lib_t games
-rw-r--r-- root root system_u:object_r:var_lib_t logrotate.status
drwxr-xr-x root root system_u:object_r:var_lib_t misc
drwxr-xr-x root root system_u:object_r:var_lib_nfs_t nfs
drwxr-xr-x ntp ntp system_u:object_r:ntp_drift_t ntp
drwxr-xr-x root root system_u:object_r:var_lib_t pcmcia
-rw------- root root user_u:object_r:var_lib_t random-seed
drwxr-xr-x rpm rpm system_u:object_r:rpm_var_lib_t rpm
drwxr-xr-x root root user_u:object_r:var_lib_t scrollkeeper
drwxr-x--- root slocate system_u:object_r:var_lib_t slocate
-rw-r--r-- root root system_u:object_r:var_lib_t supportinfo
drwxr-xr-x root root system_u:object_r:var_lib_t up2date
drwxr-xr-x root root system_u:object_r:var_lib_t xkb
下面這一部份是修改 SELinux 之後,並掛載遠端機器的目錄,會發現 /var/lib/dhcp 的目錄權限部分會被變更,所以在修改 SELinux 之前才會 dhcpd 一直啟動失敗:
[root@KHXDHCPS1 ~]# ls -alZ /var/lib/
drwxr-xr-x root root system_u:object_r:var_lib_t .
drwxr-xr-x root root system_u:object_r:var_t ..
drwxr-xr-x root root system_u:object_r:rpm_var_lib_t alternatives
drwxr-xr-x root root system_u:object_r:var_lib_t cs
drwx------ apache apache system_u:object_r:var_lib_t dav
drwxr-xr-x root root dhcp
drwxr-x--- root root system_u:object_r:var_lib_t dhcpv6
drwxr-xr-x root root system_u:object_r:var_lib_t games
-rw-r--r-- root root system_u:object_r:var_lib_t logrotate.status
drwxr-xr-x root root system_u:object_r:var_lib_t misc
drwxr-xr-x root root system_u:object_r:var_lib_nfs_t nfs
drwxr-xr-x ntp ntp system_u:object_r:ntp_drift_t ntp
drwxr-xr-x root root system_u:object_r:var_lib_t pcmcia
-rw------- root root user_u:object_r:var_lib_t random-seed
drwxr-xr-x rpm rpm system_u:object_r:rpm_var_lib_t rpm
drwxr-xr-x root root user_u:object_r:var_lib_t scrollkeeper
drwxr-x--- root slocate system_u:object_r:var_lib_t slocate
-rw-r--r-- root root system_u:object_r:var_lib_t supportinfo
drwxr-xr-x root root system_u:object_r:var_lib_t up2date
drwxr-xr-x root root system_u:object_r:var_lib_t xkb
接下來的部分是把遠端的載點 Umount 掉之後的狀態:
[root@KHXDHCPS1 ~]# umount /var/lib/dhcp
[root@KHXDHCPS1 ~]# ls -alZ /var/lib/
drwxr-xr-x root root system_u:object_r:var_lib_t .
drwxr-xr-x root root system_u:object_r:var_t ..
drwxr-xr-x root root system_u:object_r:rpm_var_lib_t alternatives
drwxr-xr-x root root system_u:object_r:var_lib_t cs
drwx------ apache apache system_u:object_r:var_lib_t dav
drwxr-xr-x root root root:object_r:var_lib_t dhcp
drwxr-x--- root root system_u:object_r:var_lib_t dhcpv6
drwxr-xr-x root root system_u:object_r:var_lib_t games
-rw-r--r-- root root system_u:object_r:var_lib_t logrotate.status
drwxr-xr-x root root system_u:object_r:var_lib_t misc
drwxr-xr-x root root system_u:object_r:var_lib_nfs_t nfs
drwxr-xr-x ntp ntp system_u:object_r:ntp_drift_t ntp
drwxr-xr-x root root system_u:object_r:var_lib_t pcmcia
-rw------- root root user_u:object_r:var_lib_t random-seed
drwxr-xr-x rpm rpm system_u:object_r:rpm_var_lib_t rpm
drwxr-xr-x root root user_u:object_r:var_lib_t scrollkeeper
drwxr-x--- root slocate system_u:object_r:var_lib_t slocate
-rw-r--r-- root root system_u:object_r:var_lib_t supportinfo
drwxr-xr-x root root system_u:object_r:var_lib_t up2date
drwxr-xr-x root root system_u:object_r:var_lib_t xkb
對了,附註一點,/var/lib/dhcp/dhcpd.leases 檔案中的時間是採用 GMT 所以跟系統實際有所差異,這是正常的。
(詳全文...)