Mounting a USB device

1. Attach the USB device to the Dom0 and run ‘dmesg’ to see if the device attached
2. Run ‘fdisk -l’ to see if the drive is partitioned the way you want it
3. For instance:
   [root@example ~]# fdisk -l /dev/sdc
   Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
   255 heads, 63 sectors/track, 121601 cylinders
   Units = cylinders of 16065 * 512 = 8225280 bytes
   Device Boot Start End Blocks Id System
   dev/sdc1 1 121601 976760001 8e Linux LVM
4. Now find a drive letter that is not being used on the DomU, in this instance we’ll use /dev/sde
5. To attach the USB device to the DomU run the following command
   • xm block-attach exampledomu phy:/dev/sdc sde w
6. You should now see the device on the DomU, run either ‘dmesg’ or ‘fdisk -l’ to verify
7. Mount the device as normal
   • mount /dev/sde1 /mnt/usb

Unmounting the device

1. You first need to get the device id number from the block list. Do this by running:
   • xm block-list exampledomu
2. This will return:
   Vdev BE handle state evt-ch ring-ref BE-path
   51712 0 0 4 9 8 /local/domain/0/backend/tap/23/51712
   2176 0 0 4 10 1338 /local/domain/0/backend/vbd/23/2176
3. The number you need to use to remove the device is 2176
4. Unmount the USB device from the DomU
   • umount /mnt/usb
5. Now on the Dom0 run:
6. xm block-detach exampledomu 2176
7. You may now remove the USB device

As you may/may not know, bonding is the ability of taking two or more network cards and make them act as one. This not only improves fail over, but it also increases the amount of network throughput for the server. The following will show you how to set up such an environment. For this to work you must have a switch that is capable of combining multiple switch ports together. This can be done on either a single switch (which is still a single point of failure) or a switch that is stackable such as Cisco’s 3750 line of products.

There are six different kinds of NIC bonding in Linux, the one we will set up is mode 4 which follows the 802.3ad standard known as link aggregate control protocol. This allows for an active-active grouping of network cards and in testing resulted in zero ping drop, though I did see a momentary spike in response time (from 2ms to 20-30ms during convergence).

1. First you need to check that your network card is capable of 802.1q VLAN tagging. You will need to research the capabilities of the card to make sure. Run ‘lspci | grep -i ethernet’ and note the response.
2. Second, check to see if the 802.1q module is installed by running ‘lsmod | grep 8021q’.  If its not installed then run ‘yum install bridge-utils’
3. Once those steps are done we can start configuring the network cards.  Go to /etc/sysconfig/network-scripts, in there you should see your network card configuration files; usually named ‘ifcfg-eth#’.  Write down or make a backup copy of the network information in your active NIC configuration file as you will need it later.
4. Edit your first configuration file with the following
   

   
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes


5. Your secondary card will contain the same information however the ‘DEVICE=eth#’ should match the name of the second card.
6. Next we card the bonded interface, which then becomes the main device for the server. Create a new file named ‘ifcfg-bond0′:
   

   
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
USERCTL=no


7. We now create the configuration file which will handle the 802.1q jumbo frames. Note that the device is named ‘bond0.17′. This is important as the ’17′ is the VLAN ID which the server will listen on. Make sure you know which VLAN’s are in your environment! Create a file named ‘ifcfg-bond0.17′:
   

   
DEVICE=bond0.17
BOOTPROTO=static
ONBOOT=yes
VLAN=yes
TYPE=Ethernet
BRIDGE=xenbr17

8. The ‘BRIDGE’ string is also important as this will tie the bond0.17 config file to the Xen bridge we are about to create. Repeat that step for every VLAN that you want your server to listen to.
9. Next we will create the configuration file that the DomU will be given. Create a file called ‘ifcfg-xenbr17′ and place the following:
   

   
DEVICE=xenbr17
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DELAY=0
STP=off

10. We will now create the management interface for the server. The management interface should have the same security restrictions as a management interface would have for a switch or any other network device. If someone compromises your Dom0, then all of your DomU’s are also compromised. ACL’s should be implemented for this network!
    

    
DEVICE=xenbr192
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DELAY=0
STP=off
IPADDR=192.168.1.12
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255

11. Edit the /etc/modprobe.conf file and append the following:
    

    
alias bond0 bonding
options bond0 miimon=100 mode=4 lacp_rate=1

12. That told the server what type of network bonding we will use. ‘mode=4′ tells the server that we want to use 802.3ad as our protocol for communication to the switch device.
13. Edit the /etc/xen/xend-config.sxp file, change where it says ‘(network-script network-bridge)’ to ‘(network-script ‘network-bridge-bonding bridge=bond0 netdev=0′)’
14. Now reboot the server

The next steps we will configure a Cisco switch, create the port channel, and configure it for LACP with 802.1q trunking.

1. Log into your switch, go to the global configuration mode and create a port channel interface by typing ‘int port-c 1′
2. Enter the following:
   

   
switchport trunk encapsulation dot1q
switchport mode trunk

3. Now go to the actual switch interfaces and enter the following:
   

   
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active

4. If the switch ports had originally been set up as an access interface, you can remove the configuration by entering:
   

   
no switchport mode access
no switchport access vlan VLAN ID

5. Now save the configuration file

Installation of new DomU’s will be the same as before by giving them a ‘xenbr#’ interface

The first version of PyMyDB Backup has been released and is based on Python 2.4.3. This is a Python script that will back up your MySQL databases, calculate the size of the backed up files, tarball and compress the contents, then email the results.

To use:

1. Download the EPEL RPM which can be found at: http://download.fedora.redhat.com/pub/epel/
2. Install pymydb-0.5.1-1.noarch.rpm which can be found at: GitHub
• This script creates the necessary directories and user account
3. After installation, there will be two scripts placed in /usr/local/bin which are pymydb.py and setup.py
4. Run the setup.py script, this will configure the pymydb.py script
• Logs into the MySQL server
• Creates the backup user, sets a password, and gives him select and lock tables privileges
• Configures the email settings
5. Change the permissions on the pymydb.py script
• chown root.pymydb pymydb.py
6. Add the pymydb.py script into cron and make sure to add a password for the system user

I needed a place to host my scripts, so I opened an account on GitHub. If you are unaware of what GitHub is, its a great place to publish code to the public by using Git; they also offer private hosting for a fee. Even if you do not have a need for this I recommend looking through the site as its a great place to view open source projects.

There are a lot of examples and scripts out on the Internet to automate MySQL backups but not a whole lot written in Python. This was developed to use in a MySQL replication environment and should be run on the slave server. This is an optimal solution as backup’s can run without affecting production. The script dumps each database individually, calculates the size of the sql backup, tarball them up, and emails a log when its done.

To run this the MySQLdb module must be installed on the server. You should also create a user specifically designed to run backups. You can effectively do this by running:

grant select, lock tables on *.* to backup@'localhost' identified by 'password';

The password is stored in base64 format. To encrypt the password for use in the script, run the following command within the Python terminal:


>>> from base64 import b64encode as encode
>>> encode("password")
'cGFzc3dvcmQ='

Though this is not the most secure way to encrypt a password to use within a script, it will prevent shoulder surfers.

Here it is, enjoy – https://github.com/jasonbrown17/MySQL-Backups

Setting up MySQL replication is an easy process to do. First you need to edit your my.cnf files on your two servers and add the following:

Server 1

server-id=1
auto_increment_offset=1
auto_increment_increment=3
log-bin=mysql_log

Server 2

server-id=2
auto_increment_offset=1
auto_increment_increment=3
log-bin=mysql_log

Make sure that the server id’s in the my.cnf file are unique for each server and the auto_increment_increment is n+1 more than the total amount of servers in your environment. This way your slave servers will update correctly. Once that is complete, restart the MySQL Service

service mysqld restart

To configure your slave user, log into the master and type the following:

mysql> create user slaveuser@’slavehost.example.com’ identified by ‘somepassword’;
mysql> grant replication slave on *.* to slaveuser@’slavehost.example.com’
mysql> flush privileges;

The next step is to dump the database from your primary server and import it on the slave server. To dump the database:

mysqldump -u root -p –lock-tables database > database.sql

Import the database on the slave server:

mysql -u root -p database < database.sql

We need to get the log file and position information from the master server in order to sync it with the slave. First lock the tables so no changes can be made and then show the status.

mysql> FLUSH TABLES WITH READ LOCK;
mysql> show master status;
+——————+————–+———————-+—————————+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+——————+————–+———————-+—————————+
| mysql_log.000006 | 156005305 | | |
+——————+————–+———————-+—————————+
1 row in set (0.00 sec)

Configure the slave server to attach to the master with the correct credentials. Note the MASTER_LOG_FILE and the MASTER_LOG_POS information need to be identical as the master.

mysql> CHANGE MASTER TO
-> MASTER_HOST=’masterhost.example.com’,
-> MASTER_USER=’slaveuser’,
-> MASTER_PASSWORD=’somepassword’,
-> MASTER_LOG_FILE=’mysql-bin.000006′,
-> MASTER_LOG_POS=156005305;

Next start the replication

mysql> START SLAVE;

Unlock the tables on the master

mysql> UNLOCK TABLES;

Check to make sure that it is running properly

mysql> show slave status\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: masterhost.example.com
Master_User: slaveuser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql_log.000006
Read_Master_Log_Pos: 156005305
Relay_Log_File: mysqld-relay-bin.000146
Relay_Log_Pos: 107097880
Relay_Master_Log_File: mysql_log.000006
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 155994592
Relay_Log_Space: 107097880
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
1 row in set (0.00 sec)

To set up a master-master replication, repeat the process on the second MySQL server.

That’s it!