Tuesday, October 11, 2011

MySQL Replication

​Setting up MySQL replication is an easy process to do. First you need to edit your my.cnf files on your two servers and add the following:
Server 1
    server-id=1
    auto_increment_offset=1
    auto_increment_increment=3
    log-bin=mysql_log
Server 2
    server-id=2
    auto_increment_offset=1
    auto_increment_increment=3
    log-bin=mysql_log
Make sure that the server id’s in the my.cnf file are unique for each server and the auto_increment_increment is n+1 more than the total amount of servers in your environment. This way your slave servers will update correctly. Once that is complete, restart the MySQL Service
    service mysqld restart
To configure your slave user, log into the master and type the following:
    mysql> create user slaveuser@’slavehost.example.com’ identified by ‘somepassword’;
    mysql> grant replication slave on *.* to slaveuser@’slavehost.example.com’
    mysql> flush privileges;
The next step is to dump the database from your primary server and import it on the slave server. To dump the database:
    mysqldump -u root -p –lock-tables database > database.sql
Import the database on the slave server:
    mysql -u root -p database < database.sql
We need to get the log file and position information from the master server in order to sync it with the slave. First lock the tables so no changes can be made and then show the status.
    mysql> FLUSH TABLES WITH READ LOCK;
    mysql> show master status;
    +——————+————–+———————-+—————————+
    | File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
    +——————+————–+———————-+—————————+
    | mysql_log.000006 | 156005305 | | |
    +——————+————–+———————-+—————————+
    1 row in set (0.00 sec)
Configure the slave server to attach to the master with the correct credentials. Note the MASTER_LOG_FILE and the MASTER_LOG_POS information need to be identical as the master.
    mysql> CHANGE MASTER TO
    -> MASTER_HOST=’masterhost.example.com’,
    -> MASTER_USER=’slaveuser’,
    -> MASTER_PASSWORD=’somepassword’,
    -> MASTER_LOG_FILE=’mysql-bin.000006′,
    -> MASTER_LOG_POS=156005305;
Next start the replication
    mysql> START SLAVE;
Unlock the tables on the master
    mysql> UNLOCK TABLES;
Check to make sure that it is running properly
    mysql> show slave status\G;
    *************************** 1. row ***************************
    Slave_IO_State: Waiting for master to send event
    Master_Host: masterhost.example.com
    Master_User: slaveuser
    Master_Port: 3306
    Connect_Retry: 60
    Master_Log_File: mysql_log.000006
    Read_Master_Log_Pos: 156005305
    Relay_Log_File: mysqld-relay-bin.000146
    Relay_Log_Pos: 107097880
    Relay_Master_Log_File: mysql_log.000006
    Slave_IO_Running: Yes
    Slave_SQL_Running: Yes
    Replicate_Do_DB:
    Replicate_Ignore_DB:
    Replicate_Do_Table:
    Replicate_Ignore_Table:
    Replicate_Wild_Do_Table:
    Replicate_Wild_Ignore_Table:
    Last_Errno: 0
    Last_Error:
    Skip_Counter: 0
    Exec_Master_Log_Pos: 155994592
    Relay_Log_Space: 107097880
    Until_Condition: None
    Until_Log_File:
    Until_Log_Pos: 0
    Master_SSL_Allowed: No
    Master_SSL_CA_File:
    Master_SSL_CA_Path:
    Master_SSL_Cert:
    Master_SSL_Cipher:
    Master_SSL_Key:
    Seconds_Behind_Master: 0
    1 row in set (0.00 sec)
To set up a master-master replication, repeat the process on the second MySQL server.
That’s it!

Saturday, July 9, 2011

Multiple VLAN's with Xen Dom0

​A great feature of Linux and Xen is the ability to run DomU’s on multiple networks. To do this we first need to set up the VLAN’s on a switch and then set the port the Dom0 is connected to allow for 802.1q traffic. On a Cisco switch, log into the IOS and change the interface that the server is sitting on and type:
switch(config-if) switchport trunk encapsulation dot1q
switch(config-if) switchport mode trunk
Once this is done we can then configure Dom0 to communicate to these networks. In CentOS, you need to change directories to /etc/sysconfig/network-scripts.
First copy the ifcfg-eth0 file to make a back up then edit the file as follows:
DEVICE=eth0
HWADDR=
ONBOOT=yes
BOOTPROTO=none
Next we create four new files which will define our VLAN and non-VLAN traffic. The first two files will define which VLANs the server should listen on:
Create the file: /etc/sysconfig/network-scripts/ifcfg-eth0.17. This will define VLAN 17.
Then enter in the following:
DEVICE=eth0.17
BOOTPROTO=static
ONBOOT=yes
VLAN=yes
TYPE=Ethernet
BRIDGE=xenbr17
Make a secondary file which will sit on VLAN 192, VLAN 192 is where the IP of the Dom0 will reside.
DEVICE=eth0.192
BOOTPROTO=static
ONBOOT=yes
VLAN=yes
TYPE=Ethernet
BRIDGE=xenbr192
The next two files will define the bridged interfaces. These are necessary to strip the 802.1q header so the server and DomU’s can communicate across the network. The first file will be for the publicly routable network:
DEVICE=xenbr17
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DELAY=0
STP=off
The next file will be for the internal network.
DEVICE=xenbr192
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
DELAY=0
STP=off
IPADDR=192.168.1.12
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
After that reboot the server.
Next create a virtual instance with virt-install and run it as follows:
virt-install --name test --ram 1024 --location 'centos mirror' -f /dev/lvm/test -b xenbr17 -p
The '-b' is important as it will define the bridge the new server will sit on.

Thursday, May 5, 2011

802.1q and LACP Network Card Bonding with Xen Dom0

​As you may/may not know, bonding is the ability of taking two or more network cards and make them act as one. This not only improves fail over, but it also increases the amount of network throughput for the server. The following will show you how to set up such an environment. For this to work you must have a switch that is capable of combining multiple switch ports together. This can be done on either a single switch (which is still a single point of failure) or a switch that is stackable such as Cisco’s 3750 line of products.
There are six different kinds of NIC bonding in Linux, the one we will set up is mode 4 which follows the 802.3ad standard known as link aggregate control protocol. This allows for an active-active grouping of network cards and in testing resulted in zero ping drop, though I did see a momentary spike in response time (from 2ms to 20-30ms during convergence).
    First you need to check that your network card is capable of 802.1q VLAN tagging. You will need to research the capabilities of the card to make sure. Run ‘lspci | grep -i ethernet’ and note the response.
    Second, check to see if the 802.1q module is installed by running ‘lsmod | grep 8021q’.  If its not installed then run ‘yum install bridge-utils’
    Once those steps are done we can start configuring the network cards.  Go to /etc/sysconfig/network-scripts, in there you should see your network card configuration files; usually named ‘ifcfg-eth#’.  Write down or make a backup copy of the network information in your active NIC configuration file as you will need it later.
    Edit your first configuration file with the following
        DEVICE=eth0
        ONBOOT=yes
        BOOTPROTO=none
        USERCTL=no
        MASTER=bond0
        SLAVE=yes
    Your secondary card will contain the same information however the ‘DEVICE=eth#’ should match the name of the second card.
    Next we card the bonded interface, which then becomes the main device for the server. Create a new file named ‘ifcfg-bond0′:
        DEVICE=bond0
        BOOTPROTO=none
        ONBOOT=yes
        TYPE=Ethernet
        USERCTL=no
    We now create the configuration file which will handle the 802.1q jumbo frames. Note that the device is named ‘bond0.17′. This is important as the ’17′ is the VLAN ID which the server will listen on. Make sure you know which VLAN’s are in your environment! Create a file named ‘ifcfg-bond0.17′:
        DEVICE=bond0.17
        BOOTPROTO=static
        ONBOOT=yes
        VLAN=yes
        TYPE=Ethernet
        BRIDGE=xenbr17
   
    The ‘BRIDGE’ string is also important as this will tie the bond0.17 config file to the Xen bridge we are about to create. Repeat that step for every VLAN that you want your server to listen to.
    Next we will create the configuration file that the DomU will be given. Create a file called ‘ifcfg-xenbr17′ and place the following:
        DEVICE=xenbr17
        TYPE=Bridge
        BOOTPROTO=static
        ONBOOT=yes
        DELAY=0
        STP=off
   
    We will now create the management interface for the server. The management interface should have the same security restrictions as a management interface would have for a switch or any other network device. If someone compromises your Dom0, then all of your DomU’s are also compromised. ACL’s should be implemented for this network!
        DEVICE=xenbr192
        TYPE=Bridge
        BOOTPROTO=static
        ONBOOT=yes
        DELAY=0
        STP=off
        IPADDR=192.168.1.12
        NETMASK=255.255.255.0
        NETWORK=192.168.1.0
        BROADCAST=192.168.1.255
   
    Edit the /etc/modprobe.conf file and append the following:
        alias bond0 bonding
        options bond0 miimon=100 mode=4 lacp_rate=1
   
    That told the server what type of network bonding we will use. ‘mode=4′ tells the server that we want to use 802.3ad as our protocol for communication to the switch device.
    Edit the /etc/xen/xend-config.sxp file, change where it says ‘(network-script network-bridge)’ to ‘(network-script ‘network-bridge-bonding bridge=bond0 netdev=0′)’
    Now reboot the server
The next steps we will configure a Cisco switch, create the port channel, and configure it for LACP with 802.1q trunking.
    Log into your switch, go to the global configuration mode and create a port channel interface by typing ‘int port-c 1′
    Enter the following:
        switchport trunk encapsulation dot1q
        switchport mode trunk
   
    Now go to the actual switch interfaces and enter the following:
        switchport trunk encapsulation dot1q
        switchport mode trunk
        channel-group 1 mode active
   
    If the switch ports had originally been set up as an access interface, you can remove the configuration by entering:
        no switchport mode access
        no switchport access vlan VLAN ID
   
    Now save the configuration file
Installation of new DomU’s will be the same as before by giving them a ‘xenbr#’ interface