Linux Manju

Objective:-

To monitor the Link and Change over to alternate link if the link goes down. If it comes back up, Revert the link back.

This Document Assumes. 1) You have a working MPLS/VPN setup,

#!/usr/bin/perl -w
#
#############
########### Written By Manjunath #####
######## http://linuxmanju.com
use Net::SMTP;

my $IFCNF=”/sbin/ifconfig”;
my $OVPN=”/usr/local/sbin/openvpn”;
my $SWALL=”/sbin/shorewall”;

####### Change this to your gateway to monitor ##

my $GW=”10.1.28.105″;

###### Change my.mailserver.com to the Email Server IP ###
my $smtp = Net::SMTP->new(’my.mailserver.com’,Timeout => 30);

######## Change username and password to the SMTP AUth Username and Password
$smtp->auth ( ‘username’, ‘password’ ) or die “Could not authenticate $!”;

############# Change From Address and To address below.
$smtp->mail(’alert@mydomain.com’);
$smtp->to(’linux-report@mydomain.com’);
$smtp->data();
$smtp->datasend(’From: pondi-alert@mydomain.com’);
$smtp->datasend(”\n”);
$smtp->datasend(’To: manjunathkp@mydomain.com’);
$smtp->datasend(”\n”);

sub mplscheck {
if ( system(”ping -c4 $GW  > /dev/null”) != 0) {
if ( ! -e “/var/lock/mpls.lck” ) {
system(’logger -p info “Mpls Link is down”‘);
system(”$IFCNF eth2 down”);
sleep 4;
system(”$IFCNF eth2 up”);
system(”$OVPN –config /etc/openvpn/openvpn.conf –daemon”);
system(”$SWALL restart /etc/shorewall.ovpn”);
$smtp->datasend(’Subject: MPLS link Down..’);
$smtp->datasend(”\n \n”);
$smtp->datasend(”\n \n MPLS link is Down in Pondichery.. Unable to reach the gateway..”);
$smtp->dataend();
open LCK, “>/var/lock/mpls.lck” ;
close LCK;
}
}
elsif ( -e “/var/lock/mpls.lck” )  {
system(’logger -p info “Mpls Came back Up”‘);
system(”/bin/kill -SIGTERM openvpn”);
system(’/etc/scripts/connections.sh’);
unlink(”/var/lock/mpls.lck”);
$smtp->datasend(’Subject: MPLS link Came Back up..’);
$smtp->datasend(”\n \n”);
$smtp->datasend(”\n \n MPLS link Came back up.. Able to reach the gateway..”);
}
}

mplscheck();
$smtp->quit;
Copy the script to /usr/bin and chmod +x /usr/bin/myscript.pl

Put the above script in the crontab for every 5 minutes ( Or less/more ) For eg..

*/5 * * * * /usr/bin/myscript.pl

I wanted to force all users to use https://mymailserver.com instead of http://mymailserver.com.

Open apache config file (   httpd.conf or apache2.conf  or sites-enabled/000-default  ?? )

Add these lines

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

/etc/init.d/apache2 restart

Easy way to to achieve 99.99999  with uCarp.

Example Setup:-

1) Server1 — IP Address 192.168.0.10

2) Server2 — IP Address 192.168.0.100

Floating IP:-  192.168.0.200 ( This is the Virtual IP Which will be owned by the master server )

Service provided:- Webserver ( My production env has three instances of Bugzilla and Wiki Pages. All bugzilla and Wiki’s are configured to use a Centralized Mysql Database host with different DBs ).

Step By Step:-

1) Login to Server1 and copy all /var/www to server2 /var/www

scp -rp /var/www root@server2-IP:/var/www

2) Make sure that the pages ( Web pages are accessible from server 1 and server 2’s ip http://server1 http://server2

3) Download ucarp from http://download.pureftpd.org/pub/ucarp/ ( Go with the latest version ) on both the servers

Both Servers:-

wget http://download.pureftpd.org/pub/ucarp/ucarp-1.5.tar.gz

tar zxvf ucarp-1.5.tar.gz

cd ucarp-1.5.

./configure && make && make install-strip

4) Once installed on both the servers ucarp should be available in /usr/local/sbin/ucarp

On Server 1 and Server2 Create two  files Called vp-up.sh and vp-down.sh with the following contents

vi /etc/vp-up.sh

#!/bin/bash

### Add Floating IP

/sbin/ip addr add 192.168.0.200/24 dev eth0

#### My Switch / gateway is not smart does not flush the arp cache. So send a broadcast
/sbin/arping -c 5 -i eth2 -S 192.168.0.200 192.168.0.1
/sbin/arping -c 5 -i eth2 -S 192.168.0.200 192.168.0.14
echo “WebServer not reachable” | /usr/bin/mail -s “Master webserver down” server-admin@xxx.com

vi /etc/vip-down.sh

#!/bin/bash
/sbin/ip addr del 192.168.0.200/24 dev eth0
echo “Changing Roles of the Web server” | /usr/bin/mail -s “Changing role Reverting to Backup State..” server-admin@xxx.com

Put both Files in /etc/vip-up.sh and /etc/vip-down.sh in both the servers ( Feel free to modify the script according to your requirement.

chmod +x /etc/vip-*.sh

Ucarp Magic:-

In the master server:-

Run:-

/usr/local/sbin/ucarp -v 42 -P -p somepasswd -a 192.168.0.200 -s 192.168.0.10 –upscript=/etc/vip-up.sh –downscript=/etc/vip-down.sh &

In the Secondary Server:-

/usr/local/sbin/ucarp -v 42  -b 2 -k 1 -p somepwasswd -a 192.168.0.200 -s 192.168.0.100 –upscript=/etc/vip-up.sh –downscript=/etc/vip-down.sh &

( The difference between both is the -s < IP ADDR > and in the second server -b2 -k1 and no -P Which means advertisement frequency is 2 seconds and Skew is 1 Second Which is higher than the master’s default 1Sec. This will force Master to own the virtual IP whenever its online ).

Test:-

Open UP http://192.168.0.200 ( Or do a continuous ping )

Bring the master down. The Slave will automatically server the request. Bring back the master up. It will take over again. The HA is ready..

Note:- If your web server has alot of dynamic data.. please make sure to sync the server1:/var/www and server2:/var/www periodically

In case of a problem Please mail me to manjunath<at> linuxmanju.com

rsh-server in Ubuntu does not honor + + ( Allow everyone from every host ) in /etc/hosts.equiv and buggy.

Here is a workaround for the same.

vi /etc/hosts.equiv and make sure to add these lines ( If its not there create a file )

# /etc/hosts.equiv: list  of  hosts  and  users  that are granted “trusted” r
#                   command access to your system .
#
+ +

apt-get install rsh-redone-server

 ( You might have to remove rsh-server )

Once done.. you should be able to rlogin and rsh the host without a password.

After searching around for a while to get a decent ( Read as in not too complex and does the job its supposed to do) svn commit hook script for Automatically sending mails on each commit to a repo.

Basicallay I wanted to have infirmation about The user and the revision number in the mails along with files and folders that were modified.

So I rolled my sleeves and wrote this. Which is working beautifully for me.

vi /repo/path/hooks/post-commit

and add these lines

#!/bin/sh

REPOS=”$1″
REV=”$2″

/usr/bin/mailer.sh $1 $2
Copy the below text and paste it in /usr/bin/mailer.sh

The scripts can be downloaded from

http://linuxmanju.com//downloads/svnmailer/

( Make sure to change NOTIFY=”user@domain.com” to your own email IDs separated by a space. noreply@domain.com to your own from address )

chmod +x /usr/bin/mailer.sh

## Mailer.sh ###script

#!/bin/bash -x

#### SVN Commit Hook written By Manjunath ###
#### http://linuxmanju.com ###

NOTIFY=’user1@domain.com’
REP=$1
TMPL=/tmp/$REP-$RANDOM.txt
REVI=$2

SVNCHECK ()
{
if [ -e $TMPL ];then
rm -f $TMPL
fi
svnlook changed $REP > $TMPL
}

if [ ! -n $EMAIL ];then
unset $EMAIL
fi
SVNCHECK
export EMAIL=”SVN-Commit <dontreply@domain.com>”

mutt -s “SVN Commit on $REP Changed Revision to $REVI”  $NOTIFY < $TMPL
rm -f $TMPL