MySQL Cluster

Algemeen

MySQL Cluster is a technology that enables clustering of in-memory databases in a shared-nothing system. The shared-nothing architecture allows the system to work with very inexpensive hardware, and with a minimum of specific requirements for hardware or software

MySQL Cluster is designed not to have any single point of failure. For this reason, each component is expected to have its own memory and disk, and the use of shared storage mechanisms such as network shares, network filesystems, and SANs is not recommended or supported.

A MySQL Cluster consists of a set of computers, each running a one or more processes which may include a MySQL server, a data node, a management server, and (possibly) a specialized data access programs. The relationship of these components in a cluster is shown here:

Op alle servers

  • Installeer mySQL via de ports tree
  • Gebruik een extra argument my het Make commando
# cd /usr/ports/databases/mysql56-server/
# make WITH_NDB=yes
# make WITH_NDB=yes install
# /usr/local/bin/mysql_install_db --user=mysql
# /usr/local/bin/mysqladmin -u root password 'xxx'

Edit het bestand /etc/rc.conf

mysql_enable="YES"

Management Node

Edit het bestand /var/lib/mysql-cluster/config.ini

# Options affecting ndbd processes on all data nodes:
[NDBD DEFAULT]    
NoOfReplicas=2    # Number of replicas
DataMemory=80M    # How much memory to allocate for data storage
IndexMemory=18M   # How much memory to allocate for index storage
                  # For DataMemory and IndexMemory, we have used the
                  # default values. Since the "world" database takes up
                  # only about 500KB, this should be more than enough for
                  # this example Cluster setup.

# TCP/IP options:
[TCP DEFAULT]     
portnumber=2202   # This the default; however, you can use any
                               # port that is free for all the hosts in the cluster
                               # Note: It is recommended that you do not specify the 
                               # portnumber at all and allow the default value to be 
                               # used instead

# Management process options:
[NDB_MGMD]                      
hostname=192.168.1.122           # Hostname or IP address of MGM node
datadir=/var/lib/mysql-cluster  # Directory for MGM node log files

# Options for data node "A":
[NDBD]                          
                                # (one [NDBD] section per data node)
hostname=192.168.1.120           # Hostname or IP address
datadir=/var/db/mysql   # Directory for this data node's data files

# Options for data node "B":
[NDBD]                          
hostname=192.168.1.121           # Hostname or IP address
datadir=/var/db/mysql   # Directory for this data node's data files

# SQL node options:
[MYSQLD]                        
hostname=192.168.1.123          # Hostname or IP address
                                # (additional mysqld connections can be
                                # specified for this node for various
                                # purposes such as running ndb_restore)
[MYSQLD] 
hostname=192.168.1.140

[MYSQLD] 
hostname=192.168.1.141

Starten van de Management Node

/usr/local/bin/ndb_mgmd -f /var/lib/mysql-cluster/config.ini &

Starten van de console

/usr/local/bin/ndb_mgm

Laat de status zien binnen de console

NDB> SHOW

Data Node

Edit het bestand /etc/my.cnf

[MYSQLD]                        
ndbcluster
ndb-connectstring=192.168.1.122    # IP management server

[MYSQL_CLUSTER]                 
ndb-connectstring=192.168.1.122  # location of management server

Toevoegen in /etc/rc.local

/usr/local/libexec/ndbd &

API Node

Een API node kan op bijvoorbeeld een webserver worden gedraaid. Zo kan de scripting naar de localhost een connectie maken.

Edit het bestand /etc/my.cnf

[MYSQLD]                        
ndbcluster
ndb-connectstring=192.168.1.122    # IP management server

[MYSQL_CLUSTER]                 
ndb-connectstring=192.168.1.122  # location of management server

Aanmaken Table

Als je een tabel wilt aanmaken moet dit gebeuren met ‘ENGINE=NDBCLUSTER’

DROP TABLE IF EXISTS `City`;
CREATE TABLE `City` (
  `ID` int(11) NOT NULL auto_increment,
  `Name` char(35) NOT NULL default '',
  `CountryCode` char(3) NOT NULL default '',
  `District` char(20) NOT NULL default '',
  `Population` int(11) NOT NULL default '0',
  PRIMARY KEY  (`ID`)
) ENGINE=NDBCLUSTER DEFAULT CHARSET=latin1;

INSERT INTO `City` VALUES (1,'Kabul','AFG','Kabol',1780000);
INSERT INTO `City` VALUES (2,'Qandahar','AFG','Qandahar',237500);
INSERT INTO `City` VALUES (3,'Herat','AFG','Herat',186800);

Links

How to Set Up Cluster

Cvsup

Let op Cvsup is per 28 februari 2013 uitgefaseerd!

Installeren

  • pkg_add -r cvsup-without-gui

Configureren

/etc/stable-supfile

default host=cvsup.nl.FreeBSD.org
default base=/var/db
default prefix=/usr
default release=cvs tag=RELENG_6_1
default delete use-rel-suffix
default compress
src-all
ports-all tag=.

Uitvoeren

  • cvsup -g -L 2 /etc/stable-supfile

Plesk installatie

Downloaden van bestanden

cd /root
fetch ftp://freebsd.proserve.nl/pub/plesk/Plesk/Plesk8.2/FreeBSD6.1/psa_installer_v3.2.1_build070914.16_os_FreeBSD_6.1_i386
chmod +x psa_installer_v3.1.2_build070426.11_os_FreeBSD_6.1_i386

Java

cd /usr/ports/distfiles
fetch http://ns2../tmp/diablo-caffe-freebsd6-i386-1.5.0_07-b01.tar.bz2
fetch http://ns2../tmp/tzupdater-1.1.0-2007c.zip

Portupgrade installeren

cd /usr/ports/ports-mgmt/portupgrade
make install clean

Starten van Installatie

cd /root
./psa_installer....

Links

Zie ook Plesk instellingen na installatie

Documentation

PF Firewall

Configureren

Commando om de firewall (PF) aan te zetten:

# kldload pf

Firewall automatisch bij het opstarten aanzetten:

# ee /etc/rc.conf
# Enable PF (load module if required)
pf_enable="YES"
# rules definition file for pf
pf_rules="/etc/pf.conf"
# additional flags for pfctl startup
pf_flags=""
# start pflogd(8)
pflog_enable="YES"
# where pflogd should store the logfile
pflog_logfile="/var/log/pflog"
# additional flags for pflogd startup
pflog_flags="" 

PF rules laden:

pfctl -f /etc/pf.conf

PF Configuratie file:

# ee /etc/pf.conf
#       $FreeBSD: src/etc/pf.conf,v 1.2.2.1 2006/04/04 20:31:20 mlaier Exp $
#       $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Required order: options, normalization, queueing, translation, filtering.
# Macros and tables may be defined and used anywhere.
# Note that translation rules are first match while filter rules are last match.

# Macros: define common values, so they can be referenced and changed easily.
ext_if="fxp0"   # replace with actual external interface name i.e., dc0
#int_if="fxp1"  # replace with actual internal interface name i.e., dc1
#internal_net="192.168.1.1/8"
external_addr="192.168.1.139"

# Tables: similar to macros, but more flexible for many addresses.
#table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }

# Options: tune the behavior of pf, default values are given.
#set timeout { interval 10, frag 30 }
#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
#set timeout { icmp.first 20, icmp.error 10 }
#set timeout { other.first 60, other.single 30, other.multiple 60 }
#set timeout { adaptive.start 0, adaptive.end 0 }
#set limit { states 10000, frags 5000 }
#set loginterface none
#set optimization normal
#set block-policy drop
#set require-order yes
#set fingerprints "/etc/pf.os"

# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
#scrub in all

# Queueing: rule-based bandwidth control.
#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
#queue dflt bandwidth 5% cbq(default)
#queue developers bandwidth 80%
#queue marketing  bandwidth 15%

# Translation: specify how addresses are to be mapped or redirected.
# nat: packets going out through $ext_if with source address $internal_net will
# get translated as coming from the address of $ext_if, a state is created for
# such packets, and incoming packets will be redirected to the internal address.
#nat on $ext_if from $internal_net to any -> ($ext_if)

# rdr: packets coming in on $ext_if with destination $external_addr:1234 will
# be redirected to 10.1.1.1:5678. A state is created for such packets, and
# outgoing packets will be translated as coming from the external address.
#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678

# rdr outgoing FTP requests to the ftp-proxy
#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021

# spamd-setup puts addresses to be redirected into table <spamd>.
#table <spamd> persist
#no rdr on { lo0, lo1 } from any to any
#rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025

# Filtering: the implicit first two rules are
#pass in all
#pass out all

# block all incoming packets but allow ssh, pass all outgoing tcp and udp
# connections and keep state, logging blocked packets.
block in log on $ext_if all
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
pass out on $ext_if proto tcp all keep state
pass out on $ext_if proto udp all keep state

# pass incoming packets destined to the addresses given in table <foo>.
pass in on $ext_if proto tcp from any to any port 80 keep state
pass in on $ext_if proto udp from any to any port 80 keep state
pass in on $ext_if proto tcp from any to any port 8880 keep state
pass in on $ext_if proto udp from any to any port 8880 keep state

# pass incoming ports for ftp-proxy
pass in on $ext_if proto tcp from any to any port 20 keep state
pass in on $ext_if proto tcp from any to any port 21 keep state
pass in on $ext_if inet proto tcp from any to $ext_if port > 49151 keep state

# Alternate rule to pass incoming ports for ftp-proxy
# NOTE: Please see pf.conf(5) BUGS section before using user/group rules.
pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state

# assign packets to a queue.
#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing

# HTTPS
pass in on $ext_if proto tcp from any to any port 443 keep state

# PLESK
pass in on $ext_if proto tcp from any to any port 8443 keep state

# POPPASSD (Plesk)
pass in on $ext_if proto tcp from 127.0.0.0/8 to any port 106 keep state
pass out on $ext_if proto tcp from 127.0.0.0/8 to any port 106 keep state
pass in on $ext_if proto udp from 127.0.0.0/8 to any port 106 keep state
pass out on $ext_if proto udp from 127.0.0.0/8 to any port 106 keep state

# AUTH (Plesk)
pass in on $ext_if proto tcp from any to any port 113 keep state

# SMTPS (Plesk)
pass in on $ext_if proto tcp from any to any port 465 keep state
pass out on $ext_if proto tcp from any to any port 465 keep state
pass in on $ext_if proto udp from any to any port 465 keep state
pass out on $ext_if proto udp from any to any port 465 keep state

# FTPS (Plesk)
pass in on $ext_if proto tcp from any to any port 990 keep state
pass out on $ext_if proto tcp from any to any port 990 keep state
pass in on $ext_if proto udp from any to any port 990 keep state
pass out on $ext_if proto udp from any to any port 990 keep state

# plesk-license-update
pass out on $ext_if proto tcp from any to any port 5224 keep state
pass out on $ext_if proto udp from any to any port 5224 keep state

# ISP DNS
pass out on $ext_if proto tcp from any to 80.84.224.249 port 53 keep state
pass out on $ext_if proto udp from any to 80.84.224.249 port 53 keep state
pass out on $ext_if proto tcp from any to 80.84.224.26 port 53 keep state
pass out on $ext_if proto udp from any to 80.84.224.26 port 53 keep state
pass out on $ext_if proto tcp from any to 83.96.192.26 port 53 keep state
pass out on $ext_if proto udp from any to 83.96.192.26 port 53 keep state

# SEND & GET EMAIL
pass in on $ext_if proto tcp from any to any port 25 keep state
pass out on $ext_if proto tcp from any to any port 25 keep state
pass in on $ext_if proto tcp from any to any port 110 keep state
pass out on $ext_if proto tcp from any to any port 110 keep state
pass in on $ext_if proto tcp from any to any port 143 keep state
pass out on $ext_if proto tcp from any to any port 143 keep state
pass in on $ext_if proto tcp from any to any port 993 keep state
pass out on $ext_if proto tcp from any to any port 993 keep state
pass in on $ext_if proto tcp from any to any port 995 keep state
pass out on $ext_if proto tcp from any to any port 995 keep state

# PING
pass in on $ext_if proto icmp from any to any keep state
pass out on $ext_if proto icmp from any to any keep state

# TIME
pass out on $ext_if proto tcp from any to any port 37 keep state

# NTP
pass out on $ext_if proto udp from any to any port 123 keep state

# NNTP NEWS (i.e. news groups)
pass in on $ext_if proto tcp from any to any port 119 keep state
pass out on $ext_if proto tcp from any to any port 119 keep state

# WHOIS
pass in on $ext_if proto tcp from any to any port 43 keep state
pass out on $ext_if proto tcp from any to any port 43 keep state

# FDSD (make install & CVSUP)
pass out on $ext_if proto tcp from any to any keep state

# Deny all Netbios service
deny in on $ext_if proto tcp from any to any port 137 keep state
deny in on $ext_if proto tcp from any to any port 138 keep state
deny in on $ext_if proto tcp from any to any port 139 keep state
deny in on $ext_if proto tcp from any to any port 81 keep state

# MYSQL
pass in on $ext_if proto tcp from 192.168.1.34 to any port 3306 keep state
pass in on $ext_if proto udp from 192.168.1.34 to any port 3306 keep state

# PostgreSQL
pass in on $ext_if proto tcp from 192.168.1.34 to any port 5432 keep state

# TOMCAT
pass in on $ext_if proto tcp from any to any port 8080 keep state

# Coyote and Warp (Tomcat Java) connectors in Plesk
pass in on $ext_if proto tcp from any to any port 9080 keep state
pass in on $ext_if proto tcp from any to any port 9008 keep state

Controleer of de instellingen juist zijn:

# pfctl -s all

De regels:

# pfctl -s rules

Logfiles:

# tcpdump -n -e -ttt -i pflog0
# tcpdump -netttvvv -i pflog0

Regels herladen

# pfctl -f /etc/pf.conf

Firewall Port scan

Installeren:

cd /etc/ports/security/nmap
make install

Scannen:

# nmap -v -iR 10 -P0 -p 80

nmap port scanning TCP Connect scanning for localhost and network 192.168.0.0/24

# nmap -v -sT localhost
# nmap -v -sT 192.168.0.0/24

nmap TCP SYN (half-open) scanning

# nmap -v -sS localhost
# nmap -v -sS 192.168.0.0/24

nmap TCP FIN scanning

# nmap -v -sF localhost
# nmap -v -sF 192.168.0.0/24

nmap TCP Xmas tree scanning
Useful to see if firewall protecting against this kind of attack or not:

# nmap -v -sX localhost
# nmap -v -sX 192.168.0.0/24

nmap TCP Null scanning
Useful to see if firewall protecting against this kind attack or not:

# nmap -v -sN localhost
# nmap -v -sN 192.168.0.0/24

nmap TCP Windows scanning

# nmap -v -sW localhost
# nmap -v -sW 192.168.0.0/24

nmap TCP RPC scanning
Useful to find out RPC (such as portmap) services

# nmap -v -sR localhost
# nmap -v -sR 192.168.0.0/24

nmap UDP scanning
Useful to find out UDP ports

# nmap -v -O localhost
# nmap -v -O 192.168.0.0/24

nmap remote software version scanning
You can also find out what software version opening the port.

# nmap -v -sV localhost
# nmap -v -sV 192.168.0.0/24

Links

Mergelog

Mergelog Mergelog is a small and fast C program which merges by date httpd log files in ‘Common Log Format’ from web servers behind round-robin DNS. It has been designed to easily manage huge log files from highly stressed servers. mergelog is distributed with zmergelog which supports gzipped log files.

Installatie

# cd /usr/ports/www/mergelog
# make install clean

Instellingen

Pas de config file aan

# ee /usr/local/etc/webalizer.conf
#LogFile        /var/log/httpd-access.log
LogFile         -

Kopieer acces log van een andere server

Een map maken waar de samengevoegde logfiles komen te staan

# mkdir /var/log/merge/

Een bash file aanmaken:

# ee /usr/sbin/merge-logfile.sh

Zet de volgende gegevens in het bestand.

#!/bin/sh
SOURCE_DIR=/
DEST_DIR=/var/log/merge/
USER=log
PASSWORD="markhost"
REMOTE_BOX=192.168.1.142
FILE=httpd-access.log
FILE2=httpd-ssl_request.log
cd $DEST_DIR
ftp -in <<EOF
open $REMOTE_BOX
user $USER $PASSWORD
bin
cd $SOURCE_DIR
get $FILE
get $FILE2
close 
bye
EOF

Dan het bestand uitvoeren:

# cd /usr/sbin/
# sh merge-logfile.sh

Mergelog Starten

Maak een bestand aan.

# ee /usr/sbin/mergelog.sh

Zet het volgende in het bestand.

#!/bin/sh
/usr/local/bin/mergelog /var/log/httpd-access.log /var/log/merge/httpd-access.log

Dan het bestand uitvoeren:

# cd /usr/sbin/
# sh mergelog.sh

Links

Jail

Configuratie

Maak een sh bestand aan

# ee /etc/jail.sh
D=/usr/jail/192.168.1.142
cd /usr/src
mkdir -p $D
make world DESTDIR=$D
make distribution DESTDIR=$D
mount_devfs devfs $D/dev

De sh bestand uitvoeren.

sh jail.sh

Aanpassen van de rc.conf bestand.

ee /etc/rc.conf
jail_enable="YES"   # Set to NO to disable starting of any jails
jail_interface="fxp0"
jail_devfs_enable="YES"
jail_procfs_enable="YES"
jail_list="www"     # Space separated list of names of jails
jail_www_rootdir="/usr/jail/192.168.1.142" # jail's root directory
jail_www_hostname="www.markterweele.nl"  # jail's hostname
jail_www_ip="192.168.1.142"           # jail's IP address
jail_www_devfs_enable="YES"          # mount devfs in the jail
#jail_www_devfs_ruleset="www_ruleset" # devfs ruleset to apply to jail

Aanpassen sysctl

ee /etc/sysctl.conf
#security.jail.set_hostname_allowed: 1
#security.jail.socket_unixiproute_only: 1
#security.jail.sysvipc_allowed: 0
#security.jail.enforce_statfs: 2
#security.jail.allow_raw_sockets: 0
#security.jail.chflags_allowed: 0
#security.jail.jailed: 0

High-level administrative tools

# cd /usr/ports/sysutils/jailutils
# make install clean

Resolv.conf kopiëren naar de jail

# cp /etc/resolv.conf /usr/jail/192.168.1.142/etc/

Maak een bestand make.conf aan

# ee /usr/jail/192.168.1.142/etc/make.conf
WRKDIRPREFIX=/tmp

Maak een map ports aan.

# mkdir /usr/jail/192.168.1.142/usr/ports

Maak rc.conf bestand aan in de jail

# ee /usr/jail/192.168.1.142/etc/rc.conf
defaultrouter="192.168.1.1"
ifconfig_fxp0="inet 192.168.1.142  netmask 255.255.255.0"
network_interfaces="fxp0"
rpcbind_enable="NO"
sshd_enable="YES"
syslogd_flags="-ss"

De Jail mounten

mount /usr/ports and /usr/src
mount_nullfs /usr/ports /usr/jail/192.168.1.142
mount_nullfs /usr/src /usr/jail/192.168.1.142

Na de server reboot is het virtual ip adres beschikbaar

Alle jails zien:

# jls

Via jail programma’s installeren

jail /usr/jail/192.168.1.142 www.markterweele.nl 192.168.1.142 /bin/sh

Om in de jail te komen moet je de volgende commando invoeren:

# jexec 1 tcsh

Jail re starten

# /etc/rc.d/jail restart 192.168.1.142

Links

Hostfile

Hostfile Om een ander ip adres in te stellen voor een domeinnaam dan in de dns server staat doet u het volgende:

Ga naar uw C schijf.
Dan moet u naar de map “WINDOWS” gaan.
Daarna gaat u naar de map “system32”.
Ga vervolgens naar de map “drivers”.
Vervolgens kiest u de map “etc”.
In deze map zit het bestand “hosts”, pas dit bestand bijvoorbeeld aan met Kladblok.

Maak helemaal onderaan het bestand een nieuwe regel en voeg daar het ip adres en de domeinnaam in:
Hieronder staat een voorbeeld hoe het eruit moet zien:

12.3.45.67    domeinnaam.tld

Nadat dit bestand is opgeslagen kunt u het domeinnaam intypen in uw browser.

Dump en Restore

Inleiding

The traditional UNIX® backup programs are dump and restore. They operate on the drive as a collection of disk blocks, below the abstractions of files, links and directories that are created by the file systems. dump backs up an entire file system on a device. It is unable to backup only part of a file system or a directory tree that spans more than one file system. dump does not write files and directories to tape, but rather writes the raw data blocks that comprise files and directories.

Het maken van een Dump (Dump)

Om een dump te maken van een Live filesystem, is de -L optie nodig. Ga als eerste naar een directory toe met genoeg ruimte. Het volgende commando kan worden gebruikt om van de /usr partion een dump te maken. Hierbij wordt de output naar gzip gestreamed, en opgeslagen in een .gz bestand in de huidige working directory.

cd /home/dumps
dump -0 -u -L -a -f - /usr | gzip -2 > usr.gz

Het terugzetten van een Dump (Restore)

In de bios instellen dat hij moet opstarten vanaf de cd-rom speler of de hardeschijf.
Daarna de sysinstall opstarten, als je hebt gekozen voor de cd-rom speler als 1e boot volgorde dan zal sysinstall vanzelf worden opgestart.

Dan Configure > Fdisk
Zet een vinkje aan bij de juiste hardeschijf.
Maak 1 nieuwe slice aan.

# q

Selecteer BootMgr en druk op “ok”

Maak de volgende partities aan:
1G /
1G /tmp
4G /var
10G /usr
2xram geheugen SWAP
De rest /home

# w

En druk dan op “YES”.

# q

Dan “Exit”.
Kies “Fixit”.
Kies dan voor “cd-rom / dvd”.

Typ het volgende commando in, om te kijken welke partities er zijn geladen.

# df –h
# cd /
# mkdir dump

Mount de externe hardeschijf door:
Met de optie rf kun je een bepaalde partitie restoren.

# mount /dev/da0s1h /dump
# cd /mnt
# restore rf /dump/plesk/root
# cd etc
# ee fstab

Device zonodig aanpassen en controleren of alles klopt. Kijken of de ethernet type goed is ingesteld (bijvoorbeeld fpx0) en of de schijfletters overeenkomen met wat op de dump staat.

Om te controleren of welke internet device de server heeft:

# ifconfig

Eventueel dit aanpassen in de rc.conf bestand.
Nu de server opnieuw opstarten en dan tijdens het opstarten naar de bios gaan.
Hier instellen dat je gaat opstarten vanaf de hardeschijf.
Nadat de server weer opnieuw is opgestart optie 4 kiezen tijdens het opstarten van FreeBSD.
Nu moet je alle partities mouten:

# mount /tmp
# mount /var
# mount /usr
# mount /home

Om te controleren of alle partities zijn gemount:

# df –h 

Het mounten van de USB drivers:

# mount /dev/da0s1h /mnt

Hieronder staat hoe je de partities kunt restoren:

# cd /tmp
# restore rf /mnt/plesk/tmp
# cd /var
# restore rf /mnt/plesk/var
# cd /usr
# restore rf /mnt/plesk/usr
# cd /home
# restore rf /mnt/plesk/home

Daarna unmounten van de USB drivers:

# umount /mnt

Restore van gzip bestanden

Ga al eerste naar je working directory, dus waar je je restore terug wilt zetten

gunzip -c /cdrom/usr.gz | restore rf -

Links

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/backup-basics.html

Common Address Redundancy Protocol

The Common Address Redundancy Protocol or CARP is a protocol which allows multiple hosts on the same local network to share a set of IP addresses. Its primary purpose is to provide failover redundancy. For example, if there is a single computer running a packet filter, and it goes down, then either the networks on either side of the packet filter can no longer communicate with each other, or they communicate without any packet filtering. If, however, there are two computers running a packet filter, running CARP, then if one fails, the other will take over, and computers on either side of the packet filter will not be aware of the failure, so operation will continue as normal. In order to make sure the new master operates the same as the old one, pfsyncd is used. In some configurations CARP can also provide load balancing functionality.

Installatie

Eerst de kernel recompilen en voeg toe:

device carp

Configureren

Nieuwe CARP aanmaken:

ifconfig carp0 create

Configuratie Server A:
Het bestand /etc/sysctl.conf aanpassen

net.inet.carp.preempt=1
net.inet.carp.allow=1
net.inet.carp.log=1
net.inet.carp.arpbalance=1

Het bestand /etc/rc.conf aanpassen

hostname="hosta.example.org"
cloned_interfaces="carp0"
network_interfaces="fxp0 carp0"
ifconfig_carp0="up vhid 1 advskew 3 pass testpass 192.168.1.145"

Het bestand ee /etc/rc.local aanpassen

ifconfig carp0 up &

Configuratie Server B:
Het bestand /etc/sysctl.conf aanpassen

net.inet.carp.preempt=1
net.inet.carp.allow=1
net.inet.carp.log=1
net.inet.carp.arpbalance=1

Het bestand /etc/rc.conf aanpassen

hostname="hostb.example.org"
cloned_interfaces="carp0"
network_interfaces="ed0 carp0"
ifconfig_carp0="up vhid 1 advskew 3 pass testpass 192.168.1.145"

Het bestand ee /etc/rc.local aanpassen

ifconfig carp0 up &

Na een reboot is CARP gestart.

Links

Cron

Cron In het bestand /etc/crontab kunnen diverse aanpassingen gedaan worden.

De opbouw is al volgt

minute  hour  mday  month  wday  who  command

Elke 15 minuten

0,15,30,45      *       *       *       *       root /usr/local/bin/cronprog

Elke nacht om kwart over een

15       1       *       *       *       root    /usr/local/bin/cronprog

Links

FreeBSD Handbook Cron