jeudi 25 juin 2015

Create a Yum repository on Exalogic

This document describes how to create a yum repository on ZFS Storage inside an Exalogic machine.

Prepare your environment

Create a zfs share

Connect to one of the storage server to create a share.
This share hosts the Exalogic yum repository.
  • Connect to storage server

Add Share to project

  • Create a share named ‘yum-repo’ on common project

Add permissions on share

  • Add Nfs Exception to access the share from IPoIB-vserver-shared-storage network.
  • Add read/Write and root access.

Prepare repository

Mount ‘yum-repo’ share on a vServer

- Edit /etc/fstab and add a entry : /export/common/yum-repo nfsv4 rw,bg,hard,nointr,rsize=131072,wsize=131072 0 0
With is the IPoIB address of the storage server on IPoIB-vserver-shared-storage

  • Create directory /export/common/yum-repo
# mkdir –p /export/common/yum-repo

  • Mount directory on vServer :
# mount /export/common/yum-repo

Prepare files

  • upload Oracle Enterprise Linux iso file in the share :
With your favorite scp client, copy Oracle Enterprise Linux iso file to /export/common/yum-repo.

  • Create temporary directory and repository version directory :
# mkdir –p /export/common/yum-repo/tmp /export/common/yum-repo/OEL_6.5

  • mount iso file on the temporary directory :
# mount -o loop /export/common/yum-repo/OEL_6.5.iso /export/common/yum-repo/tmp

  • Copy iso content in repository directory :
# cp -r /export/common/yum-repo/tmp/* /export/common/yum-repo/OEL_6.5

Create your repository

  • To create repository, you must install createrepo package.
This package can be found on temporary directory previously created

Control if already installed :
# rpm –qa |grep createrepo

  • Install package :
# rpm –Uvh /export/common/yum-repo/tmp/createrepo-0.4.11-3.el5.x86_64.rpm /export/common/yum-repo/tmp/deltarpm-* /export/common/yum-repo/tmp/python-deltarpm-*

  • At this step, remove any link to Packages directory in subdirectories to avoid loop in repository :
# find . -name Packages -type l -exec rm -f {} \;

  • Create repository :
# cd /export/common/yum-repo/OEL_6.5/
# createrepo .
3380/3380 - Cluster/ipvsadm-1.24-13.el5.x86_64.rpm pmpmx86_64.rpm
Saving Primary metadata
Saving file lists metadata
Saving other metadata

Cleanup environment

  • Unmount iso file :
# cd /export/common/yum-repo/
# umount –f /export/common/yum-repo/tmp/

  • Delete iso file :
# rm -f /export/common/yum-repo/OEL_5.8.iso

Configure yum client

Update configuration files

  • Update /etc/yum.conf file :
Add exclusion to Exalogic specific package which cannot be updated:
exclude=kernel* compat-dapl* dapl* ib-bonding* ibacm* ibutils* ibsim* infiniband-diags* kmod-ovmapi-uek* libibcm* libibmad* libibumad* libibverbs* libmlx4* libovmapi* librdmacm* libsdp* mpi-selector* mpitests_openmpi_gcc* mstflint* ofed* openmpi_gcc* opensm* ovm-template-config* ovmd* perftest* qperf* rds-tools* sdpnetstat* srptools* xenstoreprovider* initscripts* nfs-utils*

  • Create /etc/yum.repos.d/local_yum.repo file with the following content:
name=Exalogic Yum Rack

Refresh yum database

Refresh yum client on each machine now configured with the local repository.
  • First, clean yum cache :
# yum clean all
Loaded plugins: rhnplugin, security
Cleaning up Everything

  • Recreate yum cache and headers :
# yum repolist
Loaded plugins: rhnplugin, security
This system is not registered with ULN.
ULN support will be disabled.
local_yum | 951 B 00:00
local_yum/primary | 1.4 MB 00:00
local_yum 3380/3380
Excluding Packages from Exalogic TVP yum rack
repo id repo name status
local_yum Exalogic TVP yum rack 3,288+92
repolist: 3,288

Now, you can install packages with yum install command.

mercredi 3 juin 2015

How to configure a internal dns for Exalogic system :

Following package are necessary for dns Server :
Following package are necessary for testing dns client :

On DNS server : 
On domain Name server, installation can be made with yum repository.
- To install named, execute the following command :
# yum install bind –skip-broken

Note : '--skip-broken' option is added to do not upgrade packages dependencies.

- To configure named as a service :
# chkconfig named on

- To start named service :
# service named start

On clients :
On every clients :
bind-utils package installation can be made with yum repository.
To install named, execute the following command :
# yum install bind-utils

Configure named
These actions must be made only on vServer host named service
- Create a file /etc/named.conf with the following content :

options {
        directory "/var/named";

        # hide version string for security
        version "not currently available";

        # Listen to the loopback device and internal networks only
        listen-on {;;;;; };
        #listen-on-v6 { ::1; };

        # Do not query from the specified source port range
        avoid-v4-udp-ports { range 1 32767; };
        avoid-v6-udp-ports { range 1 32767; };

        # forward all DNS queries to enterprise DNS
        forwarders {;; };
        forward only;

        # expire negative answers ASAP.
        # do not cache dns query failure
        max-ncache-ttl 1; # 1 seconds

        # disable non-relevant operations
        allow-transfer { none; };
        allow-update-forwarding { none; };
        allow-notify { none; };
zone "" in{
        type master;
        file "";
        allow-update{;;;;;    };
        notify yes;

zone "" in{
        type master;
        file "";
        allow-update{;;;;; };
        notify yes;

zone "" {
       type master;
       file "192.168";
       allow-update{; };
        notify yes;

zone "" {
       type master;
       file "172.17.0";
       allow-update{;; };
        notify yes;

zone "" {
       type master;
       file "10.176.40";
       allow-update{;; };
        notify yes;

zone "" {
       type master;
       file "10.176.41";
       allow-update{;; };
        notify yes;

This file creates an internal zone ( for IpoIB addressing and a zone ( for EoIB addressing.
The first one is exclusive in exalogic rack.
The second one is a sub-zone of global name service for company.

Internal IpoIB zone manages IpoIB-default network and IpoIB-vserver-shared-storage network.

For each zone, the reverse zone is managed too.

Zones files 
- Create file /var/named/ :
$TTL 172800 ; 2 days IN SOA (
2003080803 ; serial
43200      ; refresh (12 hours)
900        ; retry (15 minutes)
1814400    ; expire (3 weeks)
10800      ; minimum (3 hours)
MX 10
$TTL 172800 ; 2 days
ns1 A

- Create file /var/named/ :
$TTL 172800 ; 2 days IN SOA (
2003080803 ; serial
43200      ; refresh (12 hours)
900        ; retry (15 minutes)
1814400    ; expire (3 weeks)
10800      ; minimum (3 hours)
MX 10
el01sn-priv A
$TTL 172800 ; 2 days
ldap CNAME ldap-master
ldap-master A
ldap-slave A
ns1 A

Reverse zones files
- Create a file for each reverse dns, there is a sample file for one zone :
$TTL 604800 ; 1 week IN SOA (
3          ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
3600       ; minimum (1 hour)
$TTL 86400 ; 1 day

Configure name server 
On every clients :
- Configure /etc/resolv.conf

- Configure /etc/nsswitch.conf
Be sure, that for host, you have configured :
hosts files dns

Nsupdate is used to push or update informations about vServer.
There is a sample or script to execute to provide some informations.

# cat /tmp/
update delete A
update add 86400 A
update add 86400 IN PTR
update add 86400 IN PTR

To execute the script :
# nsupdate -d -v /tmp/

Note : A script in /etc/rc.d/init.d/nsupdate can be used to update dns each time a vServer is rebooted.
This script can be added to OEL template.

jeudi 13 novembre 2014

Understand "Weblogic Plugin Enabled" attribute

Why using "Weblogic Plugin Enabled" :
Weblogic Server usually receives requests through a web server or a load-balancer which works as a proxy.
When using this kind of configuration, it is important to inform Weblogic Server of the presence of a proxy to handle the client request correctly.

Set the "weblogic plugin Enabled" attribute to true indicates to WLS to call getRemoteAddr and return the original request from the browser client instead of front WebServer address.

Example : 
One of the most representative example is when using Apache Server as a SSL termination in front of Weblogic.
In a simple case which consists to access to Weblogic console, we can observe weblogic behavior with and without "WL Plugin Enabled" attribute.

WL Plugin Enabled to false : 
When "Weblogic Plugin Enabled" is set to false, the redirect send to browser is rewriten in http on initial https port.

WL Plugin Enabled to true : 
When "Weblogic Plugin Enabled" is set to true, the redirect send to browser is rewriten correctly on https on the original port.

How to activate : 
"Weblogic Plugin Enabled" attribute can be set to three level.
- Domain Level (apply to all clusters and servers that do not overwrite explicitly the attribute with different value)
- Cluster Level (apply to all members of the cluster that do not overwrite explicitly the attribute with different value)
- Server Level

Domain Level : 
- Select Domain name :

- Select "Configuration" Tab, then "Web Applications" :

- Select "Weblogic Plugin Enabled" checkbox :

Cluster Level : 
- Expand "Environment" and select "Clusters", then click on your cluster :

- On "Configuration / General" Tabs, go to "Advanced" section, then select the value for "WL Plugin Enabled" attribute.
"Default" means that domain value apply.

Server Level : 
- Expand "Environment" in "Domain Structure" and select "Servers". Select the desired server :

- Select "Configuration / General" Tab :

- Expand "Advanced" section, then select a value for "Weblogic Plugin Enabled" attribute :

mercredi 12 novembre 2014

how to resize root '/' filesystem and swap on a Exalogic vServer.

- Access to OpsCenter with owner of vServer.
- Access to vServer with root user.
- Access to a computeNode with root user.

Resize FileSystem
On vServer or OpsCenter :
Shutdown the vServer to extend main volume.
- Connect to OpsCenter
- Go to “Vdc Management / mycloud / Accounts / myAccount”
- Select the vServer
- Click “Shutdown the server” or click on the red square.
Alternative :
- Connect to vServer with root user and execute the following command :
# shutdown -h now

On a compute Node :
Go to to OVM Repository and access directly to the vServers vDisks.

On the repository :   
# cd /OVS/Repositories/000.........22/
# ls
Assemblies  ISOs  Templates  VirtualDisks  VirtualMachines

- Identify the vServer :  
# grep 'simple_name' VirtualMachines/*/*.cfg
VirtualMachines/000..........75/vm.cfg:OVM_simple_name = 'myvserver-1'
VirtualMachines/000..........48/vm.cfg:OVM_simple_name = 'myvserver-2'
VirtualMachines/ = 'myvserver-3'
VirtualMachines/000..........3f/vm.cfg:OVM_simple_name = 'ExalogicControlOpsCenterPC2'
VirtualMachines/000..........b7/vm.cfg:OVM_simple_name = 'mytemplatevserver'
VirtualMachines/000..........30/vm.cfg:OVM_simple_name = 'ExalogicControl'
VirtualMachines/000..........4b/vm.cfg:OVM_simple_name = 'ldapvserver'
VirtualMachines/000..........90/vm.cfg:OVM_simple_name = 'ExalogicControlOpsCenterPC1'

- Identify the vDisk :  
# grep -i disk VirtualMachines/000..........b7/vm.cfg
disk = ['file:/OVS/Repositories/000.........22/VirtualDisks/000..........b7.img,hda,w']
[root@elp01cn01 000.........22]# cd /OVS/Repositories/000.........22/VirtualDisks/

- Make a vDisk backup :  
# ls -l 000..........b7.img
-rw-r--r--+ 1 root root 6292504576 Jul 15 14:16 000..........b7.img
# cp 000..........b7.img 000..........b7.img.orig

- Create a new disk with the desired size :  
# dd if=/dev/zero of=System12G.img bs=5M count=2400
2400+0 records in
2400+0 records out
12582912000 bytes (13 GB) copied, 21.5651 seconds, 583 MB/s

- Copy vServer vDisk content into file newly created :  
# dd if=000..........b7.img of=System12G.img conv=notrunc,noerror
12290048+0 records in
12290048+0 records out
6292504576 bytes (6.3 GB) copied, 65.0138 seconds, 96.8 MB/s

- Replace vDisk with newly file :  
# mv System12G.img 000..........b7.img
mv: overwrite `000..........b7.img'? y

Restart the vServer and resize VolumeGroups
On OpsCenter Console :
- Connect to OpsCenter
- Go to “Vdc Management / mycloud / Accounts / myAccount”
- Select the vServer
- Click “start the server”.

On vServer
- Connect on vServer with root user and list the current disks shows in vServer :
# fdisk -l

Disk /dev/xvda: 12.5 GB, 12582912000 bytes
255 heads, 63 sectors/track, 1529 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *           1          13      104391   83  Linux
/dev/xvda2              14         765     6040440   8e  Linux LVM

Disk /dev/dm-0: 5637 MB, 5637144576 bytes
255 heads, 63 sectors/track, 685 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/dm-0 doesn't contain a valid partition table

Disk /dev/dm-1: 536 MB, 536870912 bytes
255 heads, 63 sectors/track, 65 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/dm-1 doesn't contain a valid partition table

- Delete current partition and recreate new using the entire disk :
# fdisk /dev/xvda

The number of cylinders for this disk is set to 1529.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): d
Partition number (1-4): 2

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
Partition number (1-4): 2
First cylinder (14-1529, default 14):
Using default value 14
Last cylinder or +size or +sizeM or +sizeK (14-1529, default 1529):
Using default value 1529

- Reboot to use the new partition :
# reboot -n

Broadcast message from root (pts/0) (Tue Jul 15 14:38:48 2014):

The system is going down for reboot NOW!

- Control the physical volume :
# pvdisplay
  --- Physical volume ---
  PV Name               /dev/xvda2
  VG Name               VolGroup00
  PV Size               5.76 GB / not usable 10.87 MB
  Allocatable           yes (but full)
  PE Size (KByte)       32768
  Total PE              184
  Free PE               0
  Allocated PE          184
  PV UUID               SaMlQo-Ct55-8IhX-ZEaf-rT4X-gISK-XEwdvc

- Resize the physical volume to use entire disk :
# pvresize /dev/xvda2
  Physical volume "/dev/xvda2" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized

- Scan the volume group :
# vgs
  VG         #PV #LV #SN Attr   VSize  VFree
  VolGroup00   1   2   0 wz--n- 11.59G 5.84G

- Scan the logical Volumes in VolumeGroup :
# lvscan
  ACTIVE            '/dev/VolGroup00/LogVol00' [5.25 GB] inherit
  ACTIVE            '/dev/VolGroup00/LogVol01' [512.00 MB] inherit

- Extend the volume used for swap first :
# lvextend -L +1536M /dev/VolGroup00/LogVol01
  Extending logical volume LogVol01 to 2.00 GB
  Logical volume LogVol01 successfully resized

- Extend root filesystem with all the space free in volumeGroup :
# lvextend -l +100%FREE /dev/VolGroup00/LogVol00
  Extending logical volume LogVol00 to 9.59 GB
  Logical volume LogVol00 successfully resized

- Disable the swap :
# swapoff /dev/mapper/VolGroup00-LogVol01

- Recreate the swap with the new logical volume :
#  mkswap /dev/mapper/VolGroup00-LogVol01
Setting up swapspace version 1, size = 2147479 kB

- Enable the swap with the new logical volume :
# swapon /dev/mapper/VolGroup00-LogVol01

- Control new filesystem size :
# df -m
Filesystem           1M-blocks      Used Available Use% Mounted on
                          9516      3449      5576  39% /
/dev/xvda1                  99        23        71  25% /boot
tmpfs                     3998         0      3998   0% /dev/shm

Note : Another approach can be made by adding a disk to system VG instead of resizing. 

mardi 11 novembre 2014

How to configure replication on openldap 2.4.23

Configure ldap Replication

Populate master node with a replication account :
On master Node : 
create a ldif file contains account informations :
# cat /tmp/addreplicator.ldif
dn: cn=replication,dc=el01,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: replication
sn: replication
userPassword:: e3NzaGF9V0xuYVpQaWRibENDU1hKYkpiVXVTSGhWb3hVRHFLZ09jT2RJSmc9P

Add replication account by using ldapadd command : 
#  ldapadd -x -D "cn=Manager,dc=el01,dc=com" -w welcome1 -f addreplicator.ldif -h localhost -p 389
adding new entry "cn=Replication,dc=el01,dc=com"

Add access to replication user
On master node : 
Edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif to grant read permissions to replication user on all attributes :
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif 

olcAccess: {0}to attrs=userPassword
  by self =xw
  by dn.exact="uid=pwreset,dc=el01,dc=com" =xw
  by dn.exact="uid=replication,dc=el01,dc=com" read
  by anonymous auth
  by * none
olcAccess: {1}to *
  by anonymous auth
  by self write
  by dn.exact="uid=replication,dc=el01,dc=com" read
  by users read
  by * none

Enable syncProv module
On master node : 
Create a new file /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif with the following content :
# vi /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif 
dn: cn=module{0}
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}back_bdb
olcModuleLoad: {1}syncprov

Configure syncProv module
- Turn on SyncProv module for each directory to synchronize :
# mkdir /etc/openldap/slapd.d/cn=config/olcDatabase={0}config

# mkdir /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb

# touch /etc/openldap/slapd.d/cn=config/olcDatabase\=\{0\}config/olcOverlay={0}syncprov.ldif

# touch /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb/olcOverlay={0}syncprov.ldif 

- Add the following content to each synchprov ldif file :
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig

# Sync Setup for the main LDAP Database
olcOverlay: {0}syncprov
# Sync Checkpoints every 20 changes or 1 hour
olcSpCheckpoint: 20 60
# Keep a fair number of operations in the log
olcSpSessionlog: 1000

Restart ldap service
On master Node : 
start ldap service and control there is no errors :

# service ldap start
Starting slapd:                                            [  OK  ]

Configure slave(s)
On slave Node, install and configure openldap as indicate in my previous article, except step for populate directory.

Configure ldap slave
On slave Node : 
edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif :
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
olcSyncrepl: rid=100
  retry="60 30 300 +"

Note : RID must be unique per slave and needs to be a 3 digits number.

Note : ldap Directory must be empty before starting slapd. 

Start slapd
Start ldap service :
# service ldap start
Starting slapd:                                            [  OK  ]

Replication control
Control replication by using ldapsearch on the second node :
# ldapsearch -x -b "cn=wls,ou=Group,dc=el01,dc=com" -D "cn=Manager,dc=el01,dc=com" -w welcome1 -h <slaveNodeAddress>
# extended LDIF
# LDAPv3
# base <cn=wls,ou=Group,dc=el01,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# wls, Group,
dn: cn=wls,ou=Group,dc=el01,dc=com
objectClass: posixGroup
objectClass: top
cn: wls
gidNumber: 600

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

If the result is one or more entries, the replication is working.

Note : It is possible to control replication with replica log file on master node

mardi 4 novembre 2014

Install & configure openldap 2.4.23

How to install and configure openldap 2.4.23 on OEL6.5 :

- Ntp Server : 
On each server, ntp must be configured.
Update /etc/ntp.conf with customer ntp, if enterprise ntp server can be joined.
If not, it is possible to use Ops Center virtual server as ntp server.
After modification, restart ntp service :
# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
# service ntpd start
Starting ntpd:                                             [  OK  ]

- Name service :

To complete configuration, it is recommended to add ldap servers in Enterprise Name Service directory.
If not possible, add each entry in /etc/hosts file, and each ldap servers node, and in each ldap clients node.

Rpm packages :
If no yum repository is configured, you can install rpm openldap with dependencies rpm.
On each ldap client machine : 

On each ldap server : 

Configuration file : 
Make a backup of this file before any modification.

Edit the cn=config.ldif file to provide security informations : 
Delete ldapv2 connections, allow only ldapv3, by deleting this line : 
olcAllows: bind_v2

Add Idle Connection Timeout to avoid maintaining Idle connections, add or modify the following line :
olcIdleTimeout 60

Database files
Create a Rootpassword : 
Create an encoded root password for ldap directory with slappasswd command : 
# slappasswd
New password:
Re-enter new password:

Edit Database file : olcDatabase={2}bdb.ldif
Make a backup of this file before any modification.

Edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif :
Modify olcSuffix to desired ldap configuration : 
 olcSuffix: dc=el01,dc=com

Modify ldap administrator olcRootDN : 
 olcRootDN: cn=manager,dc=el01,dc=com

Add Root password (with password generated in 4.2.1) : 
olcRootPW: {SSHA}F8SO2XunEKdP2qK4ZTFWicmaF/DrkW1Q

Start ldap service
Start the ldap service to check configuration files and to populate database online.

# chkconfig sldapd on
# service slapd start
Starting slapd: [OK]

Populate database (online)
Populate the database with ldif file for creating users and groups branchs : 
Create ldif file for create ldap tree (following contents is an example) : 
# vi /tmp/ldapentries.ldif
dn: dc=el01,dc=com
objectclass: dcObject
objectclass: organization
o: el01 com
dc: el01

dn: ou=People,dc=el01,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People

dn: ou=Group,dc=el01,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Group

dn: cn=admin,dc=el01,dc=com
objectclass: organizationalRole
cn: admin

# Add a user to test ldap
dn: uid=ddewailly,ou=People,dc=el01,dc=com
objectclass: top
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalPerson
uid: ddewailly
cn: David Dewailly
sn: Dewailly
givenName: David

Use clear text mode : 
If you don't want to use ldaps, modify /etc/sysconfig/authconfig file and replace FORCELEGACY=no by FORCELEGACY=yes

Populate with ldapadd command : 
# ldapadd -f /tmp/ldapentries.ldif -x -D cn=Manager,dc=el01,dc=com -W -c

Note : No space must be placed at the end of each line, use only new line characters.

Make a search to control entries previously added : 
# ldapsearch -x -D cn=Manager,dc=el01,dc=com -W -b 'dc=el01,dc=com' '(objectclass=*)'