Debian GNU/Linux version 9.0 stretch has been released ( jump to download ) after many months of constant development and available for download in various media format.
From my mailbag: Dear nixCraft, I run a Debian Linux 8.x on my Desktop and Ubuntu Linux 16.04 LTS on my Linode cloud server for my personal website.
The Debian GNU/Linux project has released an updated version of its stable distribution Debian 8 (“jessie”).
Today I will be talking about ansible, a powerful configuration management solution written in python.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.
HAProxy is open source proxy that can be used to enable high availability and load balancing for web applications. It was designed especially for high load projects so it is very fast and predictable, HAProxy is based on single-process model.
In this post I’ll describe sample setup of HAProxy: users’ requests are load balanced between two web servers Web1 and Web1, if one of them goes down then all the request are processed by alive server, once dead servers recovers load balancing enables again. See topology to the right.
yum install haproxy
apt-get install haproxy
As soon as HAProxy is installed it’s time to edit its configuration file, usually it’s placed in /etc/haproxy/haproxy.cfg. Official documentation for HAProxy 1.4 (stable) is here.
Here is configuration file to implement setup shown at the diagram and described above:
global user daemon group daemon daemon log 127.0.0.1 daemon listen http bind 184.108.40.206:80 mode http option tcplog log global option dontlognull balance roundrobin clitimeout 60000 srvtimeout 60000 contimeout 5000 retries 3 server web1 web1.example.com:80 check server web2 web2.example.com:80 check cookie web1 insert nocache cookie web2 insert nocache
Let’s stop on most important parts of this configuration file. Section global specifies user and group which will be used to run haproxy process (daemon in our example). Line daemon tells HAProxy to run in background, log 127.0.0.1 daemon specifies syslog facility for sending logs from HAProxy.
Section listen http contains line bind 220.127.116.11:80 that specifies IP address and port that will be used to accept users’ requests (they will be load balanced between Web1 and Web2). Line mode http means that HAProxy will filter all requests different from HTTP and will do load balancing over HTTP protocol.
Line balance roundrobin specifies load balancing algorithm according to which each web server (Web1 and Web2) will be used in turns according to their weights. In our example weights for both servers are the same so load balancing is fair.
Lines server web1 … and server web2 … specify web servers for load balancing and failover, in our case they are load balanced according to round robin algorithm and have the same priority/weight.
The last two lines in configuration files are optional, they makes it possible to preserve cookies, it means for example that if you logged in to web application hosted at Web1 and then HAProxy forwarded your next request to Web2 you will still have logged in session opened as cookies with session id from Web1 will be sent to you from Web2 as well.
It’s hard to believe but I didn’t know about Grub fallback feature. So every time when I needed to reboot remote server into a new kernel I had to test it on local server to make sure it won’t panic on remote unit. And if kernel panic still happened I had to ask somebody who has physical access to the server to reboot the hardware choose proper kernel in Grub. It’s all boring and not healthful – it’s much better to use Grub’s native fallback feature.
Grub is default boot loader in most Linux distributions today, at least major distros like Centos/Fedora/RedHat, Debian/Ubuntu/Mint, Arch use Grub. This makes it possible to use Grub fallback feature just out of the box. Here is example scenario.
There is remote server hosted in New Zealand and you (sitting in Denmark) have access to it over the network only (no console server). In this case you cannot afford that the new kernel makes server unreachable, e.g. if new kernel crash during boot it won’t load network interface drivers so your Linux box won’t appear online until somebody reboots it into workable kernel. Thankfully Grub can be configured to try loading new kernel once and if it fails Grub will load another kernel according to configuration. You can see my example grub.conf below:
default=saved timeout=5 splashimage=(hd0,1)/boot/grub/splash.xpm.gz hiddenmenu fallback 0 1 title Fedora OpenVZ (2.6.32-042stab053.5) root (hd0,1) kernel /boot/vmlinuz-2.6.32-042stab053.5 ro root=UUID=6fbdddf9-307c-49eb-83f5-ca1a4a63f584 rd_MD_UUID=1b9dc11a:d5a084b5:83f6d993:3366bbe4 rd_NO_LUKS rd_NO_LVM rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=sv-latin1 rhgb quiet crashkernel=auto initrd /boot/initramfs-2.6.32-042stab053.5.img savedefault fallback title Fedora (18.104.22.168-88.fc14.i686) root (hd0,1) kernel /boot/vmlinuz-22.214.171.124-88.fc14.i686 ro root=UUID=6fbdddf9-307c-49eb-83f5-ca1a4a63f584 rd_MD_UUID=1b9dc11a:d5a084b5:83f6d993:3366bbe4 rd_NO_LUKS rd_NO_LVM rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=sv-latin1 rhgb quiet initrd /boot/initramfs-126.96.36.199-88.fc14.i686.img savedefault fallback
According to this configuration Grub will try to load ‘Fedora OpenVZ’ kernel once and if it fails system will be loaded into good ‘Fedora’ kernel. If ‘Fedora OpenVZ’ loads well you’ll be able to reach the server over the network after reboot. Notice lines ‘default=saved’ and ‘savedefault fallback’ which are mandatory to make fallback feature working.
I’ve heard that official Grub fallback feature may work incorrectly on RHEL5 (and Centos 5) so there is elegant workaround (found here):
1. Add param ‘panic=5′ to your new kernel line so it looks like below:
title Fedora OpenVZ (2.6.32-042stab053.5) root (hd0,1) kernel /boot/vmlinuz-2.6.32-042stab053.5 ro root=UUID=6fbdddf9-307c-49eb-83f5-ca1a4a63f584 rd_MD_UUID=1b9dc11a:d5a084b5:83f6d993:3366bbe4 rd_NO_LUKS rd_NO_LVM rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=sv-latin1 rhgb quiet crashkernel=auto panic=5 initrd /boot/initramfs-2.6.32-042stab053.5.img
This param will make crashed kernel to reboot itself in 5 seconds.
2. Point default Grub param to good kernel, e.g. ‘default=0′.
3. Type in the following commands (good kernel appears in grub.conf first and new kernel is second one):
# grub grub> savedefault --default=1 --once savedefault --default=1 --once grub> quit
This will make Grub to boot into new kernel once and if it fails it will load good kernel. Now you can reboot the server and make sure it will 100% appear online in a few minutes. I usually prefer native Grub fallback feature but if you see it doesn’t work for you it makes sense to try above mentioned workaround.