Master-Zone Blog Technical Notes

15Aug/100

PHP with Apache MPM Worker

I didn't know if this is going to work or not, but I wanted at least to try Apache MPM Worker with PHP. I started with a minimal Centos5.4 installation, installed gcc and the rest of the family, download apache2.2.16 and php-5.2.14, started the compilation and building.

Installing GCC and the rest of the family...
# yum install gcc.i386 automake17.noarch libtool.i386 m4.i386 autoconf.noarch zlib-devel.i386 openssl-devel.i386

Download and build apache2.2.16
# cd /usr/src && wget http://www.alliedquotes.com/mirrors/apache/httpd/httpd-2.2.16.tar.gz && tar xzvf httpd-2.2.16.tar.gz && cd httpd-2.2.16
# ./configure --enable-layout=CustomApache --with-mpm=worker --enable-modules='ssl deflate' --enable-mods-shared='headers rewrite' && make && make install

This is my config.layout...

<layout CustomApache>
prefix:
exec_prefix: ${prefix}/usr
bindir: ${exec_prefix}/bin
sbindir: ${exec_prefix}/sbin
libdir: ${exec_prefix}/lib/apache2/lib
libexecdir: ${exec_prefix}/lib/apache2/modules
mandir: ${exec_prefix}/share/man
sysconfdir: ${prefix}/etc/apache2
datadir: ${exec_prefix}/share/apache2
iconsdir: ${datadir}/icons
htdocsdir: ${prefix}/var/www
manualdir: ${htdocsdir}/manual
cgidir: ${prefix}/var/www/cgi-bin
includedir: ${exec_prefix}/include/apache2
localstatedir: ${prefix}/var/run
runtimedir: ${prefix}/var/run
logfiledir: ${prefix}/var/log/apache2
proxycachedir: ${prefix}/var/cache/apache2/proxy
infodir: ${exec_prefix}/share/info
installbuilddir: ${prefix}/etc/apache2/build
errordir: ${datadir}/error
</layout>

Configuring apache...

(I like to write my apache config file from scratch, so I started with a very minimal config file, minimal just to get apache up and running)

# mv /etc/apache2/httpd.conf /etc/apache2/httpd.conf.orig && vi /etc/apache2/httpd.conf

This is my httpd.conf

Listen 80
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
user apache
DocumentRoot "/var/www"
ErrorLog "/var/log/apache2/error_log"

Starting apache...
# apachectl -k start

Issuing `ps xa | grep httpd` will tell you if apache is running or not.

Now it was time to compile php, I installed dev packages before compiling php...
# yum install libxml2.i386 libxml2-devel.i386 bzip2.i386 bzip2-devel.i386 bzip2-libs.i386 curl-devel.i386 curl.i386 gettext.i386 gettext-devel.i386 libc-client-devel.i386 gd-devel.i386 libmcrypt.i386 libmcrypt-devel.i386 mysql.i386 mysql-server.i386 mysql-bench.i386 mysql-devel.i386 readline-devel.i386 libtool.i386 libtool-ltdl.i386 libtool-ltdl-devel.i386

Download and build php-5.2.14...
# cd /usr/src && wget wget http://www.php.net/get/php-5.2.14.tar.gz/from/de.php.net/mirror && tar xzvf php-5.2.14.tar.gz && cd php-5.2.14
# ./configure --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/php/modules --datadir=/usr/share/php --sysconfdir=/etc/php --with-apxs2=/usr/sbin/apxs --with-openssl --with-zlib --with-bz2 --with-curl --with-gd --with-gettext --with-imap --enable-mbstring --with-mcrypt --with-mysql --with-readline --enable-sockets --enable-soap --with-kerberos --with-imap-ssl && make && make install

Now, edit httpd.conf and add
# vi /etc/apache2/httpd.conf

LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
<ifmodule dir_module>
DirectoryIndex index.php index.html
</ifmodule>
<ifmodule mime_module>
AddType application/x-httpd-php .php
</ifmodule>

And restart apache
# apachectl -k restart

VN:F [1.7.5_995]
Rating: 0.0/10 (0 votes cast)
Filed under: Linux, PHP No Comments
28May/100

Aggregating network interfaces (Debian)

Link aggregation or IEEE 802.1AX-2008 is a computer networking term which describes using multiple network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability.

Other terms for link aggregation include Ethernet bonding, NIC teaming, Trunking, port channel, link bundling, EtherChannel, Multi-link trunking (MLT), NIC bonding, network bonding, and Network Fault Tolerance (NFT).

First install ifenslave:
# apt-get install ifenslave

Then edit /etc/modprobe.d/arch/i386 and append to it:

alias bond0 bonding
options bond0 mode=balance-alb miimon=100

Then edit /etc/network/interfaces and configure the new interface

auto bond0
iface bond0 inet static
address 10.0.0.100
netmask 255.0.0.0
network 10.0.0.0
gateway 10.0.0.1
up /sbin/ifenslave bond0 eth0 eth1

Then restart the networking
# /etc/init.d/networking restart

VN:F [1.7.5_995]
Rating: 0.0/10 (0 votes cast)
Filed under: Linux, Networking No Comments
9Oct/090

Searching Active Directory with ldapsearch

Okay, so I decided to carry on through journey of integrating AD with Linux. When I got AD working after my last post, I added a user for the testing purposes. And I needed to start browsing AD from Linux, so I installed ldapscripts package which provides ldapsearch utility for searching into LDAP (in the end Active Directory is an LDAP-like directory service).

# apt-get install ldapscripts

And here’s the magic syntax,

# ldapsearch -x -LLL -E pr=200/noprompt -D "cn=Administrator,cn=Users,dc=win2k3,dc=example,dc=com" -W -H ldap://win2k3.example.com:389 -b "cn=users,dc=win2k3,dc=example,dc=com" -s sub "(cn=*)" cn mail sn

And the result was

dn: CN=Users,DC=win2k3,DC=example,DC=com
cn: Users

dn: CN=Administrator,CN=Users,DC=win2k3,DC=example,DC=com
cn: Administrator

dn: CN=Guest,CN=Users,DC=win2k3,DC=example,DC=com
cn: Guest

output omitted

dn: CN=Ahmed O. Anwar,CN=Users,DC=win2k3,DC=example,DC=com
cn: Ahmed O. Anwar
sn: Anwar
mail: ahmed@example.com

# pagedresultscookie=

VN:F [1.7.5_995]
Rating: 0.0/10 (0 votes cast)
Tagged as: , , No Comments
7Oct/093

BIND and Active Directory

I thought of playing with BIND (debian etch) and Active Directory (Windows 2003) today, so I installed Windows 2003 Enterprise on a VMware, and started setting up an Active Directory role.

So anyway here is my named.conf...

output omitted
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/master-zone.net";
};

zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/cisco.lab";
};

zone "example.com" {
type master;
file "/etc/bind/example.com";
};

zone "win2k3.example.com" {
type master;
file "/etc/bind/db.win2k3.example.com";
check-names ignore;
allow-update { 192.168.0.200; };
};
output omitted

Note...
"check-names ignore" option is required to permit underscores in the DNS names.
"allow-update" will only allow updates from the IP (or ACL) specified.

Basically, I used the "Add or remove a role" and followed the steps, at the "DNS Registration Diagnostics" it failed, so I dropped to syslog and found out that Windows needs to make a number of SRV and A record changes in it's domain in order to relate where the Domain Controllers are using dynamic DNS.

Here is my log...

Oct 6 23:25:08 neptune named[32137]: client 192.168.0.200#1618: updating zone 'win2k3.example.com/IN': adding an RR at 'win2k3.example.com' A
Oct 6 23:25:08 neptune named[32137]: journal file /etc/bind/db.win2k3.example.com.jnl does not exist, creating it
Oct 6 23:25:08 neptune named[32137]: /etc/bind/db.win2k3.example.com.jnl: create: permission denied
Oct 6 23:25:08 neptune named[32137]: client 192.168.0.200#1618: updating zone 'win2k3.example.com/IN': error: journal open failed: unexpected error
Oct 6 23:25:08 neptune named[32137]: client 192.168.0.200#1622: updating zone 'win2k3.example.com/IN': adding an RR at '_ldap._tcp.win2k3.example.com' SRV
Oct 6 23:25:08 neptune named[32137]: journal file /etc/bind/db.win2k3.example.com.jnl does not exist, creating it
Oct 6 23:25:08 neptune named[32137]: /etc/bind/db.win2k3.example.com.jnl: create: permission denied
Oct 6 23:25:08 neptune named[32137]: client 192.168.0.200#1622: updating zone 'win2k3.example.com/IN': error: journal open failed: unexpected error
Oct 6 23:25:08 neptune named[32137]: client 192.168.0.200#1626: updating zone 'win2k3.example.com/IN': adding an RR at '_ldap._tcp.Default-First-Site-Name._sites.win2k3.example.com' SRV
Oct 6 23:25:08 neptune named[32137]: journal file /etc/bind/db.win2k3.example.com.jnl does not exist, creating it
Oct 6 23:25:08 neptune named[32137]: /etc/bind/db.win2k3.example.com.jnl: create: permission denied
output omitted

BIND here needed to create db.win2k3.example.com.jnl, but there was a permissions problem with /etc/bind, so I ...


# chown bind:bind /etc/bind
# chmod 760 /etc/bind

then jumped to windows, ran the test again, and "The operation completed successfully."

After that I restarted, and went to check BIND records and found out that they were updated and the .jnl file was created.

Testing and Verification
1. Start nslookup utility in interactive mode
2. Type set type=all
3. Type _ldap._tcp.dc._msdcs.win2k3.example.com

and my result was...

Server: ns.master-zone.net
Address: 192.168.0.3

_ldap._tcp.dc._msdcs.win2k3.example.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = win2k3.win2k3.example.com
win2k3.example.com nameserver = ns.master-zone.net
win2k3.win2k3.example.com internet address = 192.168.0.200
ns.master-zone.net internet address = 192.168.0.3

VN:F [1.7.5_995]
Rating: 0.0/10 (0 votes cast)
Tagged as: , , 3 Comments
27Sep/090

Setting Up A PXE Install Server For FreeBSD With Debian

This tutorial shows how to set up a PXE install server with Debian for booting up FreeBSD sysinstall.

From Wikipedia:

The Preboot eXecution Environment (PXE, also known as Pre-Execution Environment, or 'pixie') is an environment to boot computers using a network interface independently of available data storage devices (like hard disks) or installed operating systems.

This is handy if your client computers don't have CD or floppy drives, or if you want to set up multiple computers at the same time (e.g. in a large enterprise). In this article I show how to configure a PXE server that allows you to boot FreeBSD.

1. Install required packages
# apt-get install dhcp3-server tftpd-hpa openbsd-inetd nfs-common nfs-kernel-server

2. Configure tftpd
Enable tftp
# vi /etc/default/tftpd-hpa

RUN_DAEMON="yes"

Set inetd to manage tftp connections. I will be serving the files from /srv/tftp. Edit /etc/indetd.conf and make sure tftp line is there, mine looks like
# vi /etc/indetd.conf

tftp dgram udp wait root /usrr/sbin/in.tftpd /usr/sbin/in.tftpd -s /srv/tftp

Save and restart inetd
# invoke-rc.d openbsd-inetd restart

3. Configure dhcp3
# vi /etc/dhcp3/dhcpd.conf

allow booting;
allow bootp;
default-lease-time 216000;
max-lease-time 432000;
authoritative;

option domain-name "master-zone.net";
option domain-name-servers 192.168.0.3;

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.3;
option root-path "192.168.1.3:/srv/tftp";
filename "boot/pxeboot";
}

Save and restart dhcp
# invoke-rc.d dhcp3-server restart

4. Initialize boot directory
Fetch FreeBSD bootonly CD from the mirrors, mount the iso image, then copy the PXE boot folder to /srv/tftp
# wget ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/7.2/7.2-RELEASE-i386-bootonly.iso
# mount -t iso9660 7.2-RELEASE-i386-bootonly.iso /mnt/cd
# cp -r /mnt/cd/boot /srv/tftp

5. Configure NFS to export boot directory
This step is very important since FreeBSD uses NFS to fetch sysinstall files
# vi /etc/exports

/srv/tftp *(ro,sync,subtree_check,no_root_squash)

# exportfs -ra

6. Configure FreeBSD PXE boot files
# cd /srv/tftp/boot/
# echo 'vfs.root.mountfrom="ufs:/dev/md0c"' >> loader.conf
# gunzip -d mfsroot.gz

VN:F [1.7.5_995]
Rating: 0.0/10 (0 votes cast)
Tagged as: , , No Comments
   

Categories

Archives

Meta