jeudi 25 juin 2015

Create a Yum repository on Exalogic 2.0.6.2.x

This document describes how to create a yum repository on ZFS Storage inside an Exalogic machine.

Prepare your environment

Create a zfs share

Connect to one of the storage server to create a share.
This share hosts the Exalogic yum repository.
  • Connect to storage server

Add Share to project

  • Create a share named ‘yum-repo’ on common project

Add permissions on share

  • Add Nfs Exception to access the share from IPoIB-vserver-shared-storage network.
  • Add read/Write and root access.

Prepare repository

Mount ‘yum-repo’ share on a vServer

- Edit /etc/fstab and add a entry :
172.17.0.5:/export/common/yum-repo /export/common/yum-repo nfsv4 rw,bg,hard,nointr,rsize=131072,wsize=131072 0 0
With 172.17.0.5 is the IPoIB address of the storage server on IPoIB-vserver-shared-storage

  • Create directory /export/common/yum-repo
# mkdir –p /export/common/yum-repo

  • Mount directory on vServer :
# mount /export/common/yum-repo

Prepare files


  • upload Oracle Enterprise Linux iso file in the share :
With your favorite scp client, copy Oracle Enterprise Linux iso file to /export/common/yum-repo.

  • Create temporary directory and repository version directory :
# mkdir –p /export/common/yum-repo/tmp /export/common/yum-repo/OEL_6.5

  • mount iso file on the temporary directory :
# mount -o loop /export/common/yum-repo/OEL_6.5.iso /export/common/yum-repo/tmp

  • Copy iso content in repository directory :
# cp -r /export/common/yum-repo/tmp/* /export/common/yum-repo/OEL_6.5

Create your repository

  • To create repository, you must install createrepo package.
This package can be found on temporary directory previously created

Control if already installed :
# rpm –qa |grep createrepo
createrepo-0.4.11-3.el5

  • Install package :
# rpm –Uvh /export/common/yum-repo/tmp/createrepo-0.4.11-3.el5.x86_64.rpm /export/common/yum-repo/tmp/deltarpm-* /export/common/yum-repo/tmp/python-deltarpm-*

  • At this step, remove any link to Packages directory in subdirectories to avoid loop in repository :
# find . -name Packages -type l -exec rm -f {} \;

  • Create repository :
# cd /export/common/yum-repo/OEL_6.5/
# createrepo .
3380/3380 - Cluster/ipvsadm-1.24-13.el5.x86_64.rpm pmpmx86_64.rpm
Saving Primary metadata
Saving file lists metadata
Saving other metadata

Cleanup environment

  • Unmount iso file :
# cd /export/common/yum-repo/
# umount –f /export/common/yum-repo/tmp/

  • Delete iso file :
# rm -f /export/common/yum-repo/OEL_5.8.iso

Configure yum client

Update configuration files

  • Update /etc/yum.conf file :
Add exclusion to Exalogic specific package which cannot be updated:
exclude=kernel* compat-dapl* dapl* ib-bonding* ibacm* ibutils* ibsim* infiniband-diags* kmod-ovmapi-uek* libibcm* libibmad* libibumad* libibverbs* libmlx4* libovmapi* librdmacm* libsdp* mpi-selector* mpitests_openmpi_gcc* mstflint* ofed* openmpi_gcc* opensm* ovm-template-config* ovmd* perftest* qperf* rds-tools* sdpnetstat* srptools* xenstoreprovider* initscripts* nfs-utils*

  • Create /etc/yum.repos.d/local_yum.repo file with the following content:
[local_yum]
name=Exalogic Yum Rack
baseurl=http://172.17.0.5/shares/export/common/yum-repo/OEL_6.5.iso
gpgcheck=0
enabled=1

Refresh yum database

Refresh yum client on each machine now configured with the local repository.
  • First, clean yum cache :
# yum clean all
Loaded plugins: rhnplugin, security
Cleaning up Everything

  • Recreate yum cache and headers :
# yum repolist
Loaded plugins: rhnplugin, security
This system is not registered with ULN.
ULN support will be disabled.
local_yum | 951 B 00:00
local_yum/primary | 1.4 MB 00:00
local_yum 3380/3380
Excluding Packages from Exalogic TVP yum rack
Finished
repo id repo name status
local_yum Exalogic TVP yum rack 3,288+92
repolist: 3,288

Now, you can install packages with yum install command.

mercredi 3 juin 2015

How to configure a internal dns for Exalogic system :

Prerequisites
Packages
Following package are necessary for dns Server :
bind
Following package are necessary for testing dns client :
bind-utils

Installation 
On DNS server : 
On domain Name server, installation can be made with yum repository.
- To install named, execute the following command :
# yum install bind –skip-broken

Note : '--skip-broken' option is added to do not upgrade packages dependencies.

- To configure named as a service :
# chkconfig named on

- To start named service :
# service named start

On clients :
On every clients :
bind-utils package installation can be made with yum repository.
To install named, execute the following command :
# yum install bind-utils

Configure named
These actions must be made only on vServer host named service
/etc/named.conf
- Create a file /etc/named.conf with the following content :

options {
        directory "/var/named";

        # hide version string for security
        version "not currently available";

        # Listen to the loopback device and internal networks only
        listen-on { 127.0.0.1; 172.16.0.100; 172.17.0.100; 192.168.0.100; 10.10.0.100; };
        #listen-on-v6 { ::1; };

        # Do not query from the specified source port range
        avoid-v4-udp-ports { range 1 32767; };
        avoid-v6-udp-ports { range 1 32767; };

        # forward all DNS queries to enterprise DNS
        forwarders { 172.30.121.25; 172.30.182.11; };
        forward only;

        # expire negative answers ASAP.
        # do not cache dns query failure
        max-ncache-ttl 1; # 1 seconds

        # disable non-relevant operations
        allow-transfer { none; };
        allow-update-forwarding { none; };
        allow-notify { none; };
};
zone "exa-admin.el01.com" in{
        type master;
        file "exa-admin.el01.com";
        allow-update{192.168.0.0/21; 10.10.0.0/24; 10.10.1.0/26; 10.10.1.64/26; 10.10.1.128/26;    };
        notify yes;
};

zone "exa-internal.el01.com" in{
        type master;
        file "exa-internal.el01.com";
        allow-update{192.168.0.0/21; 10.10.0.0/24; 10.10.1.0/26; 10.10.0.64/26; 10.10.0.128/26; };
        notify yes;
};

zone "168.192.in-addr.arpa" {
       type master;
       file "192.168";
       allow-update{192.168.0.0/21; };
        notify yes;
};

zone "0.17.172.in-addr.arpa" {
       type master;
       file "172.17.0";
       allow-update{172.17.0.0/16; 192.168.0.0/21; };
        notify yes;
};

zone "0.10.10.in-addr.arpa" {
       type master;
       file "10.176.40";
       allow-update{172.16.0.0/16; 192.168.0.0/21; };
        notify yes;
};

zone "1.10.10.in-addr.arpa" {
       type master;
       file "10.176.41";
       allow-update{172.16.0.0/16; 192.168.0.0/21; };
        notify yes;
};

This file creates an internal zone (exa-internal.el01.com) for IpoIB addressing and a zone (exa-admin.el01.com) for EoIB addressing.
The first one is exclusive in exalogic rack.
The second one is a sub-zone of global name service for company.

Internal IpoIB zone manages IpoIB-default network and IpoIB-vserver-shared-storage network.

For each zone, the reverse zone is managed too.

Zones files 
- Create file /var/named/exa-admin.el01.com :
$ORIGIN .
$TTL 172800 ; 2 days
exa-admin.el01.com IN SOA ns1.exa-admin.el01.com. root.exa-admin.el01.com. (
2003080803 ; serial
43200      ; refresh (12 hours)
900        ; retry (15 minutes)
1814400    ; expire (3 weeks)
10800      ; minimum (3 hours)
)
NS ns1.exa-admin.el01.com.
MX 10 ns1.exa-admin.el01.com.
$ORIGIN exa-admin.el01.com.
$TTL 172800 ; 2 days
ns1 A 192.168.0.100

- Create file /var/named/exa-internal.el01.com :
$ORIGIN .
$TTL 172800 ; 2 days
exa-internal.el01.com IN SOA ns1.exa-internal.el01.com. root.exa-internal.el01.com. (
2003080803 ; serial
43200      ; refresh (12 hours)
900        ; retry (15 minutes)
1814400    ; expire (3 weeks)
10800      ; minimum (3 hours)
)
NS ns1.exa-internal.el01.com.
MX 10 ns1.exa-internal.el01.com.
$ORIGIN exa-internal.el01.com.
el01sn-priv A 172.17.0.5
$TTL 172800 ; 2 days
ldap CNAME ldap-master
ldap-master A 192.168.0.100
ldap-slave A 192.168.0.200
ns1 A 192.168.0.100


Reverse zones files
- Create a file for each reverse dns, there is a sample file for one zone :
$ORIGIN .
$TTL 604800 ; 1 week
0.10.10.in-addr.arpa IN SOA ns1.exa-admin.el01.com. root.exa-admin.el01.com. (
3          ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
3600       ; minimum (1 hour)
)
NS ns1.exa-admin.el01.com.
$ORIGIN 0.10.10.in-addr.arpa.
$TTL 86400 ; 1 day

Clients
Configure name server 
On every clients :
- Configure /etc/resolv.conf
domain  exa-internal.el01.com
search exa-internal.el01.com exa-admin.el01.com mydomain.com
nameserver 192.168.0.100

- Configure /etc/nsswitch.conf
Be sure, that for host, you have configured :
hosts files dns

Nsupdate
Nsupdate is used to push or update informations about vServer.
There is a sample or script to execute to provide some informations.

# cat /tmp/nsreg.info
server 192.168.0.100
zone exa-internal.el01.com.
update delete myvserver-1.exa-internal.el01.com. A
update add myvserver-1.exa-internal.el01.com. 86400 A 192.168.0.10
send
server 192.168.0.100
zone 0.10.10.in-addr.arpa
update add 10.0.10.10.in-addr.arpa. 86400 IN PTR myvserver-1.exa-admin.el01.com.
send
zone 0.168.192.in-addr.arpa
update add 10.0.168.192.in-addr.arpa. 86400 IN PTR  myvserver-1.exa-internal.el01.com.
send

To execute the script :
# nsupdate -d -v /tmp/nsreg.info


Note : A script in /etc/rc.d/init.d/nsupdate can be used to update dns each time a vServer is rebooted.
This script can be added to OEL template.