Archive
Getting Started with EucaLobo
Initial Setup
In my previous post, I described the story behind EucaLobo, a graphical interface for managing workloads on AWS and Eucalyptus clouds through a <cliche>single pane of glass</cliche>. The tool is built using Javascript and the XUL framework allowing it to be used on Linux, Windows, and Mac for the following APIs:
- EC2
- EBS
- S3
- IAM
- CloudWatch
- AutoScaling…
The Journey to EucaLobo
The 3.3.0 feature barrage
As a quality engineer it is always useful to have an at-a-glance view of the state of your system under test. Unfotunately, having reliable graphical tools is not always possible during testing phases as the UI is often trailing the development of core features. During the 3.3.0 release, the Eucalyptus development team added an incredible amount of API calls to its already large catalog of AWS compatible operations:
Eucalyptus 3.3.0 in a nutshell
Eucalyptus 3.3.0, the most exciting Eucalyptus release so far is knocking on the door or perhaps it has been already released when you are reading this post.
Eucalyptus 3.3.0 has couple of most desired Amazon Web Services (AWS) features by the cloud users:
1. Elastic Load Balancing (ELB)
Needless to say, this is an AWS ELB compatible feature which is being introduced in Eucalyptus 3.3.0.
Managing a DNS Domain from One Place
Taking a DNS name and resolving it to the address of a machine is easy to understand and easy to implement if you're an administrator. Doing a reverse lookup from an address back to a name, however, is more difficult due to the way addresses are divided up. I won't attempt to describe the details here (I recommend Liu and Albitz's DNS and BIND for the gory details), but in short, the way this works is by breaking an IP address into its four octets and handling them from there like regular hierarchical names in the special…
Bind DNS + OpenLDAP MDB == Dynamic Domain and Fully Delegated Sub-Domain Configuration of DNS
This blog post was driven by the need to make it easier to test Eucalyptus DNS in a lab environment. The goal was to have a scriptable way to add/delete fully delegated sub-domains without having to reload/restart DNS when Eucalyptus clouds were being deployed/destroyed. This was tested on an CentOS 6 instance running in a Eucalyptus 3.3 HA Cloud.
Prerequisites
This entry will not cover setting up Eucalyptus HA, creating a Eucalyptus user, using eustore to register the image, and/or opening up ports in security groups. Its assumed the reader understands these concepts. The focus will be configuring and deploying Bind9 and OpenLDAP.
In addition to using a CentOS 6.4 image, the following is needed:
- ports open for DNS (tcp and udp 53)
- port open for OpenLDAP (tcp 389)
- port open for SSH (tcp 22)
Now that the prereqs have been covered, lets jump into setting up the environment.
Base Software Installation
There are a series of packages needed to install OpenLDAP (since we are building from source), and Bind9. Once the instance is launched and running, SSH into the instance, and run the following commands:
# sudo yum -y upgrade # sudo yum install -y git cyrus-sasl gcc glibc-devel libtool-ltdl \ db4-devel openssl-devel unixODBC-devel libtool-ltdl-devel libtool \ cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-lib cyrus-sasl-md5 \ make bind-dyndb-ldap
All the packages except for bind-dyndb-ldap are needed to build OpenLDAP from source. The reason we are building OpenLDAP from source is to take advantage of their powerful backend – MDB. Check out my previous blogs on this topic from this listing.
The key package for Bind9 DNS to communicate to OpenLDAP as a backend is bind-dyndb-ldap. This plug-in is used by the FreeIPA Identity/Policy Management application to help leverage 389 Directory Servers (which is based off OpenLDAP) for storing domain name information.
OpenLDAP Installation and Configuration
Since all the base packages are installed, we can now grab and install the latest source version of OpenLDAP. While still being logged into the instance, run the following command:
# git clone git://git.openldap.org/openldap.git ~/openldap
Since we are working with an instance based on the CentOS 6 image on eustore, we will use the ephemeral store (which is mounted under /media/ephemeral0) for the location of our OpenLDAP installation. Create a directory for installing OpenLDAP on the ephemeral store by running the command below:
# mkdir /media/ephemeral0/openldap
Next, configure OpenLDAP:
# cd ~/openldap # ./configure --prefix=/media/ephemeral0/openldap --enable-debug=yes \ --enable-syslog --enable-dynamic --enable-slapd --enable-dynacl \ --enable-spasswd --enable-modules --enable-rlookups --enable-mdb \ --enable-monitor --enable-overlays --with-cyrus-sasl --with-threads \ --with-tls=openssl CC="gcc" LDFLAGS="-L/usr/lib64/sasl2" CPPFLAGS="-I/usr/include/sasl"
After thats completed successfully, compile and install OpenLDAP:
# make depend # make # sudo make install
After the installation is complete, create the openldap user that will be responsible for running OpenLDAP:
# sudo useradd -m -U -c "OpenLDAP User" -s /bin/bash openldap # sudo passwd -l openldap
Since the bind-dyndb-ldap package was installed earlier, copy the schema to where OpenLDAP stores its schemas, so that it can be added to the OpenLDAP configuration:
# sudo cp /usr/share/doc/bind-dyndb-ldap-2.3/schema \ /media/ephemeral0/openldap/etc/openldap/schema/bind-dyndb-ldap.schema
Next, create the LDAP password for the cn=admin,cn=config user. This user is responsible for managing the configuration of the OpenLDAP server using OLC:
# /media/ephemeral0/openldap/sbin/slappasswd -h {SSHA}
Modify the slapd.conf file located under /media/ephemeral0/openldap/etc/openldap/, to set up the base configuration structure (cn=config) for OpenLDAP. When completed, it should look like the following:
#######################################################################
# Config database definitions
#######################################################################
pidfile /media/ephemeral0/openldap/var/run/slapd.pid
argsfile /media/ephemeral0/openldap/var/run/slapd.args
database config
rootdn cn=admin,cn=config
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx - (password created for cn=admin,cn=config user)
# Schemas, in order
include /media/ephemeral0/openldap/etc/openldap/schema/core.schema
include /media/ephemeral0/openldap/etc/openldap/schema/cosine.schema
include /media/ephemeral0/openldap/etc/openldap/schema/inetorgperson.schema
include /media/ephemeral0/openldap/etc/openldap/schema/collective.schema
include /media/ephemeral0/openldap/etc/openldap/schema/corba.schema
include /media/ephemeral0/openldap/etc/openldap/schema/duaconf.schema
include /media/ephemeral0/openldap/etc/openldap/schema/dyngroup.schema
include /media/ephemeral0/openldap/etc/openldap/schema/misc.schema
include /media/ephemeral0/openldap/etc/openldap/schema/nis.schema
include /media/ephemeral0/openldap/etc/openldap/schema/openldap.schema
include /media/ephemeral0/openldap/etc/openldap/schema/ppolicy.schema
include /media/ephemeral0/openldap/etc/openldap/schema/bind-dyndb-ldap.schema
Create the slapd.d directory under /media/ephemeral0/openldap/etc/openldap/. This will contain all the directory information:
# sudo chown -R openldap:openldap /media/ephemeral0/openldap/* # su - openldap -c "mkdir /media/ephemeral0/openldap/etc/openldap/slapd.d"
Populate the slapd.d directory with the base configuration by running the following command:
su - openldap -c "/media/ephemeral0/openldap/sbin/slaptest \ -f /media/ephemeral0/openldap/etc/openldap/slapd.conf \ -F /media/ephemeral0/openldap/etc/openldap/slapd.d" config file testing succeeded
For this example, we will be setting up the directory to use dc=eucalyptus,dc=com as the LDAP base. Create the cn=Directory Manager,dc=eucalyptus,dc=com LDAP password:
# /media/ephemeral0/openldap/sbin/slappasswd -h {SSHA}
Create an LDIF that will define the configuration of the DB associated with the information regarding the DNS entries. For this example, the LDIF will be called directory-layout.ldif. It should look like the following:
#######################################################################
# MDB database definitions
#######################################################################
#
dn: olcDatabase=mdb,cn=config
changetype: add
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcSuffix: dc=eucalyptus,dc=com
olcRootDN: cn=Directory Manager,dc=eucalyptus,dc=com
olcRootPW: {SSHA}xxxx - (password of cn=Directory Manager,dc=eucalyptus,dc=com user)
olcDbDirectory: /media/ephemeral0/openldap/var/openldap-data/dns
olcDbIndex: objectClass eq
olcAccess: to attrs=userPassword by dn="cn=Directory Manager,dc=eucalyptus,dc=com"
write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=Directory Manager,dc=eucalyptus,dc=com" write by * read
olcDbMaxReaders: 0
olcDbMode: 0600
olcDbSearchStack: 16
olcDbMaxSize: 4294967296
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbNoSync: FALSE
olcDbEnvFlags: writemap
olcDbEnvFlags: nometasync
Make sure and create the directory where the DB information will be stored:
# su - openldap -c "mkdir /media/ephemeral0/openldap/var/openldap-data/dns"
Start up the OpenLDAP directory:
# sudo /media/ephemeral0/openldap/libexec/slapd -h "ldap:/// ldapi:///" \ -u openldap -g openldap
After OpenLDAP has been started successfully, upload the directory-layout.ldif as the cn=admin,cn=config user:
# /media/ephemeral0/openldap/bin/ldapadd -D cn=admin,cn=config -W \ -f directory-layout.ldif Enter LDAP Password: adding new entry "olcDatabase=mdb,cn=config"
To allow search access to the directory, create an LDIF called frontend.ldif, that contains the following:
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.base="" by * read
olcAccess: to dn.base="cn=Subschema" by * read
olcAccess: to * by self write by users read by anonymous auth
Upload the LDIF using the ldapmodify command:
# /media/ephemeral0/openldap/bin/ldapmodify -D cn=admin,cn=config -W -f frontend.ldif
Enter LDAP Password:
modifying entry "olcDatabase={-1}frontend,cn=config"
To check the results of these changes, use ldapsearch:
# /media/ephemeral0/openldap/bin/ldapsearch -D cn=admin,cn=config -W -b cn=config Enter LDAP Password: (ldapsearch results...)
After confirming that the base configurations have been stored, create an LDIF called dns-domain.ldif that lays out the directory structure for the database. As seen previously in the directory-layout.ldif, the base is dc=eucalyptus,dc=com. The dns-domain.ldif file should look like the following:
dn: dc=eucalyptus,dc=com objectClass: top objectClass: dcObject objectclass: organization o: Eucalyptus Systems Inc - QA DNS Domain dc: eucalyptus description: Test LDAP+DNS Setup dn: ou=dns,dc=eucalyptus,dc=com objectClass: organizationalUnit ou: dns
After creating the dns-domain.ldif file, upload the file using the cn=Directory Manager,dc=eucalyptus,dc=com user:
# /media/ephemeral0/openldap/bin/ldapadd -H ldap://localhost \ -D "cn=Directory Manager,dc=eucalyptus,dc=com" -W -f dns-domain.ldif Enter LDAP Password: adding new entry "dc=eucalyptus,dc=com" adding new entry "ou=dns,dc=eucalyptus,dc=com"
To allow the cn=Directory Manager,dc=eucalyptus,dc=com user to see what updates are being done to the Directory, enable the Access Log overlay. To enable this option, create an LDIF file called access-log.ldif. The contents should look like the following:
dn: olcDatabase={2}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /media/ephemeral0/openldap/var/openldap-data/access
olcSuffix: cn=log
olcDbIndex: reqStart eq
olcDbMaxSize: 1073741824
olcDbMode: 0600
olcAccess: {1}to * by dn="cn=Directory Manager,dc=eucalyptus,dc=com" read
dn: olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=log
olcAccessLogOps: all
olcAccessLogPurge: 7+00:00 1+00:00
olcAccessLogSuccess: TRUE
olcAccessLogOld: (objectclass=idnsRecord)
After creating the access-log.ldif, create the directory for storing the access database:
# su - openldap -c "mkdir /media/ephemeral0/openldap/var/openldap-data/access"
Upload the LDIF using the cn=admin,cn=config user:
# /media/ephemeral0/openldap/bin/ldapadd -D cn=admin,cn=config -W -f access-log.ldif
Now that OpenLDAP is ready to go, let’s work on configuring Bind9 DNS.
Bind9 DNS Configuration
Since bind-dyndb-ldap has a dependency package of bind, named has already been installed on the instance. The only thing left to do is edit /etc/named.conf so that we are able to use the dynamic ldap backend module. Edit /etc/named.conf so that it looks like the following:
options {
listen-on port 53 { <private IP address of the instance>; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
allow-recursion { any; };
};
dynamic-db "qa_dns_test" {
library "ldap.so";
arg "uri ldap://localhost";
arg "base ou=dns,dc=eucalyptus, dc=com";
arg "auth_method none";
arg "cache_ttl 10";
arg "zone_refresh 1";
arg "dyn_update yes";
};
logging {
channel default_debug {
file "data/named.run";
severity debug;
print-time yes;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
As seen above, the dynamic-db section is the configuration for connecting to the OpenLDAP server. For more advanced configurations, please reference the README in the bind-dyndb-ldap repository on git.fedorahosted.org.
Now we are ready to start named (the bind DNS server). Before starting the server, make sure and create the rndc key, then start named:
# rndc-confgen -a -r /dev/urandom # service named start
You have successfully created an Bind9 DNS + OpenLDAP deployment. Let’s run a quick test.
Test the Deployment
To test the deployment, I created an LDIF called test-cloud.ldif. The configuration sets up a domain called eucalyptus-systems.com. It also creates a sub-domain that will be forwarding requests for euca-hasp.eucalyptus-systems.com to the CLCs of the Eucalyptus HA deployment that has been set up. The contents of the file are as follows:
dn: idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: top objectClass: idnsZone objectClass: idnsRecord idnsName: eucalyptus-systems.com idnsUpdatePolicy: grant EUCALYPTUS-SYSTEMS.COM krb5-self * A; idnsZoneActive: TRUE idnsSOAmName: server.eucalyptus-systems.com idnsSOArName: root.server.eucalyptus-systems.com idnsAllowQuery: any; idnsAllowDynUpdate: TRUE idnsSOAserial: 1 idnsSOArefresh: 10800 idnsSOAretry: 900 idnsSOAexpire: 604800 idnsSOAminimum: 86400 NSRecord: ns ARecord: 192.168.55.103 - (the public IP of the instance) dn: idnsName=ns,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: idnsRecord objectClass: top idnsName: ns aRecord: 192.168.55.103 dn: idnsName=server,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: idnsRecord objectClass: top idnsName: server CNAMERecord: eucalyptus-systems.com. dn: idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com objectClass: idnszone objectClass: idnsrecord objectClass: top idnsName: 39.168.192.in-addr.arpa. idnsSOAmName: server.eucalyptus-systems.com idnsSOArName: root.server.eucalyptus-systems.com idnsSOAserial: 1350039556 idnsSOArefresh: 10800 idnsSOAretry: 900 idnsSOAexpire: 604800 idnsSOAminimum: 86400 idnsZoneActive: TRUE idnsAllowDynUpdate: TRUE idnsAllowQuery: any; idnsAllowTransfer: none; idnsUpdatePolicy: grant EUCALYPTUS-SYSTEMS.COM krb5-subdomain 39.168.192.in-addr.arpa. PTR; nSRecord: server.eucalyptus-systems.com. dn: idnsName=_ldap._tcp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: idnsRecord objectClass: top idnsName: _ldap._tcp SRVRecord: 0 100 389 server dn: idnsName=_ntp._udp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: idnsRecord objectClass: top idnsName: _ntp._udp SRVRecord: 0 100 123 server # The DNS entries for the CLCs of the cloud - viking-01 and viking-02 dn: idnsName=viking-02,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: idnsRecord objectClass: top idnsName: viking-02 aRecord: 192.168.39.102 dn: idnsname=102,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com objectClass: idnsrecord objectClass: top idnsName: 102 pTRRecord: viking-02.eucalyptus-systems.com. dn: idnsName=viking-01,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: idnsRecord objectClass: top idnsName: viking-01 aRecord: 192.168.39.101 dn: idnsname=101,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com objectClass: idnsrecord objectClass: top idnsName: 101 pTRRecord: viking-01.eucalyptus-systems.com. # The delegated zone - euca-hasp.eucalyptus-systems.com dn: idnsName=euca-hasp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com objectClass: top objectClass: idnsRecord objectClass: idnsZone idnsForwardPolicy: first idnsAllowDynUpdate: FALSE idnsZoneActive: TRUE idnsAllowQuery: any; idnsForwarders: 192.168.39.101 idnsForwarders: 192.168.39.102 idnsName: euca-hasp idnsSOAmName: server.eucalyptus-systems.com idnsSOArName: root.server.eucalyptus-systems.com idnsSOAretry: 15 idnsSOAserial: 1 idnsSOArefresh: 80 idnsSOAexpire: 120 idnsSOAminimum: 30 nSRecord: viking-01.eucalyptus-systems.com nSRecord: viking-02.eucalyptus-systems.com
Since this was intended for a lab environment where sub-domains (and possibly domains) would be added/deleted on a regular basis, the SOA records were not set to the RFC 1912 standards defined for production DNS use.
After creating this LDIF, it was uploaded to the LDAP server as the cn=Directory Manager,dc=eucalyptus,dc=com user:
# /media/ephemeral0/openldap/bin/ldapadd -H ldap://localhost \ -D "cn=Directory Manager,dc=eucalyptus,dc=com" -W -f test-cloud.ldif Enter LDAP Password: adding new entry "idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsName=ns,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsName=server,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsName=_ldap._tcp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsName=_ntp._udp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsName=viking-02,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsname=102,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsName=viking-01,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsname=101,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com" adding new entry "idnsName=euca-hasp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
To test out the setup, tests were ran against the public IP address of the instance to resolve for the various configurations:
# nslookup viking-01.eucalyptus-systems.com 192.168.55.103 Server: 192.168.55.103 Address: 192.168.55.103#53 Name: viking-01.eucalyptus-systems.com Address: 192.168.39.101 # nslookup 192.168.39.101 192.168.55.103 Server: 192.168.55.103 Address: 192.168.55.103#53 101.39.168.192.in-addr.arpa name = viking-01.eucalyptus-systems.com. # nslookup eucalyptus.euca-hasp.eucalyptus-systems.com 192.168.55.103 Server: 192.168.55.103 Address: 192.168.55.103#53 Non-authoritative answer: Name: eucalyptus.euca-hasp.eucalyptus-systems.com Address: 192.168.39.102 # nslookup walrus.euca-hasp.eucalyptus-systems.com 192.168.55.103 Server: 192.168.55.103 Address: 192.168.55.103#53 Non-authoritative answer: Name: walrus.euca-hasp.eucalyptus-systems.com Address: 192.168.39.101
As see above, not only did the resolution come back correct for the machines under the eucalyptus-systems.com domain, but it also forwarded the requests for the hosts under euca-hasp.eucalyptus-systems.com correctly, and returned the correct response.
To delete the set up, an LDIF called delete-test-cloud.ldif from the test-cloud.ldif as follows:
# tac test-cloud.ldif | grep dn: > delete-test-cloud.ldif
Open up the delete-test-cloud.ldif and add the following lines between each dn:
changetype: delete (empty line)
Now, use ldapmodify as the cn=Directory Manager,dc=eucalyptus,dc=com user to delete the entries:
# /media/ephemeral0/openldap/bin/ldapmodify -H ldap://localhost -D "cn=Directory Manager,dc=eucalyptus,dc=com" -W -f delete-test-cloud.ldif Enter LDAP Password: deleting entry "idnsName=euca-hasp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsname=101,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsName=viking-01,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsname=102,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsName=viking-02,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsName=_ntp._udp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsName=_ldap._tcp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsName=server,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsName=ns,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com" deleting entry "idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
To confirm, do a lookup against one of the entries to see if it still exists:
# nslookup viking-01.eucalyptus-systems.com 192.168.55.103 Server: 192.168.55.103 Address: 192.168.55.103#53 ** server can't find viking-01.eucalyptus-systems.com: NXDOMAIN
There you have it! A successful Bind9 DNS + OpenLDAP deployment is ready to be used.
Enjoy! And as always, questions/suggestions/comments are always welcome.
OpenLDAP: A comparison of back-mdb and back-hdb performance
One of the biggest changes to OpenLDAP in years has made its way into the latest OpenLDAP 2.4 releases, and that is a brand new backend named "back-mdb". This new backend leverages the Lightning Memory-Mapped Database from Symas. To see why this new backend was introduced, it is useful to look at the differences in performance and resource utilization between old BDB based back-hdb and the new LMDB based back-mdb.
Introducing Micro QA
I have devoted my last 2 years to testing Eucalyptus. In that period the QA team and I have gone through many iterations of tools to find those that make us most efficient. It has become a never ending and enjoyable quest.
We have evolved our testing processes through the following stages:
- Using command line tools exclusively
- Writing scripts that call command line tools and parsing their output…
Demo of Eucalyptus hotness: 3.3 milestone 6
Our demo day for milestone 6 was yesterday, and it was choice. We're at feature completeness at this point, and we're now on final approach for release sometime Soon-ish, as soon as we shake out all the code nasties. We've got some good stuff to show off on Vimeo. The basic transcript:
- 0:00 Eric Choi, Product Mktg Manager, with agenda/housekeeping.
Big Data on the Cloud using Ansible, RHadoop, AppScale, and AWS/Eucalyptus
Background
Big Data has been a hot topic over the last few years. Big Data on public clouds, such as AWS’s Elastic MapReduce, has been gaining even more popularity as cloud computing becomes more of an industry standard.
R is an open source project for statistical computing and graphics. It has been growing in popularity for doing linear and nonlinear modeling, classical statistical tests, time-series analysis and others, at various Universities and companies.
R Project
RHadoop was developed by Revolution Analytics to interface with Hadoop. Revolution Analytics builds analytic software solutions using R.
Revolution Analytics
AppScale is an open source PaaS that implements the Google AppEngine API on IaaS environments. One of the Google AppEngine APIs that is implemented is AppEngine MapReduce. The back-end support for this API that AppScale using Cloudera’s Distribution for Apache Hadoop.
AppScale Inc.
Ansible is an open source orchestration software that utilizes SSH for handling configuration management for physical/virtual machines, and machines running in the cloud.
Ansible Works
Amazon Web Services is a public IaaS that provides infrastructure and application services in the cloud. Eucalyptus is an open source software solution that provides the AWS APIs for EC2, S3, and IAM for on-premise cloud environments.
Amazon AWS EC2
Eucalyptus Systems Inc.
This blog entry will cover how to deploy AppScale (either on AWS or Eucalyptus), then use Ansible to configure each AppScale node with R, and the RHadoop packages in order allow programs written in R to utilize MapReduce in the cloud.
Pre-requisites
To get started, the following is needed on a desktop/laptop computer:
- AppScale Tools installed.
- Ansible installed.
- The following AWS/Eucalyptus variables exported as global variables in your shell:
- EC2_ACCESS_KEY
- EC2_SECRET_KEY
- EC2_URL
*NOTE: These variables are used by AppScale Tools version 1.6.9. Check the AWS and Eucalyptus documentation regarding obtaining user credentials.
Deployment
AppScale
After installing AppScale Tools and Ansible, the AppScale cluster needs to be deployed. After defining the AWS/Eucalyptus variables, initialize the creation of the AppScale cluster configuration file – AppScalefile.
$ ./appscale-tools/bin/appscale init cloudEdit the AppScalefile, providing information for the keypair, security group, and AppScale AMI/EMI. The keypair and security group do not need to be pre-created. AppScale will handle this. The AppScale AMI on AWS (us-east-1) is ami-4e472227. The Eucalyptus EMI will be unique based upon the Eucalyptus cloud that is being used. In this example, the AWS AppScale AMI will be used, and the AppScale cluster size will be 3 nodes. Here is the example AppScalefile:
--- group : 'appscale-rmr' infrastructure : 'ec2' instance_type : 'm1.large' keyname : 'appscale-rmr' machine : 'ami-4e472227' max : 3 min : 3 table : 'hypertable'
After editing the AppScalefile, start up the AppScale cluster by running the following command:
$ ./appscale-tools/bin/appscale upOnce the cluster finishes setting up, the status of the cluster can be seen by running the command below:
$ ./appscale-tools/bin/appscale statusR, RHadoop Installation Using Ansible
Now that the cluster is up and running, grab the Ansible playbook for installing R, and RHadoop rmr2 and rhdfs packages onto the AppScale nodes. The playbook can be downloaded from github using git:
$ git clone https://github.com/hspencer77/ansible-r-appscale-playbook.gitAfter downloading the playbook, the ansible-r-appscale-playbook/production file needs to be populated with the information of the AppScale cluster. Grab the cluster node information by running the following command:
$ ./appscale-tools/bin/appscale status | grep amazon | grep Status | awk '{print $5}' | cut -d ":" -f 1
ec2-50-17-96-162.compute-1.amazonaws.com
ec2-50-19-45-193.compute-1.amazonaws.com
ec2-67-202-23-157.compute-1.amazonaws.comAdd those DNS entries to the ansible-r-appscale-playbook/production file. After editing, the file will look like the following:
[appscale-nodes]
ec2-50-17-96-162.compute-1.amazonaws.com
ec2-50-19-45-193.compute-1.amazonaws.com
ec2-67-202-23-157.compute-1.amazonaws.comNow the playbook can be executed. The playbook requires the SSH private key to the nodes. This key will be located under the ~/.appscale folder. In this example, the key file is named appscale-rmr.key. To execute the playbook, run the following command:
$ ansible-playbook -i r-appscale-deployment/production
--private-key=~/.appscale/appscale-rmr.key -v r-appscale-deployment/site.ymlTesting Out The Deployment – Wordcount.R
Once the playbook has finished running, the AppScale cluster is now ready to be used. To test out the setup, SSH into the head node of the AppScale cluster. To find out the head node of the cluster, execute the following command:
$ ./appscale-tools/bin/appscale statusAfter discovering the head node, SSH into the head node using the private key located in the ~/.appscale directory:
$ ssh -i ~/.appscale/appscale-rmr.key root@ec2-50-17-96-162.compute-1.amazonaws.comTo test out the R setup on all the nodes, grab the wordcount.R program:
root@appscale-image0:~# tar zxf rmr2_2.0.2.tar.gz rmr2/tests/wordcount.RIn the wordcount.R file, the following lines are present
rmr2:::hdfs.put("/etc/passwd", "/tmp/wordcount-test")
out.hadoop = from.dfs(wordcount("/tmp/wordcount-test", pattern = " +"))
When the wordcount.R program is executed, it will grab the /etc/password file from the head node, copy it to the hdfs filesystem, then run wordcount on /etc/password to look for the pattern ” +”. NOTE: wordcount.R can be edited to use any file and pattern desired.
Run wordcount.R:
root@appscale-image0:~# R
R version 2.15.3 (2013-03-01) -- "Security Blanket"
Copyright (C) 2013 The R Foundation for Statistical Computing
ISBN 3-900051-07-0
Platform: x86_64-pc-linux-gnu (64-bit)
R is free software and comes with ABSOLUTELY NO WARRANTY.
You are welcome to redistribute it under certain conditions.
Type 'license()' or 'licence()' for distribution details.
Natural language support but running in an English locale
R is a collaborative project with many contributors.
Type 'contributors()' for more information and
'citation()' on how to cite R or R packages in publications.
Type 'demo()' for some demos, 'help()' for on-line help, or
'help.start()' for an HTML browser interface to help.
Type 'q()' to quit R.
[Previously saved workspace restored]
> source('rmr2/tests/wordcount.R')
Loading required package: Rcpp
Loading required package: RJSONIO
Loading required package: digest
Loading required package: functional
Loading required package: stringr
Loading required package: plyr
13/04/05 02:33:41 INFO security.UserGroupInformation: JAAS Configuration already set up for Hadoop, not re-installing.
13/04/05 02:33:43 INFO security.UserGroupInformation: JAAS Configuration already set up for Hadoop, not re-installing.
packageJobJar: [/tmp/RtmprcYtsu/rmr-local-env19811a7afd54, /tmp/RtmprcYtsu/rmr-global-env1981646cf288, /tmp/RtmprcYtsu/rmr-streaming-map198150b6ff60, /tmp/RtmprcYtsu/rmr-streaming-reduce198177b3496f, /tmp/RtmprcYtsu/rmr-streaming-combine19813f7ea210, /var/appscale/hadoop/hadoop-unjar5632722635192578728/] [] /tmp/streamjob8198423737782283790.jar tmpDir=null
13/04/05 02:33:44 WARN snappy.LoadSnappy: Snappy native library is available
13/04/05 02:33:44 INFO util.NativeCodeLoader: Loaded the native-hadoop library
13/04/05 02:33:44 INFO snappy.LoadSnappy: Snappy native library loaded
13/04/05 02:33:44 INFO mapred.FileInputFormat: Total input paths to process : 1
13/04/05 02:33:44 INFO streaming.StreamJob: getLocalDirs(): [/var/appscale/hadoop/mapred/local]
13/04/05 02:33:44 INFO streaming.StreamJob: Running job: job_201304042111_0015
13/04/05 02:33:44 INFO streaming.StreamJob: To kill this job, run:
13/04/05 02:33:44 INFO streaming.StreamJob: /root/appscale/AppDB/hadoop-0.20.2-cdh3u3/bin/hadoop job -Dmapred.job.tracker=10.77.33.247:9001 -kill job_201304042111_0015
13/04/05 02:33:44 INFO streaming.StreamJob: Tracking URL: http://appscale-image0:50030/jobdetails.jsp?jobid=job_201304042111_0015
13/04/05 02:33:45 INFO streaming.StreamJob: map 0% reduce 0%
13/04/05 02:33:51 INFO streaming.StreamJob: map 50% reduce 0%
13/04/05 02:33:52 INFO streaming.StreamJob: map 100% reduce 0%
13/04/05 02:33:59 INFO streaming.StreamJob: map 100% reduce 33%
13/04/05 02:34:02 INFO streaming.StreamJob: map 100% reduce 100%
13/04/05 02:34:04 INFO streaming.StreamJob: Job complete: job_201304042111_0015
13/04/05 02:34:04 INFO streaming.StreamJob: Output: /tmp/RtmprcYtsu/file1981524ee1a3
13/04/05 02:34:05 INFO security.UserGroupInformation: JAAS Configuration already set up for Hadoop, not re-installing.
13/04/05 02:34:07 INFO security.UserGroupInformation: JAAS Configuration already set up for Hadoop, not re-installing.
13/04/05 02:34:08 INFO security.UserGroupInformation: JAAS Configuration already set up for Hadoop, not re-installing.
13/04/05 02:34:10 INFO security.UserGroupInformation: JAAS Configuration already set up for Hadoop, not re-installing.
Deleted hdfs://10.77.33.247:9000/tmp/wordcount-test
>quit("yes")Thats it! The AppScale cluster is ready for additional R programs that utilize MapReduce. Enjoy the world of Big Data on public/private IaaS.
What's new in Ansible 1.1 for AWS and Eucalyptus users?
I thought the Ansible 1.0 development cycle was busy but 1.1 is crammed full of orchestration goodness. On Tuesday, 1.1 was released and you can read more about it here: http://blog.ansibleworks.com/2013/04/02/ansible-1-1-released/
For those working on AWS and Eucalyptus, 1.1 brings some nice module improvements as well as a new cloudformation and s3 module. It's great to see the AWS-related modules becoming so popular so quickly.
Folks...
Twitter Engineering
- An error has occurred; the feed is probably down. Try again later.
Dev2ops
- Will Sterling presentation on Rundeck at the April CLUE Meeting (Video)
- Why we end up with complex tools
- The key to simplicity isn’t “Know How” it’s “Know Why”
- IT stability and business innovation are not enemies
- Rerun: Making shell scripts even more useful (and a bit cool, again)
- Automating the full management lifecycle of Jenkins using Rerun
- Improving Flow: Fix the Handoffs to Remove Your Worst Bottlenecks
High Scalability
- Scaling Mailbox - From 0 to One Million Users in 6 Weeks and 100 Million Messages Per Day
- Stuff The Internet Says On Scalability For June 14, 2013
- Busting 4 Modern Hardware Myths - Are Memory, HDDs, and SSDs Really Random Access?
- Sponsored Post: Apple, Two Sigma, Cendea, RAMP, Blurocket, Incapsula, Dow Jones, Surge, Rackspace, aiCache, Aerospike, Percona, ScaleOut, New Relic, LogicMonitor, AppDynamics, ManageEngine, Site24x7
- The 10 Deadly Sins Against Scalability
Wired.com – Cloudline
- Contributor Content | Location, Location, Location — The Holy Grail of Innovation
- Contributor Content | Brand Damage Through Information Access
- Contributor Content | No Data Scientist Yet? No Problem
- Contributor Content | Does Big Data Deserve Big Brother: Should We Lose Faith in the Cloud?
- Contributor Content | By the Time the Cloud Matures, It Could Be Too Late for IT
Wired.com – Playbook
- Contributor Content | Location, Location, Location — The Holy Grail of Innovation
- Contributor Content | Brand Damage Through Information Access
- Contributor Content | No Data Scientist Yet? No Problem
- Contributor Content | Does Big Data Deserve Big Brother: Should We Lose Faith in the Cloud?
- Contributor Content | By the Time the Cloud Matures, It Could Be Too Late for IT
Wired.com – Enterprise
- Cloud | ‘Heavybit’ Teaches Hackers How to Be Business Savvy
- Cloud | Amazon’s Invasion of the CIA Is a Seismic Shift in Cloud Computing
- Microchips | Now You Can Build Google’s $1M Artificial Brain on the Cheap
- These Guys Want to Hack Your Home. And You Should Let Them
- Data Centers | China Could Supplant U.S. as the Supercomputing Superpower
