Tomcat Clustering

After a long long time search and configuring testing finally i have got a better clustering method which is meet my requirements! i am happy now as it is my long time hunting.... finally it success

i am just posting it here for future myself & if it might help anybody else .

In this cluster i used two tomcat servers & one apache server.
Machines
Apache
IP 192.168.10.100
Tomcat
IP 192.168.10.201
IP 192.168.10.202


Packages that i have installed
###############################################
Tomcat: 
tomcat6-servlet-2.5-api-6.0.26-27.fc14.noarch
tomcat6-jsp-2.1-api-6.0.26-27.fc14.noarch
tomcat6-el-2.1-api-6.0.26-27.fc14.noarch
tomcat6-lib-6.0.26-27.fc14.noarch
tomcat6-6.0.26-27.fc14.noarch



HTTPD


httpd-tools-2.2.17-1.fc14.i686
system-config-httpd-1.5.2-2.fc14.noarch
httpd-2.2.17-1.fc14.i686
and mod_jk
from this location
wget http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk-1.2.31/i386/mod_jk-1.2.31-httpd-2.2.x.so
#################################################


Configuration Files

Tomcat
/etc/tomcat6/server.xml
/etc/tomcat6/context.xml

HTTPD
/etc/httpd/conf/httpd.conf

##################################################

Open the tomcat configuration file (server.xml )
And add the contents like this given below.

vim /etc/tomcat6/server.xml



 
 
 
 
 
 
 
 
 

 

                  type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
 

 
 
                    connectionTimeout="20000"
               redirectPort="8443" />
 
 
   


       

     
                   resourceName="UserDatabase"/>

   
                  unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">

               
                   directory="logs" prefix="common_access_log."
             suffix=".txt" pattern="common" resolveHosts="false"/>
      

                                  className="org.apache.catalina.ha.tcp.SimpleTcpCluster">
                                                     expireSessionsOnShutdown="false"
                               notifyListenersOnReplication="true"/>
                     
                                                        className="org.apache.catalina.tribes.membership.McastService"
                                  dropTime="3000"
                                  frequency="500"
                                  port="45564"/>
                                                      autoBind="100"         
                                className="org.apache.catalina.tribes.transport.nio.NioReceiver"
                                 maxThreads="6"
                                 port="4000"
                                 selectorTimeout="5000"/>
                    
                        
                    
                    
                    
                    
                                                 filter=""/>
                    
                    
                    

                         tempDir="${catalina.base}/temp/"
                deployDir="${catalina.base}/webapps/"
                watchDir="${catalina.base}/dir/"
                watchEnabled="true"/>

      
     
   
 

:wq!

##################################################################################
In this case what are the apps comes under the webapps that all will be clustered in my case i had only my apps i have removed all default webapps.

Then scp the same file to second tomcat

and then change the followings jvmRoute=www1 to jvmRoute=www2 & watchEnabled="true" to watchEnabled="false"

watchEnabled field will check for the war files under  this "${catalina.base}/dir/"  location and if war file is uploaded it will deploy to the second server when you start the servers so in the second server don't forget to change the value from true to false.

(In my case in both the side i changed it false as i found some session failing error after the testing and i upload the war files manually)
##################################################

then next configuration file

vim /etc/tomcat6/context.xml

Add caption

##################################################

scp to next host ...
Thats it.....

Now Apache configuration
 ##################################################
add the following on the conf file
vim /etc/httpd/conf/httpd.conf
LoadModule jk_module modules/mod_jk-1.2.31-httpd-2.2.x.so
JkWorkersFile          conf/workers.properties
JkLogFile              logs/jk.log
JkLogLevel             debug
#
JkMount                /*            router
JkMount                /jk_status    status
:wq!
###################################################

Then create the file /etc/httpd/conf/workers.properties

vim /etc/httpd/conf/workers.properties
worker.list=router,status

worker.worker1.port=8009
worker.worker1.host=192.168.10.201
worker.worker1.type=ajp13
worker.worker1.lbfactor=1
worker.worker1.local_worker=1
worker.worker1.sticky_session=0

worker.worker2.port=8009
worker.worker2.host=192.168.10.202
worker.worker2.type=ajp13
worker.worker2.lbfactor=1
worker.worker2.local_worker=0
worker.worker2.sticky_session=0

worker.router.type=lb
worker.router.balanced_workers=worker1,worker2
worker.router.local_worker_only=1

worker.status.type=status

 :wq!
#####################################################

DONE
########################################

Just start all servers and check your apps
check the status by this url
http://192.168.10.100//jk_status
& check the apps by this url 
http://192.168.10.100/apps

Login to your apps and bring down one tomcat similarly the other one also after bring back the first one again


Server.xml 


###################################################################################

 


 

Switch 2 a user with [nologin] shell

execute the following

sudo -u username bash

replace username with your username.

NAGIOS Notifications by sms!

Tested On Fedora 14
And Gsm Nokia X-05

Swatch To Monitor Security Logs

Install the package with YUM = yum install swatch

 Then create a swatch configuration file called
/etc/swatchrc  containing the following:

vi  /etc/swatchrc

# Bad login attempts
watchfor   /Failed password for/
        exec "/usr/local/nix/scripts/bad_user $1 $2 $3 \

$4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15" 

:wq!

Then create The Script with the following

vi /usr/local/nix/scripts/bad_user
 

#! /bin/bash
#
IP=`echo $* | sed 's/^.* from //' | awk '{print $1}' | sed 's/::ffff://'`
ATTEMPTS=`grep $IP /var/log/secure | grep "Failed password for"  | wc -l`

if [ $ATTEMPTS -gt 2 ]
then
 route add $IP lo
 MINUTES=`expr $ATTEMPTS - 2`
 echo "route del $IP lo 2> /dev/null" | at now +$MINUTES \

minutes 2>&1 > /tmp/.bad_user.$$
 (hostname ; echo $* ; echo "IP=$IP" ; echo "ATTEMPTS=$ATTEMPTS" ; 
  echo "Blocking for $MINUTES minutes" ; 
  cat /tmp/.bad_user.$$ ) | Mail -s "bad user" Admin
fi

rm -f /tmp/.bad_user.$$ 

:wq!

Then start the swatch 

swatch --config-file=/etc/swatchrc --tail-file=/var/log/secure  \

--awk-field-syntax --tail-args "-F" & 

SMS gateway In Fedora 13

Packages

gnokii-devel.i686 : Gnokii development files
gnokii-smsd.i686 : Gnokii SMS daemon
gnokii-smsd-mysql.i686 : MySQL support for Gnokii SMS daemon
gnokii-smsd-pgsql.i686 : PostgreSQL support for Gnokii SMS daemon
gnokii.i686 : Linux/Unix tool suite for various mobile phones
libopensync-plugin-gnokii.i686 : Gnokii plugin for libopensync
xgnokii.i686 : Graphical Linux/Unix tool suite for various mobile phones

#######################################
Install the packages with the yum command

#################################


After Installing create a file .gnokiirc

vi /root/.gnokiirc
[global]

port = /dev/ttyACM0
# With Linux-IrDA you will want to use
# model = symbian
model = AT
initlength = default
connection = serial
use_locking = no

serial_baudrate = 19200
smsc_timeout = 10

[xgnokii]
allow_breakage = 0

[gnokiid]
bindir = /usr/sbin/

# Handy for use for $VAR substitutions in your chat(8) script.
[connect_script]
TELEPHONE = 12345678
[disconnect_script]



[logging]

# where to log the debug output (on: stderr, off: /dev/null)
debug = off

# where to log the rlp debug output (on: stderr, off: /dev/null)
rlpdebug = off

# where to log X debug output (on: stderr, off: /dev/null)
xdebug = off

:wq!

Save it ... this configuration will work with most Nokia handsets and it is been tested with Nokia X-05 and Micromax Q3+ ... Successfully working in both...

#############################

After saving the file execute the command 'gnokii --identify' and make sure system is identifies the device .
 you will get the similar output like this;
GNOKII Version 0.6.28
IMEI         : **********
Manufacturer : Nokia
Model        : Nokia X5-01
Product name : Nokia X5-01
Revision     : V ICPR82_10w18.7.7
###################################
To send a test message

echo “Test” | /usr/bin/gnokii --sendsms +91phonenumber -r

#######################################
Now gnokii With Mysql ...

[root@nix ~]# rpm -ql gnokii-smsd-mysql-0.6.28-1.fc12.i686
/usr/lib/smsd/libsmsd_mysql.so
/usr/share/doc/gnokii-smsd-mysql-0.6.28
/usr/share/doc/gnokii-smsd-mysql-0.6.28/sms.tables.mysql.sql

Create tha database and table with the following

[root@nix ~]#mysql -p < /usr/share/doc/gnokii-smsd-mysql-0.6.28/sms.tables.mysql.sql

######

To send a message from mysq
Logind to mysql
mysql -p
use smsd;
insert into outbox (number,text) values ('+91phone_number','Hi');
\q
***********************************************************************************
***********************************************************************************

Use Gmail Account To Relay Email From a Shell Prompt

yum install ssmtp

vi /etc/ssmtp/ssmtp.conf

AuthUser=username@gmail.com
AuthPass=Your-Gmail-Password
FromLineOverride=YES
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES

:wq!

make sure sendmail is disabled

# service sendmail stop

# chkconfig sendmail off

# mkdir /bakup

# mv /usr/sbin/sendmail /bakup

#  ln -s /usr/sbin/ssmtp /usr/sbin/sendmail

  echo "This is a test" | mail -s "Test" user@domain.com

#######################################################


to get alerts when root logins

add the followings in .bash_profiles in the root home

vi .bash_profile

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" user@domain.com


:wq! 

Load balance your application in Tomcat

1.Installing Tomcat
2.Installing Apache HTTP Server
3.setting up multiple instances of Tomcat
4.setting up Apache HTTP server


Tomcat 5.5

Download Site: http://tomcat.apache.org/download-55.cgi
Apache HTTP Server 2.0

Download Site: http://httpd.apache.org/download.cgi
Mod JK (Tomcat connector) 1.2.27

Download Site: http://tomcat.apache.org/download-connectors.cgi


I have tested in fedora 13 with default httpd .


Tomcat 5.5 Installation



Extract the Tomcat zip file. Hereafter, the directory you extracted to will be referred to as /INSTANCE1


Test Tomcat to see that it works. Go to /INSTANCE1/bin and run startup.sh. You may need to add an environment variable called JAVA_HOME, CATALINA_HOME which is set to /INSTANCE1 in case Tomcat fails to start.


Open up your browser and access http://localhost:8080/. If you see the default page, then Tomcat Instance 1 is working fine. Shut down Tomcat.

Setting up multiple Tomcat instances


Make a dir called /INSTANCE2

cp -r /INSTANCE1/* /INSTANCE2/

Open up /INSTANCE2/conf/server.xml in a text editor. We’ve got to change the port numbers so that they don’t conflict with the first instance.

In /INSTANCE1

8005” shutdown=”SHUTDOWN”>
8080” maxHttpHeaderSize=”8192″…
8009” enableLookups=”false” redirectPort=”8443” protocol=”AJP/1.3″ />
!!!!!!!!!!!!!!!
In /INSTANCE2

9005” shutdown=”SHUTDOWN”>
9090” maxHttpHeaderSize=”8192″…
9009” enableLookups=”false” redirectPort=”9443” protocol=”AJP/1.3″ />

!!!!!!!!!!!!!!!!!!!!!!!!!!!
Now stop the first instance of Tomcat and start the second instance. This is to verify the second is starting up and running.

Access http://localhost:9090 in your browser. If you see the default page, then Tomcat Instance 2 is working fine. Shut down Tomcat.

Till now we ran Tomcat instances individually. Now start both the instances using their startup.sh respectively.

Once both started with out any problem, open up two browser clients and enter http://localhost:8080/ and http://localhost:9090. If you see the default page, in both the browser clients then both Tomcat Instance1 and Instance 2 are working fine with out any conflicts.
 
Setting up Apache HTTP Server for load balance

First, download the correct binary for your architecture and install it:

wget http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk-1.2.23/mod_jk-1.2.23-apache-2.2.x-linux-i686.so

chmod +x mod_jk-1.2.23-apache-2.2.x-linux-i686.so

cp -r mod_jk-1.2.23-apache-2.2.x-linux-i686.so /etc/httpd/modules/mod_jk.so
##############################################
vi /etc/httpd/conf/worker.properties
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# The advanced router LB worker
workers.tomcat_home=/INSTANCE1
workers.java_home=JAVA_HOME
worker.list=balancer

# Define a worker using ajp13
# Mention the AJP connector port defined in Tomcat server.xml
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
worker.worker1.lbfactor=1

# Define another worker using ajp13
# Mention the AJP connector port defined in Tomcat server.xml
worker.worker2.port=9009
worker.worker2.host=localhost
worker.worker2.type=ajp13
worker.worker2.lbfactor=1

worker.balancer.type=lb
worker.balancer.balance_workers=worker1,worker2
worker.balancer.method=B

# Add the status worker to the worker list
worker.list=jkstatus
# Define a ‘jkstatus’ worker using status
worker.jkstatus.type=statu
!!!!!!!!!!!!!!!!!!!!!!
:wq!
#############################
vi /etc/httpd/conf.d/mod_jk.conf
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
LoadModule jk_module modules/mod_jk.so

JkWorkersFile /etc/httpd/conf/workers.properties

JkShmFile /var/log/httpd/mod_jk.shm

JkLogFile /var/log/httpd/mod_jk.log

JkLogLevel info

JkMount /* balancer

JkMount /jkmanager/* jkstatus
:wq!
#######################
Create a test folder under the webapp folder on INSTANCE2
under that create a file index.jsp
 vi index.jsp
Hello, I am a jsp script!
:wq!



Restart httpd and open the link http://localhost/test/

Simple http load balancing with Apache.

 Since version 2.2 the Apache web server ships a load balancer module called mod_proxy_balancer. All you need to do is to enable this module and the modules mod_proxy and mod_proxy_http:

vi /etc/httpd/conf/httpd.conf

LoadModule proxy_module mod_proxy.so
LoadModule proxy_http_module mod_proxy_http.so
LoadModule proxy_balancer_module mod_proxy_balancer.so

:wq!

Please don't forget to load mod_proxy_http, because you wouldn't get any error messages if it's not loaded. The balancer just won't work.

Because mod_proxy makes Apache become an (open) proxy server, and open proxy servers are dangerous both to your network and to the Internet at large, I completely disable this feature: 

vi /etc/httpd/conf/httpd.conf
 

ProxyRequests Off

Order deny,allow
Deny from all

:wq!


The load balancer doesn't need this feature at all.

now create a index.html file on all servers



And here's the actual load balancer configuration:
############################

vi /etc/httpd/conf/httpd.conf

{Proxy balancer://clusterABCD}
BalancerMember http://serverA
BalancerMember http://serverB
BalancerMember http://serverC
BalancerMember http://serverD
Order allow,deny
Allow from all
{/Proxy}
ProxyPass / balancer://clusterABCD/

:wq!
/etc/init.d/httpd restart

The {Proxy}...{/Proxy} container defines which backend servers belong to my balancer. I chose the name clusterABCD for this server group, but you are free to choose any name you want.
And the ProxyPass directive instructs the Apache to forward all incoming requests to this group of backend servers.

Websvn How to on fedora

Install the packages with yum

  yum install websvn.noarch
  yum install subversion

Create a directory
mkdir -p /srv/svn

svnadmin create --fs-type fsfs /srv/svn/nix


Now open the conf file [vi /etc/websvn/config.php]
and add the following

$config->parentPath('/srv/svn/');


$extEnscript[".pl"] = "perl";
$extEnscript[".py"] = "python";
$extEnscript[".sql"] = "sql";
$extEnscript[".java"] = "java";
$extEnscript[".html"] = "html";
$extEnscript[".xml"] = "html";
$extEnscript[".thtml"] = "html";
$extEnscript[".tpl"] = "html";
$extEnscript[".sh"] = "bash";

#################

Then save it and restart httpd and open the url

http://urip/websvn

now you can see the repo nix ..................

To change Windows 7 Product Key From Command line.

1. Click on the Start Button and type: CMD (into the 'Search programs and files' field in the Start Menu)
2. The Start Menu will show 'CMD.exe', 
3. Right-click the CMD.exe file and select Run as administrator.
4. In the CMD window, type: slmgr.vbs -ipk {product key}
5. To activate windows after changing the key, type: slmgr.vbs -ato

Mysql & php test page

mysql_connect("localhost", "user", "userpass") or die(mysql_error());
echo "Connected to MySQL
";
mysql_select_db("test") or die(mysql_error());
echo "Connected to Database";
?>

Apache Access Control with User/Password protected directories with MYSQL

 add the following to httpd.conf file 

     AuthType Basic
     AuthName " protected directories "
     AuthMySQLHost localhost
     AuthMySQLUser root
     AuthMySQLPassword  dbpassword
     AuthMySQLDB http_auth
     AuthMysqlUserTable  user_auth
     AuthMySQLNameField user_name
     AuthMySQLPasswordField user_passwd
     AuthMySQLNoPasswd Off
     AuthMySQLPwEncryption crypt
     AuthMySQLPwEncryption none
     AuthMySQLEnable on
     require valid-user
    

MYSQL
* mysql -h localhost -u root -ppassword
    * mysql> create database http_auth;
* mysql> use  http_auth;
    * mysql> create table user_auth ( user_name char(30) NOT NULL,user_passwd char(60) NOT NULL,user_group char(25),primary key (user_name) );
    * mysql> insert into user_auth values('Nikhil','supersecret','Admin');
and restart apache .....
 mod_auth_mysql*.*rpm need to be installed
And make sure this line is included in the conf file httpd.conf
LoadModule mysql_auth_module modules/mod_auth_mysql.so

permanently bypass fsck

permanently bypass fsck check on any filesystem using tune2fs command as follows:
[root@node01 ~]# tune2fs -i 0 /dev/VolGroup00/LogVol00
tune2fs 1.39 (29-May-2006)
Setting interval between checks to 0 seconds
[root@node01 ~]#

Deploying LifeRay in Linux Machine From Running Windows

The key to porting Liferay from windows to linux w/ mysql is setting the mysql case sensitivity setting to 1 on the linux mysql server.

1. Backup your windows schema
2. Add the following line to your my.conf file in linux: lower_case_table_names=1 (this is added below [mysql] and/or [mysqld])
3. Start mysql
4. Do restore

All should be well after that.

High Availability Cluster On CentOS (Heartbeat)

Pre-Configuration Requirements
##################################
Assign hostname node01 to primary node with IP address 192.168.10.50
Assign hostname node02 to slave node with IP address 192.168.10.51
Assume 192.168.10.52 is the virtual IP address that will be used for our Apache webserver.


Install Heartbeat 
yum install heartbeat-devel
######################################
Now we have to configure heartbeat on node01 and node02
Main files
1, authkeys
2, ha.cf
3, haresources
Just copy all the files from
cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.3/ha.cf /etc/ha.d/
cp /usr/share/doc/heartbeat-2.1.3/haresources /etc/ha.d/
Configure heartbeat
vi /etc/ha.d/authkeys
Then add the following lines
auth 2
2 sha1  test-ha
change the permission
chmo 600 /etc/ha.d/authkeys
vi /etc/ha.d/ha.cf
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01
node node02
:wq!
#######################
vi /etc/ha.d/haresources
Then add the following
node01 192.168.10.52 httpd
:wq!
Copy the /etc/ha.d/ directory from node01 to node02 with scp
scp -r /etc/ha.d/*  node02:/etc/ha.d/
#################################
Now edit httpd.conf
vi /etc/httpd/conf/httpd.conf
add this line
Listen 192.168.10.52:80
:wq!
scp httpd.conf node02:/etc/httpd/conf/
now create some test html file on both slave and master
start heartbeat on both system
/etc/init.d/heartbeat start
and then open browser and type http://192.168.10.52/
will b able to see node01 test page
and stop heartbeat on node01 and  refresh the browser you will be able to see node02 test page
############################################################################