XenServer 6.0.2: Fixing Root-Disk-Multipathing with Boot-from-SAN

As the title pretty much tells, I’ve been working on fixing the Root-Disk-Multipathing feature of our XenServer installations. Our XenServer boot from a HA-enabled NetApp controller, however we recently noticed that during a controller fail-over some, if not all, paths would go offline and never come back. If you do a cf takeover and cf giveback in short succession, you’ll end up with a XenServer host that is unusable, as the Root-Disk would be pretty much non-responsive.

Guessing from that, there don’t seem to be that many people using XenServer with Boot-from-SAN. Otherwise Citrix/NetApp would have fixed that by now…. Anyhow, I went around digging in our XenServer’s. What I already did, was adjust the /etc/multipath.conf according to a bug report (or TR-3373). For completeness sake I’ll list it here:

And as it turns out, this is the reason why we’re having such difficulties with the Multipathing. The information in TR-3373 is a bunch of BS (no, not everything but a single path is wrong, the getuid_callout) and thus the whole concept of Multipathing, Failover and High-Availibility (yeah, I know – if you want HA, don’t use XenServer :P) is gone.

NGINX reverse proxy for Synology DiskStation 7

Well, I’ve been tinkering with NGINX for a while at home, up till now I had a somewhat working reverse proxy setup (to access my stuff, when I’m not at home or away).

What didn’t work so far was the DSM web interface. Basically, because the interface is using absolute paths in some CSS/JS includes, which fuck up the whole interface.

After some googling and looking through the NGINX documentation I thought “Why don’t I create a vHost for each application that is being served by the reverse proxy?”.

And after looking further into the documentation, out came this simple reverse proxy statement:

And as you can see, it works:

Synology DSM via NGINX

Synology DSM via NGINX

OpenWRT on DIR-615 H1 – Port mappings

Well, I’ve been fiddling with OpenWRT to replace my crappy Vodafone Easybox 602. Up till now I had DD-WRT on the DIR-615’s (yes, two) however recently (I think due to the Synology DiskStation in combination with a WDS setup) I had to filter SSDP broadcasts storms (which in turn kill the Easybox), which isn’t quite so easy on DD-WRT, but rather easy on OpenWRT.

Today I went thinking about VLAN-Tagging and stuff, and I had to figure out the physical to logical port mapping for the DIR-615. So let’s run swconfig dev rt305x show on the DIR-615 after plugging in the RJ45 cable to a port.

Out came this nifty table, which’ll hopefully help me, wrapping my head around this whole VLAN thing.

physical port CPU WAN WLAN LAN 1 LAN 2 LAN 3 LAN 4
logical port 6* 5 4 3 2 1 0

Keep in mind, the CPU port (or the backplane port, connected with 1000 Base-T FD) is by default in both VLANs as a tagged port.

sa-learn, dovecot virtual users and virtual user configs 2

Well, I wanted independent SpamAssassin Bayes databases per user (different users, different preferences). For that, RoundCube already set up the Junk folder. However, I wanted the ability (for myself, as well for my other users) to individually mark messages as either Spam or Ham.

RoundCube: Inbox view

RoundCube: Inbox view

 

 

Now, as I said before I wanted a trivial way to mark messages as Spam or Ham (without using the command line each time).

RoundCube: Adjusted Inbox View

RoundCube: Adjusted Inbox View

Now, that was the mailbox setup part. Now we do have to do some command line foo (yeah, it’s still necessary) to actually learn the mails as spam or ham. First we need a script, which scans the Maildir for each domain/user separately, and then creates the bayes database.

This script is based on work from nesono and workaround.org. Anyhow, the script will scan each user folder (you might need to adjust the MAIL_DIR and SPAMASS_DIR variable, depending on where your MAIL_DIR is located.

Next, we need to adjust the SPAMD options to use the virtual-config-dir (that’s the SPAMD name for this).

As you can see, I basically appended the following to the OPTIONS variable: –virtual-config-dir=/var/lib/spamassassin/%d/%l -x -u mail

Now, here’s a couple of pointers:

–virtual-config-dir=pattern
This option specifies where per-user preferences can be found for virtual users, for the -x switch. The pattern is used as a base pattern for the directory name. Any of the
following escapes can be used:

%u — replaced with the full name of the current user, as sent by spamc.
%l — replaced with the ‘local part’ of the current username. In other words, if the username is an email address, this is the part before the “@” sign.
%d — replaced with the ‘domain’ of the current username. In other words, if the username is an email address, this is the part after the “@” sign.
%% — replaced with a single percent sign (%).

-u username, –username=username
Run as the named user. If this option is not set, the default behaviour is to setuid() to the user running “spamc”, if “spamd” is running as root.

Note: “–username=root” is not a valid option. If specified, “spamd” will exit with a fatal error on startup.

Now, only a small adjustment is still needed. In order for the inbound mails to be scanned with the per-user db’s, you need to adjust postfix’s master.cf file, to run spamc with the per-user db.

After that’s done (and a restart of postfix, spamassassin and dovecot) you should be the proud owner of a per-user dovecot/postfix/spamassassin implementation.

Postfix, soft_bounce=yes and redelivering mails

Well, I’m setting up spam/virus filter at the moment. Somewhere I found, that when doing so one should enable soft_bounce=yes in your /etc/postfix/main.cf. Now, once I finished setting up my mailing setup, I wanted to manually force the delivery.

Now, if you fixed the mail delivery, you just need to enter the following:

However if you want to delete the mail from the postfix queue:

Tiny Tiny RSS init-script for multiple instances on Debian Wheezy 1

Well, I have a bunch of Tiny Tiny RSS instances running on my webhost, and I wanted a init-script that starts the update-daemons for all instances.

Now, there’s already a bunch of init scripts for Debian around (1, 2) however none of them were to my liking or did what I wanted it to do. So I ended up (yeah, I know *again*) rewriting them.

Debian: dmesg output contains “Error: Driver ‘pcspkr’ is already registered, aborting…”

Well, I recently prepared a bunch of Debian KVM guests, and today I got annoyed (basically because logwatch complains about it …) by this pesky error message on each startup. What causes this is error is really simple.

Udev loads the PC speaker driver (pcspkr) and then (for whatever reason) tries to load the alsa-module for the PC speaker (snd_pcsp). And the second one, basically fails. All we need to do, is create a blacklist.conf and add the latter one to it.

virt-viewer: qemu+ssh to a KVM host running SSH on a different port

Well, I’ve been tinkering with KVM the last few days and I’ve been stuck accessing the KVM guests (as the guests are running on a host I don’t have my Xorg server running on). After a bit of searching, I actually found what I was looking for.

Piecing together from both sources, to connect to a KVM host, that has SSH running on a different port:

5 year flashback

Today I looked at my ADSL router and had a flashback about five years ago. Back then I was working for the university and used a dual line ISDN link for internet which had about the same bandwidth as my ADSL currently has …Synchronous DSL speed

After that experience I know how people must feel in some areas where internet isn’t as advanced as my normal 2MBit ADSL line … Loading YouTube or even a simple forum is a real waiting game (took me about two minutes to load up a hit out of Google), and I even attest myself a dependency on even normal ADSL (not one of that superfast 32MBit lines – just 2MBit).

I can’t even use VPN/Citrix over those 164 KBit (yeah, it’s too slow). So guess I’m rooting for the Telekom technician today. *shrug*

UCS Manager 2.0.2r KVM bug

Well, we’ve been battling with a KVM bug in our UCS installation, that’s been driving me (and apparently the Cisco L3 support and development) nuts. But lets back up a bit. If you’ve worked with UCS before, once you open up the KVM console you’ll see the KVM and a shortcut commands (Shutdown, Reset) and another tab that allows you to mount virtual media.

Once you open it up, it should look like this:

UCS Manager: KVM console working fine

UCS Manager: KVM console working fine

Now, when we re-installed some of our servers (mostly the XenServer’s) and out of a sudden the KVM virtual media didn’t work for some reason. The UCS KVM would suddenly reject us from switching to the virtual media tab, saying that either the Login timed out or we’d have the wrong user and/or password, even if we tried with the most powerful user the UCS has, the local admin account.

UCS Manager - KVM virtual media tab rejecting authentification

UCS Manager – KVM virtual media tab rejecting authentification

 

So I opened a TAC, and Cisco got to work on it immediately. After poking around in the depths of the fabric interconnect with a dplug extension from Cisco with a Cisco L3 guy, and after about two months of development I just got a call back from the Cisco support guy. Apparently development figured out why we’d get the above error message.

Once you put a hash tag (#) in the Service Profiles User Label you’d get the error message.

UCS Manager - User Label

UCS Manager – User Label

Once I removed the hash tag, the KVM started working like it’s supposed to do. So if anyone ever comes across this, that’s your solution. Apparently Cisco is going to fix this in an upcoming release, but just removing the hash tag and everything is fine.