lost and found ( for me ? )

LVS : configure DSR ( Direct Server Return )

Here are logs when configuring LVS direct server return.

     Client
       |
     L2SW
|eth0      | eth0
LVS      L3SW
|eth1      |eth1
     L2SW
       |
     Server ( httpd )

request packets : client -> LVS -> Server
reply packets : server -> L3SW -> Client

Default GW of http server : L3SW eth1 ( not LVS’s eth1 )

[ L3SW ]

I used CentOS6 as L3SW.
disable rp_filter and enable ip_forward.
# echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
# echo 1 > /proc/sys/net/ipv4/ip_forward

[ LVS ]

install LVS(ipvsadm) over yum
[root@centos7-lvs ~]# cat /etc/centos-release
CentOS Linux release 7.1.1503 (Core)

[root@centos7-lvs ~]# yum install -y ipvsadm

[root@centos7-lvs ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@centos7-lvs ~]# echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter

add TCP 80 load balancing rule.
[root@centos7-lvs ~]# ipvsadm -A -t 192.168.122.43:80 -s rr
[root@centos7-lvs ~]# ipvsadm -a -t 192.168.122.43:80 -r 192.168.150.150::80 –g

--
      [packet-forwarding-method]

             -g, --gatewaying  Use gatewaying (direct routing). This  is  the
             default.
--

[root@centos7-lvs ~]# ipvsadm –Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
 -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.122.43::80 rr
 -> 192.168.150.150::80           Route   1      0          0

I would like to add “VIP” as an alias IP, but how can I do that with nmcl?
I will add VIP with ifconfig command.
[root@centos7-lvs ~]# yum install -y net-tools

[root@centos7-lvs ~]# ifconfig eth0:10 192.168.122.43

[ Server ]

on the httpd server,
# iptables -t nat -A PREROUTING -d 192.168.122.43 -j REDIRECT
nf_conntrack version 0.5.0 (16384 buckets, 65:806 max)

You don’t need to configure LVS’s VIP on the server.

start the apache
# /etc/init.d/httpd start

How to install and use ansible on Ubuntu 14.04

Here are logs when installing and setting up ansible on Ubuntu 14.04.

reference
https://serversforhackers.com/an-ansible-tutorial

ansible server*1 ( ubuntu 14.04 )
client*2 ( ubuntu 14.04 )

server : 192.168.122.5
client1 : 192.168.122.4
client2 : 192.168.122.28

[ install ansible ]

You can install ansible via apt-get.
root@server1:~# apt-get install ansible -y

root@server1:~# ansible --version
ansible 1.5.4

add hostname in /etc/hosts
root@server1:~# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

192.168.122.4 client1
192.168.122.28 client2

add IP address of managed nodes in /etc/ansible/hosts file.
root@server1:~# cat /etc/ansible/hosts
[clients]
client1
client2

[ set up SSH key based authentication ]

ansible accesses to managed nodes over SSH and uses SSH key based authentication, so set up SSH key pair on the server and transfer that key to the clients.

on the ansible server

generate a key pair.
root@server1:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):   
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b5:27:f3:9e:b3:e8:2a:94:5a:b7:af:76:5c:b3:36:25 root@server1
The key's randomart image is:

copy public key to both clients.
root@server1:~# ssh-copy-id hattori@client1
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hattori@client1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'hattori@client1'"
and check to make sure that only the key(s) you wanted were added.

on the client
root@client1:~# cp /home/hattori/.ssh/authorized_keys /root/.ssh/

check the following options are enabled on the client.
root@client1:~# egrep '^PermitRoot|^RSAAuthenti|^PubkeyAuth' /etc/ssh/sshd_config
PermitRootLogin without-password
RSAAuthentication yes
PubkeyAuthentication yes

confirm that you can log into the managed nodes over SSH from the ansible server with SSH key based authentication.

on the server.
root@server1:~# ssh root@client1
Enter passphrase for key '/root/.ssh/id_rsa':
Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-24-generic x86_64)

run ssh-agent and add the key
root@server1:~# eval `ssh-agent -s`
Agent pid 31752
root@server1:~# ssh-add /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
root@server1:~#
[ use ansible ( basic usage ) ]

root@server1:~# ansible all -m ping
client1 | success >> {
   "changed": false,
   "ping": "pong"
}

client2 | success >> {
   "changed": false,
   "ping": "pong"
}

[ use shell module ]

root@server1:~# ansible all -m shell -a 'echo 'hello' > /root/hello.txt'
client2 | success | rc=0 >>


client1 | success | rc=0 >>

root@client2:~# cat hello.txt
hello

root@server1:~# ansible all -m shell -a 'dig www.google.com +short'
client1 | success | rc=0 >>
173.194.117.148
173.194.117.147
173.194.117.145
173.194.117.144
173.194.117.146

client2 | success | rc=0 >>
173.194.117.144
173.194.117.146
173.194.117.148
173.194.117.147
173.194.117.145

install nignx by using apt module.
root@server1:~# ansible client1 -m apt -a 'pkg=nginx state=installed update_cache=true'
client1 | success >> {
   "changed": true,
   "stderr": "",
   "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following extra packages will be installed:\n  fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0\n  libjpeg-turbo8 libjpeg8 libtiff5 libvpx

uninstall ngingx
root@server1:~# ansible client1 -m apt -a 'pkg=nginx state=absent'

root@client1:~# less /var/log/apt/history.log
Start-Date: 2015-04-04  01:42:06
Commandline: /usr/bin/apt-get -q -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold remove nginx
Remove: nginx:amd64 (1.4.6-1ubuntu3.2)
End-Date: 2015-04-04  01:42:07