Mesos-DNS installation and configuration

Context: I followed these steps to install Mesos DNS and launch it on Marathon.

1. Install golang

# wget https://storage.googleapis.com/golang/go1.4.2.linux-amd64.tar.gz
# tar -C /usr/local -xvzf go1.4.2.linux-amd64.tar.gz

2. Set up golang environment variables
Add this line:

export PATH=$PATH:/usr/local/go/bin

at the end of /etc/profile file. You can then run

# source /etc/profile

to apply your changes without reloading the terminal.

3. Install godep
We set some environment variables for the godep installation (no need to edit /etc/profile this time, the command line is enough):

# export GOPATH=$HOME/go
# export PATH=$PATH:$GOPATH/bin

and install godep:

# go get github.com/tools/godep

4. Install mesos-dns dependencies

# go get github.com/mesosphere/mesos-dns/logging
# go get github.com/mesosphere/mesos-dns/records
# go get github.com/mesosphere/mesos-dns/resolver

5. Install Mesos-DNS itself
We get the code from github, build it, and get the binary that’s generated:

# git clone https://github.com/mesosphere/mesos-dns.git
# cd mesos-dns
# make build
# mv mesos-dns /usr/local/bin/

6. Configure Mesos-DNS

# mkdir /etc/mesos-dns
# cp config.json.sample /etc/mesos-dns/config.json
# cd /etc/mesos-dns/

And edit the file config.json
See the documentation concerning the different options: http://mesosphere.github.io/mesos-dns/docs/configuration-parameters.html
In my case /etc/mesos-dns/config.json looks like this (replace text in ):

{
"zk": "zk://:2181/mesos",
"masters": [":5050"],
"refreshSeconds": 60,
"ttl": 60,
"domain": "mesos",
"resolvers": ["","8.8.8.8"],
"listener": "",
"email": "root.mesos-dns.mesos"
}

Note: In my case, when running mesos-dns on master, the master doesn’t like the IP provided by Zookeeper (even if it’s a valid one) so I removed the first line of the configuration (“zk”:….)

7. Little test to check it’s working
Run mesos-dns:

# mesos-dns -config=/etc/mesos-dns/config.json &

And check the name resolution:

$ dig .marathon.mesos @

You should see a line like:

;; ANSWER SECTION:
.marathon.mesos. 60 IN A

Your applications running on mesos will be accessible at ..mesos (in our example above the framework is Marathon)

8. Set Mesos-DNS as our official DNS resolver
To run on all hosts that will need to resolve those names:

# sed -i '1s/^/nameserver \n /' /etc/resolv.conf

Note: other solution (instead of sed): http://askubuntu.com/questions/157154/how-do-i-include-lines-in-resolv-conf-that-wont-get-lost-on-reboot

9. Run Mesos DNS on Marathon
You can kill the Mesos DNS process we launched for testing at step 7.

Create a file that will contain the Marathon configuration for Mesos DNS (in my case /tmp/MesosDNS.json):

{
"cmd": "sudo  /usr/local/bin/mesos-dns -config=/etc/mesos-dns/config.json",
"cpus": 1.0,
"mem": 512,
"id": "mesos-dns",
"instances": 1,
"constraints": [["hostname", "CLUSTER", ""]]
}

The constraint on the hostname (last line) is optional. In my case I force mesos-dns to run on a specific slave.

And launch:

curl -X POST -H 'Content-Type: application/json' http://:8080/v2/apps -d@/tmp/MesosDNS.json

References
http://mesosphere.github.io/mesos-dns/docs/

Loved this article? Send Ethereum to this address: 0x9b09d5b83395FE4F43e4746a8c44E8d8491799A3

Advertisements
Mesos-DNS installation and configuration

Set up a L2TP/IPSec VPN connection on Ubuntu desktop

Context:

The VPN server runs on a Vyatta firewall (version 6.5). This has been tested on Ubuntu 13.10 (saucy) and 14.04 (trusty).

How to set up the VPN client on Ubuntu

1. Packages required:

$ sudo apt-get install openswan
$ sudo apt-get install xl2tpd
$ sudo apt-get install l2tp-ipsec-vpn

2. You need to restart your computer to see the little “L2TP IPSEC VPN Manager” appear in the  status bar

3. Configure the connection with the “L2TP IPSEC VPN Manager”:

Enter the VPN server address and the pre-shared key

Image

Go to the PPP tab and enter the username and password (you can let all the protocols checked as we will unban them later):

Image

Click on “IP Settings” and check the box:

Image

Before closing, click on “Routes” and make sure you use the gateway on the remote network:

Image

Close the “L2TP IPSEC VPN Manager” to apply the changes.

4. Before connecting to the VPN you need to make some more changes in the configuration files

In the file /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
– Add the password line
– Be sure the lines refuse-xxxx are commented:

$ sudo vi /etc/ppp/<your_vpn_connection_name>.options.xl2tpd
  #debug
  #dump
  #record /var/log/pppd

  plugin passprompt.so
  ipcp-accept-local
  ipcp-accept-remote
  idle 72000
  ktune
  noproxyarp
  asyncmap 0
  #noccp
  noauth
  crtscts
  lock
  hide-password
  modem
  noipx

  ipparam L2tpIPsecVpn-<your_connection>

  promptprog "/usr/bin/L2tpIPsecVpn"

  #refuse-eap
  #refuse-pap
  #refuse-chap
  #refuse-mschap
  #refuse-mschap-v2
  #require-mschap-v2

  remotename ""
  name "<your_username>"
  password "<your_password>"

  defaultroute

  usepeerdns

5. Restart xl2tp and ipsec to apply the changes

$ sudo /etc/init.d/ipsec restart
$ sudo /etc/init.d/xl2tp restart

6. Finally, go to your (home) connection settings and deactivate the IPv6:

Image

7. You can now connect to your (home) connection and connect to the VPN connection you just created

Issues? Check the last lines of /var/log/syslog

FYI: the VPN server configuration
Here is the VPN configuration on the Vyatta firewall (version 6.5) which is our VPN server:
Any content in <> has to be replaced.
See Vyatta documentation for more details.

vpn {
    ipsec {
        esp-group ESP1 {
            compression disable
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group IKE1 {
            dead-peer-detection {
                action clear
                interval 150
                timeout 450
            }
            lifetime 28800
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface <eth0>
        }
        nat-networks {
            allowed-network <192.168.0.0/16> {
            }
        }
        nat-traversal enable
    }
    l2tp {
        remote-access {
            authentication {
                local-users {
                    username <user1> {
                        password <user1password>
                    }
                    username <user2> {
                        password <user2password>
                    }
                }
                mode local
            }
            client-ip-pool {
                start <vpn_ip_pool_start>
                stop <vpn_ip_pool_stop>
            }
            dns-servers {
                server-1 <internal_dns_server>
                server-2 <internal_dns_server2>
            }
            ipsec-settings {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret <choose_a_shared_secret>
                }
                ike-lifetime 3600
            }
            outside-address <your_external_ip>
            outside-nexthop <your_gateway>
            wins-servers {
                server-1 <your_wins_server_ip>
            }
        }
    }
}

Loved this article? Send Ethereum to this address: 0x9b09d5b83395FE4F43e4746a8c44E8d8491799A3

Set up a L2TP/IPSec VPN connection on Ubuntu desktop

How to install an Android emulator

Mission: Install an Android emulator on Windows XP

– Download the Android SDK available at this address: http://developer.android.com/sdk/index.html
and execute the program in order to install it.

– Once installed, open the SDK Manager. Install the SDK Platform and the ARM EABI v7a System Image.
The following packages need to appear as Installed (the other ones are not necessary):

  • Andoid SDK Tools
  • Android SDK Platform-tools
  • SDK Platform
  • ARM EABI v7a System Image

– Open the AVD Manager in order to create an AVD configuration (it’s the configuration of your virtual device).
Click on “New…” and fill the fields.
If you get this error: There is no AVD target check that you installed SDK Platform as mentioned previously.
If you get this error: Unable to find a ‘userdata.img’ file for ABI armeabi to copy into the AVD folder check that you installed ARM EABI v7a System Image as mentioned previously.

– Once the AVD configuration created, you can launch the emulator. To do so, open a command line and go to the Android tools directory. In my case:

cd C:\Program Files\Android\android-sdk\tools

and run this command:

emulator -avd <avd_name>

In my case:

emulator -avd phone2

References:
http://developer.android.com/tools/devices/emulator.html

How to install an Android emulator

Scan to email with Sharp AR-208D

Issues: I had a CE-03 error after scanning. Looking at the /var/log/maillog on my postfix server I saw a timeout exceeded error.
To be more specific, the error in the maillog file was:

postfix/smtpd[21913]: > unknown[10.3.10.109]: 421 myserver.mydomain.com 
Error: timeout exceeded
postfix/smtpd[21913]: timeout after EHLO from unknown[10.3.10.109]

Solution:
I changed the value of smtpd_timeout in /etc/postfix/main.cf:

smtpd_timeout = 35s

It was only 15s before.
And to apply the modification:

/etc/init.d/postfix reload

Then it worked, I received my scan by email but I didn’t realized right away because the e-mail arrived with a wrong timestamp.
So I set the scanner clock and everything went fine :-)

Comments in French, Portuguese, Spanish, Italian or Romanian are also welcomed.

Scan to email with Sharp AR-208D

Cluster monitoring with Nagios

Mission: We have a cluster of 2 devices. From the Nagios server network, we can’t ping both devices at the same time. It will be possible to ping one device for a while and impossible to ping the other one until the contrary happens.
An alert will appear in Nagios if one of the device becomes unreachable but it’s going to be a false alarm as the other device is reachable and the cluster healthy…
We want an alarm only if both devices are unreachable.

Solution:
To do this I used a Nagios plugins called check_multiaddr.
I found it there: http://exchange.nagios.org/directory/Plugins/Others/check_multiaddr/details

How I deployed it:
– I uploaded the file check_multiaddr.pl to my Nagios server
– I copied it into my nagios plugins directory (/usr/lib/nagios/plugins/)
– I made it executable:

#chmod +x check_multiaddr.pl

– I tested the script:
I want to test the ping service (Example with options already set: check_ping -H $HOSTADDRESS$ -w 800.0,20% -c 999.0,60% -p 5)
My devices IP addresses are 10.2.0.2 and 10.2.0.4
So, here is the command I executed:

#./check_multiaddr.pl /usr/lib/nagios/plugins/check_ping -H 10.2.0.2,10.2.0
.4 -w 800.0,20% -c 999.0,60% -p 5

– I got a timeout error:

Timeout detected (9s - you can edit its duration in ./check_multiaddr.pl).

– I edited the check_multiaddr.pl file and changed the TIMEOUT value from 9 to 15 seconds:

my $TIMEOUT = 20;

– I executed the same command and this time it worked:

10.2.0.2: PING OK - Packet loss = 0%, RTA = 0.97 ms|rta=0.970000ms;800.000000;999.000000;0.000000 pl=0%;20;60;0

– Now I had to change the Nagios configuration. I added a new host to represent my cluster. And I typed the 2 IP addresses separated by a comma (where I usually enter 1 IP address)
– I also created 2 new commands based on my existing commands: one to check if the host is alive and the standard ping service.
So, a command which was before: $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 1
became: $USER1$/check_multiaddr.pl $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 1
– And of course I assigned this commands to the new host check command and to the ping service for this host.
– Then I reloaded Nagios to make it apply the new configuration
– At first I got timeout errors (again?):

(Host Check Timed Out)

But this time it wasn’t because of the script setting. I had to change the Host Check Timeout in Nagios main configuration file. I changed the value to 15 (it was set to 10). If you’re using Centreon to set the Nagios configuration, the parameter is in Nagios -> nagios.cfg > Logs Options
– I reloaded again and it worked :-)

Again, don’t hesitate to write your questions/comments in French, Portuguese, Italian, Spanish or Romanian.

Cluster monitoring with Nagios

Dates in a Talend job

Mission: A friend sent me an email today. His question:

I have 2 incoming flows

Datebeg: DD/MM/YYYY format
Hourbeg: in minutes (example: 540 = 9h00)

How do I do to get this output: YYYYMMDDHHMMSS?

My answer:

I would do that:

First, add the minutes (Hourbeg) to the date (Datebeg):
TalendDate.addDate(row1.Datebeg, row1.Hourbeg, “mm”) 
The Datebeg type is Date.
The Hourbeg type is Integer.

Then, format the date :
TalendDate.formatDate(“yyyyMMddHHmmss”,Var.date2) 
Var.date2 is the output of TalendDate.addDate. Its type is Date. The output is gonna be a String.

Questions in French, Portuguese, Italian, Spanish, Romanian are welcomed.

Dates in a Talend job