Dell Compellent SCv2080 测试

Posted on (Updated by yaoge123

Dell Compellent SCv2080,双控,每控制器8GB缓存,满配84颗4TByte 3.5-inch 7.2Krpm NL-SAS。建立4个Volumes,每个Volumes容量50TB,模式为RAID 10-DM和RAID 6-10,所以实际测试的是RAID 10-DM的性能。四个卷全部映射给两台Dell R730(2*E5-2670 v3,64GB内存,单卡双口8Gb FC)IO服务器,与存储通过两台8Gb光纤交换机冗余连接。四个卷做成一个GPFS进行测试。每个IO节点通过2个万兆做LACP和核心交换机连接,6个刀片计算节点通过1个万兆和刀箱交换机连接,刀箱交换机通过2个万兆做LACP和核心交换机连接。

io为两个IO节点测试,blade为6个刀片节点测试,测试进程平均分配,单位MB/sec

 测试命令 write rewrite read reread
iozone -i 0 -i 1 -r 128K -s 128G -t 2 -+m ./io 1555 1574 2587 2600
iozone -i 0 -i 1 -r 128K -s 12G -t 20 -+m ./io 1573 1591 2560 2573
iozone -i 0 -i 1 -r 128K -s 6G -t 40 -+m ./io 1587 1602 2829 2817
iozone -i 0 -i 1 -r 128K -s 3G -t 80 -+m ./io 1600 1602 2882 2889
iozone -i 0 -i 1 -r 128K -s 1G -t 288 -+m ./io 1586 1600 2827 2841
iozone -i 0 -i 1 -r 128K -s 4G -t 252 -+m ./io 1564 1613 2844 2803
iozone -i 0 -i 1 -r 128K -s 4G -t 252 -+m ./io 1578 1616 2799 2805
iozone -i 0 -i 1 -r 128K -s 2G -t 504 -+m ./io 1050 1591 1710 1689
iozone -i 0 -i 1 -r 128K -s 1G -t 1008 -+m ./io 486 963 284 277
iozone -i 0 -i 1 -r 64K -s 4G -t 252 -+m ./io 1587 1611 2841 2848
iozone -i 0 -i 1 -r 64K -s 2G -t 504 -+m ./io 1093 1586 1751 1717
iozone -i 0 -i 1 -r 64K -s 1G -t 1008 -+m ./io 306 379 91 91
iozone -i 0 -i 1 -r 32K -s 4G -t 252 -+m ./io 1585 1612 2871 2875
iozone -i 0 -i 1 -r 32K -s 2G -t 504 -+m ./io 1161 1550 1764 1775

HP MSA 2040 SAN 测试

Posted on (Updated by yaoge123

HP MSA 2040 SAN,双控制器,每控制器4GB缓存。两台IO节点与存储双控通过16Gb FC冗余链接。

测试命令:iozone -i 0 -i 1 -r 128K -s 256G -t 2 -+m ./iolist -C
每个IO节点一个iozone进程,更多的进程更慢

write rewrite read reread
900GByte 2.5-inch 10Krpm 6Gb/s SAS
每5个盘做一组RAID5,4组RAID5		 2421 2421 2419 2418
4TByte 3.5-inch 7.2Krpm 6Gb/s NL-SAS
每6个盘做一组RAID6,2组RAID6		 1249 1228 1276 1279

 

通过作业调度系统进行系统维护

Posted on (Updated by yaoge123

HPC集群中一些系统维护工作不需要立刻执行,而希望在不影响用户正常使用的情况下见缝插针的进行,这个时候可以将这些维护工作做成作业,通过作业调度系统来调度完成。下面以通过LSF作业调度系统升级Infiniband卡固件和驱动为例:

  1. 允许root用户提交作业
    1. 修改lsf.conf,添加一行 
      LSF_ROOT_REX=local
    2. 重启相关服务让修改生效 
      $ badmin mbdrestart
$ lsadmin resrestart all
  2. 编写升级脚本 
    cd /root/mellanox/ #进入目录
unzip fw-ConnectX3Pro-rel-2_35_5100.zip
mstflint -d 08:00.0 -i ./fw-ConnectX3Pro-rel-2_35_5100-FlexBoot-3.4.648-CLP-8025-UEFI-14.8.43.bin b #升级固件
tar xf MLNX_OFED_LINUX-3.1-1.0.3-rhel6.7-x86_64.tgz
cd MLNX_OFED_LINUX-3.1-1.0.3-rhel6.7-x86_64
yum install perl pciutils python gcc-gfortran libxml2-python tcsh libnl.i686 libnl expat glib2 tcl libstdc++ bc tk gtk2 atk cairo numactl pkgconfig -y
./mlnxofedinstall --all --enable-affinity --enable-mlnx_tune <<< "y\n" #安装新版驱动
sed -i s/HWADDR=/#HWADDR=/ /etc/sysconfig/network-scripts/ifcfg-ib0
cd
rm -rf /root/mellanox #删除升级目录
reboot #重启
  3. 将升级所需文件复制到所有节点 
    pscp -r mellanox node:/root/
  4. 编写作业提交脚本
    如果队列之间有抢占,系统维护作业需要提交到低优先级队列,提交到高优先级队列会造成重启时还有被抢占挂起的作业
    首先关闭节点,再进行维护作业,完成后再打开节点

    #!/bin/bash
for i in `cat nodelist` #nodelist文件中是所有需要升级节点的主机名列表
do
	bsub -q e52680v3ib -n 24 -m $i -o $i "badmin hclose $i;/root/mellanox/up.sh;badmin hopen $i" 
done

安装和使用 Drush

Posted on (Updated by yaoge123

apt安装drush版本是5.x,已被官方标记为不支持;采用pear安装虽然版本为6,但是小版本较老,所以:

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
composer global require drush/drush:6.*
echo 'export PATH="$HOME/.composer/vendor/bin:$PATH"' >>  ~/.bashrc
//用于升级:
composer global update

下载和启用模块,并且en的时候会自动处理依赖

drush dl views
drush en views

 

Nginx HTTPS配置

Posted on (Updated by yaoge123

配置很简单,但是需要注意的有:

  1. 应使用listen的ssl参数取代ssl on;
  2. cert文件应包含整个证书链,内容顺序必须是证书链的逆序,即cert文件头是本服务器的证书、中间是中间CA、最后是根CA。可以用下述命令检查 
    openssl s_client -connect www.example.com:443
  3. ssl_protocols中只能包含TLS 
    server {
        listen          [::]:80;
        listen          [::]:443 ssl;
……
        ssl_certificate /etc/ssl/microstructures_bundle.crt;
        ssl_certificate_key /etc/ssl/microstructures_org.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
……
}

 

通配符SSL证书

Posted on by yaoge123

域名验证通配符证书主要有:
GeoTrust RapidSSL Wildcard
Comodo PositiveSSL Wildcard
Comodo EssentialSSL Wildcard
GlobalSign AlphaSSL Wildcard

兼容性:GeoTrust>Comodo>GlobalSign

市场占用率文章:http://w3techs.com/technologies/overview/ssl_certificate/all

基本上最高端兼容性最好的CA都在Symantec手里了

Linux DHCP 下自定义路由和网关

Posted on (Updated by yaoge123

主机IP必须通过DHCP获得,但是因故需要重新指定网关并做策略路由。例如主机DHCP获取IP段192.168.1.0/24,DHCP获取网关192.168.1.1,拟将默认路由改为192.168.1.2,本地IP仍然走网关192.168.1.1

RHEL(CentOS) 6/7

/etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=dhcp
NM_CONTROLLED="no"
ONBOOT=yes
GATEWAY=192.168.1.2
……

/etc/sysconfig/network-scripts/route-eth0
192.168.0.0/16 via 192.168.1.1

/etc/sysconfig/network
NETWORKING=yes
……

Debian 7

/etc/network/interfaces
……
up route del default dev eth0
up route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev eth0
up route add default gw 192.168.1.2 dev eth0
……

Suse 11

/etc/sysconfig/network/routes
……
192.168.0.0 192.168.1.1 255.255.0.0 eth0
default 192.168.1.2 - -

 

替换 VMware vCenter Server Appliance 5.5 证书

Posted on (Updated by yaoge123

1. 修改主机的IP、域名、主机名符合新证书的要求,将Certificate regeneration enabled改为Yes,Reboot vCenter,再将Certificate regeneration enabled改为No。

2. 停止服务:

service vmware-stsd stop
service vmware-vpxd stop


service vmware-rbd-watchdog stop
rm /var/vmware/vpxd/autodeploy_registered

2. 把证书、私钥、证书链传到ssl/vpxd下面,文件名分别为:证书rui.crt,私钥rui.key,证书链cachain.pem,内容为证书链的逆序文件最后应该为自签名的RootCA,合并证书和证书链

cd
mkdir ssl
mkdir ssl/vpxd
mkdir ssl/inventoryservice
mkdir ssl/logbrowser
mkdir ssl/autodeploy
cd ssl/vpxd
……
cat rui.crt cachain.pem > chain.pem

3. 替换vpxd证书

cd
cd ssl/vpxd
/usr/sbin/vpxd_servicecfg certificate change chain.pem rui.key

返回VC_CFG_RESULT = 0 表示成功,如果非0请看这里

4. 替换vCenter Inventory Service证书

service vmware-stsd start
cd /etc/vmware-sso/register-hooks.d
./02-inventoryservice --mode uninstall --ls-server https://server.domain.com:7444/lookupservice/sdk
cd
cp ssl/vpxd/* ssl/inventoryservice/
cd ssl/inventoryservice/
openssl pkcs12 -export -out rui.pfx -in chain.pem -inkey rui.key -name rui -passout pass:testpassword
cp rui.key /usr/lib/vmware-vpx/inventoryservice/ssl
cp rui.crt /usr/lib/vmware-vpx/inventoryservice/ssl
cp rui.pfx /usr/lib/vmware-vpx/inventoryservice/ssl
cd /usr/lib/vmware-vpx/inventoryservice/ssl/
chmod 400 rui.key rui.pfx
chmod 644 rui.crt
cd /etc/vmware-sso/register-hooks.d
./02-inventoryservice --mode install --ls-server https://server.domain.com:7444/lookupservice/sdk --user administrator@vSphere.local --password sso_administrator_password
rm /var/vmware/vpxd/inventoryservice_registered
service vmware-inventoryservice stop
service vmware-vpxd stop
service vmware-inventoryservice start
service vmware-vpxd start

5. 替换VMware Log Browser service证书

cd /etc/vmware-sso/register-hooks.d
./09-vmware-logbrowser --mode uninstall --ls-server https://server.domain.com:7444/lookupservice/sdk
cd
cp ssl/vpxd/* ssl/logbrowser/
cd ssl/logbrowser/
openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx
cp rui.key /usr/lib/vmware-logbrowser/conf
cp rui.crt /usr/lib/vmware-logbrowser/conf
cp rui.pfx /usr/lib/vmware-logbrowser/conf
cd /usr/lib/vmware-logbrowser/conf
chmod 400 rui.key rui.pfx
chmod 644 rui.crt
cd /etc/vmware-sso/register-hooks.d
./09-vmware-logbrowser --mode install --ls-server https://server.domain.com:7444/lookupservice/sdk --user administrator@vSphere.local --password sso_administrator_password
service vmware-logbrowser stop
service vmware-logbrowser start

6. 替换vSphere Auto Deploy证书

cd
cp ssl/vpxd/* ssl/autodeploy/
cp ssl/autodeploy/rui.crt /etc/vmware-rbd/ssl/waiter.crt
cp ssl/autodeploy/rui.key /etc/vmware-rbd/ssl/waiter.key
cd /etc/vmware-rbd/ssl/
chmod 644 waiter.crt
chmod 400 waiter.key
chown deploy:deploy waiter.crt waiter.key
service vmware-rbd-watchdog stop
rm /var/vmware/vpxd/autodeploy_registered
service vmware-vpxd restart

7. Reboot vCenter