So recently I ran into an issue. I currently only have 1 RHN entitlement allocated to manage on the order of about 20 RHEL4 servers. It quickly became a pain to unentitle one machine so I could entitle another. I could also only have 2 systems in my account, so I would also have to add in deleting, registering and reregistering systems to the fun of managing these servers.

I had remembered reading in the mrepo documentation that you could run into problems using the software if when you registered a system with RHN you sent the system information and installed package information.

So I got a bright idea to see if I could use the same RHN entitlement information on all machines and be able to update via up2date without having to do the entitlement dance. So I deleted all of my systems and reregistered one giving it a generic name and not sending the system information or the installed package information. After this there is only 1 thing left to do…copy the following files to all of the servers:

/etc/sysconfig/rhn/systemid
/etc/sysconfig/rhn/up2date

The systemid file includes the information that links the system to the RHN entitlement. The up2date is the configuration file for up2date which is modified by up2date -configure.

From here all I had to do was copy these 2 files to all of the other systems and then run up2date -u. I have actually not found any problems so far. Eventually I will get the 20 RHN subscriptions and have to reregister all of the systems. Now this works fine for me because I really don’t use any of the other RHN features. Although it is nice to be able to login and see if there are any systems that need updating. So my next task is to see if I can write a small script to determine if each system needs updates and then report it back to me.

This HowTo will discuss how to install Apache and Tomcat on CentOS4. And if the title isn’t self explanatory enough we will be using mod_jk to link Apache and Tomcat.

1. Let’s install Apache to start…

shell> yum install httpd

1. Now let’s download the Java JDK from http://java.sun.com/javase/downloads/index.jsp (It is labeld as JDK 6u1)

2. After clicking on Download we are going to look for “Linux Platform - Java™ SE Development Kit 6 Update 1”

3. Download the “Linux RPM in self-extracting file” the filename should be jdk-6u1-linux-i586-rpm.bin

shell> mkdir -p /usr/java/
shell> mv jdk-6u1-linux-i586-rpm.bin /usr/java
shell> chmod a+x /usr/java/jdk-6u1-linux-i586-rpm.bin
shell> /usr/java/jdk-6u1-linux-i586-rpm.bin
shell> ln -s /usr/java/jdk1.6.0_01 /usr/java/jdk

1. Next let’s download the following packages from http://archive.apache.org/dist/tomcat/tomcat-5/archive/v5.5.9/bin/ (Tomcat 5.5.9 used for this set of instructions)

2. jakarta-tomcat-5.5.9-admin.tar.gz

3. jakarta-tomcat-5.5.9.tar.gz

shell> tar xzvf jakarta-tomcat-5.5.9-admin.tar.gz
shell> tar xzvf jakarta-tomcat-5.5.9.tar.gz
shell> mv jakarta-tomcat-5.5.9 /usr/java/tomcat

1. We can now setup an init script for Tomcat

2. Download catalina to /etc/init.d

shell> chmod a+x catalina
shell> chkconfig -add catalina
shell> chkconfig catalina on

1. Now we need to install the Tomcat Apache connector

2. Download mod_jk from http://mirrors.dotsrc.org/jpackage/1.6/redhat-el-4.0/free/RPMS/mod_jk-ap20-1.2.15-1jpp.i386.rpm

shell> rpm -Uvh mod_jk-ap20-1.2.15-1jpp.i386.rpm

1. Edit the workers.properties file in /usr/java/tomcat/conf

workers.tomcat_home=/usr/java/tomcat
workers.java_home=/usr/java/jdk
workers.list=ajp13
worker.ajp13.host=[fully qualified domain name]
worker.ajp13.cachesize=20
worker.loadbalancer.balanced_workers=ajp13

1. Edit the server.xml file in /usr/java/tomcat/conf

2. Immediately below the entry add:

• Find the entry and change localhost to your fully qualified domain name or IP address.
• This is also how you would define Tomcat virtual hosts. I won’t go into detail about virtual hosting with Tomcat. If you are interested in virtual hosting with Tomcat I suggest checking out some search results on Google.

• Immidiately following that line add:

1. Let’s now start up Tomcat. From the configuration changes made above Tomcat will generate an Apache conf file that will be used to load the Tomcat info.

shell> /etc/init.d/catalina start

1. Now we need to do a few quick things for Apache to work with Tomcat.

shell> ln -s /usr/java/tomcat/conf/auto/mod_jk.conf /etc/httpd/conf.d/
shell> /etc/init.d/httpd start

1. Let’s give it a test

2. Open a web browser and navigate to http://[hostname]/jsp-examples

Side Notes: As you notice above, Tomcat is installed in /usr. /usr is usually not one of the larger partitions on a web server. In the past I have created a directory /var/www/tomcat, copied the contents of /usr/java/tomcat/webapps to /var/www/tomcat, delete webapps and then create a symlink from /var/www/tomcat to /usr/java/tomcat/webapps. I also recommend creating a directory /var/log/tomcat, deleting /usr/java/tomcat/logs and creating a symlink from /var/log/tomcat to /usr/java/tomcat/logs. Use your best judgment as to how you want to handle this.

This howto describes how to install and configure Cacti quickly on a CentOS server. Cacti packages are available from the RPMforge repository. Read this for information about the RPMForge repository. But beware, some repositories do not mix well. The rest of this HOWTO assumed that your system is set up to use the RPMforge repository. See http://wiki.centos.org/Repositories/RPMForge for instructions regarding RPMForge.

1. Install Cacti, Cactid and required Dependencies (yum install cacti cacti-cactid mysql-server net-snmp)

2. Modify /etc/httpd/conf.d/cacti.conf commenting out the following lines or modifying them to work with your configuration:

order deny,allow
deny from all
allow from 127.0.0.1

1. Restart Apache (/etc/init.d/httpd restart)
   
2. Make sure that httpd and mysqld are set to start on boot with the following commands:

/sbin/chkconfig httpd on
/sbin/chkconfig mysqld on

1. If you want to monitor disk useage on the localhost make sure that snmpd is set to start at boot and that /etc/snmp/snmpd.conf is configured:

/sbin/chkconfig snmpd on

By default the SNMP community string is public. Modify this if you wish.

1. Make sure the above services are currently started:

/etc/init.d/httpd start
/etc/init.d/mysqld start
/etc/init.d/snmpd start

1. Create the cacti MySQL database:

mysqladmin create cacti

1. Import the cacti database:

mysql cacti < /var/www/cacti/cacti.sql

1. Create MySQL user for the cacti database and give it permission to the cacti database:

shell> mysql
mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY ‘somepassword’;
mysql> flush privileges;
mysql> exit

1. Modify the database connection information in the following files:

/var/www/cacti/include/config.php
/etc/cactid.conf

1. Run Cactid as root and then change permissions.

shell> cactid
shell> chown -R cacti.cacti /var/net-snmp

1. Log in to Cacti by browsing to http://server/cacti. Username: admin, Password: admin. You will be prompted to change the password of the admin user.

2. Follow steps for a new install

3. Setup Cacti to use the cactid poller:

4. Console>Configuration>Settings>Paths

5. Modify “Cactid Poller File Path” to read /usr/bin/cactid

6. Click Save. Click the Poller tab.

7. Select cactid from the “Poller Type” drop down.

8. Select Ping and Snmp… from the “Downed Host Detection” drop down.

9. Click Save.

10. Add some devices and graphs:

11. Console>Create

12. Console>Create Graphs

13. Console>Management>Graph Management and add an existing host to a tree

14. Enjoy. The cron job located at /etc/cron.d/cacti will run poller.php every 5 minutes. It will get the poller configuration from the database and spawn cactid for polling. Graphs will show up after the first poll, they will populate with data after the second poll.

The situation: A single box has multiple NICs in it, each connected to a different subnet (and therefore with distinct IP addresses). For specificity in the following, let us assume it has two NICs, one NICA having an IP address IPaddrA on the subnetA subnet. The other, NICB, has IP address IPaddrB on the subnetB subnet.

The symptoms: All machines on subnetA can see the box using IPaddrA. Similarly, boxes on subnetB can see the box using IPaddrB. I believe you should also be able to see either address ( IPaddrA or IPaddrB ) if on the other subnet ( subnetB or subnetA, respectively), but won’t guarrantee it. The problem is that outside hosts, not on either local subnet (neither subnetA nor subnetB ) can only see the machine using one of the two addresses, and get no response from the other one.

My analysis: Let us assume that it is IPaddrA which is visible from the outside world, and IPaddrB that is blocked. What appears to be happening is that both NICs function properly with respect to traffic on their own subnet. IPaddrA functions properly even for stuff not on subnetA; when a machine on some other net tries to contact, the subnetA gateway sends the packets to NICA, and the response goes out on NICA back to the gateway, with a source address of IPaddrA and the foreign machines IP address.

When a machine not on subnetB tries to talk to IPaddrB, things start the same. The subnetB gateway sends the packets to NICB, the linux box decides how to respond, and a response is sent out. However, the response goes out on NICA but with the IPaddrB source address. If the machine trying to be reached is on subnetA, the packets seem to get to the destination and no one complains. But if the packets are for another subnet, the router drops the packets because the source address is illegal for subnetA (as it is IPaddrB which is a subnetB address).

Hack to fix it: In the rc.local file, use the /sbin/ip command to set up a somewhat more complicated routing scenario with a separate routing table for each subnet. For each subnet, the routing table simply goes out through the NIC if local, or through the NIC to the appropriate gateway if non-local. Then hook these tables into the routing rule based on the source IP address.

For example, if the two subnets are 172.70.12.0/23 and 172.80.²⁴⁄₂₃ on and , respectively, with 172.70.12.1 and 172.80.24.1 as the gateways you can do something like

#!/bin/bash

#Set up the first subnet's routing table (we'll name it 70)  
/sbin/ip route flush table 70  
/sbin/ip route add table 70 to 172.70.12.0/23 dev eth0  
/sbin/ip route add table 70 to default via 172.70.12.1 dev eth0

#Set up the second subnet's routing table (we'll call it 80)  
/sbin/ip route flush table 80  
/sbin/ip route add table 80 to 172.80.24.0/23 dev eth1  
/sbin/ip route add table 80 to default via 172.80.24.1 dev eth1

#Create the rules to choose what table to use. Choose based on source IP  
#We need to give the rules different priorities; for convenience name priority  
#after the table  
/sbin/ip rule add from 172.70.12.0/23 table 70 priority 70  
/sbin/ip rule add from 172.80.24.0/23 table 80 priority 80

#Flush the cache to make effective  
/sbin/ip route flush cache

Physics typically puts this into a file called rc.linux-dual-net-route-hack in the sysconfig tree and calls this script from /etc/rc.local. This seems to work fine, as the primary interface works properly even without the hack, and that is the interface used to communicate with AFS, KDC, etc. servers, so machine seems to boot OK. The extra bit of network connectivity gained by the other NIC can wait until the rc.machine script gets run.

NOTE: The above is taken completely from http://www.physics.umd.edu/rgroups/pnce/pcs-docs/Glue/linux-route-hack.html#dual-subnets with small fixes for typos and for use on CentOS 4.x and RHEL 4.x.

I would like to further mention that while this resolves the problem of needing two default gateways, one for each NIC, for devices accessing these IP addresses from the outside it does not mention accessing the internet from the linux box that the above commands were issued on.

I would recommend choosing which NIC/Network you wish to use as your default internet connection. Then by using the NIC init script in /etc/sysconfig/network-scripts you would configure the default gateway with the GATEWAY statment in the respective ifcfg- script. If the GATEWAY statement is configured in all or some of the ifcfg scripts, the last one activated will be the default gateway that is used.