Code Question: 01/28/11

Friday, January 28, 2011

Installing Tomcat on CentOS 5

Disclaimer: I am not a server admin, I am a windows user that has lead a life of sinful installation wizards and drag and drop

I'm attempting to install Tomcat on CentOS 5 hosted by a MediaTemple dedicated virtual server.

I basically followed this guide:

Installed jpackage and configured the yum.repo.d jpackage file to set enabled=1
Used yum to install java (yum install java)
Downloaded the binary distribution of tomcat with "wget http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.14/bin/apache-tomcat-6.0.14.tar.gz"
set JAVA_HOME to point at the jdk location I found with "export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/"
I gunzip/untar the Tomcat files and run ./startup.sh to start the Tomcat server. That is supposed to put the Tomcat server at myserver.com:8080 - however, I just get a could not contact host error when I try to browse to it (or when I try 'curl localhost:8080' from SSH) After I type ./startup.sh, here is the console output:

[root@myserver bin]# ./startup.sh

Using CATALINA_BASE:   /root/apache-tomcat-6.0.14

Using CATALINA_HOME:   /root/apache-tomcat-6.0.14

Using CATALINA_TMPDIR: /root/apache-tomcat-6.0.14/temp

Using JRE_HOME:       /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/

[root@myserver bin]#

Is there a step I have missed here?

Edit: I've now discovered by looking at the log the following error is occuring:

Error occurred during initialization of VM Could not reserve enough space for object heap

From serverfault andybaird

Well, it looks tomcat is starting correctly, and the typical stuff to miss has been covered. I'd check and see if the machine has a firewall running. I'm not a Centos expert, so I don't know off hand if they run one by default. As root do a:
```
netstat -lnp | grep 8080
```
If that returns anything, your server is running and listening on 8080, but something (a firewall) is blocking access to it.

If it's not running, you have something else to dig into. You should have a "catalina.out" file wherever you have tomcat set to log to. As I recall that should be "/path/to/tomcat/server/logs". Check that out and see if it's throwing any exceptions. Might give some more clues as to what's going on.

andybaird : It looks like you are right, the log file contains the following: /root/apache-tomcat-6.0.14/bin/catalina.sh: line 273: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0//bin/java: No such file or directory

From qhartman
Is Tomcat6 the requirement? What version of Centos? (I'm assuming "Tomcat of some sort" and "current Centos" which would be 5.3 as of this writing)

You don't need the jpackage repo unless you want Tomcat 6. Also, Centos 5.3 ships with openjdk 1.6.0, which has passed the Java SE 6 TCK.

Simply "yum install tomcat5" should pull in all the dependencies you would need (including openjdk), many of which will be based off the jpackage sources. Once it's installed, all you need is "service tomcat5 start" to start it up. NOTE: Running your web container as root is very, very bad because it is a massive security risk. The tomcat5 service installed by the repository version will drop its permissions to a 'tomcat' user with more limited permissions. To have tomcat start automatically when the system boots, use "chkconfig tomcat5 on".

In your case above, the port 8080 is probably blocked by the default firewall. You can turn the firewall off (recommended only for testing connectivity, do not run without the firewall in production) with "service iptables stop". Centos provides both a GUI and Text UI tool (system-config-securitylevel and system-config-securitylevel-tui respectively) for modifying the firewall, or you can use iptables directly (see 'man iptables').

andybaird : CentOS release 5.3 (Final) And you're correct, tomcat6 is not a requirement. I just tried "yum install tomcat5" and got the following dependency error: --> Finished Dependency Resolution java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.i386 from base has depsolving problems --> Missing Dependency: /usr/bin/rebuild-security-providers is needed by package java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.i386 (base) Error: Missing Dependency: jdk = 2000:1.5.0_09-fcs is needed by package java-1.5.0-sun-compat-1.5.0.09-1jpp.noarch (jpackage-generic-nonfree)

Ophidian : It sounds like it's picking up dependencies from the jpackage repo. My best guess based on the errors is that you only have the Sun JRE and not the JDK installed.

mezgani : When installing tomcat i got the same error as andybaid: Error: Missing Dependency: /usr/bin/rebuild-security-providers is needed by package java-1.4.2-gcj-compat-1.4.2.0-40jpp.115.i386 (base) any idea?

mezgani : @andybaird: i find a reply of your request here http://www.cpurigs.com/forums/showthread.php?t=4770

From Ophidian
I solved this one after carefully following this guide:

http://de0ris.blogspot.com/2008/08/installing-tomcat-6x-on-centos-5.html

As mentioned in the comments above, JRE and JDK are separate downloads. I couldn't seem to find them in any package manager, so I had to download them directly and run them.

Ophidian : Caveat: This is mostly applicable for Sun's JRE/JDK and Tomcat 6. Centos 5.3 ships openjdk (java-1.6.0-openjdk for JRE / java-1.6.0-openjdk-devel for JDK) and Tomcat 5 (ver. 5.5.23) in its repositories.

From andybaird
Error occurred during initialization of VM Could not reserve enough space for object heap

There is not enough virtual memory to startup the VM. That is, there is not enough physical memory and swap to accommodate the heap side you requested with -Xms. As you're running inside a virtual environment, you'll need to talk to Media Temple about increasing the amount of virtual memory available to your instance.

From Dave Cheney
Hmm Its basically you are on open VZ VPS, Try xen or install jboss it comes with tomcat as well this will solve the memory swap issue.

http://davidanand.blogspot.com/2010/06/jboss-tomcat-on-openvz-centos.html

Hope this helps ;)

From David

Is there a way to clone an existing VM on an ESXi server without having to re-import it?

I have imported a VM into an ESXi server using the VMware "Converter stand alone utility". However, this process is a little tedious. Since I eventually want several copies of this VM (or, to be more accurate, several more-or-less identical instances of this VM) to be running at the same time, is there a way to clone the already imported VM? Or do I have to re-import for each instance I want?

From serverfault David Mackintosh

[Editing my own answer]

Summary:
- the Converter took me about 15 minutes to run from WS6 to ESXi
- the Converter took about 45 minutes to run from ESXi to itself
- logging in with a command prompt and then copying as per the "unsupported" instructions worked, but took about 20 minutes to copy the VM, and I was unable to correctly start the result
My conclusion: just use the Converter repeatedly.

Thanks all for the ideas.

(Update, much later: here are the details for how to create a copy of a VM without running the converter repeatedly.)

From David Mackintosh
There is a "ghetto-esx-linked-clones" script that will make Linked Clones rather than full clones. Linked clones are great for VMs that you intend to use for short-term testing, since the clones only store differences relative to the original VM. Running this script requires enabling SSH access to the ESXi host.

http://communities.vmware.com/docs/DOC-9202?tstart=7450

From
Unless I'm sorely mistaken, you should be able to run the Virtual Infrastructure Client, connect to your ESXi server, right click on any stopped virtual machine and choose "Clone" which will duplicate the existing VM into another VM.

lepole : only when you are running on vCenter

David Mackintosh : I can confirm, ESXi 3.5 does not let you clone VMs from the VIC.

Kevin Kuphal : Thanks for confirming. I am sorely mistaken :)

From Kevin Kuphal
From memory the vCentre Server ( vmware.com/products/vi/vc/features.html ) will let you convert a machine into a template and then deploy multiple copies of that template into virtual machines. I believe there is a 60 day trial available ( vmware.com/tryvmware/index.php?p=vsphere&lp=1 ).

Rob Bergin : Only if you have Virtual Center - if you are running "Free ESX 3i" then you are limited in functionality.

Antitribu : if it is a one hit the trial may work for that.

From Antitribu
You need console (or SSH) access to the ESXi server, and then you can copy your VMs around using standard UNIX commands (cp).

To get console access:
- go to the server console
- type ALT-F1
- type "unsupported" without quotes (no echo)
- type your password (no echo, again)
Now you are at the server's command prompt; if you want to enable SSH access, edit /etc/inetd.conf and remove che comment symbol ("#") from the SSH line.

David Mackintosh : While correct, there must be more to it than this; I couldn't get the copy of the VM to start properly. It would always PXE then stop with a claim of "no operating system".

Massimo : That's strange, I've always been able to copy VMs this way. Are you copying all the VM directory or just the VMX and/or VMDK files? Try copying the full VM directory to another location, importing the copied VM into ESXi and then starting it.

From Massimo
Actually it's easier to just goto the host machine in VIC under summary tab and browse the datastore. Then create a folder for the new vm, copy the vmdk file from your source vm by copy and paste within the datastore browser and then create a custom VM for the new vmdk file. Make sure your VM and folder names match and it takes 1/10th of the time to do.

Example for me was:

7gig VM:

Converter: 13mins Direct: 3mins Copy via Datastore browser: 1min

I made copies of 17 VM's in Under 20 mins which saved a ton of time from converter.

warren : thanks - this is just what I was about to ask for :)

From itprofessional
No need to use the converter to clone a VM.

Simply browse to the datastore:
- Click on the host > Configuration tab
- Right-click on the datastore with the VM you want to clone > Browse Datastore
- Create a new folder in the store
- Right click on the VM folder and select Copy (must be done in the right pane of the Datastore Browser)
- Paste the VM to a new sub folder (otherwise the VM will overwrite itself)
- Once copied, rename and move the folder if desired
- Select the .vmx file within the cloned VM and select 'Add to Inventory'
GruffTech : couldn't have said it better myself.

From Leon Roy
Leon Roy's advice worked great!

From $pageUsers[$post.author].name
Leon Roy's advice worked for me. But I think there is something to consider: vmdk-files stored directly in the directory of the vm are linked with a relative path to the vmx-file whereas vmdks that are stored outside this directory are linked with an absolute path. So if one of the vmdks used by the VM is not situated in the same directory as the VM itself, you have to change the fileName value for that file in the vmx-file before re-adding it to the inventory. Otherwise, if you add the copied VM, it would use the original not the copy of the vmdk.

From $pageUsers[$post.author].name

Alternatives to native LDAP

We've implemented an LDAP to NIS solution and have begun transitioning some systems to native LDAP binding for authentication and automount maps. Unfortunately we have a very mixed environment with more than 20 *nix environments. The setup for each variant is of course unique and has required various workarounds to get full functionality. We're now at the point where we're willing to revisit the solution and possibly migrate toward something like Likewise (http://www.likewise.org), but would like to know what others are using to solve this problem.

From serverfault Matt

We have "solved" the problem by standardizing on RHEL/CentOS. That solves a boatload of other portability problems as well.

As for LDAP, we use it too, but the interface between ldap and NSS is far from perfect (same goes for any other network service). If I had the time, I'd look into deploying nsscache instead of nss_ldap. Or maybe even replace pam_ldap and nss_ldap with winbind, to better integrate with our windows environment (likewise is a variant of winbind, no?).

Matt : I'm jealous, I wish we could solve the problem in that way.

From janneb
I used to have 40ish Linux servers, all with local authentication. Life was hell.

I finally solved the problem by building an Active Direcotry infrastructure and implementing Likewise Open to authenticate all of my machines (plus samba, ftp, jabber, and half a dozen web apps).

Now I've got 80-100 servers all using the same authentication and my users love it (but not nearly as much as I do).

I have never once regretted using Likewise. I talked about it so much on my blog that they sent me a T-shirt!

Matt : How is the performance? Have you had any experience with the non-Linux variants? We've got 5,000+ hosts globally and LDAP performance has been lacking.

Matt Simmons : Our performance has been very good. The only minor quibble that I have is that I find myself occasionally clearing the cache after a user's information changes in the directory. It sounds like your infrastructure is a little more advanced than mine ;-)

From Matt Simmons
many companies are using Likewise and it is working very well. We had around 20 Servers using native users and we moved to Likewise and life is a lot simpler.

From $pageUsers[$post.author].name
@Avery,

This is essentially what Likewise Open does. It makes use of Kerberos (via PAM) to authenticate the user. It also provides NSSWITCH modules to perform SID->ID mapping (using various algorithms, some LDAP based, some hash based).

It has several advantages over plain old pam_krb5:
- Support for AD "sites" including smart DC failover to the nearest DC
- Support for offline authentication (if the network is down or you're on a disconnected laptop)
- Automatic configuration of PAM and krb5.conf
Cheers,

Manny Vellon CTO, Likewise

From $pageUsers[$post.author].name

How can I use DNS to return a geographically local IP address?

We have several offices across the globe, but our datacenters are primarily housed in two central locations (North America and Europe). There is a relatively high latency between various offices, so we try to host services in the closest location to the user (i.e. Canadian employees use Exchange services in the US, not Europe.)

This setup works well for the most part. When using services like Active Directory, Exchange or DFS, clients rely on existing site information in AD to fine the closest location.

Now, we have a request to have a common DNS name to access certain web services that are hosted both NA and Europe. Previously, we have used seperate DNS names (na-service.domain.local or eu-service.domain.local) but that becomes cumbersome for our end users.

All of our internal DNS is currently hosted on Windows 2003 and 2008 servers with Microsoft DNS. Is there any way to configure Microsoft DNS services to only respond to requests with a "local" IP address? I know that configuring multiple A records will result in a round robin style response, which is not ideal. We could also use Primary zones at each location and only enter the local IP address, but we have hundreds of other DNS entries that would need to be manually replicated to each server.

If this can't be done with MS DNS, are there other low cost alternatives? I know F5 Networks has products that can handle this, but that's at a fairly high expense.

From serverfault Doug Luxem

You might have some luck with the "Subnet Prioritization" functionality in the Microsoft DNS server. Whether or not it will help you will depend on how your subnets are addressed and how your geographically "local" servers are addressed. This feature is enabled by default in Windows Server 2003 and 2008.

I'd recommend reading up on that feature. Have a look at http://technet.microsoft.com/en-us/library/dd197495(WS.10).aspx under the "Subnet prioritization" heading.

The "view" functionality in BIND would probably do what you want, too, but then you're talking about deploying a parallel DNS infrastructure and a lot of configuration.

If you have control of the web-based application you could do something off-the-wall like embed some Javascript to "detect" the user's location and redirect them on the client side. It's a bit bush-league, but it might do what you need.

Doug Luxem : Interesting, that is the first I have heard of this concept. Unforunately, it will not work for us as clients are rarely in the same subnet as the servers (although they may be in the larger classless subnet used to simplify routing).

Evan Anderson : In case you didn't read thru the examples: The servers and clients don't need to be in the same subnet. An exact match on the client subnet w/ the server isn't done-- rather the server does an ordering of the results based on the closest match of the client's IP address to the results. In a typical VLSM environment, the IP addresses that are geographically close to you should, hopefully, be close, bitwise, to your own IP address.

Doug Luxem : In that case, it should cover about 90% of our clients (some subnets are completely unrelated to geographic location). Thanks for he information.

From Evan Anderson
I've had this question asked a couple of times here at work, although it never got to implementation, so this is pure theory on my part.

The best solution (hack?) I could come up with would be to have a common dns sub domain that isn't replicated. Then just put the local servers in that setup. So you would have something like this:

NA DNS Servers
service.domain.local
web01.service.domain.local -> 10.10.10.200

EU DNS Servers
service.domain.local
web01.service.domain.local -> 10.200.200.200

So the clients connecting to web01.service.domain.local would pickup the service's local IP off thier default dns servers. You can have them replicate inside the EU and NA but don't have the zone replicate between the EU and NA.

From Zypher
Does the solution have to be done through DNS? If not, this sounds like a perfect candidate for IP Anycast. See this question for more detail, but in a nutshell, it is a network architecture that allows you to advertise the same IP address from multiple locations, with clients routing to the 'closest' (from a network cost perspective) instance of the IP. This way, you can simply have a global VIP (Virtual IP) for your DNS records to point to.

From Murali Suriar
As a previous answer states, BIND's Views look like what you want. It allows a name server to present different configurations of the same name server to groups of clients which you define.

The groups can be defined via individual IP addresses or prefixes (like 10.10.1.192/26). Hopefully, your EU and American hosts can be distinguished this way.

Nice side benefit: your two servers can be (almost) identically configured, BIND-wise, and thus can act as each other's failover.

A good way to think of Views is that it is a DNS server's version of virtualization. Sort of.

BIND can be obtained at www.isc.org for free.

From Allen

Anything to share a printer from 32-bit to 64-bit Windows?

I've got a printer which only has 32-bit drivers, so it's installed on a 32-bit machine (XP). I need it to appear as a printer (with duplex control etc) on a 64-bit machine (Vista).

I can't just share it using Windows printer sharing because the 64-bit client requires drivers to connect to it.
There's no 64-bit driver for a similar printer that works (using the new port named \\server\printername).

I've tried the ghostscript approach but that doesn't seem to help with the duplex control etc.

Printeranywhere doesn't support 64-bit OS yet.

Is there another way to do this?

From serverfault marklam

The problem you have is that to get duplexing and other features, you need to use the native features of the print driver. Things like ghostscript will get you the basic printing features, but to get more advanced features, you really need a proper driver for the printer.

Kevin Kuphal : This is correct. Nothing is going to get you around the fact that there are not Vista 64-bit drivers for your printer. You are left only with the option to use "similar" print drivers that may be able to talk to your printer but you're likely to be missing model specific features.

From Sam Cogan
Is it a PCL5 printer? If so, I've had success with the HP Universal PCL5 driver (on HP's website) even on non-HP printers.

HP driver

marklam : It's a Canon LBP5100. No 64-bit Windows drivers, and the drivers for the models which have 64-bit support won't talk to the 5100.

Richard Gadsden : I've just put a link up to the driver - I'd try these HP drivers, they work with most PCL5 printers (which the Canon LBP5100 is).

marklam : According to Canon, the LBP5100 is CAPT not PCL. I couldn't connect to the shared printer using the x64 driver on the 64-bit machine. I tried installing the x86 HP PCL driver on the 32-bit machine so I could share it to the 64, but it said the printer wasn't a supported HP device.

Richard Gadsden : OK, that's not going to work then. Shame.

From Richard Gadsden
Got the same problem with XP 64-bit and LBP-5000 printer. Contacted Canon and they just suggested the 5050 printer which apparently supports Vista x64. Really disappointed with Canon, this is not proper customer care, Today memory prices are ultra cheap so you really need a 64bit OS for your system to take advantage of the extra RAM.

Releasing any hardware without 64bit drivers is... how can I put it nicely... just plain dumb! Most manufacturers are trying to cater for their customers by releasing 64-bit drivers for their legacy hardware, and here we've got Canon, one of the leading peripheral manufacturers releasing new stuff, with only 32-bit support.

I mean, come on, producing the drivers is almost a no cost for them and if you check the net you'll see complaints everywhere. They are losing customers like no tomorrow because of this issue. I myself won't be buying anything from them again, unless they do something to satisfy their customers.

marklam : We hooked the printer up to a 32-bit XP machine and followed the instructions here: http://www.stat.tamu.edu/~henrik/GSPSprinter/GSPSprinter.html to share the printer as PostScript. (It didn't get us the duplexing etc - we bought a Xerox which had 64-bit drivers.)

From $pageUsers[$post.author].name
I bought a Canon LBP-3500 (we wanted A3 laser and options were limited) last week with the expectation that 64 bit drivers wouldn't be a problem given that 64 bit Windows has been around for so long. I was very rudely surprised. I also eventually succumbed to the GhostScript / Redmon method of sharing the printer.

Technically that did work, but unfortunately the speed of printing A3 drawings through GhostScript and RedMon over the network was so slow (several minutes before the printer on the client PC acknowledges that the file has been printer), we decided to uninstall 64 bit Vista and go back to 32 bit.

This is the 2nd time I've had problems with Canon over drive issues, the first was with the ip5200r, the r indicating a LAN connection...and there were always problems setting the LAN connection up. I don't think I'll buy Canon printers anymore.

From $pageUsers[$post.author].name

Easiest way to email file via command line in *nix?

What is the easiest - and preferably most portable - command I can use to email a single file as an attachment a *nix shell?

From serverfault Yuval A

Assuming it's a binary attachment:

uuencode [filename] [filename] | mail -s [subject] [recipient address]

You don't need to bother with the UUencoding if it's just a text file, eg:

mail -s [subject] [recipient address] < [filename]

Most *NIXes have mail and uuencode, so this should work pretty much anywhere.

Yuval A : How about if I want the text file as an attachment, and not in the message body?

RainyRat : It depends - I don't think plain GNU mail can do that, so you'll need to use an actual mail client; pine, mutt, or something similar. Which of these are available to you depends on which ones your systems have installed. Using mutt, Gavin's answer (below) will work just fine.

Yuval A : Pine is good! Can I use it via command line with using the textual GUI?

RainyRat : I think that's do-able. Have a look at http://staff.washington.edu/chappa/pine/info/outgoing.html for more.

From RainyRat
Using mutt, you can:

mutt -z -a <file> -s <subject> user@example.com

Or, if you don't want to type a body:

mutt -z -a <file> -s <subject> user@example.com < /dev/null

Yuval A : mutt is not available on my systems, thanks anyways

Gavin McTaggart : I think you are going to find that this is going to be a toss-up between what is easy and what is portable. mailx is portable, but not necessarily easy. As RainyRat mentions, I think you are going to have to go with a full MUA, and run it from the command-line.

From Gavin McTaggart
echo "Email body text" | mail -s "Subject of email" -a file.to.attach.txt my@email.com

Yuval A : mail: illegal option -- a

niXar : note that this is a mailx feature, make sure that particular package is installed

From Neobyte
I can't add a comment, but..
- The answers to this are going to depend very much upon which, if any, derivative of mailx you have available.
- Although the file should be displayed without any problems by the receiving MUA, piping from uuencode won't technically produce an email with an attachment. Take a look at the source of the email you receive to see why.
Gavin McTaggart : +1 for truth. I didn't even realise there was a version of mailx that could send attachments (mine certainly doesn't). You are also correct about the manual uudecoding required with the uuencode -> mail pipeline.

From Dan Carley
Some years ago, I wrote a shell script which did just that. It was called binmail.sh. It used a base64 encoder (many source codes can be found with google) and built attachments according to RFC1521.

From mouviciel
If you want absolute portability you can telnet into your mail server on port 25 and issue SMTP commands directly. They're not too hard, and it should be very scriptable.

hark : You could also write your own SMTP server.

From mh
A quick Google turned up this page, which describes a variety of ways to attach files using a variety of applications. A couple of the more prevalent ones --
- uuenc8de to make an inline "attachment".
- metamail -f file-to-attach -m mime-type
- mpack -c mime-type file-to-attach
- mutt -a file-to-attach
- Elm -A file-to-attach
Additionally, it has links to a couple of shell scripts and a Perl script to craft and send the message, which will probably be more to your liking.

From hark
"sendEmail is a lightweight, command line SMTP email client. If you have the need to send email from a command line, this free program is perfect: simple to use and feature rich. It was designed to be used in bash scripts, batch files, Perl programs and web sites, but is quite adaptable and will likely meet your requirements. SendEmail is written in Perl and is unique in that it requires NO MODULES. It has an intuitive and flexible set of command-line options, making it very easy to learn and use. [Supported Platforms: Linux, BSD, OS X, Windows 98, Windows NT, Windows 2000, & Windows XP]"

I've used it before and really liked it. You can attach files with the -a option.

Topher Fangio : +1 - This was perfect for what I need as it's easy and still actively being maintained! If you're on a Debian system, you can just `aptitude install sendemail`. Note that the command gets installed as `sendEmail` with a capital 'E'.

Clinton Blackmore : Actually, the tarball contains a perl script and a couple of documents. You can just download it, extract it, and run it (provided your system has perl). Glad you like it, though.

From Clinton Blackmore
Or if you have python available, it'll take only few lines, such as listed here: Sending attachments in python

From slovon

Cheap, silent and not power greedy server.

Hello,

I am going to buy a home server. For some database, file storage, backups etc. Maybe in future I'll put some Java server (like glassfish) there.

I want it to be cheap, silent and not consuming much power. 1 Gbit ethernet would be nice too. I was thinking about fit pc (http://fit-pc2.com/) but it's quite expensive.

What would you recommend?

From serverfault amorfis

Wow, that's pricey. You could build your own Intel Atom based "server" from cheap parts off of Newegg or another site. I priced out an Atom 330 dual core system there with decent specs for around $200-250 depending on HDD size.

If you want something prebuilt, I'd check out Nvidia's ION platform, though I think only Acer has out an ION based desktop. ION is essentially Intel's Atom with a nicer chipset and better graphics.

From skitzot
I'd recommend getting a Poweredge 440 from eBay. If you can get one with warranty so much the better, but I've had no problems with the dozen 440s I've got, so the warranty isn't essential. My own home server is a 440 with a Perc5/i and 4 1TB SATA disks as a RAID5, and it's the quietest server I've heard. It's quieter than the Precision 390 workstation I'm typing this on. And they're cheap. Expect to pay under £200 (about $300) for a good condition one. The 440 has a single GHz NIC and mine uses under 100W so it's cheap to run.

Possible cons: they take a maximum of 4GB RAM. If you need more than this look for a T100 instead. Also because of the way Dell position the disks you need T adapters for the SATA leads to the disks.

JR

From John Rennie
Perhaps you could give Ebay a try. With redundant power supplies and scsi hard-drives, you can really get some serious hardware for a good price, with a little luck.

Berzemus : Could get greedy though.. 300-800 watts are not uncommon..

From Berzemus
For some database, file storage, backups etc

Maybe a HP MediaSmart Server? It runs Windows so I don't know about installing a Java server. But it's proper for backup and file storage.

As for me, I prefer to assemble computers myself (except for rack-mount servers). You know what you want, so you can make a system exactly for your tasks. It's not too hard to select and buy proper hardware and it's variety is great - big cases, silent PSUs and fans etc - for almost any budget. And you can install any OS and software you want. So this is an option I'd go with.

Server Horror : I wouldn't recommend this piece of hardware it is very limited if you'd like to play around with other OSs than WHS. I keep hearing nice things about it as a pure storage box in pure Windows Home Networks thou

From Slava I.
ASUS has similar line of products, called Nova.

I was considering getting either Nova P22. But then I thought that I'd be better off with something slightly bigger, but using normal desktop components and packing more punch, such as ASUS' P4 barebone.

From vartec
Amazon S3 and/or EC2. You can't get any quieter than packets flowing over your cable modem.

Server Horror : But not exactly cheap. 30 days * 24 hours * 0.10 USD = 72 USD = 51 EUR = 510 EUR /year, a cheap "dev" server will last 2 - 3 years so thats 1000 - 1500 EUR. **Persistent storage not included** EU Instances are 0.11 EUR/hour so even more expensive...

ldigas : Depends on the noise of the modem :-)

From Michael Cramer
I found one of my friends wants to sell his VIA Epia server, so I'll buy it :) It's quite old, but enough for me. It is very cheap (about 50$), silent (one fan - I'd prefer no fans at all, but I'll be ok with one) and quite economical (about 25-30 Watts). 100W is still too much (fitpc consumes about 8W when it is 100% utilized - that's why I was interested in it).

Thanks for your answers anyway!

From amorfis
Personally I'd get something from pcengines.ch a CF Card and a USB disk with it. These boxes have no VGA. Personally I find the easiest way to install is with tftpd end netbooting, very easy with debian. Just fire up a minicom and connect to it.

If you really need more power go with an Atom board. There should be some cheap nettop out there to get up and running

From Server Horror
Please see my question about Intel Atom 330, a cheapo dual core processor that comes with Intel mobo (by cheap I mean 80 bucks) - http://serverfault.com/questions/24231/intel-atom-330-as-a-server-machine

Intel Atoms are designed for netbook use, have really low power requirements - http://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors#Atom_300_series_.28dual-core.29

However, I've heard the default FAN ain't that silent. You could easily fix that by fitting an after market one.

From Karolis T.
Logic Supply has a huge range of inexpensive, small and quite boxes.

From Jim Blizard
There's a plug computer called the sheeva plug that might do what you're looking for. It runs a linux-based OS on an ARM processor at 5 watts of power, and has a USB interface for peripherals. This might be underpowered for what you have planned, but it's dirt cheap ($99).

Marvell's Sheevaplug website

From Babu
The mac mini draws 17Watts when idle, if you want something cheaper how about Asus Eee Box B202 for £200

SPECIFICATIONS: 1.6GHz Intel Atom N270, 1GB DDR2 RAM, 80GB hard disk, Intel GMA 950 graphics, 802.11bg+draft-N, Gigabit Ethernet, 4 x USB, DVI (max resolution 1,600 x 1,200), MMC/SD/MS card reader, Windows XP Home, 16 x 178 x 223mm (without stand), kg, 2yr C&R warranty

From James

Naming Conventions

How do you decide on a new hostname?

From serverfault Mez

For servers, I like the standard currently used at my office <3 letter location code>-<2 digit incrementing number to avoid duplicate names>

An example would be: PHOU-DMOSQL01
- Physical
- Houstonm
- Demo Environment
- SQL Server
- 01
For Desktops/Laptops I usually use a type designator and the user's name (assuming machines are assigned to a specific user) (LT|DT)- for instance my laptop is LT-KCOLBY

Matt Simmons : I like this scheme, but oh my GOD did my users complain when I tried to add a dash to my host name scheme. For weeks they complained until I switched to one that didn't make them move their fingers from the home row. Gah!

Kevin Colby : It provides a nice visual separator for servers. For Desktops/Laptops I usually use a type designator (LT|DT)- for instance my laptop is LT-KCOLBY I suppose you could ditch the - and make it LTKCOLBY without issue.

g. : If you have alphabet soup names that can't be pronounced, how do you talk about them with colleagues?

Kevin Colby : Surprisingly easily as it's not as much alphabet soup as you would expect. Demo SQL 1 is usually how the mentioned machine is referred to in the office. It also describes what the machine does to some extent which helps with discoverability.

From Kevin Colby
My friend uses names of celtic gods. My company uses names of wild animals for terminals and drug names for servers. I use names from Tolkiens Silmarillion.

: that's funny. the first thing I do is remove all nouns from Tolkien/Star Trek/etc. from contention. And anyone who suggests them gets clicked down. Then I use something that makes business sense (like Kevin Colby above)

From Alakdae
There are a number of existing questions about this Subject
- A good hostname convention for few servers with many different services?
- What are the most manageable and interesting server naming schemes being used?
From Sam Cogan
Lovecraftian Great Old Ones and Outer Gods.

From raspi
We have a similar system to colby.
1. Airport code or other unique 3 letter abbreviation
2. vm if it is virtual
3. cl if it is a cluster
4. function
5. unique number
6. and optionally a -n1,2,... if it is a cluster memeber
so PHLVMCLDEV01 would be the first development cluster in Philadelphia and it's nodes are virutal

it would consist of PHLVMDEV01-N1 and PHLVMDEV01-N2, etc

From Zypher
The real answer is that there is no answer.

I tried a number of conventions for both server and computer names. My conclusion is that the name itself is meaningless, as long as you have a readily available, easily and non-consequentially modifiable description field.

Therefore, my take on this is - go nuts. Fantasy heroes, StarWars icons, mythology - whatever suits your fancy and has enough scope to include all your existing hosts and expansions. (and doesn't tick off your management's often-lacking sense of humor, bosses can be picky about a server named "pointyhaireddimwit" :)).

RainyRat : Very true. My boss has spent years actively resisting my beautiful Star Wars/X-Men/Iain M. Banks naming conventions, so I've had to limit myself to vindictive comments in config files instead.

gbjbaanb : "vindictive comments in config" is surely a Culture warship name :)

From V. Romanov
We currently use a mixture of a frivious naming scheme (London Underground stations) and functional names. The latter happened when it started becoming tricky to remember which 11 servers were in the webserver cluster. Remembering victoria, euston, paddington, oval, cockfosters, angel, bank etc is a little harder than w000, w001, w002 etc.

From David Pashley
Great list of network and server naming schemes.

From Maciej Delmanowski
We have tried two flavors of server naming conventions for our mid-size intity:
- "Location"-"Server Type"-"Number":
  - "Main-DB-01"
  - "Main-FW-01"
  - "Wing2-FS-01"
  - "Wing2-FS-02", etc..
AND
- City Names:
  - "NewYork"
  - "Miami"
  - "Portland"
  - "Seattle", etc..
Out of these two conventions, 80% of the techs (including myself) like the City name convention more than the "Loc-Serv-#" one.

From l0c0b0x
There was an excellent Slashdot thread about this a while back:
http://ask.slashdot.org/story/08/07/06/2014237/Best-DNS-Naming-Scheme-For-SmallMedium-Businesses?art_pos=1

From Matt Simmons
It should probably be noted that RFC 1178 is devoted to this topic:
http://www.faqs.org/rfcs/rfc1178.html

(even if I disagree with a lot of it, and much in there is out of date).

From Matt Simmons
Depends very much on the environment you work in.

First and foremost - drop any references to (pop-)culture, stick with meaningful & descriptive names.

You might know that "zeus" is the proxy server, because you installed it. But any future colleague would pretty much like to refer to the server by what it does, not what his given name is.

If you accept that, I'd suggest you do a brainstorming session and write down what different kinds of networked entities ("hosts") you have, how they can be grouped together and what information is important enough to get encoded in the hostname. Your naming convention should be able to unambigiously name all existing devices and give an user a rough idea of what the host does. Be sure to leave enough room for growth to adapt to future developments, so that you don't need to throw your naming convention over board in a few months.

Document your naming convention (not only how, but why), make sure that everybody who needs to work with it on a regular basis understands how it's laid out, be open to comments/suggestions and don't tout it as a holy grail, adapt it when needed.

Example

As food for thought, here's the schema we used at one of my former employers:

Web service provider, doing development and operations for web projects. Mostly LAMP-stuff, although on a larger scale (size of projects, not quantity).

For physical devices:

<SITE>-<RACK>-<DEVICE>.in.<DOMAIN>.<TLD>
- SITE was an unique site identifier, mostly three letters
- RACK was an identifier either assigned by us or taken over from the hosting facility, should be able to uniquely identify the rack at SITE
- DEVICE was a "device class" with a counter after it, e.g. vnodeXX for OpenVZ nodes, swge for Gigabit switches, etc.
- DOMAIN/TLD was the domain of the owner of the given devices.
For logical entities:

Logical entities might be anything that has an IP address which wasn't strongly coupled to a given physical device/location. This was mostly IP addresses of guest OS (OpenVZ or ESX in our case)..

<PROJECT>-<ENVIRONMENT>-<SERVICE>.in.<DOMAIN>.<TLD>
- PROJECT was a project identifier, which grouped the various services of a project together.
- ENVIRONMENT could be production, staging or development, 4-letter-abbrevation
- SERVICE was relatively freeform, though the common cases were standardized, like web, db, mailout, etc.
- DOMAIN was the primary domain of the project in question.
For IP-addresses:

All of our services were only reachable from a private network, we had NAT and/or load balancers with "Service IP-addresses" which were used by internet facing hosts to access our services. For those we used something like this:

<PROJECT>-<ENVIRONMENT>-vip-<IDENTIFIER>.<DOMAIN>.<TLD>
- IDENTIFIER was something that uniquely identified the use for the IP address, e.g. an address which was used exclusively as the Web VirtualHost for the projects german domain might be called "wwwde".
Summing it up

The naming convention worked fine for us, some (like - our developers ;) ) might call it overblown. Keep in mind that it is completely overblown if you only maintain a single site and have servers which are assigned to a single project. But for us it fulfilled a few very important things.

When dealing with a hostname of a logical entity we always knew:
- Which project was involved:
  The various projects were of varying importance with different responsible development teams. A quick glance at the hostname told you how you need to prioritize tasks and whom you need to ask on management/development side
- What environment the host was in:
  Issues in development environments cause slowdowns for the developers. Problems in staging environments cause pain for testers and can jeopardize product presentations. And if something is affected in production, the company looses money.
- What subsystem is affected:
  Mail spoolers, batch workers, etc. weren't that important, but if web- or database servers are down things get dirty pretty fast.
And for physical devices the exact location was always deducible from the hostname.

The weak coupling between physical devices and logical servers might be a turn-off for some people (e.g. how do I know what projects are going to be affected when I pull the plug of switch x/server y), but this was a must in our environment since our projects had a high turn-around-rate and more often than not we didn't even know what projects were going to be hosted on fresh hardware we just provisioned.

David Mackintosh : For networking gear I agree -- what it is, where it is, and what it does, plus a serial number is the way to go. For servers, I disagree. Servers should have anonymous names, with services (like "mail" or "sql" or "www") aliased to those names. That way when the services are moved from one server to another, only the alias moves. You don't end up with a server named "backup" that is no longer the backup server, but can't move because of a SQL database that is installed on it.

Michael Renner : Since we used either OpenVZ or VMware ESX on all of our _physical_ servers, those had according names. The few machines without hypervisor we had, had very specific hardware catered for a single task. E.g. the backup machine had room for 16 3.5" disks and would be reinstalled if it were to be repurposed, and this would've included assigning a new hostname. And the virtual servers all had very specific hostnames and often served only a single service/task (which was reflected by the hostname).

Matt : Document, document, document! That can't be said enough. At my current employer there are four naming standards in place, although nobody is quite certain when each should be used (because they forgot why they were created) so its now mayhem.

From Michael Renner
I use unique names to describe unique machines. For instance in my current project, 200+ servers, I used the list of star names from Wikipedia. The reasoning is that actual names have more redundancy than super compact indices, such as srv-05-92. It's important for one thing: it affords a small error rate when transcribing, typing or talking over the phone in a loud server room.

Descriptive information is stored in TXT fields in the DNS, so are Mac addresses and so on. You can also request the name based on the mac address:
```
$ host 00-12-34-56-78.mac.fr.dom
00-12-34-56-78.mac.fr.dom is an alias for arcturus.eqx.vl304.fr.dom
arcturus.eqx.vl304.fr.its has address 10.21.4.30
```
One thing you absolutely want to avoid is to name the machines according to their function. This is going to bite you in the ass sooner or later. Just use aliases (CNAME or additionnal A records) for that purpose.

Note: This is all generated with an XSLT from a custom XML file:
```
<?xml version="1.0" standalone="yes"?>
<domain suffix="dom" xmlns:h="http://www.w3.org/1999/xhtml">
  <vlans>
     <vlan name="vl304" value="4" />
  </vlans>
  <country code="fr" prefix="10.21">
     <datacenter name="eqx" desc="Equinix">
        <host name="arcturus" lso="30">
          <vlan name="vl300" if="eth0" mac="00:12:34:56:78" />
          <txt type="loc">rack 5</txt>
          <txt type="sn">99A0632</txt>
          <txt type="model">xSeries x3350</txt>
          <doc>Load balancer</doc>
          <rsa ip="192.168.101.30" />
          <role type="loadbalancer1" />
        </host>
     </datacenter>
   </country>
</domain>
```
Several aliases are generated:
- arcturus.eqx.vl306.fr.dom (canonical name)
- arcturus.vl306.fr.dom
- arcturus.fr.dom
- 00-12-34-56-78.mac.fr.dom
- arcturus-rsa.fr.dom
- loadbalancer1.eqx.vl306.fr.dom
- loadbalancer1.vl306.fr.dom
- loadbalancer1.fr.dom
... as well as a number of TXT records

niXar : Trivial trivia: be careful with the list you pick. I once used the list of Mediterranean islands and only later realized that the Greek archipelago included "Lesbos."

g. : What is wrong with Lesbos?

From niXar
There is no "good" answer to this question:
- in my current job, I manage a small set of servers (10/15) but have a lot of appliances located at our customers. We use names of island for our offshore servers, names of Canadian provinces for our internal servers and name of Canadian cities for the workstations (yes, my boss is from Canada). The appliances have a generic name that include the customer number.
- I used to work for a bigger international firm with a lot of server (around 3k). Each server was dedicated to his task and was in a cluster. The host name included the country (Uk, Be, NL) the server role (DC, SQL), the Datacenter in which the server was stored and the rank in the cluster. We also include the environement (Production, Development, Test) because every environement was enclosed and could not interact with each others.
- In my previous job, I was working for a bank with something like 100k servers. The host name included the city where the server was located, the name, version and editor of the Operating System, the hardware platform (i386, ..) and the number of the server on 5 digit.
If your servers are clustered, you may need to identify the others members of the cluster to be able to switch on them. If your server are multi-role, there's no way you can have their roles as part of the name... In fact your hostnames must contain informations that are valuable for you and the people that will work on a computer breakdown.

From Benoit
Naming servers based on location and/or function can lead to security problems. If you publish your DNS externally you are giving the bad guys a map of where all the good stuff is. Security through obscurity is not something to rely on but I wouldn't make it easy for the script kiddies.

Also you don't need to describe all the details of the device in the hostname. Instead use the hostname as a key into your configuration management database. (You can buy a CMDB, use open source solutions, or refer to an excel spreadsheet).

Personally I like device names that are:
1. Short
2. Easy to spell
3. Funny
Example: We used to call one of our backup servers - sloth.

Unfortunately, this only works for smaller sites. If you manage larger installations you are going to want the clearest naming convention possible so that all of your staff can quickly and easily identify what all these hosts do. In this case will probably want to implement split DNS so that you are not advertising all these hostnames in the wild.

If your internal naming convention is private then it really doesn't matter what kind of harebrained naming scheme you use. But here is an idea. Get the technical leads from your support staff and ask them if they have any suggestions. It will make them feel important.

Tim Abell : "Get the technical leads from your support staff and ask them if they have any suggestions. It will make them feel important." Condescending! They might also have useful input too :-)

From KevinRae
I can't believe you guys really have all these long and complicated names. Do you type it all the time? Do you know how much information you are leaking (including location of the physical servers???).

The approach we use is to give simple names to the servers based on cartoons, movies, etc. Internally we keep a database linking the funny names to their locations, purposes, etc.

*With all these longs hostnames it is easy to remember the ips instead :)

From sucuri
At my previous job, I named all of the workstations/servers in a new build after Star Wars planets/moons - Tatooine, Hoth, Endor, Dantooine etc. At my current job, the local servers/workstations were named after Star Wars characters, but are slowly being phased out to more generic names. In our production environment, servers are named after characters in Greek Mythology.

At home, all of my physical/virtual servers are named after their use - fileserver, mailserver, ftpserver, webserver, mssqlserver etc. However, this is now proving difficult as I'm building additional webservers. I'm contemplating moving over to the naming convention of my previous job, for nostalgic reasons.

From Lazlow

Friday, January 28, 2011

Example

Summing it up

Blog Archive