Wednesday, June 15, 2011

Don't be a hypocrite! - One of my favorite gospel in the Holy Bible

Holy Gospel of Jesus Christ according to Saint Matthew 6:1-6.16-18.
Jesus said to his disciples: «Take care not to perform righteous deeds in order that people may see them; otherwise, you will have no recompense from your heavenly Father.
When you give alms, do not blow a trumpet before you, as the hypocrites do in the synagogues and in the streets to win the praise of others. Amen, I say to you, they have received their reward.
But when you give alms, do not let your left hand know what your right is doing,
so that your almsgiving may be secret. And your Father who sees in secret will repay you.
When you pray, do not be like the hypocrites, who love to stand and pray in the synagogues and on street corners so that others may see them. Amen, I say to you, they have received their reward.
But when you pray, go to your inner room, close the door, and pray to your Father in secret. And your Father who sees in secret will repay you.
When you fast, do not look gloomy like the hypocrites. They neglect their appearance, so that they may appear to others to be fasting. Amen, I say to you, they have received their reward.
But when you fast, anoint your head and wash your face,
so that you may not appear to be fasting, except to your Father who is hidden. And your Father who sees what is hidden will repay you. 



Commentary of the day :

Saint Augustine (354-430), Bishop of Hippo (North Africa) and Doctor of the Church
Sermon 150

Fasting, prayer, almsgiving
The Epicureans, who did not hope for any life beyond the grave and only knew the pleasures of the flesh, held to this expression: «Let us eat and drink for tomorrow we die» (1Cor 15,32)... But Christians, for whom another and happier life is to begin after death, should keep well away of saying such things. In fact, bear in mind this truth: «Tomorrow we die», but continue: «Let us fast and pray for death may come tomorrow.»

However, I require yet something else, a third condition, and I don't want to pass over in silence what we should observe above everything else: let your fasting serve to satisfy the hunger of the poor. If you cannot fast then set yourself all the more to feeding the one whose satisfied hunger will win you pardon. So this is what Christians should be saying: «Let us fast and pray, let us give to the poor, for tomorrow we die.»



Tuesday, June 14, 2011

Eucalyptus - cannot find nodes

Previously, we just have bought a cool machines supposedly to be setup as Node Controllers for our cloud master machine (running Walrus Controller, Cloud Controller, Storage Controller, and Cluster Controller).

The current setup we have is,

SERVER1 - Cloud master running i3 with 12GB of memory
SERVER2 and SERVER3 - running i7 3.0 with 16GB of memory

With our setup, our ideal result must have 62 available instances to be run inside the cloud, however, due to the inconsistency we found (check this http://open.eucalyptus.com/wiki/EucalyptusKnownBugs_v1.5.2) with the problem with cloud master against NC's, issuing the command


#> euca-describe-availability-zones verbose


AVAILABILITYZONE kinten-cloud 122.2.1.4
AVAILABILITYZONE |- vm types free / max   cpu   ram  disk
AVAILABILITYZONE |- m1.small 0031 / 0031   1    512    10
AVAILABILITYZONE |- c1.medium 0015 / 0015   1   1024    15
AVAILABILITYZONE |- m1.large 0007 / 0007   2   2048    20
AVAILABILITYZONE |- m1.xlarge 0003 / 0003   4   4096    30
AVAILABILITYZONE |- c1.xlarge 0001 / 0001   8   8192    40

which the result is not correct. It only able to see one NC (node controller). So fixing this, I tried to look on axis2c.log under /var/log/eucalyptus directory, and I see the errors below


[Tue Jun 14 06:04:40 2011] [error] rampart_timestamp_token.c(179) [rampart]Timestamp not valid: Created time is not valid
[Tue Jun 14 06:04:40 2011] [error] error.c(94) OXS ERROR [euca_axis.c:364 in verify_node] element failed , Validation failed for Timestamp with ID = #SigID-232793f0-9609-1e01-3638
[Tue Jun 14 06:04:40 2011] [error] euca_axis.c(322) [rampart][eucalyptus-verify] "Failed to verify location of signed elements!"
[Tue Jun 14 06:04:40 2011] [error] rampart_engine.c(159) [rampart][rampart_engine] Cannot get saved rampart_context
[Tue Jun 14 06:04:40 2011] [error] rampart_out_handler.c(136) [rampart][rampart_out_handler] ramaprt_context creation failed.
[Tue Jun 14 06:04:40 2011] [error] phase.c(233) Handler RampartOutHandler invoke failed within phase MessageOut
[Tue Jun 14 06:04:40 2011] [error] engine.c(696) Invoking phase MessageOut failed


This has to be the problem of ntp which the cloud master and the NC weren't sync at all. To fix this, I issued

#> ntpdate 192.168.1.1

where 192.168.1.1 is the IP of the cloud master inside the private network (server1, server2 and server3).  IP 122.2.1.4 is within the LAN.

Before running ntpdate, make sure that your ntp daemon is not running, else you can do 

#> /etc/init.d/ntp restart

be sure you have properly edited /etc/ntp.conf and have your server added there. Mine its

server 192.168.1.1

After all, I have working nodes found.

#> euca-describe-availability-zones verbose
AVAILABILITYZONE kinten-cloud 122.2.1.4
AVAILABILITYZONE |- vm types free / max   cpu   ram  disk
AVAILABILITYZONE |- m1.small 0062 / 0062   1    512    10
AVAILABILITYZONE |- c1.medium 0030 / 0030   1   1024    15
AVAILABILITYZONE |- m1.large 0014 / 0014   2   2048    20
AVAILABILITYZONE |- m1.xlarge 0006 / 0006   4   4096    30
AVAILABILITYZONE |- c1.xlarge 0002 / 0002   8   8192    40



Hope this will fix in your end.


Eucalyptus - authorizing a port

To authorize a port in Eucalyptus from the running instance, issue this command

euca-authorize -P tcp -p 22 -s 0.0.0.0/0 default

Monday, June 13, 2011

IP Masquerading - To share internet connection within a private network

So I have this setup,

SERVER1 - This connects to the LAN/Internet connection

SERVER2 and SERVER3 is connected to SERVER1, where SERVER1 is acting their gateway.

So SERVER1 is using CLASS A IP Address, using 10.0.2.45

while SERVER2 and SERVER3 is using CLASS C, having SERVER2 as 192.168.10.2 and SERVER3 as 192.168.10.3 and SERVER1 as their gateway using 192.168.10.1 IP.

Server3 has 2 interfaces, one connects to the LAN and one connects to the private network of SERVER2 and SERVER3.

So to achieve SERVER2 and SERVER3 must have internet connection,
first in SERVER1, login as root and then check if the ip forwarding is enabled by,

$> cat /proc/sys/net/ipv4/ip_forward


if the result is 1, leave it behind, else,

$> echo "1" > /proc/sys/net/ipv4/ip_forward

then, do

$> iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

I'm not going to explain fully what does the command do, you can check this by doing "man iptables".
So the "-o eth2", this is the interface that is dedicated to the LAN/internet connection. Since SERVER1 has two interfaces (namely eth0, and eth2), the eth0 is connected to SERVER2 and SERVER3 machines. So here, you should use the interface that has the internet connection to share.

Now in SERVER2 and SERVER3,
edit first /etc/resolv.conf and add the DNS that SERVER1 is using. Currently, I have SERVER1 dns to 10.0.2.1 so edit and add the line below,

nameserver 10.0.2.1

then save /etc/resolv.conf.

Now, ping google.com, hopefully this works in your end.


You can also add 8.8.8.8 which is a free DNS used by Google.

Hope this helps.