Jan-Piet Mens

I was delighted to receive a copy of The Definitive Guide to SUSE Linux Enterprise Server by Sander van Vugt, because of two things: first of all, I greatly enjoyed another book by the same author (Pro Novell Open Enterprise Server), and second I'm feverishly working on a project which will ultimately be based on SLES 10.

The book's subtitle says Everything you need to know to install, configure, and administer Novell's SUSE Linux Enterprise Server Platform, and that would appear to be true. After a good introduction and the ubiquitous Finding your way on the command line, van Vugt dives right into administration of the
system (users, permissions, file system, storage, software, processes and logging), and those twelve chapters are followed by networking, printing, file sharing, mail (with Postfix), OpenLDAP, Network Time Protocol (NTP), Apache, DNS & DHCP and even the Squid web proxy cache. I cannot think of anything missing there!

In Part 4, the reader learns about clustering with HeartBeat and shared storage including a good overview of DRBD, the Distributed Replicated Block Device, and iSCSI. Individual chapters are dedicated to the SUSE Firewall, as well as to XEN virtualization software included in SLES 10.

The chapter on Service Location Protocol wasn't deep enough for me as it is a bit too much of a tutorial, but Creating an Installation Server more than made up for that.

This is a must read book for anybody who is considering to deploy SLES 10; it belongs on the desk of every administrator.

Apress have posted chapter 2 Exploring SUSE Linux Enterprise Server up for reading, and the full table of contents is here.

I can smell it coming.

<sarcasm mode="on">

Let us rid ourselves of all that OpenLDAP stuff and implement Microsoft Active Directory instead; if others do it, we can't go wrong can we? And while we are at it, who needs Lotus Domino? Let us use Microsoft Exchange with Microsoft Office. Oh, and Linux? Nah!

</sarcasm>

I'm not religious, but now is the time to say a small prayer…

I spend a good part of my time ensuring that whatever services we offer will be up and running 24/7. Be it an Exim cluster, a failsafe BlackBerry Enterprise Server, MySQL on DRBD, multiple DNS servers, LDAP directory servers, you name it: whatever services we offer are very hard to kill.

Then comes some twerp and pulls the cord on a couple of routers and a huge stack of switches. And the result? The whole pile of services comes crashing down.

We've been running DRBD, the Distributed Replicated Block Device on two pairs of machines for over six months now, without a single glitch. As predicted, the support contract was unnecessary.

The first cluster (for which the contract was purchased) runs a couple of mail servers, with Exim, Dovecot and OpenLDAP on them and has been up and running since January. The second cluster was acquired a couple of months later and hosts some busy MySQL servers on it

I am extremely satisfied with the results so far. Only one small SNAFU that happened yesterday whilst relocating half an e-mail cluster to a 45km distant data center: it appears that several files are missing. Three users complained of messages not having arrived…

I'm still investigating, but it appears that (if at all), the situation was caused by human operator error in getting the two DRBD halves back together.

We've had very good experiences with DRBD, the Distributed Replicated Block Device which we've had running on a pair of machines for a couple of months now. So good in fact, that we invested in another pair of machines to run a similar setup for a good number of MySQL databases used internally.

I have just completed the migration of those databases to the new servers, tweaking quite a number of Perl & PHP programs to connect to the new environment. All subsystems appear to be running a-ok.

(Well, Michael: are you jealous? )

The mail server for 500 users I mentioned recently is ready to rumble. It runs on CentOS 4.2 and uses DRBD to replicate a 500 Gig file system from a master to a hot-standby machine. These two are crosslinked with Gigabit Ethernet. heartbeat uses that same link as well as a dedicated serial link to ensure timely failover in case the primary system goes down. So far, I am very pleased with both the performance and stability of DRBD indeed.

The wonderful Exim is used as an MTA, and Dovecot provides IMAP services to the clients (I do wish Dovecot would support Maildir quotas soon). For web-based IMAP access, SquirrelMail does the job very nicely, together with some plugins.

The whole system is set up like a kind of mail toaster, meaning that no "real " users live on the system: all is virtual. OpenLDAP handles storage for all objects required for that virtualization (e-mail domains, user objects, preferences, etc.), and it does so very well and fast.

As I said: we are ready to rumble!

The main clients or MUA for our e-mail cluster will be Mozilla Thunderbird and a web based program. I am currently in the process of creating an automated setup for Thunderbird which will allow an end-user to run a small program, enter some credentials and get a user.js file generated and set up in Thunderbird's Profile directory. It is a bit tricky as there may be more than one profile per user, but it ought to be possible.

The profiler (as I'll call it for now) will access a secure HTTP server, submit credentials and retrieve a ready-made user.js with all settings for the IMAP, SMTP and LDAP servers. Unfortunately, the Windows Thunderbird installers don't include required code to use lockPref() in either prefs.js or user.js, but I don't really feel like building my own Thunderbird from source…

As previously reported, we are in the process of setting up a highly-available e-mail cluster for several hundred users. I've already chosen the software (Exim, Dovecot, OpenLDAP and DRBD) and am now in the process of getting the configuration right. Heartbeat is functional and switches the packages over nicely and DRBD does exactly what we want it to.