Cybersecurity
DevOps Cloud
IT Operations Cloud
Disclaimer: This is a work in progress. Jerry Griffis. Novell Inc.
If you are interested in building an iPrint server on OES Linux then this document will help you build a clustered solution identical to the solution that I have built. I recognize that there are many ways to architect a solution. This is only one of the ways you could build an iPrint solution. I architected this solution for many reasons. I wanted a robust, easy solution that did not require an expensive SAN. I also tried to keep things as simple as possible, but still provide the desired service.
Basically I built 2 OES Linux iPrint servers, installed Heartbeat for clustering and used Rsync to keep the driver store in sync.
I took 2 new servers that were identical. Each had one lan card that I was going to use and each have the same amount of ram. I went through the install, chose iPrint server and then added any other item that I wanted, like ncp server etc. I bound 1 ip address to each machine and each had their own dns name.
If you are installing from CD or DVD, go ahead and install "heartbeat" and "rsync" as well. If you are installing from a PXE server or something that is quick and easy, you can install these packages later if you wish.
Once the servers were built I used ssh from my linux desktop to configure the rest. You can do this or sit in front of the two servers, whatever you want to do.
I next thought ahead and reserved a 3rd ip address that I was going to use for the iPrint service and created a dns entry for it. You can use ip addresses or dns.
For this doc we will use the following when we talk about ip addresses.
I next decided which server was going to be my primary server and which one was going to be my failover server. Server A is my primary and Server B is my secondary.
So now I have Server A and Server B, each with their own ip address and each with iPrint. You can put these two servers in their own little tree, or you can insert these servers into an existing tree. I did both. I suggest that when you first build these in your lab that you just create a small tree and put both servers in this small tree.
Now we are ready to configure iPrint on Server A. First we need to manually bind the ip address that we are going to use for the iPrint service to server A.. Here is the command:
# ip addr add xxx.xxx.xxx.xxx dev eth0
Now use the command "ip addr show" to see if the second ip address is bound. Of course you don't need the quotes.
Now start iManager so we can create an iPrint driver store and manager. You should be able to run iManager from Server A by going to https://ServerA_ipaddress/iManager.html If you have iManager on a separate box, then run iManager from there. Using the iPrint plugin, create a driver store and an iPrint manager. Don't put spaces in your names. Upload a few print drivers. While you are in there, create a couple printers as well and associate them to a print driver. Remember to use the ip address or the dns name of the iPrint service 333.333.333.333.
Once these iPrint objects are created you should see that they are running on Server A. Issue the following command to see if any iPrint services are running:
# ps -eaf |grep iprint
You should get the following info back:
iprint 4730 1 0 Feb13 ? 00:00:00 /opt/novell/iprint/bin/ipsmd
iprint 4731 4730 0 Feb13 ? 00:00:02 /opt/novell/iprint/bin/ipsmd
root 4845 4731 0 Feb13 ? 00:00:20 [iprintgw]
iprint 6099 1 0 Feb15 ? 00:00:00 /opt/novell/iprint/bin/idsd
root 11215 2129 0 22:47 pts/0 00:00:00 grep iprint
If not start the driverstore and print manager with these commands:
rcnovell-idsd start (starts driver store)
rcnovell-ipsmd start (starts the print manager)
So you now have an iPrint service running on Server A. Not too hard huh ? Now open up your browser and lets see the status of the service. I use this tool more than any tool to monitor the iPrint service. Go to http://333.333.333.333/psmstatus
Login as the admin. (login is contextless so just "admin") (This is the very same screen you are used to seeing in NetWare when using NORM to view your printers)
Now go to http://333.333.333.333/ipp You should see the list of printers that you can install. Install one or two of them. Print a test page to make sure it prints. If it prints, good. If not go back and figure out what you did wrong.
If you were able to install and print in the previous step, then you are on your way. Now we need to configure server B so we can fail iPrint over and see if it works on that server as well.
Since all the configuration is already done on Server A, we will just copy the config files over to Server B and edit them. I use the scp command to copy files from one server to the other, you can use Norm, or any other method you like to copy the files from Server A to Server B. On Server A, go to the /etc/opt/novell/iprint/conf directory. Copy idsd.conf and the print manager config file to the same directory on Server B. If you named the manager "printmanager" when you created it in iManager, then you will want to copy the file "printmanager.ipsmd.conf over to Server B. To be clear, you are copying 2 config files from Server A to Server B. Edit both files on Server B and replace any reference to Server A, with Server B's ip address or Dns name. This is important, so make sure you get it right. The line you need to change is the "dsserver1 111.111.111.111" line.
If you compare both directories on Server A and Server B, you will notice that the ipsmd.conf file on Server A is a symbolic link to the print manager.ipsmd.conf file. So we need to do the same on Server B. Use this command to create a symbolic link on Server B:
# ln -s printmanager.ipsmd.conf ipsmd.conf
Do a directory listing to ensure that you have the same config files on Server B as you do on Server A. You need to have the idsd.conf, printmanager.ipsmd.conf and now the ipsmd.conf file in the /etc/opt/novell/iprint/conf directory.
Ok, now we are going to manually move the iPrint service from Server A to Server B. We will unbind the ip address, stop the iPrint service on Server A and move it to Server B.
Go to Server A and stop the iPrint service. Here are the commands:
ps -eaf |grep iprint (shows you what iprint service are running)
rcnovell-idsd stop (unloads the driver store)
rcnovell-ipsmd stop (unloads the print manager)
Check to make sure it unloaded by using the "ps -eaf |grep iprint" command. If it unloaded, then you should not see any iPrint service running.
Ok, now lets unbind ip address 333.333.333.333 from Server A. Here are the commands:
ip addr show (shows the ip addresses bound)
ip addr del 333.333.333.333 dev eth0
ip addr show (verify the ip address is no longer bound)
On Server B, bind the ip address: Here are the commands:
ip addr add 333.333.333.333 dev eth0
ip addr show (verify that the ip address is bound)
Before we go on, I need to point out a problem that most will have. We just moved an ip address from one server to the other. Well, if your router arp cache is set to 4 hours, then you will not be able to print for 4 hours. So we need to tell the routers to update their cache so your workstations can talk to the printers. This is called gratuitous arp. You can do this with the following command from Server B:
arping -q -c 3 -A -I eth0 333.333.333.333
This is very important. If your workstations cannot ping the 333.333.333.333 address after you move it from Server A to Server B, you will be stuck and wonder what is going on. Once we prove that this works manually, and configure heartbeat to do all this for us, then we won't have to worry. Heartbeat will update the routers cache for us.
Ok, so you now have the ip address bound and are able to ping it on Server B. Now lets start the iprint service with the following commands:
rcnovell-idsd start
rcnovell-ipsmd start
Again, check to see if the service is running with the following command:
ps -eaf |grep iprint
I also suggest going to http://333.333.333.333/psmstatus and making sure everything is running there as well. If it is, your workstation should be able to talk to the printers and you can print a test page.
Now, move the iPrint service back to Server A, and make sure you are happy with the results. If you are , you now know how to move iPrint from one server to the other. Great, if you want to do it manually, but I prefer to let "heartbeat" move the service for me.
Now we want to configure heartbeat so it can fail the iPrint service from one server to the other. The basic configuration of heartbeat requires 3 config files. I am first going to give you the following url so you can follow the steps needed to configure heartbeat. I will give a general direction and give you my heart beat configuration, but you will need to follow the instructions on the web. http://www.linux-ha.org/GettingStarted
First thing you need to do is install heartbeat on both servers. I did this by using "yast" type "yast" on each server, go into "install software", search for heartbeat and install heartbeat. You might have done this when you first installed the server.
Second thing is to make sure your firewall allows access to the 333.333.333.333 ip address. IF you are not using iptables to restrict access or any other setting to restrict access, you might not need to do this.
Once you have heartbeat installed and you have read the online instructions go to Server A and navigate to the /etc/ha.d directory. There are 3 files we will be working with. The files are ha.cf, haresources and authkeys. I have a very basic configuration of heartbeat. I modified only a couple lines in these files. You can review my files with the default ones. Basically I changed the "node" line to list my 2 servers, the ping line to ping the router ip address in the ha.cf file. In the haresources file I added the node name and the resources I wanted heartbeat to load. I have included a copy of my config files at the end of this document. The haresources file is where I specify what server to be the primary server, what ip address to load and what services to start. I told it Server A is my primary node, 333.333.333.333 is the ip address to load and the two scripts to execute are novell-idsd and novell-ipsmd. When you work with the authkeys file, make sure you set the permissions on the file correctly. Mine is set to rw (read write) The online docs talk about this.
Ok, I am going to assume that you have installed heartbeat on both boxes and you have all the heartbeat config files correctly edited and in place on both servers.
Now we need to unbind the 333.333.333.333 address and stop the iprint service on which ever server it is running on. You should know the commands to unbind the address and stop the iprint service by now. You will not be manually binding the address from now on. Heartbeat will do that for you.
Ok, now the iprint ip address is NOT bound and the iPrint services are stopped. Lets tell heartbeat to start on Server A and see if it binds the ip addresses and starts the services. Use the following command to start heartbeat:
# rcheartbeat start (starts heartbeat)
By starting heartbeat it should bind the ip address and start the iPrint services. If you put the correct information in the 2 heartbeat config files. Remember if you were able to manually do this, then heartbeat should be able to easily do this. Also remember that heartbeat will issue the gratuitous arps as well.
Use the grep command to see if iPrint is running. Check your browser psmstatus url and see if it is working. If not, something is wrong. You can also monitor the heartbeat log file to see what it is doing. It is located in /var/log/ha-log You can use the tail command to watch it live. "tail -f /var/log/ha-log"
Ok, I am going to assume you got heartbeat to load the iPrint service on Server A. Go ahead and start Heartbeat on Server B. If you have it configured as I do, the iPrint service will NOT move to Server B yet. It will continue to run on Server A. Once running on Server B, stop or restart Heartbeat on Server A. You should expect that the service will move to Server B automatically. Use the following commands to stop or restart heartbeat on Server A:
#rcheartbeat restart
or
#rcheartbeat stop
Use the ps -eaf |grep iprint command to see if the service is started and remember to watch the heartbeat log if you want to see what is going on. If everything is configured correctly then the ip address and the iPrint service should have moved over to Server B. Restart Heartbeat on Server B and everything should move back to Server A.
Now you can do some real testing. Print some pages while the iPrint service is on Server A. Reboot Server A. Everything should fail over to Server B. OH, this is important. Before a reboot, you first need to configure what services are started upon boot up. Use the following commands to tell heartbeat to start upon bootup and tell iPrint NOT to startup upon bootup. Heartbeat will start iPrint.
#chkconfig novell-idsd off
#chkconfig novell-idsd (make sure it says off when you hit enter)
#chkconfig novell-ipsmd off
#chkconfig novell-ipsmd (again, just double checking)
#chkconfig heartbeat on (telling heartbeat to start upon bootup of the server)
Ok, now you should be able to reboot servers and make sure iPrint moves from one server to the other. I know there are other ways you might want to do this, but this has worked for me.
You should now be sitting with 2 iPrint servers that are able to fail the iPrint service over automatically if one server dies, or you can manually fail the service over by restarting or stopping heartbeat. I manually fail the service over when maintainance is needed on one server.
The last thing I did is to configure rsync so Server B's driver store is the same as Server A. Server A will be servicing iPrint most of the time. Server B will be there, just in case I need the service to move over there. So I want Server B to have all the drivers that Server A has. When someone uploads a new driver to Server A, I want it on Server B as well.
So, I use rsync to keep the driver store and driver cache in sync. It only copies the deltas.
With this script you can fail iprint from the primary server to the secondary server and ensure all the drivers are current. The driver store is located in /var/opt/novell/iprint/resdir
The end result of this exercise is to have 2 servers acting as an iPrint cluster. The service will fail over to the second box if the first box goes down. This architecture has been very stable in my environment and is relatively easy to setup once you have done it once or twice. Good Luck!
#Note, I took out most of the comments in this file and just left the uncommented commands to keep things simple.
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
warntime 10
initdead 120
udpport 694
baud 19200
serial /dev/ttyS0 # Linux
bcast eth0 # Linux
auto_failback off
# Tell what machines are in the cluster
node ServerA ServerB
# Ping the router to make sure there is a link
ping 137.xx.xx.254
respawn hacluster /usr/lib/heartbeat/ipfail
#Note, I took out most of the comments in this file and just left the uncommented commands to keep things simple.
#
# <VERY IMPORTANT NOTE>
# The haresources files MUST BE IDENTICAL on all nodes of the cluster.
#
# The node names listed in front of the resource group information
# is the name of the preferred node to run the service. It is
# not necessarily the name of the current machine. If you are running
# auto_failback ON (or legacy), then these services will be started
# up on the preferred nodes - any time they're up.
#
#node-name resource1 resource2 ... resourceN
ServerA 333.333.333.333 novell-idsd novell-ipsmd
#!/bin/sh
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin
TIMESTAMP=`date %F-%H%M`
# the name of the source machine
SOURCESERVER=serverA
# the name of the backup machine
DESTSERVER=serverB
# excludes file - this contains a wildcard pattern per line of files to exclude
# EXCLUDES=/etc/rsync-excludes-$SOURCESERVER
#### Copy the iPrint Driver Store ########
# directory to backup
SOURCEDIR=/var/opt/novell/iprint/resdir/
# Destination directory
DESTDIR="/var/opt/novell/iprint/resdir/"
# Create a backup directory if does not exist
[ -d $DESTDIR ] || mkdir $DESTDIR
# Options
# OPTS="-e ssh --force --ignore-errors --delete-excluded --exclude-from=$EXCLUDES --delete -az "
OPTS="-e ssh --force --ignore-errors --delete-excluded --delete -az "
# Do a backup
echo "Executing --> rsync $OPTS root@$SOURCESERVER:$SOURCEDIR $DESTDIR"
rsync $OPTS root@$SOURCESERVER:$SOURCEDIR $DESTDIR
###### Copy driver cache /mod_ipp directory #######
# directory to backup
SOURCEDIR=/var/opt/novell/iprint/mod_ipp/
# Destination directory
DESTDIR="/var/opt/novell/iprint/mod_ipp/"
# Create a backup directory if does not exist
[ -d $DESTDIR ] || mkdir $DESTDIR
# Options
# OPTS="-e ssh --force --ignore-errors --delete-excluded --exclude-from=$EXCLUDES --delete -az "
OPTS="-e ssh --force --ignore-errors --delete-excluded --delete -az "
# Do a backup
echo "Executing --> rsync $OPTS root@$SOURCESERVER:$SOURCEDIR $DESTDIR"
rsync $OPTS root@$SOURCESERVER:$SOURCEDIR $DESTDIR
exit