FreeIPA Failover with Keepalived


For this guide, we shall be looking at how to make use of the FreeIPA replica feature to set up high availability in FreeIPA. We shall then configure Keepalived to facilitate failover between any number of FreeIPA instances. In this guide, only two FreeIPA instances will be used, one being the master server and the other the replica.

This setup procedure is intended for system administrators running a single FreeIPA server and are afraid of a single point of failure.

Therefore, you should have a FreeIPA server already installed and fully functioning – with test accounts.

This guide starts with the setup of a FreeIPA server, followed by the setup of one replica node.

Continue reading “FreeIPA Failover with Keepalived”

Resizing disk size for a Ganeti instance

This process entails two stages:

a) Adding Disk space to a Ganeti instance

Stop the machine using the command below:

root@master-node:~# gnt-instance stop

NB: is the name of the Ganeti instance to be re-sized

There after, run the command below.

Warning: Since this command usually takes long to complete, it’s strongly advised that you run it when working directly on the console of the machine, or in screen mode in case you’re working remotely.

root@master-node:~# gnt-instance grow-disk 0 50g

This command will grow the disk 0 (first disk) of the ganeti instance called by 50GB, meaning the disk size will be increased by 50GB from its initial, that is to say, from 200GB to 250GB.

Continue reading “Resizing disk size for a Ganeti instance”

Python update to tackle remote code vulnerability

The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.

PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that’s tracked as CVE-2021-3177.

The project expedited the release after receiving unexpected pressure from some users who were concerned over the security flaw.

Python 3.x through to 3.9.1 has a buffer overflow in PyCArg_repr in ctypes/callproc.c, which may lead to remote code execution.

Continue reading “Python update to tackle remote code vulnerability”

Migrating from Zimbra to Zimbra (ZCS to ZCS)

There can be a number of reasons for migrating from one mail server to another, the commonest being “running low on disk storage”. Other reasons may include “the need to having a failover mail server” in case of any catastrophic event that may compromise the active email server, among others.

In other words, this same technique can be used to create a clone of your currently running email server to ensure redundancy.

In order to have virtually zero down time, we will proceed as follows :

  1. Set the DNS TTL Entries pertinent to the mail server to the shortest possible time (Ideally this is done a day before to make sure the ttl propagates accordingly)
  2. Prepare a fully working new server
  3. Import all existing domains from the old server.
  4. Import all existing accounts, passwords, distribution lists, and aliases from the old server
  5. Move all DNS Pointers and firewall port forwards to the new server (or leave the DNS Pointers as they are, and simply swap the servers’ I.P. Addresses old to new, and new to old. (More about this later)
  6. Make sure that new mail is arriving  on the new server.
  7. Make sure users are able to connect and use the new server.
  8. Export Mailbox data from the old server, and import it to the new while the new server is running

Continue reading “Migrating from Zimbra to Zimbra (ZCS to ZCS)”