7Oct/137

Adding IPv6 connectivity to your server

With the recent deployment of IPv6 in our data centre network, newly installed servers should be configured with an IPv6 address out of the box. For existing installations that you do not want to reinstall or colocation devices not installed with our operating system deployment solution, the necessary information needs to be added to your system manually. This guide should give you enough information to get IPv6 up and running on your server.

Obtaining the necessary information

We have already assigned an IPv6 address to every one of your services where applicable. You can find this address in your customer control panel, which should look like this:

ipv6ccp

Do not use the address space shown in the image, "2a02:c200:0:10:3:0:7:1". Use your own IPv6 address space from your customer control panel instead.

At this time, the following additional information is valid for every IPv6 enabled server:

netmask / prefix length: 64
gateway address: fe80::1

For servers with a /64 network starting with "2a02:c205", please use the following IP addresses as resolving name servers:

Resolver/DNS server 1: 2a02:c205::1:53
Resolver/DNS server 1: 2a02:c205::2:53

For servers with a /64 network starting with "2a02:c207", please use the following IP addresses as resolving name servers:

Resolver/DNS server 1: 2a02:c207::1:53
Resolver/DNS server 1: 2a02:c207::2:53

Initial configuration (Linux-based operating systems)

Before adding this IPv6 address to your configuration files and thus making the changes persist after a server reboot, you might want to configure it manually. I will use the IPv6 address 2001:db8::1 in this example. Please replace it with the appropriate address assigned to the server in question. If your network card is not eth0, you will have to replace "eth0" with the appropriate value, too.

Add the address to the server's network interface in the format /:

ip addr add 2001:db8::1/64 dev eth0

You can validate that the address has been enabled by running

ip -6 addr show

which should show, among others, the following lines:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:db8::1/64 scope global valid_lft forever preferred_lft forever

In order to reach everyone else in the ever growing IPv6 world, add a default route to the server's configuration:

ip route add default via fe80::1 dev eth0

Again, you can verify the setting by running

ip -6 route show

which should show the following output:

default via fe80::1 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295

You can now check your IPv6 connectivity by using the ping6 command:

ping6 2a02:c205:0:5001::1

Making things persist (Linux-based operating systems)

Different operating systems have different ways of setting up the network configuration. If in doubt, please search the documentation for your operating system. Sample configurations for Debian/Ubuntu and CentOS/Fedora/RedHat will be provided here. Please be very careful when applying these changes. Errors may result in your server no longer responding to any network traffic at all!

Debian / Ubuntu

Edit the file /etc/network/interfaces and add the following lines:

iface eth0 inet6 static
address 2001:db8::1
netmask 64
gateway fe80::1
accept_ra 0
autoconf 0
privext 0

CentOS / Fedora / RedHat

Make sure IPv6 networking is enabled at all by editing /etc/sysconfig/network. Add the following line to this file:

NETWORKING_IPV6=yes

Then add the IP configuration to the file /etc/sysconfig/network-scripts/ifcfg-eth0

IPV6INIT=yes
IPV6ADDR=2001:db8::1/64
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0

This should make sure the IPv6 address gets enabled again after your server reboots.

Configuration steps for Windows Server operating systems

After you have connected to your server using RDP, click on "Start" > "Control Panel" > "Network and Internet" > "Network and Sharing Center". Click on "Change Adapter Settings" on the left side of the window. Right-click the icon for the network connection, select "Properties" from the menu:

IPv6-Windows-1

Highlight the entry "Internet Protocol Version 6 (TCP/IP)" on the list, make sure that the checkbox is ticked and click on "Properties" again. Enter the information you gathered from step one as shown below:

IPv6-Windows-2

Click on "OK", to close the dialogues and save the changes.

Still cannot reach your server via IPv6?

If you have made the changes as described above and if the ping6 command did return a response but you nevertheless cannot reach your server via IPv6 from your local computer, chances are that IPv6 might not yet be enabled in your local network. Your local ISP can help in this case.

Posted by: Markus | Tagged as: , , , , , 7 Comments
27Aug/130

Process Controlling With Supervisor

If you run your own virtual or dedicated server, chances are that you want to run a specific program or a number of programs that make up the service you want to use or offer. If the program you want to run is part of the Linux distribution of your choice there usually is not much more to it than installing the package and configuring the program. However, if the program comes from an external source or you are writing it yourself, you need to make sure it is started automatically when the server is booting. Additionally, during development or early testing phases of your own program, there might be errors in the code leading to a crash of your application and you might want to make sure that it gets restarted automatically in such a case. A few years ago, the solution to the first issue was quite simple. All you needed to do was to create an init script that would then handle the starting and stopping of the server. However, recently many Linux distributions changed the way they handle the boot process. Some are still using init, others may be using upstart or even systemd now. Providing the files necessary for all of this systems can be quite a hassle and while upstart and systemd support restarting programs on unexpected termination, implementing this with init is possible but requires to change init's configuration itself.

For my own needs I have become attached to using supervisor for this task - the program and the documentation can be found on http://supervisord.org, but most Linux distributions provide pre-built packages in their repositories. Supervisor itself is a daemon that is run by the system's process management so it gets run by init or it's counterparts. To run your own program, you have to add it to supervisord's configuration and it will make sure that it gets started on boot and restarted in case it crashes.

As an example, I will be using a very small custom web application written in Python using the bottle framework. Since this article is not about web programming, I am keeping it simple:

1 from bottle import route, run
2
3 @route('/')
4 def index():
5     return 'Hello World'
6
7 run(host='0.0.0.0', port=8080)

All this does is run a webserver on port 8080 and displaying Hello World in your web browser when you navigate to it. If the above code is saved to a file app.py, you can run it using python app.py and it will just run forever (or until it crashes). Now would be a good time to configure supervisor to run this application for us. Supervisor provides a command line tool called supervisorctl to check the status of configured applications and to start or stop them if needed. Running supervisorctl status will show you... nothing, as we did not set up anything yet. We create a new file called hello.conf which will contain everything supervisor needs to know to run our application and place it in /etc/supervisor/conf.d/. The most basic configuration defines a new program to run with a given name and a command to be executed as well as a user name that the program should be run with - if you leave this, your program will run as root which is almost always a bad idea:

[program:hello]
command=/usr/bin/python /home/markus/app.py
user=markus

Note that it is usually a good idea to provide absolute paths in such configurations. After the file has been saved, you can use supervisorctl reread to cause supervisor to reread its configuration file. If everything is right, the output of the command should tell you that a program named hello is now available:

# supervisorctl reread
hello: available

We can now start the program by running

# supervisorctl start hello
hello: started

Check the status again to see if its actually running now:

# supervisorctl status
hello                 RUNNING    pid 32675, uptime 0:00:46

As you can see, it tells us that the program is running, it's PID and the time elapsed since it's start. To simulate a crash, we will forcefully terminate the program and check if supervisor restarts it as expected:

# kill -9 32675
# supervisorctl status
hello                 RUNNING    pid 32686, uptime 0:00:04

The supervisor homepage gives you a lot more information about possible values to configure supervisor itself and the programs it runs. You can even configure the location of log files and automatic rotation for them in case they grow over a given size. More details about this can be found here: http://supervisord.org/configuration.html. Finally, no more reason to run your applications in detached screen sessions... 😉