Looking to rewrite all file requests to index?

1
2
3
4
5
6
7

location / {
root /var/www/nginx-default;
index index.html;
if (!-e $request_filename) {
rewrite . /index.html last;
}
}

RieserFS is a journalling filesystem that is excellent when dealing with small files under 4K in size. When used with tail-packing it is 10-15x faster then ext2/ext3. ReiserFS was first included in Linux kernel 2.4.1 and even used as default filesystem in SUSE Enterprise Linux and others. What many may not know is that Reiser killed, LITERALLY. The man behind this filesystem has been convicted of second degree murder for killing his wife. While this isn’t exactly breaking new it just goes to show you that extroverted geeks have it in them.

With the 8th update of their venerable Red Hat Enterprise Linux 4 version (_first released in February 200_5), RedHat switches to ”production 2 lifecycle phase”, where it helps customers transition to RHEL5. Ideally everyone will upgrade to rhel5 by the end of the year - Q4 2009 (in case not done already, this is a good time to plan for this).

General Availability:     February 14, 2005 End of Production 1 phase:     March 31, 2009 End of Production 2 phase:     No earlier than Q4 of 2009 End of Production 3 phase:     February 29, 2012

Key features in Red Hat Enterprise Linux 4.8 include:

• Improved virtualization performance and scale

• Improved Windows interoperability and file system support

• General performance improvements

• Storage and filesystem enhancements

• Enhanced developer support

For full details check out the press release.

Note: as usual, people using Centos4 will have to wait for a couple of weeks to have cento4.8 available for upgrade.

A month ago one of our customers complained on lots of spam comments appearing on his Wordpress site. There’s no development changes, including updates, to that site since it was launched and it runs on WP version 2.3.3. We managed the issue by activating the Akismet plugin and upgrading the Wordpress to latest version (2.7.1 at this time).

Yesterday, the same customer reported back the spam results appearing on Google search from his site. So i checked all the approved comments and pages on the site but i found nothing. At first I thought it was on Google cache but i don’t think it’s the case since it’s been a month since we implemented the spam filter and wp upgrade. Then I checked on the database contents and found several spam messages inserted on blog posts, most of them were inserted at the end of posts.

Spam messages looks like this:

1
2
3

<!-- manager-start -->
  <style>div.ONqjGUvTIf {height: 0pt;width: 3pt;position: absolute;overflow: auto}</style><div class="ONqjGUvTIf">viagra anxiety  <a href="http://insiteblog.mit.edu/?item=201&desc;=generic-brands-of-viagra-online"> generic brands of viagra online</a> taking viagra woman\ncheap gerneric viagra <a href="http://insiteblog.mit.edu/?item=33&desc;=viagra-dosage">viagra dosage</a> "generic  </div>
<!-- manager-end -->

If you check on the blog pages you can’t see these text so you can’t easily tell that the posts/pages were attacked, but if you try to view the html source generated by the browser you can see them - that is why it is included when Google index/crawl your site contents or pages. These spam appeared to have been inserted before our WP upgrade to it must be an exploit on our old WP version (2.3.3).

To remove you can edit the post from your WP Admin section or you can edit directly from database (ex: phpmyadmin).

Here’s my quick howto on installing GNUPG PHP Pecl extension (pecl docs) in Cpanel. Please note that this covers only the installation process and no further details on setting up gpg keys or using the function with extension or sample PHP scripts.

Installation process is very straightforward provided you met the requirements like php-pear, gnupg, libgpg-error, and gpgme. You can install it directly from WHM -> Module Installers -> PHP Pecl, enter gnupg and click the Install button. You can do the same via shell with this command pecl install gnupg. Then restart your Apache. Be sure to double check if the extension was added to you php.ini.

On Cpanel servers most of the requirements are present, like php-pear (if you compiled your apache/php with pear), gnupg, libgpg-error, etc, except for gpgme which is the main library used by gnupg extension. Our system is running CentOS 4.7 with latest STABLE branch of Cpanel (S35075 at this time of writing), PHP 5.2.9 with pear and libgpg-error (version 1.0-1 only). Only missing requirement was gpgme which i installed from source as it was not available on our default yum repository. You can also install it from other repositories like centos.karan.org. At this time the latest gpgme version is 1.1.8 but I installed version 1.1.2 because it’s the latest version compatible with our libgpg.

I also encountered an error library path when I check the extension,

1

error while loading shared libraries: libgpgme.so.11: cannot open shared object file: No such file or directory

so I had to add /usr/local/lib to /etc/ld.so.conf and run ldconfig, so that libraries in this directory are detected automatically.

From the register:

Google has declared newspapers, orange juice and cheeseburgers that much more harmful to the planet than running a vast network of datacentres.

Urs Hölzle, senior vice president operations at Happyland Central, took to the Google blog today to put its claims that the average Google search “uses about 1 kJ of energy and emits about 0.2 grams of carbon dioxide” in context.

This is dramatically less than Harvard prof Alex Wissner-Gross claimed back in January. He calculated that a Google search was equivalent to around 7.5g of CO2.

Still, for the sake of argument, we’ll take Hölzle’s figure as a starting point. Hölzle then declares that an average daily newspaper accounts for the equivalent of 850 Google searches, while a glass of orange juice stacks up to 1050 searches. So, that’s pages of algorithm sorted links before you’ve even gotten as far as your morning coffee and muffin.

It inevitably gets worse. A five mile trip in an automobile equates to 10,000 searches, according to Hölzle, while a cheeseburger (remember, you only had OJ for breakfast) is a whopping 15,000 searches.

At this point it’s no surprise that an average US household burns enough energy per month to serve up 3.1 million Google searches - or 207 cheeseburgers. Which for a family of four is about 1.7 cheeseburgers each a day. We suppose it’s just possible the Google search equivalent in newspapers would be even more nutritious.

Anyway, Hölzle reassures his readers that Google is working hard to reduce its energy usage, and has in fact cut it by 50 per cent; though he neglects to say compared to what, over what period, whether this is a per server or per search or overall figure, and how many cheeseburgers or newspapers this equates to.

But he does point out that, “This efficiency means that in the time it takes to do a Google search, your own personal computer will likely use more energy than we will use to answer your query.”

So there you have it, if you want to enjoy a cheeseburger or newspaper - or even a newspaper’s own website - without feeling climate guilt, just steer clear of Google.

Anyone running centos/rhel x86_64 systems has probably noticed that redhat has a strange way to install a mix of i386 and x86_64 rpms on such a systems. This is how redhat is using the 64bit architecture in a mixed way to be able to support also i386 applications. This is completely different from how for example debian does this where you will not see by default any i386 libraries or duplicate applications installed (you can install and use ia32 libraries for compatibility reasons but the user is in full control on this process). The way how this works in rhel is confusing; let’s take a simple example (the commands are taken from a clean centos5.3 install with the base packages selected): let’s see what version of ncurses we have on the system: rpm -qa | grep ncurses ncurses-5.5-24.20060715 ncurses-5.5-24.20060715 what? why is this listed twice? hmm… Running: rpm -qi ncurses-5.5-24.20060715 will also list the package twice (but doesn’t show the difference). We can assume one is i386 and one is x86_64 right? but we can’t see this.

To overcome this issue, and at least have rpm report the proper versions we have to add in our rpmmacros file a new line like: ”%query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}”_ that will add to the rpm output the architecture and allow us to see the this:

<code lang="bash">cat >> ~/.rpmmacros
%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}</code>

and now running the same command will return a more intuitive and meaningful: rpm -qa | grep ncurses ncurses-5.5-24.20060715.x86_64 ncurses-5.5-24.20060715.i386

This doesn’t fix anything in how yum will install duplicate programs or libraries, but at least it will allow us to see the full name of the packages in rpm commands. Theoretically people should be able to add into yum.conf (this is the default anyway, so you might have it already): exactarch=1 and yum will install by default the packages of the arch it is running on (x86_64 in our case). Still, this will not prevent i386 dependencies to show up and be installed. In case you want to completely ignore other arch packages add in the [main] section of /etc/yum.conf to exclude all 32bit packages,: exclude=*.i386 *.i586 *.i686 and this will completely exclude them completely from yum operations. Please use this with care, and only if you have a full understanding of the implications to exclude those packages.

Even if you don’t exclude the 32bit packages as shown above, it is a good idea to add the arch to all yum operations (like install, remove, etc.), like: yum install ncurses.x86_64

Hopefully you found this post useful, and have now a better understanding on how rhel/centos use the i368 and x86_64 packages and libraries with rpm and yum on a 64bit installation.

This guide will help you setup Nagios user to have limited access to host and service checks. It is helpful when you want to allow your customers or clients to view and receive alerts on their servers and services, like for dedicated servers.

Procedure:

Contacts: Create new contact definitions for your client.

1
2
3
4
5
6
7
8
9
10
11

define contact{
    contact_name                    customer1
    alias                           Customer One Admin
    service_notification_period     24x7
    host_notification_period        24x7
    service_notification_options    c,r
    host_notification_options       d,r
    service_notification_commands   notify-service-by-email
    host_notification_commands      notify-host-by-email
    email                           customer1@domain.tld
}

Groups: Create contact groups or you can add the new contact for you existing group, depending on the checks that you want to allow.

1
2
3
4
5

define contactgroup {
    contactgroup_name               Dedicated-Server1-Admins
    alias                           Admins for Server 1
    members                         customer1,hostingadmins
}

Hosts / Services: Use the new Contact Group with customers email and your main admin. Note that i used the existing Host Groups but you create new HostGroups if you want.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

define host {
    use                            generic-host
    host_name                      Server1
    alias                          Server1
    address                        10.0.0.2  // private or public ip
    hostgroups                     DedicateServers
    check_command                  check-host-alive
    contact_groups                 Dedicated-Server1-Admins
    check_period                   24x7
    max_check_attempts             10
    notification_interval          480
    notification_period            24x7
    notification_options           d,r
    notifications_enabled          1
}
define service {
    use                            generic-service
    host_name                      Server1
    service_description            HTTP
    is_volatile                    0
    check_period                   24x7
    max_check_attempts             3
    normal_check_interval          5
    retry_check_interval           3
    contact_groups                 Dedicated-Server1-Admins
    notification_interval          480
    notification_period            24x7
    notification_options           w,u,c,r
    check_command                  check_http
    notifications_enabled          1
}

In my case, I created a new group and add our admin contacts and customers, then update the contact groups for hosts and services. You can also create a new definitions for hosts, contacts, groups, and services with different names for the clients if you don’t want to edit your existing definitions.

Htaccess: Lastly, you need to add htaccess user to your htpasswd file (htpasswd.users). Username should match the name on your Contact. In this sample it is customer1. [Update] If you’ve implemented ”Digest Authentication” you need to update your digest file instead of the htpasswd.

Don’t forget to restart you Nagios.

Ran into an issue today where a php created file was unreadable by other users or services that run under a different user. Since this is a software originated issue the sysadmin would love for the developer to change the code to include the chmod() php function to set permission to 644 after file creation. On the flip side when a developer sees “permission” they automatically assume it’s OS related and want the sysadmin to resolve the issue.

This time I let the developer slide and implemented a fix on system end by appending umask 022 into /usr/local/apache/bin/envvars file and restarting apache. This will apply a umask of 022 to the default perrmission of 666 for newly created files. The result is that anytime apache creates a file be it via php or another way it will always have 644 permissions and will be world readable. But wait the fun doesn’t end there as we are running cPanel on this particular server and this env change will be lost next time Apache is rebuilt via EasyApache. To make this change persistent create a file called umask with the digits 022 as contents in /var/cpanel/easy/apache/rawenv/

Google slowdown causes blogger hysteria

Official Google Blog: This is your pilot speaking. Now, about that holding pattern…

Ok, so I checked out my RSS feeds and went over to google blog to see what the hoopla was about today after slowdown. Yes, I had pings from folks asking me if google was down for them or just me, but I really find the backlinks interesting… from funny to pathetic.

I think uptime still matters.

See for yoursleves (my emphasis):

Google Outage Caused by Asian “Traffic Jam” | John Paczkowski …

If the Web has does have a single point of failure, you’d think it was Google given all the outcry over the the outages suffered by some of the company’s services Thursday. Something went wrong at the company this morning and whatever …

Posted by John Paczkowski at 12:23 

Google Slow (or Down) for Some

Thursday, May 14, 2009. Google Slow (or Down) for Some. Some of us are having problems accessing google.com, YouTube, Gmail and others. [This post may update if there’s further info.] Update: And it seems to be back up now (18:15 CET). …

Posted by Philipp Lenssen at 10:08 

Google Slow, Twitterati Hysterical

UPDATED: Google appears to be having problems across its Gmail, search and even its Blogger platforms, judging by complaints on …

Posted by Stacey Higginbotham at 09:48 

It’s Down! The Day Google Stood Still (Updated) - ReadWriteWeb

We have seen our fair share of failures from web based products, but this morning, for a large number of users (at least in the US), it looks …

Posted by Frederic Lardinois at 09:32 

Major Google Outages Today: #GoogleFail Or #AT&T; Fail?

A bunch of GoogleGoogle reviews services have been failing this morning, and we’ve been trying to figure out why. The hashtag #googlefail on TwitterTwitter.

Posted by Adam Ostrow at 09:25 

Google Services Go Down For Many

Currently, many people who use Google’s services, including web search, Gmail, Google Reader and other products are either down or incredibly slow for some.

Posted by Barry Schwartz at 09:15 

La panne de Google: une erreur d’aiguillage - Media & Pub - E24.fr

Le moteur de recherche a connu de sérieux problèmes techniques entre 17h et 18h ce jeudi. Des milliers d’internautes ont témoigné sur Twitter des difficultés rencontrées sur Google.

Posted by at 09:08 

Google Stumbles, Internet Breaks A Leg

Recent Posts. Google Stumbles, Internet Breaks A Leg · Beer Monday: Redhook’s Slim Chance · Friday Gallimaufry: Migratory Birds · Moms On The Net · Beer Monday: New Glarus Brewing · The Pale Blue Dot · Devo Was Right About Everything …

Posted by forbes blogger at 08:35 

Ajax Girl » Blog Archive » Google’s Outage Was Asia’s Fault

Written by on May 14th, 2009 in Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site. Google finally has an explanation for its …

Posted by at 07:34 

Tech Science | SearchBeat.com Shout-Out Blog

Top Technology, Computer, Internet and Science News Latest Science News from Around the Web Scientific.

Posted by keithco at 23:12 

Tech Central - Times Online - WBLG: Problems with Google today …