I realized that I missed a great episode of Colbert when a friend described at lunch how Colbert had likened the Barr attack on anonymous to him sticking his penis to the hornets nest. I hope you enjoy a laugh. For a good article on how anonymous got into Barrs accounts read this Ars Technica article on Anonymous and HBGary hacking. It is a great study on how to improve your security and how vulnerable a corporation may be due to lax security practices.
→ 1 CommentTags:
CPanel includes support in their installer for eaccelerator; still, for some strange reason they don’t include support for APC also. So, if you want to install APC on your CPanel powered server, you will have to go back at the command line and install it manually.
Here are the steps needed to install the latest version of APC (3.1.8 at the time of writing this article; please check for the latest version available when you are reading this and make the changes accordingly):
cd /usr/local/src
wget http://pecl.php.net/get/APC-3.1.8.tgz
tar -zxvf APC-3.1.8.tgz
cd APC-3.1.8
phpize
./configure --enable-apc --enable-apc-mmap --with-apxs --with-php-config=/usr/local/bin/php-config
make
make install
Next, activate the apc module in php.ini by adding something like this:
extension="apc.so"
apc.enabled=1
apc.shm_segments=1
apc.shm_size=128
Finally, you will have to restart apache and after that the APC module should be activated and in use. Hopefully, this will help you enable APC on your CPanel server in some very simple steps in less that 5minutes.
→ No CommentsTags: apc·cpanel·whm
I’m sure almost everyone is aware at this point on the failure that caused Amazon cloud computing solution AWS to be down yesterday (and still is at some smaller extend happening at this time as we can see on their status page) for most of the day. This has affected a few big (Reddit, Foursquare, Quora, Heroku, Engine Yard, for ex.) and many small sites hosted in the us-east-1 AWS region. This happened regardless on the availability zone you were in the region US-EAST (this is the oldest one and still the default for many client tools) and questioned the independence and isolation of the availability zones in the AWS infrastructure design.
The failure was specifically related to the EBS drives that made customer instances non responding, but also prevented them to start or stop new instances with the same EBS volumes (that probably 99% have tried immediately as they got paged). There are some sites that had failover mechanisms, but if they were in the same availability zone it was useless (something that looked like a good solution and fast and cost effective). Others, many startups, found out that they had no such mechanism at all, and that they depended way too much on the Amazon reliability. Until this issue, Amazon had a great uptime record; there were many issues but with individual instances, but not such a global issue. You would expect people running their application in the cloud to expect failures and be prepared and I’m sure most of them are compared with applications deployed in the regular datacenter, but apparently there is still much work to be done.
Overall I believe this showed (if we needed a reminder), that failures can happen and anyone can suffer from such a problem (Google had problems, Facebook the same, and Twitter is most of the time down, and now was just Amazon’s turn). We need to be prepared and build and architect our applications with this in mind and be ready to failover. A great example of this is the twilio application design: http://www.twilio.com/engineering/2011/04/22/why-twilio-wasnt-affected-by-todays-aws-issues/
Also I think Amazon will learn many things from this event, and hopefully one of them will be to better communicate with their clients. They can definitely improve on this, and not leave people to go to twitter or ec2 forums for the best updates on such problems instead from the source.
I’ve also seen different providers (I will not give names but they are everywhere on twitter) come out and offer their services to people hit by this. I don’t believe this is the best approach to sell your very performant cloud solution or barebone datacenter servers or whatever, and probably it does worse for their reputation making them look like coyotes on a fallen prey. I’m sure like me, most people felt disgusted on their offers at this time, and it will definitely not make me look at their offering again.
Now its time to get back to work on failover and redundancy design for our clients that need help with this. If you’ve been affected by this and want to share your story and what are your takeaways feel free to comment bellow on the post. If you need specialized help to design or implement a fully fault tolerant infrastructure feel free to contact us anytime. We are here to help.
→ No CommentsTags: Amazon·aws
Setup ssh key authentication for password-less login between servers. For use by ssh/sftp users or scripts.
Source Server (or local system)
Generate RSA key for user on this system, you can also use DSA. This asks for key pass-phrase but you can leave it blank.
ssh-keygen -t rsa
This asks for location to place the generated key, by default it will be your home directory (ex: /home/your_username/.ssh/). This generates two files: id_rsa and id_rsa.pub. Content of id_rsa.pub is what we need to copy to destination server.
Destination Server (or remote server)
Check if you have the directory .ssh on your home (ex: /home/username/.ssh/), if not, create that directory.
ls ~/.ssh
mkdir ~/.ssh
Check if you have existing file authorized_keys on your .ssh directory, if not create it.
ls ~/.ssh/ authorized_keys
touch ~/.ssh/ authorized_keys
Copy content of id_rsa.pub that you created from your source/local server, or execute this command from your source/local server:
scp ~/.ssh/id_rsa.pub username@remote_host:~/.ssh/authorized_keys
Test your password-less login from source to destination server.
While people are still waiting to for Centos 6 (after many month since RHEL6 was released) we got a little teaser in the release of Centos 5.6 last week. This is a minor security release, but it also brings in some interesting additions like ext4 support and php53 packages among others.
If you are running any Centos 5.x minor version you should be able to upgrade just by running:
yum update
We already upgraded to Centos 5.6 all our servers and you should do the same also, and hopefully soon we will see the Centos6 release that everyone is waiting for.
For the full list of packages changed/added please see the centos5.6 release notes: http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.6
→ No CommentsTags: Centos·releases
Setup sftp-only access on default Redhat/CentOS install. Use built-in sftp-server which is non-chrooted and easy to setup.
Server: Locate sftp-server binary and add to your list of valid shells on the system.
which sftp-server
Note: This will most likely give you this: /usr/libexec/openssh/sftp-server
echo /usr/libexec/openssh/sftp-server >> /etc/shells
Note: You may want to backup your /etc/shells first
User Accounts: Add or modify accounts to use sftp-server.
New User
useradd -s /usr/libexec/openssh/sftp-server sftponlyuser
Note: Important parameter there is the “-s /usr/libexec/openssh/sftp-server”, which sets the default shell for this account. By default you will have “/bin/bash”.
Existing User:
vi /etc/passwd
Find the user that you want to configure for sftp only access and edit its shell. For exampleyou will see a line “username:x:500:500::/home/username:/bin/bash” change “/bin/bash” to “/usr/libexec/openssh/sftp-server” and save. Note: You may want to backup your /etc/passwd file as well.
→ 1 CommentTags: sftp-only
The common headache for beginners who try to move their Drupal site with CiviCRM is the CiviCRM configuration on new location or domain. I did this countless times and dealt with different problems before. I’ve read many online tutorials and how-tos, and I finally have my notes which is working for me everytime i move Drupal and CiviCRM site.
Let’s assume you already moved the databases (separate database for Drupal and CiviCRM as a recommended setup) and the files to new location and have set the correct file permissions as well. Here is the part that you need for your CiviCRM to work on new location and domain:
civicrm.domain:config_backend. You see this anywhere with CiviCRM guide.civicrm.settings.phpsites/default/files/civicrm/template_c (or make this entire dir writable by web user)http://sitename/civicrm/menu/rebuild?reset=1http://sitename/civicrm/admin/setting/updateConfigBackend?reset=1
→ No CommentsTags: civicrm·drupal
I’ve written few Drupal ApacheSolr install guides here and this one is basically an install draft for Ubuntu.
Environment: Ubuntu 10.10, Apache, PHP, MySQL, Drupal 6.20
Things to install / setup: Solr, Tomcat6, ApacheSolr module for Drupal, and SolrPHPClient library
1.) Install Tomcat and setup your Tomcat admin user.
aptitude install tomcat6 tomcat6-admin tomcat6-common tomcat6-user
vi /etc/tomcat6/tomcat-users.xml
<role rolename=”admin”/>
<role rolename=”manager”/>
<user username=”tomcat” password=”password” roles=”admin,manager”/>
/etc/init.d/tomcat6 restart
[Read more →]
→ 5 CommentsTags:
PHP is slow. This should not be a huge revelation for any of us, and this is not because PHP is a bad programing language, or because Python or Ruby are better. This is because it is an interpreted language. Every time you execute a PHP script it is going to do the exact same thing and interpret your code and then execute it over and over. This is obviously slow and doesn’t compare with any compiled language like C++ for example. But we don’t want to write in C++ for our webapps, right? and we would like to use the PHP simplicity as many other open source products and developers; what can we do then? We can very easily enable any of the opcode cache available: APC, eaccelerator or xcache (I’m not aware of something similar for python or ruby, but if it exists you should probably use it also). An opcode cache or PHP accelerator, will cache the compiled form of the php scripts speeding up dramatically their execution time. Many people have done this a long time as they needed to improve the performance of their sites, and get results up to 20x speed up from plain PHP. A very simple step-by-step intro on how you can install APC can be found on this older post.
[Read more →]
→ No CommentsTags: apc·Drupal performance·hosting·Performance·php
Besides Gmail, many sites are moving to GoogleApps for hosting their emails, and if you use Gmail or GoogleApps a lot then you might love the keyboard shortcuts feature.
You can quickly see available shortcut keys by typing “?” (question mark, no qoutes) and it will give you this screen.
Of course you need to enable keyboard shortcuts on your settings. 
→ No CommentsTags: gmail
