NONparametrics

geekdom without assumption
NONparametrics

the last fedora

Given the high volume of quality content <wink wink>  on this blog, I’m sure that many were heart broken when the server hosting this had a harddrive hiccup and downed for 10 days.  If you didn’t notice, I don’t blame you. I keep telling myself and everyone else that I will someday maintain this, but it happens to fall a ways down in a very long list of life and professional goals. Not that I don’t see this as important, but our little I/O episode is case in point.

The issue was actually a rather simple one, involving only a corrupted ext3 journal in the /var partition; that unfortunetly becomes much more complicated when the offending host is located some 350 miles away in a dark basement’s much darker closet with no known *nix admins to be had. I tried to do a phone walkthough with my very patient and forgiving brother-in-law, but that ended when I failed to assert the gravitous difference between

tune2fs -O ^has_journal /var

and

tune2fs -O ^has_journal / var.

If you’re not a sysamdin, the short story is that the mis-placement of a single space made the machine completely unbootable. So thanks to FEDEX, we’re back in business little the worse for the wear.

Aside from hosting a few blogs and our primary DNS, that server was not doing much anyway, and I was in the process of backing up the data to decommission it when the error occurred. I never would have guessed it a year ago, but we are now 100% Ubuntu as that was our last Fedora based server. We just upgraded most of our desktops at work to the new Beta release of Hardy Heron, and I’m happy as cake. The NVidia drivers for my GeForce 6150 LE are finally solid in Compiz-Fusion after endless screen locks (the mouse would move, but no one was home) and the intel video cards are doing their own work so that the processor is freed up for snappy performance. The background art is the best yet.

I apologize to the faithful few who keep checking in hoping for personal news and continue to get assualted with tech jargon.. I have plans to split my personal and professional blogs apart–stop laughing, I know that keeping has been more than a task for me so far. Thanks for sticking with me anyway. Blessings!

man with a mirror

I’m sure that you’ve all heard me sing the glories of Linux at some point, and probably most of you know that I run Ubuntu (among other OSes). I’m constantly impressed by the relative ease of use and how quickly it is continually improving. I’ve got 7.04 (Feisty Fawn) running on 5 machines at the moment, and I’ve been wanting to upgrade to 7.10 (Gutsy Gibbon) since it came out a few weeks ago; I just haven’t had the time to add a new hard drive to my apt-mirror machine. BTW, any of you really geeky fellows who run Ubuntu on more than two machines, apt-mirror is well worth the effort and bandwidth (if you have it).

It takes all of about 10 minutes to set up, and about 12-72 hours to download the packages. Once it’s done, your updates and installs will happen in seconds, since the downloads are only limited by your local LAN. With my sources enabled (all of the official and community repos on the ubuntu mirror plus the wineHQ one) it was a 37 gig download. Assuming you have a running web server, all it takes is:

sudo apt-get install apt-mirror

After the install, open up your mirror.list and replace the lines that start with deb with the similar ones in your sources.list. here is mine:

sudo vim /etc/apt/mirror.list

############# config ##################
#
# set base_path /var/spool/apt-mirror
#
# if you change the base path you must create the directories below with write privlages
#
# set mirror_path $base_path/mirror
# set skel_path $base_path/skel
# set var_path $base_path/var
# set cleanscript $var_path/clean.sh
# set defaultarch
set nthreads 20
set tilde 0
#
############# end config ##############

deb http://us.archive.ubuntu.com/ubuntu/ feisty main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty main restricted

deb http://us.archive.ubuntu.com/ubuntu/ feisty-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty-updates main restricted

deb http://us.archive.ubuntu.com/ubuntu/ feisty universe
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty universe

deb http://us.archive.ubuntu.com/ubuntu/ feisty multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty multiverse

deb http://security.ubuntu.com/ubuntu feisty-security main restricted
deb-src http://security.ubuntu.com/ubuntu feisty-security main restricted
deb http://security.ubuntu.com/ubuntu feisty-security universe
deb-src http://security.ubuntu.com/ubuntu feisty-security universe
deb http://security.ubuntu.com/ubuntu feisty-security multiverse
deb-src http://security.ubuntu.com/ubuntu feisty-security multiverse

clean http://us.archive.ubuntu.com/ubuntu

After that you just need to run the mirror updating command…
sudo su - apt-mirror -c apt-mirror
…and wait for several hours. Or days.

Once it has completed the first run, you can go into /etc/cron.d/apt-mirror and uncomment the line in there to make it run on it’s own every day.

ssl and virtual hosts in apache 2

I purchased a third-party signed certificate for one of our sites to get rid of the annoying security warnings. There are a dozen sites running on the server, so I have been using named virtual hosts in apache in order to avoid wasting valuable ips. I went through the whole exciting process of generating the cert request in openssl, verifying the whois records, and sending in proof that we own the name and that we are who we say we are. The process was relatively painless while still showing that they due their due diligence to assure proper authentication. At any rate, I had my certificate within a couple of hours, thinking that this was all to easy.

With the files in hand, I opened up my httpd.conf to replace my self-signed certs with the real deal. I made the changes and restarted the server, only to find that the old certificate was still being used. At first I thought that the issue was in reloading the .conf file, but that proved not to be true after a reboot. I started googling to see what could be wrong, only to learn that name-based virtual hosting and SSL do not mix. Apparently the SSL handshake occurs before the http headers with the hostname (which is how Apache knows what page to serve you) so that you can only use one SSL cert per IP address.

I made myself another latte and sat down to figure the damage on switching everything over to ip-based hosting. Running Linux makes it trivial to use multiple ip addresses on one network card (I don’t know of any limit), but I was afraid I would run short on leased ips. After scanning half a dozen sites with bits and pieces about ip virtual on Apache, it dawned on me that I might be able to run both name-based and IP-based on the same daemon. I’m sure why I assumed I couldn’t (maybe because almost every howto contains something to the effect of “Name-Based vs. IP-Based” in the title), but the revelation was a cheering thought.

After backing up my old httpd.conf, I changed the virtual server in question to a IP based one (leaving the others in tact). A quick change in the DNS A records and I was ready to test it out. To my delight, everything worked as it should. Anyone who can read this–and comprehend it–knows that it’s never that easy, but lucky for me it was.

The power and flexibility of the LAMP stack continues to amaze me. No matter how messy the situation is, this winning combination will deliver in spades. It is no wonder that so many organizations use it.

 Page 2 of 2 « 1  2