May 2019

Friday, May 31, 2019

linux - What can go wrong with a GLIBC upgrade?

I recently installed a piece of software that my group needs for a research project starting next September. Turns out the software has a known crash bug when used with glibc 2.12.1. My boss asked if we can upgrade glibc on the server that's supposed to run it. Cue my skeptical silence....

At some point, I got it into my brain that messing with glibc was about as good an idea as messing with a hungry puma; however, I've been unable to determine the source of this belief. So, if I go ahead with this:

Am I doing something flagrantly stupid (e.g. I won't fix my problem, I will brick my server, or I will initiate a zombie apocalypse)?

What can go wrong?

What is likely to go wrong?

How do I avoid the answers to 2 and 3?

Answer

It is often possible to compile up a fresher libc, and have one piece of software use a different library to everyone else.

The biggest painpoint between libc versions is thread local storage, IIRC. If you're passing this milestone, all bets are off.

Having said all that - I would strongly recommend that you simply upgrade the distro to something modern. Doing piecemeal upgrades is likely to lead to the sort of pain that has you chasing your tail for months.

raid - Accidentally deleted wrong logical drive HP Smart Array P800 controller

I was tasked to do some rearranging on my company's HP Proliant storage server. In the p800 configuration utility I managed to delete the wrong logical disk, which was a 10 disk RAID 6 array. I'm just wondering if there's any way to recover that logical disk. When I boot up I'm given the options

Logical drive(s) disabled due to possible data loss.  
Select "F1" to continue with logical drive(s) disabled. 

Select "F2" to accept data loss and to re-enable logical drive(s)  
RESUME = "F1" OR "F2" KEY.

I haven't chosen either. F2 sounds scary. I just wish there was a way to re-import the foreign configuration like on the Dell servers.

Can anyone help?

load balancing - How many reverse proxies (nginx, haproxy) is too many?

I'm setting up a HA (high availability) cluster using nginx, haproxy & apache.

I've been reading great things about nginx and haproxy. People tend to choose one or the other but I like both. Haproxy is more flexible for load balancing than nginx's simple round robin (even with the upstream-fair patch). But I'd like to keep nginx for redirecting non-https to https among other things right at the point of entry to the cluster.

On the other hand, nginx is a lot faster for serving static contents and would reduce the load on the powerful apache which loves to eat a lot of RAM!

Here is my planned setup:

Load balancer: nginx listens on port 80/443 and proxy_forwards to haproxy on 8080 on the same server to load balance between the multiple nodes.

Nodes: nginx on the node listens to requests coming from haproxy on 8080, if the content is static, serve it. But if it's a backend script (in my case PHP), proxy forward to apache2 on the same node server listenning on a different port number.

Technically this setup works but my concerns are whether having the requests going through several proxies is going to slow down requests? Most of the requests will be PHP requests as the backends are services (which means groing from nginx -> haproxy -> nginx -> apache).

Thoughts?
Cheers

Thursday, May 30, 2019

tomcat - How do I fix a 'Failed to retrieve RMIServer stub' JMX error?

I just completed a migration from Windows server 2008 R2 to Ubuntu 10.04. I manage a java application (Java 6, Tomcat) that is having some performance issues. I'd like to use JMX to try and troubleshoot, but I can't seem to get jvisualvm to connect.

If I do a ps -ef | grep "java", I see the following parameters.

-Dcom.sun.management.jmxremote.port=8084 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.authenticate=false

Netstat shows that port 8084 is listening on 0.0.0.0. In my config, JMX is setup to bind to the FQDN of the server (we use a private DNS server). My firewall (IPTABLES/UFW) is setup to allow all outgoing traffic, and to allow incoming traffic on port 8084.

The server itself is virtual with two NICs, a public and a private. The public NIC's gateway is disabled so that connections can only come in on the private side.

When I try to connect jvisualvm to my app server using JMX, I get the following error in jvisualvm.

Cannot connect to [FQDN OMITTED]:8084 using server:jmx:rmi:///jndi/rmi://[FQDN OMITTED]:8084/jmxrmi

If I look in the jvisualvm log, I see the following trace.

NFO [com.sun.tools.visualvm.jmx.impl.JmxModelImpl]: connect(service:jmx:rmi:///jndi/rmi://[FQDN OMITTED]:8084/jmxrmi)
java.io.EOFException: SSL peer shut down incorrectly

                at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
Caused: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
                at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
                at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
                at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
                at java.io.DataOutputStream.flush(DataOutputStream.java:106)

                at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
Caused: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
                javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
                at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:286)
                at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
                at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
                at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
                at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:97)
Caused: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
                javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]

                at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:101)
                at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:185)
                at javax.naming.InitialContext.lookup(InitialContext.java:392)
                at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1886)
                at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1856)
                at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:257)
Caused: java.io.IOException: Failed to retrieve RMIServer stub
                at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:338)
                at com.sun.tools.visualvm.jmx.impl.JmxModelImpl$ProxyClient.tryConnect(JmxModelImpl.java:451)
[catch] at com.sun.tools.visualvm.jmx.impl.JmxModelImpl$ProxyClient.connect(JmxModelImpl.java:395)

                at com.sun.tools.visualvm.jmx.impl.JmxModelImpl.connect(JmxModelImpl.java:216)
                at com.sun.tools.visualvm.jmx.impl.JmxModelImpl.(JmxModelImpl.java:205)
                at com.sun.tools.visualvm.jmx.impl.JmxModelProvider.createModelFor(JmxModelProvider.java:61)
                at com.sun.tools.visualvm.jmx.impl.JmxModelProvider.createModelFor(JmxModelProvider.java:42)
                at com.sun.tools.visualvm.core.model.ModelFactory.getModel(ModelFactory.java:111)
                at com.sun.tools.visualvm.tools.jmx.JmxModelFactory.getJmxModelFor(JmxModelFactory.java:69)
                at com.sun.tools.visualvm.jmx.impl.JmxApplicationProvider.addJmxApplication(JmxApplicationProvider.java:267)
                at com.sun.tools.visualvm.jmx.impl.JmxApplicationProvider.createJmxApplication(JmxApplicationProvider.java:185)
                at com.sun.tools.visualvm.jmx.JmxApplicationsSupport.createJmxApplicationImpl(JmxApplicationsSupport.java:283)
                at com.sun.tools.visualvm.jmx.JmxApplicationsSupport.createJmxApplicationInteractive(JmxApplicationsSupport.java:261)

                at com.sun.tools.visualvm.jmx.impl.AddJMXConnectionAction$1.run(AddJMXConnectionAction.java:80)
                at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:577)
                at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:1030)

Does anyone have any ideas?

Answer

The problem is that even if JMX is configured to listen on port 8084, after the initial connection is made, the JMX host will dynamically pick a different port for the rest of the "conversation". My firewall allowed traffic through 8084, but was blocking the subsequent traffic.

There are two options.

Allow inbound traffic on all ephemeral ports (yikes!).

Develop a JMX wrapper that uses a single port for communication.

linux - Memory Usage Numbers In top/htop

Can someone please explain this top output. Each PHP process is using 30% of the total memory or of the used memory? Furthermore how can it be that the combined used memory across all the PHP processes far exceeds my system memory? Is this the shared memory?

Thanks in advance

top - 14:15:34 up 2 days, 12:38,  1 user,  load average: 0.97, 1.03, 0.93
Tasks: 124 total,   1 running, 123 sleeping,   0 stopped,   0 zombie
Cpu(s):  4.9%us,  0.3%sy,  0.0%ni, 94.6%id,  0.0%wa,  0.0%hi,  0.1%si,  0.1%st
Mem:   1029508k total,   992140k used,    37368k free,   150404k buffers
Swap:   262136k total,     2428k used,   259708k free,   551500k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

 6695 www-data  20   0  548m 307m 292m S    0 30.6   8:06.55 php-fpm
 6697 www-data  20   0  547m 306m 292m S    0 30.4   7:59.64 php-fpm
 6691 www-data  20   0  547m 305m 291m S    2 30.4   8:04.96 php-fpm
 6689 www-data  20   0  547m 305m 291m S    2 30.3   8:07.55 php-fpm
 6696 www-data  20   0  540m 298m 292m S    1 29.7   8:13.43 php-fpm
 6705 www-data  20   0  540m 298m 292m S    0 29.7   8:17.24 php-fpm
 6699 www-data  20   0  540m 298m 291m S    4 29.7   8:07.39 php-fpm
 6701 www-data  20   0  541m 297m 289m S    0 29.6   7:59.87 php-fpm
 6700 www-data  20   0  540m 297m 290m S    0 29.5   8:09.92 php-fpm
 6694 www-data  20   0  541m 296m 288m S    2 29.5   8:05.18 php-fpm

 6707 www-data  20   0  541m 296m 288m S    0 29.5   8:09.40 php-fpm
 6692 www-data  20   0  541m 296m 289m S    0 29.5   8:14.23 php-fpm
 6706 www-data  20   0  541m 296m 289m S    3 29.5   8:07.59 php-fpm
 6698 www-data  20   0  541m 295m 288m S    4 29.4   8:04.85 php-fpm
 6704 www-data  20   0  539m 295m 289m S    2 29.4   8:13.58 php-fpm
 6708 www-data  20   0  540m 295m 288m S    1 29.4   8:14.27 php-fpm
 6802 www-data  20   0  540m 295m 288m S    3 29.3   8:11.63 php-fpm
 6690 www-data  20   0  541m 294m 287m S    3 29.3   8:14.54 php-fpm
 6693 www-data  20   0  539m 293m 287m S    2 29.2   8:16.33 php-fpm
 6702 www-data  20   0  540m 293m 286m S    0 29.2   8:12.41 php-fpm

 8641 www-data  20   0  540m 292m 285m S    4 29.1   6:45.87 php-fpm
 8640 www-data  20   0  539m 291m 285m S    2 29.0   6:47.01 php-fpm
 6703 www-data  20   0  539m 291m 285m S    2 29.0   8:17.77 php-fpm
 8642 www-data  20   0  540m 291m 284m S    0 29.0   6:42.98 php-fpm
 8646 www-data  20   0  540m 291m 284m S    0 28.9   6:41.18 php-fpm
10974 www-data  20   0  539m 285m 279m S    2 28.4   5:07.02 php-fpm
11827 www-data  20   0  539m 282m 275m S    0 28.1   4:28.41 php-fpm

Wednesday, May 29, 2019

firewall - Remove one's domain from general spam blacklist

We've a problem similar to the question Getting a domain name off of the blacklist but the solutions posted there doesn't help.

The problem I'm facing is that our domain is probably marked automatically by recipient main server as spam.

We've a registered domain and a fixed IP. We're running Exchange 2010, with FortiGate and trial version of MS ForeFront. All was working well until recently when the ForeFront has expired, then we started getting a lot of spam mails. Then the exchange hub transport server overloaded and failed. We can't recover the server immediately, so we setup a temporary hub transport server in the DMZ while troubleshooting the failed one. During this time, our out going mail started to get bounced. Most (but not all) mails are undelivered or goes into spam box of the recipient.

We've checked numerous spam blacklist site, our IP or domain is not listed. We're currently submitting to individual mail server to have us whitelisted. This seems to happen all at the same time, which lead us to wonder if there's a general blacklist which most of our recipient server is checking from. Or there's something which we've overlooked?

The problem stills remains until today which is a week already, and we've since reinstalled the original hub transport. The temporary server is still running.

Btw, the reversed DNS of our IP doesn't match our domain name.

Any help is greatly appreciated.

Answer

The first problem is going to be that your r-DNS doesn't match the DNS. That's a big red-flag right there for spam engines.

If the good server is back online I'd take the temp server offline and see if the problem goes away by itself.

Tuesday, May 28, 2019

Ubuntu mysql error: Disk is full writing

I had some mysql problems yesterday. I got "Too many connections" error on my sites because one of my script went a little bit crazy. After I fixed the connection problems I still got an error in mysql log.

/usr/sbin/mysqld: Disk is full writing

I checked my disk usage with "df -h" and I got this result:

Filesystem Size Used Avail Use% Mounted on

/dev/xvda1 3.0G 2.9G 0 100% /

none 530M 132K 530M 1% /dev

none 549M 0 549M 0% /dev/shm

none 549M 52K 549M 1% /var/run

none 549M 0 549M 0% /var/lock

So my "/dev/xvda1" file is full. I have no idea what this file doing, im really beginner on linux systems. My question is what should I do with it? Delete it?

Answer

If you delete that "file" you will be erasing your disk. /dev/xda1 is the the logical path that refers to your hard drive.

First of all check /var/log to see how big it is (go to the folder and do du -sh). Erase (extract first to another machine if you need them later) the logs of mysql if they are too big. My guess is your "crazy script" filled up your logs.

domain name system - Intranet BIND server fallback to internet DNS servers?

On our local small business network, we have a need to run a intranet-only BIND (named) DNS server for only local, intranet-only addresses. For example, we do a lot of web development on the network, so having a DNS server to manage local addresses (example: testsite3.local) is beneficial.

One aspect of this we are unsure of is, currently all the business desktops have their DNS servers set to 75.75.75.75 and 75.75.76.76, which are Comcast internet DNS servers (Comcast is our business ISP). So if we change the computer's DNS to point instead to our local DNS server, how do you setup bind to "forward" all failed requests out to the Comcast DNS servers?

For example, if someone on the network trys to visit www.google.com, their computer will first check with our local DNS server, which obviously doesn't have internet DNS records in it like google.com. So then, either the computer needs to know to check with the secondary or tertiary DNS servers OR can the local DNS server somehow request the info from 75.75.75.75 or 75.75.76.76? Is this something called zone transfers?

I know that on each individual computer (OSX in this case) that I can manually set the primary DNS to be the local server, and then secondary and tertiary servers to be the Comcast DNS servers. But I wanted to see if there was a better, more manageable way on the server side to do this.

Answer

DNS clients do not work like this, they do not "fall back" to the other records. A properly-functioning DNS client should choose a server at random from its configured list to spread the query load evenly, and have alternate servers in case one should go offline.

If you need to serve both internal and external DNS records then you should have your client machines configured to only use the internal DNS servers, and configure your internal server to attempt to resolve any non-locally defined DNS records from the external server.

The beginning of this would be the allow-recursion directive in BIND. Just be sure that you do not allow recursive lookups from machines not on your network as that is how DNS Amplification Attacks happen.

linux - Unable to communicate with pacemaker host while authorising

I'm trying to configure pacemaker cluster with two hosts, I'm using two centos 7(CentOS Linux release 7.2.1511 (Core)) virtual machines.

What I did so far:
I installed packages:

yum install pacemaker corosync haproxy pcs fence-agents-all

Set password for user hacluster on both servers.
Edit /etc/hosts on both machines


10.0.0.14 vm_haproxy1
10.0.0.15 vm_haproxy2

After that enabled services on both servers


systemctl enable pcsd.service pacemaker.service corosync.service haproxy.service

And started pcsd (on both servers)


systemctl start pcsd.service

Service is running on both, I can telnet from one to another on port 2224


telnet vm_haproxy1 2224
Trying 10.0.0.14...
Connected to vm_haproxy1.
Escape character is '^]'.

Output from the netstat:



[root@vm_haproxy2 ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      849/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      946/master          
tcp6       0      0 :::2224                 :::*                    LISTEN      1949/ruby           
tcp6       0      0 :::22                   :::*                    LISTEN      849/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      946/master          
udp        0      0 127.0.0.1:323           0.0.0.0:*                           619/chronyd         
udp6       0      0 ::1:323                 :::*                                619/chronyd

Pcsd is binding to ipv6 but like I already said telnet works
Selinux and firewalld are disabled.

Then I tried to authorise hosts with


pcs cluster auth vm_haproxy1 vm_haproxy2

but I got an error:

 
pcs cluster auth vm_haproxy1 vm_haproxy2
Username: hacluster
Password: 
Error: Unable to communicate with vm_haproxy1
Error: Unable to communicate with vm_haproxy2

I didn't find any help on google. Maybe there is some one who had already solved that problem with pcs authorisation.

Sunday, May 26, 2019

capacity planning - When to Add another server(s)

When is the right time to start adding(or thinking about adding) servers to your Web Application? What are the difficulties involved in going from a single server(DB and Web) to multiple?

For example:

Most of the time you start with one sever that you use for both DB and Web then you split you DB/Web onto a different server then go to multiple web servers(which creates session issues) then possibly a NAS for the DB etc etc.

Answer

When is the right time to start
adding(or thinking about adding)
servers to your Web Application?

...(going from a single server ... to multiple)

Think about it: From the beginning.

Start adding: When you get your first "server too busy" error. Anything sooner is premature optimization.

(Unless your web app is mission critical, in which case you probably aren't starting from scratch and don't need to poll the serverfault.com community.)

But seriously, for modern consumer web applications, getting "server too busy" can actually be a good thing. It certainly never hurt Facebook, Twitter, or YouTube. The danger with adding servers too early is that your app will never be as popular as you are expecting and you've ended up wasting money that could have been spent on feature development.

If you're one of the lucky few who actually has a hit web property, then (a) congratulations, and (b) you'll be able to measure your average response times from your log files and can take a more metric-driven approach to adding servers.

networking - CentOS 6: strange page allocation failure messages

I set up a new Server with CentOS 6.4 final as successor for an old mysql server and I'm facing some problems with it. From time to time mysql connections are being disconnected. Furthermore the transfer of the large backup tar files to a ftp-storage sometimes fails. Both not reproducible.

While analyzing I found some strange messages that I cannot interpret in /var/log/messages.

Mar 30 13:09:24 s16838172 kernel: swapper: page allocation failure. order:1, mode:0x20
Mar 30 13:09:24 s16838172 kernel: Pid: 0, comm: swapper Not tainted 2.6.32-358.0.1.el6.x86_64 #1
Mar 30 13:09:24 s16838172 kernel: Call Trace:

Mar 30 13:09:24 s16838172 kernel:   [] ? __alloc_pages_nodemask+0x757/0x8d0
Mar 30 13:09:24 s16838172 kernel: [] ? kmem_getpages+0x62/0x170
Mar 30 13:09:24 s16838172 kernel: [] ? fallback_alloc+0x1ba/0x270
Mar 30 13:09:24 s16838172 kernel: [] ? cache_grow+0x2cf/0x320
Mar 30 13:09:24 s16838172 kernel: [] ? ____cache_alloc_node+0x99/0x160
Mar 30 13:09:24 s16838172 kernel: [] ? kmem_cache_alloc+0x11b/0x190
Mar 30 13:09:24 s16838172 kernel: [] ? sk_prot_alloc+0x48/0x1c0
Mar 30 13:09:24 s16838172 kernel: [] ? sk_clone+0x22/0x2e0
Mar 30 13:09:24 s16838172 kernel: [] ? inet_csk_clone+0x16/0xd0
Mar 30 13:09:24 s16838172 kernel: [] ? tcp_create_openreq_child+0x23/0x450

Mar 30 13:09:24 s16838172 kernel: [] ? tcp_v4_syn_recv_sock+0x4d/0x310
Mar 30 13:09:24 s16838172 kernel: [] ? tcp_check_req+0x226/0x460
Mar 30 13:09:24 s16838172 kernel: [] ? tcp_v4_do_rcv+0x35b/0x430
Mar 30 13:09:24 s16838172 kernel: [] ? ipv4_confirm+0x87/0x1d0 [nf_conntrack_ipv4]
Mar 30 13:09:24 s16838172 kernel: [] ? tcp_v4_rcv+0x4fe/0x8d0
Mar 30 13:09:24 s16838172 kernel: [] ? ip_local_deliver_finish+0x0/0x2d0
Mar 30 13:09:24 s16838172 kernel: [] ? ip_local_deliver_finish+0xdd/0x2d0
Mar 30 13:09:24 s16838172 kernel: [] ? ip_local_deliver+0x98/0xa0
Mar 30 13:09:24 s16838172 kernel: [] ? ip_rcv_finish+0x12d/0x440
Mar 30 13:09:24 s16838172 kernel: [] ? ip_rcv+0x275/0x350

Mar 30 13:09:24 s16838172 kernel: [] ? __netif_receive_skb+0x4ab/0x750
Mar 30 13:09:24 s16838172 kernel: [] ? netif_receive_skb+0x58/0x60
Mar 30 13:09:24 s16838172 kernel: [] ? napi_skb_finish+0x50/0x70
Mar 30 13:09:24 s16838172 kernel: [] ? napi_gro_receive+0x39/0x50
Mar 30 13:09:24 s16838172 kernel: [] ? e1000_receive_skb+0x5b/0x90 [e1000e]
Mar 30 13:09:24 s16838172 kernel: [] ? e1000_clean_rx_irq+0x241/0x4c0 [e1000e]
Mar 30 13:09:24 s16838172 kernel: [] ? e1000e_poll+0xbd/0x380 [e1000e]
Mar 30 13:09:24 s16838172 kernel: [] ? e1000_put_txbuf+0x6a/0xa0 [e1000e]
Mar 30 13:09:24 s16838172 kernel: [] ? net_rx_action+0x103/0x2f0
Mar 30 13:09:24 s16838172 kernel: [] ? hrtimer_get_next_event+0xc3/0x100

Mar 30 13:09:24 s16838172 kernel: [] ? __do_softirq+0xc1/0x1e0
Mar 30 13:09:24 s16838172 kernel: [] ? handle_IRQ_event+0x60/0x170
Mar 30 13:09:24 s16838172 kernel: [] ? call_softirq+0x1c/0x30
Mar 30 13:09:24 s16838172 kernel: [] ? do_softirq+0x65/0xa0
Mar 30 13:09:24 s16838172 kernel: [] ? irq_exit+0x85/0x90
Mar 30 13:09:24 s16838172 kernel: [] ? do_IRQ+0x75/0xf0
Mar 30 13:09:24 s16838172 kernel: [] ? ret_from_intr+0x0/0x11
Mar 30 13:09:24 s16838172 kernel:   [] ? intel_idle+0xde/0x170
Mar 30 13:09:24 s16838172 kernel: [] ? intel_idle+0xc1/0x170
Mar 30 13:09:24 s16838172 kernel: [] ? cpuidle_idle_call+0xa7/0x140

Mar 30 13:09:24 s16838172 kernel: [] ? cpu_idle+0xb6/0x110
Mar 30 13:09:24 s16838172 kernel: [] ? rest_init+0x7a/0x80
Mar 30 13:09:24 s16838172 kernel: [] ? start_kernel+0x424/0x430
Mar 30 13:09:24 s16838172 kernel: [] ? x86_64_start_reservations+0x125/0x129
Mar 30 13:09:24 s16838172 kernel: [] ? x86_64_start_kernel+0xfa/0x109

This kind of message blocks appearing about 2-10 times in 5 minutes, after that they are gone for a few hours.

Can somebody help me with that? I hope its not a hardware problem.

Update:
Seems to be reproducible by transferring big files over network (backups to ftp-storage). The ftp upload fails/aborts after a few GB and the stuff above appears in /var/log/messages

Thanks!

Saturday, May 25, 2019

Why is the wrong name server information at crsnic.net & gtld-servers.net?

Did I screw this up? I don’t even know how this might have happened, so I’d like to learn. I’m trying out HostGator’s reseller service and I bought a domain name through it, but I didn’t want the default name servers and so I changed them during the registration. After registration the domain name record is correct everywhere except at whois-servers.net and whois.crsnic.net and it looks like the DNS network is using that same information.


$ whois -h whois.enom.com. example.com
...
Name Servers:
   dns1.name-services.com
   dns2.name-services.com
   dns3.name-services.com
   dns4.name-services.com
   dns5.name-services.com

...
$ whois -h whois.crsnic.net. example.com
   Domain Name: EXAMPLE.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com
   Name Server: NS1.HOSTGATOR.COM
   Name Server: NS2.HOSTGATOR.COM
   Status: clientTransferProhibited
   Updated Date: 01-jun-2010

   Creation Date: 31-may-2010
   Expiration Date: 31-may-2011

>>> Last update of whois database: Tue, 01 Jun 2010 19:20:47 UTC <<<
...
    $ dig +norecurse @b.gtld-servers.net. example.com. NS
...
;; AUTHORITY SECTION:
example.com.      172763  IN      NS      ns2.hostgator.com.
example.com.      172763  IN      NS      ns1.hostgator.com.

...

My next step is to let HostGator have a look, but first I want to better understand how this happened.

Thanks.

Answer

I would contact the registrar to ensure they actually pushed the change out to the root DNS servers and have the correct information on file. I haven't used HostGator specifically, but some of the registrar APIs that I've had to talk to in the past have been.... glitchy.

Friday, May 24, 2019

storage - When to Use Nexenta or OpenFiler or GlusterFS

I am not an expert in storage solution and I ma eager to understand the big picture when choosing Storage OS like when we choose to Nexentastor or OpenFiler or GlusterFS

Those three apps are only the example since from my understanding each has its own characters that can be bound together

If anyone here can give further explanation I will be very grateful

Answer

openfiler is good if you need an iSCSI or feature-rich NAS storage solution on a single machine with direct storage. Something like Gluster is good when you have an array of machines and you need to store the data across multiple servers. This is better for write-only operations as reads can be much slower.

enable mysql 5.5 for php

I currently have mysql 5.5 installed. when installing php-mysql on centos 5, it failed due to dependency errors. Seems like the version in the repo conflicts with the MYSQL already installed on the system.


# yum install php-mysql
Loaded plugins: rhnplugin, security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-mysql.x86_64 0:5.1.6-27.el5_5.3 set to be updated

--> Processing Dependency: php-pdo for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15)(64bit) for package: php-mysql
--> Processing Dependency: libmysqlclient.so.15()(64bit) for package: php-mysql
--> Running transaction check
---> Package mysql.x86_64 0:5.0.77-4.el5_5.5 set to be updated
--> Processing Dependency: perl(DBI) for package: mysql
---> Package php-pdo.x86_64 0:5.1.6-27.el5_5.3 set to be updated
--> Running transaction check
---> Package perl-DBI.x86_64 0:1.52-2.el5 set to be updated
--> Processing Conflict: mysql conflicts MySQL

--> Finished Dependency Resolution
mysql-5.0.77-4.el5_5.5.x86_64 from rhel-x86_64-server-5 has depsolving problems
  --> mysql conflicts with MySQL-server
Error: mysql conflicts with MySQL-server
 You could try using --skip-broken to work around the problem
 You could try running: package-cleanup --problems
                        package-cleanup --dupes
                        rpm -Va --nofiles --nodigest
The program package-cleanup is found in the yum-utils package.

Answer

Normally this can be fixed by installing MySQL's MySQL-shared-compat package. This will override Redhat's client library and provide what the other packages need. Then yum won't (hopefully) be tempted to install Redhat's dodgy mysql server.

raid - Dell PowerEdge 1950 Drive Bay not showing in SAS Configuration Utility

We have a Dell PowerEdge 1950 in RAID 1. Recently, the drive in Bay 0 began rapidly blinking green (I'm guessing twice per second, indicating "identifying drive").

When I open the SAS Configuration Utility and look at the SAS topology, it only shows Bay 1--Bay 0 doesn't even show up. When I replace the drive with a new one (we had to swap out the drive in Bay 1 last month with the exact model/firmware, so I know these new drives are proper), Bay 0 still does not show up. Refresh does nothing. Do we have a problem with the SAS controller?

Any guidance is much appreciated.

Thursday, May 23, 2019

domain name system - Is it possible to set a PTR record for Github Pages hosting?

Icelandic domains (.is) require that their domains support reverse DNS, which means configuring PTR records on the hosting server.

Is it possible to set up a PTR record for GitHub Pages site hosting?

Background:

I have an Icelandic top-level domain - petejones.is - and am using CloudFlare for DNS and GitHub Pages for hosting. Icelandic domains are a little unusual in that .is domains must be registered through the national registrar ISNIC, and they have some tougher (it seems) requirements that the registered domains must comply with.

Apparently my setup is not quite up to snuff, as I've just gotten a notice from them that my DNS is not configured correctly. Here's the key bit:

Test results for "DREW.NS.CLOUDFLARE.COM": The IP address
2400:cb00:2049:########## of nameserver jasmine.ns.cloudflare.com
is missing its PTR record or has an incorrect PTR record. The IP
address 2400:cb00:2049:########## of nameserver
drew.ns.cloudflare.com is missing its PTR record or has an incorrect
PTR record. Test results for "JASMINE.NS.CLOUDFLARE.COM":

My sophisticated research (quick googling) indicates that ISNIC is testing to make sure the domain supports reverse DNS - you can resolve the IP from the domain name and vice versa - which seems to be a way of discouraging spam email domains.

Apparently this is configured on the host, rather than the DNS, which makes sense given that the goal is to find the domain from the host.

Is this possible on GitHub Pages? I've seen plenty of info on adding A or CNAME records but nothing about PTR records. I suspect GitHub doesn't get a lot of requests for this because they aren't concerned with email delivery.

Answer

The warning that you're seeing there isn't actually about GitHub or GitHub pages at all, but about CloudFlare's name servers.

Personally, I'd argue that accurate PTR on a name server's IPv6 address really isn't a problem, per se - email is going to care about reverse resolution for the mail server, not the DNS server. We know the DNS server is valid for the domain because it's been delegated to; ensuring the owner of the IP space has named it identically is a pointless exercise.

However, CloudFlare would probably be interested in being compatible with the .is registrar's desires; you should drop them a note and they might happily fix.

linux - Oracle invoked oom-killer even when RAM and SWAP is plenty free?

Can you please tell me what cause this Oracle process killed? Seems like plenty of RAM free, and plenty of SWAP free. There followed few other oracle processes killed.
The VM has the 16G of vMem and 8 vCPU.
But I am posting here the first oracle process that got killed:

 Mar  1 20:00:58 ******* kernel: oracle invoked oom-killer: gfp_mask=0x280da, order=0, oom_adj=0, oom_score_adj=0
Mar  1 20:00:58 ******* kernel: oracle cpuset=/ mems_allowed=0
Mar  1 20:00:58 ******* kernel: Pid: 2370, comm: oracle Not tainted 2.6.32-431.el6.x86_64 #1
Mar  1 20:00:58 ******* kernel: Call Trace:

Mar  1 20:00:58 ******* kernel: [] ? cpuset_print_task_mems_allowed+0x91/0xb0
Mar  1 20:00:58 ******* kernel: [] ? dump_header+0x90/0x1b0
Mar  1 20:00:58 ******* kernel: [] ? security_real_capable_noaudit+0x3c/0x70
Mar  1 20:00:58 ******* kernel: [] ? oom_kill_process+0x82/0x2a0
Mar  1 20:00:58 ******* kernel: [] ? select_bad_process+0xe1/0x120
Mar  1 20:00:58 ******* kernel: [] ? out_of_memory+0x220/0x3c0
Mar  1 20:00:58 ******* kernel: [] ? __alloc_pages_nodemask+0x8ac/0x8d0
Mar  1 20:00:58 ******* kernel: [] ? alloc_pages_vma+0x9a/0x150
Mar  1 20:00:58 ******* kernel: [] ? handle_pte_fault+0x73d/0xb00
Mar  1 20:00:58 ******* kernel: [] ? free_pgtables+0xce/0x120

Mar  1 20:00:58 ******* kernel: [] ? unmap_region+0xcd/0x130
Mar  1 20:00:58 ******* kernel: [] ? vma_prio_tree_add+0x75/0xd0
Mar  1 20:00:58 ******* kernel: [] ? handle_mm_fault+0x22a/0x300
Mar  1 20:00:58 ******* kernel: [] ? __do_page_fault+0x138/0x480
Mar  1 20:00:58 ******* kernel: [] ? do_mmap_pgoff+0x335/0x380
Mar  1 20:00:58 ******* kernel: [] ? do_page_fault+0x3e/0xa0
Mar  1 20:00:58 ******* kernel: [] ? page_fault+0x25/0x30
Mar  1 20:00:58 ******* kernel: Mem-Info:
Mar  1 20:00:58 ******* kernel: Node 0 DMA per-cpu:
Mar  1 20:00:58 ******* kernel: CPU    0: hi:    0, btch:   1 usd:   0

Mar  1 20:00:58 ******* kernel: CPU    1: hi:    0, btch:   1 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    2: hi:    0, btch:   1 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    3: hi:    0, btch:   1 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    4: hi:    0, btch:   1 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    5: hi:    0, btch:   1 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    6: hi:    0, btch:   1 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    7: hi:    0, btch:   1 usd:   0
Mar  1 20:00:58 ******* kernel: Node 0 DMA32 per-cpu:
Mar  1 20:00:58 ******* kernel: CPU    0: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    1: hi:  186, btch:  31 usd:   0

Mar  1 20:00:58 ******* kernel: CPU    2: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    3: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    4: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    5: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    6: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    7: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: Node 0 Normal per-cpu:
Mar  1 20:00:58 ******* kernel: CPU    0: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    1: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    2: hi:  186, btch:  31 usd:   0

Mar  1 20:00:58 ******* kernel: CPU    3: hi:  186, btch:  31 usd:  20
Mar  1 20:00:58 ******* kernel: CPU    4: hi:  186, btch:  31 usd:  32
Mar  1 20:00:58 ******* kernel: CPU    5: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: CPU    6: hi:  186, btch:  31 usd: 184
Mar  1 20:00:58 ******* kernel: CPU    7: hi:  186, btch:  31 usd:   0
Mar  1 20:00:58 ******* kernel: active_anon:2673615 inactive_anon:368657 isolated_anon:0
Mar  1 20:00:58 ******* kernel: active_file:3541 inactive_file:3962 isolated_file:32
Mar  1 20:00:58 ******* kernel: unevictable:0 dirty:3 writeback:2770 unstable:0
Mar  1 20:00:58 ******* kernel: free:33763 slab_reclaimable:16555 slab_unreclaimable:28221
Mar  1 20:00:58 ******* kernel: mapped:1517627 shmem:1730877 pagetables:906135 bounce:0

Mar  1 20:00:58 ******* kernel: Node 0 DMA free:15132kB min:60kB low:72kB high:88kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:14740kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
Mar  1 20:00:58 ******* kernel: lowmem_reserve[]: 0 3000 16130 16130
Mar  1 20:00:58 ******* kernel: Node 0 DMA32 free:64904kB min:12556kB low:15692kB high:18832kB active_anon:2064816kB inactive_anon:516452kB active_file:492kB inactive_file:188kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3072096kB mlocked:0kB dirty:0kB writeback:0kB mapped:2319432kB shmem:2352892kB slab_reclaimable:7420kB slab_unreclaimable:3620kB kernel_stack:832kB pagetables:24672kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:1 all_unreclaimable? no
Mar  1 20:00:58 ******* kernel: lowmem_reserve[]: 0 0 13130 13130
Mar  1 20:00:58 ******* kernel: Node 0 Normal free:55016kB min:54964kB low:68704kB high:82444kB active_anon:8629644kB inactive_anon:958176kB active_file:13672kB inactive_file:15660kB unevictable:0kB isolated(anon):0kB isolated(file):128kB present:13445120kB mlocked:0kB dirty:12kB writeback:11080kB mapped:3751076kB shmem:4570616kB slab_reclaimable:58800kB slab_unreclaimable:109264kB kernel_stack:5360kB pagetables:3599868kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:160 all_unreclaimable? no
Mar  1 20:00:58 ******* kernel: lowmem_reserve[]: 0 0 0 0
Mar  1 20:00:58 ******* kernel: Node 0 DMA: 3*4kB 2*8kB 2*16kB 3*32kB 2*64kB 2*128kB 1*256kB 0*512kB 0*1024kB 1*2048kB 3*4096kB = 15132kB
Mar  1 20:00:58 ******* kernel: Node 0 DMA32: 1225*4kB 859*8kB 878*16kB 547*32kB 184*64kB 34*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB 1*4096kB = 65596kB
Mar  1 20:00:58 ******* kernel: Node 0 Normal: 9165*4kB 1804*8kB 46*16kB 2*32kB 1*64kB 1*128kB 1*256kB 1*512kB 1*1024kB 1*2048kB 0*4096kB = 55924kB
Mar  1 20:00:58 ******* kernel: 1760824 total pagecache pages

Mar  1 20:00:58 ******* kernel: 22460 pages in swap cache
Mar  1 20:00:58 ******* kernel: Swap cache stats: add 6636857, delete 6614397, find 15635455/16141480
Mar  1 20:00:58 ******* kernel: Free swap  = 33548340kB
Mar  1 20:00:58 ******* kernel: Total swap = 36184056kB
Mar  1 20:00:58 ******* kernel: 4194288 pages RAM
Mar  1 20:00:58 ******* kernel: 111808 pages reserved
Mar  1 20:00:58 ******* kernel: 59252583 pages shared
Mar  1 20:00:58 ******* kernel: 2502605 pages non-shared
Mar  1 20:00:58 ******* kernel: [ pid ]   uid  tgid total_vm      rss cpu oom_adj oom_score_adj name
Mar  1 20:00:58 ******* kernel: [  612]     0   612     2769       42   2     -17         -1000 udevd

Mar  1 20:00:58 ******* kernel: [ 1872]     0  1872    47365      204   7       0             0 vmtoolsd
Mar  1 20:00:58 ******* kernel: [ 1980]     0  1980    23294      109   6     -17         -1000 auditd
Mar  1 20:00:58 ******* kernel: [ 1996]     0  1996    62898      842   4       0             0 rsyslogd
Mar  1 20:00:58 ******* kernel: [ 2025]     0  2025     2738       93   3       0             0 irqbalance
Mar  1 20:00:58 ******* kernel: [ 2039]    32  2039     4744       68   4       0             0 rpcbind
Mar  1 20:00:58 ******* kernel: [ 2071]    29  2071     5837       61   3       0             0 rpc.statd
Mar  1 20:00:58 ******* kernel: [ 2092]     0  2092     5773       31   1       0             0 rpc.idmapd
Mar  1 20:00:58 ******* kernel: [ 2211]     0  2211    39323      127   5       0             0 pbx_exchange
Mar  1 20:00:58 ******* kernel: [ 2223]     0  2223    48106      158   5       0             0 winbindd
Mar  1 20:00:58 ******* kernel: [ 2237]     0  2237     1020       48   4       0             0 acpid

Mar  1 20:00:58 ******* kernel: [ 2323]     0  2323    49766      281   0       0             0 winbindd
Mar  1 20:00:58 ******* kernel: [ 2540]     0  2540    26827       11   5       0             0 rpc.rquotad
Mar  1 20:00:58 ******* kernel: [ 2544]     0  2544     5414       41   5       0             0 rpc.mountd
Mar  1 20:00:58 ******* kernel: [ 2580]     0  2580     1570       23   0       0             0 mcelog
Mar  1 20:00:58 ******* kernel: [ 2592]     0  2592    16651       78   5     -17         -1000 sshd
Mar  1 20:00:58 ******* kernel: [ 2600]     0  2600     5545      105   3       0             0 xinetd
Mar  1 20:00:58 ******* kernel: [ 2608]    38  2608     7147      132   5       0             0 ntpd
Mar  1 20:00:58 ******* kernel: [ 2618]   498  2618    25741       57   2       0             0 uuidd
Mar  1 20:00:58 ******* kernel: [ 2630]     0  2630    43170      139   3       0             0 vnetd
Mar  1 20:00:58 ******* kernel: [ 2638]     0  2638    52398      158   2       0             0 bpcd

Mar  1 20:00:58 ******* kernel: [ 2655]     0  2655   198335      478   4       0             0 nbdisco
Mar  1 20:00:58 ******* kernel: [ 2676]     0  2676    76958       82   2       0             0 mtstrmd
Mar  1 20:00:58 ******* kernel: [ 2707]     0  2707    22314      141   0       0             0 sendmail
Mar  1 20:00:58 ******* kernel: [ 2716]    51  2716    19658       80   4       0             0 sendmail
Mar  1 20:00:58 ******* kernel: [ 2734]     0  2734   200856      353   7       0             0 avagent.bin
Mar  1 20:00:58 ******* kernel: [ 2747]     0  2747    44287      178   3       0             0 tuned
Mar  1 20:00:58 ******* kernel: [ 2757]     0  2757    29333      103   6       0             0 crond
Mar  1 20:00:58 ******* kernel: [ 2778]     0  2778    27431      167   7       0             0 saphostexec
Mar  1 20:00:58 ******* kernel: [ 2805]   600  2805   545016     4031   5       0             0 sapstartsrv
Mar  1 20:00:58 ******* kernel: [ 2885]   834  2885   100602      294   3       0             0 sapstartsrv

Mar  1 20:00:58 ******* kernel: [ 2904]     0  2904     5385       31   6       0             0 atd
Mar  1 20:00:58 ******* kernel: [ 2928]     0  2928    26005       69   5       0             0 rhsmcertd
Mar  1 20:00:58 ******* kernel: [ 2935]     0  2935     8154     1110   0       0             0 saposcol
Mar  1 20:00:58 ******* kernel: [ 3098]   834  3098    13538       50   3       0             0 sapstart
Mar  1 20:00:58 ******* kernel: [ 3128]   834  3128    43278      119   5       0             0 jc.sapDAA_SMDA9
Mar  1 20:00:58 ******* kernel: [ 3144]   834  3144  1276839    57796   4       0             0 jstart
Mar  1 20:00:58 ******* kernel: [ 3211]   703  3211    33752      378   5       0             0 perl
Mar  1 20:00:58 ******* kernel: [ 3288]   703  3288  1181563    62355   0       0             0 java
Mar  1 20:00:58 ******* kernel: [ 3497]     0  3497     1016       34   1       0             0 mingetty
Mar  1 20:00:58 ******* kernel: [ 3499]     0  3499     1016       34   1       0             0 mingetty

Mar  1 20:00:58 ******* kernel: [ 3502]     0  3502     1016       34   1       0             0 mingetty
Mar  1 20:00:58 ******* kernel: [ 3504]     0  3504     1016       34   2       0             0 mingetty
Mar  1 20:00:58 ******* kernel: [ 3506]     0  3506     1016       34   1       0             0 mingetty
Mar  1 20:00:58 ******* kernel: [ 3508]     0  3508     1016       34   1       0             0 mingetty
Mar  1 20:00:58 ******* kernel: [ 3515]     0  3515     3098       41   2     -17         -1000 udevd
Mar  1 20:00:58 ******* kernel: [ 3516]     0  3516     3098       41   4     -17         -1000 udevd
Mar  1 20:00:58 ******* kernel: [13764]     0 13764    48089       89   7       0             0 winbindd
Mar  1 20:00:58 ******* kernel: [13765]     0 13765    48089       92   7       0             0 winbindd
Mar  1 20:00:58 ******* kernel: [13873]   703 13873  2403434     6196   5       0             0 oracle
Mar  1 20:00:58 ******* kernel: [13875]   703 13875  2402873      651   3       0             0 oracle

Mar  1 20:00:58 ******* kernel: [13880]   703 13880  2402873      423   4       0             0 oracle
Mar  1 20:00:58 ******* kernel: [13875]   703 13875  2402873      651   3       0             0 oracle
Mar  1 20:00:58 ******* kernel: [13880]   703 13880  2402873      423   4       0             0 oracle

.. Note: Removed bunch of oracle processes here so as to limit the character length for the posting here. Total of 296 oracle process running.
..
Mar  1 20:00:59 ******* kernel: [18644]     0 18644    44207      371   1       0             0 bpclntcmd
Mar  1 20:00:59 ******* kernel: [18647]   703 18647    57442      240   3       0             0 oracle
Mar  1 20:00:59 ******* kernel: [18656]   703 18656    57442      185   6       0             0 oracle
Mar  1 20:00:59 ******* kernel: [18657] 54329 18657     9279      196   1       0             0 nrpe

Mar  1 20:00:59 ******* kernel: [18660] 54329 18660     9314      255   2       0             0 nrpe
Mar  1 20:00:59 ******* kernel: [18662]     0 18662    39263      289   5       0             0 crond
Mar  1 20:00:59 ******* kernel: [18663]     0 18663     5745      341   1       0             0 saposcol
Mar  1 20:00:59 ******* kernel: [18664] 54329 18664     9315      146   3       0             0 nrpe
Mar  1 20:00:59 ******* kernel: [18665] 54329 18665     5730       76   0       0             0 check_open_file
Mar  1 20:00:59 ******* kernel: [18666] 54329 18666     6611      191   4       0             0 xinetd
Mar  1 20:00:59 ******* kernel: [18667]     0 18667     8389      183   1       0             0 sapcimb
Mar  1 20:00:59 ******* kernel: [18669]     0 18669     6610      171   0       0             0 xinetd
Mar  1 20:00:59 ******* kernel: [18670]     0 18670     6610      171   0       0             0 xinetd
Mar  1 20:00:59 ******* kernel: [18677]     0 18677     6610      177   5       0             0 xinetd

Mar  1 20:00:59 ******* kernel: [18678]   703 18678    29497      275   4       0             0 perl
Mar  1 20:00:59 ******* kernel: [18682]   703 18682    29497      252   7       0             0 perl
Mar  1 20:00:59 ******* kernel: [18683]   703 18683    29497      231   0       0             0 perl
Mar  1 20:00:59 ******* kernel: [18687]     0 18687     2620       92   1       0             0 .SAPOSCOL_00000
Mar  1 20:00:59 ******* kernel: [18688]     0 18688     6610      186   5       0             0 xinetd
Mar  1 20:00:59 ******* kernel: [18689]     0 18689     6610      189   2       0             0 xinetd
Mar  1 20:00:59 ******* kernel: [18690]     0 18690     6610      191   3       0             0 xinetd
Mar  1 20:00:59 ******* kernel: [18691]     0 18691     6610      194   2       0             0 xinetd
Mar  1 20:00:59 ******* kernel: Out of memory: Kill process 13900 (oracle) score 77 or sacrifice child
Mar  1 20:00:59 ******* kernel: Killed process 13900, UID 703, (oracle) total-vm:9622308kB, anon-rss:5180kB, file-rss:4028040kB

From above, I think these lines says I have plenty of RAM and swap. right?:


Node 0 DMA free:15132kB
Node 0 DMA32 free:64904kB
Node 0 Normal free:55016kB
Free swap  = 33548340kB
Total swap = 36184056kB

Wondering what does it mean by "all_unreclaimable? yes" for Node 0 DMA, and "all_unreclaimable? no"Node 0 DMA31 and Node 0 Normal !

Also, here are the info that might give more info about the server settings:

 $sudo sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.msgmni = 1024

kernel.sem = 1250 256000 100 8192
vm.max_map_count = 1000000
kernel.shmall = 1152921504606846720
fs.file-max = 19801952
net.core.rmem_default = 1048576
net.core.wmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_max = 1048576
fs.aio-max-nr = 1048576
net.ipv4.ip_local_port_range = 9000 65500

vm.swappiness = 0
vm.dirty_background_ratio = 3
vm.dirty_ratio = 15
vm.dirty_expire_centisecs = 500
vm.dirty_writeback_centisecs = 100
kernel.shmmni = 4096

Answer

You don't have much free memory at all.

First, vm.swappiness = 0 Only do this if you are definitely sure you have enough. Setting it low to 10 or so might prevent an out of memory condition. And will actually make use of your paging space.

From the summary of node 0, your 16 GB is roughly a quarter page tables, a quarter shared memory, half anonymous program memory, and some various odds and ends. Notice that the readily available file memory, plus free, is only tens of MB, not large. It won't be able to give you another GB or so of shared memory.

Page tables are eating you alive. You may not have huge pages enabled, which Oracle recommends for databases, and Red Hat does too.

Wednesday, May 22, 2019

iis 7.5 - Securing Two Sub domains on IIS7.5 with SSL on port 443

I have two sub domains pointing at the same IP address i.e.

sub1.example.com

sub2.example.com

Each sub domain maps to a site (let's say sub1 and sub2, respectively) in IIS 7.5 on Windows server 2008 R2. Both sites are non-production sites (a dev and a release candidate).

What I'd like to do is enable HTTPS on both sites via SSL certificate(s) and have access to both sites on port 443. I have downloaded SelfSSL7 in order to generate certificate(s) to use, but I am having trouble with understanding how all the pieces go together.

As I understand it, I need to enable a HTTPS binding for each site via

Right Click -> Edit Bindings... -> Add Https binding

Going this route does not allow one to edit the Host Name, which in the case of sub1.example.com I believe I need to set to sub1.example.com.

I can generate a certificate with SelfSSL7 on the command line using

SelfSSL7 /N cn=sub1.example.com /K 2048 /V 3650 /I /S "sub1" /P443 /A * /T

This adds the certificate under the Server Certificates in IIS 7.5 and also adds it as the certificate to use for site sub1. The Host name under the HTTPS binding for sub1 is still blank however.

Now, If I go and attempt to generate another certificate for sub2 using the above command (and substituting the cn name and site name appropriately), a message comes up

SSL Binding for *:443: already exists. Use /Q to overwrite

If I understand correctly, the first certificate that I have generated is being used for any host headers that come through on port 443. The end result being that a request to either https://sub1.example.com or sub2.example.com are both going to the sub1 site.

How can I configure this correctly for what I'd like to do. I'm either missing a step or I misunderstand how certificates work. Any help would be greatly appreciated and I can add more details if necessary.

Answer

No, you cannot do it -- IIS does not support different certificates on the same port -- only one unique SSL Certificate per IP:port pair (search on this site -- plenty of answers for similar questions, for example: Using several SSL certificates on same IP with IIS 7 ).

Basically you have 2 choices:

Put each site on different HTTPS port: for example 444. You access such site with port number included in URL (which is perfectly fine when used for development or when putting non-important site on SSL) -- http://sub2.example.com:444/

Generate/Obtain wildcard certificate (*.example.com). This site has instructions how then one such certificate can be used by multiple sites: http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

Windows File Permissions don't apply to existing files

We rolled out this new Windows 8.1 machine on the domain recently, other desktops are still using XP. One of the software we install is the Oracle Client, it's installed manually on the machine using a domain admin account (i.e: not deployed through GPO or such).

The user of the computer (non admin) needs full access to the folder where the software is installed C:\oracle\client\[...]. On the XP machines I would login as an admin on the computer, right click on the root folder C:\oracle then go to Security, give full access to [computer_name]\users group, check the Apply to sub-folders settings and click OK.

Here it doesn't work: the user gets full access to all the folders and sub-folders, he can open the folders, create new files anywhere; but the user doesn't have access to the files themselves, he gets Access Denied. However if I change permissions on one specific file then the user can access it.

I have repeated the operation using [domain]\[username] instead and I even gave ownership of the folders to the user without success. Folders are OK, files don't receive the permission change.

So I have:

Full Read / Write / Execute permissions applied to a folder and its subfolders

Permissions are applied to the folders but not the existing files

Changing permissions on one file works (but there are thousands of files in there)

Am I missing something? I have done this many many times on XP and 7 machines so I would think 8.1 is the issue here but I can't find anything about it.

Thanks!

Answer

Sounds like the permission is set to Apply to This folder and subfolders, rather than This folder, subfolders and files.

So you'd change that:

enter image description here

Of course, if the permissions are already set for This folder, subfolders and files, you might just need to force propagation of the permissions to child objects with the Replace all child object permissions with inheritable permissions from this object tickbox.

enter image description here

And, of course, but things can be done with PowerShell, but there's no native parameter for either in the Set-ACL cmdlet, so you'd need your script to apply the permissions recursively. So it might be better to use Icalcs, which includes a parameter to apply the given permission to all files in the folder and any subfolders.

Sunday, May 19, 2019

storage - ZFS stripe on top of hardware RAID 6. What could possibly go wrong?

I have 36*4TB HDD SAN Rack. RAID controller did not support RAID60 and not more than 16 HDDs in one RAID group. So I decided to make 2 RAID6 groups of 16HDD or 4 of 8 HDDs.
I want to get all storage as one partition.

So, what could possibly go wrong if I will use zfs pool on top of hardware RAID6?
Yeah, I know that it is strongly recommended to use native HDDs or pass-through mode. But I have not this option.

Or should I stay away from ZFS and software raids in this situation? (I'm mostly interested in compression and snapshots)

HP ProLiant ML310e Gen8 early system initialization hangs on 90%

just unboxed a brand new HP ProLiant ML310e Gen8 Server.
I can reach the iLO webinterface but the Server hangs on the early system initialization on 90 % with the status code 0114.

I did not find any useful Information on the hp website.

Do you know what the status code mean?

Regards,
Marcel

Answer

The problem is an incompatible DIMM module even though the memory module is sold from Kingston as HP compatible.

You can find at the HP SmartMemory Overview a list of compatible DIMMs

Saturday, May 18, 2019

lamp - my webserver with 16GB ram shows all RAM as used, but is it really, see the 'top'

I have some questions about my web server. Its a LAMP web server running centos 5.5 and php5, mysql5. The server gets hundreds (maybe thousand) of concurrent users during peak hours.

I'm trying to optimize a little and understand "top". From what I can see:

all 16GB of my ram have been used up?

does that mean that my server needs more memory?

My swap is only 2GB, should it be increased?

usually during peak hours my server load average first number is about 2.5-3. What could I do to optimize the server so that the load average even during peak doesn't go above 1? In the past I was told a good working server should stay under 1 load, is this still true? Although even during load of 2.5-3, server pages and applications seem to load with pretty good speed.

what should the memory size in php.ini be set to?


    top - 14:30:18 up 2 days, 12:41,  5 users,  load average: 1.25, 1.74, 2.92                                                                                                                                                                                      
    Tasks: 305 total,   2 running, 302 sleeping,   0 stopped,   1 zombie                                                                                                                                                                                            
    Cpu(s):  6.3%us,  0.9%sy,  0.0%ni, 92.5%id,  0.2%wa,  0.0%hi,  0.1%si,  0.0%st                                                                                                                                                                                  
    Mem:  16427200k total, 16111472k used,   315728k free,  3120316k buffers                                                                                                                                                                                        
    Swap:  2104496k total,      268k used,  2104228k free,  6216756k cached                                                                                                                                                                                         

      PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                                                                                            29080 apache    15   0  358m  36m 5192 S 20.2  0.2   2:08.40 httpd                                                                                                                                                                                              
    29093 apache    18   0  357m  36m 5192 S 18.2  0.2   2:02.52 httpd                                                                                                                                                                                              29079 apache    15   0  370m  49m 5832 S 10.0  0.3   2:32.14 httpd                                                                                                                                                                                              

     1812 apache    15   0  370m  49m 5196 S  7.3  0.3   2:25.30 httpd                                                                                                                                                                                               5204 apache    15   0  358m  36m 5168 S  5.3  0.2   0:59.28 httpd                                                                                                                                                                                              
    29075 apache    15   0  370m  48m 5184 S  3.3  0.3   2:15.93 httpd                                                                                                                                                                                               9712 apache    15   0  360m  38m 5180 S  3.0  0.2   0:54.81 httpd                                                                                                                                                                                              
    29072 apache    16   0  358m  36m 5192 S  2.7  0.2   2:24.43 httpd                                                                                                                                                                                               6310 apache    17   0  388m  67m 5180 S  2.3  0.4   0:58.85 httpd                                                                                                                                                                                              
     8674 apache    15   0  343m  21m 4980 S  2.0  0.1   0:07.91 httpd                                                                                                                                                                                              29085 apache    15   0  371m  49m 5224 S  2.0  0.3   2:16.86 httpd                                                                                                                                                                                              
    29083 apache    15   0  370m  48m 5196 S  1.7  0.3   2:10.64 httpd                                                                                                                                                                                               5575 apache    15   0  357m  36m 5228 S  1.3  0.2   0:53.78 httpd                                                                                                                                                                                              
    29066 apache    15   0  379m  59m 5860 R  1.3  0.4   2:11.93 httpd                                                                                                                                                                                              29078 apache    15   0  370m  48m 5188 S  1.3  0.3   2:14.52 httpd                                                                                                                                                                                              
    29084 apache    15   0  370m  48m 5208 S  1.0  0.3   2:02.49 httpd                                                                                                                                                                                              29089 apache    15   0  370m  48m 5188 S  1.0  0.3   2:27.61 httpd                                                                                                                                                                                              
    29082 apache    15   0  390m  68m 5188 S  0.7  0.4   2:32.48 httpd                                                                                                                                                                                              29984 apache    15   0  358m  36m 5228 S  0.7  0.2   2:08.32 httpd                                                                                                                                                                                              
     3571 root      16   0 13400 1792  848 S  0.3  0.0   2:37.89 top                                                                                                                                                                                                 4419 mysql     15   0  668m 175m 7204 S  0.3  1.1   3:32.25 mysqld                                                                                                                                                                                             
    28181 root      15   0 90460 3624 2680 S  0.3  0.0   0:17.60 sshd                                                                                                                                                                                               29091 apache    15   0  390m  69m 5196 S  0.3  0.4   2:29.99 httpd                                                                                                                                                                                              

    32476 root      15   0 12900 1320  848 R  0.3  0.0   0:06.46 top                                                                                                                                                                                                    1 root      15   0 10372  680  572 S  0.0  0.0   0:02.01 init                                                                                                                                                                                               
    2 root      RT  -5     0    0    0 S  0.0  0.0   0:00.51 migration/0                                                                                                                                                                                            3 root      34  19     0    0    0 S  0.0  0.0   0:00.07 ksoftirqd/0                                                                                                                                                                                        
    4 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/0                                                                                                                                                                                             5 root      RT  -5     0    0    0 S  0.0  0.0   0:00.12 migration/1                                                                                                                                                                                        
    6 root      34  19     0    0    0 S  0.0  0.0   0:00.03 ksoftirqd/1                                                                                                                                                                                            7 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/1                                                                                                                                                                                         
    8 root      RT  -5     0    0    0 S  0.0  0.0   0:00.06 migration/2                                                                                                                                                                                            9 root      34  19     0    0    0 S  0.0  0.0   0:00.03 ksoftirqd/2                                                                                                                                                                                        
    10 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/2                                                                                                                                                                                            11 root      RT  -5     0    0    0 S  0.0  0.0   0:00.06 migration/3                                                                                                                                                                                        
    12 root      34  19     0    0    0 S  0.0  0.0   0:00.04 ksoftirqd/3                                                                                                                                                                                           13 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/3                                                                                                                                                                                         
    14 root      RT  -5     0    0    0 S  0.0  0.0   0:01.45 migration/4                                                                                                                                                                                           15 root      34  19     0    0    0 S  0.0  0.0   0:00.01 ksoftirqd/4                                                                                                                                                                                        
    16 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/4                                                                                                                                                                                            17 root      RT  -5     0    0    0 S  0.0  0.0   0:00.22 migration/5                                                                                                                                                                                        
       18 root      34  19     0    0    0 S  0.0  0.0   0:00.01 ksoftirqd/5                                                                                                                                                                                           19 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/5                                                                                                                                                                                         

       20 root      RT  -5     0    0    0 S  0.0  0.0   0:00.15 migration/6                                                                                                                                                                                           21 root      34  19     0    0    0 S  0.0  0.0   0:00.02 ksoftirqd/6                                                                                                                                                                                        
       22 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/6                                                                                                                                                                                            23 root      RT  -5     0    0    0 S  0.0  0.0   0:00.15 migration/7                                                                                                                                                                                        
       24 root      34  19     0    0    0 S  0.0  0.0   0:00.01 ksoftirqd/7                                                                                                                                                                                           25 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/7                                            
       26 root      RT  -5     0    0    0 S  0.0  0.0   0:00.19 migration/8                                              27 root      34  19     0    0    0 S  0.0  0.0   0:00.04 ksoftirqd/8                                           
       28 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/8                                               29 root      RT  -5     0    0    0 S  0.0  0.0   0:00.34 migration/9                                           
       30 root      34  19     0    0    0 S  0.0  0.0   0:00.03 ksoftirqd/9                                              31 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/9                                            
       32 root      RT  -5     0    0    0 S  0.0  0.0   0:00.16 migration/10                                             33 root      34  19     0    0    0 S  0.0  0.0   0:00.04 ksoftirqd/10                                          
       34 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/10                                              35 root      RT  -5     0    0    0 S  0.0  0.0   0:00.12 migration/11                                          
       36 root      34  19     0    0    0 S  0.0  0.0   0:00.05 ksoftirqd/11                                             37 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/11                                           
       38 root      RT  -5     0    0    0 S  0.0  0.0   0:00.35 migration/12

And here is another top paste, but its not peak time for traffic yet. Isn't it a problem that httpd is using 100% CPU?

top - 16:35:57 up 2 days, 14:47,  4 users,  load average:  4.34, 3.60, 3.09
Tasks: 321 total,   3 running, 317 sleeping,   0 stopped,   1 zombie
Cpu(s): 15.0%us,  1.1%sy,  0.0%ni, 65.7%id, 18.1%wa,  0.0%hi,  0.1%si,  0.0%st
Mem:  16427200k total, 16235036k used,   192164k free,  3129048k buffers
Swap:  2104496k total,      268k used,  2104228k free,  6184496k cached


  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                                                                                                                            
  540 apache    25   0  385m  63m 4720 R 100.1  0.4   0:22.11 httpd                                                                                                                                                                                             
16194 apache    18   0  358m  36m 5188 S 29.6  0.2   2:42.62 httpd                                                                                                                                                                                              
 1759 apache    15   0  391m  69m 5188 S 20.6  0.4   3:32.70 httpd                                                                                                                                                                                              
 1761 apache    17   0  388m  67m 5844 S 20.0  0.4   3:32.70 httpd                                                                                                                                                                                              
 5420 apache    16   0  357m  36m 5816 S 18.0  0.2   3:29.58 httpd                                                                                                                                                                                              
 1758 apache    16   0  358m  37m 5188 S 15.3  0.2   3:11.11 httpd                                                                                                                                                                                              
26922 apache    16   0  366m  45m 4148 R 12.6  0.3   0:29.59 httpd                                                                                                                                                                                              
13655 apache    15   0  371m  49m 5840 S  6.3  0.3   5:22.93 httpd                                                                                                                                                                                              
26894 apache    15   0  358m  36m 5124 S  6.0  0.2   1:00.43 httpd                                                                                                                                                                                              

26925 apache    15   0  358m  36m 5156 S  2.0  0.2   0:29.61 httpd                                                                                                                                                                                              
13654 apache    15   0  358m  36m 5200 S  1.3  0.2   5:06.32 httpd                                                                                                                                                                                              
23337 apache    15   0  359m  37m 5184 S  1.3  0.2   3:02.68 httpd                                                                                                                                                                                              
24108 apache    16   0  357m  35m 5180 S  1.3  0.2   0:48.09 httpd                                                                                                                                                                                              
28473 apache    15   0  357m  35m 5128 S  1.3  0.2   0:25.66 httpd                                                                                                                                                                                              
  584 apache    15   0  357m  35m 5068 S  1.0  0.2   0:12.12 httpd                                                                                                                                                                                              
 2687 apache    15   0  370m  48m 5168 S  1.0  0.3   3:26.85 httpd                                                                                                                                                                                              
26893 apache    15   0  357m  35m 5144 S  1.0  0.2   0:33.74 httpd                                                                                                                                                                                              
26923 apache    15   0  357m  35m 5072 S  1.0  0.2   0:33.96 httpd                                                                                                                                                                                              
26924 apache    15   0  360m  38m 5156 S  1.0  0.2   0:58.06 httpd                                                                                                                                                                                              

  585 apache    15   0  357m  35m 5096 S  0.7  0.2   0:11.08 httpd                                                                                                                                                                                              
17329 apache    15   0  369m  48m 5176 S  0.7  0.3   1:15.52 httpd                                                                                                                                                                                              
 1760 apache    15   0  389m  68m 5856 D  0.3  0.4   3:36.45 httpd                                                                                                                                                                                              
 4419 mysql     15   0  668m 175m 7204 S  0.3  1.1   4:04.57 mysqld                                                                                                                                                                                             
    1 root      15   0 10372  680  572 S  0.0  0.0   0:02.04 init

Thursday, May 16, 2019

mysql - What should go in my my.cnf file

Can't connect to local MySQL server through socket '/tmp/mysql.sock'

Followed http://hivelogic.com/articles/compiling-mysql-on-snow-leopard to the T.

Log:

110313 20:48:37 mysqld_safe mysqld from pid file /usr/local/mysql/var/moneymake-computer.local.pid ended
110313 20:48:46 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/var
110313 20:48:46 [Warning] Setting lower_case_table_names=2 because file system for /usr/local/mysql/var/ is case insensitive
110313 20:48:46 InnoDB: Started; log sequence number 0 44233
110313 20:48:46 [ERROR] Can't start server: Bind on TCP/IP port: Address already in use
110313 20:48:46 [ERROR] Do you already have another mysqld server running on port: 3306 ?
110313 20:48:46 [ERROR] Aborting

110313 20:48:46 InnoDB: Starting shutdown...
110313 20:48:47 InnoDB: Shutdown completed; log sequence number 0 44233

110313 20:48:47 [Note] /usr/local/mysql/libexec/mysqld: Shutdown complete

110313 20:48:47 mysqld_safe mysqld from pid file /usr/local/mysql/var/moneymake-computer.local.pid ended
110313 20:48:56 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/var
110313 20:48:56 [Warning] Setting lower_case_table_names=2 because file system for /usr/local/mysql/var/ is case insensitive
110313 20:48:56 InnoDB: Started; log sequence number 0 44233
110313 20:48:56 [ERROR] Can't start server: Bind on TCP/IP port: Address already in use
110313 20:48:56 [ERROR] Do you already have another mysqld server running on port: 3306 ?
110313 20:48:56 [ERROR] Aborting

110313 20:48:56 InnoDB: Starting shutdown...
110313 20:48:58 InnoDB: Shutdown completed; log sequence number 0 44233
110313 20:48:58 [Note] /usr/local/mysql/libexec/mysqld: Shutdown complete

110313 20:48:58 mysqld_safe mysqld from pid file /usr/local/mysql/var/moneymake-computer.local.pid ended

CONSOLE.app
Shows tmp/mysql.sock Permission denied and that its starting and stopping the server every 10 seconds, which it looks like tmp/mysql.sock is being created every 10 seconds. Maybe that file is locked?

24 hours in so far....

iis 7 - "HTTP Error 500.19 - Internal Server Error" with Dynamic Data

I have a simple Dynamic Data application set up using forms authentication as the admin section of another web application. This works when I run it inside Visual Studio as a standalone project.

I've deployed it to my live site inside an application directory and I get the following error:

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Module IIS Web Core

Notification BeginRequest

Handler Not yet determined

Error Code 0x800700b7

Config Error Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'UrlRoutingHandler'

Config File \?\C:\sites\website1\dd\web.config

Config source:

I found a suggested fix for this to change the following values from 'deny' to 'allow' applicationHost.config:

But, this didn't work. Does anyone have any other suggestions, or know what is causing this error.

Thanks.

Answer

That errors means that you have a duplicate setting for UrlRoutingHandler. It's probably set in C:\sites\website1\ or applicationHost.config. You should be able to delete that line from the web.config file for \dd\web.config and you'll be set. To find the root cause, check the other config files in the tree (site level, applicationHost.config in this case) for UrlRoutingHandler.

Wednesday, May 15, 2019

colocation - hosting country for a global site

For a high traffic global web site is it efficient to change the hosting country to out of US ?
I have to make a decision between colocating our own servers nears us vs dedicated server solution at US. The problem with dedicated servers is they're overpriced, but they have the location advantage (they're near by root server and our site is global).

Best Regards,
Sirmak

Answer

The United States of America is the worlds largest and most competitive market for Internet bandwith. Allmost all Tier 1 networks (networks that don't pay for peering with any other network) are US companies. So yes, 'all other things being equal', the US is the best place to set up a web farm.

However, that should be less important to you than daily management and maintenance. If your service is down, it doesn't matter to the customer how fast he gets the timeout. :-)

You could co-locate your equipment to the US, and set up a really good remote monitoring / access infrastructure, via a VPN and KVM over IP, or out-of-band KVM or console servers.

If you live in a location that has good global connectivity, say all of North America and Western Europe, many places on the Pacific Rim, then you could also just locate your servers locally, and use a CDN to mask some of the network latency for other regions.

In fact a CDN is always a good idea for a global website, no matter where the servers are.

likewise open - Configuring linux to be visible in microsoft DNS domain

I've been trying to have one of our linux box available in the windows domain. The linux box is a ubuntu server without gui or X installed. All manipulations are done from ssh.

Linux box:

hostname: cactus

fqdn: cactus.example.com

ip: 10.0.1.121

Microsoft AD + DNS:

hostname: example.com

ip: 10.0.1.115

I followed some tutorials but It still not working. I installed likewise and added my linux box to active directory. I can login using

ssh 'domain\user'@10.0.1.121

But I can't login or ping : cactus.example.com. On my workstation, the nameserver is correctly set to 10.0.1.115 and pinging example.com return the correct ip. But my domain is still invisible.

I heard I only had to join to the domain to make it visible but apparently it's not working.

Any idea how to get that linux box hostnamed resolved by other machine in the network?

Edit

I created an A record under

Forward Lookup Zone

+--> example.com

....+--> host: ip: static

It shows up as static but ping is still not working.

Answer

You have to manually add a static A record in DNS for cactus. The Linux server with Likewise installed doesn't have the same "automatically register with DNS" function that Windows clients do.

ubuntu - I am unable to get the subdomain from the URL in NGINX

I am unable to get the subdomain from the URL in NGINX.

Here is my config:

server {
    listen  80;
    server_name     ~^(?)\.example\.com$;

    rewrite ^ https://$appname.example.com$request_uri? permanent;

}

When I do:

http://bob.example.com/

I am sent to:

https://.example.com/

I don't know what I am doing wrong.

I am using NGiNX 1.2.7.

I have another config for the:

http://example.com/

So I have one server block for the domain without the subdomain and the second with the subdomain... This is about the subdomain.

UPDATE

The redirect here (this is the reason I am trying to extract the subdomain):

server {
    listen 443 ssl;


    server_name     ~^(?)\.example\.com$;

    ssl                     on;
    ssl_certificate         /etc/ssl/certs/example.com.crt;
    ssl_certificate_key     /etc/ssl/private/example.key;

    root    /var/www/example.com/apps/$appname/;

    include /var/nginx/general/php;

    include /var/nginx/general/upload;
    include /var/nginx/general/error_page_50x;
}

NEW UPDATE

New errors I am getting (this is without the P):

2013/06/30 00:49:02 [error] 7707#0: *64 directory index of "/var/www/example.com/apps//" is forbidden, client: 00.000.000.00, server: ~^(?)\.example\.com$, request: "GET / HTTP/1.1     ", host: "ebooks.example.com"

2013/06/30 00:49:02 [error] 7707#0: *64 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 00.000.000.00, server: ~^(?)\.example\.com     $, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "ebooks.example.com"
2013/06/30 00:49:04 [error] 7707#0: *64 directory index of "/var/www/example.com/apps//" is forbidden, client: 00.000.000.00, server: ~^(?)\.example\.com$, request: "GET / HTTP/1.1     ", host: "ebooks.example.com"
2013/06/30 00:49:04 [error] 7707#0: *64 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 00.000.000.00, server: ~^(?)\.example\.com     $, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "ebooks.example.com"

This is with P after the ?:

2013/06/30 00:55:57 [error] 17915#0: *74 directory index of "/var/www/example.com/apps//" is forbidden, client: 00.000.000.00, server: ~^(?P)\.example\.com$, request: "GET / HTTP/1     .1", host: "drive.example.com"
2013/06/30 00:55:57 [error] 17915#0: *74 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 00.000.000.00, server: ~^(?P)\.example\.c     om$, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "drive.example.com"

Answer

I just needed to add .+ after ?< subdomain >:

server {
    listen  80;
    server_name     *.example.com;

    return 301 https://$http_host$request_uri$is_args$args;
}


server {
    listen 443 default_server ssl;

    server_name     ~^(?.+)\.example\.com$;

    ssl                     on;
    ssl_certificate         /etc/ssl/certs/example.com.crt;
    ssl_certificate_key     /etc/ssl/private/example.key;

    root    /var/www/example.com/apps/$subdomain/;


    include /var/nginx/general/php;
    include /var/nginx/general/upload;
    include /var/nginx/general/error_page_50x;
}