admin

Overheard : Comment about food

Guest speaking about food at a restaurant featured on Guy Fieri’s Diners, Drive-ins and Dives program

It is just like nothing!!

April 27, 2012 by admin OverHeard Uncategorized 0

HOW TO : Use templates in puppet to pass hostnames

puppet, is a configuration management framework that can be used to perform several different things to validate/configure your infrastructure. We have been using puppet for sometime at my work and have just started moving into some of the advanced uses of the tool.

One of the features offered by puppet is the capability to use templates to configure different servers.

For example, say you want to configure an application on server ABCD, XYZ and 123. And the configuration file for all these servers is the same, other than the hostname of the server. The configuration file has to reside in /opt/application/config.conf . The config.xml file looks like this

[code]

db.name=blah
db.user=blahblah
db.hostname=XYZ
log.level=ERROR
log.location=/var/log/application

[/code]

Here is how you can do it in puppet.

Define a module which uses a template and then configure the template to put the host specific entry in the template. Let’s name our module test_config

Create the module

cd $PUPPET_HOME/modules
mkdir test_config/{files,manifests,templates}

Create the template

cd templates
vi config.conf.template and add the following to the file[code]db.name=blah
db.user=blahblah
db.hostname=<%= fqdn %>
log.level=ERROR
log.location=/var/log/application [/code]

note : see how I replaced the hostname XYZ, which was specific to one server with <%= fqdn %>. This is one of the “facts” provided by puppet. you can get a list of all the facts by running facter on any of the puppet clients.

Configure the module to use the template. In this case, we want the module to place the file config.conf in /opt/application

cd manifests
vi init.pp and add the following to the file[code]class test_config {
file { "/opt/application/config.conf":
ensure => present,
owner => appuser,
group => appuser,
mode => 755,
content => template("test_config/config.conf.template"),
}
}[/code]

note : There are several other options you can use for the class file.. I just gave an example of some of the common ones. Like setting the owner, group and the rights.

Finally configure the clients to use the module. In the individual node config files, include the module you just created. Here is how the config for node ABCD would look like[code]node ABCD {
include test_config
}[/code]

The next time the puppet client runs on host ABCD, it would create the file /opt/application/config.conf with the right hostname in the config file.

HOW TO : Configure Jboss to append log files instead of overwriting them

If you use the default logging options for Jboss, it has a nasty habit of overwriting log files on a restart. So, if you were in the middle of troubleshooting an issue and had to restart Jboss, you will end up loosing all the historic data. You can change this default behavior by changing one option in the log4j config file

Edit the $JBOSS_HOME/server/$JBOSS_PROFILE/conf/jboss-log4j.xml and replace [code]<param name="Append" value="false"/>[/code]
with [code]<param name="Append" value="true"/>[/code]
You don’t even have to restart Jboss for this new setting to take place, since Jboss reads the log4j config every 60 seconds and updates the logging parameters accordingly.

April 25, 2012 by admin HOWTO Technology Uncategorized 0

Project Uptime : Recap

Final post on Project Uptime. Before I go into the details of how well I fared against the original goals, here is a screenshot of the uptime of the site for the last two weeks.. Hope I can keep that number for the rest of this year :). Recap of the original goals and their status

GOAL : Move to a fresh VM with the latest kernel

STATUS : This was successfully completed. Details of the install are here and here.

GOAL : Upgrade to the latest version of Apache.

STATUS : Although I didn’t install 2.4 version of Apache as planned, I was able to get similar (or better) performance by installing varnish as a caching engine. Details of thee apache/varnish install are here.

GOAL : Upgrade to latest version of MySQL and tune it for memory usage

STATUS : This was probably the easiest part of the project. Details of the install are here. I didn’t necessarily tweak it for low memory usage though.

GOAL : Configure cloudflare to serve a static version of front page, in case the server goes down. Design the static page to point people to my other digital presences (Google+, LinkedIn, Flickr etc)

STATUS : Cloudflar doesn’t have the capability to direct static pages if the origin server is down. At least not for the free tier. I also didn’t design a simple page to host my digital presence. Will try to find a good template for it down the road.

All in all.. not bad 🙂

April 20, 2012 by admin HOWTO Uncategorized 0

Overheard : Comment about trust

Said by Dan Kaminsky at the Forensecure’12 conference

If you trust everything, you might as well not trust anybody

For the record.. In addition to being an awesome speaker, he is also a down to earth guy. Makes us geeks proud :).

April 19, 2012 by admin OverHeard Uncategorized 0

Project Uptime : Progress Report 7 : Putting the finishing touches

We finally come to one of the last posts of Project Uptime. Now that all the components have been setup, I finally copied the wordpress directory from my old server to the new one. The only changes, I had to make after copying the files were

Configure Apache to have the wordpress folder as the default directory. I did this by changing the DocumentRoot option in the vhost
Changed the permissions on the wordpress directories (so that wordpress can make rewrite rule changes on the fly)

[code]sudo chmod -v 664 $WORDPRESS_DIRECTORY/.htaccess

sudo chmod 755 $WORDPRESS_DIRECTORY/wp-content [/code]

April 18, 2012 by admin HOWTO Technology Uncategorized Web 0

HOW TO : Configure Jboss to use hugepages in RHEL/CentOS

Most of us worry about paging to disk (swap), but if you are running a transaction intensive application the paging that happens in RAM also starts to impact the application performance. This happens due to the size of the “block” that is used to store data in memory. Hugepages allows you to store the data in bigger blocks, hence reducing the need to page while interacting with the data.

Here is how you can enable hugepages and configure jboss (actually any Java app) to use hugepages on a RHEL/CentoOS system.

OS CONFIGURATION

Check if your system is capable of supporting hugepages by running[code]grep HUGETLB /boot/config-`uname -r`[/code]
If you see the response as below, you should be good[code]CONFIG_HUGETLBFS=y
CONFIG_HUGETLB_PAGE=y
[/code]

Next check if huge pages are already being used by running[code]cat /proc/sys/vm/nr_hugepages [/code]

If the response is anything other than 0, that means hugepages have already been configured.

Find the block size for hugepages by running[code]cat /proc/meminfo | grep -i hugepagesize [/code]
Calculate the amount of memory you want to dedicate to hugepages. (note: memory allocated to hugepages cannot be used by other processes in the system, unless they are configured to use it)

For example, I want to dedicate 3GB of RAM for hugepages. So the number of hugepages would be[code](3*1024*1024)/2048[/code]

Configure the number of hugepages on the system by editing the /etc/sysctl.conf and adding the option[code]vm.nr_hugepages = 1536[/code]
(note: I put in 1536 since that was the value I got from the above example)
Restart the server and check if hugepages has been enabled by running[code]cat /proc/meminfo | grep -i huge [/code]

You should see something like this[code]AnonHugePages:    839680 kB
HugePages_Total:    1500
HugePages_Free:     1500
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
[/code]

JBOSS CONFIGURATION

At this point your system is configured with hugepages and any application that is configured to use them can leverage them. In this example, we want to configure Jboss to utilize these hugepages
Add the groupid of the user that Jboss is running under to the /etc/sysctl.conf file. In my case, the jboss user group had a GID of 505, so I added this line to /etc/sysctl.conf[code]vm.hugetlb_shm_group = 505 [/code]
Next allocate the memory to the user by editing /etc/security/limits.conf and allocating the memory. Again, in my case, I added the following to /etc/security/limits.conf[code]# Allocate memory for Jboss user to take advantage of hugepages
jboss soft memlock 1500
jboss hard memlock 1500
[/code]
Finally add the following to the Jboss startup parameters. I edited the $JBOSS_HOME/bin/run.sh file. (note: the startup file can be different based on your config) with the option[code] -XX:+UseLargePages[/code]
Restart Jboss and you are good to go

note : A lot articles that I read online say that hugepages are effective when you are allocating large amounts of RAM to the application. The use case of just using 3GB above was just that.. a use case.

While I cannot personally vouch for it, a lot of users have noted that they saw >2 fold increase in performance.

April 17, 2012 by admin HOWTO Linux Technology Uncategorized Web 6

HOW TO : Install RPM packages without checking gpg key

This is on RHEL and CentOS distros. If you want to install packages without checking the GPG key (hope you know why you are doing this!!), here is the command line option

[code]sudo yum install package_to_install –nogpgcheck [/code]

April 16, 2012 by admin HOWTO Linux Uncategorized 2

HOW TO : Sync git clients across workstations using dropbox

I have recently started using git as a source control for the various scrips that I write. As I also mentioned in this post, I use dropbox to synchronize my data across workstations. Here is my setup for synchronizing git clients across multiple workstations using the same SSH keys (note: this is not a recommended setup from a security prospective. you are recommended to generate different SSH key pairs per workstation to ensure one key getting lost doesn’t compromise your entire account).

Workstation 1

create a directory under your dropbox root, that you want to use as your git home directory. Say DROPBOX/git
Install Git for Windows, or whatever git client you want to use
Change the home path on the git client by executing [code]HOME=’PATH_TO_DROPBOX/DROPBOX/git’ [/code]
Check if the home path has been changed by executing [code]echo $HOME[/code]
Create your SSH keys and configure your public key on the git server

Workstation 2

Repeat and rinse step 1 – 4 specified for workstation 1. You don’t need to create the SSH keys since the other clients will recognize the keys that dropbox would have synced up.

April 15, 2012 by admin HOWTO Programming Technology Uncategorized 0

Project Uptime : Progress Report 6 : Tweaking Varnish

The server has held up pretty well, since the installation of varnish. Based on this wiki post, I added the following to /etc/varnish/default.vcl

[code]
<pre>
# Drop any cookies sent to WordPress.
sub vcl_recv {
if (!(req.url ~ "wp-(login|admin)")) {
unset req.http.cookie;
}
}

# Drop any cookies WordPress tries to send back to the client.
sub vcl_fetch {
if (!(req.url ~ "wp-(login|admin)")) {
unset beresp.http.set-cookie;
}
}
[/code]

I think the comments are pretty self explanatory.

April 14, 2012 by admin Technology Uncategorized Web 0