enedebe's questions

I've develop an interactive shell script, where my users will perform a few operations. I've create a user that runs this scripts automatically on startup.

Startup script ./.bash_login
-------------------------------
/scripts/interactive_shell.py
exit

This script performs correctly my interest, it runs my python interactive script, and when I kill my script, it runs exit and finish my connection.

The security problem appears when I'm connecting using my private key with something like this

ssh [email protected] -i security_key '/bin/bash'

It runs bash shell and I can get something I don't want control over the machine.

My question is, is it possible to change the shell at /etc/passwd to my script or It's preferable to jailroot this user?

Thanks!

I'm developing a solution which inserts a big number of SSH-keys into the authorized keys files of my SSH-server. Does anyone know the limit of keys that you can insert into that file? Are we talking about a hundred, thousand or tens of thousands? Any idea? And how is the performance affected when you have a large number of keys?

I suppose it is preferable to divide keys between various users, but I would like to know the limits of one user.

I'm starting with LVM and I would like to know if when I create a LVM with different disks and one of them has data, when I create virtual volumes will make me loose all the data stored. And if there is a way to don't lose it, how can I do it?

Thank you

I'm trying to make this run, but I'm getting really crazy. I want to run PHPList with Amazon SES. I've followed this instructions LINK But I get this error:

SMTP -> ERROR: Failed to connect to server: php_network_getaddresses: getaddrinfo failed:     Name or service not known (0) 
SMTP Error: Could not connect to SMTP host.

I can't understand why I get this SMTP error when if I just use SES integration it just have to use cURL. Is there a bug?! or I have to modify something of the code to don't try to connect server.

Of course I tried to define PHPMAILERHOST as amazon smtp host but it fails because it didn't use TLS.

I tried to use PHPMailer with integration with Amazon SES, but non of them work.

Any ideas?!

I have an problem with my NodeJS app. The problem is the include of the library Hashlib I've followed more than 10 times the instructions to install. Get a clone of the repo, do make and make install. NodeJS is installed in default path, and that's the tricky point:

When I launch node app.js it works, perfectly.

The problem starts when I configured my Supervisord to run with the same user, with the same config file as I have in other systems working, and I get that NodeJS can't find hashlib.

module.js:337
    throw new Error("Cannot find module '" + request + "'");
      ^
Error: Cannot find module 'hashlib'

I'm getting crazy, what can I do?! Why my user launching node from the console works great, but not the supervisord?

Thanks!

That's a simple question that is stolen my time, and getting me crazy. Very simple I can't understand why this regexp is not getting running when I define a new node in puppet:

Hostname: api01.eu-west-1.compute.internal

Node definition

3: node ^api\d+\.eu-west-1\.compute\.internal {
4:        include sudo
5:        package { 'vim': ensure => preset } 
6: }

My error:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not parse for environment production: Could not match 
^api\d+\.eu-west-1\.compute\.internal at /etc/puppet/manifests/nodes.pp:3 
on node api01.eu-west-1.compute.internal

Thanks

I try to explain my project. I have a server with 2 interfaces one has to offer a website and absolutely nothing else. The other interface will be used to control and manage this server. To the interface of the webserver will be attached a access point to get connected to this server.

The picture Internet ---> eth0 = SERVER |FIREWALL| WebServer = eth1 --> AP --> USER1, USER2, ...

I installed Apache2 and dnsmasq who is now offering DHCP to LAN. What I want to do is to redirect everything from eth1 to eth1 172.28.1.1 port 80. And block everything else. This is just for security.

Thanks!

---- SOLUTION ----

After searching a lot and with the guide of the first response, I get the solution. My problem was to make a captive portal and redirect everything to local ip.

Solution, quite easy. Setup dnsmasq and set this setting:

/etc/dnsmasq.conf

 address=/#/172.28.1.1

Block any kind of traffic and redirect it to local ip

# iptables -t nat -I PREROUTING -j DNAT -s 172.28.0.0/16 -p tcp --to-destination 172.28.1.1
# iptables -t nat -I PREROUTING -j DNAT -s 172.28.0.0/16 -p udp --to-destination 172.28.1.1

How can I get iostats io throughput of just a process to try know if this process starts burning my HDD.

Thanks!

I have a clearos gateway linux working as gateway. I have some problems with the conectivity, everything works great but for a few seconds internal ethernet stops working. After 5-10 seconds, it works again.

I did a ping to internet and from the gateway I didn't find any packet lost, but from a computer in the intranet I get some problems:

Request timeout for icmp_seq 94
92 bytes from mygateway.ar7 (192.168.1.1): Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 81f5   0 0000  40  01 054f 192.168.1.156  74.125.230.163

This is my ifconfig eth2

eth2  Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
      inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
      inet6 addr: fe80::212:79ff:fe5f:c291/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:7525730 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8134818 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:3353100361 (3.1 GiB)  TX bytes:3048405269 (2.8 GiB)
      Interrupt:169 Memory:f0400000-f0410000 

What can be the problem? Local DNS server? Switch? Network loop?

Any idea?

Thanks!

I'm changing my server from Apache to Nginx. Nginx will only serve static files and proxy to apache for dynamic files and to NodeJS for exhausting working. With my initial implementation in Apache I have some custom log to get informed of how many data I send and receive.

CustomLog /var/log/apache2/traffic-access.log "%{%s}t|%O|%I|%{Referer}i|%a|%U"

This custom log generate this log example:

Timestamp|bytes sent|bytes received|user agent|IP|URL request

1335941116|261|322|user-4263|127.0.0.1|/1.1/user/downloading

I would like to migrate this custom log to Nginx and try to change the less as I can my internal scripts of getting traffic data.

I want to maintain the 2 logs the main log and traffic log.

I'm starting with this custom log:

http {
[...]

log_format traffic '$msec|$bytes_sent|$request_length???|$http_user_agent|$remote_addr|$request_filename';

access_log  logs/access.log  main;
access_log  logs/traffic.log traffic

Is the request_length the bytes user send to the server?

I have some problems with nginx with some location config, here is my config file:

user  dev-ci;

location ~* /img/screenshots/ {
    alias /dev/shm/screenshots/;
}

# other location with root and proxing to apache currently working propertly

My petition with browser is:

http://URL/img/screenshots/4336.jpg?id=85574

My nginx log is:

2012/04/23 08:49:40 [error] 13916#0: *2148 directory index of "/dev/shm/screenshots/" is forbidden, client: *.*.*.5, server: development, request: "GET /img/screenshots/4336.jpg/?id=85574 HTTP/1.1", host: "****.amazonaws.com:2000"

My ls -la from directory /dev/shm/screenshots/:

drwxrwxrwx  3 dev-ci dev-ci   80 2012-04-23 08:54 .
drwxrwxrwt 11 root   root    260 2012-04-23 07:27 ..
-rw-r--r--  1 dev-ci dev-ci 7450 2012-04-23 08:54 4336.jpg
drwxrwxrwx  2 root   root     40 2012-04-23 07:25 errors

The nginx user running is: dev-ci (here we can see the ps aux | grep nginx)

root      1231  0.0  0.0  22052  1432 ?        Ss   07:25   0:00 nginx: master process /usr/local/nginx/sbin/nginx
dev-ci   13916  0.0  0.0  22448  1760 ?        S    08:48   0:00 nginx: worker process      

Any idea why isn't working? I get 403 Forbidden error directly to nginx, so the first location is working, but it doesn't alias correctly. The nginx process has the same username as the file, the directory has 777, I tried to change the owner and group to dev-ci user with the same result. I need a bright idea, and soon...

Thanks!

I have logrotate running in an EC2 AWS machine rotating Apache logs. Once packed, Apache logs are saved into AWS S3 via s3fs. The problem is that I recently noticed that I didn't have logs rotated. In S3 I have old logs from day 48->60 but the 1->47 doesn't appear.

My question is: Where does logrotate save its own log? It's possible that I have some kind of problem with s3fs, but I need to know before I do anything. I tried to find somewhere the logs but I couldn't find it out.

Any idea?

I explain my case:

I'm at Amazon AWS and I want to be fault tolerant on a entire region failure. My basic problem is to have the db in sync with 2 regions.

My options:

1. Master-Master (high lag)
2. Hand made sync every 5 minutes
3. Master-ColdMaster?! (copy on the fly but Master won't wait the other region commit)

In my system we could afford loosing a piece of data (we're not a bank) the last inserts in the db, but we could not afford more than 10 minutes of downtime. The database is small and the level of inserts is low, and I wouldn't affect the normal usage waiting other region commit.

Is the 3 solution posible? And the most important, once the primary fail how we can detect and change the rol between master-coldmaster --> coldmaster-master ? Is there any clean-mode to restore between failure?

Thank's!

I have a command to run (in this case is a php5 script) and I would like to know if there is something to run this command and select the core to be runed.

What I want to do is to run 1 command per each core to use the multiple cores of my server.

Any idea? Or I have to rewrite the script in other languages with multicore support and develop the core control directly in the script?

I would like to know the amount of time that I need to wait to attach and ebs of 200Gb to my instance. I expenting too much time in comparision with other times and smallers ebs. Does the size of the ebs affects in the time of attaching?

Thanks!

Post at AWS Forum informing of that problem.

I found something interesting, if I attach this volume to a large instance it gets attached in just a second, but if I use micro instance, it never ends... curious isn't it?

I have a problem with my Apache Webserver, I got 2 environments: Development and Production. Both have the same configuration, but the first one sends the HTMLs exactly as they've been created, the second one doesn't send exactly the same file. They omit whitespaces, comments, and other chars that for a browser doesn't care, but if my app generate hash from this files and the apache changes the file, the hash won't be the same.

I've been looking for the differences but I nothing appears. Any suggestion?

My apache2 config

<VirtualHost *:80>
ServerName XXX
ServerAlias XXX XX.XX.XX.XX
DocumentRoot /var/www/
<Directory />
        Options FollowSymLinks
        AllowOverride None
</Directory>
<Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
        Order allow,deny
        allow from all
</Directory>
        ErrorLog /var/log/apache2/api-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel info

        CustomLog /var/log/apache2/api-access.log "%h %t %T %D %m %X %U"

        # Timestamp | bytes Downloaded | bytes Uploaded | PlayerID | IP | URL
        CustomLog /var/log/apache2/traffic-access.log "%{%s}t|%O|%I|%{Referer}i|%a|%U"
        ServerSignature On
        Alias /img/screenshots  /dev/shm/screenshots
        #Alias /videos /mnt/STORAGE/videos
        Alias /awstats-icon/ /usr/share/awstats/icon/
        ScriptAlias /aw-api-stats/ /usr/lib/cgi-bin/

        <Location /server-status>
           SetHandler server-status
           Allow from all 
        </Location>
</VirtualHost>
ExtendedStatus On

This is my production config file and the modules enabled are the following with default values:

alias.conf authz_groupfile.load cgi.load env.load php5.conf setenvif.conf alias.load authz_host.load deflate.conf mime.conf php5.load setenvif.load auth_basic.load authz_user.load deflate.load mime.load reqtimeout.conf status.conf authn_file.load autoindex.conf dir.conf negotiation.conf reqtimeout.load status.load authz_default.load autoindex.load dir.load negotiation.load rewrite.load

Thanks

I have registered a new AMI (instance-store AMI) so I bundled, upload the bundle and registered. So my question is, could I delete this files from S3? or I have to leave this files to get my AMI work for my new intances?

I'm now using AWS RDS multi-AZ with great results, the problem is that I want my infrastructure fault tolerant between regions. I'm looking for some kind of tool to make a cluster with RDS and my servers.

As I read you cannot cluster directly from RDS to another server, just Read Replicas, but not between regions neither outside AWS.

I though about do some kind of mysqldump every 15min or something like this but this is not efficent, and the restore could be hard to maintain.

In your experience, what is the best thing to do, run my mysql myself and configure clustering with my machines, or do something else. In this way, there are some kind of cold replication that doesn't affect performance? I mean, every 5 minutes sync changes. I can afford the lost of a few data but not the downtime ;)

Any ideas, would be apre