rtacconi's questions

I have established a VPN connection between a region in AWS and a datacenter implemented with OpenStack:

|---AWS------------------|        |-----OpenStack----------|
Private IP      EIP               Float. IP     Private IP
10.2.10.250 <-> 35.x.255.x TUNNEL 75.x.65.x <-> 172.16.0.156

If I try to ping from a host in OpenStack to another host in AWS, I get no reply. This is a line from tcpdump running in 10.2.10.250 VPN server:

3:04:01.523351 IP 172.16.0.156 > 10.2.10.27: ICMP echo request, id 9407, seq 8, length 64

The problem is that the server I am pinging from is not 172.16.0.156 but it is something like 172.16.0.125. So I think that in OpenStack networking something is forcing SNAT. I have flushed all iptables on both hosts. I reproduced the environment in two AWS regions and the ping works, the source IP is correct.

This is the /etc/ipsec.conf file:

config setup
        charondebug="all"
        uniqueids=yes
        strictcrlpolicy=no

conn %default
        ike=aes256-sha2_256-modp1024!
        esp=aes256-sha2_256!
        keyingtries=0
        ikelifetime=1h
        lifetime=8h
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        auto=start
        keyexchange=ikev2
        type=tunnel

conn uswest2-x-to-x-x
    leftfirewall=yes
        leftcert=device-x-x_cert.pem
        leftid="C=CH, O=strongSwan, CN=device-x-x"
        rightid="C=CH, O=strongSwan, CN=device-uswest2-x-a"
        left=172.16.0.156
        leftsubnet=172.16.0.0/24
        right=35.x.255.x
        rightsubnet=10.2.0.0/16

And iptables:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (0 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION (0 references)
target     prot opt source               destination

I am using this command to add a Linux boxes to Active Directory:

net ads join -U username%password

I have to make this command idempotent by checking the Linux box already exists in the domain. The command line help it is not useful.

I wonder if there is something like:

net ads search computer-name

I am using Samba 3

I am using alup/puppet-rbenv and I am installing Passenger with nginx with this statement:

  rbenv::gem { "passenger":
    user   => "vagrant",
    ruby   => "1.9.3-p327",
    ensure => "4.0.8",
  }

However I need to add the following options to compile nginx:

--with-http_ssl_module --with-cc-opt=-Wno-error --with-http_realip_module

I do not know how to do it

I have the following code:

  rbenv::compile { "1.9.3-p327":
    user => "vagrant",
    home => "/home/vagrant",
  }

  exec {"rbenv-global-1.9.3-p327":
    command => "rbenv global 1.9.3-p327",
    path => "/home/vagrant/.rbenv/bin",
  }

I would like to add a require to "rbenv-global-1.9.3-p327" because it should be executed after rbenv::compile but I do not know the right syntax

I would like to isolate processes using lxc-execute. Is it possible to set bandwidth, cpu and memory limit?

I had a look in the man of lxc.conf but I did not find it exhaustive.

In CentOS I have a compiled version of PHP but it is missing IMAP module. Is it possible to add that module without re-compiling php?

Hi have a linux server on EC2 and I created a snapshot from that server, the the snapshot has been used to create an AMI, then I created an instance from the AMI. I always get a file system error, cannot mount the file system.

How can I start a new EC2 instance with the data I have in the other server? For data I mean the whole server's EBS, apache, its configuration, its virtual sites and sites' data

I have messed with symlinks and libraries in /usr/lib. I modified libraries like libmysql*. someone suggested to reinstall libmysqlclient-dev package. Is libmysqlclient-dev holding Mysql libraries?

How can I force the re-installation of libmysqlclient-dev?

I am using Ubuntu Server 10.04 and current Mysql, 5.1.x. I need to use the server to host a Rails application and I need to compile the mysql2 gem, which is failing.

UPDATE

I have removed libmysql* files and mysql directory under /usr/lib. Then I purged and reinstalled mysql server, client and libmysqlclient-dev but I get:

mysql: error while loading shared libraries: libmysqlclient.so.16: cannot open shared object file: No such file or directory

I need to know which package install the shared libraries and how to fix it.

I have configured Apache virtual host to run at port 8000 and in front of Apache I have Varnish on port 80. The problem is if I paste this in my browser:

example.com/a_directory

I am redirected to example.com:8000/a_directory

I get an unable to connect error. In the config file I have this:

<VirtualHost *:8000>
    ServerAdmin [email protected]

    DocumentRoot /var/www
    DirectoryIndex index.php index.html index.htm 

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /var/www>
        AllowOverride All
    </Directory>

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

</VirtualHost>

I migrated awstats from one server to another, and I copied the old stats and configuration. I had to change apache log directory but it seems it is working: http://permaculture.org.au/awstats/awstats.pl

The issue is that icons are missing and graphics do not have colours. The line in apache2 config

Alias /awstats-icon/ "/usr/share/awstats/icon/"

is okay since there are the icons in that directory:

root@server:/etc/awstats# ls -l /usr/share/awstats/icon/ total 36 drwxr-xr-x 2 root root 4096 2011-11-03 13:34 browser drwxr-xr-x 2 root root 4096 2011-11-03 13:34 clock drwxr-xr-x 2 root root 4096 2011-11-03 13:34 cpu drwxr-xr-x 2 root root 12288 2011-11-03 13:34 flags drwxr-xr-x 2 root root 4096 2011-11-03 13:34 mime drwxr-xr-x 2 root root 4096 2011-11-03 13:34 os drwxr-xr-x 2 root root 4096 2011-11-03 13:34 other

last issue is that when I run awstats from the shell the script hangs here:

root@server:/etc/awstats# /usr/lib/cgi-bin/awstats.pl -config=awstats.permaculture.org.au.conf -update Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 6.9 (build 1.925) From data in log file "/var/log/apache2/access.log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Reverse DNS lookup for ::1 not available without ipv6 plugin enabled.

I am building an infrastructure on EC2 where I have nginx as a load balancer in front of apache+php servers. Each apache server has some virtual hosts.

I am thinking the best way to scale when a virtual host gets too many requests to handle.

I think I could limit the connections per each virtual host, say 100, then when the connections become more than 100, I create a new instance (using ruby and the fog gem) and configure another virtual host on that instance, add another backend in the nginx balancer with the IP of the new instance.

Is this the way to go, or what do you recommend?

Say I have 6 web servers behind haproxy. Web servers should provide virtual hosting using apache (apache or nginex does not matter). I would like to be able to specify where the incoming HTTP requests (hitting haproxy) should go based on the virtual host. For instance

a.domain.com request should go to web1 and web2 b.domain.com request should go to web1, web2 and web3 c.domain.com request should go to web4 and web5 d.domain.com request should go to web5 and web6 e.domain.com request should go to web3, web4, web5 and web6

The idea is to have a HA, load-balanced shared hosting where users can choose on how many servers, 2 to 6 (in this case). The other important thing is that I want to load_balance sites in some servers not in all servers so I could horizontally scale to accept more customers.

Is it possible? If not do you now an alternative solution?

Do you think that KVM (or XEN) virtual machine using GlusterFS as storage will be really slow?

My idea is to use GlusterFS to avoid the limits of the local file system. If an hypervisor will go down, another one could take care of the 'orphans' VMs. Even the live migration should be straight forward.

Hi When I run passenger-install-apache2-module I get:

Checking for required software...

• GNU C++ compiler... found at /opt/csw/gcc4/bin/g++
• Curl development headers with SSL support... not found

I followed this tutorial http://www.darkaslight.com/blog/entry/50-Installing-Phusion-Passenger-on-Solaris and I fixed all dependencies except Curl with SSL headers.

I am using Solaris on a VirtualBox image. The image has 16.00 GB as virtual size and 6.69 GB as actual size. The disk is full. Why in Solaris I see a 6GB disk and not a 16GB disk? Is there a way to extend it instead of configuring another disk?

UPDATE: Solaris disks

Filesystem             size   used  avail capacity  Mounted on
/dev/dsk/c0d0s0        6.4G   5.7G   703M    90%    /
/devices                 0K     0K     0K     0%    /devices
ctfs                     0K     0K     0K     0%    /system/contract
proc                     0K     0K     0K     0%    /proc
mnttab                   0K     0K     0K     0%    /etc/mnttab
swap                   709M   952K   708M     1%    /etc/svc/volatile
objfs                    0K     0K     0K     0%    /system/object
sharefs                  0K     0K     0K     0%    /etc/dfs/sharetab
/usr/lib/libc/libc_hwcap1.so.1
                   6.4G   5.7G   703M    90%    /lib/libc.so.1
fd                       0K     0K     0K     0%    /dev/fd
swap                   708M    80K   708M     1%    /tmp
swap                   708M    24K   708M     1%    /var/run
/dev/dsk/c0d0s7        8.8G   8.9M   8.7G     1%    /export/home

-bash-3.00$ cat vfstab
#device         device          mount           FS      fsck    mount   mount
#to mount       to fsck         point           type    pass    at boot options
#
fd      -       /dev/fd fd      -       no      -
/proc   -       /proc   proc    -       no      -
/dev/dsk/c0d0s1 -       -       swap    -       no      -
/dev/dsk/c0d0s0 /dev/rdsk/c0d0s0        /       ufs     1       no      -
/dev/dsk/c0d0s7 /dev/rdsk/c0d0s7        /export/home    ufs     2       yes     -
/devices        -       /devices        devfs   -       no      -
sharefs -       /etc/dfs/sharetab       sharefs -       no      -
ctfs    -       /system/contract        ctfs    -       no      -
objfs   -       /system/object  objfs   -       no      -
swap    -       /tmp    tmpfs   -       yes     -

I know that putting PHP sessions in a common DB is a good solution, but let's say I have to support apps using standards sessions saved in files. It is possible to share PHP session by a pool of n servers using something like GlusterFS? Is there any possibility of corruption of the session files?

I have a file with an @ after the permissions

-rwxr-xr-x@  1 riccardotacconi  staff   215 14 Sep 14:21 Capfile

Do you know its meaning.

I am deploying a Rails application using Capistrano. That Gemfile is not copies, although it is committed in the SVN repository. Very strange.

I am trying to copy, recursively, the content of a directory to another using:

cp -Rv source_dir/* dest_dir/

It seems that everything work ok but when I list that directory with ls -l the change data it is not updated to the current time. So, how can I be sure that my command has overwritten the old files?

Let's say the I have a web server running on port 3000, so example.com:3000 and another one on the 80, so: example.com

Is it possible to map example.com/map to example.com:3000 ?

I would like to map a directory to a different port of a different Apache installation, but I would like to hide the 3000 number.

Thanks.

There is an Apache server on Solaris that is sending 'Transfer-Encoding: chunked' and not sending the 'Content-Length' header that I have in my PHP (used for downloading files). Do you know a way to prevent this?

Thanks

See: https://stackoverflow.com/questions/1334471/content-length-header-always-zero

I have tried the directive

 SetEnvIfNoCase Request_URI get_file\.php$ no-gzip dont-vary

and now I get a file with the same file size of the original, but the file is corrupted. Here are the headers received from the server:

http://example.com/output_file_download.php?fileID=130

GET /output_file_download.php?fileID=130 HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: user_id=7C%25R; intrauser=kE06Ub%238+2dHT%29U0t%28B%2A; intrakey=rtacconi; PHPSESSID=5a3f8edff822474f3b95b6a6e5c87ad2


HTTP/1.x 200 OK
Date: Thu, 03 Sep 2009 10:02:05 GMT
Server: Apache
Expires: 0
Cache-Control: private
Pragma: public
Content-Description: File Transfer
Content-Disposition: attachment; filename=alfresco-logo.gif
Content-Transfer-Encoding: binary
Content-Length: 2401
Keep-Alive: timeout=15, max=500
Connection: Keep-Alive
Content-Type: application/octet-stream