grenade's questions

mongod requires a certificateKeyFile that is a combination of a certificate and a private key.

certbot manages quarterly renewals of tls certificates that cannot be valid for more than 3 months. the result of a successful certbot renewal run is the creation of new certificate files that can be accessed by some symlinks (that it also manages) at /etc/letsencrypt/live/$(hostname -f).

is there a way to create a symlink, named pipe or loop device containing the output of:

cat /etc/letsencrypt/live/$(hostname -f)/{fullchain,privkey}.pem

i don't want to create an actual file containing the result of the concatenation, because that would have to be updated every time certbot extends the cert validity and mongod would be broken for any period of time between certbot making updates and some automation creating a new concatenation containing the certs in the format expected by mongod.

one solution that comes to mind is using a systemd dependency chain to restart mongod after certbot updates the certs and an ExecStartPre on the mongod.service unit to create the concatenated certificateKeyFile. but i wouldn't need any of that if there was a way to create some sort of dynamic representation of the concatenation of the files needed.

any ideas?

While debugging a problem with slow hg cloning from Windows clients, I found that hg clone performance could be significantly improved (10x faster) on EC2 2012 virtual instances by reducing the default os page size from 8gb to 1gb to force utilisation of (abundant) physical memory.

For my tests, I run this clone command:

hg clone -U --traceback --verbose --profile --time https://hg.mozilla.org/mozilla-central

On Windows Server 2012:

• with default settings (OS manages the page size):

  time: real 653.507 secs (user 115.891+0.000 sys 486.922+0.000)
  

• with manual settings (page file max size 1024mb):

  time: real 179.646 secs (user 56.594+0.000 sys 58.234+0.000)
  

On Windows Server 2008:

• with manual settings (page file max size 1024mb):

  time: real 1273.845 secs (user 98.905+0.000 sys 592.585+0.000)
  

I have not been able to replicate the performance increase from 2012 on 2008 where the same command is always slow regardless of the OS page size.

I'm pretty confident that we can rule out things like software, network and hardware considerations because I've done my best to replicate the environments as accurately as possible (virtual hardware is identical: c3.2xlarge, 16gb ram, 80gb ssd, same network subnets, etc). I think (because of a comment from Matt Mackall on the hg bug I raised, on the significance of the user/sys timing ratios), that we're really looking at an OS level io or memory configuration problem.

Any ideas what else I should look at, besides the page file size?

I installed mindtouch using the instructions here and it seems to have broken my Virtual Host configuration. I have several domains running off the same apache instance and this was working fine but now all my domain names resolve to the virtualhost where mindtouch was installed. So mindtouch made all my domain names point to the new mindtouch instance. Grrr!

I use debians default virtual host mechanisms (sites-enabled, etc). Does anyone know what apache directive mindtouch is using to ruin my vh setup? I've scoured all the conf files and there is nothing obvious in apache2.conf or httpd.conf that would cause the behaviour. Did it create a sym-link somewhere that I should destroy?

I should add that I uninstalled the mindtouch packages already but apache persists in redirecting all domains to the first one mentioned in the sites-enabled folder.

thini:~# apache2ctl -S
[Wed Jan 05 13:39:11 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:*  www.openancestry.org (/etc/apache2/sites-enabled/openancestry.org:1)
*:*  www.pragmantra.com (/etc/apache2/sites-enabled/pragmantra.com:1)
*:*  services.pragmantra.com (/etc/apache2/sites-enabled/services.pragmantra.com:1)
*:*  www.subversionreports.com (/etc/apache2/sites-enabled/subversionreports.com:1)
*:*  www.thijssen.ch (/etc/apache2/sites-enabled/thijssen.ch:1)
Syntax OK

EDIT: after making the corrections suggested by Niall & DerfK I now get this:

thini:/etc/apache2/sites-enabled# apache2ctl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
 default server www.openancestry.org (/etc/apache2/sites-enabled/openancestry.org:1)
 port 80 namevhost www.openancestry.org (/etc/apache2/sites-enabled/openancestry.org:1)
 port 80 namevhost www.pragmantra.com (/etc/apache2/sites-enabled/pragmantra.com:1)
 port 80 namevhost services.pragmantra.com (/etc/apache2/sites-enabled/services.pragmantra.com:1)
 port 80 namevhost www.subversionreports.com (/etc/apache2/sites-enabled/subversionreports.com:1)
 port 80 namevhost www.thijssen.ch (/etc/apache2/sites-enabled/thijssen.ch:1)
Syntax OK

Whichever file is first in the sites-enabled folder ends up being treated as "default server". It's as if named virtual hosts is disabled.

Resolved with this:

<VirtualHost _default_:80>DocumentRoot /var/www</VirtualHost>

In the good old days of Windows XP we had the Microsoft Virtual CD-ROM Control Panel for mounting ISO's.

Since Vista I have struggled to find a driver level shell extension that works on a 64 bit Windows.

I have tried Virtual Clone Drive and have no real complaints but what I really want is software that behaves just like MVCDControlPanel ie:

• I don't want a permanent drive waiting to mount an ISO sitting in my drive list.
• I really liked the tiny footprint and minimal resource usage of MVCDControlPanel so something that doesn't use much CPU (when it isn't reading ISO's).
• Preferably with a right-click shell extension to mount an ISO or simply open it as you would a zip file.
• It only needs to provide read-only access to the ISO
• I always prefer software that doesn't stick its branding and silly logos or icons all over the place or on the temporary drive in explorer

I'm happy to pay for it. What are my options?