Archive for the ‘Arch Linux’ Category.

Creating a stable Arch server.

This is how I prefer to deal with stabilty issues for my Arch Server, ymmv, and you may do it differently.
I prefer not to rewrite/redo the entire system just to create a stable server.

1. Mirror Current Repo to a Local Repo
2. Use local Repo on test servers
3. If no issues, push local Repo to Stable Repo
4. Upgrade servers from Stable Repo
5. Pull Current Repo to local repo and start over with testing again.

————————–
| Current Internet Repos |
————————–
|
|
———————-
| Local Repo-Testing | —– Test Servers
———————-
|
|
——————–
| New Repo – Stable | –>>->>- Stable Servers
——————–

I haven’t ignored any packages for my setups, I upgrade kernels and do all upgrades, I just test them locally on 3 test server machines before I do my remote production server upgrades.
Has worked pretty well for me. You could ignore kernel upgrades I suppose and make the thing even more painless to do, but for me the whole point of running Arch is to be as close to the newest releases on all software. I don’t have time to create my own packages, and I never saw the need to duplicate the stuff that has already been done. For me, creating my own “stable” Arch server, has been 99% testing before updating the production server. So basically I create my own stable server repo through testing.

My setup works for me, but I’m really only tracking/working with (sshd openntpd mysqld httpd postfix proftpd) for the most part. As long as those are stable and issues dealt with/figured out, then the production server is usually happy. Archlinux.me downtime has been 100% hardware related, and not due to any problems with Arch itself. A very brief downtime while converting to php 5.3, but that was pretty minor.
I honestly haven’t looked at kernel26-lts ……. probably should I suppose, but the regular kernel has always worked pretty well.

Anyway, just thought I’d share how I do this for myself.

Archlinux.me running on kernel26 2.6.32.8-1

Yes boys and girls, the kernel update went smooth as glass.
You just gotta love Arch. The server was updated to the newest everything today, FEB 15, 2010.

edit: just edited post to reflect current kernel

Making diff easier to read.

slapped this in my .bashrc file, thought i’d share

comp ()
{
diff -y -W 90 $1 $2
}

and if you use solaris

compare ()
{
gdiff -y -W 90 $1 $2
}

My current machines.

Veronica – Arch Linux 64-bit — Kernel 2.6.31.6-1
Archie/Jughead – Arch Linux 32-bit — Kernel 2.6.31.6-1
Betty/Reggie – Arch Linux (VBox) 32-bit — Kernel 2.6.31.6-1

Thought I’d share my current Arch machines.
I have several :)

Archie is the remote server at SevenL that runs this website.
2.80GHz CPU, 2GB RAM, 250GB Hard Drive.

Jughead is the counterpart to Archie that sits in my basement and runs several sites from my home connection.
Qty=2 Intel(R) Pentium(R) 4 CPU 3.60GHz, 4GB RAM, 640GB Hard Drive.

Veronica is my 64 bit system at home.
Qty=2 x86_64 Intel(R) Pentium(R) 4 CPU 3.60GHz, 3GB RAM, 640GB Hard Drive.

Betty is a virtualbox system on my work laptop. IT says I have to run windows on the laptop, but allows me to use Virtualbox… so, Arch in Vbox it is.
Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz,1.5GB RAM, 60GB Hard Drive.

Reggie my work desktop system. Same as above, can’t install it as the primary OS, but can install it via Vbox.
1.5GB RAM, 60GB Hard Drive.

Did you ever think a simple period was so important ?

Assuming we aren’t talking about your girlfriend, how important is that silly little dot at the end of a sentence? I mean, it’s a period. A “.”, how important can a period be? Well, lets see, with the lack of a single solitary “.” in the right place ……….. 900,000+ internet sites were taken offline or otherwise affected ….. it was really that little dot, or rather lack thereof, that did all that damage. Not some fancy self replicating virus, no no no, it was the power of that singular little dot, it did ALL that, in the span of a a few hours, 900,000 websites were offline, and inaccessible…..along with the email for said sites. The nightmare, all caused by that littlest of guy on the keyboard, the period.

As strange as it sounds, it did happen. On October 13,
Read the rest of the story here…

The problem happened during planned maintenance of the .se domain. The .SE registry used an incorrectly configured script to update the .se zone, which introduced an error to every single .se domain name.

We have spoken to a number of industry insiders and what happened is that when updating the data, the script did not add a terminating “.” to the DNS records in the .se zone. That trailing dot is necessary in the settings for DNS to understand that “.se” is the top-level domain. It is a seemingly small detail, but without it, the whole DNS lookup chain broke down.

Guess there really was something to that old saying, "Dot your I's and cross your T's.". Apparently they should have also added "and don't forget to use the period at the end.". The smallest guy on the keyboard has been vindicated, he IS important after all, and he just proved it. LOL.

Now running on php 5.3

Well, after an hour battle with php, finally got it to work on archlinux.me. :)

Was a pain, like I knew it would be, but it’s done…. phew. Finally. Now……… time to sleep.

Bash Server Ping Checking Script -written by Dave Crouse

I had alot of fun writing this little ping testing utility. It works/looks best if you have a color enabled terminal.
Could be easily modified to email you if the server failed. Anyway, just thought I’d share :)

#!/bin/bash
# Bash Server Ping Checking Script
# 09-24-2009 Crouse
# Pretty simple, add servers/ip's/Ln (line numbers) in the format shown in the two column examples.
# Tested with over 50 servers, worked for what I needed, thought i'd share :) ~~Crouse.

# Ideas  --- ad another array for Headers. so Hn could print headers with bold/etc. Might be neat.
declare -a Sn # Server Name
declare -a Ip # IP address of server.
declare -a Ln # Line number to display on in Row1.
declare -a Sn2 # Server Name
declare -a Ip2 # IP address of server.
declare -a Ln2 # Line number to display on in Row2.
############################################################################### Server List Row 1
###############################################################################
Sn[1]="usalug.org"
Ip[1]="67.15.6.98"
Ln[1]="6"

Sn[2]="archlinux.me"
Ip[2]="208.92.232.122"
Ln[2]="7"
###############################################################################
###############################################################################

############################################################################### Server List Row 2
###############################################################################
Sn2[1]="usalug.org"
Ip2[1]="67.15.6.98"
Ln2[1]="6"

Sn2[2]="archlinux.me"
Ip2[2]="208.92.232.122"
Ln2[2]="7"
################################################################################
################################################################################
tput civis # Hide the cursor
maxcount=${#Sn[*]}  #should report number of Servers listed in Sn variable
maxcount2=${#Sn2[*]}  #should report number of Servers listed in Sn2 varialbe
clear
#tput setf 2; #echo -e '\e[1;33m'
echo " "
tput setf 0;tput setb 2;
echo "       Bash Server Ping Checking Utility           version 2.0         Crouse.   "; #tput rmso;

tput setf 7;  tput setb 0; # List out servers now.
     for (( loop=1; $loop < $maxcount+1; loop++ ))
     do
        ( tput cup ${Ln[$loop]} 10; echo "${Sn[$loop]}"; tput rc)
     done
     for (( loop2=1; $loop2 < $maxcount2+1; loop2++ ))
     do
        ( tput cup ${Ln2[$loop2]} 50; echo "${Sn[$loop2]}"; tput rc)
     done
# Set traps so when we exit the big ass loop stuffs normal again.
gracefulexit () {
tput cnorm;
tput setb 0;
echo "Stopping Application"
tput setf 2;
exit
}
trap gracefulexit INT TERM EXIT
# Begin big ass loop
while true
do
    #First Row
    for (( loop=1; $loop < $maxcount+1; loop++ ))
    do
        (tput sc ;tput setb 0; tput setf 0; tput cup 4 10 ;
        echo "........................................................................";tput rc)
        (tput sc ;tput setb 0; tput setf 6; tput cup 4 10 ;
        echo "Checking ${Sn[$loop]} at IP: ${Ip[$loop]}" ; tput rc)
        (tput sc ;tput setb 0; tput setf 0; tput cup ${Ln[$loop]} 1 ; echo "........." ; tput rc)
        (tput sc ;tput setb 0; tput setf 6; tput cup ${Ln[$loop]} 1 ; echo "TESTING" ; tput rc)
        count=$(ping -c 5 ${Ip[$loop]} | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
        (tput sc ;tput setb 0; tput setf 0; tput cup ${Ln[$loop]} 1 ; echo "........." ; tput rc)
        if [[ "$count" == [45] ]]; then
            (tput sc ;tput setf 0; tput setb 2;tput cup ${Ln[$loop]} 5 ; echo " OK " ; tput rc)
        else
            if [[ "$count" == [123] ]]; then
                (tput sc ;tput setf 0; tput setb 6; tput cup ${Ln[$loop]} 4 ; echo "ALERT" ; tput rc)
        else
                (tput sc ;tput setf 7; tput setb 4; tput cup ${Ln[$loop]} 2 ; echo "WARNING" ; tput rc)
            fi
        fi
    done
    #Second Row
    for (( loop2=1; $loop2 < $maxcount2+1; loop2++ ))
    do
        (tput sc ;tput setb 0; tput setf 0; tput cup 4 10 ;
        echo "........................................................................";tput rc)
        (tput sc ;tput setb 0; tput setf 6; tput cup 4 10 ;
        echo "Checking ${Sn2[$loop2]} at IP: ${Ip2[$loop2]}" ; tput rc)
        (tput sc ;tput setb 0; tput setf 0; tput cup ${Ln2[$loop2]} 41 ; echo "........." ; tput rc)
        (tput sc ;tput setb 0; tput setf 6; tput cup ${Ln2[$loop2]} 41 ; echo "TESTING" ; tput rc)
        count2=$(ping -c 5 ${Ip2[$loop2]} | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
        (tput sc ;tput setb 0; tput setf 0; tput cup ${Ln2[$loop2]} 41 ; echo "........." ; tput rc)
        if [[ "$count2" == [45] ]]; then
            (tput sc ;tput setf 0; tput setb 2;tput cup ${Ln2[$loop2]} 45 ; echo " OK " ; tput rc)
        else
            if [[ "$count2" == [123] ]]; then
                (tput sc ;tput setf 0; tput setb 6; tput cup ${Ln2[$loop2]} 44 ; echo "ALERT" ; tput rc)
        else
                (tput sc ;tput setf 7; tput setb 4; tput cup ${Ln2[$loop2]} 42 ; echo "WARNING" ; tput rc)
            fi
        fi
    done
done

php update to 5.3.0-3 – FAIL

Can’t say I’m a fan of the way the php update worked at all. It’s not Arch’s fault, but still……. what a pain.
I’ve been running webservers for over a decade now, and the “split” ( see http://www.archlinux.org/pipermail/arch-dev-public/2009-August/012951.html ) of the php package into modules? sort of created havoc on archlinux.me for a few minutes tonight.
I still haven’t gotten it to work yet, but I’m getting closer. First off, you will need php-apache OR you will get errors that look like :

[root@Archie php]# httpd -t
httpd: Syntax error on line 119 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/httpd/modules/libphp5.so: cannot open shared object file: No such file or directory

After screwing around with this for a bit, I decided to just revert the php package BACK to php 5.2.10 for now.

[root@Archie pkg]# pacman -U php-5.2.10-3-i686.pkg.tar.gz
loading package data…
checking dependencies…
(1/1) checking for file conflicts [#########################################################################] 100%
error: failed to prepare transaction (conflicting files)
php: /etc/httpd/conf/extra/php5_module.conf exists in filesystem
php: /usr/lib/httpd/modules/libphp5.so exists in filesystem

errors occurred, no packages were upgraded.
[root@Archie pkg]# pacman -Uf php-5.2.10-3-i686.pkg.tar.gz
loading package data…
checking dependencies…
warning: /etc/php/php.ini installed as /etc/php/php.ini.pacnew
(1/1) upgrading php [#########################################################################] 100%
New optional dependencies for php
bzip2: bz2
curl: curl
gdbm: dba
libpng: gd
libjpeg: gd
freetype2: gd
pam: imap
libldap: ldap
libmcrypt: mcrypt
libtool: mcrypt
libmysqlclient: mysql/mysqli/pdo_mysql
unixodbc: odbc/pdo_odbc
openssl: openssl
postgresql-libs: pgsql/pdo_pgsql
aspell: pspell
net-snmp: snmp
sqlite3: pdo_sqlite
tidyhtml: tidy
libxslt: xsl
mhash: mhash
gmp: gmp
[root@Archie pkg]# /etc/rc.d/httpd restart
:: Restarting httpd daemon [BUSY] [DONE]

php-5.2.10-3-i686.pkg.tar.gz << worked
php-5.3.0-3-i686.pkg.tar.gz << new package … bleh
php-apache-5.3.0-3-i686.pkg.tar.gz << required package for new package

I guess until I have more time to sort this out, I'll just have to stick with the 5.2.x php package for now.

———————————-

http://www.archlinux.org/news/465/

PHP 5.3 enters [extra]

The new major PHP 5.3 release is finally available in the [extra] repository.
This update will require manual adjustments:
* update your php.ini; see php.ini.pacnew as reference
* module path is now /usr/lib/php/modules
* session, mbstring and zlib are now built in
* the fileinfo module is now built in and no longer a separate package
* mysqlnd is anabled; so libmysqlclient is no longer needed
* Setting default-character-set in my.cnf may cause encoding problems
* Set date.timezone in php.ini
* third party extensions need to be updated
* There are also new versions of the suhosin and apc extension
make sure to review their configuration as well

PHP was split into the following packages:
* php
* php-apache
* php-cgi
* php-curl
* php-enchant
* php-gd
* php-gmp
* php-intl
* php-ldap
* php-mcrypt
* php-odbc
* php-pear
* php-pgsql
* php-pspell
* php-snmp
* php-sqlite
* php-tidy
* php-xsl

If you are using php on a webserver you either need the cgi or apache sapi.
The sqlite package includes the sqlite3 drivers; the legacy sqlite2 drive is
included in the php package itself.

encfs – encrypted filesystem in user-space

Quoting from Wikipedia:
EncFS is a Free (GPL’ed) FUSE-based cryptographic filesystem that transparently encrypts files, using an arbitrary directory as storage for the encrypted files.

Two directories are involved in mounting an EncFS filesystem: the source directory, and the mountpoint. Each file in the mountpoint has a specific file in the source directory that corresponds to it. The file in the mountpoint provides the unencrypted view of the one in the source directory. Filenames are encrypted in the source directory.

Files are encrypted using a volume key, which is stored encrypted in the source directory. A password is used to decrypt this key.

Sounds complicated, but it’s really not. Basically what we are going to accomplish here is creating Directory that has all the files in it encrypted.
This will work on any system, this requires 3 applications if they are not already installed. fuse rlog encfs For me, it’s simply a matter of using pacman and installing them. You can use whatever package manager your distro provides or you can install from source.

Continue reading ‘encfs – encrypted filesystem in user-space’ »

My new 8,192 bit public key.

I’ve been playing with gpg again, and decided it was time to bump up my key size in order to have a key that was acceptable for encryption for the next few years. Until quantum computing kicks in, then I’ll have to double/quadruple the key size again… who knows. But for now, I think this will suffice for awhile.

Modifying gpg source code to allow 8,192 bit keys was simple to accomplish and the information is freely available on the net, so I won’t repost it here. However, if you want my new key, here it is :)
Continue reading ‘My new 8,192 bit public key.’ »