Archives for posts with tag: production

Accessing remote file systems with sshfs

August 12, 09 //
0

Like anyone has data stored accross multiple servers, keeping it organized can be a headache. At my house, I’m using a server running Samba to store my data for my laptop and desktop. That way, when I edit file X, I know it’ll be the same on either system.

Samba works great at home. However, opening a Samba share to entire world is a Bad Idea™.I wanted to be able to access some of my files off of my server at work that was secure and didn’t require setting up too much extra software. And this is where sshfs comes into play. Sshfs is a Filesystem client based off of the SSH Protocol. I picked sshfs over something like webdav because the server in question doesn’t have Apache installed and all of the servers I work on run ssh.

Setting up and using sshfs is pretty straight forward. First, install sshfs on the client. That’s one of the best part of sshfs; as long as the server has ssh running, you don’t need have to do anything on the server.  All of my boxes are running a varient of Debian, so I just used aptitude to install sshfs.

sudo aptitude install sshfs

I have not tried installing this on other linux distros, but I’m going to guess that using their package managers will give you similiar results. If you want to do things the hard way, source can be downloaded here. You’ll need FUSE2.2 and the latest version of glibc devel installed also. Your package manager of choice should take care of the dependencies for you.

Once you’ve got the software installed, you’ll need to add your normal user to the fuse group so they can mount and unmount the sshfs shares. You can use your GUI of choice, of the following CLI command:

sudo adduser user fuse

That’s it! That’s all you need to do to setup sshfs. Like with any file system, make a directory to mount the system to and then run the following command:

sshfs remoteuser@remotesystem:/path/to/dir localdir

You’ll now be able to access that directory remotely using sshfs. When running that above command, you may get the following error:

fusermount: failed to open /dev/fuse: Permission denied

Try running the command in a fresh shell. Chances are the current shell hasn’t picked up on the refreshed permissions. To unmount the sshfs directory, run the following command:

fusermount -u mountpoint

Like any filesystem, sshfs shares can be automagically mounted via the server’s fstab. Please note that if you do want to have the sshfs automount due to fstab, you will need to have SSH keys setup between the client and the server. Below is the syntax you’d want to use:

sshfs#USERNAME@REMOTE_HOST:REMOTE_PATH MOUNT_POINT fuse SSHFS_OPTIONS 0 0

It’s a pretty straightforward solution to a problem that had been bugging me for a while. I am able to access my remote files on a server with the ease of a samba share without having to install any extra software on the server itself. To me, something like sshfs is more convenient than webdav or sftp, because it allows the remote system to integrate seamlessly into my current system. I hope you find sshfs as useful as I have.

Backing up postgreSQL DBs with bash and cron

July 21, 09 //
1

postgresqlI’ve been working with postgres in my free time for a while now. I have been playing with fire, so to speak. I haven’t had any sort of backup solution on my postgres server. So after a bit of googling and reading postgres docs, I’ve came up with a very basic backup script.

What it does is backup each database separately and zips them up in order to save on space. It puts an hour – minute stamp on the database file and backs the DB up to a directory that is the current date. I’m going to add more to the script later, like only keeping so many backups, etc. But at this point, I just wanted to get a script running that creates backups just in case the server’s main drive dies or I botch something.

So without further ado, here’s the code of the script. I do have to give credit to the author of this post, as I heavily modified that script to do what I needed it to do. The big thing was the sed-awk line, as my sed-fu is quite poor.

#! /bin/bash
# PGSQL backup script

# logfile loc
logfile="/var/log/pgbackup.log"
# backup loc
backup_dir="/backup/pg_backups/"
touch $logfile
timeslot=`date +%H-%M`
monthday=`date +%F`

# mount /backup, create the dir and get a list of dbs
/bin/mount /backup
/bin/mkdir $backup_dir/$monthday
databases=`psql -U postgres -q -c "\l" | sed -n 4,/\eof/p | grep -v rows\) | awk {'print $1'}`

#backup the dbs
for i in $databases; do
        timeinfo=`date '+%T %x'`
        echo "Backup complete at $timeinfo for time slot $timeslot on database: $i " >> $logfile
	/usr/bin/pg_dump -U postgres $i | gzip > "$backup_dir/$monthday/postgre-$i-$timeslot-db.gz"
done

#unmount the backup drive
/bin/umount /backup

And that’s that. It’s a pretty simple script, but it gets the job done. I’m obviously running the script on the machine that postgres is on and the server I’m running it on is Ubuntu LTS with a backup drive in the server, so your milage may vary depending on your distro and your setup. You may want to test the script first before setting it as a cron on your DB server. Speaking of the cron, here’s the line you’ll want to set in your root crontab.

00 06 * * * /root/bin/pgbackup.sh > /dev/null 2>&1

I have the cron set to run at 6am since I’m asleep at 6am, so no one will be accessing the DBs. And now my DBs are safe from me and my postgres nubness.

The importance of documentation

July 16, 09 //
0

A few jobs ago I was a Work Study in college, and I was the head of IT’s assistant. He was in charge of the PBX phone system along with the network and workstations.

We had to do some desk juggling and rather than change assignments in the PBX we decided to just move the cables that connected the patch panel from the desk sto the PBX. Easy right? Nope. My boss’s predecessor when he set up the PBX system, along with all of the other patch panels to labs and offices didn’t document anything. He also used 15 foot cables when a 1 foot cable would have worked, but that’s a rant for another day.

My boss and I spent 20 hours over the course of a weekend documenting which ports on the patch panel matched which port in which office. 40 man-hours wasted because my boss’s predescor didn’t take a few minutes to document as he set everything up.

This kind of behavior is hard for me to wrap my head around. And my PBX example above isn’t an isolated experience. It seems that non-documentation like this occurs in IT departments across the country. It appears to be a mixture of pure laziness this and a “If I know everything, I’m irreplaceable” mentality.

SPOILERS: Everyone is replaceable.

The replacement may not be better, but everyone is replaceable. Case in point, Michael Jordan, the greatest basketball player of all time, retired from the Bulls twice. After both times, the Bulls had to find another guy to start at Shooting Guard. Were either of them as good as Jordan? No, not at all, but they were his replacement.

My advice is this: You’re not going to be at your current job forever, so do yourself and everyone else a favor and document everything. I use a mediawiki install for personal stuff, but even if its just a collection of Word docs in a network share, find something that works for you and run with it.

Recompiling Apache to use mpm_worker on a CPanel Server

July 11, 09 //
0

Arguably, the most important service that runs on a server is its webserver, and for most of the world this webserver is Apache. One of Apache’s main selling points, its modularity, is also its biggest drawback if not configured properly. Apache 2.0 and newer can be compiled with Multi Process Modules, or MPMs. The default MPM is prefork. Prefork is based off of the aging Apache 1.3 and works fine, but does have its disadvantages: it doesn’t handle large amounts of traffic gracefully nor is it really designed to handle newer hardware.

This is where mpm_worker comes in. Worker is a threaded MPM that is designed for newer hardware and handles larger amounts of traffic better. While prefork is the Apache default MPM, Debian based distrubutions run worker by default. Information regarding worker is available at the Apache Documentation.

“But,” you’re asking yourself, “I run a CPanel dedicated server and/or virtual private server at my webhost. Can I use worker?” Absolutely. CPanel provides the aptly named EasyApache script that allows for recompiles of Apache and PHP using an easy to navigate interface.

Before I get into the nitty gritty, a few caveats:

  1. If you’re in a shared hosting or reseller environment using CPanel, you’re probably out of luck. Most hosting providers do not allow for software changes in such situations.
  2. The Webhost Manager does have a web interface for EasyApache. I wouldn’t use it, because if your browser crashes during the EA, it’ll Break Everything™.
  3. Unless you are running a module that requires non threaded Apache, upgrading to worker will not cause any problems. Upgrading to Worker will not affect your PHP code, or your databases or your Google Analytics.

First thing, You’ll want to check to see what version of Apache you’re running, because if you’re running worker already then you’re already set. You can figure out the version of Apache by running the following command:

/usr/local/apache/bin/httpd -V

Which will give output like the following:

version

The line you’re looking for is the “APACHE_MPM_DIR”. As the screen shot shows, this server has Apache running with prefork, so it needs an upgrade. You launch the EasyApache script with the following command.

/scripts/easyapache

If your server is in a virtual environment using Xen, the EasyApache script will require a flag when it is executed. This flag will be provided when the script is ran. The technical reason is because the Xen console doesn’t support curses, which the EasyApache script uses.

A warning, I highly recommend running the EasyApache in a screen. As stated earlier, stopping an EA while its doing its thing will Break Everything™.

You’ll want to Customize based off of current profile and make sure that your compile Apache 2.0 or 2.2. Unless you’re upgrading PHP also, the next couple of windows can be skipped. On the Short Options List, pick the Exhaustive Options List. Once you’re in the exhaustive list, scroll until you hit the MPMs. It’ll look like this.

ea1

Unselect any selected MPMs and select Worker. More often then not, no MPM will be selected, which is fine because Prefork will be installed if nothing will be selected. The screen shot is with Apache 2.2 select, this screen will be different if you’re compiling Apache 2.0.

Once you select Worker, the following screen will pop up:

ea2

Select OK and hit enter. The warning is there because the non prefork or worker MPMs are experimental will probably not work most of the time. Worker is completely stable, so its safe to ignore this warning.

After that warning, navigate to the end and click save and build. With that, you have to wait for EasyApache to do its thing. This normally takes about 30 minutes, but can take longer depending on server load and how many modules are selected in EasyApache.

WARNING: Do not close your shell window until the EasyApache is done, or it will break things in interesting and fun ways. You DID remember to run this in a screen, right?

Once it’s done, you’ll want to check that it finished correctly. I usually do this by restarting Apache. Generally, if the EasyApache failed, Apache will error on restart.  After Apache restarts, you’ll want to check to make sure that Worker was installed, running the version check command from earlier. If everything went according to plan, you should get something like this:

final

If you’ve got something like that, then everything worked correctly. Now we’ll want to check to make sure Apache has its optimization directives in place. Sometimes EasyApache includes these directives, other times it doesn’t and I’m not really sure why. You’ll want to search for a block of text towards the top of the config at /usr/local/apache/conf/httpd.conf like the following. If its not there, add it. This block of text will be before the vhosts.

Timeout 300
KeepAlive On
MaxKeepAliveRequests 150
KeepAliveTimeout 5
<IfModule worker.c>
ServerLimit 16
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 500
</IfModule>

Once you’ve added these directives, you’ll want to restart Apache so they can take effect. These directives will probably need to be scaled depending on your server’s traffic load and how much resources the server has, but they do work well as a starting point.

And you’re done! Apache is now running the mpm_worker module. If your server has a high traffic load, the difference should be immediate. Slower traffic servers may not notice it until later.