sandip's blog

Find size of ext3 Journal

The journal is located at inode:

# tune2fs -l /dev/sda1 | awk '/Journal inode/ {print $3}'

The size of journal in Bytes is:

# debugfs -R "stat <inodenumber>" /dev/sda1 | awk '/Size: /{print $6}'|head -1

Note: "<>" is necessary around the inode number.

group writable web folders with setgid and ACL

Often times, there is need for web-accessible folders to be set up so all web-developers have write access.

Along with setgid option, ACL can be used so anyone in the group "web-developers"
would have write privileges to anything under web-accessible document root.

So unless the acl privileges is revoked specifically, it would just continue to work.

To enable ACL, add "acl" option to /etc/fstab file for the corresponding partition and remount.

Edit /etc/fstab:

/dev/mapper/home /home    &nbsp;    &nbsp; ext4    defaults,acl        0     ;  2

Remount:

# mount -o remount /home

Here is the commands to be used for the setup:

# groupadd developers
# chgrp -R developers /path/to/docroot
# find /path/to/docroot -type d -exec chmod g+s {} \;
# find /path/to/docroot -type d -exec setfacl -m g:developers:rwx,d:g:developers:rwx {} \;
# find /path/to/docroot -type f -exec setfacl -m g:developers:rw {} \;

Now anyone needing write access can be put in the "developers" group.

# usermod -G developers {username}

If you need the webserver to have write access to certain folders, then chown the location to be owned by the webserver, instead of giving write permissions to all.

# chown apache /path/to/docroot/apache

munin-node mysql setup

  • munin-node installed via epel repository.
  • Install perl-Cache-Cache:
    # yum install munin-node perl-Cache-Cache
  • Create file "/etc/munin/plugin-conf.d/mysql" with below contents:
    [mysql*]
    env.mysqluser munin
    env.mysqlpassword {PASS}
  • Create mysql user and assign corresponding privileges:
    mysql> create user munin@localhost identified by '{PASS}';
    mysql> GRANT PROCESS, SUPER ON *.* TO 'munin'@'localhost';
    mysql> GRANT SELECT ON `mysql`.* TO 'munin'@'localhost';
    mysql> flush privileges
  • Check the suggestions and install the plugins:
    munin-node-configure  --suggest 2>/dev/null |grep mysql
    munin-node-configure  --shell | grep mysql | sh
  • Test via:
    # cd /etc/munin/plugins
    # munin-run mysql_connections

Plesk courier-imap imapd on port 143 fails

After Plesk upgrade to 9.5.4, imapd on port 143 did not come up.

On checking the maillog, it was complaining about:

imapd: Invalid -maxprocsarg option.
imapd-ssl: Invalid -maxprocsarg option.

I noticed /etc/courier-imap/imapd had both the below lines commented:

#MAXDAEMONS=40
#MAXPERIP=4

Once I uncommented those values, I was able to get the imap listener up upon a `service courier-imap restart`.

Django postgresql connect_timeout via environment variable

Recently, I've had to move a postgresql database onto a separate server and split it out from the django application server.

On doing so, we saw intermittent "OperationalError: could not connect to server: Connection timed out".

This was quite obvious that the "connect_timeout" had to be increased to resolve the issue due to the latency introduced by the network. However, psycopg2 database adapter was being used which did not support the "connect_timeout" option to be passed via django.

We were able to work around the issue setting the environmental variable "PGCONNECT_TIMEOUT" so libpq would pick up the connection parameter.

Put the below in "django.wsgi":

os.environ['PGCONNECT_TIMEOUT'] = '30'

munin-node and postgresql plugins setup

While setting up munin to monitor postgresql, I was getting "[DBD::Pg not found, and cannot do psql yet]" when running `munin-node-configure --suggest | grep postgres`.

I confirmed that the rpm package "perl-DBI-1.52-2.el5" was indeed installed.

However, when I ran a test against the module, it failed with:

# perl -MDBD::Pg -e 1
Can't load '/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/DBD/Pg/Pg.so' for module DBD::Pg: libpq.so.4: cannot open shared object file: No such file or directory at /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/DynaLoader.pm line 230.
at -e line 0
Compilation failed in require.
BEGIN failed--compilation aborted.

On checking the library, it returned with "libpq.so.4 => not found":

# ldd /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/DBD/Pg/Pg.so
linux-vdso.so.1 =>  (0x00007fffb60bb000)
libpq.so.4 => not found
libc.so.6 => /lib64/libc.so.6 (0x00007fa36d2c2000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa36d845000)

Indeed libpq.so.4 was missing since postgresql90-libs was installed which only includes "libpq.so.5".

To get libpq.so.4, "compat-postgresql-libs" package needed to be installed.

Once installed the perl module test passed and I was able to get the munin plugins linked using:

# munin-node-configure --shell | grep postgres | sh

Configuring Bind RNDC

RNDC is a useful mechanism for administering DNS servers. If it is not configured, BIND complains about it.

Determine the locations where RNDC expects to find the config files.

# rndc status
  rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

Create the rndc config file:

# rndc-confgen > /etc/rndc.conf

Thy rndc conf file should also have the contents that need to go to "/etc/named.conf". See sample below:

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "aitNuyDz9NkSZ0MbxeQKcQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };

Once the key and control section has been added to named.conf, restart named and test again with:

# rndc status

openvz tmpfs and dcachesize

When using tmpfs inside OpenVZ containers, make sure to monitor and increase dcachesize (directory and inode entries) appropriately.

tmpfs mounts can be used to speed up applications doing lots of read/writes to temporary diskspace such a php sessions and mysql tmp directory.

Mount using "/etc/fstab":

tmpfs   /dev/shm   &nbsp;    tmpfs   noexec,nosuid,nodev  ; 0 0
tmpfs   /var/lib/php/session &nbsp;  tmpfs   mode=770,gid=48,size=500M,noexec,nosuid,nodev,noatime &nbsp;   0 0

Note: default folder permission of "/var/lib/php/session" is 770 and set to the apache Group ID.

watching nginx server status

Once you have turned on nginx stub_status and enabled access from localhost:

  location /nginx_status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    deny all;
  }

You can now watch the the status realtime with:

watch -n1 'curl localhost/nginx_status 2>/dev/null'

Remove all messages from exim queue

exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

`exim -bp`, lists the messages in queue, which is piped through awk, printing to output "exim -Mrm {MessageID}" which is further piped into bash for execution.

Comment