max aliases on network interface?
Howdy all, I remember rading quite a few years ago about the max number of aliases allowed on a single network interface. I believe this was for the 2.0 or 2.2 kernels. I know that quite a few resource limits were increased in 2.4, but I'm having a tough time nailing down anything solid for the max alias thing. any ideas or pointers would be helpful. thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
help with filesystem quotas
Howdy folks, I'm setting up a Deb woody server and want quota support on /home just in case we need to get serious. I have quota support in the kernel and the following in /etc/fstab: /dev/sda6 /home ext3defaults,data=journal,usrquota 0 2 I run #quotacheck -c /home and get this: -rw---1 root staff7168 Aug 28 12:11 aquota.user in /home. However, when I run: #quotaon /home I get this: quotaon: using /home/quota.user on /dev/sda6 [/home]: Invalid argument quotaon: Maybe create new quota files with quotacheck(8)? hmmm. ??? at first I thought it was due to quotaon not wanting to use version2 quota files, so I had quotacheck create one of those (quota.user) and i got the exact same message. I can't believe I can't get something this simple to work. any ideas? ext3 is mounted data=journal, could that be it? thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
help with user quotas
Howdy folks, I'm setting up a Deb woody server and want quota support on /home just in case we need to get serious. I have quota support in the kernel and the following in /etc/fstab: /dev/sda6 /home ext3defaults,data=journal,usrquota 0 2 I run #quotacheck -c /home and get this: -rw---1 root staff7168 Aug 28 12:11 aquota.user in /home. However, when I run: #quotaon /home I get this: quotaon: using /home/quota.user on /dev/sda6 [/home]: Invalid argument quotaon: Maybe create new quota files with quotacheck(8)? hmmm. ??? at first I thought it was due to quotaon not wanting to use version2 quota files, so I had quotacheck create one of those (quota.user) and i got the exact same message. I can't believe I can't get something this simple to work. any ideas? ext3 is mounted data=journal, could that be it? thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
mysql admin user problem
Howdy folks, I have installed mysql a few times (from debian packages) and never had any trouble, but this one just stumpes me. I installed debian woody and mysql on a server. I screwed up /var/lib/mysql trying to copy over some databases so I reinstalled mysql to bring things back to normal. I removed /var/lib/mysql first of course, but once installed, I would get this error when trying to start mysql: Starting MySQL database server: mysqld...failed. cat /var/log/mysql/mysql.err gives: 030630 16:59:46 mysqld started /usr/sbin/mysqld: ready for connections but, cat /var/log/mysql.log gives: /usr/sbin/mysqld, Version: 3.23.49-log, started with: Tcp port: 0 Unix socket: /var/run/mysqld/mysqld.sock Time Id CommandArgument 030630 16:59:47 1 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:48 2 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:49 3 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:50 4 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:51 5 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:52 6 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) The process list shows 4 mysql processes running (when none were running before). '/etc/init.d/mysql stop' does nothing. I have removed mysql-server, and mysql-client and then removed /etc/mysql and /var/lib/mysql before reinstalling both mysql-server and mysql-client. yet, still I get these errors. if anyone has any ideas I'd love to hear them! thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mysql admin user problem
Howdy all, just wanted to say what worked. Dominik's suggestion to 'purge' the mysql packages with apt-get did the trick. One final reinstall had everything working fine. Not sure where the sanfu was... thanks guys! On Mon, Jun 30, 2003 at 05:03:36PM -0600 or thereabouts, David Wilk wrote: > Howdy folks, > > I have installed mysql a few times (from debian packages) and never had > any trouble, but this one just stumpes me. I installed debian woody and > mysql on a server. I screwed up /var/lib/mysql trying to copy over some > databases so I reinstalled mysql to bring things back to normal. I > removed /var/lib/mysql first of course, but once installed, I would get > this error when trying to start mysql: > > > Starting MySQL database server: mysqld...failed. > > > cat /var/log/mysql/mysql.err gives: > > > 030630 16:59:46 mysqld started > /usr/sbin/mysqld: ready for connections > > > but, cat /var/log/mysql.log gives: > > > /usr/sbin/mysqld, Version: 3.23.49-log, started with: > Tcp port: 0 Unix socket: /var/run/mysqld/mysqld.sock > Time Id CommandArgument > 030630 16:59:47 1 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:48 2 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:49 3 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:50 4 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:51 5 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:52 6 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > > > The process list shows 4 mysql processes running (when none were running > before). '/etc/init.d/mysql stop' does nothing. > > I have removed mysql-server, and mysql-client and then removed > /etc/mysql and /var/lib/mysql before reinstalling both mysql-server and > mysql-client. yet, still I get these errors. > > if anyone has any ideas I'd love to hear them! > > thanks, > Dave > > > -- > *** > David Wilk > System Administrator > Community Internet Access, Inc. > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
mysqld listening to the network interface
I have another mysql question for ya. I remember setting up mysqld in slink and it was a breeze to get it listening on the network. I figured the mysqld in woody would be just as easy. Unfortunately, a netstat -a shows no sign of mysqld (even tho I verified it's running) and I can't for the life of me figure out where the config is to enable this. All the docs indicate how to *disable* the network daemon, not enable. Is the woody default to *not* listen on the network? Is there a way to change this (has to be...) thanks for any ideas you may have. Dave -- ******* David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: mysqld listening to the network interface
Oh my gawd. I can't believe I missed that. SHEEESH! sorry, musta been a brain-fart day. I thank you for so politely pointing out the obvious, and apologize for such a lame question. I swear I read that file... thanks for helping out. Dave On Wed, Jul 09, 2003 at 09:14:31AM +1000 or thereabouts, Brad Lay wrote: > On Tue, 8 Jul 2003, David Wilk wrote: > > > I have another mysql question for ya. I remember setting up mysqld in > > slink and it was a breeze to get it listening on the network. > > > > I figured the mysqld in woody would be just as easy. Unfortunately, a > > netstat -a shows no sign of mysqld (even tho I verified it's running) > > and I can't for the life of me figure out where the config is to enable > > this. All the docs indicate how to *disable* the network daemon, not > > enable. > > > > Is the woody default to *not* listen on the network? Is there a way to > > change this (has to be...) > > > > thanks for any ideas you may have. > > look in your /etc/mysql/my.cnf file for the line > > 'skip-networking', and comment it. > > restart mysql and you should be cooking. > > Regards, > > Brad Lay ( brad /at/ coombabah.net ) > > P) (07) 55 311177 > W) http://coombabah.net/ > > "I used to be indecisive, now I'm not so sure." -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: bdflush or others affecting disk cache
I'm going to have to disagree with the above poster. This VM behavior is not ideal and is really counter-productive. 2.4.x saw lot's of VM work to improve performance over broad ranges of work-load. The problems occur when changes are made for corner-cases and some more mainstream workloads suffer. anyway, not to belabor the point here, but 2.4 has seen almost constant improvement in VM (and scheduler as well). I didn't see performance improve to acceptable levels until about 2.4.23/24. You will want to upgrade your kernel to the latest (2.4.26 as I write this) and you should see a vast improvement in VM behavior. on your question of running w/o swap space I will answer: NOT ON YOUR LIFE! you should *never* run any kind of server w/o swap unless you don't mind processes randomly dying because OOM killer decides they should go for the sake of the system... so, for the sake of your sanity (and the security of your system) upgrade to 2.4.26 and re-enable swap! good luck, Dave On Mon, Apr 19, 2004 at 08:27:35PM +0800 or thereabouts, Jason Lim wrote: > Followup: interesting results. > > I've now tried removing the swap altogther (swapoff) and the server > appears to be running much smoother and faster. > > Here is the new top info: > > 212 processes: 210 sleeping, 2 running, 0 zombie, 0 stopped > CPU states: 8.4% user, 32.2% system, 0.9% nice, 58.2% idle > Mem: 1027212K av, 1015440K used, 11772K free, 0K shrd, 186196K > buff > Swap: 0K av, 0K used, 0K free 370588K > cached > > by the way, most of the processes are httpd and mysql (this is a hosting > server). > > I'm somewhat concerned about having no swap though... any side-effects of > running with no swap? As expected, most of the swapped data reverted to > RAM by reducing the cache size (by approximately the amount that was used > by swap). > > Hope someone can shed some light on this. I'm looking at the results, but > can't understand why it is swapping so aggressively... to the point that > it is running itself out of RAM for active programs to increase cache > size. > > Jas > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, 19 April, 2004 7:31 AM > Subject: bdflush or others affecting disk cache > > > > Hi all, > > > > I've been banging my head on this one for a while now on a 2.4.20 > system. > > Here is the output of top: > > > > Mem: 1027212K av, 1018600K used,8612K free, 0K shrd, 70728K > > buff > > Swap: 2097136K av, 35556K used, 2061580K free 690140K > > cached > > > > > > and the output of free: > > > > total used free sharedbuffers > cached > > Mem: 10272121016256 10956 0 71528 > 683956 > > -/+ buffers/cache: 260772 766440 > > Swap: 2097136 346922062444 > > > > > > The problem is that swap usage can grow to 100Mb... yet the buffers and > > cache remain at astoundingly high levels. > > > > I can actually see memory to cache and buffers increasing and at the > same > > time see it increasing swap usage! > > > > What I don't get is why the system... with about 700Mb in cache and 70Mb > > in buffers, is using swap space at all. > > > > I've searched high and low on Google... using phrases like "linux kernel > > proc cache", buffers, bdflush, etc. but I still can't explain this. > > > > Wouldn't it be far, FAR faster for the system to reduce the cache by > about > > 100Mb or so instead of swapping that 100Mb to disk? And note that the > swap > > usage is constantly fluctuating, so you can see the performance problem > > this is causing. Any ideas?! > > > > Thanks in advance. > > > > Jas > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
new suid-perl debian security update breaks qmail-scanner!
Howdy, I noticed that qmail-scanner-queue refuses to run after the last debian perl update. I tried to install the latest qmail-scanner, but unfortunately the ./configure fails reporting: Testing suid nature of /usr/bin/suidperl... Whoa - broken perl install found. Cannot even run a simple script setuid Installation of Qmail-Scanner FAILED Error was: suidperl needs fd script I verified that suidperl is indeed suid root. Not sure what's going on. anyone have any ideas? thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: new suid-perl debian security update breaks qmail-scanner!
I did just this (except the 'SUIDPERL="${SUIDPERL:-$dir/perl}"' line was
on line 500) and now it's working perfectly. thanks for the post! you
really saved my day.
thanks,
Dave
On Mon, Apr 19, 2004 at 08:08:36PM +0200 or thereabouts, Debian wrote:
> El lun, 19-04-2004 a las 19:58, David Wilk escribi?:
> > Howdy,
> >
> > I noticed that qmail-scanner-queue refuses to run after the last debian
> > perl update. I tried to install the latest qmail-scanner, but
> > unfortunately the ./configure fails reporting:
> >
> >
> > Testing suid nature of /usr/bin/suidperl...
> > Whoa - broken perl install found.
> > Cannot even run a simple script setuid
> >
> > Installation of Qmail-Scanner FAILED
> >
> > Error was:
> > suidperl needs fd script
> >
> >
> > I verified that suidperl is indeed suid root. Not sure what's going on.
> > anyone have any ideas?
> >
> > thanks,
> > Dave
> > --
> > ***
> > David Wilk
> > System Administrator
> > Community Internet Access, Inc.
> [EMAIL PROTECTED]
>
> Hi all,
>
> this update fixes a security hole in suid-perl and now you cannot exec
> it directly from /usr/bin/suidperl, u must call it from perl executable.
> So to fix the problem with qmail-scanner u must edit the qmail-scanner's
> configure script and replace suidperl with perl in the line where the
> variable SUIDEPERL is defined (SUIDPERL="${SUIDPERL:-$dir/perl}").
> That's the line 650 in qmail-scanner-1.21st.
>
> This has fixed the problem for me.
>
> Greetings
>
> --
> Carlos Solano Lisa
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
***
David Wilk
System Administrator
Community Internet Access, Inc.
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
high performance, highly available web clusters
Howdy all, I am thinking about how to increase the capacity of a web cluster and was wondering if anyone out there had any experience with this type of thing. The cluster is comprised of a load-balancer, several web servers connected to a redundant pair of NFS servers and a redundant pair of MySQL servers. The current bottle-neck is, of course, the NFS servers. However, the entire thing needs an increase in capacity by several times. First of all, the web servers need a hardware upgrade and increase in total number. The expensive option would be to add a high-performance SAN which would do the trick for all of the servers that required high-performance shared storage. this would solve the NFS performance problems. However, for alot less money, one could simply do away with the file server entirely. Since this is static content, one could keep these files locally on the webservers and push the content out from a central server via rsync. I figure a pair of redundant internal web server 'staging servers' could be used for content update. Once tested, the update could be pushed to the production servers with a script using rsync and ssh. Each server, would of course, require fast and redundant disk subsystems. I think the lowest cost option is to increase the number of image servers, beef up the NFS servers and MySQL servers and add to the number of web servers in the cluster. This doesn't really solve the design problem, though. What have you guys done with web clusters? thanks! Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: high performance, highly available web clusters
On Thu, May 20, 2004 at 08:43:35AM -0400 or thereabouts, John Keimel wrote: > Personally, I can't see the sense in replacing a set of NFS servers with > individual disks. While you might save money going with local disks in > the short run your maintenance costs (moreso the time cost than dollar > cost) would increase accordingly. Just dealing with lots of extra moving > parts puts a shiver down my spine. Each webserver will need local storage for the system anyway. I would make that local storage large enough for the static content that is normally held on the NFS server. Worried about disks failing? That happens, and if a server drops out of the cluster, we just put it back after repairs. The cluster offers a level of redundancy that makes a single failure hardly noticeable. The problem with NFS is that it simply was not designed to handle the number of FS operations (90-150/s now and we want 10X that) that web serving can demand. You suggest a RAM disk, and yet find the NFS server adequate as well??? > > I'm not sure how your 'static content' fits in with your mentioning > multiple MySQL servers, that seems dynamic to me - or at least, ability > for much dynamic content. Static content is stored on the NFS server, dynamic content is stored on the Mysql servers. The vast majority of content are image files. > > If you ARE serving up a lot of static content, I might recommend a > situation that's similar to a project I worked on for a $FAMOUSAUTHOR > where we designed multiple web servers behind a pair of L4 switches. The > pair of switches (pair for redundancy) load balanced for us and we ran > THTTPD on the servers. There were a few links to offsite content, where > content hosting providers (cannot remember the first, but they later > went with Akamai) offered up the larger file people came to download. > Over the millions of hits we got, it survived quite nicely. We ran out > of bandwidth (50Mb/s) before the servers even blinked. that's awesome. Sounds like you got that one nailed. > > Perhaps if it IS static you might also consider loading your content > into a RAMdisk, which would provide probably the fastest access time. I > might consider such a thing these days with the dirt cheap pricing of > RAM. Actually, I figure a large bank of RAM (say, 4GB) will allow linux to allocate enough ram to the disk cache that the most commonly used files will be read right from RAM. Does this seem reasonable? > > I think some kind of common disk (NFS, whatever, on RAID) is your > best solution. why does it have to be common disk? why not local that is periodically updated? the increase in latency by using NFS (or SMB, whatever) and the overhead of all the FS operations is just killer. Besides, when you aggregate all your storage to a single fileserver, you provide yourself a single point of failure. Even with a dual redundant NFS setup, you still have only one level of redundancy. With a 10 server web cluster I could lose half my servers and still serve plenty of content. > > HTH > > j > -- > > == > + It's simply not | John Keimel+ > + RFC1149 compliant!| [EMAIL PROTECTED]+ > + | http://www.keimel.com + > == > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: high performance, highly available web clusters
On Fri, May 21, 2004 at 01:23:52AM +1000 or thereabouts, Russell Coker wrote: > On Thu, 20 May 2004 15:48, David Wilk <[EMAIL PROTECTED]> wrote: > > The cluster is comprised of a load-balancer, several web servers > > connected to a redundant pair of NFS servers and a redundant pair of > > MySQL servers. The current bottle-neck is, of course, the NFS servers. > > However, the entire thing needs an increase in capacity by several > > times. > > The first thing I would do in such a situation is remove the redundant NFS > servers. I have found the NFS client code in Linux to be quite fragile and > wouldn't be surprised if a cluster fail-over killed all the NFS clients (a > problem I often had in Solaris 2.6). In this case the webservers (NFS client) and NFS servers are FreeBSD. I believe FreeBSD's NFS is a bit more reliable than with Linux. However, for pure performance (and scalability) reasons, the NFS has got to go. Local disks can be used for content that doesn't need to change in real time. that's what the Mysql servers are for. Now, here's the other question. Now that the web cluster can scale the static content ad infinitum, what about the dynamic content? What can be done with Mysql to load balance? currently they do what everyone does with two stand-alone Mysql servers that are updated simulataneously with the client writing to both. The client can then read from the backup Mysql server if the primary fails. I could just build two massive stand-alones, but a cluster would be more scalable. > > > However, for alot less money, one could simply do away with the file > > server entirely. Since this is static content, one could keep these > > files locally on the webservers and push the content out from a central > > server via rsync. I figure a pair of redundant internal web server > > 'staging servers' could be used for content update. Once tested, the > > update could be pushed to the production servers with a script using > > rsync and ssh. Each server, would of course, require fast and redundant > > disk subsystems. > > Yes, that's a good option. I designed something similar for an ISP I used to > work for, never got around to implementing it though. My idea was to have a > cron job watch the FTP logs to launch rsync. That way rsync would only try > to copy the files that were most recently updated. There would be a daily > rsync cron job to cover for any problems in launching rsync from ftpd. > > With local disks you get much more bandwidth (even a Gig-E link can't compare > with a local disk), better reliability, and you can use the kernel-httpd if > you need even better performance for static content. Finally such a design > allows you to have a virtually unlimited number of web servers. Agreed. I think the last comment on scalability is key. I hadn't thought of that. Removing the common storage makes adding more webservers as easy as dropping in more boxes to the cluster and updating the load-balancer. Adding mores storage is not a chore either. Servers can be removed one at a time for disk upgrades. or, simply add new ones and retire the old ones, add more drives to the RAID... etc. thanks for the advice! Dave > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
apache-ssl restart fails after monthly logrotate
Howdy folks, I've been admining debian servers for a few years now and this problem is a new one on me. I have the standard apache-ssl setup with logrotate handling standard logrotation of about 115 virtual hosts in /var/log/httpd/. for the first 3 months or so everything went fine at the monthly log rotation, however for the last 2 months apache-ssl has failed to restart after logrotation. The last time this happened, I found the apache parent gone, with several children straggling around. I couldn't just issue an /etc/init.d/apache-ssl start, but had to manually kill the children first. There is simply nothing in the logs (well, nothing in /var/log/apache-ssl logs and the most active virtual host, but I did not check all virtual host logs) has anyone seen this before? oh, system is Debian/Woody on a PIII/1.2G 2G-RAM with plenty of disk space. any ideas would be greatly appreciated! thanks, Dave -- ******* David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: apache-ssl restart fails after monthly logrotate
Emmanuel, thanks for the email. I figured someone else would have seen this before. I really appreciate the response. I was going to try 'restart' next, but thought I'd check with the list first. Guess that's all there is to it. I'll try to get ahold of the maintainers and see if they have any ideas. Yeah, I've been toying with the idea of piping logs to that script that comes with apache, but I just don't have time to mess with that right now. Most of our customers don't even know what their web server logs are... I'll check my logs for that error and I'll certainly get back to you if I find a solution. thanks, Dave On Fri, Apr 11, 2003 at 11:07:20PM +0200 or thereabouts, Emmanuel Lacour wrote: > I've got several servers too and saw this once or twice on some servers > with apache-ssl (and woody of course). A friend showed this too one > time on one of his servers. The only way that seems to work actualy is > to replace "reload" in logrotate.d/apache-ssl with "restart"!!! But can > you really do this, it depends of your server use. I think it's a > problem with direct logging to file. Probably using a pipe too a > programm will be better, but debian doesn't come with such a solution in > standard, and I haven't time to try something like this (restart is not > really a problem for me). Maybe we will need to have a look on > rotatelogs program which come with apache. > > Please keep us informed if you find a good issue. > > > > PS: each time there was lines like this in apache logs: > > accept_mutex_on: Identifier removed > [alert] Child 4968 returned a Fatal error... > Apache is exiting! > > > At logrotate time, and apache died some minutes/hour afters (it > depends). > > -- > Emmanuel Lacour Easter-eggs > 44-46 rue de l'Ouest - 75014 Paris - France - M?tro Gait? > Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 > mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
apache-ssl in woody crashing
Howdy folks, apache-ssl failing the reload after logrotate is nothing. I just had an out and out crash today. I've administered serveral apache 1.3.x servers on debian linux (and other unices) w/o incident, however I'm having a problem with the latest debian woody apache-ssl-1.3.26. Recently I had apach-ssl just outright crash without any logrotation involved. This is a bit alarming. here's what /var/log/apache-ssl/error.log shows: [Tue Apr 15 08:08:51 2003] [error] [client 65.101.127.48] Invalid URI in request GET (null) HTTP/1.0 Failed to connect to socket: /var/run/gcache_port connect: Connection refused apache-ssl: gcacheclient.c:118: OpenServer: Assertion `!"couldn't connect to socket"' failed. Failed to connect to socket: /var/run/gcache_port connect: Connection refused apache-ssl: gcacheclient.c:118: OpenServer: Assertion `!"couldn't connect to socket"' failed. [Tue Apr 15 08:25:35 2003] /usr/lib/apache-ssl/gcache started the first line being normal and the last being normal (after restart). Now, this is debian woody (3.0), apache-ssl-1.3.26+1.48 configured with 130 virtual hosts each with two log files on kernel 2.4.20-stock, 2GB RAM. I believe the 2.4 kernel provides plenty of file handles to processes, so I can't imagine this is an issue. Anyone else see this? I'm wondering: 1. is there a prob with this package? should I compile from latest sources instead? 2. is it apache-ssl that's the prob, would apache plust mod-ssl do better? 3 is it not apache at all, but rather some system resource limitation? I know apache uses a butt-load of file descriptors (file handles), but the 2.4 kernel isn't stingy with those any ideas would be greatly appreciated. thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
daily apache-ssl reload is causing probs
Hello all, I think I have found that an /etc/init.d/apache-ssl restart is the only way to properly restart apache-ssl after a logrotation. However, I've had apache-ssl die two days in a row, and the culprit appears to be some process that is sending apache-ssl a SIGUSR1 (what apache-ssl reload or httpsdctl graceful issues). Here's the log: [Mon Apr 14 03:00:18 2003] [notice] SIGUSR1 received. Doing graceful restart [Mon Apr 14 03:00:18 2003] /usr/lib/apache-ssl/gcache started [Mon Apr 14 03:00:19 2003] [error] (2)No such file or directory: mod_mime_magic: ca n't read magic file /etc/apache-ssl/share/magic [Mon Apr 14 03:00:19 2003] [notice] Apache/1.3.26 Ben-SSL/1.48 (Unix) Debian GNU/Li nux PHP/4.1.2 mod_perl/1.26 configured -- resuming normal operations [Mon Apr 14 03:00:19 2003] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apa che-ssl/suexec) [Mon Apr 14 03:00:19 2003] [notice] Accept mutex: sysvsem (Default: sysvsem) the problem is I don't know what could possibly be issueing this SIGUSR1 signal to apache-ssl every morning at the exact same time that cron runs /etc/cron.daily. I've checked all my cron jobs and can't seem to find the culprit. if anyone has any ideas, I'd be grateful. thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: daily apache-ssl reload is causing probs
I like your detective work, and I agree with your conclusion, however (unfortunately) there is no apache-ssl script in /etc/cron.daily! damn, I was hoping you were on to something. On Wed, Apr 16, 2003 at 01:06:13PM -0600 or thereabouts, Art Sackett wrote: > On Wed, Apr 16, 2003 at 11:56:45AM -0600, David Wilk wrote: > > > However, I've > > had apache-ssl die two days in a row, and the culprit appears to be some > > process that is sending apache-ssl a SIGUSR1 (what apache-ssl reload or > > httpsdctl graceful issues). > > H... I'm looking at a potato machine now, in > /etc/cron.daily/apache-ssl I find: > > # Send a reload signal to the apache server. > if [ -x /usr/bin/killall ] > then > /usr/bin/killall -HUP apache-ssl > else > /etc/init.d/apache-ssl reload > /dev/null > fi > > So, if your machine doesn't have an executable killall, you're going to > use /etc/init.d/apache-ssl's reload, which: > > reload) > echo -ne "Reloading $NAME configuration.\n" > $APACHECTL graceful > ;; > > and $APACHECTL being /usr/sbin/apache-sslctl, the appropriate lines > from graceful) are: > > if $HTTPD -t >/dev/null 2>&1; then > if kill -USR1 $PID ; then > echo "$0 $ARG: httpd gracefully restarted" > else > echo "$0 $ARG: httpd could not be restarted" > ERROR=7 > fi > > So, there's at least one way to get a USR1 sent to apache-ssl. > > -- > Art Sackett > http://www.artsackett.com/ > PGP/GPG Public Key: [EMAIL PROTECTED] (autoresponder) > > In spite of everything, I still believe that people are good at heart. > -- Ann Frank > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: daily apache-ssl reload is causing probs (FIXED)
Howdy folks, Well, I did some digging and found some answers. I'm posting my solution here in the event that others might find it useful. first of all, there's a bug in woody's logrotate package. Logrotate will (might?) issue the postrotate command from any logrotate config (be it daily, weekly or monthly) on a daily basis. So, if you only expect apache-ssl to get restarted (apache-sslctl restart or /etc/init.d/apache-ssl restart) monthly with your monthly logrotate config, think again. it's probably happening every night. Second, I figured out that although the debian apache-ssl script (/etc/init.d/apache-ssl) would cause apache-ssl to choke on a reload, using 'apache-sslctl graceful' which has the same effect of sending a SIGUSR1 to the apache-ssl parent process does not appear to have the same problem. So far I've gone through several weeks of daily apache-sslctl graceful's and one monthly logrotate without a single problem with apache-ssl. so, to be clear, all I did was replace /etc/init.d/apache-ssl reload with /usr/sbin/apache-sslctl graceful in the postrotate command in my logrotate config for apache-ssl. I haven't investigated exactly why this change works, but I know that it does, most likely. I won't really be sure that it's trouble free until it's been up for several months without incident, but after going down every couple days, I feel like a few weeks is a pretty good indication that the problem has been resolved. hope someone finds this useful. Dave On Wed, Apr 16, 2003 at 11:56:45AM -0600 or thereabouts, David Wilk wrote: > Hello all, > > I think I have found that an /etc/init.d/apache-ssl restart is the only > way to properly restart apache-ssl after a logrotation. However, I've > had apache-ssl die two days in a row, and the culprit appears to be some > process that is sending apache-ssl a SIGUSR1 (what apache-ssl reload or > httpsdctl graceful issues). > > Here's the log: > > [Mon Apr 14 03:00:18 2003] [notice] SIGUSR1 received. Doing graceful > restart > [Mon Apr 14 03:00:18 2003] /usr/lib/apache-ssl/gcache started > [Mon Apr 14 03:00:19 2003] [error] (2)No such file or directory: > mod_mime_magic: ca > n't read magic file /etc/apache-ssl/share/magic > [Mon Apr 14 03:00:19 2003] [notice] Apache/1.3.26 Ben-SSL/1.48 (Unix) > Debian GNU/Li > nux PHP/4.1.2 mod_perl/1.26 configured -- resuming normal operations > [Mon Apr 14 03:00:19 2003] [notice] suEXEC mechanism enabled (wrapper: > /usr/lib/apa > che-ssl/suexec) > [Mon Apr 14 03:00:19 2003] [notice] Accept mutex: sysvsem (Default: > sysvsem) > > the problem is I don't know what could possibly be issueing this SIGUSR1 > signal to apache-ssl every morning at the exact same time that cron runs > /etc/cron.daily. I've checked all my cron jobs and can't seem to find > the culprit. > > if anyone has any ideas, I'd be grateful. > > thanks, > Dave > -- > *** > David Wilk > System Administrator > Community Internet Access, Inc. > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: daily apache-ssl reload is causing probs (FIXED)
Ok, never mind. Everything below is correct except for the solution. no matter how I get that SIGUSR1 sent to apache-ssl, it still fails the reload randomly - from the command line or from logrotate... I guess I'll be trying apache+mod_ssl out of despiration. On Tue, May 06, 2003 at 10:33:34AM -0600 or thereabouts, David Wilk wrote: > Howdy folks, > > Well, I did some digging and found some answers. I'm posting my > solution here in the event that others might find it useful. > > first of all, there's a bug in woody's logrotate package. Logrotate > will (might?) issue the postrotate command from any logrotate config (be > it daily, weekly or monthly) on a daily basis. So, if you only expect > apache-ssl to get restarted (apache-sslctl restart or > /etc/init.d/apache-ssl restart) monthly with your monthly logrotate > config, think again. it's probably happening every night. > > Second, I figured out that although the debian apache-ssl script > (/etc/init.d/apache-ssl) would cause apache-ssl to choke on a reload, > using 'apache-sslctl graceful' which has the same effect of sending a > SIGUSR1 to the apache-ssl parent process does not appear to have the > same problem. So far I've gone through several weeks of daily > apache-sslctl graceful's and one monthly logrotate without a single > problem with apache-ssl. so, to be clear, all I did was replace > /etc/init.d/apache-ssl reload with /usr/sbin/apache-sslctl graceful in > the postrotate command in my logrotate config for apache-ssl. > > I haven't investigated exactly why this change works, but I know that it > does, most likely. I won't really be sure that it's trouble free until > it's been up for several months without incident, but after going down > every couple days, I feel like a few weeks is a pretty good indication > that the problem has been resolved. > > hope someone finds this useful. > > Dave > > > On Wed, Apr 16, 2003 at 11:56:45AM -0600 or thereabouts, David Wilk wrote: > > Hello all, > > > > I think I have found that an /etc/init.d/apache-ssl restart is the only > > way to properly restart apache-ssl after a logrotation. However, I've > > had apache-ssl die two days in a row, and the culprit appears to be some > > process that is sending apache-ssl a SIGUSR1 (what apache-ssl reload or > > httpsdctl graceful issues). > > > > Here's the log: > > > > [Mon Apr 14 03:00:18 2003] [notice] SIGUSR1 received. Doing graceful > > restart > > [Mon Apr 14 03:00:18 2003] /usr/lib/apache-ssl/gcache started > > [Mon Apr 14 03:00:19 2003] [error] (2)No such file or directory: > > mod_mime_magic: ca > > n't read magic file /etc/apache-ssl/share/magic > > [Mon Apr 14 03:00:19 2003] [notice] Apache/1.3.26 Ben-SSL/1.48 (Unix) > > Debian GNU/Li > > nux PHP/4.1.2 mod_perl/1.26 configured -- resuming normal operations > > [Mon Apr 14 03:00:19 2003] [notice] suEXEC mechanism enabled (wrapper: > > /usr/lib/apa > > che-ssl/suexec) > > [Mon Apr 14 03:00:19 2003] [notice] Accept mutex: sysvsem (Default: > > sysvsem) > > > > the problem is I don't know what could possibly be issueing this SIGUSR1 > > signal to apache-ssl every morning at the exact same time that cron runs > > /etc/cron.daily. I've checked all my cron jobs and can't seem to find > > the culprit. > > > > if anyone has any ideas, I'd be grateful. > > > > thanks, > > Dave > > -- > > *** > > David Wilk > > System Administrator > > Community Internet Access, Inc. > > [EMAIL PROTECTED] > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- > *** > David Wilk > System Administrator > Community Internet Access, Inc. > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: daily apache-ssl reload is causing probs (FIXED)
On Tue, May 20, 2003 at 11:09:49AM -0700 or thereabouts, Wade Richards wrote: > Hi, > > On Tue, 20 May 2003 11:12:00 MDT, David Wilk writes: > >Ok, never mind. Everything below is correct except for the solution. > >no matter how I get that SIGUSR1 sent to apache-ssl, it still fails the > >reload randomly - from the command line or from logrotate... > > I haven't been carefully following this thread, so I may be answering > the wrong question. If so, sorry to waste your time. > > When you do a graceful restart, apache will spend a few minutes writing > to the old log files before it does the reload. yeah, good point. you almost had me going there. I was going to blame logrotate for not timing the logrotation with the reload properly, but this 'failure' on the part of apache-ssl occurs with or without log rotation, from cron or from the command line. It appears to be apache-ssl and apache-ssl all alone. thanks for the idea, tho. > > See <http://httpd.apache.org/docs-2.1/logs.html#rotation> for more details. > > This may or may not have anything to do with your problem. > > --- Wade > -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
mysql admin user problem
Howdy folks, I have installed mysql a few times (from debian packages) and never had any trouble, but this one just stumpes me. I installed debian woody and mysql on a server. I screwed up /var/lib/mysql trying to copy over some databases so I reinstalled mysql to bring things back to normal. I removed /var/lib/mysql first of course, but once installed, I would get this error when trying to start mysql: Starting MySQL database server: mysqld...failed. cat /var/log/mysql/mysql.err gives: 030630 16:59:46 mysqld started /usr/sbin/mysqld: ready for connections but, cat /var/log/mysql.log gives: /usr/sbin/mysqld, Version: 3.23.49-log, started with: Tcp port: 0 Unix socket: /var/run/mysqld/mysqld.sock Time Id CommandArgument 030630 16:59:47 1 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:48 2 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:49 3 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:50 4 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:51 5 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) 030630 16:59:52 6 Connect Access denied for user: '[EMAIL PROTECTED]' (Using password: YES) The process list shows 4 mysql processes running (when none were running before). '/etc/init.d/mysql stop' does nothing. I have removed mysql-server, and mysql-client and then removed /etc/mysql and /var/lib/mysql before reinstalling both mysql-server and mysql-client. yet, still I get these errors. if anyone has any ideas I'd love to hear them! thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: mysql admin user problem
Howdy all, just wanted to say what worked. Dominik's suggestion to 'purge' the mysql packages with apt-get did the trick. One final reinstall had everything working fine. Not sure where the sanfu was... thanks guys! On Mon, Jun 30, 2003 at 05:03:36PM -0600 or thereabouts, David Wilk wrote: > Howdy folks, > > I have installed mysql a few times (from debian packages) and never had > any trouble, but this one just stumpes me. I installed debian woody and > mysql on a server. I screwed up /var/lib/mysql trying to copy over some > databases so I reinstalled mysql to bring things back to normal. I > removed /var/lib/mysql first of course, but once installed, I would get > this error when trying to start mysql: > > > Starting MySQL database server: mysqld...failed. > > > cat /var/log/mysql/mysql.err gives: > > > 030630 16:59:46 mysqld started > /usr/sbin/mysqld: ready for connections > > > but, cat /var/log/mysql.log gives: > > > /usr/sbin/mysqld, Version: 3.23.49-log, started with: > Tcp port: 0 Unix socket: /var/run/mysqld/mysqld.sock > Time Id CommandArgument > 030630 16:59:47 1 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:48 2 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:49 3 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:50 4 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:51 5 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > 030630 16:59:52 6 Connect Access denied for user: > '[EMAIL PROTECTED]' (Using password: YES) > > > The process list shows 4 mysql processes running (when none were running > before). '/etc/init.d/mysql stop' does nothing. > > I have removed mysql-server, and mysql-client and then removed > /etc/mysql and /var/lib/mysql before reinstalling both mysql-server and > mysql-client. yet, still I get these errors. > > if anyone has any ideas I'd love to hear them! > > thanks, > Dave > > > -- > *** > David Wilk > System Administrator > Community Internet Access, Inc. > [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
mysqld listening to the network interface
I have another mysql question for ya. I remember setting up mysqld in slink and it was a breeze to get it listening on the network. I figured the mysqld in woody would be just as easy. Unfortunately, a netstat -a shows no sign of mysqld (even tho I verified it's running) and I can't for the life of me figure out where the config is to enable this. All the docs indicate how to *disable* the network daemon, not enable. Is the woody default to *not* listen on the network? Is there a way to change this (has to be...) thanks for any ideas you may have. Dave -- ******* David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: mysqld listening to the network interface
Oh my gawd. I can't believe I missed that. SHEEESH! sorry, musta been a brain-fart day. I thank you for so politely pointing out the obvious, and apologize for such a lame question. I swear I read that file... thanks for helping out. Dave On Wed, Jul 09, 2003 at 09:14:31AM +1000 or thereabouts, Brad Lay wrote: > On Tue, 8 Jul 2003, David Wilk wrote: > > > I have another mysql question for ya. I remember setting up mysqld in > > slink and it was a breeze to get it listening on the network. > > > > I figured the mysqld in woody would be just as easy. Unfortunately, a > > netstat -a shows no sign of mysqld (even tho I verified it's running) > > and I can't for the life of me figure out where the config is to enable > > this. All the docs indicate how to *disable* the network daemon, not > > enable. > > > > Is the woody default to *not* listen on the network? Is there a way to > > change this (has to be...) > > > > thanks for any ideas you may have. > > look in your /etc/mysql/my.cnf file for the line > > 'skip-networking', and comment it. > > restart mysql and you should be cooking. > > Regards, > > Brad Lay ( brad /at/ coombabah.net ) > > P) (07) 55 311177 > W) http://coombabah.net/ > > "I used to be indecisive, now I'm not so sure." -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: bdflush or others affecting disk cache
I'm going to have to disagree with the above poster. This VM behavior is not ideal and is really counter-productive. 2.4.x saw lot's of VM work to improve performance over broad ranges of work-load. The problems occur when changes are made for corner-cases and some more mainstream workloads suffer. anyway, not to belabor the point here, but 2.4 has seen almost constant improvement in VM (and scheduler as well). I didn't see performance improve to acceptable levels until about 2.4.23/24. You will want to upgrade your kernel to the latest (2.4.26 as I write this) and you should see a vast improvement in VM behavior. on your question of running w/o swap space I will answer: NOT ON YOUR LIFE! you should *never* run any kind of server w/o swap unless you don't mind processes randomly dying because OOM killer decides they should go for the sake of the system... so, for the sake of your sanity (and the security of your system) upgrade to 2.4.26 and re-enable swap! good luck, Dave On Mon, Apr 19, 2004 at 08:27:35PM +0800 or thereabouts, Jason Lim wrote: > Followup: interesting results. > > I've now tried removing the swap altogther (swapoff) and the server > appears to be running much smoother and faster. > > Here is the new top info: > > 212 processes: 210 sleeping, 2 running, 0 zombie, 0 stopped > CPU states: 8.4% user, 32.2% system, 0.9% nice, 58.2% idle > Mem: 1027212K av, 1015440K used, 11772K free, 0K shrd, 186196K > buff > Swap: 0K av, 0K used, 0K free 370588K > cached > > by the way, most of the processes are httpd and mysql (this is a hosting > server). > > I'm somewhat concerned about having no swap though... any side-effects of > running with no swap? As expected, most of the swapped data reverted to > RAM by reducing the cache size (by approximately the amount that was used > by swap). > > Hope someone can shed some light on this. I'm looking at the results, but > can't understand why it is swapping so aggressively... to the point that > it is running itself out of RAM for active programs to increase cache > size. > > Jas > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: > Sent: Monday, 19 April, 2004 7:31 AM > Subject: bdflush or others affecting disk cache > > > > Hi all, > > > > I've been banging my head on this one for a while now on a 2.4.20 > system. > > Here is the output of top: > > > > Mem: 1027212K av, 1018600K used,8612K free, 0K shrd, 70728K > > buff > > Swap: 2097136K av, 35556K used, 2061580K free 690140K > > cached > > > > > > and the output of free: > > > > total used free sharedbuffers > cached > > Mem: 10272121016256 10956 0 71528 > 683956 > > -/+ buffers/cache: 260772 766440 > > Swap: 2097136 346922062444 > > > > > > The problem is that swap usage can grow to 100Mb... yet the buffers and > > cache remain at astoundingly high levels. > > > > I can actually see memory to cache and buffers increasing and at the > same > > time see it increasing swap usage! > > > > What I don't get is why the system... with about 700Mb in cache and 70Mb > > in buffers, is using swap space at all. > > > > I've searched high and low on Google... using phrases like "linux kernel > > proc cache", buffers, bdflush, etc. but I still can't explain this. > > > > Wouldn't it be far, FAR faster for the system to reduce the cache by > about > > 100Mb or so instead of swapping that 100Mb to disk? And note that the > swap > > usage is constantly fluctuating, so you can see the performance problem > > this is causing. Any ideas?! > > > > Thanks in advance. > > > > Jas > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
new suid-perl debian security update breaks qmail-scanner!
Howdy, I noticed that qmail-scanner-queue refuses to run after the last debian perl update. I tried to install the latest qmail-scanner, but unfortunately the ./configure fails reporting: Testing suid nature of /usr/bin/suidperl... Whoa - broken perl install found. Cannot even run a simple script setuid Installation of Qmail-Scanner FAILED Error was: suidperl needs fd script I verified that suidperl is indeed suid root. Not sure what's going on. anyone have any ideas? thanks, Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: new suid-perl debian security update breaks qmail-scanner!
I did just this (except the 'SUIDPERL="${SUIDPERL:-$dir/perl}"' line was
on line 500) and now it's working perfectly. thanks for the post! you
really saved my day.
thanks,
Dave
On Mon, Apr 19, 2004 at 08:08:36PM +0200 or thereabouts, Debian wrote:
> El lun, 19-04-2004 a las 19:58, David Wilk escribi?:
> > Howdy,
> >
> > I noticed that qmail-scanner-queue refuses to run after the last debian
> > perl update. I tried to install the latest qmail-scanner, but
> > unfortunately the ./configure fails reporting:
> >
> >
> > Testing suid nature of /usr/bin/suidperl...
> > Whoa - broken perl install found.
> > Cannot even run a simple script setuid
> >
> > Installation of Qmail-Scanner FAILED
> >
> > Error was:
> > suidperl needs fd script
> >
> >
> > I verified that suidperl is indeed suid root. Not sure what's going on.
> > anyone have any ideas?
> >
> > thanks,
> > Dave
> > --
> > ***
> > David Wilk
> > System Administrator
> > Community Internet Access, Inc.
> [EMAIL PROTECTED]
>
> Hi all,
>
> this update fixes a security hole in suid-perl and now you cannot exec
> it directly from /usr/bin/suidperl, u must call it from perl executable.
> So to fix the problem with qmail-scanner u must edit the qmail-scanner's
> configure script and replace suidperl with perl in the line where the
> variable SUIDEPERL is defined (SUIDPERL="${SUIDPERL:-$dir/perl}").
> That's the line 650 in qmail-scanner-1.21st.
>
> This has fixed the problem for me.
>
> Greetings
>
> --
> Carlos Solano Lisa
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
***
David Wilk
System Administrator
Community Internet Access, Inc.
[EMAIL PROTECTED]
high performance, highly available web clusters
Howdy all, I am thinking about how to increase the capacity of a web cluster and was wondering if anyone out there had any experience with this type of thing. The cluster is comprised of a load-balancer, several web servers connected to a redundant pair of NFS servers and a redundant pair of MySQL servers. The current bottle-neck is, of course, the NFS servers. However, the entire thing needs an increase in capacity by several times. First of all, the web servers need a hardware upgrade and increase in total number. The expensive option would be to add a high-performance SAN which would do the trick for all of the servers that required high-performance shared storage. this would solve the NFS performance problems. However, for alot less money, one could simply do away with the file server entirely. Since this is static content, one could keep these files locally on the webservers and push the content out from a central server via rsync. I figure a pair of redundant internal web server 'staging servers' could be used for content update. Once tested, the update could be pushed to the production servers with a script using rsync and ssh. Each server, would of course, require fast and redundant disk subsystems. I think the lowest cost option is to increase the number of image servers, beef up the NFS servers and MySQL servers and add to the number of web servers in the cluster. This doesn't really solve the design problem, though. What have you guys done with web clusters? thanks! Dave -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: high performance, highly available web clusters
On Thu, May 20, 2004 at 08:43:35AM -0400 or thereabouts, John Keimel wrote: > Personally, I can't see the sense in replacing a set of NFS servers with > individual disks. While you might save money going with local disks in > the short run your maintenance costs (moreso the time cost than dollar > cost) would increase accordingly. Just dealing with lots of extra moving > parts puts a shiver down my spine. Each webserver will need local storage for the system anyway. I would make that local storage large enough for the static content that is normally held on the NFS server. Worried about disks failing? That happens, and if a server drops out of the cluster, we just put it back after repairs. The cluster offers a level of redundancy that makes a single failure hardly noticeable. The problem with NFS is that it simply was not designed to handle the number of FS operations (90-150/s now and we want 10X that) that web serving can demand. You suggest a RAM disk, and yet find the NFS server adequate as well??? > > I'm not sure how your 'static content' fits in with your mentioning > multiple MySQL servers, that seems dynamic to me - or at least, ability > for much dynamic content. Static content is stored on the NFS server, dynamic content is stored on the Mysql servers. The vast majority of content are image files. > > If you ARE serving up a lot of static content, I might recommend a > situation that's similar to a project I worked on for a $FAMOUSAUTHOR > where we designed multiple web servers behind a pair of L4 switches. The > pair of switches (pair for redundancy) load balanced for us and we ran > THTTPD on the servers. There were a few links to offsite content, where > content hosting providers (cannot remember the first, but they later > went with Akamai) offered up the larger file people came to download. > Over the millions of hits we got, it survived quite nicely. We ran out > of bandwidth (50Mb/s) before the servers even blinked. that's awesome. Sounds like you got that one nailed. > > Perhaps if it IS static you might also consider loading your content > into a RAMdisk, which would provide probably the fastest access time. I > might consider such a thing these days with the dirt cheap pricing of > RAM. Actually, I figure a large bank of RAM (say, 4GB) will allow linux to allocate enough ram to the disk cache that the most commonly used files will be read right from RAM. Does this seem reasonable? > > I think some kind of common disk (NFS, whatever, on RAID) is your > best solution. why does it have to be common disk? why not local that is periodically updated? the increase in latency by using NFS (or SMB, whatever) and the overhead of all the FS operations is just killer. Besides, when you aggregate all your storage to a single fileserver, you provide yourself a single point of failure. Even with a dual redundant NFS setup, you still have only one level of redundancy. With a 10 server web cluster I could lose half my servers and still serve plenty of content. > > HTH > > j > -- > > == > + It's simply not | John Keimel+ > + RFC1149 compliant!| [EMAIL PROTECTED]+ > + | http://www.keimel.com + > == > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
Re: high performance, highly available web clusters
On Fri, May 21, 2004 at 01:23:52AM +1000 or thereabouts, Russell Coker wrote: > On Thu, 20 May 2004 15:48, David Wilk <[EMAIL PROTECTED]> wrote: > > The cluster is comprised of a load-balancer, several web servers > > connected to a redundant pair of NFS servers and a redundant pair of > > MySQL servers. The current bottle-neck is, of course, the NFS servers. > > However, the entire thing needs an increase in capacity by several > > times. > > The first thing I would do in such a situation is remove the redundant NFS > servers. I have found the NFS client code in Linux to be quite fragile and > wouldn't be surprised if a cluster fail-over killed all the NFS clients (a > problem I often had in Solaris 2.6). In this case the webservers (NFS client) and NFS servers are FreeBSD. I believe FreeBSD's NFS is a bit more reliable than with Linux. However, for pure performance (and scalability) reasons, the NFS has got to go. Local disks can be used for content that doesn't need to change in real time. that's what the Mysql servers are for. Now, here's the other question. Now that the web cluster can scale the static content ad infinitum, what about the dynamic content? What can be done with Mysql to load balance? currently they do what everyone does with two stand-alone Mysql servers that are updated simulataneously with the client writing to both. The client can then read from the backup Mysql server if the primary fails. I could just build two massive stand-alones, but a cluster would be more scalable. > > > However, for alot less money, one could simply do away with the file > > server entirely. Since this is static content, one could keep these > > files locally on the webservers and push the content out from a central > > server via rsync. I figure a pair of redundant internal web server > > 'staging servers' could be used for content update. Once tested, the > > update could be pushed to the production servers with a script using > > rsync and ssh. Each server, would of course, require fast and redundant > > disk subsystems. > > Yes, that's a good option. I designed something similar for an ISP I used to > work for, never got around to implementing it though. My idea was to have a > cron job watch the FTP logs to launch rsync. That way rsync would only try > to copy the files that were most recently updated. There would be a daily > rsync cron job to cover for any problems in launching rsync from ftpd. > > With local disks you get much more bandwidth (even a Gig-E link can't compare > with a local disk), better reliability, and you can use the kernel-httpd if > you need even better performance for static content. Finally such a design > allows you to have a virtually unlimited number of web servers. Agreed. I think the last comment on scalability is key. I hadn't thought of that. Removing the common storage makes adding more webservers as easy as dropping in more boxes to the cluster and updating the load-balancer. Adding mores storage is not a chore either. Servers can be removed one at a time for disk upgrades. or, simply add new ones and retire the old ones, add more drives to the RAID... etc. thanks for the advice! Dave > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page -- *** David Wilk System Administrator Community Internet Access, Inc. [EMAIL PROTECTED]
