One month after RedHat released Red Hat Enterprise Linux 5.2 (20080521), the CentOS team released yesterday their own 5.2 update for CentOS-5. There are available new iso images for the i386 and x86_64 architectures, while PowerPC, IA64 and Sparc are planned and will be released soon. CentOS-5.2 is based on the upstream release EL 5.2.0, and includes packages from all variants including Server and Client. All upstream repositories have been combined into one, to make it easier for end users to work with.

Besides the changes introduced by rhel5.2 you can find the centos particularities here.

Updating from CentOS-5.0 and 5.1:

Systems running CentOS-5 (either 5.0 or 5.1) will notice the update in the yum/up2date repositories and can be upgraded immediately by running:
yum upgrade

Read the rest of this entry »

LVS has a simple IP based persistence built-in that can be used to keep the users on the same real servers for a configurable amount of time. This has been explained in my previous post, and it works fine, but in real life users will come from various dynamic connections or even using some ISP proxy servers to browse the internet. For such situations LVS supports the configurable netmask for persistence, allowing us to increase the network mask used in the persistence match (normally we will use /24 for this) sending a bigger range of ips to the same server. This approach works fine for most cases where users will have the same class C ips allocated or the isp proxies will be on the same network range. Unfortunately this doesn’t work for AOL, because the AOL clients will always be proxied by the huge AOL proxy cluster that will send each request from a different real ip. These IPs are not even from the same range and tend to be completely different. This post will show how we can keep these AOL users on the same real server in a LVS-DR setup.

Normally if this would have been a small ISP I am sure people would have ignored their users and the users would have complained back to the ISP that they can’t reach some big sites, and in the end the ISP would have found a friendlier solution for this. Since this is AOL and they have a huge base of clients, we can’t really ignore them and we have to find a solution ourselves.

Read the rest of this entry »

PPTP is known to be less secure than other VPN software, but if you need a quick solution for a VPN server that will connect out of the box from Windows workstations PPTP is the obvious choice. This post will show how easy it is to setup a pptp vnp server on Debian Etch.

A while ago setting up a pptp server was not so simple. It involved patching the kernel and the ppp daemon. These days in Debian Etch everything comes out of the box and we just have to install the pptpd server and configure it based on our needs. First let’s install pptpd:
aptitude install pptpd
(this will install also some dependencies: bcrelay and ppp). The default pptpd configuration file is installed under /etc/pptpd.conf ; you can change any of the available options (samples are included in the configuration file as comments), but really the only thing that needs to be configured is the ip of the local server used by pptpd as the local gateway for the remote hosts and the remote users assigned ips: Read the rest of this entry »

The wait is over! Today is the day when you can download the latest and greatest web browser, Firefox3, and help set the record for most software downloads in 24 hours .

The “Download Day” starts today at 6PM GMT!

LVS has a built-in simple IP based persistence mechanism that can be used to keep users on the same real servers for a configurable amount of time. If your web application requires that each user request to be processed by the same real server then you will probably want to enable this mechanism and ensure that requests coming from the same IP will be directed to the same real server. This article will show how you can achieve this by using regular ipvsadm commands but also by using ldirectord configurations.

IPVS is an advanced IP based load balancing application implemented inside the linux kernel. Working at IP level LVS can’t make a decisions based on the content of the packet. Still, it can perform a basic IP affinity, by keeping all connections from the same source IP directed to the same real server for a configurable amount of time. This is achieved with the -p ipvsadm command parameter and takes as a parameter the time in seconds to keep the connections in the persistence table. Read the rest of this entry »

Debian GNU/Linux has published a new release update outlining the current status and upcoming goals of the project before the expected September release of version 5.0 “Lenny”.

Among the more interesting release goals:

• GCC 4.3 as the default compiler on all architectures
• Switch /bin/sh to dash
• Prepare init.d-Scripts for dependency-based init systems
• Support for python2.5
• Transition to Perl 5.10

Read the rest of this entry »

Whatever web log analyzer you would use, at one time or the other you will end up with one problem: how to deal with weblogs rotation, to not have a gap in your statistics? This has various solutions starting with running the weblog analyzer at the prerotate step of logrotate, or maybe using some manual script.
This post will show how you can rotate the apache logs using awstats right after it has processed the logs. This can be beneficial for situations where you have quite big logs and using this method will keep them small all the time, and also where restarting apache just for logrotating is not such a good idea. Obviously for this to make sense, you need to be already using awstats for your log processing .

Read the rest of this entry »

If you are using CPanel 11 (the latest version available at this time) you can easily install ruby on your system using CPanel. Previously, you had to do this using operating system packages or manually from sources. Now, we can just run /scripts/installruby and this will do everything for us:

• download, compile and install ruby
• download and install RubyGems and some gems like rails and mongrel

Read the rest of this entry »

EV1Servers, now part of ThePlanet after last year merger, experienced Saturday afternoon a major downtime on their Huston H1 datacenter: electrical gear shorted, creating an explosion and fire that knocked down three walls surrounding their electrical equipment room. No one was injured and apparently no server damaged or lost. Still they were not allowed to bring up their backup power equipment resulting in (all the datacenter servers being down of course):

• approximately 9,000 servers and 7,500 clients were affected
• their own management servers, EV1Severs domain management, and SSL management; also their client management and communication tool ServerCommand was in the same situation;
• ev1servers.net nameservers and the H1 resolvers: 207.218.192.38 and 207.218.192.39 were down also (affecting other clients that might had those configured). Also the ones with the domain hosted on ev1 infrastructure, even if they had their server up were not functional because of dns problems.

At this time about 90% of the servers are up, but they are still working to bring up the rest.

So far, The Planet has been managing the situation as a whole quite well, by addressing the issues in a transparent and also timely manner. ThePlanet/Ev1 support team published updates during this period on their status page and also on their forum; also phone greetings recordings reported the status of the problem.

“Akismet has caught 202,526 spam for you since you first installed it…”

Wow… I can’t imagine how my blog commenting would have looked without Akismet. This has saved me from a lot of troubles and as you can see it just went over 200k. It is just unbelievable to see how much commenting spam is going on and I can’t imagine anyone having their blog ‘open’ and manually verifying all the comments.

Akismet has it’s problems, and from time to time I see it timing out and spam going through, but since I don’t get 15,000 spams / day like the big boys, this is not a huge problem.

A few days ago Six Apart launched a new free open source product called TypePad AntiSpam. It’s free (Akismet costs for a commercial license), it has a plugin for WordPress 2.5, it’s open source, and it’s compatible with Akismet (so you can even run them together). I will definitely test this out and if all is ok, start using it on this blog.