The geoip iptables extension allows you to filter, nat or mangle packets based on the country’s source or destination. This does exactly what the geoip apache module does, or the regular geoip binary, but at the iptables level. I would not go into the details why you would want to use that, but there are many ‘positive’ ways it can be useful… For example myself I use it in a project where we want to serve customized content for different countries. Since this is a high traffic site running on many web servers behind a loadbalanced setup, we prefer to split this at the loadbalancer level and not at apache level, to simplify our setup. We serve customized content to the US based visitors, while for the other countries we serve another international site.

Now this has been working fine for a long time now, using the original geoip module and patch-o-matic-ng method of installation (similar to what is very well described here). Still, this is unmaintained, and starting with kernel 2.6.22 it is no longer working. There is a patch that will make it work with a newer kernel, but if you run iptables 1.4.x this will again fail and even if there are some manual walkarounds this is still not the best solution.

The solution is called Xtables-addons. Xtables-addons is the successor to patch-o-matic-ng. Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that you do not have to patch or recompile the kernel, sometimes recompiling iptables is also not needed.
The latest version 1.12 supports: iptables >= 1.4.1 and kernel-source >= 2.6.17.

Read the rest of this entry »

Even though at some point it looked like debian lenny will not have full xen support (for the 2.6.26 amd64 kernel) in the end this was fixed and lenny supports fully Xen ever on amd64. Upgrading from 2.6.18 to 2.6.26 is very straightforward (though we were using xen-hypervisor 3.2-1 already) and the only problem noticed was that the console on the domU machines was no longer working: it was showing the output correctly, but you could not enter anything on the console.

This is caused by the ‘new Xen console’ (xen now uses hvc0 for its console) and to fix it you have to add to your virtual machine xen configuration file one line: extra = “console=hvc0 xencons=tty”, restart the vm and it should be fine. In /etc/xen/<myvm>.cfg add this line:
extra = "console=hvc0 xencons=tty"

Read the rest of this entry »

Here is a quick tip that will show how you can get a small sample dataset from a mysql database using mysqldump. We frequently need to get a small snapshot from a very big production database to import it into a development or staging database that will not need all the original data; let’s say we need 1,000,000 records from all the tables in the database; we will just use the option –where=”true LIMIT X”, with X the number of records we want mysqldump to stop after.

Simply we will run something like (add whatever other options you need to mysqldump):

mysqldump --opt --where="true LIMIT 1000000" mydb > mydb1M.sql
Read the rest of this entry »

Amazon just announced “reserved instances”, guaranteeing uptime and a price reduction if customers commit to Amazon’s cloud solution for a year or more.

“We’ve learned that some of our customers have needs which aren’t addressed by the spot pricing model. For example, some of them were looking for even lower prices, and were willing to make a commitment ahead of time in order to achieve this. Also, quite a few customers actually told us something even more interesting: they were interested in using EC2 but needed to make sure that we would have a substantial number of instances available to them at any time in order for them to use EC2 in a DR (Disaster Recovery) scenario. In a scenario like this, you can’t simply hope that your facility has sufficient capacity to accommodate your spot needs; you need to secure a firm resource commitment ahead of time.”

Read the rest of this entry »

The InnoDB Team just released the InnoDB Plugin version 1.0.3. From their announcement here are the main points of this release:

• Enhanced scalability: the Google SMP enhancement for synchronization
• More efficient memory allocation: ability to use platform allocator tuned for multi-core systems
• Improved out-of-the-box scalability: unlimited concurrent thread execution by default
• Dynamic tuning: at run-time, enable or disable insert buffering and adaptive hash indexing

wow… now this is indeed some great news for innodb users… I am writting this, and still I can’t believe that they’ve included the Google SMP patch in their official release. I can only assume that alternative projects as XtraDB, Drizzle, Percona patches, Google patches, etc. made Oracle to look back and try to do something with innodb besides the regular bug fixes. Even if we already use several of the great ‘unofficial alternatives’ this is good news for everyone.
Way to go Oracle! and looking forward for future performance improvements in the official innodb plugin; including existing patches that are out there already for sometime is a good start, but internal improvements from the innodb team would be also great .

Here are some performance results based on their own tests:
http://www.innodb.com/innodb_plugin/plugin-performance/

I just finished the migration of my trac installation to redmine. The redmine migrate_from_trac documentation helped a lot, but there were some issues that didn’t work quite as described; this post will describe the correct steps I had to follow in order to import my old trac data (tickets, wiki pages, etc) in redmine.

1. Use Redmine 0.8.x stable

I lost some time with the current trunk version (r2571) until I realized that the importer is broken in trunk. Use the latest stable 0.8.x version, and if you want to use trunk, upgrade to it after you have the trac data inside redmine. While using trunk all was working fine (no error or anything strange), just the wiki pages were not imported in the redmine project. Anyway, I will assume you have a working clean installation of redmine 0.8.x before we will move on. Read the rest of this entry »

“Benjamin Franklin: scientist, scholar, statesman, and . . . systems administrator? Yes, 200 years or so before the birth of UNIX®, Franklin scribed sage advice to keep systems humming. Here are 10 of Franklin’s more notable tips. “

Check out the full article: “10 tips for sensible systems administration“

In my previous post, I introduced iotop a very cool tool that displays a table of current I/O usage by processes on the system; just as useful as top, but for I/O monitoring. Unfortunately, iotop requires Python >= 2.5 and a Linux kernel >= 2.6.20 to work, and even if the installation is very simple as presented in my last post, getting it to run on older distributions might not be so easy. This post will show how you can run iotop on debian etch, describing how we can solve the dependencies and make iotop run just fine on etch.
Read the rest of this entry »

Yesterday, Guru.com launched their skill tests feature in partnership with ExpertRating:
“Skill Tests prove to Employers that you have the exact talent they’re looking for and that you are up-to-date in your area of expertise. When you receive 60% or above on a test, you can post it to the Skills section of your profile, and it will appear with an ExpertRating Certified Professional icon.”

Each test will cost ‘only’ $4.95 (and apparently this is the ‘discounted rate’)

This is rather late is you ask me as Elance had this for a long time now, and for free! Instead of trying to get more money Guru should have launched this as a free service, as I am not sure who would want to pay for this… I would have liked to see an external service like BrainBench (or even ExpertRating) integration with all these freelaning sites so you don’t have to take tests for each site individually.

Here is an interesting interview with Steve McIntyre, the current leader @ debian.org where he talks about his work as the DPL and Debian future in general. By the way, Steve is standing for re-election this year… we will see how this turns out after this year vote…

http://www.h-online.com/open/Interview-Steve-McIntyre-of-Debian–/features/112783