Fixing php in Ubuntu

Running php scripts on apache in your Ubuntu desktop won’t be sweat at first. You might notice that php scripts start downloading when you start accessing them via browser. This is mainly because of small configuration issues that we can find on machine. If you have enabled userdir module (http://localhost/~yourusername), it contains a line to disable php values as follows in /etc/apache2/mods-enabled/php5.conf :

php_admin_value engine Off

All that you have to do is to disable the above line and restart apache to get php working.

Limit tomcat heap memory usage on cPanel Server

To limit tomcat heap memory usage we normally change the environment variables in tomcat startup scripts. cPanel allows us to take care of this by creating and adding min and max values to a file called  /var/cpanel/tomcat.options (File won’t exist by default).

-Xmx200M
-Xms100M

the “-Xms” initial Java heap size for the application to 100MB, and the “-Xmx” maximum Java heap size to 200MB. If the – is not placed in front of the option when putting the values into /var/cpanel/tomcat.options file that is created, then Tomcat will refuse to startup properly.

This method would be preferred over directly editing /usr/sbin/starttomcat. The /var/cpanel/tomcat.options file would not be edited by cPanel scripts or upon updates.

Fix: fixquota fails with journaled quota support: not available with vzaquota (disabled)

If you’re running cPanel server on a OpenVZ hardware node, you might face issues with quota for few reasons:

1. Secondary quota might not have been enabled on hardware node.

You can verify by checking for “DISK_QUOTA=yes” in /etc/vz/conf/vz.conf

Also, QUOTAUGIDLIMIT needs to be set for the VPS in  /etc/sysconfig/vz-scripts/CT_ID.conf (PS: CT_ID is the container id of the VPS)

2. You should have initialized the quota via WHM.

If you continue to face problem even after applying both fixes, re-initializing quota might help as per http://wiki.openvz.org/Cpanel_quotas  Here is the excerpt:

WHM/Cpanel, a popular commercial web-based control panel for Linux, has a tendency to overwrite the special quota files in the VE context. I am referring to:

lrwxr-xr-x 1 root root 39 Jun 8 17:27 aquota.group -> /proc/vz/vzaquota/00000073/aquota.group
lrwxr-xr-x 1 root root 38 Jun 8 17:27 aquota.user -> /proc/vz/vzaquota/00000073/aquota.user

The result of these being overwritten will be WHM showing “unlimited” quota reports for all users in the system. An quick solution to this is to run these commands from within the VE as root:

rm -rf /aquota.user 2>/dev/null
rm -rf /aquota.group 2>/dev/null
unlink /aquota.user 2>/dev/null
unlink /aquota.group 2>/dev/null
for x in `find /proc/vz/vzaquota/ | tail -2 `; do ln -s $x / ; done

journled quota support warning didn’t get resolved even after this. Yet to check for the core reason for the same.

Loging Varnish client IP in Apache logs

When you have a varnish server infront of your Apache server, you will be reverse proxying the requests. This will mark your varnish’s servers ip as the client in apache logs. To let apache know the real client’s ip we can user mod_rpaf module needs to be loaded. Use the following steps to install mod_rpaf module on your apache server.

wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar xvfz mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
sed -ie ‘s/apxs2/apxs/’ Makefile
make rpaf-2.0
make install-2.0

Once the installation is done, we need to add the following configuration apache configuration file to enable the module.

LoadModule rpaf_module modules/mod_rpaf-2.0.so


RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For

RPAFproxy_ips can be multiple IP address and it’s IP from your reverse proxy.

RPAFproxy_ips 127.0.0.1 xxx.xxx.xxx.xxx

Replace xxx.xxx.xxx.xxx with your varnish servers ips.

Add the following LogFormat to apache configuration file (httpd.conf)

LogFormat “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” varnishcombined

In the VirtualHost entry of your domain use varnishcombined as logformat for access logs.

In varnish (3.0.x) default.vlc file under vlc_recv{} add following lines:

if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + “, ” + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}

restart apache and httpd to finish with.

You should now start seeing the actual client’s ip in apache logs as well.

Source: varnish, stackoverflow, bxtra.net etc

Nagios plugin to check DELL OpenManage (OMSA)

Those who doesn’t like configuring a long list of alert mechanism of on servers, here comes a savior – check_openmanage Nagios plugin. Making life easier.

More info on this plugin:
check_ checks the hardware health of Dell servers running Server Administrator (OMSA). The plugin can be used remotely with SNMP or locally with NRPE, check_by_ssh or similar, whichever suits your needs and particular taste. The plugin checks the health of the storage subsystem, power supplies, memory modules, temperature probes etc., and gives an alert if any of the components are faulty or operate outside normal parameters.

Here are some of its results:

dell-server01 ~$
OK – System: ‘PowerEdge R710′, SN: ‘XXXXXXX’, 72 GB ram (18 dimms), 1 logical drives, 2 physical drives

nagios-server ~$ check_openmanage -H dell-server02
Physical Disk 1:3 [Seagate ST3300007LC, 300GB] on ctrl 0 needs attention: Failure Predicted

It’s neat output and nagios ability to keep us alerted about server issues via email, sound alert through nagios plugins etc makes it feel good to keep a healthier RAID array running on servers.

Tags: , , ,

Adaptec RAID Monitoring via Nagios

Monitoring servers with RAID controllers is made easy through and other monitoring systems. Today its quite easy to get an app installed on your mobile and configure it to display critical errors from to quickly act on. When you’re an in-charge of Infrastructure, monitoring RAID becomes very very critical.  While digging around simple ways to monitor cards, a tiny little piece of script found on exchange –
check-aacraid.py by Anchor Systems.

This script works with the Storage Manager – arcconf installed to manage RAID Cards.

Here is an excerpt from Nagios Exchange on check-aacraid script configuration for your quick reference :-

Check the health of an Adaptec raid controller using /usr/StorMan/arcconf Checks the following: Logical device status, Controller status, Failed & Degraded drives. If the battery is present: Charging status, Est of charge time left, Charge left %. And removes the log file “UcliEvt.log” that is dropped into the CWD when /usr/StorMan/arcconf is run.
Check the health of an Adaptec raid controller using /usr/StorMan/arcconf

Checks the following:
Logical device status
Controller status
Failed & Degraded drives

If battery present:
Charging status
Est of charge time left
Charge left %

And removes the log file “UcliEvt.log” that is dropped into the CWD when /usr/StorMan/arcconf is run.

Add this to your “/etc/sudoers” file using visudo
"nagios ALL=(root) NOPASSWD: /usr/StorMan/arcconf GETCONFIG 1 *"

## On RHEL & possibly others ##
Disable “Defaults requiretty” in /etc/sudoers otherwise the command will not run via NRPE.

Add this to your checkcommands.cfg

define command {
command_name check_aacraid
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_aacraid
}

Add this to your servicedefs.cfg

define service {
use low-service-level
name aacraid-service
service_description aacraid
check_command check_aacraid
register 0
notification_interval 3600
}

Add the service

define service {
use aacraid-service
host_name host-with-crap-adaptec-crud
contact_groups upset-admin
}

And on the host you will be checking add this to nrpe.cfg
command[check_aacraid]=/usr/local/sbin/check-aacraid.py

Tags: , , ,

Fix:Unable to ping veth device on proxmox

Virtual Ethernet devices of the OpenVZ VM’s inside ProxMox is connected to a bridge. After installing ProxMox and creating virtual nodes, I found that public ips allocated inside VM’s were not reachable to world.

A quick fix for this issue is to ensure that Proxy ARP and IP Forwarding is configured fine.

Check these lines:

# ifconfig vzbr0 0
# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding
# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp

You can read more information about OpenVZ Virtual Ethernet devices in bridge mode configuration check this link.