A good friend of mine recently voiced the opinion that the day will soon be upon us when the traditional SysAdmin will no longer be relevant and all operations activities will be some variety of DevOps. Now, I’ve been managing my own infrastructure for some years but every package has been manually installed with every configuration file modified by hand, resulting in snowflake servers which are nigh-on impossible to recreate exactly and have occasionally caused me a lack of sleep.
Filed in "tech"
Just a quick reminder to myself on how I installed RMagick on a Debian 5.0.4 “lenny” VPS. All commands to be run as root. Build ImageMagick from source curl -O ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz tar xvzf ImageMagick.tar.gz -C /usr/src/ cd /usr/src/ImageMagick-6.6.6-6/ ./configure make make install Install the RMagick Gem gem install rmagick Bingo! As an interesting aside, ImageMagick handles a lot of image formats via delegate libraries. I previously installed RMagick on a CentOS box and had to separately install TrueType fonts which were necessary for the project in question.
Occassionally I find myself developing a WordPress theme which will then require moving from development into production or otherwise having to move a blog between domains. Apart from the transfer of the files, including plugins, theme and core WordPress installation, there is only 1 slightly gotcha: the database. I’ve never been quite sure why but WordPress stores the URL of the blog in it’s database, not once, but twice. For the blog to be migrated the database needs a slight tweak.
Prevent a disaster After reading Jeff Atwood’s backup failure last month I decided to finally get around to doing something I’d been intending to do “one of these days” but had in actual fact been putting off for years. Here’s the steps I took to ensure the databases on my webserver were backed up every night and copies of the dumps stored remotely. On the remote storage machine Generate an ssh key pair with and empty password and put the public key on the remote server.
I’ve just shutdown the beige box that was home to this blog for just over a year and a half until I started renting a VPS. I had intended to shutdown this machine since the start of the year but never got around to it and after a techie chat on IM with Dave Dripps earlier in the day decided to just “pull the finger out” and do the needful.
I’ve just released the latest iteration of my “professional” site, stevenwilkin.com. There’s the possibility the designers I’m working with will think my design-fu is weak, but the site badly needed something as it has been barely put to use in the years I’ve owned it. I don’t know how the Steven Wilkin web experience will evolve but the words of Eric S. Raymond are ringing true when he mentions not hiding behind a hacker-style alias so I may put more emphasis on this domain in the future.
The last time a new version was released I decided to update my WordPress installation with Subversion with the idea being that this would make future updates easier. Well, the good news is that this technique works :) All it took was 3 simple steps: $ cd /var/www/sickbiscuit.com/blog $ svn switch http://svn.automattic.com/wordpress/tags/2.5/ . launch wp-admin/upgrade.php via web-browser To be safe I backed up the database prior to the update and so far everything seems good, job’s a good ‘un!
I read a few months back that Stuart Langridge was using Subversion to keep his WordPress up-to-date and I thought: “that’s clever” and didn’t do anything about it. Today I was talking to Matt and he mentioned updating one of his WordPress installations and I noticed I was due an update myself. I downloaded the latest release and was having a quick skim through the upgrade procedure to make sure I wasn’t forgetting about anything and I spotted a link to the Subversion update instructions… I’m off work sick today and have the time so I decided to give it a go.
I’ve just finished migrating sickbiscuit.com from my home development machine to my new VPS. DNS records have been updated and decaf is now handling mail and web traffic for the domain allow the only thing I’ve copied over is this blog. Hopefully this will give me the motivation needed to spruce things up a bit as the last iteration of sickbiscuit.com looked like it was designed by a programmer ;)
Last month I decided to invest in a VPS from VPSLink. I had been considering this for a while, especially after my experience using an Ubuntu VPS with Infurious and after 2 power failures within as many weeks due to building work nearby to my home, my hand was forced. No more hosting on a Linux box on the end of a DSL connection for me! I opted for a XEN based VPS running Debian Etch.
For nearly a week now I have been exclusively using an Eee PC. I promised an action shot and here it is: Using this device I have went about all my regular activities, even a bit of web development. The biggest hindrance I’ve found has been using a screen resolution lower than what I’m accustomed to and I’m not too keen on the button strip below the trackpad but I have gotten used to the keyboard to an extent though would certainly benefit from smaller hands ;)
After a lot of frustration, reading of documentation and even giving up completely on certain paths of action I finally got Jabber up and running. The “Jabber burnout” as Adian called it was terrible and only now do I feel de-stressed enough to write about it. I initially setup an installation of jabberd2 as I have had previous experience with it and was comfortable with it’s administration. I got it working without difficulty and could connect to it via a standalone client but ended up abandoning it when I tried to get a web interface working with it.
As I previously mentioned, my current task as Infurious system admin is providing the team with a bug/task tracking system, namely Trac. My initial thought was: “our server runs Ubuntu, this should be easy…” I could get Trac running via tracd and I could see that mod_python was working via mod_python.testhandler but the two didn’t seem to want to play together. Last night, after much frustration, I just gave up and configured Trac to run as a CGI application.
It’s been a busy week. The lads and myself have been quite industrious, making plans and Getting Things Done. I’ve taken on responsibility of taking care of the Linux side of things and last night finished setting up an SSL enhanced, WebDAV accessible Subversion repository, for which Aidan has written an introductory guide. My current task is getting Trac installed and I’m quite enjoying being up to my elbows in command line goodness.
I got speaking to Matt this morning when I arrived in the office and he demonstrated to me the wealth of information provided by Google Analytics. It was really interesting stuff and I could see why he was so excited about it. I recently upgraded to Apache 2.2 on my development machine, substance, to “easily" get TLS working so I could use AjaxTerm and I haven’t had the time yet to play about getting awstats up and running again.
I finally got sick of not being able to use SQL subqueries and decided to upgrade my MySQL installation from 4.0.x to 5.0.x. I had wanted to do this previously but was afraid I’d end up breaking something and be left without a working development environment or a website either, for that matter, so I resorted to complicating my custom queries in CakePHP with JOIN statements :( I couldn’t find a 5.
Not 2 days after mentioning my initial impressions of EuroFeeds usenet service I get an email notifying me that they have upgraded retention on binary newsgroups to 60 days, with a planned upgrade to 85 days over the summer, as well as doubling the number of simultaneous connections on unlimited accounts from 4 to 8. Nice. I’m looking forward to testing this out :) Update: Ninan is now maxing out at 1.
My annual subscription to NewsHosting expired recently and as I had a huge backlog of media to get through I put up with the lack of new stuff for a while. I managed to leech a couple of releases from my ISPs servers but was unable to obtain a few others which piqued my interest, so I endeavered to remedy the situation. A credit card is not something I currently have access to, so I had no option but to go with a European based provider which would accept payment via Maestro.
Now that MacServ has been deployed keeping development and production copies of the code synchronised has become an issue. The app is still very much a work in progress, with daily requests for fixes & tweaks from the technicians using it and instead of keeping track of modified files and then manually updating them via scp, I decided to let laziness motivate me to utilise a less painful system. I spent a bit of time researching the use of rsync but decided that subversion would better suit my needs.
The latest stable of Ninan was released a few days ago and I’ve just gotten around to upgrading my installation of it. There wasn’t much to the upgrade process: I downloaded and untared the archive and I thought I’d play it smart and copy over my old ninanconfig.xml and it appeared to work, but gave up the ghost when it came to actually downloading something. I renamed the file, restarted Ninan, reentered all my details and preferences and I’m now happily downloading at 1.
Over the past week and a half I’ve been fine-tuning my Mac experience: getting used to the system in general, in particular the keyboard, and building up my arsenal of applications. I’m not a Unix wizard, but I do make a lot of use of the command-line so I’m enjoying the underlying BSD-goodness of OS X and multiple terminal sessions are a necessity: one to tunnel select local ports to my home slackware box via ssh, one to perform local operations and one to host a screen session on our development box.
Last week I found myself with the need to communicate with some people via AIM. I’d never bothered with that particular protocol before but being a Linux enthusiast I detected the opportunity for a bit of geekery… All my IM needs are taken care of by jabberd running on substance. I can communicate directly with the people I know who use Google Talk and I’ve the MSN transport running to keep in touch with a few folks using that network, so, instead of taking the easy route and switching to a multi-protocol client, I opted to install the AIM transport.
I’ve been having great fun with tunneling connections through SSH lately and today it dawned on me that I could close another hole in my firewall by connecting to my Jabber server via a tunnel. In the past, when I’ve been working remotely, I’ve made changes to my firewall by connecting to my public-facing machine; from there to my desktop machine through a DMZ-pinhole and once a presence has been established within the “green zone” browsing to the routers web-interface with lynx.
Over the past bunch of days I’ve been back into web-development land and seeing as I was staring at code for prolonged periods I decided I might as well “enhance" this site a bit too. I started with tweaking the frontpage: I rearranged things a bit and instead of displaying my latest blog entry in its entirety I now have excerpts from the previous 4 entries. I initially tried using the built-in the_excerpt() WordPress template tag to achieve this but I wasn’t too fussed with the result and after some brief searching I found a plugin called the-exceprt-reloaded which seems to do the job better.
I read a thread over on linuxquestions.org recently about server “hardening" and got thinking about my own security measures and the lack there of. Here’s an example of the content of /var/log/auth on the machine this site is hosted on: Jan 24 13:43:33 substance sshd: Invalid user test from 18.104.22.168 Jan 24 13:43:33 substance sshd: error: Could not get shadow information for NOUSER Jan 24 13:43:33 substance sshd: Failed password for invalid user test from 203.
A couple of weekends ago I decided to reconstruct the system I use for downloading from Usenet: I had been using a Debian machine which I had setup back when I was still trying to get into using Linux on my desktop and as such it was massively over-powered for the task at hand, namely, leeching files from binary newsgroups and making them available via a network share. What follows is a tidied up version of the notes I made as I went along.
I got into the office this morning and went through my usual routine; I’d put in a good workout and the weekend is fast approaching: life seemed good. I was logged on to my workstation, launched Outlook (I know, I know) and attempted to connect to substance via Jabber and SSH. My heart fell. That Slackware box has been online for nearly a year now and other than my own lack of technical ability, the only problem I’ve had was when I upgraded my version of OpenSSL and OpenSSH refused to restart.
I finally got around to doing something today that I had been meaning to do since I got Kubuntu installed on my home desktop, namely, setting up a virtual machine running Windows XP so I can perform DVD encoding/editing/authoring. I’m a relative novice when it comes to these techniques and I haven’t put enough effort into finding the equivalent native Linux applications, so it is a case of better the devil you know for the foreseeable future.
I’ve just installed Firefox 2 on my XP workstation at the office, a week after my colleague Kevin installed IE7. The installation went smoothly and my extensions copied across ok and eventually got updated, but the theme I had been using wasn’t compatible, a new version of it wasn’t found by the add-ons manager and I didn’t like the default, so the first thing I did was look through the available themes and one that caught my eye was Mostly Crystal as it uses the Crystal SVG icon set I’ve come to love.
I finally installed Kubuntu on my desktop machine at home at the weekend and I must say I am impressed so far. From my first experience with Red Hat 5.x in early 1999 (I’m guessing the version number from the date, I bought my first Linux book just before the exams of the first semester of my first year of Computer Science at QUB) I knew that *nix was real computing.
I was out and about with my sponsor on Saturday and we were walking up Stranmillis Ave and Friars Bush happened to be open for tours. My good friend Nicky K lives in one of the gate-keeper’s cottage, but in all my time living in Belfast I don’t think I’ve seen the place open to visitors and so I’d never been in it before. When I was a wee lad I used to live right next door to the graveyard of the local church so walking amongst the graves brought me back a bit.
I was reading a discussion on Lifehacker this morning about listening to music while studying, whcih mentioned an earlier post about pink noise. Between the guy on the radio and one of my coworkers I knew I had to take action or suffer the consequences. I felt a MacGyver moment coming on. One of the comments on the pink noise post led me to download a little app which generates a wave file containing 12 seconds of the stuff.
I thought I’d keep myself current and so I’ve just upgraded my installation of WordPress from 2.0.2 to 2.0.4. I was a bit reluctant to do so as I was happy with what the software was doing, but I remember reading some mention of security updates, so I went for the plunge. The log files on this box are filled with failed login attempts so I know for certain that people are trying to find a way in and if doing something as simple (!
Yesterday, my copy of Firefox updated itself (to version 22.214.171.124 no less) and when it restarted I was reminded about the upcoming World Firefox Day. I’d read about this on Slashdot a while back and just forgot about it. I checked out the site and immediately thought of my colleage, Kevin. The $ORGANISATION’s a Microsoft shop through and through and Kev, like the bulk of the staff here, sticks to the web-browser that came bundled with the OS.
I had been looking forward to seeing Clerks II and was planning to go to the cinema to see it, but I gave in and downloaded a copy. I had a choice between 2 TeleSyncs: a 1-disc Xvid and a 2-disc SVCD. It was a close-run thing but I thought that the SVCD copy was (maybe) slightly better in quality and anyways, it would give me an opportunity to play about with DVD-lab.