Category Archives: Linux

Rackspace – Cloud Monitoring – Ansible plugins

Install the required packages (Ubunto/Centos):

apt-get update && apt-get install python-apt python-pip build-essential python-dev git python-virtualenv -y

yum install python-pip git python-devel python-virtualenv gcc -y

Prepare the virtual environment

virtualenv /root/monitorenv
. /root/monitorenv/bin/activate
pip install paramiko PyYAML jinja2 httplib2 ansible

Download the playbook

git clone https://github.com/stevekaten/cloud-monitoring-plugin-deploy
cd cloud-monitoring-plugin-deploy

Install the required plugin:

ansible-playbook -i hosts holland_mysqldump.yml

	This will configure the holland_mysqldump plugin on the localhost.

ansible-playbook -i hosts mysql_slave.yml

	This will configure the mysql_slave plugin on the localhost.

ansible-playbook -i hosts port_check.yml

	This will fail with an error message informing you that you need to set a port.

ansible-playbook -i hosts port_check.yml -e port=8080

	This will configure the port_check plugin on the localhost checking if port 8080 is open.

ansible-playbook -i hosts port_check.yml -e '{"host":"rackspace.com","port":"80"}'

	This will configure the port_check plugin to check rackspace.com:80.

ansible-playbook -i hosts port_check.yml -e '{"host":"10.X.X.X","port":"3306"}'

	This will configure the port_check plugin to check mysql's port 3306 on the ServiceNet address.

ansible-playbook -i hosts lsyncd_status.yml

	This will configure the lsyncd_check plugin.

To UNINSTALL the monitoring, you need to delete the check, removing the related file from /etc/rackspace-monitoring-agent.conf.d/ and restart the Cloud Monitoring agent.

Rackspace – Cloud server inaccessible after creation from custom image

It happens that sometimes a server built from a custom image is not accessible. Sometimes the reason is becase the Nova agent was not running (for various reasons) on the source server and the networking wasn’t set correctly during the building process. This means the new server still have the old IP and routes of the original, the one used to create the image itself.

How to fix it?
Connect on the console and make sure xe-linux-distribution (xe-daemon) and Nova Agent are restarted/up and running.

Important: Make sure xe-linux-distribution is started BEFORE Nova Agent is.

Once this has been done run the following command on the Cloud server to force the Hypervisor to re-push the right configuration (this works only on Linux servers):

UUID=`uuidgen`; xenstore-write data/host/$UUID '{"name":"resetnetwork","value":""}'; sleep 10; xenstore-read data/guest/$UUID; unset UUID

# If completed successfully it will return something like this:
{"message": "", "returncode": "0"}

SSL – Cloud Load Balancer loop

Add this into your vhost in Apache:

SetEnvIf x-forwarded-proto https HTTPS=on

Rackspace – Cloud Sever autokill script

#!/bin/bash

# This script auto delete the current instance and ask the
# Autoscale Group to replace the node


###########################################################

CRED_FILE=/opt/autoscale/.credentials
AS_GRP_ID=a17b08b3-0c04-48e8-84a9-3070c29a27fa

###########################################################

# Gather info from credential file
USERNAME=$(grep username $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g')
APIKEY=$(grep api_key $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g')
REGION=$(grep region $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g' | tr '[:upper:]' '[:lower:]')


SERVER_UID=$(xenstore-read name | sed 's/instance-//')

AUTH=$(
curl -sd \
"{
   \"auth\":
   {
        \"RAX-KSKEY:apiKeyCredentials\":
        {\"username\": \"$USERNAME\",
        \"apiKey\": \"$APIKEY\"}        }
}" \
-H 'Content-Type: application/json' \
'https://identity.api.rackspacecloud.com/v2.0/tokens' | python -m json.tool | grep -A 7 token | awk '/id/ { print $2 }' | tr -d '"' | tr -d ","
) 

TOKEN=$(echo $AUTH | awk '{print $1}')
ID=$(echo $AUTH | awk '{print $2}')


curl -sH "X-Auth-Token: $TOKEN" -H "Content-type: application/json" -X DELETE https://$REGION.autoscale.api.rackspacecloud.com/v1.0/$ID/groups/$AS_GRP_ID/servers/$SERVER_UID?replace=true

Scheduled unattended tasks – at

$ at time date

$ at 11 am may 20

# at 02:00 AM Fri
at> yum update glibc
at> echo "Executing scheduled task" | logger
at> shutdown -r +5 "Server is going to be rebooted in 5 minutes for scheduled task. Please save your work ASAP." 
at> <EOT>
job 2 at 2015-02-06 02:00

Ends using CTRL+D that generates the <EOT> bit.

Source: http://www.computerhope.com/unix/uat.htm

Check the processes in the queue

atq

Check content of a job

at -c <job number>

Delete job

atrm <job number>

Also, you can cat/modify the job in /var/spool/cron/atjobs/ or /var/spool/at (in Centos)

If not installed, on Centos, make sure to start also ‘atd‘ service.

# chkconfig atd on && service atd start

SSL – Check if a certificate matches with its public key

# openssl rsa -modulus -noout -in private_key.key | openssl md5
(stdin)= jhg557dd83jdlki93de778b69ojg536

# openssl x509 -modulus -noout -in certificate.crt | openssl md5
(stdin)= jhg557dd83jdlki93de778b69ojg536

WordPress Apache ProxyPass

Option 1

Ensure certain traffic goes to a certain server, you can use this:

<LocationMatch "^/wordpress/wp-admin/?.*>
        ProxyPreserveHost On
        ProxyPass http://ip.of.master.server/
</LocationMatch>

Option 2

Step One: Configure Environment

We need to setup some environment variables to get this to work correctly.
Add the following to your environment on the slave server(s):

RHEL/CentOS: /etc/sysconfig/httpd

OPTIONS="-DSLAVE"
export MASTER_SERVER="SERVERIP HERE"

Ubuntu: /etc/apache2/envvars

OPTIONS="-DSLAVE"
export MASTER_SERVER="SERVERIP HERE"

Step Two: Configure your VirtualHost

In your VirtualHost configuration do something like the following.

RewriteEngine On
ProxyPreserveHost On
ProxyPass /wp-admin/ http://${MASTER_SERVER}/wp-admin/
ProxyPassReverse /wp-admin/ http://${MASTER_SERVER}/wp-admin/

RewriteCond %{REQUEST_METHOD} =POST
RewriteRule . http://${MASTER_SERVER}%{REQUEST_URI} [P]

Fullstatus Apache 2.4 Centos7

Apache on CentOS 7 doesn’t come with any configuration for enabling /server-status
The module does come by default though, so to get this going, all you need to do is:

$ cat >> /etc/httpd/conf.modules.d/01-status.conf << EOF
<Location /server-status>
SetHandler server-status
Require local
</Location>
EOF

$ systemctl reload httpd
$ apachectl fullstatus

APC (php module) and OPcache

apt-get install php-apc

apc
apc.shm_size=256M

cp /etc/php.d/apc.ini /home/rack && sed -i 's/^.*apc.shm_size=.*$/apc.shm_size=256M/' /etc/php.d/apc.ini && grep "apc.shm_size=" /etc/php.d/apc.ini

cp  /usr/share/doc/php*apc*/apc.php /var/www/

service httpd graceful && service httpd status

PHP5.5 -> If it has Zend OPcache it doesn’t need APC anymore

php -m

Look for this:

[Zend Modules]
Zend OPcache

GUI: https://github.com/amnuts/opcache-gui

wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php

/etc/php5/mods-available/opcache.ini or /etc/php5/fpm/conf.d/05-opcache.ini

opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1

Test loading speed ignoring Varnish

Adding “Cookie: NO_CACHE=1” will make Varnish to pass the request directly to Apache

 time curl -I http://example.com/pagetotest -H "Cookie: NO_CACHE=1"

My notepad

Chris' IT notes…