Archive for the ‘Linux Admin’ Category

Apache Zenoss Reverse Proxy

Thursday, July 1st, 2010

A few steps in making my zenoss installation more usefull.

1. Get rid of the localhost.localdomain in alert messages.

Settings -> Daemons -> zenactions -> zopeurl

Put in the full URL as it will be seen and appended to by alert messages. Because I anticipated using SSL my zopeurl looked something like this: https://myserver.name:2345

2. Create a http.conf file for my prxied service

vi /etc/http/conf.d/myserver.name-2345.conf

Listen 0.0.0.0:2345

NameVirtualHost myserver.name:2345
<VirtualHost <http server IP Address>:2345>

ServerName myserver.name

ProxyRequests Off
RewriteEngine on
RewriteLog /var/log/httpd/myserver.name-2345-rewrite_log
RewriteLogLevel 1

SSLEngine On
SSLCACertificateFile /etc/httpd/conf/myserver.name/ssl/ssl-cachain.pem
SSLCertificateFile /etc/httpd/conf/myserver.name/ssl/cert.pem
SSLCertificateKeyFile /etc/httpd/conf/myserver.name/ssl/key.pem
SSLProtocol TLSv1 SSLv3
SSLCipherSuite HIGH

ErrorLog logs/myserver.name-2345-error_log
CustomLog logs/myserver.name-2345-access_log common

SetEnv force-proxy-request-1.0.1
SetEnv proxy-nokeepalive 1

ProxyPass / http://127.0.0.1:8080/VirtualHostBase/https/myserver.name:2345/VirtualHostRoot/

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

<Files ~ "\.(inc|class)$">
Deny from all
</Files>

</VirtualHost>

Personally I like to keep the .conf file in a single location. I use /etc/http/conf/myserver.name/

In that directory I place my ssl and any related conf files then, from inside the conf.d directory I ln -s ../conf/myserver.name/myserver.name-2345.conf ./

From there I check the conf/myserver.name into a git repo. A note on this. Beware of putting sensitive data like the key file into a shared repository.

So… that’s it. Restart apache and you should be able to hit the secure site.

An easy way to create and manage certs if you are going with self signed is TinyCA2

Props go out to http://jang.blogs.ilrt.org/2009/05/28/zenoss-general-zope-behind-an-apache-proxy/ for the actual URL to redirect to.

Tags: , ,
Posted in Linux Admin | 1 Comment »

RedCar Text Editor on Fedora Core 10 (FC10) and Fedora Core 11 (FC11)

Thursday, June 25th, 2009

I use a lot of vi in writing ruby code. I’ve seen TextMate and wondered if such a beast exists for Linux… well, it does. It’s in the form of a ruby project called RedCar. I started down the path of installing it but couldn’t find instructions for Fedora and was running into problems getting the debian/ubuntu instructions to fly. That’s why this is here. If I ever have to do this again I’ll be glad I put these instructions here. I’ve done what I can to get this up and running in a clear way but your mileage may vary (YMMV).

Post back with comments and improvements.

Get the basic install packages:

On FC10 (32bit)

sudo yum install git-all ruby-gconf2 ruby-gnome2 oniguruma oniguruma-devel gtk2 gtk2-devel glib2 glib2-devel libgee libgee-devel ruby-gtksourceview2 gtksourceview2 gtksourceview2-devel xulrunner xulrunner-devel xorg-x11-server-Xvfb dbus-devel WebKit-gtk-devel WebKit-gtk WebKit-doc ruby-gtk2 ruby-gtk2-devel

On FC10 (64bit)

sudo yum install git-all ruby-gconf2 ruby-gnome2 oniguruma.i386 oniguruma.x86_64 oniguruma-devel.i386 oniguruma-devel.x86_64 gtk2 gtk2-devel glib2 glib2-devel libgee.i386 libgee.x86_64 libgee-devel.i386 libgee-devel.x86_64 ruby-gtksourceview2 gtksourceview2 gtksourceview2-devel xulrunner xulrunner-devel xorg-x11-server-Xvfb dbus-devel WebKit-gtk-devel WebKit-gtk WebKit-doc ruby-gtk2 ruby-gtk2-devel

On FC11 the process has only the exception that WebKit-gtk is now referred to as webkitgtk:

sudo yum install webkitgtk-devel webkitgtk webkitgtk-doc

Get missing development headers (not just for x64 systems):

wget redcareditor.com/stuff/missing_x64_headers/rbgdkconversions.h
wget redcareditor.com/stuff/missing_x64_headers/rbgtkconversions.h

Determine your platform if you don’t alread know

uname -p
i686 == 32 bit
x86_64 == 64 bit

32 bit do:

sudo cp rbgtkconversions.h rbgdkconversions.h /usr/lib/ruby/1.8/i386-linux/

64 bit do:

sudo cp sudo cp /usr/lib64/ruby/1.8/x86_64-linux/ rbgdkconversions.h /usr/lib64/ruby/1.8/x86_64-linux/

I use github often and so have it setup as a gem source:

sudo gem source -a http://gems.github.com

Install needed gems:

sudo gem install oniguruma activesupport rspec cucumber hoe open4 zerenity statemachine

Go to your development directory and:

git clone git://github.com/danlucraft/redcar.git

Change to the redcar directory:

cd redcar

Ensure you are using the “stable” branch:

git checkout stable

Get the redcar submodules (like textmate bundles):

git submodule init
git submodule update

Install dbus gem.

I used sdague-ruby-dbus because the plain old ruby-dbus (dbus gem) would not build for me. YMMV:

sudo gem install sdague-ruby-dbus

It turns out that I could not get dbus to run (meaning that if I have RedCar running and attempt to load a file from the command line it opens as a separate instance instead of opening the file in the currently running RedCar instance. A minor hassle)

Build redcar

rake build

Make an alias script for redcar

This allows you to launch redcar from anywhere on the system

sudo vi /usr/local/bin/redcar
#!/bin/sh
# I use –multiple-instance because ruby-dbus just isn’t working for me.
/<YOUR REDCAR DIRECTORY>/bin/redcar –multiple-instance $1

Make the script executable:

sudo chmod a+x /usr/local/bin/redcar

Start redcar

/usr/local/bin/redcar README.md

The first time you run redcar it will take some time to collect all it’s library and bundle files. That’s a one time thing.

I use –multiple-instance because ruby-dbus just isn’t working for me. If you know how to make it hum please leave a comment and I’ll update the post.

Base configuration taken from: http://github.com/danlucraft/redcar/blob/eeebf739365d8bfd0e06ed001bd6b7960d76daa3/INSTALL.md

Tags: ,
Posted in Programming, Rails, Scripts, Tools and Commands | No Comments »

rsync ext2/ext3 to samba/cifs

Monday, June 15th, 2009

The problem seems to be the default method used by rsync to determine which files need to be considered for copying is not appropriate for use between linux and cifs/smb mounted file systems.

My setup is a Maxtor Central Axis 1TB using CIFS mounted to a linux file system using a standard mount -t cifs …. command.

The initial rsync run identified my thirty one thousand RAW and JPG files and took an age to get through them all… as expected. I realized something was terribly wrong when I kicked off a test run immediately after the first completed as rsync was copying one file at a time regardless of if the file had changed or not.

I started down the path of having rsync perform a checksum on each file to determine if it should be copied or not; however, the checksum process is computationally expesive and was taking more time than just copying the file. Needless to say I didn’t even get all the way through assessing which files needed to be copied. Next I considered looking at the modification times only but for some reason opening the modify window (ex. –modify-window=10) did not have any affect. I ended up just looking at the size of each file.

rsync –size-only -trvvhP –no-whole-file /src_directory/* /cifs_mounted_remote_directory/

I suspect that there may be CIFS mounting options that would lend themselves to backups based on modification time; however, the types of files I’m concerned with are in a large binary format. Any modification of the file under normal use will produce a file of a different size (in 99% of cases). The monthly full copy will get the outliers.

Posted in Backup, Tools and Commands | No Comments »