Pablowe

Cassandra “Quick Install” on CentOS 5

Cassandra is notoriously a pain to install on CentOS. So partially as documentation for myself, here are the “quick install” steps for getting Cassandra up and running. For explanation, see the official Cassandra documentation. I think the biggest reason this differs so significantly from other install guides out there is that I wanted it to work on RightScale (know issues w/Java) as well as CentOS 5.1-5.4. I can’t wait until I can get Cassandra from yum …..

HTTP Over SSL Best Practices

Encrypting connections to your web server using HTTPS is a trade-off between performance and security. Therefore, there’s no “right answer” for exactly what traffic to encrypt; it’s a business decision. There are, however, best practices that can guide you in the decision making process. In fact, there is a “golden rule” for making this decision:

If it were your session, would it bother you if I got the data? If your answer is yes, then the data should be encrypted!

More »

Getting my money’s worth!

Several months ago I purchased an HP Mini 1000 to do some work for a client in their SQL Server 2005 environment. The work ended rather quickly and the Mini’s been sitting around gathering dust. I came across it in a pile of junk the other day while cleaning and decided that it would be the machine to replace my MacBook Air when the MBA goes in for repair. The basic tasks I would be performing are:

• Lots of database work
• Linux, Solaris, and FreeBSD administration
• Penetration Testing and Security Audits

Right away I realized I would need to kick it up a notch by upgrading to 2G of RAM. I would also need to be able to run Linux, but couldn’t sacrifice my only Windows installation (virtualization is not an option on either the MBA or the Mini). Dual booting also wasn’t an option because the 16G hard drive on the Mini is barely enough to run Windows. So my only real option was to do a persistent install of Ubuntu on USB (using the NetBook Remix, of course). HP made some awesome decisions with USB on the Mini: SD Card and Mini Flash slots in addition to the regular USB port. So I purchased an 8G JetFlash USB Drive to serve as my Linux machine. After then spending a few hours on my typical Linux install (which is pretty much half of the top 100 SecTools and a few other base packages), I was ready to go.

VPNC Quick Install on OS X

I find myself constantly battling with Cisco VPN client on my Mac. As such, I’ve recently turned to vpnc as a replacement. VPNC is available as a Darwin Port but won’t work with a simple install.

%> sudo port install libgpg-error openssl libgcrypt tuntaposx vpnc

That’s all there is to it. The command took less than 5 minutes on my first-generation MacBook Air.

Drizzle

Last night I attended the San Francisco MySQL Meetup Group to hear Brian Aker talk about Drizzle. Heretofore, I was generally uninterested in Drizzle because I didn’t pay enough attention to what it was actually trying to accomplish. After his presentation, I am anxious to play with it in a meaningful way! The features that sold me:

• utf8 as the default (only?) charset
• No more SQL_MODE (behaving strict-like by default)
• Pluggable Authentication
• A much smarter communication protocol
• 64-bit only *(EDIT: Stewart has informed me that 32-bit is supported, but Drizzle has been optimized for 64-bit … I’m still counting it as a win)
• Did I mention Pluggable Authentication?
• Defaults to transaction-capable

One feature I’m hoping to see come up soon:

• Online Upgrades

Why would I want that? Upgrading is very easy, you think. Since drizzle is designed to be used with huge (by today’s standards) machines with 128+G RAM, 128+ CPU Cores, one must assume that the data sets used will correspondingly be huge. So huge, in fact, that it will take hours (days?) for the caches to warm up! An online upgrade capability may allow for caches to stay hot during the upgrade process rather than having to operate in a degraded state for a long time after an upgrade.

Nagios3 on CentOS: Quick Install Script

As part my job, I find myself doing Nagios installs on a somewhat regular basis. The following is a quick guide on installing Nagios 3 on CentOS, distilled from the official Nagios docs. It is meant to be copied and run as a shell script (you should only have to update the passwords):

#!/bin/sh

# Any Failing Command Will Cause The Script To Stop
set -e

# Treat Unset Variables As Errors
set -u

echo "***** Starting Nagios Quick-Install: " `date`
echo "***** Installing pre-requisites"
yum -y install httpd
yum -y install gcc
yum -y install glibc glibc-common
yum -y install gd gd-devel

echo "***** Setting up the environment"
useradd -m nagios
echo "INSERT_PASSWORD_HERE" |passwd --stdin nagios
groupadd nagcmd
usermod -a -G nagcmd nagios
usermod -a -G nagcmd apache

echo "***** Getting the Nagios Source and Plug-Ins"
cd /usr/local/src
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.0.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
tar xzf nagios-3.2.0.tar.gz
tar xzf nagios-plugins-1.4.14.tar.gz

echo "***** Installing Nagios"
cd /usr/local/src/nagios-3.2.0
./configure --with-command-group=nagcmd
make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf

echo "***** Setting up htpasswd auth"
htpasswd -nb nagiosadmin INSERT_PASSWORD_HERE > /usr/local/nagios/etc/htpasswd.users
service httpd restart

echo "***** Setting up Nagios Plug-Ins"
cd /usr/local/src/nagios-plugins-1.4.14
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

echo "***** Fixing SELinux"
chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

echo "***** Starting Nagios"
chkconfig --add nagios
chkconfig nagios on
service nagios start

echo "***** Done: " `date`

Hope you find this useful!

* EDIT: 2009-09-07 – Updated link to get Nagios 3.2.0
* EDIT: 2009-10-14 – Updated link to get Nagios Plugins 1.4.14

ATTN: WordPress Theme & Plug-In Developers

Please minify all JavaScript and CSS files. The size of the main page at pablowe.net was reduced by 20% by this simple, 30-second act.

CSS::Minify
JavaScript::Minifier

Thank You!

Improving WordPress Performance with Basic MySQL Maintenance

If your blog is anything like mine, the vast majority of comments are spam. Most blogs have at least a 50% ratio of spam-to-valid comments, and Pablowe has a 99.4% ratio (which is probably why there are so many Anti-Spam plugins for WordPress).

One of the most oft-executed queries (based on the MySQL general log statistics) is:

SELECT DISTINCT ID, post_title, post_password, comment_ID,
comment_post_ID, comment_author, comment_date_gmt, comment_approved,
comment_type,comment_author_url,
SUBSTRING(comment_content,1,30) AS com_excerpt
FROM comments
LEFT OUTER JOIN posts ON (comments.comment_post_ID = posts.ID)
WHERE comment_approved = '1' AND comment_type = '' AND
post_password = ''
ORDER BY comment_date_gmt DESC
LIMIT 10;

In order to keep this (and other) queries performing well, I put the following script in cron and schedule it to execute weekly:

<?php
// This should match your values in wp_config.php
$table_prefix = '';
$db_host = '';
$db_name = '';
$db_user = '';
$db_password = '';
// How long (in days) before comments are purged
$purge_age = 7; // DEFAULT: One Week
if ( $mysqli = new mysqli( $db_host,$db_user,$db_password,$db_name) ) {
$purge_query = 'DELETE FROM ' . $table_prefix .
'comments WHERE comment_date < DATE_SUB(NOW(), INTERVAL ' .
$purge_age . " DAY) AND comment_approved = 'spam'";
if ( ! $mysqli->query ( $purge_query ) ) {
die ( "Could Not Issue Query: Please check configuration\n" );
}
$mysqli->close ( );
} else {
die ( "Could Not Connect: Please check configuration\n" );
}
?>

Will this make your blog Digg Proof? Not by itself, but it can play an important part in the overall performance and scalability of your blog.