Author: Joar Jegleim

Adobe Air – Ubuntu Maverick – amd64 and Wimp

I’m checking out Wimp as a substitute to Spotify. My Wimp stopped working yesterday and refused to start because of ‘wrong ELF’. It turned out my Adobe air installation somehow was in 32bit, I don’t know how/why it initially worked (though 32bit apps usually work fine on 64bit Ubuntu thanks to 32bit libs) .

Anyway I came over a 64bit compiled Adobe Air package at launchpad, it installed fine and I could reinstall Wimp again.

Rkhunter:

I’m configuring rkhunter on a new Debian Lenny setup for production. The rkhunter that comes with apt in Lenny complains about Exim, proftpd, openssl, gpg and openssh being ‘out of date, and possibly a security risk’ . I assume it’s partly because Lenny has been around for a while now, and packages aren’t shiny new versions, but I do trust the Debian security team so I’m whitelisting the apps in question for now. The issue has already been discussed at bugs.debian.org .

Had an ulimit problem

I’m optimizing some scripts that split our apache logs each night. I gotta admit Apache’s ‘split-logfile’ script written in perl is a LOT faster than doing it via f.example bash . But splitting up a log file with more than 2000 vhosts resluted in the script crashing. I had to up my ‘open files’ limit with :

# ulimit -n 4096
# 

http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
http://httpd.apache.org/docs/2.0/programs/other.html

Queue only in Exim

In the process of upgrading our server where mail for customers where being stored I had to take down the system. One thing is to give thousand of users downtime, they can (must) live with it, as long as you for instance do it during nights or so. An other thing is incoming mail, the system should be able to receive mail 24/7 at least as long as one have more than 1 incoming MX .

Normally Exim is run by the switch -bd -q5m, depending on the configuration in exim.conf Exim usually tries to deliver mail instantly and (ref. -q5m) a queue runner goes through the queue every 5 minutes and may or may not retry delivery of mail hanging in the queue (it may not retry mail where ‘retry time’ has not been reach) .

In exim.conf you may add the directive:

queue_only

meaning that for each incoming mail exim will queue the mail and not try to deliver it at once. Mail is then picked up by the queue runner process and delivered later.
By using this directive and by stopping exim and starting it manually with out the queue runner process:

exim -bd

I was able to queue all incoming mail at our MX and could do what I needed to do with the server where mail is delivered (that is for local deliveries) which in my case was about 3 hours of downtime.
When done I removed the queue_only directive and restarted exim with the queue runner again and everything was well 🙂

Sources:
exim.org

Testing read/write speed of disks

Upon testing the performance of a raid 6 array with 13 disks i wanted to check read/write performance, an easy way to do this fast on Linux (Debian) is simply using ‘time’ and ‘dd’:

bakis:/var/raid6volume# time dd if=/dev/zero of=./testingtransfer bs=16k count=16k
16384+0 records in
16384+0 records out
268435456 bytes (268 MB) copied, 1.48474 s, 181 MB/s

real	0m1.513s
user	0m0.008s
sys	0m1.456s
bakis:/var/raid6volume# time dd if=./testingtransfer of=/dev/null bs=16k
16384+0 records in
16384+0 records out
268435456 bytes (268 MB) copied, 0.156663 s, 1.7 GB/s

real	0m0.159s
user	0m0.004s
sys	0m0.160s
bakis:/var/raid6volume#

The ‘read’ test above isn’t real since the file has been cached . But a rsync is working in the background so I couldn’t umount /var/raid6volume for this example.

Initially I was doing this to test performance over nfs for the same array, one has to umount / mount the share between each test to make sure nothings in the cache.

Working with nfs, tuning wsize and rsize on the client side also gives a lot better performance (at least in my case), see the link bellow for more info.

I got these hints from debianhelp.co.uk

How much ram in my graphics card ?

Nice command to find how much ram my graphics card has. Use ‘lspci’ to get the pci id and throw it back to lspci like this:

joar@juno:~$ lspci | grep VGA
00:02.0 VGA compatible controller: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller (rev 09)
joar@juno:~$ lspci -v -s 00:02.0
00:02.0 VGA compatible controller: Intel Corporation Mobile 4 Series Chipset Integrated Graphics Controller (rev 09)
	Subsystem: Lenovo Device 3a02
	Flags: bus master, fast devsel, latency 0, IRQ 30
	Memory at f4000000 (64-bit, non-prefetchable) [size=4M]
	Memory at d0000000 (64-bit, prefetchable) [size=256M]
	I/O ports at 1800 [size=8]
	Capabilities: <access denied>
	Kernel driver in use: i915
	Kernel modules: i915

joar@juno:~$ 

Ethtool is great

Ethtool is a great tool you can use to adjust several settings at your NIC.
It’s especially great to detect if a cable is connected or not. Say you’ve got 3 NIC’s at your server, your hooking up one to the switch and wondering did I hook up eth0, eth1 or eth2 now (?)

# ethtool eth1
Settings for eth1:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised auto-negotiation: Yes
	Speed: 1000Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 0
	Transceiver: internal
	Auto-negotiation: on
	Supports Wake-on: umbg
	Wake-on: d
	Current message level: 0x00000007 (7)
	Link detected: yes

As we can see ‘Link detected: yes, we’ve got a winner.
Note: you have to bring up the interface with :

>
# ifconfig eth1 up

or else ethtool will say the link is not detected even if a cable is attached.

SSL and .pem problems while setting up ifolder test server.

I’m looking at ifolder, and during installation on my test server I spent some time trying to get my head around the ifolder documentation regarding using .pem certificates with apache2. They explicitly say you have to export your self signed certificate as .pem with ‘ca certificate only’, on my OpenSuse test server /var/log/apache2/error.log kept on giving me

Init: Private key not found

This post gave me a hint on how to resolve this. Exporting the certificate as specified in the ifolder administrator documentation as ‘ca certificate AND the private key’ solved it all.