MD Replacing a drive in a degraded array

You get a email from the mdadm monotor telling you that one array is degraded (will look something like this)
DegradedArray event on /dev/md4:jontas02

This is an automatically generated mail message from mdadm
running on theserver
 
A DegradedArray event had been detected on md device /dev/md4.
 
Faithfully yours, etc.
 
P.S. The /proc/mdstat file currently contains the following:
 
Personalities : [raid1] [raid6] [raid5] [raid4] 
md4 : active raid1 sdb1[1]
      1465135936 blocks [2/1] [_U]

In this case I know from before – you make notes of how the md’s are located to drives, right 😉 – that md4 should be sda1 & sdb1
I also know from other logs that there is an error with sda1.

After physically replacing the drive the new disk needs to be added to this array in order to rebuild the array.

This is quick to do

admin@theserver:~$ sudo mdadm --add /dev/md4 /dev/sda
mdadm: added /dev/sda

And then a check of /proc/mdstat lets me know that it was added correctly and that the array is building

cat /proc/mdstat
Personalities : [raid1] [raid6] [raid5] [raid4]
md4 : active raid1 sda[2] sdb1[1]
      1465135936 blocks [2/1] [_U]
      [>....................]  recovery =  0.0% (473408/1465135936) finish=463.9min speed=52600K/sec

WordPress 3: Super Admin pulled a disappearing act

Had a slight problem after the database server had to make a unplanned reboot.
I have a Network running on the WordPress installation; the sites were working, the dashboard was working however I did not have the insert image icon in the posts and the Super Admin was not visible.

For me this turned out to be a simple. The database table “wp_sitemeta” was marked as crashed and could not be read by WordPress.

This is likely to be the problem if the Super Admin disappeared after a hard shutdown of the database server. (By hard I mean that the database didn’t have time to close tables, finish writing to tables etc)

OpenVPN giving a client a static IP

To set up static IP for a client first set up client-config’s in server.conf

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
client-config-dir client-configs

Then create the directory “/etc/openvpn/client-configs
Then create a file with the name of the client that is connecting in this folder
(for instance “/etc/openvpn/client-configs/backup”)

#Give this machine 10.8.0.3 a a static ip
ifconfig-push 10.8.0.3 10.8.0.0

(Remember to replace with values that makes sense to you)

OpenVPN: TLS Error: reading acknowledgement record from packet

This error message (in my experince) most often means that one side (either the client or the server) is set up for TLS auth, but the other side is not.

Check both configs and fix this problem.

To add it to a client
Copy the file /etc/openvpn/ta.key from the server to the client
and then edit /etc/openvpn/myVpn.conf

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1

Adding a OpenVPN client on ubuntu 10.04

First the certificate (key) should be created on the server.

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname

Copy the certificate files to the client
* /etc/openvpn/ca.crt
* /etc/openvpn/easy-rsa/keys/hostname.crt
* /etc/openvpn/easy-rsa/keys/hostname.key

Then the client should be setup

apt-get install openvpn
cd /etc/openvpn
cp /usr/share/doc/openvpn/examples/sample-config/client.conf client.conf

Edit the client.conf file (edit all that you need to fit your config, the following are those I recommend):
The fix for Vista I add (commented out) since I am lazy and usually just copy a old config file to the next client

remote my.domain.com 1194
 
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert clientName.crt
key clientName.key
 
#fix for vista being stuid...
;route-method exe
;route-delay 2

Restart OpenVPN on the client:

 /etc/init.d/openvpn restart
 * Stopping virtual private network daemon(s)...                                
 *   No VPN is running.
 * Starting virtual private network daemon(s)...                                
 *   Autostarting VPN 'myVPN'                                         [ OK ]

Same as with the server, the above means that is went well, a [fail] means that the logs should be read for details.

A word of caution: [ OK ] only means that the OpenVPN was started ok – no errors in config etc.
There might still be issues with firewalls, wrong hostname (to the server) etc.
Check ifconfig and ping the server to make sure it is working.

Installing OpenVPN (server) on ubuntu 10.04

This is a quick note on how to install OpenVPN as a Ethernet tunnel (not a bridge) on ubuntu 10.04

install

sudo apt-get install openvpn

Server Certificates

First, copy the easy-rsa directory to /etc/openvpn.

sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

You may also wish to adjust permissions in the easy-rsa directory to allow the current user permission to create files.

sudo chown -R $USER /etc/openvpn/easy-rsa/

Next, edit /etc/openvpn/easy-rsa/vars but make sure you adjust at least the following values to values make sense to you:

export KEY_COUNTRY="SE"
export KEY_PROVINCE="Blekinge"
export KEY_CITY="Karlskrona"
export KEY_ORG="My organization"
export KEY_EMAIL="vpnhelp@example.com"

Enter the following to create the server certificates:

cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/

Server Configuration
Lets start by copying the example config.

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gunzip /etc/openvpn/server.conf.gz

Edit /etc/openvpn/server.conf changing (at least) the following options (change to values that make sense to you):

#Change the VPN subnet address to one that makes sense to you (and don't collide with any other net)
server 10.9.0.0 255.255.255.0
#If you wish the computers on the VPN to be able to connect to each other then uncomment
client-to-client
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
#If this is uncommented then a separate log will be written for OpenVPN (If both log lines are uncommented, then syslog is used)
log-append  openvpn.log
#To enable per client configurations uncomment:
client-config-dir client-configs

Restart the VPN:

/etc/init.d/openvpn restart

If the server failed to start:

/etc/init.d/openvpn restart
 * Stopping virtual private network daemon(s)...                                                                                                 
 *   No VPN is running.
 * Starting virtual private network daemon(s)...                                                                                                 
 *   Autostarting VPN 'server'                                                     [fail]

Then you should check out the log (either syslog or the log you set in the config file) and solve the issues.
It should look like this:

/etc/init.d/openvpn restart
 * Stopping virtual private network daemon(s)...                                                                                                 
 *   No VPN is running.
 * Starting virtual private network daemon(s)...                                                                                                 
 *   Autostarting VPN 'server'                                                     [ OK ]

Apache2 unseting AddDefaultCharset (via .htaccess)

Setting a default charset using .htaccess is a simple thing to do

However sometimes there is a need to unset default charset as well (for instance if the AddDefaultCharset is set in the apache config and this is causing problems).

This is very easy to do just edit the .htaccess file and add a line that says

AddDefaultCharset OFF

OpenSSH and password-less logins

Using SSH you can run commands at remote servers.

By default the remote server will ask for credentials but for instance when writing a script it is not a good idea to store the login credentials in a script.
The solution to this is to create a key pair at the origin machine (where the script is) and then send this key to the remoteserver (where the script needs to login).

  • First create a key pair (only has to be done once for this machine; it can be reused for other machines if you wish to be able to login to several computers)
     jonas@jonas-desktop:~$ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/jonas/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/jonas/.ssh/id_rsa.
    Your public key has been saved in /home/jonas/.ssh/id_rsa.pub.
    The key fingerprint is:
    11:f9:5a:8f:7d:74:e4:68:3b:4b:22:1c:78:e6:be:2d jonas@jonas-desktop
    The key's randomart image is:
    +--[ RSA 2048]----+
    |        ..       |
    |        ..      .|
    |        .o     + |
    |        ..*   + o|
    |        SB = o o |
    |        . = + =  |
    |         . . + o |
    |          E.  .  |
    |          .o.    |
    +-----------------+

    Passphrase is needed to “unlock” this key before being able to use it. Leaving passphrase blank means that the key can be used without any inputs.

  • Next send the key to the server that you wish to be able to login to.
     jonas@jonas-desktop:~$ ssh-copy-id -i .ssh/id_rsa.pub user@remoteserver
    Warning: Permanently added 'remoteserver,11.222.333.222' (RSA) to the list of known hosts.
    user@remoteserver's password: 
    Now try logging into the machine, with "ssh 'user@remoteserver'", and check in:
     
      .ssh/authorized_keys
     
    to make sure we haven't added extra keys that you weren't expecting.

    -i is the identity file we created with ssh-keygen

  • This is it. Now you are able to login to remoteserver as user without a password.

Magento: New url on a existing installation (after a move)

Magento stores the base url in the database.
The easy way to change this is to use the admin interfece, but if that is not possible (for instance you have swapped ip for a dev machine – or moved data from a existing installation to another machine) then it is possible to do the update in the database.

  • In the table “core_config_data” find the keys “web/secure/url” and “web/secure/url” and just update these to the new address. Hint: The addresses should end with “/” otherwise magento won’t like it.
  • Clean out var/cache/* and var/session/* (use “rm -rf” on a *nix environment)