22 January 2010 0 Comments

Website high availability on a shoe string budget

Up until now, if you wanted HA for your website, you would have to dish out few thousand to get your HA environment set up properly. This required several dedicated servers and a Load-balancer (e.g. F5), which in itself costs upwards a few thousand dollars to purchase. Let's not forget the license fees as well as the support maintenance contracts that are involved in purchasing the enterprise grade appliances. Most small business owners and developers may not necessarily have the capital to maintain such a complex infrastructure and up until a few years ago the only solution was to outsource this implementation with a managed service provider that could accommodate it.

I am all for the multi-thousand dollar implementation that will guarantee 99.9999% uptime but what about the up and coming websites that aren't equipped with the budget to get this accomplished? In a world where cash is king, it seems that the potential of these websites is often ignored and put past recognition because they don't have the capital. Companies like Rackspace want you spend money for their services, rightfully so, but it would be nice if they could offer something that would get you started, right? Wrong! Unfortunately, these companies have grown beyond that point, and they've outgrown the need to cater to any of the individual and small business markets.

Right, so let's get on with my shoe string budget that won't break the bank! The first thing you have to recognize is that my definition of a "shoe string" budget differs in leaps and bounds by yours. The goal for this project, was to keep the monthly maintenance fee under $180 per month for my website.

  1. VPS container running CentOS 64bit with MySQL (database server) - $10 - 30 per month
  2. VPS container running CentOS 64bit with Apache * 2 - $10 - 30 per month
  3. VPS container running CentOS 64bit with LiteSpeed Load-Balancer from LiteSpeed Technologies - $32.00 + $65.00 license lease from LiteSpeed Technologies.

There is a well documented tutorial to get you started with LSLB: http://www.wowtutorial.org/tutorial/80.html once you have the virtual servers above, you can deploy your environment successfully. The beauty of this implementation is that you can expand over several geographical locations. The downside is that you'll have a single point of failure, which is your LSLB server. However, you can still work around this with DNS round robin and a secondary LSLB server. You also have to set up a bash script to rsync  (or FTP sync for Windows) to replicate your website bits over to the other server, or you can do it manually by refreshing the bits on each server.

This is not the defacto for website availability. There are several more elegant ways to setup HA but, this would be a good start!

20 January 2010 0 Comments

Xenserver changing shared resource pools

Here is a nice set of instructions on how to backup and restore the VM metadata for your XenServer shared resource pool:

  1. On the source host or pool, in xsconsole, select the Backup, Restore, and Update menu option, select the Backup Virtual Machine Metadata option, and then select the desired SR.
  2. In XenCenter, select the source host or pool and shutdown all running VMs with VDIs on the SR to be moved.
  3. In the tree view select the SR to be moved and select Storage > Detach Storage Repository. The Detach Storage Repository menu option will not be displayed if there are running VMs with VDIs on the selected SR. After being detached the SR will be displayed in a grayed-out state.
    Warning: Do not complete this step unless you have created a backup VDI in step 1.
  4. Select Storage > Forget Storage Repository to remove the SR record from the host or pool.
  5. Select the destination host in the tree view and select Storage > New Storage Repository.
  6. Create a new SR with the appropriate parameters required to reconnect the existing SR to the destination host. In the case of moving a SR between pools or hosts within a site the parameters may be identical to the source pool.
  7. Every time a new SR is created the storage is checked to see if it contains an existing SR. If so, an option is presented allowing re-attachment of the existing SR. If this option is not displayed the parameters specified during SR creation are not correct.
  8. Select Reattach.
  9. Select the new SR in the tree view and then select the Storage tab to view the existing VDIs present on the SR.
  10. In xsconsole on the destination host, select the Backup, Restore, and Update menu option, select the Restore Virtual Machine Metadata option, and select the newly re-attached SR.
  11. The VDIs on the selected SR are inspected to find the metadata VDI. Once found, select the metadata backup you want to use.
  12. Select the Only VMs on this SR option to restore the VMs.
  13. Note Use the All VM Metadata option when moving multiple SRs between hosts or pools, or when using tiered storage where VMs to be restored have VDIs on multiple SRs. When using this option ensure all required SRs have been reattached to the destination host prior running the restore.
  14. The VMs are restored in the destination pool in a shutdown state and are available for use.

Note: You can't have the same SR attached in two different pools when using XenCenter. You'll have to disconnect from the old shared pool to use the new one.

Enjoy!

18 January 2010 0 Comments

WHMCS client “email log” link modification

If you've been using WHMCS, I'm sure you know that it uses a pop-up window to display the email messages in the client email log page. This is an excellent feature for your clients to keep track of historical data and email correspondence. There is, however, one small issue with the presentation.

I've always been anti pop-up for several obvious reasons:

  1. Calling multiple windows on the same website is annoying.
  2. You don't want to give your customers the option of unblocking pop-up windows because it can be an inconvenience and could possibly lead to confusion on their end. No, I will not give them the benefit of doubt...
  3. Pop-up windows are often blocked by today's modern web browsers, and the "safe list" management can be annoying.
  4. Pop-up windows are so 1999! Get with the times!

The moral? Annoyance. Given the fact that most web visitors have an extremely short attention span, I came up with an elegant solution using Lytbox to work around this. This work around requires three small modifications to your WHMCS template files. Here is how you do it (copy & paste):

  1. Make a backup copy of header.tpl and clientareaemails.tpl before you make any changes. This is where source safe is extremely useful!
  2. Download the Lytbox bits, save them to your WHMCS template directory (or any other location).
  3. Edit header.tpl and add the following lines to the source before </head>:<script type="text/javascript" src="[path]/lytebox.js"></script>
    <link rel="stylesheet" href="[path]/lytebox.css" type="text/css" media="screen" />
  4. Edit clientareaemails.tpl and look for "{$email.subject}". Replace the {$email.subject} hyperlink  with the following:<a href="viewemail.php?id={$email.id}" rel="lyteframe" title="{$email.subject}"
    rev="width: 650px; height: 450px; scrolling: yes;">{$email.subject}</a>
  5. You can adjust the windows width and height in the hyperlink above.
  6. Save both files, then upload them to your server. At this point, you should be able to test it out by visiting a client's dashboard. The result  should look something like the image below.

Now you have an fancy presentation window. Enjoy!

29 December 2009 0 Comments

XenServer hard code NIC parameters

I wanted to make sure that the network settings on the XenServers were all hard set to 1000 with full duplex. Unfortunately, XenCenter doesn't allow you to modify the NIC parameters, so the only remaining option is to do this through CLI. Here is how you do it:

  • xe pif-param-set uuid=<UUID of PIF> other-config:ethtool-autoneg=”off”
  • xe pif-param-set uuid=<UUID of PIF> other-config:ethtool-speed=1000
  • xe pif-param-set uuid=<UUID of PIF> other-config:ethtool-duplex=”full”

Once you've issued the commands, make sure that you restart XAPI. The reason why you would want to do this is, to ensure that all hosts on the network fabric are communicating at a certain speed to eliminate the guess work. This is the same reason why I did this!

Note: If you want the network interface to be unmanaged, then you'll need to first run "xe pif-list" on the host, identify the NIC UUID, then run "xe pif-forget uuid=[id]"...

17 December 2009 0 Comments

Getting PDSH and Wget to install SSH key

So, I wanted to spray an SSH public key on a bunch of hosts. Since I have PDSH installed, and I have the PDSH user key stored on those hosts, I used it to do what I needed. Below is a simple command that will grab a file, then appends it to an existing file.

The assumption is that you know what you're doing. With that in mind, I issue the command from the PDSH  as root, save the file to the ~/.ssh/ directory, then cat and append it to an existing authorized_keys2. Once that takes place, the file is removed from the destination. This beats having to do the same task repetitively or use a bash script. In other words, Parallel computing rules!

pdsh -l root -a 'wget http://[REMOTE URL]/[FILE] -O ~/.ssh/[FILE]
&& cat ~/.ssh/[FILE] && ~/.ssh/authorized_keys2 &&
rm -rfv ~/.ssh/[FILE]'
3 December 2009 0 Comments

Mod Security whitelist pingdom IP addresses

My mod_security rules (provided by OWASP) is a little too aggressive with the web bots, which includes Pingdom. To correct the issue, I've had to whitelist their IP addresses. I thought I would post for other's to use:

SecRule REMOTE_ADDR "^74\.52\.50\.50$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^83\.170\.113\.102$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^95\.211\.87\.85$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^67\.205\.112\.79$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^78\.136\.27\.223$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^67\.192\.120\.134$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^174\.34\.156\.130$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^70\.32\.40\.2$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^207\.218\.231\.170$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^204\.152\.200\.42$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^74\.53\.193\.66$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^207\.97\.207\.200$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^174\.34\.162\.242$" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REMOTE_ADDR "^85\.25\.176\.167$" phase:1,nolog,allow,ctl:ruleEngine=Off

23 November 2009 0 Comments

Pic de jour

Upset Designer Quits

20 November 2009 0 Comments

IIS Web deploy error: “You must specify an encryption password to archive this property”.

I was attempting to export an IIS 6 website using the Web Deploy Command tool when I ran into an error:

Error: The property 'value' located at '/metaKey[@path='/lm/w3svc/12130']/metaKey[@path='ROOT']/metaProperty' is marked as secure. You must specify an encryption password to archive this property. Error count: 1.

It appears that you have to specify a password to create the archive, with that, I added the following to my command:

msdeploy.exe -verb:sync -source:metakey=lm/w3svc/12130 -dest:archivedir=c:\archive,encryptPassword=[pass] > wdeployarchive.log

Problem solved!

19 November 2009 0 Comments

XenServer message: “Xenhost still booting”

We experienced a network failure, which knocked off a few of the XenServer hosts. After performing the triage work, I began reviewing the XenServer hosts to make sure they were up. Of the 4 servers in one pool, 1 was experiencing an error, which I hadn't seen before: "Xenhost still booting". This meant the 3rd host was stuck in the emergency maintenance mode, and for some reason, I couldn't get it out of the mode. I had to take the following steps to correct the issue:

  1. I started by making sure that the all hosts had xapi running on all hosts.
  2. From there, I issued the following command "xe pool-emergency-transition-to-master".

Once I did this, the host synced with the master and the problem was resolved!

17 November 2009 0 Comments

XenServer Web Interface

xvp seems to do the job!

Tags:
16 November 2009 0 Comments

XenCenter does not display performance graphs

So there I was, looking at the fancy XenCenter graphs when I noticed that two of the servers in the HA enable pool would not display the graphs. My first reaction was to panic and use some colorful language (just kidding).

The solution boils down into two:

  1. The XenServer time/date is out of sync. Check to make sure NTPD is up and running. Best practice is to use an NTP proxy server on the local net for your XenServer hosts, this is especially important when you are running XenServer Essentials with HA enabled. Always trust but, verify. Make sure the time on each server host is accurate.
  2. Close XenCenter, and then remove the logs under "%AppData%\Citrix\XenCenterMain.exe*\".  Restart XenCenter and test.

Enjoy!

15 November 2009 0 Comments

Allowing over commit on XenServer

I wanted to migrate a VM from one server to the other using XenMotion when I ran into a small issue:

"This operation cannot be performed because HA would no longer be guaranteed for this pool.  To perform this operation anyway, you must disable or reconfigure HA."

Reason why this happened: When HA is enabled and a VM HA Protection level is set to Protected, in addition, the destination server must have the available memory needed to migrate the VM using XenMotion. The host server that is still holding the memory of the VM also must have that same amount of memory available (in reserve) to perform the migration. In other words, the host server must have available the same amount of memory that the VM is about to release.

Here is how to fix it the issue.

  1. On the pool master host,  type: "xe pool-list" to obtain the pool UUID, in my case it is: cbfdcdfd-b7ad-2d22-3efb-6fb3945f2e92.
  2. Run "xe pool-param-list uuid=[UUID]" to determine what the current setting for "ha-allow-overcommit" parameter is set to.
  3. To change the overcommit setting run: "xe pool-param-set ha-allow-overcommit=true uuid=[UUID]".
  4. Now run "xe pool-param-list uuid=[UUID]" and make sure that "ha-allow-overcommit ( RW): true" is set.

Now I'm able to migrate the VM from one server to the other. I live to learn more another day, Sweet!

15 November 2009 0 Comments

Operation: Cleanup the server cabinet!

Jonsie and I went in to the data center and cleaned-up the cabinet. Project included custom length color coded network wires as well as shorter (3 ft long) power wires The result of our 4 hour work below.

Before:

IMG_0100

After:

IMG_0103 IMG_0104

9 November 2009 0 Comments

Evolution!

I like to take a jab at this...

Bite my shiney metal ass!

Bite my shiney metal ass!

2 November 2009 0 Comments

Outlook 2007 error “Cannot open the item for this reminder” error

For some unknown reason, Outlook began to error when I attempted to dismiss the reminder item. After doing some research, I discovered the following Microsoft knowledge base article. The solution is to browse to the MS Office install directory via command prompt, and run the following command:  "%ProgramFiles%\Microsoft Office\Office12\Outlook.exe /Cleanreminders".

If that doesn't work, then start Outlook, go to Calendar, click on "View", then "Current View" and finally select "Recurring Appointments". Remove the item in question to get rid of the error!

28 October 2009 0 Comments

Bugzilla add text to description field

There is an easy way to add your own custom text to the Bugzilla description field. Locate "create.html.tmpl"  under /template/en/default/bug/create/, and then edit it using VI. Look for defaultcontent = defaultcontent and modify it to defaultcontent = "[CONTENT]".

28 October 2009 0 Comments

AutoIT map network drive

I had a small project that involved looking-up an IP address of a host, then use that IP address to map a network share. Below is what I came up with. Note: the variable '$me' was declared earlier on in the script.

 
; Read host list
$input = FileOpen("C:\host-list.csv", 0)
 
While 1
	$line = FileReadLine($input)
	If @error = -1 Then ExitLoop
	If StringInStr($line, $me) Then
		$split = StringTrimRight($line, 2)
		$drivemap = "X:"
		DriveMapAdd($drivemap, '\\' & $split & '\SHARE')
 
		$oShell = ObjCreate("shell.application")
		$oShell.NameSpace($drivemap).Self.Name = ( "FRIENDLY NAME" & $me )
 
	EndIf
WEnd
 
27 October 2009 0 Comments

MySQL search and replace

Easy query:

UPDATE [TABLE] SET [FIELD] = REPLACE([FIELD],'[SEARCH]','[REPLACE]');
26 October 2009 0 Comments

Windows xcopy batch script

I wrote a small script to copy files from one drive (C:) to the destination (Z:) using a nightly cron:

@echo off
:: variables
set drive=Z:\
set backupcmd=xcopy /s /c /d /e /h /i /r /y

echo ### BACKUP...
%backupcmd% "C:\[SOURCE]" "%drive%" 

:: If you want to exclude certain file types add this ... /Exclude:C:\bat\exclude.txt

:: use below syntax to backup other directories...
:: %backupcmd% "...source directory..." "%drive%\...destination dir..."

echo Backup Complete!
25 October 2009 0 Comments

Xenserver VM won’t start!

For some unknown reason, Xenserver decided to crash, and because it crashed uncleanly, some of the VM guest would not start properly. After reading more about the issue, I discovered that this can happen when xapi is not in sync with the master server in the pool. The solution? I logged-on to the master server and issued the following command: "xe-toolstack-restart"