Software
UNIX System Monitoring
When you maintain several servers each running several virtual machines and have anything else at all to do, it is impossible to keep your eyes on them 100% of the time. There are a handful of software packages out there that can do this for you, but most are either too bulky, too complicated, or lack the features that you want. Scott Pinkston referred me to one the other day called Monit, which is the first one of these programs that I actually liked. Most of the others just have too much. This one is short, and to the point. Monit installs very quickly, and runs in the background as a daemon. One very simple config file holds the configuration data for the services you want to monitor, and if you so choose, you can have a secure webpage display stats on your services. It can also be configured to email you (or call the beeper, etc...) if certain events occur, and best of all, is super lightweight.
MacBook Upgrade - Snow Leopard
I just finished upgrading my 13.3" MacBook (Intel Core Duo 2.0, 2gb - its 3 yrs old) to Mac OS X Snow Leopard. The installation was absoutely painless - I think that I clicked 1 button and typed in a password and waited....and waited....and waited. It took about an hour to upgrade, but it seems to work perfectly. YMMV.
Making Drupal More Secure
This site is running in a CMS called Drupal. It, like most CMS systems, allows users to easily create, edit, and delete content and manage many features of a website. But, like most, it is not without a few security flaws. Me, being a geek, and having more than a passing interest in security, decided to try to make this site a little more secure, and possibly even PCI Compliant.
SunShop changes SQL table structure...AGAIN!!!
VMWare ESXi 4.0 Migration, Part Deux
As I wrote about last time, Pleth's move from VMWare Server to VMWare ESXi has been very successful thus far, but in the process we've discovered a couple of "neat tricks" and have proven to ourselves that the technology choices we made a few years back were indeed the right ones.
When you copy a .vmdk (vmware disk image) over from a VMWare Server machine, you have to convert it over to ESXi format. This process makes the resulting disk image the whole size that you've allocated. This isn't necessarily a bad thing, but if you had it set to thin provisioning in VMWare Server your disk usage just went up. WAY up.
VMware, Apache, MySQL, and PHP Performance Tuning
I posted a few weeks back that Pleth had transitioned some of their equipment over to VMware Server and for the most part it's been a very smooth process. But, as of late we've ran into some slowdowns, especially on the VPS with Plesk (which happens to host several of our websites). After doing a bunch of research and spending many a late hour digging through tons of mpstat and other sysutils data I think I found the culprit(s).
VMware Server, unlike the ESX/ESXi products, does not run in a Type 1 Hypervisor. This means that the underlying OS (in our case Red Hat Enterprise Linux was tuned out of the box for a general all-purpose server. This configuration isn't always optimal for a Type 2 Hypervisor. It works just fine as long as things are "normal," but as the new VMware server got a larger load (in terms of I/O and CPU) performance went downhill.
Mod Security is good for you!
Since I'm back, I've got a few days worth of log files to dig through. A couple of years ago an old legacy PHP script Pleth was running wasn't very secure, but was critical to the operations of a particular customer. It got hacked (well, they used it to upload a C99Shell) a couple of times before the vendor released an update. Scouring the internet for a solution, I learned of Mod Mod Security, an application firewall of sorts. It runs as a module in your Apache configuration and uses a set of user-configurable rules files to detect and prevent a number of attacks against a website. The rules list has a huge community backing, and people have written rules for about every vulnerability out there. Open Source is good no? Anyway, as I was digging through those files today it kinda shocked me to see just how much stuff mod_sec blocked. The internet is a dangerous place.....
Figuring this thing out....
Well it's been a couple of weeks since I started this blogging thing. I did it mostly to try to understand some of these web development frameworks (this one is built in Drupal actually function. It's been a good learning experience, although I've got about a billion other things left to learn. Anyway, don't be surprised if you see strange boxes and code pop up all over the page. The best way to learn is through experimentation right?? (and it's also the reason we make backups...lol)
VMWare, Server Migration, and R1Soft
Those that know me know I do a lot of server work for Pleth, LLC and that most Fridays I can be found there. We've been in the process of moving from a Parallels Virtuozzo environment to a VMWare environment. So far, the process has went well. We have a private rack in our datacenter at ThePlanet and just installed a nice new system with quad cores, tons of ram and storage. It's running VMWare Server 2 on Red Hat Linux 5 with Centos 5.3 VM's. One of the VPS's on this hardware node has a 100 domain Plesk 9.2 installed on it, and we've been moving some of the domains from the old Virtuozzo/Plesk containers onto this machine. VMWare has made it very easy to be portable from one hardware platform to another because of the OS independent nature of its Virtualization environment.
