New Server and Site Location
This is just a quick heads-up that I am moving this site and most of my services that I offer people to a new server this means for a while things will be odd.
The new machine is still with Blackcat Networks who I never hesitate to recommend to anyone. The new machine was purchased from DNUK who specialize in Linux servers, their service were great and managed to build me a machine that would fit into 0.5Amp power usage easily.
The final spec is a AMD X2 3800+, 2 x 250GB drives and 2GB memory, all happily running at around 0.4Amp. The old server is a Dell 1550 1Ghz PIII, so this will be a very welcome upgrade.
IPSEC On RedHat Enterprise
I've had the miss-fortune of configuring IPSEC on many FreeBSD machines and other devices in the past and in all cases it's been a pain, as a result I've been putting off securing connections between 3 machines that I knew needed IPSEC.
Last night I figured I may as well start looking at what is involved in building a star topology between the three hosts where comms between each node and each other node is encrypted. Turns out it could not possibly have been simpler.
This is well documented in the RedHat docs - RHEL 3, RHEL 4, RHEL 5 - but it's worth repeating because it really is clean and simple and elegant.
Being that these are point-to-point tunnels it makes a lot of sense to see the connections as new network cards and this is the approach redhat took, simply create /etc/sysconfig/network-scripts/ifcfg-ipsecX files where X is any number. This is a sample:
DST=x.x.x.x TYPE=IPSEC ONBOOT=yes IKE_METHOD=PSK
And do the same on your other host. Now create a pre-shared key in /etc/sysconfig/network-scripts/keys-ipsecX with file mode 600:
IKE_PSK=s3cret
This key has to be the same on both hosts, run ifup ipsecX and it should negotiate, check /var/log/messages for diagnostics.
It is that easy, you can use tcpdump to verify that all is working good.
Under the covers the redhat scripts still use racoon and all the standard stuff, it creates files in /etc/racoon and you can use tools such as setkey etc to diagnose problems.
This is a simple p2p VPN, the RedHat docs shows how to do it on your gateway device - it's as simple.
Handling UPDATE errors in MySQL triggers
I've been doing a whole lot of programming recently and even getting into doing some MySQL stored procedure and trigger programming. I got a copy of the excellent book MySQL Stored Procedure Programming and can recommend it to anyone keen to get information on the subject.
Usually when dealing with errors in stored procedures or triggers you define a handler for the MySQL error code and either continue - and presumably do something to handle the exception - or exit with an error. When doing an UPDATE with a WHERE clause that does not match any data though no error gets thrown, it just doesn't do anything.
So I tried to come across some samples of how to get the affected row count but came up short - there are very few online resources that I found about MySQL stored procedures in general. So here is a solution for a simple trigger that updates a table when new data arrives in another.
DELIMITER $$ CREATE TRIGGER trg_update_latest_on_email_stats AFTER INSERT ON email_stats FOR each row BEGIN DECLARE l_rows INT DEFAULT 0; UPDATE server_stats SET last_email_time = NEW.time WHERE server_name = NEW.server_name; /* how many rows did we affect? */ SELECT ROW_COUNT() INTO l_rows; /* If we didn't update any rows, then insert new data */ IF (l_rows = 0) THEN INSERT INTO server_stats (server_name, last_email_time) VALUES (NEW.server_name, NEW.time); END IF; END $$
That's it, pretty simple stuff.
Data comes in, the trigger fires but if there is no data there nothing happens, so it inserts some data and future updates will pass.
I could have used the REPLACE function for simpler code, but my solution should be faster which is key when using trigggers.
Links
- @ripienaar
- Flashpolicyd
- Flickr
- London DevOps Group
- MCollective Plugins
- R.I.Pienaar
- Ruby PDNS
- The Marionette Collective
- Wiki
Tweets
- Caffiene infused. 2am to bed day before delivering the last talk of the day is not recommended
- Once again discovering that something as simple as correct MX and NS records is a very effective CAPTCHA to weed out idiot hosting companies
- I love the E4 ipad ripoff ad http://srt.ly/epad
- RT @garnaat: The only accurate model of the system is the system itself. All other representations are a compromise. <- what he said
- Parallels announces support for Google Chrome Operating System http://bit.ly/aCXXCJ
- RT @brunns: RT @jaywgraves: This is pretty awesome. http://bit.ly/aJ12Gb
- Kelway are totally wicked hardware suppliers. Threw away a £100 cable by accident, they gave me a freebie replacement
- Police stop runaway Toyota Prius http://bit.ly/904jED
- Vagrant: EC2-Like Virtual Machine Building and Provisioning from Ruby http://bit.ly/cttcgQ
- RT @lochii: http://github.com/alandipert/ncsa-mosaic <-- mosaic now on github, yay!
Reading
Planned books:
- The Science of Fear: How the Culture of Fear Manipulates Your Brain by Daniel Gardner
- Relentless by Dean Koontz
- Mind Over Ship by David Marusek
- The New Space Opera by Gardner Dozois
- The New Space Opera 2 by Gardner Dozois, Jonathan Strahan
Current books:
-
Ariel: A Book of the Change by Steven R. Boyett
Recent books:
- Hacking Vim: A Cookbook to Get the Most Out of the Latest Vim Editor by Kim Schulz
- Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Design by Diomidis Spinellis , Georgios Gousios
Categories
Archives
Licence
