RedHat Performance Tuning
Stig Sandbeck Mathisen

Performance tuning is done to increase system performance, reduce power usage or to ease the application impact on the rest of the system. If done prematurely, or without any measurements, performance tuning may, of course, have the opposite effect.

But done systematically, performance tuning can be more of a science than an art form.

The method

Start by figuring out what the “normal” situation is.

Look for potential performance issues, and adjust tuning parameters to fix them. Look for ... [continue reading]

Logging elapse time in Apache and Nginx
Tobias Brox

Logging the elapse time in the web server access log can be very useful for statistics and problem solving. I usually throw it in at the end of the log line (that’s generally compatible with existing log-analysis tools like awstats), and on a keyword=value format so that it’s easy to grep out. There is a small performance cost, though.

The elapse time includes everything - when filtering out log lines with high elapse-time you may typically find mobile clients downloadi ... [continue reading]

Quick Remote File Access
Tobias Brox

Sometimes it is be nice to mount a path from a remote file system as if it was local. Setting up NFS or Samba may be a lot of hassle, and may require root access on one or both of the boxes. Enter FUSE and SSHFS.

FUSE makes it possible to implement a file-system in a user-space program. Lots of such programs exists, making it possible to access web sites, blogs, your android, google drive, your google mail and lots ... [continue reading]

SSH autocompletion, jump host automation and other tips
The Sysadvent Team

OpenSSH is a flexible tool for not only logging into other servers, but to also help tunnel other network traffic. The following article is a grab-bag of useful SSH tips.

SSH per-user configuration file

Using the per-user configuration file, ~/.ssh/config you can make your life a bit easier. One common scenario is that a SSH server you commonly use is listening on a non-standard port. To save you from the strain of typing out -p ... [continue reading]

Recording and replaying console sessions
Tore Anderson

Ever wanted to record a log of an interactive console session? Easy, just use the script utility. It’s probably already present on your system, no installation required.

To start recording, run script --timing=script.tim script.log. This spawns a new shell, recording stops when you exit from it.

To replay the log, run scriptreplay script.tim script.log. It is also possible to speed up or slow down the playback speed. For example, in order to play back ... [continue reading]

Oh, Molly!
Kjetil Homme

I’m sure we all have had “that feeling once”. You patch your desktop or laptop, then type in reboot in a shell in order to boot your computer. And that crucial server you were working on starts shutting down.

But fear not - a solution exists for this and similar problems.

History

Molly-guard was (according to Internet) originally a improvised plexiglass cover shielding the kill switch on an IBM 4341. It was named after a programmers daughter - Molly ... [continue reading]

Stateless OSD servers
Trygve Vea

When building a Ceph-cluster, it was important for us to plan ahead. Not only does one usually start out with a minimum of ~5 servers, but one should also expect some growth in the cluster. Running the cluster also means patching the operating system and Ceph itself, and with Ceph being a crucial infrastructure component it’s also desirable to have a proper rollback procedure.

Using CI to maintain image

We’ve grown really fond of ram-disk nodes. Using a Jenkins ... [continue reading]

A brief history of the referer header
Anna Kennedy

The poor referer header. Misspelled and misused since its inception.

Its typical use is thus: if I click on a link on a website, the referer header tells the landing page which source page I came from.

Source URL = www.mysite.com/page1 -> Target URL = www.example.com referer = "www.mysite.com/page1"

It’s heavily used in marketing to analyse where visitors to a website came from, and also very useful for gathering data and statistics about reading habits ... [continue reading]

Job control
Kristian Lyngstøl

How often do you do this:

  • open service_foo.conf,
  • edit,
  • save and close service_foo.conf,
  • restart the service foo,
  • get a syntax error,
  • reopen service_foo.conf,
  • navigate to the same position you were at,
  • edit,
  • save,
  • try restart,
  • etc.

It’s pretty common.

Or:

$ long_running_command # Darn, should've started it in the background instead! CTRL-C $ long_running_command &

All of these situations can be dealt ... [continue reading]

Thwarting and detecting malware with RPZ and OSSEC
Bjørn Ruberg

In a recent sysadvent article I described how to configure BIND with a Response Policy Zone. Using an RPZ can efficiently thwart outbound network traffic based on one’s own preferences, and it can be extended to import and/or subscribe to externally provided DNS zones.

Configuring BIND

My local BIND server has been configured with two RPZs. One is maintained manually, mostly for reaching internal resources behind a NAT firewall by their official DNS names. The other one ... [continue reading]