linux

Updating an AWS instance and wordpress multisite hostname

Just in case you haven’t heard about heartbleed or like comic strip explanation. Bruce Schneier has a good run down on how screwed we all are including this link to the logs of a possible exploit half a year ago.
So I figured I better update my server. First off, I’m using an AWS instance to host the web site. I’m both proud and embarrassed. The system has been up for 11 months.

$ uptime
 11:22:33 up 339 days,  9:34,  1 user,  load average: 0.14, 0.84, 0.84

Updating the software was fairly easy

sudo apt-get update {.sh}
sudo apt-get upgrade
sudo apt-get dist-upgrade

But it pretty much required a reboot to make sure everything was using the new libraries.
After that was done my wordpress installation was using the wrong hostname. Here are the tables I updated. The id, blog_id and table name wp_options are somewhat specific to my installation.

	
	
	

Setting the timezone

I’ve gotten pretty careful about keeping time in UTC and then converting it to localtime for the user to understand. For the first time, I actually had to find the localtime in a non-local timezone. It’s ugly. It seems you have to mess with the TZ environment variable. Here’s what I wrote:

#include 
#include 
/**
 * This modifies the TZ environment variable and calls
 * tzset() to update the global timezone flags.  The
 * previous setting of TZ is returned.  An empty timezone
 * implies the system default value.
 *
 * Changing this affects all threads in this process.  See
 * zdump(1) to check timezone names.
 *
 * @param tzname Name of the new timezone ("US/Eastern").
 * @return The old value of TZ.
 */
std::string changeTimeZone (const std::string &tzname)
{
    char *tzptr = getenv ("TZ");
    std::string  tzold;
    if (tzptr)
        tzold = tzptr;
    if (tzname.empty())
        unsetenv ("TZ");
    else
        setenv ("TZ", tzname.c_str(), 1);
    tzset();
    return tzold;
}

And here’s a code fragment that uses it:

std::string oldzone = changeTimeZone("US/Pacific");
time_t  seconds = ::time(0);
struct tm   tm_time;
localtime_r (&seconds, tm_time);
changeTimeZone(oldzone);

Suse 11.1, NFS, exportfs

I tried to mount an NFS volume on my MacBook at home and it was failing. I hadn’t accesed my NFS in a month since I updated to OpenSuse 11.1 or changed some network parameters.
Checking the logs on the server (/var/log/messages) showed this error:

mount request from unknown host

but the IP address seemed good. I checked the exported filesystems:

$ sudo exportfs
/home           192.168.13.*

and everything looked fine. Checked the exports(5) man page:

$ man 5 exports

and realized the “*” is meaningless in that context. Changed /etc/exports to use the /24 address for my network:

/home   192.168.13.0/24(fsid=0,root_squash,sync,no_subtree_check)

and re-exported:

$ sudo exportfs -ra

Fixing libxml2, php, WordPress, and the missing angle brackets

Someone posted a temporary fix for WordPress that takes the raw xml and replaces the offending entities with characters. He found three places. The fix looks like:

//xmllib 2.7.0 -2.7.2 stripping leading angle brackets bug patch
if(LIBXML_DOTTED_VERSION == '2.7.0' ||
  LIBXML_DOTTED_VERSION == '2.7.1' ||
  LIBXML_DOTTED_VERSION == '2.7.2') {
  $xml =str_replace("&lt;","<",$xml );
  $xml =str_replace("&gt;",">",$xml );
  $xml =str_replace("&amp;","&",$xml );
}
//end Fix
xml_parse($parser, $xml);

Fixing libxml2, php, WordPress, and the missing angle brackets

I was having problems with MarsEdit after updating to OpenSuse 11.1 because of a bug in php aggravated by a recent release of libxml2 (details here).
I was waiting for a real fix but lost my patience today. The advice was to “fall back to libxml2-2.6.32” so here’s what I did:

  1. Grabbed the RPM from the OpenSuse 11.0 cd. Or, if you trust me you can download it from here: libxml2-2.6.32-11.1.i586.rpm
  2. Install the RPM overriding any recent release which is what the “–force” flag does. Do the following as “root” from a terminal window:
    rpm -i --force libxml2-2.6.32-11.1.i586.rpm
    
  3. Now fix the symlinks in /usr/lib so everyone uses the new (but old) library:

    cd /usr/lib
    rm libxml2.so libxml2.so.2
    ln -s libxml2.so.2.6.32 libxml2.so
    ln -s libxml2.so.2.6.32 libxml2.so.2
    
  4. Actually, I didn’t do the above but instead replaced the actual 2.7.2 library:

    mv libxml2.so.2.7.2 libxml2.so.2.7.2.orig
    ln -s libxml2.so.2.6.32 libxml2.so.2.7.2
    
  5. Restart apache so that PHP uses the new libraries:

    /etc/init.d/apache2 restart
    

More install changes

  • Commented out setenv and home in /etc/sudoers/
  • Hmm, I had to run xhost +; must have ssh misconfigured
  • Ran yast2 ntp-clinet and configured time syncing with random pool.ntp.org
  • Enabled apache2 in run time services

Installing OpenSuse 11.0

A little late to the party (11.1 is going to be available in 5 days on Dec 18, 2008) but I finally upgraded my server, including going to OpenSuse 11.0. Btw, installing from a DVD is way better than poping CDs in and out. Some notes along the way:

  • I had to enable DHCP explicitly
  • After enabling DHCP, I had to do /etc/init.d/network restart
  • Ran updates
  • Installed printer. Via timecapsule, Network print direct
  • Installed apache2, mod_python, etc
  • Installed mercurial
  • Installed gcc/g++ (4.3)
  • qt4-devel, qt4-devel-doc, PyQt qt
  • emacs, emacs-lisp, xemacs, xemacs-packages
  • texlive, texlive-latex
  • boost
  • doxygen
  • make
  • scons

Mac OS X (10.5), NFS, and Linux

I got around to getting my MacBook to mount an NFS filesystem from my Linux server. There’s a nice set of instructions on using the Directory Utility to do so. The problem stumping me was:

kernel: nfsd: request from insecure port (10.0.1.197:57367)!

And the bit of magic that eluded me before was adding the “-P” option:
Directory Utility.png
Unfortunately, my uid on my MacBook is 500 and on my Linux server it is 1000.
There’s an option for more recent implementations of NFS that allow the
/etc/exports file to include a ‘map_static=”/etc/nfs_map”‘ option to specify a
uid mapping but it’s not available in OpenSuse.