Updating an AWS instance and wordpress multisite hostname

Just in case you haven’t heard about heartbleed or like comic strip explanation. Bruce Schneier has a good run down on how screwed we all are including this link to the logs of a possible exploit half a year ago.
So I figured I better update my server. First off, I’m using an AWS instance to host the web site. I’m both proud and embarrassed. The system has been up for 11 months.

$ uptime
 11:22:33 up 339 days,  9:34,  1 user,  load average: 0.14, 0.84, 0.84

Updating the software was fairly easy

sudo apt-get update {.sh}
sudo apt-get upgrade
sudo apt-get dist-upgrade

But it pretty much required a reboot to make sure everything was using the new libraries.
After that was done my wordpress installation was using the wrong hostname. Here are the tables I updated. The id, blog_id and table name wp_options are somewhat specific to my installation.

update wp_sitemeta set meta_value = 'https://peteware.com/' where meta_key = 'siteurl';
update wp_site set domain = 'peteware.com' where id = 1;
update wp_blogs set domain = 'peteware.com' where blog_id = 1;
update wp_options set option_value = 'http://peteware.com' where option_name = 'siteurl';
update wp_options set option_value = 'http://peteware.com' where option_name = 'home';

Setting the timezone

I’ve gotten pretty careful about keeping time in UTC and then converting it to localtime for the user to understand. For the first time, I actually had to find the localtime in a non-local timezone. It’s ugly. It seems you have to mess with the TZ environment variable. Here’s what I wrote:


And here’s a code fragment that uses it:

std::string oldzone = changeTimeZone("US/Pacific");
time_t  seconds = ::time(0);
struct tm   tm_time;
localtime_r (&seconds, tm_time);

Suse 11.1, NFS, exportfs

I tried to mount an NFS volume on my MacBook at home and it was failing. I hadn’t accesed my NFS in a month since I updated to OpenSuse 11.1 or changed some network parameters.
Checking the logs on the server (/var/log/messages) showed this error:

mount request from unknown host

but the IP address seemed good. I checked the exported filesystems:

$ sudo exportfs
/home           192.168.13.*

and everything looked fine. Checked the exports(5) man page:

$ man 5 exports

and realized the “*” is meaningless in that context. Changed /etc/exports to use the /24 address for my network:


and re-exported:

$ sudo exportfs -ra

Fixing libxml2, php, WordPress, and the missing angle brackets

Someone posted a temporary fix for WordPress that takes the raw xml and replaces the offending entities with characters. He found three places. The fix looks like:

//xmllib 2.7.0 -2.7.2 stripping leading angle brackets bug patch
if(LIBXML_DOTTED_VERSION == '2.7.0' ||
  $xml =str_replace("&lt;","<",$xml );
  $xml =str_replace("&gt;",">",$xml );
  $xml =str_replace("&amp;","&",$xml );
//end Fix
xml_parse($parser, $xml);

Fixing libxml2, php, WordPress, and the missing angle brackets

I was having problems with MarsEdit after updating to OpenSuse 11.1 because of a bug in php aggravated by a recent release of libxml2 (details here).
I was waiting for a real fix but lost my patience today. The advice was to “fall back to libxml2-2.6.32” so here’s what I did:

  1. Grabbed the RPM from the OpenSuse 11.0 cd. Or, if you trust me you can download it from here: libxml2-2.6.32-11.1.i586.rpm
  2. Install the RPM overriding any recent release which is what the “–force” flag does. Do the following as “root” from a terminal window:
    rpm -i --force libxml2-2.6.32-11.1.i586.rpm
  3. Now fix the symlinks in /usr/lib so everyone uses the new (but old) library:

    cd /usr/lib
    rm libxml2.so libxml2.so.2
    ln -s libxml2.so.2.6.32 libxml2.so
    ln -s libxml2.so.2.6.32 libxml2.so.2
  4. Actually, I didn’t do the above but instead replaced the actual 2.7.2 library:

    mv libxml2.so.2.7.2 libxml2.so.2.7.2.orig
    ln -s libxml2.so.2.6.32 libxml2.so.2.7.2
  5. Restart apache so that PHP uses the new libraries:

    /etc/init.d/apache2 restart

Installing OpenSuse 11.0

A little late to the party (11.1 is going to be available in 5 days on Dec 18, 2008) but I finally upgraded my server, including going to OpenSuse 11.0. Btw, installing from a DVD is way better than poping CDs in and out. Some notes along the way:

  • I had to enable DHCP explicitly
  • After enabling DHCP, I had to do /etc/init.d/network restart
  • Ran updates
  • Installed printer. Via timecapsule, Network print direct
  • Installed apache2, mod_python, etc
  • Installed mercurial
  • Installed gcc/g++ (4.3)
  • qt4-devel, qt4-devel-doc, PyQt qt
  • emacs, emacs-lisp, xemacs, xemacs-packages
  • texlive, texlive-latex
  • boost
  • doxygen
  • make
  • scons

Mac OS X (10.5), NFS, and Linux

I got around to getting my MacBook to mount an NFS filesystem from my Linux server. There’s a nice set of instructions on using the Directory Utility to do so. The problem stumping me was:

kernel: nfsd: request from insecure port (!

And the bit of magic that eluded me before was adding the “-P” option:
Directory Utility.png
Unfortunately, my uid on my MacBook is 500 and on my Linux server it is 1000.
There’s an option for more recent implementations of NFS that allow the
/etc/exports file to include a ‘map_static=”/etc/nfs_map”‘ option to specify a
uid mapping but it’s not available in OpenSuse.