Wireless IP KVM mk II

Published April 28th, 2009 by oliver

If you have been following this blog for a while you might have seen my previous article on the portable, wireless IP kvm that we constructed a while back for datacentre use. This has proven to be an invaluable tool for remotely accessing machines instantly, in fact so invaluable that contention for its use frequently causes consternation. When I completed the last device, I made a list of how it could be improved in a future revision so when I decided we needed a new one, I thought I’d take care of some of the improvements I had planned.

To refresh your memory:

  • remove covers of internal components to reduce space requirements and improve cooling
  • align the wireless antennae in the middle of the case so cables from the wireless bridge are hidden
  • reuse PCB mount points to screw the boards into the kit box, or use some sort of glue
  • install a unified power supply for the wireless bridge and IPKVM

As you’ll see below, I have taken care of all of these concerns and more.

Wireless Bridge with bottom removed

Wireless Bridge with bottom removed

As soon as the wireless bridge and IPKVM hit my desk, the screwdrivers came out. I set about taking out the cases off the bridge and the IPKVM and seeing what the circuit boards were like.

Wireless bridge circuit board exposed

Wireless bridge circuit board exposed

As you can see, Linksys just use a miniPCI wireless card on the bridge and a couple of standard antenna cables. I wondered what might be under the copper shielding but I didn’t want to destroy anything too early on in the process so I had to suppress my curiosity.

IPKVM circuit board

IPKVM circuit board

The IPKVM circuit board is quite neat and tidy. A perfect candidate for removing the casing! At this point I inspected the boards to see what kind of power supply I’d need. The IPKVM takes 5v but the wireless bridge takes 12v. Jaycar had some nice small switched AC/DC power supplies which can output up to 25w at 12v. This is fine for the bridge but I’d need some sort of regulator for the IPKVM.

I started looking at voltage regulator components such as an LM7805, but most would only do up to 1A and the IPKVM is rated to 2A. It is of course possible to build a 2A regulator using two LM7805s and some supporting components but that would mean building a circuit board, finding a good circuit design and spending a reasonable amount on the components – LM7805s aren’t cheap! I decided to find an alternate solution.

5v UBEC

5v UBEC

Hobbyists frequently pack a lot of batteries in their remote control cars and planes and use tiny, lightweight voltage regulators to bring the voltage down from 14.4V to 5V which the motors require. These are easily found on Ebay for less than $10 and do the job perfectly, so I found one and pretty soon it was on my desk. Above you can see the size comparison with a standard coin.

IEC power cable

IEC power cable

After a trip to Jaycar, I had most of the remaining components, including an IEC power socket and 3-wire AC cable. With this connected to the power supply, we can easily connect the Wireless IPKVM straight to our APC power rails in the datacentre.

25W Power Supply

25W Power Supply

Here you can see the 12v 25W power supply. It is quite small due to it being a switch-mode design, and better yet has a cool little LED showing it is on. Sadly you can’t see this from outside the IPKVM.

Testing 12v

Testing 12v

It’s always good to cover all your bases when constructing like this, so I made sure to break out the old multimeter and check all the voltages. 12.2v unloaded voltage out of the PSU here is pretty good.

Cool LED

Cool LED

Note the awesome power LED on the PSU. The input/output terminals are the easy-to-use screw-down type. There also appears to be some sort of fine-tuning adjustable cap on the board which might change the output voltage but I wasn’t keen on making any changes.

Testing the UBEC

Testing the UBEC

Now it was time to test the output from the 5v regulator. Yes, right on 5.3v. I was pleasantly surprised by the glowing red LED supplied complimentary on the UBEC. The UBEC actually heats up a little bit despite being switch mode – supposedly it gets up to 92% efficiency which is great.

DC connectors

DC connectors

Voltage testing done, I prepared the 12v and 5v outputs with DC connectors suitable for the wireless bridge and IPKVM.

My neat testbench

My neat testbench

Here on my very neat testbench I have connected up the wireless bridge and IPKVM to the 12v and 5v outputs respectively. Lights are on! Everything seemed to be good at this point so I configured the bridge and IPKVM with final deployment settings, updated our documentation and started planning for building it all into a kit box.

Test fitout of the kit box

Test fitout of the kit box

Another trip to Jaycar later, I had my kit box. The form factor is a bit different to the mk I Wireless IPKVM – whereas the first incarnation was long, wide and flat, this one is a lot taller but narrower. Since we are stacking the boards and other components there will be less open space but hopefully the overall result will be neater and more compact. Above is the test placement of the PSU and IPKVM board. The IEC power connector nicely sits next to the PSU.

Fans!

Fans!

A bit of interest in the project generated around the office as it started to take shape. One coworker offered use of his dremel to cut the requisite holes in the box for connectors and another donated a couple of small 12v cooling fans to aid active cooling of the components rather than hoping passive cooling would do. This is probably a necessity, as the PSU and UBEC heat up a reasonable amount under load. I am assuming the IPKVM and Wireless bridge are no different.

Fan and power

Fan and power

I installed two fans both operating in the same direction so airflow would go through the box. It is completely sealed apart from these openings so having the fans both blowing or both sucking would be fairly disastrous. You can see that the IEC power socket sits nice and flush with the box wall. I’ve screwed it in, but also added copious amounts of hot glue :)

Starting the glue-in

Starting the glue-in

At this point I’ve got the power supply glued down, the fans in and the power connector secured. The IPKVM is glued down at the front and underneath, with a small section of cardboard to keep it leveled and some more at the back to brace it against the side of the box. This time around I crimped RJ45 connectors on a small length of Cat5 cut to measure so I didn’t have a huge amount of cable inside the box. Everything is ready for the wireless bridge!

Concealed antennae

Concealed antennae

As per my improvements list, I wanted to have the antennae concealed and this is just what I did. A bit of hot glue here and there and we have the antennae secured to the lid of the kit box, waiting for the mini-N connectors to be screwed in.

Wireless bridge installed

Wireless bridge installed

I was able to cut a few notches in the side posts of the kit box which allowed the wireless bridge to slot in nicely. I hadn’t even planned for this so it was a nice surprise. A bit more hot glue, and it is secure in place.

Blinkenlights

Blinkenlights

It would be a crime against humanity to not make use of blinkenlights wherever possible, so I drilled a few holes in the front of the box to allow the wireless bridge LEDs to poke through. Largely useless, since nobody will be watching it, but this is an important feature nonetheless.

Important warning

Important warning

Adorned with the official Blinkenlights warning, the Wireless IPKVM is now ready for use!

Finished product

Finished product

With cables

With cables

So there you have it. This project was definitely a success and there are already calls for me to rebuild the original Wireless IPKVM in a box like this one. I can’t think of any major improvements I’d like to make next time around, except perhaps for a transparent kit box with far more blinkenlights.

Tags: , , , , , ,
Posted in FTW

 Leave a comment

0
Comments

A Simple MySQL Relational Database

Published April 24th, 2009 by Phillip Pace

I’ve searched far a wide and all I wanted is a MySQL database schema that incorporated all the common relationships that tie into a relational database i.e one to one, one to many and many to many but haven’t had much luck.

So here you go a straight to the point post that will give you:

  • a fully functional MySQL databse schema along with inserted dummy data
  • a relational database with common relationships such as one to one, one to many and many to many
  • a list of example select queries to use to see how you can create table joins between tables

To download the database please click here

Diagram Of The Database
The following diagram will help give you a good visual of all the tables in the database and what relationships are in place:

dog-er diagram

Select Queries
So you have got all your information in different tables (relational database) and you need to perform table joins. Below are a list of the most common types of table joins using the different relationship types one-to-one, one-to-many and many-to-many:

One-To-One

SELECT dog.id, dog.name, rfid_dog.bar_code AS rfid
FROM dog,rfid_dog
WHERE dog.id = rfid_dog.dog_id
ORDER BY dog.name ASC;

One-To-Many

SELECT dog.id,dog.name,breed.name AS breed
FROM dog,breed
WHERE dog.breed_id = breed.id
ORDER BY dog.name ASC;

Many-To-Many

SELECT breeder.name,breeder.address,breeder.phone,breeder.email,breed.name AS breedName
FROM breed,breeder,breed__breeder
WHERE breed__breeder.breed_id = breed.id
AND breed__breeder.breeder_id = breeder.id
ORDER BY breeder.name ASC;

And just like that you now have your head around relational databases!

If you have come to this point and your still excited and want to learn more please see our wiki article which goes into more detail about relational databases plus talks about optimisation techniques to speed things up.

Tags: , ,
Posted in FTW

 Leave a comment

0
Comments

Large filesystem “support”

Published April 24th, 2009 by oliver

I’ve written recently on how to handle systems with very large storage subsystems. One would think that as we make our way through 2009 that the supporting tools for such large filesystems are at the top of their game, but as I’ve been playing with 24TB of storage I’ve realised that this is hardly the case:

  • The most commonly used bootloader for Linux systems, GRUB, doesn’t yet have capabilities to boot from GPT partitions (at least not in the stable release)
  • The most commonly used partitioner, fdisk, doesn’t support GPT-partitioned disks (and hence no disk larger than 2TB)
  • GNU parted, which does support GPT, insists on performing all partition resize operations itself (including resizing the contained filesystem). Since it doesn’t yet understand LVM, it can’t resize any partition that contains an LVM PV.

Today I ran into what appears to be a bug in the CentOS 5.3 installation partitioner, which left my 12TB RAID volume only partitioned to 8TB when I had supplied the –grow parameter in the Kickstart script. Since parted can’t resize LVM partitions, and there don’t appear to be any other tools out there at the moment for GPT partitioning on Linux, I’m left in a less than ideal position.

GNU parted can’t resize the partition because it can’t understand LVM. Fortunately I can just use it to create another partition with the remaining space and add it to the existing LVM volume group but this is really just a hack, and one that disturbs my obsessive-compulsive sysadmin nature. Were it not for the flexibility of LVM, we would be in a bit of a mess.

Sadly, it seems the large filesystem support that will soon become essential for everyone is largely lacking in adequate support.

Tags: , , , , , , ,
Posted in WTF

 Leave a comment

2
Comments

A delicate balancing act

Published April 24th, 2009 by oliver

In our day to day use of computers, we try to forget as much about the boring, inane things and concentrate on the cool, useful or interesting things (like lolcats). Unfortunately for us, there are quite a few things which are boring and inane, but are also very important.

One of these things is IRQ balancing. Without going into excessive detail, IRQs (interrupt requests) are a mechanism that computer devices use to get the attention of the CPU when they need to do something. It’s like a little call for help, saying they need to get something done. You might find that your network card sends an interrupt when it has received a packet of information, or your hard disk sends an interrupt letting you know that it has some data to send to another part of the computer. Each of these things takes a bit of time away from the CPUs important tasks (like crunching numbers) so it is a thing the CPU likes to do as little as possible – just like you don’t like being interrupted by coworkers when concentrating on that difficult Sudoku puzzle.

For those of us fortunate enough to have multi-processor computers, we have an added advantage – we can give responsibility for some IRQs to one processor, and the rest to the other processor(s). This “balancing” of IRQs will ensure that we get the most efficient handling of those interrupts done and save more processing time for real work. It is possible to balance these interrupts by hand, but there is a handy package called IRQBalance that will do it all for us, automatically.

Here is an example of a well balanced system, which does a lot of passing network traffic between its interfaces:

[root@linux ~]# cat /proc/interrupts
           CPU0       CPU1
  0:  217555173  176216279    IO-APIC-edge  timer
  1:          2          1    IO-APIC-edge  i8042
  4:        194          9    IO-APIC-edge  serial
  6:          2          1    IO-APIC-edge  floppy
  8:          1          0    IO-APIC-edge  rtc
  9:          0          1   IO-APIC-level  acpi
 12:          3          2    IO-APIC-edge  i8042
 15:         13         27    IO-APIC-edge  ide1
169:        350         26   IO-APIC-level  uhci_hcd:usb2, uhci_hcd:usb5
177:          0          0   IO-APIC-level  uhci_hcd:usb4
185:          0          2   IO-APIC-level  ehci_hcd:usb1
193:          0          0   IO-APIC-level  uhci_hcd:usb3
201:   18145851     130083   IO-APIC-level  aic79xx
209:          7          8   IO-APIC-level  aic79xx
217: 3543045844         70   IO-APIC-level  eth0
233:       9982 4165226804   IO-APIC-level  eth1
NMI:          0          0
LOC:  393789923  393790625
ERR:          0
MIS:          0

The most interesting parts of this listing are the lines referencing the network interfaces, eth0 and eth1. You can see from the cumulative IRQ count that the interrupts are evenly balanced between the two CPUs, thanks to IRQBalance.

So how does this interact with multi-core or hyperthreading CPUs? The most important thing to consider when balancing your IRQs is not the number of logical CPUs, but the number of cache domains available. The reasons behind this are quite techical but suffice it to say that you want to be balancing your IRQs over discrete cache domains.

This decision is automatically made for you by irqbalance, as you can see in this code snippet:

	/* On single core UP systems irqbalance obviously has no work to do */
	if (core_count<2)
		exit(EXIT_SUCCESS);
	/* On dual core/hyperthreading shared cache systems just do a one shot setup */
	if (cache_domain_count==1)
                one_shot_mode = 1;

Here, one_shot_mode means irqbalance will run once, balance the IRQs then exit and not continue to rebalance periodically. I ran into this problem when diagnosing a configuration management issue. We had some new Intel Core2Duo servers, and even though they had two cores per CPU, which for most purposes serves as a multi-processor environment, it was not enough for irqbalance. Configuration management would see the multi-core CPU and ensure the irqbalance service was running, but it would exit after the “one shot” run. Thus, on the next configuration management run, it would be started again, ad infinitum.

A similar situation arose recently, where I was performing some large data copies between machines over a network link. We were hitting disk and network limits as the storage subsystems were quite fast but I wanted to squeeze every drop of performance out of the machines. I realised I might be hitting IRQ saturation on one CPU if the RAID card and network interface were sending their interrupts to the same CPU. Indeed they were, and I rebalanced them by hand (check out /proc/irq/).

Lo and behold, the expected performance difference was not observed. I remembered my prior experience with the Core2Duo processors and irqbalance, which seemed to explain the result. It’s something that not many people think about, since it is quite a boring and inane subject, but nonetheless important to the efficient operation of the computer. Hopefully you’ve learned a little about it from reading this article!

Tags: , , , , ,
Posted in FTW

 Leave a comment

0
Comments

Why A “Dedicated” Support Technician Is A Bad Idea

Published April 23rd, 2009 by Davy Jones

An emerging trend nowadays is that a lot of businesses have trouble differentiating themselves from their competitors. At this point they usually need to innovate, so they have a “novel” product to sell, or change the way they do business to make themselves more appealing to customers (of course another option is to start slashing prices in an attempt to soak up some of the market, but this simply isn’t sustainable, making it a risky gamble).

Anchor is no exception to this – we firmly believe that our success is in no small part thanks to our quality of customer support and technical prowess. One suggestion that often arises when discussing how we can Do It Better is somehow building better relationships with our customers. The better we understand their goals, the more effectively we can help them.

A lot of other business turn this into a selling point, by offering you a dedicated account manager or point of contact. It’s easy to see why; it makes people feel special, and that makes them feel good – feel-good customers are happy customers. For the business, it’s fairly cheap to do, too. We do this a bit too, but in a less formal manner. A staff member with a lot of experience with one customer tends to pick up their support requests anyway, which works out nicely.

In a perfect world, all else being equal, having someone who knows all your history and systems inside out is much better than having different people work on your business each time you make contact. In the real world, however, it’s never that simple. We’re all for promoting stronger customer relationships, but it’s important to recognise that this can add weaknesses if not done carefully.


Things to think about

    drunkcat2

  • When your tech goes to the pub, what do you do?
  • When your tech leaves the company, what do you do?
  • Documentation is the key, someone who doesn’t need to document things regularly probably won’t
  • A lack of documentation means that anyone else who does have to work on your stuff is working completely blind
  • Having someone write notes about their clients when they’re leaving is too late, they’ll forget too much stuff
  • Pub/hit-by-a-bus problems don’t give the luxury of pre-departure documentation, anyway
  • If you’re running multiple technologies, perhaps different people will be the best to work on the different parts of your system anyway
  • Is your “dedicated support person” actually a tech, or just an account manager who acts as a gopher between you and the real technicians? If so, they’re just overhead, and could quite possibly make things harder by slowing down communication and not properly communicating things back and forth
  • Some companies will advertise “dedicated support tech” because they’ve only got one person in their support department!

For these reasons we do not believe in providing a “dedicated support person”. What we do offer, however, is access to a team of well trained and experienced system administrators who are all capable of assisting with all your hosting infrastructure. That said, we’ll do our best to get the most appropriate person onto your problem, whether that’s someone who knows your particular setup or someone who is an expert at the technology you’re using or even the particular problem that you’re having. To ensure there is continuity of information across the team we use a ticketing system to make sure that everyone readily has access to all historical information about an issue, and finally, we have a very healthy appreciation of the value in having comprehensive documentation about everything we do.

Tags: , , ,
Posted in FTW

 Leave a comment

0
Comments

A great Windows FTP & SFTP Client

Published April 22nd, 2009 by Paul De Audney

A question I get asked reasonably often is “Do you know any good free FTP programs?” Yes, I do. It is WinSCP.

Some of the cool features are:

  • It does what it is designed to do and does it excellently.
  • SFTP, SCP & FTP support (ditch FTP and use SFTP!)
  • I’ve never seen it crash.
  • Transfer resuming on broken and cancelled downloads.
  • Supports SSH keys, so you do not need to remember another password.
  • Scripting support; schedule your own remote backups or have sane website rollout procedures!

The WinSCP site describes it as “WinSCP is an open source SFTP client and FTP client for Windows. Its main function is the secure file transfer between a local and a remote computer. Beyond this, WinSCP offers basic file manager functionality. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol.”

You can download it from here and the obligatory screen shots can be found here.

All of Anchor’s shared hosting plans support SSH & SFTP connections. If you want to read more about how to use SSH, we have some wiki articles that we prepared earlier. These were targeted to cover dedicated & VPS servers however they are still relevant.

If you manage an important site, rollout scripts can really make your web site updates pain free. I encourage anyone not using rollout scripts to have a look at the scripting capabilities of WinSCP.

Tags: , , , ,
Posted in FTW

 Leave a comment

0
Comments

Australian Domain Name Transfer Policy Reminder

Published April 16th, 2009 by Paul De Audney

If you follow Australian business news you may have read in the technology news yesterday that auDA has terminated Bottle Domains (Australian Style Pty Ltd) registrar accreditation. This means if you have a domain registered with Bottle Domains or one of its resellers, you will not be able to renew your domain name with that company.

It is possible to transfer .au domain names to another registrar within your registration period free of charge. The remaining period of registration will be carried over to that different registrar. Once your domain name is within 90 days of expiring you will be able to renew your domain name.

If you would like to transfer your domain name to Anchor Systems, you can complete the free domain transfer process online at https://www.anchor.com.au/domain-name-registration/domain-transfer.py, you will need to know your domain name password to complete this process.

If you need to retrieve your domain password, you should ensure you have access to the email address listed on the whois information. You can check your domains records by using our whois tool located here.

If you are unsure on how to complete any of these steps or retrieve your domain name registry key/password please contact our support line on 1300 883 979.

Tags: ,
Posted in Newsletter

 Leave a comment

0
Comments

Pain-free server migration

Published April 9th, 2009 by oliver

Being the veteran of a datacentre migration and several whole server migrations I feel like I’m getting the process down to a reasonably fine art. I had to perform another migration last night from another datacentre to ours at Global Switch and the process went very smoothly so I thought I’d share some of the techniques I’ve built up over time so you might benefit if you’re in the same situation.

Preparation

This should go without saying. The more time you have to prepare for the migration, the better. You do not want to leave it until the last minute. My philosophy when approaching the migration is always to leave the least amount of work possible to do at the time of the actual migration. Clients will generally want to schedule any server downtime for late at night, when you are not going to be operating at your best (despite how many coffees or energy drinks you may have consumed). If you can log in to the machine, run a prepared script which takes of everything and have the migration completed for you, you will end up with a happy client and be happy yourself. You will be in the datacentre for less time and get to bed earlier, both of which are good things.

Make good use of scripting

Following on from my last point, I strongly encourage you to script as much as possible. The migration I just performed entailed moving a server from one datacentre and network provider to another which meant a change in address space. Thus, firewalls, IP address configuration files, Apache vhosts, ACLs and more had to change. Ahead of time I determined which files would need to be modified and created a script which took a backup of each of these files before overwriting them with corrected versions. Any failure would cause the script to stop and print the problem which could be easily diagnosed manually.

The more automation and failsafes you can build into your script, the better. Since you will be creating it with plenty of time up your sleeve and your brain operating at full capacity you can build up the script with your full arsenal of tricks. At 3am in a cold datacentre with noisy airconditioning you can hardly expect to have your full faculties with you, so make life easier for yourself by leaving as little actual work to do at this point.

Fully acquaint yourself with the server

You will only know what needs to be changed on the server if you are familiar with it. Of course, you should have plenty of good documentation already on it but if not, log in and get the lie of the land. Have a plan for how you will find out facts about the system – make use of grep and well structured regexes for finding out configuration details, slocate (if there is a locate database present) for finding critical files, and your usual toolkit of sysadmin techniques.

Document as you go

At Anchor, documentation is critically important. We have an internal wiki system in which we make detailed notes on every server and a great number of technical articles (a lot of which we have shared with you in our public wiki). Every migration plan is carefully documented from start to finish. In more complicated scenarios a full change proposal is created and officially ratified, but at the very least you should create a checklist:

  • people involved (and their contact details, if necessary)
  • time frame
  • a detailed list of items that need to be prepared or information that needs to be acquired before the migration takes place
  • actions that will be undertaken just before the migration starts
  • the list of actual migration steps, including details of what any scripts will be doing
  • post-migration actions which need to be done immediately after the migration – e.g. checking that all your monitoring is showing OK for all hosts and services
  • a list of “cleanup” items which can be completed after the migration, but not time critical, e.g. removing stale references to servers from your internal documentation

Have as many people check over your documentation as possible, preferably those who have knowledge of the systems so that they can find anything you have missed. The more eyes on your documentation, and heads thinking about it, the better the chances that you will have a plan that covers all aspects.

One of the most important things from my point of view with documentation is to forward a copy to the client, and keep them involved in the process. Not only does it give them confidence in your abilities to conduct the migration successfully, but it gives them an idea of the work that you have had to put in, gives transparency to the process and gives you another point of view on the migration – there may be other steps important to them which you may have missed for example lowering TTLs on domains that are solely client-controlled.

Keep the client “in the loop”

Following on from my previous point, as well as giving the client a copy of your migration documentation, it is important to let them know what is going on. Send them a courtesy email every day or two, a call or whatever your deem appropriate to let them know how you are going with preparations and any information you need from them.

On the day of the migration, double-check everything with them – times, contact details, the migration plan, and so on. Make sure they are still happy to go ahead and that they are happy with your plans. Give them a courtesy call or message when you are about to start the migration, when you are finishing, but most importantly whenever you have any unexpected problems. Nothing upsets clients more than having things go pear-shaped and not being informed about it. Even if you don’t know what the problem is, let them know that you are diligently working on it and will keep them up to date with developments.

Plan for when things go wrong

In a perfect world, you would prepare adequately and everything would go flawlessly (as it did for me last night, luckily). However every slightly obsessive-compulsive systems administrator knows that things can and will go wrong every now and then despite your best efforts.

Make an escape plan for every point where things can go wrong during the migration. Given you won’t have infinite time available, prepare most for the most likely failure scenarios. Make a rollback plan which will abort the migration, and decide how many failures will cause you to take this rollback plan on the night. Confirm this with the client.

Make sure that no change you make cannot be reverted (which most times will necessitate backups). There is nothing worse than discovering you have irrevocably destroyed data in the process of making a critical change.

Approach everything with an obsessive-compulsive attitude

The best plans will have considered everything and left no detail to chance. It can be tiresome to be painstakingly thorough in your plans, but ultimately it will pay off. At the same time though, you don’t have to do everything in one sitting – make notes in your migration plan on what you still need to do and follow it up later. Don’t foolishly believe you will remember everything on the migration day, or even an hour from now – WRITE IT DOWN!

Remember, even though the preparation may be slightly tiresome, you are just making life easier for yourself at migration time. Hopefully if you follow these general tips I’ve prepared, they will make your next migration a lot easier.

Tags: , , , , , ,
Posted in FTW

 Leave a comment

0
Comments

Standards? Who needs standards?

Published April 6th, 2009 by oliver

Anyone in the sysadmin or developer worlds will know many examples of flagrant violations of standards in the IT world. Some are perpetrated by our coworkers, but a surprisingly high amount are perpetrated by vendors. Not all of them are by Microsoft, either!

One big win for systems administration at Anchor is our use of APC Rack Power Distribution Units. These have been documented elsewhere in our blog and wiki but suffice it to say that having remote control over your power ports is a Very Good Thing. Situations where you have servers or other devices with multiple power supply units complicates things slightly, but not that much, especially with the aforementioned Rack PDUs in place.

APCs in particular allow you to configure what are called Multicast Groups. Essentially you tell a couple of the Rack PDUs to talk to each other and share information, and WHAMMO you can turn off and turn on a bunch of ports on separate Rack PDUs simultaneously! So rather than turning off the power to one PSU then rebooting the other, you can conduct a reboot of the power to both PDUs with a single command.

The confusion comes during the configuration of the Multicast Group option. Multicast is a very under-utilised feature of IPv4 (which has now partially been rectified in IPv6), in fact a large chunk of the IPv4 address space is allocated to multicast (and is technically called the Class D space). As with all other portions of IP address-space, this has been carefully portioned into sections and allocated to various purposes. You can see the full list here:

http://www.iana.org/assignments/multicast-addresses/

Being a good sysadmin I consider standards to be of paramount importance, so naturally I wanted to configure our Rack PDUs with multicast addresses suitable for the purpose. There are many existing references on the Internet for how to pick sane and standards-obeying addresses from the multicast range. However, when attempting to follow standards and good reason, I was confronted with this error message:

Multicast IP Address is out of range. Valid values are 224.0.0.3 - 224.0.0.254.

Uh, what? I was under the impression that the range 224.0.0.0/24 was already heavily allocated to entities and purposes other than APC Rack PDUs! So much for following the standard, APC.

Tags: , , , , , ,
Posted in WTF

 Leave a comment

0
Comments

Reduce Linux VPS/VM guest memory usage

Published April 6th, 2009 by Paul De Audney

Reducing the memory usage in your VPS/VM can be a great way to free up some resources to handle more requests, users or some other metric of win.

By default at Anchor we provision our Red Hat & Cent OS VPS servers with a trim memory usage profile by disabling a lot of unneeded services at install time. We do this by using Trogdor (our hardware/software burninator) and Puppet.

So just what services do we disable, if they exist on the new VPS?

  • gpm
  • netfs
  • pcmcia
  • sgi_fam
  • yum-updatesd
  • pcscd
  • rhnsd
  • xfs
  • hald
  • hcid or sdpd
  • hpiod or hpssd.py
  • dbus-daemon
  • cupsd

You can also reap performance gains by changing how you serve content. For example you can use a cut down high performance web server (nginx or lighttpd) to serve all static content, such as images. Then use an Apache process to handle your dynamic requests.

Tuning Apache is deserving of an article all to itself, however some hard and fast rules are:

  • Disable all unnecessary modules.
  • Work out the per process memory usage, and set your max clients to a suitable number taking into account the available memory and other system daemons.
  • Disable htaccess if you do not need it.

PHP is much the same as Apache, disable what you do not need. This goes for any service or application with many optional components.

Tags: , , ,
Posted in FTW

 Leave a comment

3
Comments
« Older Entries