Awesome but often unknown Linux commands and tools

Published August 10th, 2011 by Keiran Holloway

I’ve been working in this industry for a while now and naturally spend a lot of time using Linux on a daily basis. This gives lots of exposure to various Linux commands and tools. That said, I am sometimes surprised when I see, often very experienced system administrators, using somewhat convoluted commands to do something relatively simple using a different tool.

This is my opportunity to share some of these experiences:

1. pgrep and pkill – The first command ‘pgrep’ will return the process id based on a name or other attributes. pkill will signal a process with a matching name or attribute. Want to kill all processes being run by a given user? Issue a pkill -U USERNAME; sure beats the hell out of:

ps -U USERNAME|awk {'print $1'}|xargs kill

2. htop – Much like your regular ‘top’ command, on steriods. Gives an interactive view on your machine right now, but with an ascii visual representation of your CPU, memory and swap utilisation. Often not installed by default, but is packaged under both Red Hat Enterprise Linux and Debian and can be trivially installed on most dedicated and virtual private servers.

3. mytop – Similar to top, but designed specifically for MySQL. Gives you an interactive display of what is happening with your MySQL database, in real time. Information such as what queries are being run, amount of data which is being flowing in and out of the database, number of queries being run per second and number of slow queries. This application is once again packaged with most large common Linux distributions.

4. lsof – This cool little command comes with most Linux Distros as default and allows you to display any files which are currently opened on the system. Especially handy for finding files which have been deleted (and not appearing in the file system) but still resident due to being held open by a current running process.

5. iptraf – Want to know where all your network traffic is going to and coming from? iptraf is a really cool tool which can be used to track this information and let you know what is happening on your server.

I hope this information helps. Got some which I’ve missed? Please leave a comment and make this article more useful!

Anchor is a world-wide leader in providing comprehensive support on dedicated servers and virtual private servers both in Australia and around the world. Speak with our team of system administrators to find out how we can help you: support@anchor.com.au or just read about how we built Github

Tags: , , , , , ,
Posted in FTW

 Leave a comment

5
Comments

Geographically Redundant DNS is now available

Published July 20th, 2011 by Keiran Holloway

Up until recently we’ve done all DNS hosting locally in Australia on our multi-homed network.

Historically, this has been more than satisfactory for the vast majority of our clients. When the DNS is, for the most part, only pointing to other hosts on your own network then there isn’t a huge amount of gain from having DNS servers on the other side of the world pointing all the records back to the Australian hosts on the Anchor network.

In recent times this has changed somewhat with us getting involved in the remote management of hosting services around the world. With that in mind, announcing our US-based authoritative nameserver:

ns3.anchor.net.au

This host is being provided in addition to our existing name servers (ns1.anchor.net.au & ns2.anchor.net.au) and is available for all clients at no additional cost. We would encourage that all clients who have services hosted on networks remote from our primary point of presence in Sydney add this to their DNS configuration immediately.

Any questions? Please do not hesitate to get in contact with our support team via support@anchor.com.au or 1300 883 979.

Tags: ,
Posted in FTW, Newsletter

 Leave a comment

0
Comments

Implementing proper trust relationships in backup systems

Published June 21st, 2011 by Keiran Holloway

As many people may have read today, a certain web hosting company which operates in Australia suffered an attack which resulted in significant amounts of data loss. Not only was their live production data lost, but all backups were also unrecoverably lost in the process.

Whilst significant technical details have yet to be released as to the nature of these attacks, now is an opportunity as good as ever to explain how the trust relationships exist between the backup server and the system being backed up across our entire server infrastructure.

Our backup servers are separated with there being a minimal trust relationship between the backup server and the system being backed up:

  • All backups happen on an independent network which is inaccessible from the Internet.
  • The backup server can only read data from the machine being backed up (and not alter it).
  • The machine being backed up can only send new data and not alter the data that is already backed up.

Using this methodology should protect any attacks from the public, customer facing servers from damaging the independently stored backups.

Tags: , ,
Posted in FTW

 Leave a comment

0
Comments

Why web developers don’t make good system administrators

Published October 15th, 2010 by Keiran Holloway

Straight off the bat I would make something clear:  I have a lot of respect for software and web developers.  Being able to write clean, intelligent and efficient code is certainly one of the more difficult aspects within this industry. With this in mind, I think that anyone who is able to write a consistently high level of code based on often sketchy requirements and delivering this within the usual time pressures of business should be awarded some kind of medal.

That said, I can say with some confidence that we have the pleasure of working with some of the very best software and web developers both locally here in Australia as well as abroad.

Further to this, I can also add quite unreservedly that software developers really don’t make good system administrators.. And can you really blame them?

Allow me to elaborate a little bit here; As you may have already guessed from the above few paragraphs, software development is tough.  Being a good software developer is even tougher. Under the pretty exterior of most websites there an awful lot of work that goes into making the sites work.  Pulling this together requires a fair amount of consideration through-out all aspects of the software development process, from getting requirements and designing the application through to writing the code, testing, debugging and forever trying to squash that final elusive bug.  It takes someone with a fairly specific skill-set to be able to do all this and to do it well.

Something that I’ve noticed however, is software developers are sometimes expected to take on the role of server management and look after the on-going running and maintenance of the machine.  Whilst I can appreciate there’s a similarity between what a software developer and a system administrator does, “hey, they both do ‘computer stuff’”, the tasks which are completed by each roles are worlds apart.  A software developer really only cares about getting his or her application working within a specific environment the quickest way possible.  This can sometimes mean that there are some rather drastic changes to the machine configuration with little consideration to the potentially negative implications. This is pretty understandable,  as far as they’re concerned, once they get the environment working with their application then they can just continue hacking away on their code.  Given they are probably under other tight deadlines or would just simply be preferring to get on with what they’re actually being paid to do without much consideration for the longevity and maintainability of the operating system environment.

This is something we see a lot of; from developers downloading source tarballs then compiling and installing software system-wide to running bleeding edge versions of software which just aren’t suited to being in production.

To give an example of an incident recently which has prompted this post, we had a client call up complaining that they couldn’t get their postgresql database to start. Whilst this was not on our fully managed service, we are always willing to help out or clients on a professional consulting basis.  Upon logging in we attempted to start postgresql and witnessed it failing without too many clues as to what’s doing on. Further investigation revealed the following in the postgresql startup logs:

FATAL:  database files are incompatible with server
DETAIL:  The database cluster was initialized with CATALOG_VERSION_NO 200812281, but the server was compiled with CATALOG_VERSION_NO 200904091.

Further digging revealed that postgresql had recently been updated.. 14 hours ago to be precise. Subsequent to this the database engine had been stopped and then failed to start again. The client in question actually uses this machine as a mail exchange for his clients and uses a postgresql back-end to manage the mail tables.  This means that for the duration of the outage, no email was working for any of the clients on the machine.  Yes, for 14 hours.  Ouch.

Once we had found the problem, all we needed to do was roll back to the previous version start up postgres and everything would be hunky-dory, right? Well.. Easier said than done.

In this case, the software developer had installed what appears to be a development version of postgresql which was (as the error message alludes to) released in January 2008.  That’s ok, we should just be able to reinstall the previous version from the RPM on the machine, right?  Wrong. Didn’t exist.

At this point in time we started to do a quick google and checking the postgresql website to see if they perhaps, just maybe, had a copy of this daily development release somewhere on the website.  No joy there…

I know! We take backups for any clients who chose to use our managed backup solution, and this client has opted for this service!  As part of our managed backups we roll-out an automated process to take a dump of all the databases and store locally on the disk!  Given this happens at midnight each night and the database stopped running at 8pm we’ll just be able to restore from the database dumps right?  Wrong.  We didn’t install postgresql and there is no process in place to do this.

So at this point in time, the dataset was still there but effectively useless and mail services were still down.  Fortunately, we were able to save the day by restoring all the binary files from this specific version of postgresql from backups and thus restore services for the client.  Whilst the motivation behind using this specific version is unknown, the software developer has since moved on and there is zero documentation.  This situation really shouldn’t have happened in the first place. This type of problem is actually something that we see more often then you would imagine.  We often have developers requesting specific versions of software to use in a production environment.  Obviously, we would strongly, strongly discourage the use of development versions within production (they’re called DEVELOPMENT versions for a reason, they simply haven’t been around long enough to be considered stable, reliable software). However, from time to time a specific feature or bug fixes within a specific development version which dictates we must install such a version.  This is something we can certainly get working…  And, most importantly, keep the machine in a maintainable state! This means having supporting documentation as to the decisions made as well as making sure that routine maintenance tasks will not break the existing, carefully crafted configuration.

I also have another fond memory of a web developer who was having some niggling problems with tomcat and permissions and figured that the best way to solve the problem was using:

chown tomcat / -R

So, it got the web application working, but broke virtually every other service on the machine. Can anyone say hosed file system permissions?

…Or how about the Windows machine which has 4, yes, 4 separate instances of MSSQL installed on it..  I digress.

Without wanting to turn this into a big marketing spiel, it is important to keep in mind that like software development, system administration can be a tough game too.   Obviously in the above examples using hind-sight we can easily identify the problems in what was done previously on the machines.  That said, at Anchor we are a team of system administrators who have been running complex systems for a long time now and have the experience to make sure that all the appropriate precautions are taken to make sure we don’t end up in these situations above.

Further to this we have numerous systems in place to pro-actively check services including database servers, 24/7. In the event of failure both audible and visual alerts are generated with notifications outside of hours being sent via SMS message service. Even in the event that this happened on a fully managed machine it would never have resulted in 14 hours down time.  All said, I am not just trying to blow our own horn about how fantastically brilliant we are (ok, maybe, just a little), but what I am trying to get across is system administration is something that really requires an all or nothing attitude towards. If your website or associated hosting infrastructure is critical to your business’ success then making sure the commitment to system management is commensurateable is absolutely imperative to success. Either through outsourcing via our fully managed support pack or by hiring a dedicated system administrator.  There really is no place for laissez-faire and utilising a software developer part-time for this role is only likely to cost more in the longer term.

Tags: , , , ,
Posted in Newsletter, WTF

 Leave a comment

2
Comments

Anchor presenting at OSSPAC 2010: “Flying Blind in the Cloud”

Published September 9th, 2010 by Keiran Holloway

Jonathan case, our resident COO here at Anchor will be presenting a talk at the upcoming OSSPAC conference in Sydney next Monday.

As a special offer, I am happy to have on offer two free full day conference passes (valued at $595.00).

What do you need to do to claim these? Be one of the first two people to email sales@anchor.com.au and they’re yours!

In addition to this Anchor also will have a booth at the expo for both Monday and Tuesday, so why not come down and say “Hi!”

Without further ado, a brief synopsis of the presentation:

Cloud computing is such a big and growing topic now; especially if measured by the number of conferences and presentations on this subject! It is being offered as a promise of almost unlimited capacity growth, easy management and low cost.

But what does cloud computing really mean? What does it offer? Is it the ideal solution for all clients? Anchor Systems is a successful hosting company with a business growing from our thousands of customers whose needs are not being met by cloud computing’s promise. What are the issues and challenges with cloud computing, and what do alternative solutions offer? Come along and find out.

Tags: , , , ,
Posted in FTW, Newsletter

 Leave a comment

1
Comment

Github / Anchor Drinkup, Monday 18th Jan 2010

Published January 17th, 2010 by Keiran Holloway

In Brief: Come down to the James Squire Brew house (King Street Wharf, Sydney) for a chance to have a few drinks with guys (and gals) from your friendly hosting company. In addition to this, we’re lucky to have special guests Tom and Scott of Github fame dropping in and you’ll have the opportunity to have some beers, tell stories of 14′ kangaroos, and discuss all things Github.

Anchor will be putting on drinks from 6pm.

Details:
6pm, Monday, Jan 18th
James Squire Brewhouse
22 Promenade King St Wharf, Sydney

Tags: , , ,
Posted in FTW, Newsletter

 Leave a comment

0
Comments

Windows 2008 Hosting Now Available!

Published February 3rd, 2009 by Keiran Holloway

If you’re familiar with the hosting services provided here at Anchor you’re probably aware that we’re big fans of Linux and open source software in general.   That said, it may come as a bit of a shock for you to realise that we’ve actually been doing Windows hosting for quite a number of years now.

It all started with a couple of isolated dedicated servers running Windows back in 2004…Since then we’ve deployed a shared Windows hosting server which is now running hundreds of websites and taken on multi-server Windows hosting environments.

One thing that has been interesting to note whilst making this transition; sure a lot of us here would prefer to be working with Linux systems, but, at the end of the day, the principles behind running robust, reliability and scalable hosting remains quite identical. Whatever the platform.

To re-enforce our commitment to providing a high quality Windows hosting infrastructure we spent the latter part of 2008 hiring staff with a specific skill set surrounding this environment. In addition to this we’ve spent some time looking at the new version of Windows and have published an article in our wiki discussing Windows Server 2008 for Web Hosting

Windows 2008 hosting is now available across all our dedicated server range as well as on all our virtual private servers .

Tags: , , , , ,
Posted in Newsletter

 Leave a comment

0
Comments

….So you think you have a spam problem?

Published January 20th, 2009 by Keiran Holloway

Earlier today we started seeing multiple monitoring alerts from our network monitoring station suggesting that two mail servers which we manage were under considerable amounts of system load.

This became so bad that email began to be delayed and in some occasions clients attempting to connect via pop and imap were timing out… meaning that mail was unable to be retrieved … This is strange behavior and something that is really only going to occur when the system is under considerable amounts of load.

Subsequently, after completing an amount of investigation it appeared that the vast majority of the mail was destined for one specific domain, and addressed to some really suspect emails addresses which were never likely to exist such as: 559611098.73168680243309@domainname.com – It seemed as though that email was coming in such a fast rate that it not only caused the primary mail server to become saturated with inbound connections that it was starting to also saturate the secondary mail exchange; becoming effectively a denial of service attack aimed specifically at one of our customers. The connections appeared to be originating from a number of large network blocks based primarily throughout Russia and the Ukraine.  Once this was  identified, we added some clever rules to our network to block this traffic and all services were restored as per usual.

Once this issues was resolved a post-mortem was carried out and some staggering numbers were discovered.  During an hour period of this attack we saw somewhere in the vicinity of 96,000 messages destined for this one domain which were addressed for non-existent email addresses.

Doing the maths that runs out at 1600 message per minute or 26 SPAM messages PER SECOND!

On this basis, the next time I hear someone say “I have a spam problem!!!” after receiving 3 or 4 unwanted mesage I am probably going to have a chuckle to myself and think, you’ve got nothing! :)

Tags: , , ,
Posted in FTW

 Leave a comment

0
Comments
Newer Entries »