Back Online!

I got fed up with my shitty web host and their downtime – apparently they fucked up the OpenVZ kernel when running “yum update” on their CentOS server, then had RAID controller issues, then their ISP null-routed them after they got blacklisted by Spamhaus, then they fucked up the config of their new host node, blah, blah, lots of excuses (including flooding in Australia depsite the servers being in Amsterdam/Munich/Kansas, and poor outsourcing).

Anyway, I’ve moved to a UK company now and Email and websites are back online.

Luckily I had backups from a couple of days ago when the old server was briefly online, so I setup a new server and rsync’ed to it, then from that I rsync’ed to a 2nd server, and rsync’ed the differences from home. That meant server1 was online overnight and server2 was online a few hours later.

Funnily enough I’ve got a better resource/price deal than with the old hosts!

JunOS config checking

Today I’ve been automating Juniper router configuration assessment. Basically issuing a “show configuration” from the CLI and then using a Nessus .nasl script to parse the results.

The main problem is that JunOS uses multiline config statements, so to check if HTTP is enabled, you end up having to go through this lot:

system {
    services {
        web-management {
            http {
                interface em0.0;
            }
        }
    }
}

So you have to use a combination of functions – ereg() which can look for a multiline regex and return true/false, egrep() which can return a single matching line from a multiline string and eregmatch() which returns just the matching portion of that single line!

I’m thinking of checking for a true return of ereg() and then looping through the whole string to return the matching bit, seems a bit naff, but may be better than three function calls….

I’m not sure if I’m going to stick with my new VPS host, they don’t seem to know their way around OpenVZ, Hell I’ve been playing with it for a few days and seem to be able to run rings around them. The support does seem to have been outsourced to Pakistan by the looks of the IP addresses showing up in the control panel logs.

Every time they reboot the host node or my VPS for whatever reason (without telling me!) they seem to lose the NTP permissions, or bugger up the iptables state/conntrack modules etc. As I’ve not migrated to them yet and I’ve got a month or so before I have to pay them again and my existing host shouldn’t go away that quickly, I might sign up for some other hosts in the meantime.

New server migration

I’ve got one of my new VPS’s setup today. Just got to wait for reverse DNS to propagate and get iptables sorted and NTP enabled:

vzctl set  --capability sys_time:on --save
vzctl set  --iptables ipt_state --save 

I’m not going to switch over until I get the German servers up and running though, as the network speed of the American server isn’t so great (a few more hops I guess).

My old host said it was a 64-Bit server but turns out it was running i686 kernel, so the container was 32-Bit no matter what the host node was. This I found out after I tried to rsync my old server to my new 64-Bit one, which promptly stopped working. Luckily the control panel allows you to very quickly rebuild the server using the base install, so I switched to a minimal 32-Bit Ubuntu 8.04 template and rsync’ed again, and now its all running fine.

Dad came over and put the CAT6 to my Mac in conduit today, looks much better than blue cable running along the ceiling! Still got to paint over an exposed section. We also got the satellite cable routed into the Snooker room, so have Sky TV in there now too, as well as one of the Xbox’s.

My cousins/uncle etc. are over so going over there on Monday, sometime this weekend we’re going to be laying the cement path around M&D’s extension.

I just watched Drag Me To Hell, which was an OK horror flick with a predictable ending and some totally irrelevant side-stories. Much better than Dance Flick which was one of the *-Movie franchise films, a spoof of Save The Last Dance, High School Musical etc; not great. Bruno was absolute rubbish.

I’ve got terrible ear-ache and seem to be sleeping a lot lately, so suspect I’m coming down with something….

Moving server again?

I’m thinking of moving my virtual server to another provider as my current host has quietly sold his business!

Looking around I’ve found a provider that can give me two German servers and a free American one for about 12ukp a month, so I could split off email/spam/webmail onto one server (and re-enable the memory/CPU-hungry ClamAV) and web/database onto another, with the US one for redundancy.

I’ve been playing around with OpenVZ again, and have cloned my existing VPS clone twice, and fiddled with the services, so I effectively have the three server model above running on my local machine inside a VM.

I’ve found that you can do rsync “in reverse” i.e. you can sync to a remote server from your local machine, all without port-forwarding or running a local SSH daemon. So with the local current directory containing just the stuff I want to sync (/bin, /etc, /home, /lib, /root, /sbin, /usr, /var) we issue the following command, which also uses sudo instead of root-SSH:

sudo rsync -azp -e "ssh -i /home/user/.ssh/id_rsa" --progress --delete --numeric-ids --rsync-path="sudo rsync" ls user@www.example.com:/

So I can rsync my existing server to my local machine, and then push that back out to the three new servers. Sometimes I love UNIX – imagine trying to clone a running Windows machine onto three other running Windows machines; with Linux its just one command!

I’ve also found that my new cat Pico is the village whore, I caught her cavorting with the dog across the road today, just laying there in the garden! She doesn’t want to stay in my house or garden now she’s discovered the big wide world.

M&D came over and we watched The Damned United, which was a pretty good tale of Brian Clough’s time as manager of Derby County/Leeds United football clubs.

OpenVZ

I’ve been playing with OpenVZ, which is an opensource fork of what is now Parallels Virtuozzo, essentially its a container system similar to FreeBSD jails, or Solaris zones.

I have managed to install it inside of VirtualBox running CentOS 5.3 64-bit, using these instructions from the CentOS Wiki, which basically boils down to: disable SELinux, enable IP forwarding, stop yum overwriting the OpenVZ kernel with the CentOS one, then, as root (on the host node):

cd /etc/yum.repos.d/
wget http://download.openvz.org/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
yum install ovzkernel.x86_64 vzctl vzquota

Then I installed the pre-created Ubuntu 8.04 64-Bit template, allocating 512Mb guaranteed/1024Mb burstable RAM, OpenDNS servers, 50Gb disk space; on the host node as root again:

cd /vz/template/cache
wget http://download.openvz.org/template/precreated/ubuntu-8.04-x86_64.tar.gz
vzctl create 101 --ostemplate ubuntu-8.04-x86_64 --conf vps.basic --ipadd 192.168.0.129 --hostname vps.synapticconsulting.com 
vzctl set 101 --save --name vps --nameserver "208.67.222.222 208.67.220.220" --diskspace 50G:50G --capability sys_time:on --vmguarpages 262144:9223372036854775807 --privvmpages 262144:9223372036854775807 --kmemsize 536870912:536870912
vzctl start 101

Then I rsync’ed this server inside of it! Everything seems to work – web, database, email, firewall etc. I also updated the rsync scripts as I forgot to add the “–numeric-ids” flag and the -p (keep permissions) flag, which meant restoring from it was setting the wrong permissions on files, i.e. the MySQL files were owned by the sudo user, as it was taking the permissions from my desktop machine!

So I’ve now got Fedora running VirtualBox, inside which is CentOS running OpenVZ, inside which is Ubuntu!

Next I’m going to try to rsync the live VPS with the local one (i.e. without access to the host node, with both VPS’s running) which I could then clone – basically tar up the /vz/private/101/ directory and /etc/vz/conf/101.conf file and migrate to another host node.

Update: I’ve got rsync working between the local and remote VPS’s, so could easily migrate to another VPS provider, or even have some sort of failover/load-balancing system – using rsync from cron and round-robin DNS for example.