• Home
• Blog
• About
• Gallery
• Map
• Resume

Installing APC on CentOS

Casey needed me to install APC cache for the Scriblio project. It’s a PECL module, and pecl install apc gives an error. Here are some great instructions for getting it all to work.

PHP and Sed for String Substitution

I needed to replace a string in several thousand files scattered all over the filesystem on one of our servers. I used find to create a list of files that needed to be changed, along with their complete path and called it "list.txt". It looked something like this:


/path/to/file/one/fileone.html
/path/to/file/two/filetwo.php
/path/to/file/three/filethree.htm
/path/to/directory with spaces/filefour.txt
and so on...


I worked out the "sed" command to do the in place editing, and Zach helped me whip up a quick PHP script to read the contents of "list.txt" into an array and iterate through it. He was also nice enough to show me how to use "str_replace" to escape any annoying spaces that happened to find their way into the names of directories.

It's a handy little script that I'm sure I will find a use for later, so I thought I would put it up here.

Managing WordPress and Gallery2 With Subversion

Keeping WordPress up to date using the standard method of deleting old files, extracting the new ones and then running the database upgrade script is a bit cumbersome, but really not that difficult. Gallery2 uses more or less the same methodology, but it does not require you to delete your files prior to the upgrade because it generates a script to remove deprecated files after the install is complete. This is very kind of them, but the Gallery package is large, and upgrades can get a bit unwieldy. While there are certainly more difficult software packages to maintain, there are things I would much rather be doing than software updates, so I decided to make my life easier by using subversion to manage both applications.

Subversion is a code revision management tool that is everything CVS should have been. It is not only amazingly useful for software developers, but it can be readily used by end users as a convenient method of keeping their software up to date. It is for this reason that the Automattic and and Gallery folks have started recommending it for those who have command line access to subversion enabled servers.

There is no way to force the software to make an existing install into a subversion checkout, so to convert my site, I pretty much just followed the instructions at wordpress.org site.

Create a directory for the new install and "cd" into it:
$ mkdir wordpress-svn

Checkout the current WordPress version:
$ svn co http://svn.automattic.com/wordpress/tags/2.3.1 .

Copy the things I cared about into from the old directory into the new one:
$ cp ../wordpress/wp-config.php .
And the same for:
favicon.ico
.htaccess

The only thing I didn't really like was their method for copying the files from the old wp-content directory to the new one.

They suggested using "cp -rpf":
$ cd wordpress
$ cp -rpf wp-content/* ../wordpress-svn/wp-content

But I prefer to use a "tar | tar" operation as root from my original wp-content directory.
$ cd wordpress/wp-content
$ tar cpEf - * | (cd ../../wordpress-svn/wp-content; tar xf -)

I don't really have a reason for this other than it's the way I have always moved large directories full of files with varying permissions. I just have more confidence in "tar" to maintain permissions than I do "cp". I seem to remember being bitten by "cp" while moving some Oracle databases at some point.

That pretty much did it for WordPress... Next I moved onto Gallery2. The process was very similar.

Create the new gallery2 directory within your wordpress-svn folder and "cd" into it:
$ mkdir gallery2

Checkout the latest version of the Gallery2 code:
svn co https://gallery.svn.sourceforge.net/
svnroot/gallery/branches/BRANCH_2_2/gallery2 .

Copy over the config file:
cp ../../wordpress/gallery2/config.php .

Finally, copy the g2data directory over using "tar | tar":
$ cd ../../wordpress/gallery2/g2data
$ tar cpEf - * | (cd ../../wordpress-svn/gallery2/g2data; tar xf -)

That was it... Now all that was left was to rename wordpress to wordpress-presvn and wordpress-svn to wordpress:
$ mv wordpress wordpress-presvn; mv wordpress-svn wordpress

Everything worked fine, so I was golden. If it had not been, I could have simply renamed the directories back to their original names.

What did all this get me? Much much easier upgrades. Upgrading WordPress is now just a matter of switching to the latest tag and running "svn up":
$ svn sw http://svn.automattic.com/wordpress/tags/2.3.2
$ svn up

With Gallery, however, there is no need to do a switch for dot releases, so until it goes from 2.2.x to 2.3.x there is no need to run the "svn switch"... I can just "svn up".

Remember that this is a 10,000 foot view of the process. Please read the links to the Automattic and Gallery documentation if you are going to make the move yourself.

Ecto is Busted in WordPress 2.1

Last week I took this site to WordPress 2.1 and much to my dismay realized that Ecto, my favorite XMLRPC blogging client no longer worked. It would let me post, but it was never able to update the category information for posts... It just hung with no error. I looked into it, and found out that Ecto expects the category information to be returned as a string, not an int.

Adriaan, the developer of Ecto is blaming WordPress, while I'm sure the folks at Automattic would call it an Ecto problem... That's just how these things tend to work. Anyhow, it's pretty easy to fix if you make this quick change to xmlrpc.php.

Simply change this on line 180:

'categoryId' => $catid,

To this:

'categoryId' => (string) $catid,

Hopefully someone will go back to their code tree and make a permanent fix so we don't have to constantly edit this file every time we upgrade.

Horde / IMP on RHEL 4 From RPM HOWTO

Whenever you go to install applications and services on registered RHEL servers, it's always nice to use the RPMs because up2date will keep everything current for you. Managing upgrades gets a whole lot easier when you can bring your system up to current with one simple command. Because of this, I decided that I would try to use as many RPMs as I could when I set up our latest Horde / IMP installation.

Unfortunately, RedHat does not supply RPMs for the Horde applications, but luckily CentOS does. You should be able to download them from here. Get the latest version, which at the time of this writing was horde-3.1.3-1 and imp-h3-4.1.3-1.

Don't install them yet though because Horde and IMP have always had a lot of dependancies which must be installed and enabled first. Installing the following RPMs should take care of them.

• mysql-4.1.20-1.RHEL4.1.i386.rpm
• mysqlclient10-3.23.58-4.RHEL4.1.i386.rpm
• mysqlclient10-devel-3.23.58-4.RHEL4.1.i386.rpm
• mysql-devel-4.1.20-1.RHEL4.1.i386.rpm
• mysql-server-4.1.20-1.RHEL4.1.i386.rpm
• perl-DBD-MySQL-2.9004-3.1.i386.rpm
• php-4.3.9-3.15.i386.rpm
• php-devel-4.3.9-3.15.i386.rpm
• php-domxml-4.3.9-3.15.i386.rpm
• php-imap-4.3.9-3.15.i386.rpm
• php-ldap-4.3.9-3.15.i386.rpm
• php-mysql-4.3.9-3.15.i386.rpm
• php-pear-4.3.9-3.15.i386.rpm

Assuming you will want up2date to handle upgrades of these packages, it is very important that you either use "up2date" to install them, or download them from correct channel at the RedHat website. You could also simply get them from the CD distribution that you used to install the system itself.

Once PEAR is installed, you will have to upgrade it, and install the PEAR::Log module.

[root@server]# pear upgrade -a PEAR-1.3.6
[root@server]# pear upgrade PEAR

Ok, now let's make sure the web server is configured to start when the system comes up:

[root@server /]# /sbin/chkconfig --list httpd

You should see this:

httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

But if you see 5:off, simply run:

[root@server /]# /sbin/chkconfig httpd on

Now we enable and start up our new MySQL database server:

[root@server /]# /sbin/chkconfig mysqld on
[root@server /]# /sbin/service mysqld start

And we're ready to install Horde and IMP. Install the following RPM's, which will put everything in /usr/share/horde and creates a file called horde.conf in /etc/httpd/conf.d/

• horde-3.1.3-1.c4.noarch.rpm
• imp-h3-4.1.3-1.c4.noarch.rpm

This will install the HORDE and IMP packages in /usr/share, and /usr/share/horde respectively.

Finally, we start or restart apache:

[root@server /]# /sbin/service httpd start

Grab a browser and go to the following URL to proceed with the Horde and IMP configuration.

http://server.example.com/horde/

Installing OpenGroupWare 1.1.5 on RHEL 3

OpenGroupWare is an open source groupware package intended as an alternative to proprietary applications such as Exchange and PostPath. It is fairly robust in its feature set, and even integrates well with MS Outlook.

Its strongest points, in my opinion are that it does not depend in any way on Active Directory, and that it integrates well with open source standards like Open LDAP and University of Washington IMAP. Its downsides are that the documentation is sparse and scattered, that is is backed with PostgreSQL rather than MySQL, and that the package is bundled into a TON of RPM's.

I have not tried installing it from source, though I suspect that it would not be much more work than using the RPM's. Anyhow, if you want to install it for yourself, here are some quick scripts to help you, as well as some quick cookbook instructions. I installed it on RHEL 3 Workstation, though I suspect that it would work most Linux distributions.

The first thing we have to do is install the foundation for OpenGroupWare From the RHEL CD's or Website:

Install apache
Install PostgreSQL
Install PostgreSQL-devel
Install php
Install php_PostgreSQL

Next, run the following commands to get the database and webserver started:

# /sbin/chkconfig httpd on
# /sbin/chkconfig postgresql on
# /sbin/service postgresql start
# /sbin/service httpd start

Sendmail should already be installed and running, but if not, you will have to install it as well.

OK, so I said before that there are a TON of RPM's that you will have to install. These can be found at the OpenGroupWare website. Get them however you want, but if you have "wget" installed, you can use my script to fetch everything you need. You can omit the "devel" packages if you don't want to install the source code.

Ok, so now we have a directory filled up wit RPM's. Many of these have a lot of dependancies, so the order of install is important. The script below has them in the correct order, so you can either use it as a reference to install them yourself, or just save the script in the directory that has all your RPM's and run it. Your choice.

Some things to note about the install.

These all have to be done on one line or "rpm" will complain that it can's resolve dependancies:
rpm -Uvh ogo-webui-app-1.1.5-r1717.0.i386.rpm ogo-theme-default-1.1.5-r1717.0.i386.rpm ogo-webui-resource-en-1.1.5-r1717.0.i386.rpm ogo-webui-resource-de-1.1.5-r1717.0.i386.rpm

ogo-database-setup-1.1.5-0.i386.rpm sets up your PostgreSQL database and database user for you. The output should look something like this:

Preparing...                     ########################################### [100%]
1:ogo-database-setup             ########################################### [100%]
PostgreSQL seems to be already initialized
and I can see it running:
PIDS used: 3456 3458 3459
We're on PostgreSQL 7 (7.4)
checking /var/lib/pgsql/data/postgresql.conf
need to patch /var/lib/pgsql/data/postgresql.conf for 7.4
backup current one to /var/lib/pgsql/data/postgresql.conf.20061213-153319
checking /var/lib/pgsql/data/pg_hba.conf
need to patch /var/lib/pgsql/data/pg_hba.conf for 7.4
backup current one to /var/lib/pgsql/data/pg_hba.conf.20061213-153319
The changes we've made require that we restart PostgreSQL...
Stopping postgresql service:    [  OK  ]
Starting postgresql service:      [  OK  ]
OK! PostgreSQL runs again: (3909 3911 3912)
creating database user: OGo
creating the database itself: OGo
we've successfully created both the user OGo and the raw database OGo
we'll now fill the database with the scheme itself
checking the logfile created during scheme rollin...
/tmp/database_setup_psql.sh.20061213-153319.log
removing log - not needed anymore

OK... Now everything is installed, and if you run the following command:

# /sbin/chkconfig --list | grep ogo

You should see the following output:

ogo-zidestore   0:off   1:off   2:on    3:on    4:on    5:on    6:off
ogo-webui       0:off   1:off   2:on    3:on    4:on    5:on    6:off
ogo-xmlrpcd     0:off   1:off   2:on    3:on    4:on    5:on    6:off
ogo-nhsd        0:off   1:off   2:on    3:on    4:on    5:on    6:off

Now, let's fire up these services:


# /sbin/service ogo-zidestore start
# /sbin/service ogo-webui start
# /sbin/service ogo-xmlrpcd start
# /sbin/service ogo-nhsd start

Everything should be up and running now, so you can grab a web browser and go to the following RUL:

http://server.domain.com/OpenGroupware

You will be logged in as the root user, so make sure to change the password.

If you are using this system as a stand-alone server, you are pretty much all set. We needed to authenticate it against our central LDAP, and point it towards our IMAP server though, so I added the following lines to "/var/lib/opengroupware.org/.libFoundation/DefaultsNSGlobalDomain.plist":


LSAuthLDAPServer = "ldapserver.domain.com";
LSAuthLDAPServerRoot = "dc=mydomain,dc=com";
imap_host = "imapserver.domain.com";
UseSkyrixLoginForImap = YES;


Make sure to put these lines at the end of the file, but before the closing braces.

The file should look something like this:

###### SNIP #######
{
"skyrix_id" = "server.domain.com";
LSConnectionDictionary = {
  databaseName = OGo;
  hostName = "127.0.0.1";
  password = "";
  port = 5432;
  userName = OGo;
};
  LSNewsImagesPath = "/var/lib/opengroupware.org/news";
  LSNewsImagesUrl = "/ArticleImages";
  Languages = (
  English
);
  TimeZoneName = GMT;
  WOHttpAllowHost = (
  localhost,
  "127.0.0.1",
  "localhost.localdomain"
);
  LSAuthLDAPServer = "ldapserver.domain.com";
  LSAuthLDAPServerRoot = "dc=domain,dc=com";
  imap_host = "imapserver.domain.com";
  UseSkyrixLoginForImap = YES;
}
###### /SNIP #######

Since the system won't let you authenticate the "root" user against the local database if your are using LDAP, you have to create a root user on your central LDAP.

Create an LDIF file called root.ldif like so:

###### SNIP #######
dn: uid=root,ou=People,dc=mydomain,dc=com
objectClass: organizationalPerson
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
uid: root
uidNumber: 0
gidNumber: 0
sn: Root
cn: Root
homeDirectory: /root
loginShell: /bin/bash
gecos: Root
###### /SNIP #######

Finally, run the following command to add the root user:


ldapadd -x -D "cn=Manager,dc=mydomain,dc=com" -W -f root.ldif"


You should now be authenticating against your central LDAP server. Have fun!

Picking a Multiuser Blogging System

I'm a blogger. I'm also a systems administrator at a University. Thus, when the University decided to charter a project to offer each member of the institution a blog, I was selected to sit on the committee. We boiled all of the software choices down to Drupal, Movable Type, and Wordpress MU.

In my evaluation of these solutions, the software was ranked on a five-point scale against the following requirements, which we had decided were important to us. I've also included my personal rankings. In many cases the software received a lower ranking on a feature because it was not customizable by the individual user.

Intuitive Drupal:2 Movable Type:5 Wrodpress MU:5	Skinnable Drupal:2 Movable Type:5 Wrodpress MU:5	Pingbacks Drupal:3 Movable Type:5 Wrodpress MU:5
Trackbacks Drupal:2 Movable Type:5 Wrodpress MU:5	Supports XMLRPC Drupal:5 Movable Type:5 Wrodpress MU:5	Comment SPAM blocking Drupal:2 Movable Type:4 Wrodpress MU:5
Image support Drupal:5 Movable Type:5 Wrodpress MU:5	WYSIWYG Drupal:5 Movable Type:5 Wrodpress MU:5	RSS feed Support Drupal:3 Movable Type:4 Wrodpress MU:5
TAGS Drupal:5 Movable Type:5 Wrodpress MU:5	URL Rewriting Drupal:5 Movable Type:5 Wrodpress MU:5	Hosted here Drupal:5 Movable Type:5 Wrodpress MU:5
Single installation Drupal:5 Movable Type:5 Wrodpress MU:5	Single Database Drupal:5 Movable Type:5 Wrodpress MU:5	Single Table structure Drupal:5 Movable Type:4 Wrodpress MU:0
Mysql or Oracle Drupal:5 Movable Type:5 Wrodpress MU:5	Integrate with IDM (ex. CAS) Drupal:0 Movable Type:0 Wrodpress MU:0	Quota on file uploads Drupal:5 Movable Type:0 Wrodpress MU:5
Prefer PHP: Drupal:5 Movable Type:1 Wrodpress MU:5	Ease of Upgrade Drupal:4 Movable Type:4 Wrodpress MU:5	Cost Drupal:5 Movable Type:3 Wrodpress MU:5

Totals:
Drupal: 88
Movable Type: 90
Wordpress MU: 100

Drupal came in last not because it is unable to meet the requirements we had listed, but because it is not as intuitive as the other solutions, and there are many areas where the user can not be granted any granularity of control over the blog. There is, for example, no way to allow the individual user to manage comment spam settings. The administrator chooses the settings that are then applied globally to each user on the system.

Movable Type evaluated quite well. The user interface is very nice, and the entire software package is very feature rich from a user experience standpoint. It meets most of our pre-determined criteria, but there are no built in "file upload quotas", and the application is written in Perl. Also of possible concern is the fact that, while content exists within the database, it is delivered via static pages. This means that a site (all static pages) must be rebuilt whenever significant changes are made, such as changing a theme. It is anyone's guess how this static / dynamic model will scale to a very large number of users. Also of note is the fact the MT is a pay for product. Like any proprietary software solution, this can be both a benefit and a drawback.

Wordpress MU mets or exceeds all of our pre-determined criteria with one major exception. The database does not have a unified table structure, meaning each blog requires its own set of database tables. It is largely unknown how this model will scale to a large number of users, however wordpress.com has this software successfully rolled out to a large and growing number of users. Should we decided on WPMU, it may be worth discussing the implementation with the WPMU team. The user interface is both elegant and intuitive, and the user retains maximum control over most of the unique blog settings. It is, however, worth mentioning that WPMU has adopted the Web 2.0 standard of not versioning their releases. Upgrades are downloaded via a nightly builds directory, which means that version releases may not be as well tested as with a more traditional release strategy.

For my part, even though I scored it slightly higher, I have no real preference for Wordpress MU over Movable Type. Both are great blogging solutions, and I feel that we could find a way around MT's lack of file upload quota. I do, however, prefer either of these two solutions over Drupal because of issues surrounding usability, and customization.

In the end, the committee agreed that Wordpress MU was the winner. We will now go on to write the CAS authentication module, and see if we can get around the requirement that usernames have greater than three letters. We are also hoping to get in touch with the wordpress.com people to discuss how the non-unified table structure will scale to 30.000+ users.

What’s up with the new CMS?

There are quite a few reasons I decided to move away from PhPNuke, but the biggest of the all was the fact that it is simply FULL of security holes. Day after day I read about SQL injection vulnerabilities that would allow a user to gain administrative access to the site, and go at it with a hatchet. I was simply tired of always worrying that someone would hack my site and leave me with a big headache.

I was also getting increasingly frustrated by the fact that PhPNuke never supported pingbacks, trackbacks, or xmlrpc. I read something months ago about someone developing trackbacks for PhPNuke, but it would seem he went the way of Jimmy Hoffa, and nobody ever heard from him again. As time went on, it was becoming more and more clear that PhPNuke needed to be abandoned for a better product, and the only question that remained was which product to chose.

I've always liked Mambo, but while it is much more secure than PhPNuke, it still lacks pingbacks, trackbacks and xmlrpc. Drupal is a very nice product that does everything I wanted it to do and more. There is even a script that will migrate all the users and data from PhPNuke into Drupal, but in the end, I was just not happy with the look and feel of the site under Drupal.

Casey over at maisonbisson.com had recently moved his site from P Machine to Word Press, so once I confirmed that it had Gallery2 Integration I decided to take a look to see what he liked so much about it. He had written a really cool statistics plugin called bstats, and overall the CSM presented things very cleanly. Overall, I'm pretty happy with the software. It does everything I want it to, and it's quite nice to have the option of managing my stories through xmlrpc with Ecto.

Casey Bisson's bstats plugin > 
Word Press Gallery2 integration >

 

Apache, MySql and PHP Howto (from source)

Everyone loves web applications that use Apache, PHP and MySQL, and everyone loves having their very own web servere that runs them. The problem is, how do you do it? If your're like me, you don't do it enough to remember, so here are some quick directions to get you started.

First we must download the latest versions of Apache, MySQL and PHP and extract them. You may have to dig a little since these places are always changing where they keep things, but the links below should be of some use. Just make sure you download the source distribution.

MySQL Download >
Apache Download >
PHP Download >

I always put these applications in /usr/local/server, but you can select whatever location you like. Simply add whatever directory you want into the --prefix directive.

First, let's build and install MySQL

# cd /path/to/mysql/source/directory
# ./configure --prefix=/usr/local/server/mysql
# make
# make install

Next, we have to build and install the Apache web server. In this example, we are building it with SSL, URL Rewrite and Shared Object support.

# cd /path/to/apache/source/directory
# ./configure --prefix=/usr/local/server/apache --enable-module=so --enable-rewrite -enable-ssl
# make
# make install

Finally, build and install PHP. There are lots of things you can include when building PHP, but these are the most common.

# ./configure --with-apxs2=/usr/local/server/apache/bin/apxs --with-mysql=/usr/local/server/mysql --enable-debug=no --enable-track-vars=yes --enable-bcmath=yes --enable-memory-limit=yes --with-imap --with-ldap=/usr/local/server/ldap --enable-ftp --with-gd --with-jpeg-dir=/usr/local --with-png-dir=/usr/local --with-zlib-dir=/usr
# make
# make install

That should do it... If everything went well, you can start up your fancy new apache web server.

# /usr/local/server/apache/bin/apachectl start

Things to remember when creating Apache SSL certs

Since I don't create certs all that often, I've always been frusterated by having to search out the commands every time I have to make one. Frequently I forget about removing tripple DES from the server.key file, and end up with a cert that makes me enter a psss phraze every time I start up Apache.

Thus, I decided to create an entry here with all the commands, so that I will never have to go searching for them again.

First, change directory into your Apache configuration directory:

# cd /path/to/httpd/conf

Generate the server key (with password):

# openssl genrsa -des3 -out server.key 1024

Optionally, we can generate a key file without a password. This means that Apache will start without requesting a password. This is important should there ever be a power failure, or when a reset is required and no one knows the password. Use the following command:

# openssl rsa -in server.key -out server.pem

A CSR (Certificate Signing Request) is required for afirming that the server key is valid. The server.pem is used in place of server.key as we don't require a password:

# openssl req -new -key server.pem -out server.csr

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Your State
Locality Name (eg, city) []:Your Cit
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Your Company Nam
Organizational Unit Name (eg, section) []:Department Name
Common Name (eg, YOUR name) []: server.spiralbound.net
Email Address []:me@spiralbound.net
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:

Finally, the certificate needs to be signed. Normally this is done by an official authority such as Thawte. However, if this is not available, we can sign the certificate ourselves. In this example a time limit of 3 years, or 1095 days is set for the amount of time to be valid. Again, we use the server.pem file without a password.

# openssl x509 -req -days 1095 -in server.csr -signkey server.pem -out server.crt

Popular Posts

• Bash For loop Example (741)
• Fish Supposedly Washed Up By Asian Tsunami (579)
• Little Japanese Trucks (342)
• Spencer Tunick Photographs More Than 18000 Nudes In Mexico City (282)
• Why Did my Arm Fall Asleep? (277)
• How to copy a Solaris boot drive to a disk with a different partition layout (245)
• RHEL Winbind Authentication Against Active Directory (205)
• Solaris Disk Partition Layout & Mirroring Scripts (193)
• Foreach Example in tcsh (179)
• X11 Forwarding Broken on Solaris (176)
• Recovering From a Stuck Symantec Ghost Virtual Boot Partition (175)
• VMware ESX 3.5 ntpdate strangeness (161)
• Example LINUX init Script (154)
• When Mac OSX SMB Connections Fail (131)
• MIT Guide to Lock Picking - Table Of Contents (129)

Tags

advanced lock picking Adventures basic picking blog bounce pick corruption diving flatland funny government guide hacking howard dean howto humor Iraq key keys linux lock lock pick lock pick guide locks master keys mit pick picking torque pick pressure pin column model pins plug rebreather republican rhel scuba scuba diving series solaris storage sun technology tumblers unix video zen

Sponsored Links:

Copyright © 2004-2008 spiralbound.net · Log in