How to create a two-node CentOS 6 cluster with floating IP using CMAN and Pacemaker

Originally I was using Heartbeat to create two-node Linux clusters with floating IPs, but when Heartbeat stopped being developed I needed to figure out how to use Corosync and Pacemaker for this instead. Somewhat annoyingly, Linux HA stuff has changed yet again in CentOS 6.4, so now it’s necessary to use CMAN and Pacemaker instead.

This is quite a lot more in-depth than the simple configuration that was originally required for Heartbeat. Anyway, based on my recent experiences, here’s a very quick guide for if you find yourself in a similar situation. This works for me on CentOS 6.4 and higher, but it won’t work on earlier versions of CentOS.

Continue reading “How to create a two-node CentOS 6 cluster with floating IP using CMAN and Pacemaker”

Creating a Bash-based web server on my new Raspberry Pi

Recently I decided to correct my oversight of not having obtained a Raspberry Pi, so I purchased the Model B version along with the nice clear case and named it “Colossus”.

Never having owned an Acorn Archimedes (I was an Amiga man) the first thing I did was play with RISC OS for a while. Having got that out of the way, I installed Raspbian Linux and decided to have some fun creating a demo web page showing continuously updating statistics from the Pi.

Continue reading “Creating a Bash-based web server on my new Raspberry Pi”

New website for my system administration and infrastructure consultancy business

I became a self employed system administrator in 2011 and (touch wood) my freelance infrastructure business has been going fairly well so far. I thought it was about time I built a marketing website for my business, and I wanted to create a simple, professional-looking site without having to spend too much time building it.

Continue reading “New website for my system administration and infrastructure consultancy business”

Get a continuously updating display of client IP addresses on a web server using X-Forwarded-For

Sometimes it’s desirable to have a continuously updating display of the IP addresses which are hitting a web server, with an indication of how many times each IP address has made a request. This may be because you suspect a DoS or DDoS attack, or there may appear to be some other odd activity, or you may simply be curious. If a web server is sitting directly on the Internet then it’s possible to do this fairly easily with a tool such as netstat. Often, however, a web server is behind an ELB or another type of load balancer, which means that if you try to use netstat then you’ll just see the load balancer’s IP address, not the address of the client which made the request. But if your load balancer is passing the X-Forwarded-For header (as it really ought to be) then you can use this header instead of the client IP to get a continuously updating display.

Continue reading “Get a continuously updating display of client IP addresses on a web server using X-Forwarded-For”

Python script to convert ICS-exported List from Reminders app to plaintext

I make extensive use of the Reminders app* in OS X to keep track of tasks and to-do items, and I wanted a way to export a list of reminders to plaintext, so I knocked up a quick Python script to take an ICS file exported from a List in Reminders (which you can do from the File menu) and output it in plaintext. If this is something you find yourself needing to do then this might work for you.

Continue reading “Python script to convert ICS-exported List from Reminders app to plaintext”

HttpOnly flag for persistence cookies in HAProxy

A client arranged penetration testing in order to achieve PCI compliance and it was found that not all cookies contained the HttpOnly flag, which is an automatic fail because apparently you are more vulnerable to XSS attacks if you don’t set your cookies to use HttpOnly.

This problem turned out to be caused by the HAProxy load balancer not adding HttpOnly to its persistence (sticky session) cookies, so I checked the HAProxy manual and did some googling, but I couldn’t find any way of making HAProxy’s persistence cookies add the HttpOnly flag.

Continue reading “HttpOnly flag for persistence cookies in HAProxy”

Virtualisation with KVM and LVM on CentOS 6 via the command line

I’ve found plenty of articles out there explaining how to use KVM with graphical GUI tools. On most of the CentOS servers I administer, however, I use Kickstart to create a customised and minimal GUI-free install to keep things as simple and efficient as possible. Here, therefore, are some guidelines for how to set up a virtualisation environment and virtual machines using KVM on CentOS 6 via the CLI.

Continue reading “Virtualisation with KVM and LVM on CentOS 6 via the command line”

PostgreSQL tuning: ensuring that as many sorts as possible are done in memory and not on disk

(This post assumes a PostgreSQL installation located at /var/lib/pgsql on a Red Hat-type Linux system such as Red Hat Enterprise Linux or CentOS. If your system differs from this, you may need to modify some of the paths accordingly.)

In PostgreSQL, sorts larger than a certain size will get performed on disk instead of in memory, and this makes them much slower as a result. Ideally all sorts should be done in memory (except for the ones that are genuinely too big to fit into your available RAM, because swapping to virtual memory should be avoided at all costs).

Continue reading “PostgreSQL tuning: ensuring that as many sorts as possible are done in memory and not on disk”

Using Amazon’s EC2 cloud service to host our entire web infrastructure

Following our successful migration to Amazon’s S3 service for media storage and delivery, we decided to move our entire server infrastructure from its traditional data centre colocation to Amazon’s Elastic Compute Cloud (or ‘EC2’). Using this cloud-based infrastructure instead of data centre colocation provides two main benefits for us.

Continue reading “Using Amazon’s EC2 cloud service to host our entire web infrastructure”