Category Archives: Admin

Simple Web Applications Deployment via Git

Git is not only great version control tool,  but can be easily used for web application deployment to testing or production environmenst.  For more complex projects some continuous integration (CI), tools/services can be more appropriate  (like Jenkins), but for smaller project we can do just fine with Git , SSH and simple script installed as git hook. Below is the scenario I’m using for one Python Flask web application. Continue reading Simple Web Applications Deployment via Git

OpenShift Experiencies

PaaS is happily buzzing in the Cloud and it seems to be hottest topic in the infrastructure  services today,  so I decided to test Openshift –  PaaS  offering  from Red Hat.  Couple of reasons make this platform interesting – firstly it’s open source solution, so we can use it to build your own private solution, secondly on public service we  get 3 gears ( linux containers with predefined configuration) for free forever, so it’s easy to experiment with this platform. As a sample project we will create very simple Python Flask web application with MongoDb. Continue reading OpenShift Experiencies

Check UPnP port mapping on you router

Most modern SOHO routers (like my Asus) support UPnP IGDP  or NAT-PMP protocols to enable hosts on local network to open and map incomming (from WAN) port on router.  While these two are different protocols with different origins, they both serve same purpose, so often they are enabled by a single option in your router configuration ( like in my Asus – there is only one option ‘Enable UPnP’,  but in fact it enables both protocols).

This automatic incomming port port management is very convenient, however it can cause some security problems  in your local network.  Because normaly  neither UPnP nor NAT-PMP is authenticated, all local subnet is basically trusted, it means that any program can open incomming port, as it needs (including  malware programs).  More detailed description about potential UPnP issues is for instance here. Continue reading Check UPnP port mapping on you router

Tunneling SSH through Restrictive HTTS Proxy

In one of past articles I’ve described how to use HTTP CONNECT method to tunnel other protocols through a proxy.  It worked for me for various protocols ( mainly email access IMAP, SMTP),  but recently it stopped working for SSH protocol. After some investigation I’ve found  that proxy is checking  what protocol it is tunnelling through and expects it to be SSL/TLS.  If it is anything else, proxy closes connection with an error.  It still worked for mail protocols,  because they were already wrapped in SSL. But to be still able to use SSH through proxy some more sophisticated setup was needed –  tunnelling SSH through SSL protocol, which is then tunnelled via HTTPS proxy ( HTTP CONNECT method).  Below I describe a setup,  which works for me. Continue reading Tunneling SSH through Restrictive HTTS Proxy

Running Oracle VM Template for DB 12c in XenServer

As many may know Oracle VM Server is based on Xen hypervisor so it’s possible to run VMs prepared for Oracle VM on other Xen based solutions like XenServer or OCP.  Main difference is management of VMs – Oracle VM is using xm, while recent XenServer is using newer xapi stack.  But paravirtualized Linux kernels can run easily on both.

Oracle is providing VM templates with many of it’s key products – like for instance new Oracle 12c database.   In this article we will show how to run Oracle 12c Database VM template on XenServer 6.2. Continue reading Running Oracle VM Template for DB 12c in XenServer

Accesing Oracle from Python (with proper unicode support)

It’s not obvious to set it right, so I’m putting some notes here:

Installation is described here.
Few comments:

  • ORACLE_HOME is needed just for installation
  • If you add client library path to /etc/ld.so.conf.d/oracle.conf   and update ldconfig, you don’t need to export modified LD_LIBRARY_PATH
  • when you install Oracle client library and set environment,  you can install cx_oracle also via pip install cx_Oracle

The crucial step not mentioned in the installation guide is  to set NLS_LANG environment variable – this should be in the environment of your python program using cx_oracle.  So for instance for Flask+SQLAlchemy you can have:

Without this variable oracle client is using 7bits ASCII! So any unicode character will raise “UnicodeEncodeError: ‘ascii’ codec can’t encode character” error.

Simple statistics from nginx access logs

I required some simple statistics (selected page visits per day)  from web-server logs.   I looked at some web log analyzer packages like AWStats, but it looked to me like as an overkill in my case – I’d probably spent more time to trying make it work then putting together some small script. So here it is – a simple bash script that will take all available access logs (by default on Debian nginx is using logrotate to rotate logs daily and keeps 52 daily logs, old logs are gzipped) and calculate page visits for certain request pattern: Continue reading Simple statistics from nginx access logs

Poor man’s backup for XenServer

I’m running several XenServer hosts and wanted to provide some basic backup of VMs. I decided to use USB disk – XenServer 6.2  provides great support for external disks.   I was looking around for some simple free tool for backup (to backup several VMs from different servers in scheduled batches), but did not find anything suitable (simple scripts were not flexible enough, bigger solutions were overkill in my case) – so I created my own solution xapi-back

My setup is:

  • I created small Debian VM and attached USB disk to it (in XS 6.2 this external disk will stay connected to VM after  VM or host reboot)
  • Installed xapi-back
  • Created special user for backup
  • Scheduled VM backups with cron

Main advantages of xapi-back  compared to other similar solutions:

  • easy to install – just download and run python setup.py
  • easy to configure –   just one simple configuration file with details of xen servers and some basic backup parameters
  • self-contained  – does not need xe or other tools (as many other solutions) and can run on any computer ( not only in xenserver Dom0 as some scripts,  generally I think it’s not good practice to run backups in Dom0, better is to have it separately).
  • complete – you can do all basic tasks from xapi-back via simple command line interface xb –  list VMs and their last backups,  backup, restore,  set VMs for scheduled backup ( with help of cron). You’ll not need any other management tools (xe, XenCenter, ….) to make backups.
  • self-maintaining – xapi-back can be scheduled and run automatically. It maintains backups’ storage, keeps N last backups and removes old backups so it can run unattended for months.
  • compact – it’s very small solution so it can run on any machine, only python  is needed (it can run easily on minimal Debian install or even on NAS)
  • universal – can run on any POSIX system, where python is running ( any Linux, FreeBSD, Solaris …)
  • multiple servers – can handle multiple XenServers and server’s pools