Latest entries
Yesterday I sent a message to the Nginx list to announce the availability of my first module for that web server.
The module is used to do HTTP Basic Authentication agains PAM instead of using an htpasswd file; I wrote it because I wanted to authenticate against OpenLDAP and PostgreSQL and PAM already has support for that ;)
The code is available here and on the readme there are instructions on how to build a patched debian package with the module included.
Posted Thu 18 Sep 2008 10:58:11 CESTAs promised a photo of the first meeting between Hugo and Marc.
With luck this afternoon the whole family will be at home.
Posted Sat 23 Aug 2008 09:21:28 CESTAt 17:55 of the 21th of August of 2008 (four days late from the expected schedule) passenger Marc Talens i Blasco landed at La Fé Hospital in Valencia.
On my next post... Hugo meets Marc!
Posted Fri 22 Aug 2008 12:17:32 CESTAfter less than a week of vacation I've decided it was time to write a short blog entry, as I plan to write at least another one in some days, as we are waiting the arrival of Marc, our second son, for this week or the next one.
In the last months I haven't done what I said in my last posts, I'm quite busy with the rest of my life and blogging or keeping my home computing infrastructure is not on the top list.
Anyway I still have managed to do some things like giving a talk about virtualization on the VII Jornades de Programari Lliure, not going to Debconf8 (next year should be the one, the conference is in Spain and I have enough time to prepare it, including a possible trip with all the family) or do a partial server migration at home, leaving two machines to do the work of one.
My plan for the migration has changed and if time permits I'll try to do it in the next couple of weeks; now I plan to move my current servers to an ASUS EeePC with 2GB of RAM and an external USB disk (it is a lot smaller and the hardware is still faster than my old server) and I'll use OpenVZ instead of Linux-Vserver for virtualization (OpenVZ enabled kernels are available for Lenny).
Posted Thu 14 Aug 2008 09:49:16 CESTI've been using Subversion and
Trac for some years now, and I have encouraged
its use at work since the last couple of years, with the undesired effect of
having to maintain four different Trac installations with different database
systems (SQLite3 and PostgreSQL), plugins (more than 15 on the big
servers), authentication systems (htpass files, LDAP and a database based
system) and tons of projects published (two internal servers have 64 and 16
projects, one of the client system has 33 projects and there is only one
single project installation, but it is living at a client's system).
Yesterday night, while reading Planet Debian I found a post from John Goerzen about tools to replace Trac, including the option to use Git as the project VCS.
In the post he talks about different options, mainly projects that I would
categorize as issue tracking systems (mantis, roundup, etc.), but it
also talks about Redmine, a project management
system implemented using the Ruby on Rails
framework that is similar to Trac.
As it looked interesting I downloaded, installed and executed an instance in about 15 minutes (I love the systems that support sqlite3 for this quick tests, not having to touch real database servers speeds up simple tests a lot).
I played a little bit with the system and I believe that I will spend some
more time testing it at work next week, as it looks quite promising; the
standard version has almost all the features I'm interested in without the
need to install additional plugins and it can do most of the things I was
missing from Trac to do lightweight project management.
I evaluated ]project-open[ to use it together with
Trac for our internal project management tasks, mainly because we miss
important features from Trac, like having clean systems to view the tasks of
a user in all projects or a clean way to do the project planning using
tickets and gantt charts. Of course there are ways to do it, but the
plugins I've tried are not as good and simple as I would like.
The problem with the use of ]project-open[ is that I don't really like it
for us, as it has tons of features that I feel we don't need nor will use and,
on a first try, the system seemed difficult to deploy and maintain, probably
because my lack of knowledge about OpenACS and
TCL.
In fact we still don't have ]po[ running at work because I was unable to to
integrate the authentication system with our LDAP server on my first tries
and have had no time to investigate further since then.
The good thing about trying Redmine is that if we don't end up using it at
least I can take the most of this opportunity by looking at Ruby on Rails
and the Ruby Programming Language, at least
from the administration side, as I have never looked at it seriously.
The problem
On a couple of Debian Etch systems we have a plone-site that is published using a backport of the nginx web server.
The Zope instance is running on the standard port and serves the Plone
contents under the /plone path.
Initially we were publishing the site to the external world using an https
site served by nginx using the following entry on the configuration:
location /plone/ {
proxy_pass http://plone:9673;
include /etc/nginx/proxy.conf;
}
The proxy.conf contents are quite standard:
# proxy.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
With this settings we see the /plone contents using the same path that is
used by the Zope instance, but after testing we have decided to change the
/plone path and server the contents under the /web path.
The Wrong Solution
The fist option I though about was quite simple, rename the Zope's plone object to web.
Seems reasonable and simple for someone without Zope experience (I don't administer the internals of the Zope/Plone site), but now I know that it is a very big mistake, because renaming objects in Zope in not cheap, as it implies that the server has to modify all the contents of the renamed object and the operation can take a very long time.
With my ignorance I tried to rename the plone object using the Zope
administrative interface and after a minute or so I cancelled the page
loading that was running on my browser, thinking that I had cancelled the
rename operation.
To make a long story short I'll tell you that the operation was still running and after several hours the folder was renamed (in fact I noticed when the good solution broke, as I had already solved the problem using the next method), but something went wrong and part of the site functionality was broken... the final solution to the debacle has been to recover a backup of the Zope instance older than the rename operation and continue from that copy.
The Right Solution (TM)
It seems that Zope has a couple of systems to do Virtual
Hosting
and the best option is the use of the product called Virtual Host Monster,
a weird and confusing system (IMHO, of course), that does the job once the
right configuration settings are in place.
The best solution to our problem was to modify the requests done by the
reverse proxy without touching anything on the Plone site (the original one
already had a Virtual Host Monster object installed and that was the only
thing that we needed to add).
The nginx configuration for the new /web path is the following:
location /web/ {
proxy_pass http://plone:9673/plone/VirtualHostRoot/_vh_web/;
include /etc/nginx/proxy.conf;
}
With this change, when the user asks for anything under the /web/ path the
Zope server gets the contents traversing the /plone object and adding to
it the elements that appear after the VirtualHostRoot component, ignoring
components that start with the _vh_ prefix (the protocol and host name of
the requests are not modified, as we did not touched that).
Once the object is found, the server rewrites the URLs included on the HTML
files using the path components that appear after the VirtualHostRoot one,
including the suffix of the components that start with the prefix _vh_.
For example, when the Zope server receives a request for an URL like:
http://plone:9673/plone/VirtualHostRoot/_vh_web/home
it publishes the content found on:
http://plone:9673/plone/home
but the HTML files returned assume that their base URL is:
http://plone:9673/web/home
Today I've noticed that my last post was on August and I've decided that I'm going to try to keep this blog alive.
Since this summer I've left the University and now I only have two jobs... my daily work and my son; I believe that things are going better at a personal level, but the truth is that lately I have near zero time to devote to Debian and Free Software in general.
As I don't want to leave the FLOSS world and I'm still able to do some sysadmin related tasks at work and at home I've decided that I'll try to reserve some time for blogging about them.
I'm also thinking about starting a blog and a wiki in Spanish, mainly to be able to publish some of the documents I write at work about our installations, the advantage for me is that I can publish them with a little revision and that is much faster than translating them into English.
Anyway, before creating new blogs my first task is to finish my home server migration; I'm moving all the services that were running on my old PowerBook (PowerPC @ 400Mhz, 378MB of RAM, 10 GB HD) to my other PowerBook (PowerPC @ 1Ghz, 768MB of RAM, 60GB HD), as I haven't used it for ages and I still use a lot the old machine.
On the move I plan to change a lot of things, the machine is going to run multiple vservers and I plan to change a lot of the software I was using, always trying to simplify the maintenance and/or get more performance from the new machine:
The internal network will use dnsmasq for DNS and DHCP (replacing bind9 and the dhcp3-server).
My authoritative nameservers are going to be served by powerdns using the named backend for the primary servers and sqlite3 for the secondary domains.
I'm going to move all my webservers from apache2 to nginx and fast-cgi (the speed and memory gains are huge at work).
I plan to move all my repositories from Subversion to git, including this ikiwiki installation.
I'll try to blog about this new installation once it is done.
Posted Mon 25 Feb 2008 21:38:42 CETI'll be 0x24 (hex) or pow(6,2) (dec) years old next Sunday and it is
becoming obvious that I need to change my lifestyle.
On the physical side I'm sure that I have to loose between 20 and 30 Kg. if I don't want to have health problems in the future. The plan is to change my eating habits and do sport regularly. The basic idea is to do a diet seriously and keep part of the rules more or less forever (that's the habits change); the other important thing is to do some exercise, I've never liked sports too much, but I'm sure I can try to walk some days and swim others (I've been going once a week to the swimming pool during the last months and I'll be doing it twice a week starting this September).
On the mental side, I need to reduce my obligations and care less about the work problems in and out of the office.
To reduce my obligations and have more free time I decided a couple of months ago that I was going to leave the Uni, as it was taking away a lot of time that I can use for more important things; I notified it and after this September I won't be working for the Universitat de València anymore.
Initially my idea was to keep my main work and use some hours each week to work on my PhD Thesis, but the truth is that I'm not interested anymore; I don't have anything specially interesting to say and my main motivation for getting a PhD has also disappeared (at some point I thought about becoming a full time University professor, but after three and a half years I've had enough, at least for a looong while).
This leaves me with my work at the ITI as my main and only work, but after some months I'm seriously considering leaving it also.
My main problem there is that I believe that I'm starting to suffer the Peter Principle or something similar; almost all my professional career I've been working as a technician, first as a programmer and sysadmin and lately as analyst and team leader or technical manager, but now, as it seems to happen always in the Spanish IT companies, I'm being forced to move to a pure project management work and, to be fair, I don't like it.
I don't know if that means that I'll get to my level of incompetence, but if that is the case I think I'll have to try the Peter's Parry, that basically means to refuse a promotion (I've already done it asking to get a place under my theoretical level, although not on a convincing manner, it seems) or use the Creative Incompetence technique, that is, give the impression that you have already arrived to your incompetence level (probably it is too late to do that at my current place, but maybe on the next one I'll be able to do it).
Maybe this is not the last level of the Peter Principle, as I'm sure that I can and will do this work (I'm thinking about moving, but I will not do it until I have a plan for the future, and that will probably mean a new job), but I'm also sure that I will never do it as well as I can do technical tasks because I don't have any real motivation to do it and while I plan to get the skills needed, they are not attractive to me.
I understand that on the current IT world we need to have project managers, and I really hate bad managers, but that does not mean I like to become one, I prefer to be a team leader and work only on one or two projects at a time, instead of having more than five and not do real work in any of them; my main problem is that the challenges and tasks a manager has to do have nothing in common with the things I like from computer science and I'm too perfectionist to handle people that does not care about how things are done in a lazy way (a team leader with a couple of projects can handle technical people, when you are a manager with multiple projects you miss the day to day perspective and problematic people is more difficult to handle).
Oh well, we will see how things evolve. The good thing is that I believe that one way or another I'll end up having a better life and, if I'm able to care less about my own work (and the one done by others) maybe I'll be able to stay at an acceptable level on the hierarchy without getting burn out and maybe some day I'll be able to work again on the things I like and keep my promises.
Posted Tue 07 Aug 2007 22:04:39 CESTSince some weeks ago I've been thinking that I'm not writing on my Blog for long periods, mainly because I don't have too much free time and generally I don't have interesting things to say.
Anyway now I'm starting to believe that I should write more, at least about technical matters; I've been doing a lot of system administration tasks lately and probably it is a good idea to keep a log of the things I've tried and learnt on this Blog, as my notes can be useful to others or at least for myself.
I'm going to bed now, but lets start by enumerating some of the things I must Blog about:
Virtualization using the Linux-VServer technology.
Postfix configurations for the virtual hosts.
Trac installations.
Monit for local monitorization.
HTTP servers and reverse proxies: Pound, Lighttpd, Nginx, Apache2.
... probably a lot of other things I don't remember now ...
The things I would like to look into, if I find the time:
Distributed Version Control Systems like Bazaar, Darcs, GIT or Mercurial.
... and again, another big list of things I don't remember now ...
And the Operating System I'm using to test all those programs:
Posted Fri 15 Jun 2007 00:55:32 CESTOnce more, I'm not going to the Annual Debian Developers' Conference; I've wanted to go to previous editions, but I've always found excuses not to do it: too far away, bad dates, expensive if not going alone, ... and lately I'm too busy to do Debian related activities, mainly because I still have two jobs and my free time is devoted to my son (code named The Beast), that will be two and a half years old in four days.
Anyway, this time I'm a little bit sad, because this edition is closer to home and I could have taken my family with me and be away from a stressing period at work.
Oh, well, maybe next year I'll change my life and will be able to go. Let's hope so.
Posted Thu 14 Jun 2007 23:44:35 CEST
