I'm setting up a MySql server to run the database from a ramdrive (tmpfs). In order to protect the data, the system has to replicate the database in memory to the drive. The utility, mysqlhotcopy, can be used for this by adding it to a crontab. In my configuration, I'll copy the database to disk every 20 minutes. As my database is primarily read-only, if there were a crash, at worse I'd loose only a few updates.
The problem is that mysqlhotcopy requires a username and password, which must be issued on the command line. Since the command is stored in a crontab, the authentication information is stored in the clear. If someone were to comprimise the machine, I don't want to give them a free ride to the database.
The solution is to create a dummy account with minimuim priviledges. For my dummy account I set all priv's to 'N' except:
Select_priv='Y'
Reload_priv='Y'
Lock_tables_priv='Y'
This allows mysqlhotcopy to replicate the data to disk, but limits an intruder to switching the database to read only.
Monday, November 21, 2005
Sunday, November 20, 2005
Apache modules
I've been needing this for a while: OpenSA has a list a quick reference to Apache modules. I was able to comment out about half the modules and slim the servers by about 12%. That mean more users, less swap. Woohoo!
Friday, November 11, 2005
Car Rentals: DAY beats MCO
...but not in a good way. Just got back from Dayton Ohio and was very dissappointed with the organization of their car rental layout. In fact, I think it is the first airport I've found that is worse than Orlando. (It astounds me that Orlando is so disorganized: With all the Disney tourists, you'd think theyed have thier act together!)
Normally, the Avis car counter has a score board that displays customer's names, and give information about their car. In Dayton, you have to know that the score board is on mounted backwards: You have to walk up to the counter, then turn your back on the counter representative to see the scoreboard.
Once you have you keys, you step outside the bagage area, turn to the right, and walk the one hundred yards to the cars. The cars are in an uncovered lot-- in Ohio. I've lived in Ohio-- it snows in Ohio. Sometimes allot. I don't want to have to load my lugage into a rental car in the snow. (The good new is that the hundred yard walk is not uncovered, they have you walk through a set of tent-like tunnels. This was especially entertaining since its still tornado season-- the tents were acting more like windtunnels than weather protectors.
But here's the best part. The rental return is on the complete opposite end of the airport from the checkin. Now its a two hundred yard walk. Returns should be more convient than pickup. If you arrive in a town late, you simply call your appointment, and blame missing you appointment on the airline. Everyone understands that. If get at the gate late for your flight home because of a problem with the rental car, the airline does not hold the plane for you.
Other than that, Dayton was OK.
Normally, the Avis car counter has a score board that displays customer's names, and give information about their car. In Dayton, you have to know that the score board is on mounted backwards: You have to walk up to the counter, then turn your back on the counter representative to see the scoreboard.
Once you have you keys, you step outside the bagage area, turn to the right, and walk the one hundred yards to the cars. The cars are in an uncovered lot-- in Ohio. I've lived in Ohio-- it snows in Ohio. Sometimes allot. I don't want to have to load my lugage into a rental car in the snow. (The good new is that the hundred yard walk is not uncovered, they have you walk through a set of tent-like tunnels. This was especially entertaining since its still tornado season-- the tents were acting more like windtunnels than weather protectors.
But here's the best part. The rental return is on the complete opposite end of the airport from the checkin. Now its a two hundred yard walk. Returns should be more convient than pickup. If you arrive in a town late, you simply call your appointment, and blame missing you appointment on the airline. Everyone understands that. If get at the gate late for your flight home because of a problem with the rental car, the airline does not hold the plane for you.
Other than that, Dayton was OK.
Friday, November 04, 2005
Fedora 4 Kickstart Errors, Brilliant Fix
Yep, got kickstart working. The fix was AFL brilliant! But before I tell you the solution, you have to promise to understand what I'm saying, rather than blindly implementing the fix.
I added a %pre statement:
dd if=/dev/zero of=/dev/hda count=1000
In other words: I wiped out the partition table. Of course this means all my data was destroyed! But that's OK... Your not suppose to store any mission critical data on a Fedora system anyway.
The major downside is that the system I'm playing with is a dual boot box, supporting both FC4 and RHEL4. This means that if I want to reinstall Fedora, I will have to follow it up with a Red Hat install. The good news is that kickstart still works under RHEL4, so it shouldn't be that painfull, just time consuming.
And, like, I got plenty of time!
I added a %pre statement:
dd if=/dev/zero of=/dev/hda count=1000
In other words: I wiped out the partition table. Of course this means all my data was destroyed! But that's OK... Your not suppose to store any mission critical data on a Fedora system anyway.
The major downside is that the system I'm playing with is a dual boot box, supporting both FC4 and RHEL4. This means that if I want to reinstall Fedora, I will have to follow it up with a Red Hat install. The good news is that kickstart still works under RHEL4, so it shouldn't be that painfull, just time consuming.
And, like, I got plenty of time!
Fedora 4 Kickstart Errors
What a disappointment. Turns out, the kickstart function is virtually useless under Fedora 4. After half a dozen attempts to rebuild a system, I found Chris's Wiki :: blog/linux/FC4BuggyAnaconda, which confirmed that there are two very big bugs in the kickstart facility. One bug will not let Anaconda (the 'client' side of kickstart) allocate partitions. If we can't find the partitions, we can't very well install software to the disk. The second bug prevents the system from being able to identify which packages to install.
So, let's recap: We can't find the disk, and even if we could, we can't figure out what to put on it. Too bad somebody didn't test this before it went out the door.
So, let's recap: We can't find the disk, and even if we could, we can't figure out what to put on it. Too bad somebody didn't test this before it went out the door.
Subscribe to:
Posts (Atom)