DLTJ In a State of Flux

DLTJ is in a bit of flux now. After updating some underlying packages on my 9-year-old Gentoo-based personal server, I’m finding that I can’t start the web server process without the 1-minute load average climbing to roughly 60 in the span of about 5 minutes. (Translation: the machine is working very hard but getting nowhere fast.) Increasingly, the server has also been hard to update — lots of strange errors, etc. — so after 9 years, it is clearly time to rebuild it. In the interim, I’m in the process of moving the blog over to an Amazon EC2 cloud computing instance. If you see this post, you are reading it on that virtual server. The DNS entries should catch up with the migration in a couple of hours.

Gentoo Abandons WordPress in Portage

I don’t think this has been widely announced, but while waiting for an update to Gentoo‘s portage entry for WordPress to cover the latest security and bug fixes, I discovered in the comments of a bug in Gentoo’s bugzilla database that they are making no effort to support WordPress on Gentoo. I think this is really a poor move on Gentoo’s part. As one of the bug commenters noted, “WordPress is, in general, a good product with an extremely active user community and good upstream maintenance.” 1

A GLSA was issued for WordPress vulnerabilities in March — problems that have since been fixed — with this ‘resolution’:

Killing Off Runaway Apache Processes

Well, something is still going wrong on dltj.org — despite previous performance tuning efforts, I’m still running into cases where machine performance grinds to a halt. In debugging it a bit further, I’ve found that the root cause is an apache httpd process which wants to consume nearly all of real memory which then causes the rest of the machine to thrash horribly. The problem is that I haven’t figured out what is causing that one thread to want to consume so much RAM — nothing unusual appears in either the access or the error logs and I haven’t figured out a way to debug a running apache thread. (Suggestions anyone?)

WordPress/MySQL Tuning

dltj.org runs on a relatively tiny box — a Pentium III with 512MB of RAM. I’m running a Gentoo Linux distribution, so I actually have a prayer of getting useful work out of the machine (it server is actually a recycled Windows desktop), but the performance just wasn’t great. As it turns out, there are several easy things one can do to dramatically improve life.

Managing a Gentoo Linux Server Configuration with Subversion, GLCU, and Trac

Keeping track of configuration changes to servers is a tough job made tougher when some of the sysadmins work from home. Questions of who did what when and why can be exacerbated by the lack of physical proximity — in other words, I can’t simply yell over the cubical wall to the colleague down the hall to ask him about the new package installed on the server. Besides, that oral history tradition is difficult to maintain and harder to sustain as the number of machines grows. This essay describes a practice for maintaining a Gentoo Linux distribution using GLCU, Subversion, and Trac that is lightweight (doesn’t impose a large burden on the sysadmin staff), effective (although it is lightweight it better documents and makes accessible the state of our systems over the oral history tradition), and cheap (no operating budget dollars were harmed in the creation of this process — only staff time overhead).

OpenLDAP with a Go Daddy “Turbo SSL Secure Certificate”

Okay — this seemed like a lot harder than it should have been. At the very least, it took piecing together information from a number of places in order to make it happen. The goal is to use a Go Daddy Turbo SSL Secure Certificate (the $19.95/year one) to secure an OpenLDAP server. On the surface, this shouldn’t be so hard. The tricky part comes because the requested SSL cert is not signed by a recognized Certificate Authority root; instead, Go Daddy uses an intermediary certificate and the tricky part is making sure the whole chain of SSL certificates line up properly. There is a wealth of documentation for using intermediary certificates with web servers, but I found very little for OpenLDAP servers. I hope by posting this into the blogosphere you will find it useful someday, too.