Blog Without An Important Name

I’ve been setting up a Puppet system at work so we can easily set up virtual servers, and also so that all the configuration is in one place.

Yesterday, someone suggested to me how I can have our existing Nagios system monitor the state of the puppet configuration. This allows me to be notified if there is something causing puppet to fail on any of the monitored nodes.

There is a Ruby script out there that is a Nagios plugin, however it requires extra Ruby libraries, and I don’t know how to handle them nicely on a Debian system. I do, however, know how to handle Perl libs. So I wrote a Perl plugin that does the same task. It’s got a lot of hard-coded paths and times and such, you’ll want to make completely sure that they work in your configuration. It’s also not well documented, but it is quite basic: check_puppet.pl

The main tricky dependency it has is on Nagios::Plugin, but it’s in CPAN, so some dh-make-perl should get you a Debian package for it easily.

I now have the maximum possible number of assurance points for CACert, 150. This means two things. One is that I can now get SSL and email certificates that last two years, and the other is that I can now allocate points to others.

So if anyone who happens to be in the same place as me (generally Dunedin, but right now various bits of Australia) wants some, they should get in touch.

A nice side effect is that there is now enough people in Dunedin to get another person up to the required 100 points so they can then allocate them, so the region can now bootstrap itself fairly easily.

I’ve finally gotten around to putting all my kallisti.net.nz stuff onto a real server. Well, I guess it’s not a real server, as it doesn’t actually exist anywhere. But it’s a real virtual server, as opposed to the quaint Pentium Celeron 466 that was doing the job.

It’s now hosted by TekTonic, who do a pretty good deal for a fairly minimal unmanaged virtual server. It’s the first one of those listed that I’ve got. The CPU is more than enough for what I’m going to be doing, and the bandwidth is many times better than the 256k/128k that the old server was on. The only catch really is the disk, I have not too far off 10G of stuff to put on it. Of course, I guess I could delete some email or something…

I’m hoping that someone builds a system that lets me use Amazon S3 to store the photos in gallery, that’ll make life a lot easier, as then I won’t have to worry about space on it at all.

Anyway, the migration is still in progress. Jabber.kallisti.net.nz was moved first, as that was pretty easy, and I now have www.kallisti.net.nz on there, except gallery. Now it’s just the other websites that are hosted there, and finally the mail. Mail is going to be the most tricky, as new mail will always be coming in, and it has a fairly complex setup. A curious side-effect of it being split up like this, is that if one webmail user sends an email to another webmail user, it will travel to the US and back up to four times, as it’s stored in NZ, the webmail runs in the US, and then that’s likely to be viewed in NZ again. However, this will become a little more sane soon I hope.

The eventual upshot of this is that for the first time in years, I won’t have to have a computer running in my bedroom 24/7

The default install of Webalizer on Debian doesn’t perform DNS lookups on the log files, although it is capable of it. There are three ways of getting Webalizer to do this, in rough order of recommendedness: 1) make your webserver do the lookups when it writes the logfiles (this makes your webserver slower, and has been a source of vulnerabilities in the past), 2) use logresolve to pre-process your log files (logresolve isn’t included in Debian sarge), and 3) tell webalizer to do it.

Making webalizer do it is pretty easy, simply add lines similar to the following in /etc/webalizer.conf:

DNSCache /var/log/apache2/dns_cache.db
DNSChildren 5

The first tells it where to put it’s cache file, the second tells it how many resolutions to do at once. The higher, the faster, but also the higher load on the system.

If you add these lines to the config, keep in mind that only new entries will be updated, and so it won’t be until the next month rolls around that you have a complete statistics by domain name.