Keeping worker process going with Supervisord

Supervisord is a great system for monitoring processes and restarting them when they fail.  For a Web application, a great use is worker processes which monitor message queues and process jobs asynchronously to the UI.

Supervisord can be installed with:

$ apt-get install supervisor

One nice feature is a web interface which allows you to monitor the processes, and manually restart if necessary.  By default it’s turned off, but you can turn by adding the following lines to the /etc/supervisor/supervisord.conf file:

[inet_http_server]
port=9001

The web interface will now be available on port 9001

by default, the configurations for each process we need to monitor are stored in /etc/supervisor/conf.d

you can have multiple configurations in one file, or keep each one separate.  as an example, here is a file i use to keep a worker process running:

[program:worker]
command=/usr/bin/php /usr/share/tock/worker/worker.php
autostart=true
autorestart=true

This automatically starts the process at boot, and also restarts if it fails!

it’s a pretty configurable system, more details can be found at:

http://supervisord.org/

Configuring sendmail to use an external smarthost

Because the world of Spam email exists, sending emails direct from a server can sometimes be troublesome, especially if you end up in a situation where a large number are being sent.  If you;re running some form of Web App, you obviously dont want your server being accused of Spamming, so a smarthost is the only option!

sendmail is either preinstalled, or easy to install on just about every Linux system I have come across, and setting this up is a breeze.

First you need to set the authorization credentials in /etc/mail/access

AuthInfo:smtp.example.com "U:yourUserName" "P:youPassword" "M:PLAIN"

Next we need to define the smarthost in /etc/mail/sendmail.mc

define('SMART_HOST', 'smtp.example.com')dnl
FEATURE('access_db')dnl
define('RELAY_MAILER_ARGS', 'TCP $h 587')dnl
define('ESMTP_MAILER_ARGS', 'TCP $h 587')dnl

these files are all great human readable config files, but they need to be compiled:

$ cd /etc/mail
$ m4 sendmail.mc > sendmail.cf
$makemap hash access < access

Then we need need to restart to make the settings take effect:

$ service sendmail restart

And we’re done!

Fail2ban

Fail2Ban is a simple service you can install to monitor your auth.log file and temporarily ban IP’s who are trying to log in to your systems.

It works with an number of protocols, but out of the box it comes pre configured to monitor and secure SSH.  You can install is on debian linux with:

$ apt-get install fail2ban

Once installed it will work as-is, but there are two specific things worth configuring.  It’s great to have an email alert when an attempt is made, so we need to configure the default action.  There are three options:

action_
[Default] Just go ahead and ban the IP
action_mw
Ban the ip, but also send an email and whois report
 action_mwl
Ban the IP, send email with whois report and also the auth.log lines containing the rouge IP

 

This needs to be set in /etc/fail2ban/jail.conf.  The default is (line 102):

action = %(action_)s

and finally we need to configure the email address we will send to.  This is on line 57:

destemail = admin@example.com

restart the service:

$ service fail2ban restart

And we’re done!  By default IP’s are banned through IPTables for a period of 10 minutes.

Could not load host key: /etc/ssh/ssh_host_ed25519_key

While checking out my AWS instances /var/log/auth.log I came across a message repeatedly showing up:

Feb 03 18:04:11 edrc sshd[13041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key

If you;re seeing this message, it means that the ed25519 HostKey setting is enabled in your sshd_config, but no host key was generated for it.

The fix is pretty simple.  Just run the following command:

$ ssh-keygen -A
ssh-keygen: generating new host keys: ED25519

Linux USB Device Power Cycling form the Command Line

I’ve been wasting an afternoon playing with my Raspberry Pi today, and having found an old webcam lying around I decided to see if I could make a couple of time-lapse films – No reason, just to see if I can!
Continue reading

The problem with execCommand

A little while back I wrote an article about using contenteditable and execCommand to build World Simplest HTML5 WYSIWYG Inline Editor.

After a huge number of comments from a whole range of people, I ended up deciding that while the editor works, there are some caveats thats just can’t be ignored, so I followed up with  Worlds Simplest HTML Markdown Editor as a simple but usable alternative.
Continue reading

Cisco 857 Router Config

I work from home most of the time, which means my ADSL really is a life line.  Without it i’d be making a 35 mile trek to the office every day.

The village i live in doesn’t have the greatest ADSL, but it’s not too bad either.  For most stuff it’s perfectly workable, however I have repeatedly had problems with home routers and their inability to work correctly for extended periods.  From a ton of reading i guess it’s down to memory leaks etc.  A simple power cycle fixes it, but that’s not a great help during a VoIP call when the line keeps breaking up.  Power cycles typically take 2-4 minutes to complete, which is often an issue, followed by a 1 min VPN reconnect….
Continue reading

Raspberry Pi SD Card Corruption

If you’ve played around with a Raspberry Pi (http://www.rapberrypi.org) much, then you may well have come across a small but quite annoying issue with your SD card becoming corrupt.

Now I can say why it happens, but the problem appears to only happen occasionally, and only with some card, but when it happens it can be really annoying!  I know we’re all supposed to back up after every keystroke, but one of the things about the RPi is that it’s a great hobby platform.  This means that quite often you;re just messing with things to get an idea working.  Often it’s hard to remember exactly what it was that you did to make it work, which makes a corrupt SD even more annoying!
Continue reading

Worlds Simplest HTML Markdown Editor

I recently wrote an article on implementing the World Simplest HTML5 WYSISYG Inline Editor

Well as it turns out, it’s really not that simple!  The number of issue presented by every browser implementing things differently creates a situation where the whole idea can only really be used if you can guarantee with absolute certainty that only one browser type and version will be used!
Continue reading

Git for Deployment

Recently I have been using BitBucket to get to grips with Git. Git is a strange version control system, although maybe that’s because I am more used to SVN.

One thing I had read was that Git was great for remote deployment, because only the deltas are needed, making the whole update process far quicker. The added bonus is that you can always log in to the production server and change branch or revision quickly if you really do foul up!

BitBucket supports Git Hooks. These are essentially scripts which are run on certain events. In my particular case, what I wanted was for BitBucket to POST some data to a specific URL on my server on the event of a push.
Continue reading