Develop Reference

i installed FreeRADIUS , Mysql inside docker Container

I installed FreeRADIUS , Mysql inside docker Container
I exposed ports 1812 , 1813 , 3306 outside .
I imported Database to mysql .
I inserted this rows to databases
INSERT INTO nas VALUES (NULL , '0.0.0.0/0', 'myNAS', 'other', NULL , 'mysecret', NULL , NULL , 'RADIUS Client');
INSERT INTO radcheck (username, attribute, op, value) VALUES ('thisuser', 'User-Password', ':=', 'thispassword');
INSERT INTO radusergroup (username, groupname, priority) VALUES ('thisuser', 'thisgroup', '1');
INSERT INTO radgroupreply (groupname, attribute, op, value) VALUES ('thisgroup', 'Service-Type', ':=', 'Framed-User'), ('thisgroup', 'Framed-Protocol', ':=', 'PPP'), ('thisgroup', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');
and i stopped freeradius ==> service freeradius stop
and iam using debug mode ==> freeradius -X
And when using this Command in another terminal for the same container ==> radtest thisuser thispassword 127.0.0.1 0 mysecret
Output: Server Accepted the request
But When the previous Command in another machine
Server does not see the request and output in the other machine is " No response "
Notes in the IN etc IN freeradius IN radiusd.conf file :
listen {
type = auth
ipaddr = *
port = 0 }
listen {
ipaddr = *
port = 0
type = acct }
How can i fix it ?

Adding the rows to the sql database is insufficient. You need to configure your sql instance in mods-available/sql to match your local database, uncomment read_clients in mods-available/sql, and list the sql module in the instantiate section in radiusd.conf to ensure it's loaded if it's not referenced elsewhere in one of the virtual servers.
After making these changes, restart the server. The SQL module should then read the clients list in on startup. Check the debug output freeradius -X to ensure the SQL module can connect to your database, and read the NAS entries in successfully.
The reason why your local connections work is because there's a client entry included for localhost in the clients.conf file that ships with the server.

I fixed this Issue by expose Ports in UDP Protocol -p 1813:1813/udp -p 1812:1812/udp

Ganglia:No nodes were viewed in ganglia web (centOS7)

I installed ganglia server and client at the same machine. But no nodes can view in the web when it finished. No matter google or baidu,no resolution about this problem appeared.I need help.
So this is my gmetad.conf:
[root#tools etc]# egrep -v "^#|^$" gmetad.conf
data_source "trainor" localhost 127.0.0.1
setuid_username "apache"
rrd_rootdir "/var/lib/ganglia/rrds"
case_sensitive_hostnames 0
here is my gmond.conf:
[root#tools etc]# egrep -v "^#|^$" gmond.conf
globals {
user = apache
}
cluster{
name = "trainor"
owner = "apache"
latlong = "unspecified"
url = "unspecified"
}
udp_recv_channel {
port = 8649
}
tcp_accept_channel {
port = 8649
}

Do you have a udp_send_channel set? In my experience (3.1.7), gmond doesn't report a node's own stats over the TCP channel (xml reporting) unless it receives them over UDP (raw stats collection).
You can use "gstat" to connect to gmond to see what it's outputting, or netcat to the TCP port:
nc node1.domain.com 8649
I found these pages the most useful:
https://github.com/ganglia/monitor-core/wiki/Ganglia-Quick-Start
http://timstaley.co.uk/posts/ganglia-setup-explained/

Why my service freezes when over 100 users access to it?

I'm running the service that I developed by myself.
Ruby on Rails.3.2.11, Passenger, and Apache2 are being used.
It seemed working fine until there are over 100 registered users accessing to the service at the same time.
When it happens, my service completely freezes and there won't be any response(Just keep loading forever)
So, all I can do is restarting Apache. It solves the problem for a moment but it occurs again and again!
I thought that handling about 100 users won't be that big problem in Ruby on Rails App.
But I'm guessing that my unique feature is preventing that.
There are 2 things that I care about.
All the registered user's last_active_at(datetime) will be updated when every load
(Every page, and Every time)
All the registered user's point will be increased by 100 when it's his first access in a day(If user access to the service, he can earn 100 points. But only once in a day)
This will be checked in every page, too. Just like last_active_at
The codes for that is just like this
application_controller.rb
class ApplicationController < ActionController::Base
before_filter :record_user_activity
def record_user_activity
if current_user
#Retrieving current_user
#myself_user = User.includes(:profile).find(current_user)
#Checking if current_user hasn't received bonus for today yet
if #myself_user.point_added_at.nil? || !#myself_user.point_added_at.today?
#Checking if current_user shows his online status to public(If so he can earn 100 points)
if #myself_user.profile.activity_invisible.blank?
plus_point(#myself_user, 100)
flash[:alert] = '100 points for today's bonus is added!'
#myself_user.touch :point_added_at
#myself_user.save
end
end
#Updating last_active_at(datetime)
if #myself_user.profile.activity_invisible.blank?
#myself_user.touch :last_active_at
#myself_user.save
else
#myself_user.touch :updated_at
#myself_user.save
end
end
end
end
And this is the result of performance monitoring.
Please, tell me what would be the bottle neck problem, and how to solve it!
Thanks!
UPDATE:
my.cnf
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /var/lib/mysql/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
character_set-server=utf8
innodb_buffer_pool_size=384M
innodb_log_file_size=128M
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
# Replication Master Server (default)
# binary logging is required for replication
log-bin=mysql-bin
# binary logging format - mixed recommended
binlog_format=mixed
# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
server-id = 1
# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
# the syntax is:
#
# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
# where you replace <host>, <user>, <password> by quoted strings and
# <port> by the master's port number (3306 by default).
#
# Example:
#
# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
# MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
# start replication for the first time (even unsuccessfully, for example
# if you mistyped the password in master-password and the slave fails to
# connect), the slave will create a master.info file, and any later
# change in this file to the variables' values below will be ignored and
# overridden by the content of the master.info file, unless you shutdown
# the slave server, delete master.info and restart the slaver server.
# For that reason, you may want to leave the lines below untouched
# (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id = 2
#
# The replication master for this slave - required
#master-host = <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user = <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password = <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port = <port>
#
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin
# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /var/lib/mysql
#innodb_data_file_path = ibdata1:10M:autoextend
#innodb_log_group_home_dir = /var/lib/mysql
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 768M
#innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 100M
#innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 2
#innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates
default_character_set=utf8
[myisamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
UPDATE2:
[mysqld]
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-external-locking
key_buffer_size = 256M
join_buffer_size = 1M
thread_cache = 8
thread_concurrency = 8
thread_cache_size = 60
query_cache_size = 32M
max_connections = 200
max_allowed_packet = 1M
table_open_cache = 256
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 1M
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
character_set-server=utf8
innodb_buffer_pool_size=384M
innodb_log_file_size=128M

Passenger defaults to a max of 6 concurrent processess. 6 does not sound like a lot, but in general, even with 100 users at the same time, you will not need 100 processes at the same time.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxPoolSize
You can increase this to 12 in passenger.
Note that each process in passenger will take up ram. Significantly more ram.
Here are 2 alternatives:
1) Move to a threaded web server, Puma. The default concurrency with Puma is 25.
2) Move the processing offline
* use Sidekiq or Resque to store the record-activity offline
Or, do all of them.
I would create a test environment, and use blitz.io to test your setup and find when your system will show slowdowns, and then stoppages.

Posting this as an Answer since unable to comment on original question.
The behavior you describe is consistent with thread or database connection management issues. Could you tell us this size of your database connection pool (e.g., 100?)? Is it possible your application is not releasing their database connections? If all the db connections in the pool are used up and not released, it would result in similar behavior you are describing.

IMAP Error: Login failed - Roundcube

I'm trying to login to Roundcube only the program won't let me.
I can login to the said account from the shell and mail is setup and working correctly on my server for user 'admin'. It's RC that is the problem. If I check my logs:
/usr/local/www/roundcube/logs/errors
they show:
[21-Sep-2013 17:19:02 +0100]: IMAP Error: Login failed for admin from ip.ip.ip.ip. Could not connect to ip.ip.ip.ip:143:
Connection refused in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 184
(POST /roundcube/?_task=login&_action=login)
which doesn't give me many clues really, just leads me to:
public function connect($host, $user, $pass, $port=143, $use_ssl=null) {}
from
rcube_imap.php
Stuff I've tried, editing:
/usr/local/www/roundcube/config/main.inc.php
with:
// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use
// best server supported one)
//$rcmail_config['imap_auth_type'] = LOGIN;
$rcmail_config['imap_auth_type'] = null;
// Log IMAP conversation to <log_dir>/imap or to syslog
$rcmail_config['imap_debug'] = /var/log/imap;
With a failed login attempt
/var/log/imap
doesn't even get written to, leaving me no clues. I'm using dovecot and Sendmail on a FreeBSD box with full root access. It's not an incorrect username password combination for sure.
Several Googles on the string 'Roundcube: Connection to storage server failed' are fruitless.
EDIT:
I needed an entry in
/etc/rc.conf
dovecot_enable="YES"
Schoolboy error.

I had the same problem with a letsencrypt certificate and resolve it by disabling peer authentication:
$config['imap_conn_options'] = array(
'ssl' => array('verify_peer' => true, 'verfify_peer_name' => false),
'tls' => array('verify_peer' => true, 'verfify_peer_name' => false),
);
Afterwards you can set the connection string like this (starttls):
$config['default_host'] = 'tls://your-host.tld';
$config['default_port'] = '143';
$config['smtp_server'] = 'tls://your-host.tld';
$config['smtp_port'] = '25';
Or like this (ssl approach):
$config['default_host'] = 'ssl://your-host.tld';
$config['default_port'] = '993';
$config['smtp_server'] = 'ssl://your-host.tld';
$config['smtp_port'] = '587';
Make sure you use the fully qualified hostname of the certificate in the connection string (like your-host.tld) and not an internal hostname (like localhost).
Hope that helps someone else.

Change the maildir to whatever your system uses.
Change Dovecot mail_location setting to
mail_location = maildir:~/Mail
Change Postfix home_mailbox setting to
home_mailbox = Mail/
Restart services and away you go
Taken from this fedoraforum post

If you run fail2ban, then dovecot might get banned following failed Roundcube login attempts. This has happened to me twice already...
First, check if this is indeed the case:
sudo fail2ban-client status dovecot
If you get an output similar to this:
Status for the jail: dovecot
|- Filter
| |- Currently failed: 1
| |- Total failed: 8
| `- File list: /var/log/mail.log
`- Actions
|- Currently banned: 1
|- Total banned: 2
`- Banned IP list: X.X.X.X
i.e. the Currently banned number is higher than 0, then fail2ban was a bit overeager and you have to "unban" dovecot.
Run the fail2ban client in interactive mode:
sudo fail2ban-client -i
and at the fail2ban> prompt enter the following:
set dovecot unbanip X.X.X.X
where X.X.X.X is the IP address of your Dovecot server.
Exit from the interactive client and run sudo fail2ban-client status dovecot again. The Currently banned: field now should have a value of 0. What's more important, RoundCube should work again :-)

The issue is in your mail server.
Check your ports in your mail server and reset it (if necessary):
Port 25 (and 587) must be open for SMTP
Port 143 (and 993) must be open for IMAP
Port 110 must be open for POP3
Also open those ports in your firewall settings.

sudo dovecot should solve the problem.
If not restart dovecot
sudo service dovecot restart

neo4j1.4 ha "Graph database not assigned and no cause of shutdown, maybe not started yet or in the middle of master/slave swap?"

zookeeper 3.3.2 on solaris10 x64
at solaris 10 x64 config:
zookeeper 3.3.2 install /export/zookeeper-3.3.2
3 zookeeper dir
/export/zookeeper1
/export/zookeeper2
/export/zookeeper3
startup.sh
nohup /jdk1.6.0_16/bin/java -cp zookeeper-3.3.2.jar:lib/log4j-1.2.15.jar:conf org.apache.zookeeper.server.quorum.QuorumPeerMain ../zookeeper1/conf/zoo.cfg > nohup1.txt &
nohup /jdk1.6.0_16/bin/java -cp zookeeper-3.3.2.jar:lib/log4j-1.2.15.jar:conf org.apache.zookeeper.server.quorum.QuorumPeerMain ../zookeeper2/conf/zoo.cfg > nohup2.txt &
nohup /jdk1.6.0_16/bin/java -cp zookeeper-3.3.2.jar:lib/log4j-1.2.15.jar:conf org.apache.zookeeper.server.quorum.QuorumPeerMain ../zookeeper3/conf/zoo.cfg > nohup3.txt &
zookeeper1
zoo.cfg
tickTime = 2000
initLimit = 10
syncLimit = 5
dataDir = /export/zookeeper1/data
dataLogDir = /export/zookeeper1/log
clientPort = 2181
server.1=localhost:2888:3888
server.2=localhost:2889:3889
server.3=localhost:2890:3890
zookeeper2
zoo.cfg
tickTime = 2000
initLimit = 10
syncLimit = 5
dataDir = /export/zookeeper2/data
dataLogDir = /export/zookeeper2/log
clientPort = 2182
server.1=localhost:2888:3888
server.2=localhost:2889:3889
server.3=localhost:2890:3890
zookeeper3
zoo.cfg
tickTime = 2000
initLimit = 10
syncLimit = 5
dataDir = /export/zookeeper3/data
dataLogDir = /export/zookeeper3/log
clientPort = 2183
server.1=localhost:2888:3888
server.2=localhost:2889:3889
server.3=localhost:2890:3890
neo4j 1.4 install windows 7
neo4j code
String path = "var/graph.ha";
Map<String, String> config = HighlyAvailableGraphDatabase.loadConfigurations("conf/neo4j.cfg");
conf/neo4j.cfg
allow_store_upgrade=true
ha.machine_id = 1
ha.cluster_name = neo4j.ha
ha.server = localhost:6001
ha.zoo_keeper_servers = zoohost:2181,zoohost:2182,zoohost:2183
ha.pull_interval = 600
ha.allow_init_cluster = true
enable_remote_shell = port=1331
startup neo4j ha exception message:
2011-11-02 12:46:44,316 - INFO [main:ZooKeeper#373] - Initiating client connection, connectString= zoohost:2181, zoohost:2182, zoohost:2183 sessionTimeout=5000 watcher=org.neo4j.kernel.ha.zookeeper.ZooClient#16fa474
2011-11-02 12:46:44,674 - INFO [main-SendThread():ClientCnxn$SendThread#1041] - Opening socket connection enter code hereto server / zoohost:2183
java.lang.RuntimeException: Graph database not assigned and no cause of shutdown, maybe not started yet or in the middle of master/slave swap?
at org.neo4j.kernel.HighlyAvailableGraphDatabase.localGraph(HighlyAvailableGraphDatabase.java:282)
at org.neo4j.kernel.HighlyAvailableGraphDatabase.startUp(HighlyAvailableGraphDatabase.java:240)
at org.neo4j.kernel.HighlyAvailableGraphDatabase.(HighlyAvailableGraphDatabase.java:135)
at org.neo4j.kernel.HighlyAvailableGraphDatabase.(HighlyAvailableGraphDatabase.java:111)

I know that there might be problems caused by misconfiguration of /etc/hosts somehow. Could you look for exceptions in storeDir/messages.log? Also did you set the zk/myid files correctly?
Also use 1.4.2 instead of 1.4 since it's has major improvements in the HA area.

question resolve. neo4j.cfg file ip replace host name.