Blog – SysCrunch

Blog

Linux: No space left on device – running out of Inodes – PHP sessions

May 27, 2016/in Server Optimization /by Admin

A production Ubuntu server could not create anymore files claiming that no space was left. Strangely enough it was not about storage space but inode availability. The first response might be to increase disk size but it will not help unless you format the drive to assign a new number of inodes. Below is the sample output that highlights the problem.

# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1       17G  7.7G  9.0G  46% /
devtmpfs       1001M  4.0K 1001M   1% /dev
none            201M  168K  201M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none           1001M   76K 1001M   1% /run/shm
/dev/xvdg        18G   11G  5.9G  66% /srv/mobi_BACKUP

# df -i
Filesystem      Inodes   IUsed   IFree IUse% Mounted on
/dev/xvda1     1066240 1061813    4427  100% /
devtmpfs        256189     333  255856    1% /dev
none            256229     250  255979    1% /run
none            256229       2  256227    1% /run/lock
none            256229      29  256200    1% /run/shm
/dev/xvdg      1179648   68692 1110956    6% /srv/mobi_BACKUP

The Problem

It should be very hard to exhaust the inodes unless huge amount of 0-sized or very small files are created. If you look in the image above, more than 1 million inodes have been used.

The Solution

It’s necessary to locate all those small files in the partition to get to the source of the problem. We want to find folders with unusual large number of files. A bash command can be of help starting at the root / (borrowed from Ivan).

for i in /*; do echo $i; find $i | wc -l; done

The command will list the directories with the number of files inside, from that point on you can keep on looking up some sub-folders until you find the source. If a sub-folder has too many files, the script might just hang for a long time, so you might have found the troublemaker.

for i in /var/lib/*; do echo $i; find $i | wc -l; done

In this particular case it turned out that PHP sessions were at the source of the issue.

Reason: PHP Sessions

This server is configured to keep the sessions using files thus the Garbage Collection does not take place. Therefore, the sessions have to be cleaned manually. From the previous Stack Overflow link, a cron task can be used for the cleanup:

# /etc/cron.d/php5: crontab fragment for php5
#  This purges session files older than X, where X is defined in seconds
#  as the largest value of session.gc_maxlifetime from all your php.ini
#  files, or 24 minutes if not defined.  See /usr/lib/php5/maxlifetime

# Look for and purge old sessions every 30 minutes
09,39 *     * * *     root   [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm

In order to work, the previous code has to be located inside the file /etc/cron.d/php5

The time can be adjusted according to the actual PHP configuration.

In this particular case there were about 1 million PHP session files, running the cron script would just take too much time. Therefore, a manual delete did the work.

WordPress: Cannot connect to database – MySQL killed

May 27, 2016/in Server Optimization, Web, WordPress /by Hugo Marcelo Muriel

The MySQL server at the SysCrunch server was always being killed, the reason was due to lack of resources (RAM). Even after a memory increase to a total of 3+ GB, the problem persisted.

This blog post describes how to set up a monitoring tool (Monit) under CentOS 6 to monitor processes and to restart them when necessary. It also explains how to avoid the Apache server from exhausting the memory.

The problem

Essentially, the Apache server was consuming most of the RAM leaving little for other processes. Thus, MySQL was eventually killed as well as the ElasticSearch service. This happened as the number of web services and websites in the server increased. This would manifest when bots like googlebot started scanning intensively the server. Yes, Apache and MySQL are running in the same server with the current configuration.

Monit

The steps to install the monitoring tool Monit under CentOS 6 are similar to other service like Apache, you can also follow this tutorial or this one (Monit part) if you are under CentOS 7 and this might help for Ubuntu.

Install Monit

sudo yum install monit

Monit Web Interface

First open the configuration file, you can also use the nano editor.

sudo vi /etc/monit.conf

Find the set httpd port line, uncomment and update the configuration, here is a sample configuration:

set httpd port 2812 and
    use address 192.192.192.192  # Your IP address (private/public) for connections.
    allow 0.0.0.0/0.0.0.0        # What networks are allowed? Any network.
    allow admin:password         # Set username and password
    allow @monit # allow users of group 'monit' to connect
    allow @users readonly # allow users of group 'users' to connect readonly

Add monit to the system startup:

sudo chkconfig monit on

Start the monit service:

sudo service monit start

You can test the web interface in a browser using the provided IP address or hostname (e.g. http://192.192.192.192:8912 or http://hostname.com:8912). It will ask your for the username and password you have defined in the config file.

This is a sample capture of our server web interface:

Monit Monitoring

Monit can monitor multiple processes and execute actions based on some conditions like CPU and memory usage.

Apache Web Server

The paths might be different in your system, make sure to check them before. Find and uncomment the process httpd line, this is a sample config:

check process httpd with pidfile /var/run/httpd/httpd.pid
    start program = "/etc/init.d/httpd start" with timeout 60 seconds
    stop program  = "/etc/init.d/httpd stop"
    if cpu > 70% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if totalmem > 1500.0 MB for 5 cycles then restart
    if children > 250 then restart

Essentially, the Apache server cannot take more than 1.5 GB, if it reaches that limit at least during 5 cycles, it gets restarted to free resources. The same happens if too many workers (250) are created. These values depend heavily on your system resources and the number of processes you are running.

MySQL Server

The default monit config file does not include a sample for MySQL. Following the Apache configuration and some samples from stack overflow, this is a proposed config that you can add after the Apache config:

check process mysql with pidfile /var/run/mysqld/mysqld.pid
  group mysql
  start program = "/etc/init.d/mysqld start"
  stop program = "/etc/init.d/mysqld stop"
  if failed host 127.0.0.1 port 3306 then alert
  if failed host 127.0.0.1 port 3306 then restart
  if 5 restarts within 5 cycles then timeout

If the server does not respond on port 3306, it raises an alert first and then does a restart. If too many restarts happen within a short period (5) then it timeouts.

ElasticSearch

Similar to the MySQL config, this is a proposed configuration that you can put after the Apache or MySQL configs.

check process elasticsearch with pidfile /var/run/elasticsearch/elasticsearch.pid
  start program = "/etc/init.d/elasticsearch start"
  stop program = "/etc/init.d/elasticsearch stop"
  if failed host 127.0.0.1 port 9200 then alert
  if failed host 127.0.0.1 port 9200 protocol http then restart
  if 5 restarts within 5 cycles then timeout

I haven’t seen any alerts or restarts of this service yet. Notice the protocol http condition for the restart, it might be necessary as ElasticSearch runs as a http application on that port.

Configuring Alerts

Monit lets you configure alerts by e-mail, in this case we use gmail as SMTP and you can also default to localhost to deliver the e-mails. You can refer to the Monit documentation for more details.

Find and uncomment the set mailserver line to ressemble to:

set mailserver smtp.gmail.com PORT 587 USERNAME "your-user@gmail.com" PASSWORD "your-password" using TLSV1 with timeout 30 seconds

You have to replace the username and password. You can then find the set alert line to define the recipient:

set alert dummy@syscrunch.com not on { instance, action }

This alert is skipping Monit actions like start, stop or performing user actions in order to avoid trivial cases.

IMPORTANT: Gmail will not send e-mails with this configuration unless you enable the less secured Apps option for your account at http://www.google.com/settings/security/lesssecureapps.

Apache Server RAM Solution

After monitoring the processes with Monit, the problem was with the Apache server that was running too many worker instances. This would lead to exhausting the system memory and lead to other processes being killed. The issue is that most of the web services (virtual hosts) were configured with a HTTP Keep Alive header, this allows for faster response times but it consumes more resources as the connection is kept open.

The solution was to remove the Header set Connection keep-alive from the virtual hosts. It can also be set explicitly to close Header set Connection close. Alternatively there are other options to tune the persistent connections like MaxKeepAliveRequests and KeepAliveTimeout , it’s recommended to have a good understanding since for HTTP 1.1 clients, the default option is to keep connections alive, you can read more in the Apache docs for Keep Alive.

In the end with this configuration, it was possible to launch 3000 thousand requests with 60 concurrent requests using Apache Benchmark (3 parallel calls) and the server handled it without any problems. Here is a sample output of one of the tests:

Server Hostname:        www.syscrunch.com
Server Port:            80

Document Path:          /
Document Length:        47998 bytes

Concurrency Level:      20
Time taken for tests:   122.177 seconds
Complete requests:      1000
Failed requests:        0
Total transferred:      48396000 bytes
HTML transferred:       47998000 bytes
Requests per second:    8.18 [#/sec] (mean)
Time per request:       2443.541 [ms] (mean)
Time per request:       122.177 [ms] (mean, across all concurrent requests)
Transfer rate:          386.83 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:       55  139  93.7    113     973
Processing:   320 2278 594.2   2249    8164
Waiting:      188 2011 601.7   1987    8009
Total:        380 2417 594.7   2375    8336

Percentage of the requests served within a certain time (ms)
  50%   2375
  66%   2481
  75%   2562
  80%   2616
  90%   2855
  95%   3265
  98%   4264
  99%   4564
 100%   8336 (longest request)

I wrote this article to document the solution to this problem and it might be updated over time.

Hope it’s useful for some other people.

FusionArtWorks: Unique modern art in London

May 4, 2016/in Blog, Other /by Hugo Marcelo Muriel

What do you think of modern art?

This is a short post to introduce a promising digital art studio based in London, FusionArtWorks.

It is art meeting digital art, they create a unique interpretation of any artwork that you can imagine. See a sample of their work below or on their Art Gallery online.

Marilyn is Alive – Unique Canvas ArtWork in Klimt Style

La Dame de Vie

Kissing the Sun – Unique Canvas ArtWork in Miró Style

Applemoon – Unique Canvas ArtWork in Cézanne Style

Tired of Firefox fast releases?

April 15, 2013/in Blog, Browsers, Web /by Hugo Marcelo Muriel

Firefox has been releasing major versions every 6 weeks since April 2011 going from a version 4 to version 20 (time of writing). I want to present some numbers in terms of versions and browser market share of what happened since then.

What was the goal of the fast releases? Wikipedia quotes:

“The stated aim of this faster-paced process is to get new features to users faster”

The features have been added but in the busy life of users and workers it’s not the priority, we just need a browser that works, gets faster and doesn’t get in the way. I’m speaking as a user and also as a developer who loved Firefox in the past. Honestly, from a user perspective it does not appear as loads of features. Back in 2011, there were lots of articles explaining the move and possible issues, good analysis and thoughts and user concerns.

Let’s get into the numbers. I prepared a graph that shows the version evolution over time, it uses the data form the History of Firefox in Wikipedia.

Observing at the version release, one can clearly see that the release-pace is now very fast, specially compared to previous releases. In despite of this effort the market share continued decreasing. See below the market share graph, the data is from StatCounter aggregated by Wikipedia (desktop and mobile combined).

Firefox and Internet Explorer lost market share to Chrome. However IE was loosing faster till early mid 2012 where the decreasing pace of Firefox and IE is similar. What is interesting is to see the lines of Firefox and Chrome, is almost the opposite since early 2011, when the fast-releases started.

Maybe, you’re wondering what happened before 2011. The following graph is a plot of browser market share since 2007, the data used is from W3Counter.

One can clearly see that the browser that lost the most is Internet Explorer. Firefox is yet decreasing but in Mid 2010 had more than 30% market share. The 10% lost from then up to now looks steady (decreasing) and there is no any hint that fast-releases helped or affected Firefox.

What would it take for users to get excited about Firefox (again)? These are my thoughts:

Silent upgrades. Do not ask to press a button to upgrade every 6 weeks. There are other means to catch user attention and hence loyalty, opening a tab after an upgrade as Firefox does, it’s a good one. Or even to put the version number in clear sight in the User interface.
Javascript performance, this would definitely be a killer, a reason why currently Chrome is my browser choice. This seems to be coming with OdinMonkey (only 2 times slower than native code) in Firefox 22, in june 2013.

What about you? Do you use Chrome, Firefox, both?

Apache Server: KeepAlive, good practice

April 15, 2013/in AWS, Blog, Server Optimization /by Hugo Marcelo Muriel

The KeepAlive parameter is more important than you might actually think, we learnt the hard way. Many good articles have discussed the KeepAlive topic (e.g. KeepAlive On/Off) with good arguments. Here I’ll present rather a summary.

I personally set up our apache server for development machine in EC2/VPC (Amazon Web Services). I set up the KeepAlive parameter to On because we were concerned with speed more than with memory. The server was running fine with sometimes Apache taking spikes in memory usage. The problem started when our blog began to increase traffic and suddenly it was practically impossible to connect to the server, it was running low in memory with Apache taking up to 1GB in memory! And as usual in the worst moment! The first time, a graceful restart of Apache fixed the problem but it was just getting worse.

How much traffic did it take? Not that much, a simple Apache Benchmark test with 20 concurrent connections and 50 queries was enough to render the server unusable.

ab -c 20 -n 50 http://our-server/

Just imagine several (smart) spiders hitting your server, that would be it.

Then, I had to set the KeepAlive value to Off, the requests take a bit longer but our server now can take much more. You can fine tune the worker values too.

sudo vi /etc/httpd/conf/httpd.conf; # in CentOS and set: KeepAlive Off

Conclusion, if your going to expose your server to a broad audience set KeepAlive to Off. However, if you rather control the amount of traffic and the authorised host/machines that connect to your server, then you might set KeepAlive to On.

As a final advise, block common attacks to your server. I personally use the script that is also used in phpmyadmin. See below, you can add it to your VirtualHost configuration or to an .htaccess file.

# Allow only GET and POST verbs
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
# Ban Typical Vulnerability Scanners and others
# Kick out Script Kiddies
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC]
RewriteRule .* - [F]

Hope it was useful and do not forget to optimize your server!

Amazon EC2 Attach Elastic Network Interface (VPC)

April 15, 2013/7 Comments/in AWS, Blog /by Hugo Marcelo Muriel

We are running our Virtual Private Cloud (VPC) using Amazon Web Services (AWS). In this particular case we wanted to add an extra elastic network interface to one of our servers which is an Amazon AMI (CentOS). This should be an easy task that should take 10 minutes but you need to be careful, otherwise you’d spent much more time.

The first step is to attach an Elastic Network Interface (ENI) to your instance. This can be accomplished using the Amazon console, first, creating a new interface (if you don’t have one available) and then attach it either when launching a new instance or when your instance is stopped.

Next, attach an Elastic IP Address to your interface (if you need to). Up to this point your instance should have two network interfaces, each with an elastic IP.

Connect to your VPC instance as usual and run a ifconfig command in your shell to see the list of interfaces.

ifconfig

What you see next is the default interface (eth0) and the loopback one. ~~then you need to create an interface manually (e.g. eth1) which is rather straightforward.~~

Edit: There is no need to create manually an interface configuration, Amazon provides the ec2-net-utils to do that task for you. Issue the command below to configure and bring up your new interface.

sudo ec2ifup eth1  
ifconfig

You shall see your new interface listed as eth1 as in the image below (or eth2 as it might be the case) and it’s now reachable from other hosts in the same subnetwork (or the internet if using an elastic IP attached to it).

If you do a mistake you can bring the interface down with the command counterpart:

sudo ec2ifdown eth1

Run the commands below to add a network interface to your instance.
cd /etc/sysconfig/network-scripts sudo cp ifcfg-eth0 ifcfg-eth1 sudo vi ifcfg-eth1
The *only* parameter you need to change is the device
DEVICE=eth1
(i.e. setting the name). Save the changes and quit the editor.
Finally, it only remains to restart the network:
sudo /etc/init.d/network restart
If you run again
ifconfig
, you should now see your new interface in the list.

~~For a longer explanation on how to setup an interface in your instance, have a look at this tutorial.~~

That’s it, you should now have both of your interfaces working but for security, check if you can connect/reach both interfaces (e.g eth0 and eth1 in the example). If you ever find a problem such as only one interface being reachable/functional then go to your Amazon console Detach and Reattach the new interface (ENI) and run the ec2ifup command, check also your firewall settings.

For a longer explanation of ENIs and the ec2-net-utils you can refer to the EC2 user guide.

Thanks for reading, hope it helps somebody

WebTech : Frameworks for Web Development

November 6, 2012/in Events /by Admin

We are organising a WebTech event in Cochabamba on Friday, Sep. 16th at 16:00 that will be on the major Frameworks currently used for web development. Members of our team and guest speakers will take on :

Symfony 2 (Gabriel Rivero)
Zend Framework (Carlos Cabellero)
Ruby on Rails (Richard Cruz)
Django (Antonio Mamani)

This presentation is addressed to all web enthusiasts specially those from universities and companies. You don’t need to be an expert to participate, just drop by; you will be introduced to each Framework with use cases and code examples. The entrance is free, don’t miss it!

CMS for dummies – Sep. 7th 2012

August 30, 2012/in Events /by Hugo Marcelo Muriel

Our regional team, SysCrunch Cochabamba is organizing a dive-into-CMS (Content Management System) event on Sep. 7th addressed to the universities’ communities and for the general public too.

A group of enthusiasts will present 3 of the most widely spread CMS : Drupal, WordPress and Joomla. The goal is to introduce the use of CMSs as a painless process and to distinguish between the pros and cons of each of them in different circumstances.

Motivated to come? Please go to the Facebook event we created and click on Join.

preg_replace compilation failed (Amazon EC2, WordPress)

August 30, 2012/9 Comments/in AWS, Blog, Bugs /by Hugo Marcelo Muriel

We have an Amazon EC2 AMI (Linux) hosting the latest WordPress installation (3.4.1) at this point in time. All the configuration was running fine till an upgrade that introduced a PHP warning:

“Warning: preg_replace(): Compilation failed: unknown option bit(s) set at offset 0”

The first time I noticed it, I didn’t pay that much attention since the WordPress administration was still working besides the warning but some other functionality like the shortcodes was not.

The problem arose when we needed the GD library to generate png and jpg images on the fly which, is used in a WordPress theme. By doing a simple install of the library (php-gd.x86_64, for our system) several dependencies were upgraded to newer versions (php, php-cli, php-common, php-mysql, php-pdo). The install finished normally without any warnings to be worried about.

After a while digging in Google, I found this post which was having a similar problem and most importantly it hinted that the problem was the PCRE library (libpcre), which was being loaded differently (different versions) in the apache and commandline modes. Running the php code below in command line and a web page would show that:

php_info();

The same post mentioned that a libpcre upgrade would fix the problem. Thus, I went for the upgrade from version 7.8-3.1.8 to version 8.21-5.3 in our Amazon Linux instance running the following commands:

sudo yum search libpcre # Find the library
sudo yum install pcre.x86_64 # Install the right library.

If you’re running a different linux system other than the Amazon Linux AMI or CentOS you might refer to your docs. For example in Ubuntu the package manager is apt-get.

This should never have happened if the dependencies were checked correctly during the GD library install. Maybe the libpcre version was not considered as needing an upgrade. Anyhow, I hope this helps others to save some time fixing this problem.

If you have any comments or further information on this issue, I’d appreciate if you let me know.

Why do we need Flash?

April 29, 2012/1 Comment/in Blog, Web /by Hugo Marcelo Muriel

Flash is a technology that most people surfing the web is aware and used to, at least 99% PC-users have installed the Flash Player runtime according to Adobe by July 2011. Although those numbers are from a single source and it happens to be the Company behind it itself, it is possible to say they are credible enough and some other sites provide similar statistics too (e.g. RiaStats).

The applications for Flash have changed over time, in the beginning developers were using it for animations and banners all the way to play online video and all the major online video sites still use it widely, namely YouTube, Yahoo Video, Bing Video, Daily Motion, Vimeo and others. Most developers will agree that the best use of Flash is for online video and that’s thanks to its streaming capabilities using the Real Time Messaging Protocol (RTMP). However since the era of HTML5 which can embed videos using the video tag, some players (e.g. YouTube HTML5 Player) have migrated or offered both alternatives. However there is more, Flash has gone far beyond after the Rich Internet Applications (RIA) offering development environments and APIs such as Flex Builder based on the Flex SDK.

Thanks to all the tools and resources available to build flash content, it is possible to achieve stunning visual results. However, and most authoring people will agree, it is necessary to build flash content carefully. That means, to understand the basis of the Flash Players and how the content is executed. Developers should not forget that the code is executed on the client side since the players are just plugins executed inside the web browsers and that the computer memory and processor will be taxed during the execution. There is nothing more disturbing that being surfing quietly on the web and to land on a site that has flash content that makes your computer over-boost and give you the feeling that your computer is trying to take-off. It is not completely the problem of the technology used to build flash content or execute it (players) but the way the content has been produced/written. As usual, latent problems open the doors for new opportunities and solutions and this time has not been an exception. Some decided to migrate to HTML(5)/CSS(3) and AJAX, even of the pain that causes to make it cross-browser compatible and some others have gone even wilder developing browser plugins to block flash content such as FlashBlock for Chrome or FlashBlock for Firefox which are not just used by few but millions all over the internet.

So, Why do we need Flash? We need it to run the existent content that has been authored for flash. Although lots of sites have migrated or created a non flash version of their content to allow devices which do not support flash to visualize the content and those are mainly iOS devices (iPad, iPhone, iPod) and devices with small screens. But, is it possible to achieve the same results as in Flash using HTML5/CSS/Javascript? It depends, if you’re just after visually good looking sites or Apps with animations and effects, yes, CSS and Javascript can do that for you. However if you are writing RIA applications, it depends on what you want to leverage, your skills and background; you have plenty of frameworks, libraries and components available for Flash (AS2/AS3) as well as for Javascript (jQuery based, MooTools, Node.js). Personally, I would go on the side of the standards (HTML5/CSS3/Javascript). after all, Adobe is one of the active supporters of HTML5.

So, What do you need Flash for?

Linux: No space left on device – running out of Inodes – PHP sessions

The Problem

The Solution

Reason: PHP Sessions

WordPress: Cannot connect to database – MySQL killed

The problem

Monit

Install Monit

Monit Web Interface

Monit Monitoring

Apache Web Server

MySQL Server

ElasticSearch

Configuring Alerts

Apache Server RAM Solution

FusionArtWorks: Unique modern art in London

Tired of Firefox fast releases?

Apache Server: KeepAlive, good practice

Amazon EC2 Attach Elastic Network Interface (VPC)

WebTech : Frameworks for Web Development

CMS for dummies – Sep. 7th 2012

preg_replace compilation failed (Amazon EC2, WordPress)

Why do we need Flash?

Pages

Language:

Search

Like our Facebook page

The Problem

The Solution

Reason: PHP Sessions

The problem

Monit

Install Monit

Monit Web Interface

Monit Monitoring

Apache Web Server

MySQL Server

ElasticSearch

Configuring Alerts

Apache Server RAM Solution

Popular content

Pages

Language:

Search

Like our Facebook page