Monthly Archives: November 2013

RIP stabber

Today we did shutdown the oldest Gentoo Linux server of our oldest production datacenter. It was running since April, 5th of year 2006 so that’s a total of 2793 days of production level service as a stateful firewall. Its name was stabber, in reference of a vessel in the Eve Online MMORPG which I played a lot at the time.

Our company has been running on Gentoo Linux since 2004 for its Linux platforms and I often hear and experience the astonishment of the other persons I speak to about this : “Gentoo Linux in production, really ?” or “Wow you guys are a bunch of crazy hardcore Gurus”

As if Gentoo Linux did not meet the production level requirements or the security level you expect from another major (usually not free) distribution and as if you had to master some major skills to have it done…

7 years later, stabber is in my opinion a proof that all those assumptions are wrong.

  • I was a junior sysadmin at the time I made this server, we didn’t want to pay for having a proper firewall so we decided to make our own (that’s what Gentoo is to me : simple things done right, no added sugar)
  • The rolling updates of Gentoo did not brake our system and it evolved along our infrastructure
  • The GLSA kept our server immune to security breaches over the years (thx to the Gentoo security team)
  • This server/firewall passed the security tests of both Paypal and Ebay, this looks production level enough to me

We did shutdown this server because it was a single point of failure on an old part of our architecture. Its role has been taken over by two fault tolerant servers/firewalls running… Gentoo Linux of course !

First emerge.log entry

Wed Apr  5 12:53:22 2006 >>> sys-kernel/hardened-sources-2.6.14-r5

Latest uname -a

Linux stabber 2.6.16-hardened-r11 #1 SMP PREEMPT Wed Aug 30 15:51:49 CEST 2006 i686 Intel(R) Xeon(TM) CPU 3.20GHz GenuineIntel GNU/Linux

Latest commands

stabber ~ # echo "je taime" >> last.letter
stabber ~ # shutdown now -h

Dear fellow Gentoo Linux developers, your work makes all this possible, thank you !

keepalived v1.2.9

Another release, 3 months after the mighty 1.2.8. It seems like upstream has awaken !

highlights

  • Jonas Johansson fixed VRRP sync group by sending prio 0 when entering FAULT state. This fix will send prio 0 (VRRP_PRIO_STOP) when the VRRP router transists from MASTER to FAULT state. This will make a sync group leave the MASTER state more quickly by notifying the backup router(s) instead of having them to wait for time out.
  • Jonas Johansson fixed VRRP to honor preempt_delay setting on
    startup.
  • Jonas Johansson extended VRRP code for faster sync group
    transition.
  • Some nice bug fixes to unicast mode.

Full changelog here !

mongoDB v2.4.8, rabbitMQ v3.2.1, rsyslog v7.4.6

mongodb-2.4.8

You should consider this important update if you have a cluster running v2.4.7. It contains a fix for the config servers which can have them possibly disagree on chunks hashes and thus prevent mongos to start or balancing to happen. See this bug for more info.

rabbitMQ-3.2.1

The famous message queuing server got a nice bunch of bug fixes on a lot of its modules along with some interesting additions such as :

  • support for federated queues
  • report client authentication errors during connection establishment explicitly using connection.close
  • inform clients when memory or disk alarms are set or cleared
  • allow policies to target queues or exchanges or both
  • offer greater control over threshold at which messages are paged to disk
  • allow missing exchanges & queues to be deleted and unbound without generating an AMQP error
  • implement consumer priorities

Full changelog here and here.

rsyslog-7.4.6

This is a bug fix release, nothing too big about it as reported by Thomas D (thanks again).

Please note that rsyslog-7.4.4 is being stabilized, mainly for security purposes.

Monument Valley

Forget about Marlboro, this Navajo nation area is way more than that. To be honest, you can see the money made from the tax you have to pay to enter the actual park is invested back in the community but I guess there’s more and some drawbacks to it.

Meet the first 10 minutes of rain we experienced during a whole month ! Actually, it was a localized storm and it happened at the perfect moment where we had the most beautiful view. We felt this moment was quite unique and we were excited and glad to experience it. I guess you won’t argue with me after looking at those pictures.

_0003

_0002

_0001

img_0001_01

North rim Grand Canyon & the Navajo Indians

We then headed South towards the North rim of Grand Canyon, unfortunately the nights were already cold out there so the rangers did advise against sleeping in the car. We thus visited Point Imperial and stayed for the sunset. This was our first encounter with the Grand Canyon and it was amazing.

39140008

It was dark when we got out of there, we had to drive very carefully to avoid the numerous deers along the road. We had planned to sleep in Page but we hit a detour due to road work and had to take a huge detour which took us to Tuba City.

I could not stand driving one more mile but the only three hotels of the whole area were full. One person from the front desk of a hotel advised us to go to the nearby Greyhills Inn which remains one of the most exotic experience we had in Indian territory. We slept in a room in the Tuba City High School as they do rent rooms to outsiders ! We were welcomed nicely in this old fashioned place operated by the local Navajo people.

We visited Page and its (too) touristic area the next day along with the famous (and so crowded) Antelope Canyon and Horseshoe Bend.

39230001 39230002