BigSmoke

Smokes your problems, coughs fresh air.

Page 10 of 50

Upgrading PowerDNS from Debian Squeeze to Wheezy

As I mentioned here, I had to manually create a database schema when I installed PowerDNS on Debian Squeeze. Later versions apparently create one themselve.

I just upgraded my Sqeeuze machine, and the package manager said that the DB needed to be migrated. But, MySQL maintenance always seems to go wrong on Debian upgrades. It started asking me the same questions as if PowerDNS wasn’t installed; it wanted to create a new user and such. I don’t know why it keeps doing that; it’s not the first time that happened. Needless to say, this process failed.

So, I looked at another PowerDNS server and I made the SQL myself:

alter table records add ordername varchar(255);
alter table records add auth tinyint(1);
update records set auth=1;
 
CREATE TABLE `cryptokeys` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `domain_id` int(11) NOT NULL,
  `flags` int(11) NOT NULL,
  `active` tinyint(1) DEFAULT NULL,
  `content` text,
  PRIMARY KEY (`id`),
  KEY `domain_id` (`domain_id`),
  CONSTRAINT `cryptokeys_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
 
CREATE TABLE `domainmetadata` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `domain_id` int(11) NOT NULL,
  `kind` varchar(16) DEFAULT NULL,
  `content` text,
  PRIMARY KEY (`id`),
  KEY `domain_id` (`domain_id`),
  CONSTRAINT `domainmetadata_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
 
CREATE TABLE `tsigkeys` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) DEFAULT NULL,
  `algorithm` varchar(255) DEFAULT NULL,
  `secret` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `namealgoindex` (`name`,`algorithm`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1

Broken disk went undetected, but did corrupt data

I had a disk in one of my servers that was starting to give ATA errors in the syslog. Contrary to what you might think, ATA errors are fairly common, so I didn’t immediately sound the alarm. However, this disk turned out to be corrupting data. During upgrading Debian 6 to 7, the file system became read-only. Rebooting gave me a recovery shell and e2fsck gave me millions of questions.

In the end, I had to recreate the FS and restore from backup.

For the record, this was the error in question (although, this error can also be harmless):

[2013-09-01 01:32:19]  ata1: lost interrupt (Status 0x51)
[2013-09-01 01:32:19]  ata1.01: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen
[2013-09-01 01:32:19]  ata1.01: failed command: READ DMA EXT
[2013-09-01 01:32:19]  ata1.01: cmd 25/00:00:3f:43:9c/00:04:05:00:00/f0 tag 0 dma 524288 in
[2013-09-01 01:32:19]           res 40/00:00:11:00:00/00:00:00:00:00/10 Emask 0x4 (timeout)
[2013-09-01 01:32:19]  ata1.01: status: { DRDY }
[2013-09-01 01:32:19]  ata1: soft resetting link
[2013-09-01 01:32:20]  ata1.00: configured for UDMA/133
[2013-09-01 01:32:20]  ata1.01: configured for UDMA/33
[2013-09-01 01:32:20]  ata1: EH complete

Port is ata 1.1. In other words, sdb; first controller, second disk (nice mixup of zero and one based counters; at first I thought it was sda).

The disk was a Western Digital WDC WD5000ABYS-01TNA0.

Readline shortcuts: Ctrl-s and XOFF

And another contribution to my list of Readline keyboard shortcuts. This time it’s a note by Joo Matos, pointing me to problems with the Ctrl-s shortcut. (It acts as a flow control character that pauses transmission on some terminals.)

He adds that:

It’s easy to disable special treatment of Ctrl-s by the terminal with stty -ixon.

Remember also that, if you accidentally hit Ctrl-s, it’s easy to undo the effects with Ctrl-q.

Thanks Joo!

FreeIPA: Active Directory for Linux?

Note to self: explore FreeIPA. Someone on Serverfault suggested it and said it was what AD is for Windows. If it is, it would relieve me of LDAP hell. Too long for this blog post, but I spent about a week (or more) full-time to get an LDAP setup working, with all security measures in place. It involved diving into source code, discovering and reporting Ubuntu documentation bugs, etc. An experience I don’t care to repeat.

Blackberry Enterprise Server issues

I’ve had some issues with my Blackberry Enterprise Server. Some users say their mail is not synced. Others are reporting calendars being messed up. Just jotting down some memory aids.

First, I had this error in the BBAS log:

org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket:

This KB article suggests it would fix itself after 24 hours, but that was not the case. I have about a month worth of BBAS logs full of that error. The log files grow to about 100 MB per day. It started around May 23.

Restarting the Blackberry Administrator Services (two services) seemed to have fix that, but in turn, I got this error in the BBAS log:

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

It is explained in this KB article. It mentions two causes: one is different server pool name across your servers. That can’t be, because I only have one. The other was still being investigated, and there was no time frame available for a solution:

This is a previously reported issue that is being investigated by our development team. No resolution time frame is currently available.

I tried logging into the webconsole at “https://hostname.domain.com:3443/webconsole/login”, but it always said my password was wrong. I had this before, so I once again restarted the Blackberry Administration Services (two of them), but this time by stopping them both and starting them manually (not using the restart function). I could log in again.

Also, it seems there is no more flooding of errors in the BBAS log. There are still exceptions occurring, but that seems to be a common thing with BES. The errors above are gone.

I don’t know if this is a permanent solution, because I had to restart these services once before, but for now it works.

Also, I started out looking at this because users reported calendar issues (appointments disappearing, being canceled, etc). But I doubt this has anything to do with it. Some users also still had e-mail syncing problems. Because that first KB article mentioned device reconciliation (Blackberry term for device syncing), maybe those errors are related to that. But, it’s very hard to test, because my own test phone worked fine.

Adding foreign key constraints to PowerDNS default schema

In an earlier post I made, I described how to manually create the SQL schema, because it didn’t itself. When I installed Power DNS 3.1-4 on a Raspberry Pi, I noticed it had created the scheme itself this time. However, it did not make the foreign key constraints. This is dumb. I regularly need to remove domains from the DB and I don’t want stale or incorrect references as a result.

To create them by hand:

alter table records add foreign key (domain_id) references domains(id) on delete cascade;
alter table cryptokeys add foreign key (domain_id) references domains(id) on delete cascade;
alter table domainmetadata add foreign key (domain_id) references domains(id) on delete cascade;

It must be a bug that this was omitted, because I got the original scheme from the PowerDNS website. Question is, is this a bug in the Rasbian/Debian package, or in PowerDNS?

« Older posts Newer posts »

© 2022 BigSmoke

Theme by Anders NorenUp ↑