Fix for: Keepalived router enters fault state on link down

keepalived_logo

TL;DR: This is the configuration option you want: dont_track_primary At work and at home I have pairs of redundant “core” routers in an active-passive (or master-backup as you like) configuration. They consist of commodity hardware, a few 4-port gigabit NICs, and CentOS. All of these machines had been running flawlessly for anywhere from two to six years (as they were put into service or upgraded). That is until yesterday when my primary router at home had an SSD failure which completely stopped it in its tracks. The backup router took over, and in less than a second traffic was being routed. All of my point-to-point VPNs reconnected within about 20 seconds. In other words, it worked exactly as it should. … Continue reading

Redundant email servers with soft-fail (450) vs. hard-fail (550)

postfix_soft_fail

I manage a fairly large number of incoming mail exchangers, which are numerous both to handle large message volumes as well as to provide redundancy. In most cases, these mail servers are Postfix with MySQL providing virtual alias maps, transport maps, relay domains, and virtual alias domains. Unfortunately the Postfix+MySQL implementation isn’t always 100% great. On very rare occasions the Postfix instance may fail to communicate with the MySQL server, for any number of reasons. From the perspective of the sender’s MX, this usually results in a 550 status code (often given as “Relay access denied”). This is a hard-fail, in that it tells the upstream MX that the recipient they’re trying to reach is permanently unavailable. The upstream MX … Continue reading

SAN with Linux Cluster and CLVM: Is it Necessary?

remove_clustering_services

To answer the title of this post in one word: No. But as with all things computer related, that “no” needs to be followed by the caveat: “Well, it depends upon your needs.” From what I’ve seen, Linux clustering was designed primarily for high-availability services, with only a secondary effort to share disk resources across nodes. I have tried — and would never use in production — Linux clustering services for a VM host cluster. I know other people have done it and will continue to do it, but a properly configured (and managed) VM cluster does not need true clustering. (Again, “depending upon your needs”). Linux clustering requires fencing. (It didn’t always, but now it does). Fencing is a … Continue reading

Google Chrome Reports “Duplicate headers received from server”

Chrome Duplicate Headers Message

It seems that this error message has been around since version 16 of Chrome, and was first reported sometime in 2011. The error message basically says that it received two Content-Disposition headers, and that the response was blocked to prevent HTTP response splitting attacks. However, in most cases this error isn’t caused by malicious code, but rather because of an innocuous comma in the filename parameter of the Content-Disposition header. Here’s an example of an actual response header I received while downloading a resume from a popular career site: Content-Disposition: attachment; filename=Beresky_Resume,6pg.docx That was the only Content-Disposition header in the entire response, which raises the question: Why is this a duplicate header? Because according to the HTTP 1.1 specification, section … Continue reading

Reducing Fan Noise from a Dell PowerEdge R905

Images borrowed from the auction page of red_planet_trading on eBay

If you’re read my blog, you know that I have a quite a few servers in my basement that I use as a home lab environment. For home or low-demand virtualization, you can’t beat the Dell R905 for price. Consider that, as of the time I’m writing this post, you can get an R905 like I did with 128 GB of RAM for about $960. That’s only a little more than the cost of the RAM! That machine has 4x AMD Opteron 8356 quad-core CPUs @ 2.3Ghz and two built-in 10gbps ethernet ports (plus 2 gigabit ports), a PERC6i controller, dual PSUs, and a full enterprise DRAC. It’s a little old, but you can’t get those specs in any other … Continue reading

Getting Started with Free CDN from KisoLabs

KisoLabs Homepage

When I was a teenager I had a basement full of computers. (Which is to say that my parents had a basement full of computers.) It was just a hobby at first, but computers eventually turned into an obsession and a profession for me. I liked every aspect of computers, from building hardware to networking to programming. Stay tuned for the bottom of this article where I’ve posted a referral code good for a $50 KisoLabs account credit. In those days (the mid- to late- 90s) DSL was the only way to get affordable static IPs, and I suffered with 192K SDSL (and later, 384K). Content was a lot lighter back then, but I was still suffering the same problems … Continue reading

I propose a new approach to email reputation that allows the (legitimate) little guys to compete

spam_score_ss

I have a problem… I administrate roughly fifteen domains that send email on a regular basis.   Outbound email is handled by two corporate (and one personal) email servers running Zimbra and Exchange, as well as a couple of mail exchangers that handle automated email from web servers. I also don’t send spam.   All automated emails include a clear unsubscribe link, which is a single-click mechanism resulting in an immediate blacklisting of the user’s email address.  Automated emails also include the name and mailing address of the company from which they were sent, as per US federal law.  Corporate and personal emails are used responsibly;  In other words they are not used for blind solicitation nor for any other purposes … Continue reading

Finding Out the IP Address of a New Piece of Tech from eBay

brocade_traffic_screencap

I’ve been through this many times over, and thought I would share:   I just bought a pair of HP Storageworks 4/8 SAN (AKA: Brocade Silkworm 200E) switches off of eBay.  They were listed as “powered up / as-is” by the seller, but the price was too good not to take a risk on them working properly. Of course, they came with no documentation, and not even a label to identify the IP address they held in their original home.  (I have had luck with other items where the IP and even login/password were labelled onto the front of the case). Most times, the following will work flawlessly: Connect your new piece of tech’s management interface (in this case, we’ll use … Continue reading

Delivering Pre-Compressed (gzip) Javascript with PHP only

There are plenty of results in Google for delivering compressed Javascript files using PHP.  However, most of those techniques involve compressing the JS file(s) on the fly. I was looking for a method that would meet the following criteria: The JS file should be pre-compressed using gzip. The gzip version of the JS file should only be delivered if the client’s browser supports gzip. The code below has some pitfalls: It will not work with a CDN or any external content server that does not support PHP. It is more difficult to maintain than compressing on the fly at the web server level (as you must maintain the compressed version of the JS file. I’ll use my quick and dirty … Continue reading

Using Postfix with MySQL Stored Procedures? (Just Use Functions)

postfix_random

If you’re like me and want to use Postfix with a MySQL backend, you may have also wanted to be able to call stored procedures from Postfix. Unfortunately, MySQL stored procs return multiple resultsets while Postfix’s call to the MySQL C API can only process a single resultset.  I banged my head against the wall for a while until I realized that a function called from a SELECT statement would return a Postfix-friendly single resultset. For example, this would be a perfectly acceptable virtual alias map file: user = mailreader password = somepassword dbname = mail_config query = SELECT retval FROM (SELECT fnPostfixVirtualAliasMapGet(‘%s’) AS retval) t WHERE t.retval IS NOT NULL; hosts = 127.0.0.1 This is useful if, for example, … Continue reading