Monday, October 30, 2006

Configuring subversion on FC5

Well, I just spent hours trying to figure out why I couldn't get subversion to work. I followed all of the instructions to the letter, etc. Well, it turns out that the instructions I was following had a typo. I was using the SVNPath apache directive instead of the SVNParentPath directive.

Anyway, my FC5 installation already had apache2, mod_dav, and subversion installed, but it didn't have mod_dav_svn. So I installed it:

yum install mod_dav_svn

This automatically added the mod_dav_svn.so and mod_authz_svn.so files to /etc/httpd/modules. It also added /etc/httpd/conf.d/subversion.conf, which included these directives:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

Had I just used the sample from that file, it probably would have just worked since it had SVNParentPath in it. But instead, I added the following to my virtualhost:
      <location /svn>
DAV svn
SVNPath /absolute/path/to/repository
</location>
This was taken directly from the "Installing Subversion" HowTo guide listed on the subversion documentation site. Here is the link:
http://svn.collab.net/repos/svn/trunk/INSTALL

I created the repository:

su - username
cd /home/username
mkdir svn
cd svn
svnadmin create reponame
chown -R apache.apache reponame

Now, testing things out by going to http://hostname.com/svn/reponame caused the following error:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<d:error> </d:error>
<c:error> </c:error>
<m:human-readable errcode="2"> </m:human-readable>
Could not open the requested SVN filesystem



Once I changed the directives to the following, it worked:
      <location /svn>
DAV svn
SVNParentPath /absolute/path/to/repository
</location>
Before using SVNParentPath, I would get the following error using "svn co":

svn: PROPFIND request failed on '/svn'
svn:
Could not open the requested SVN filesystem

Now when I execute the following:

svn co http://hostname.com/svn/reponame test

It responds that it checkout revision 0. Yay!

I think that I could have got SVNPath to work too, but I would have had to run the svnadmin create on that directory, not a subdirectory. Maybe I just needed to follow the directions better. Regardless, the SVNParentPath is the command that I really want since I want multiple repositories in that directory without having to configure multiple Location directives in Apache.

Friday, October 06, 2006

Rebuilding RAID array

One of my servers had a problem with its software raid array. As always, I check /proc/mdstat to see if there are any issues. In the past, if there has been a problem, all of the RAID partitions show a problem. But this time, only one partition had a problem:

[root@sapphire]# more /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md0 : active raid1 sdb1[1] sda1[0]
1260992 blocks [2/2] [UU]

md1 : active raid1 sdb5[1]
3759104 blocks [2/1] [_U]

md2 : active raid1 sdb6[1] sda6[0]
3759104 blocks [2/2] [UU]

md3 : active raid1 sdb8[1] sda8[0]
25454848 blocks [2/2] [UU]

unused devices:

As you can see, md1 only has one drive in the mirrored array. Instead of both sda5 and sdb5, only sdb5 is active. If the array was working properly, the indicator would show [UU] and not [_U].

After some googling, I found that I needed to rebuild the dirty disk with the following command:

raidhotadd /dev/md1 /dev/sda5

This says to add the kicked out /dev/sda5 disk to the /dev/md1 array. It rebuilds the dirty array disk from the main array disk. While it is running, you can see its progress by looking at mdstat:

[root@sapphire]# more /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md0 : active raid1 sdb1[1] sda1[0]
1260992 blocks [2/2] [UU]

md1 : active raid1 sda5[2] sdb5[1]
3759104 blocks [2/1] [_U]
[=>...................] recovery = 7.9% (300080/3759104) finish=5.5min s
peed=10347K/sec
md2 : active raid1 sdb6[1] sda6[0]
3759104 blocks [2/2] [UU]

md3 : active raid1 sdb8[1] sda8[0]
25454848 blocks [2/2] [UU]

unused devices:

When it completed, it looked like this:

[root@sapphire zones]# more /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md0 : active raid1 sdb1[1] sda1[0]
1260992 blocks [2/2] [UU]

md1 : active raid1 sda5[0] sdb5[1]
3759104 blocks [2/2] [UU]

md2 : active raid1 sdb6[1] sda6[0]
3759104 blocks [2/2] [UU]

md3 : active raid1 sdb8[1] sda8[0]
25454848 blocks [2/2] [UU]

unused devices:

Now all partitions are functioning properly again.

Thanks to http://www.kieser.net/linux/raidhotadd.html for details on doing this.

Thursday, October 05, 2006

Howto modifiy apache httpd suexec docroot

What if you don't want all of your web documents to be located in /var/www? That isn't too much of a problem with apache. Just point to another directory as the DocumentRoot setting.

But what if you also want CGI scripts to be located somewhere else? This poses a problem. The CGI wrapper that comes with FC5 httpd RPM is configured to only allow CGI scripts in /var/www. To fix this, it is necessary to rebuild the httpd RPM from source after making a couple changes.

To get started, you should be logged into your system via SSH and sitting in your home directory. Do not be logged in as root at this time. Your account needs to be set up to build RPMs from source. Do the following:

% echo "%_topdir /src/rpm" >> ~/.rpmmacros
% mkdir -p ~/src/rpm/
% cd ~/src/rpm
% mkdir BUILD RPMS RPMS/i386 SOURCES SPECS SRPMS

Now, you need to download the latest httpd source RPM (SRPM) from Fedora. For me, I'm using Fedora Core 5 and there have been some updates to the httpd RPM since FC5 came out. So I'll use the latest SRPM version from the Download/Updates section of the site:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/

The latest version at the time of this writing was httpd-2.2.2-1.2.src.rpm. Use wget at the command line to download this file and then install it:

% cd ~
% wget http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/httpd-2.2.2-1.2.src.rpm
% rpm -ivh ~/httpd-2.2.2-1.2.src.rpm

This will put the source tarball and patches in ~/src/rpm/SOURCES and a specfile (instructions for building) in ~/src/rpm/SPECS. You now need to edit the specfile with a custom release number, altering the suexec docroot, and adding some comments to the changelog:

% vi ~/src/rpm/SPECS/httpd.spec

Change line 10 from:
Release: 1.2

To:
Release: 1.3

Change line 194 from:
--with-suexec-docroot=%{contentdir}
To:
--with-suexec-docroot=/home
Change line 484 to:
%changelog
* Thu Oct 05 2006 Your Name <you@yours> 2.2.2-1.3
- Rebuilt with suexec-docroot set to /home instead of %{contentdir}

Next, you will rebuild httpd, creating both a binary RPM and a source SRPM:

% rpmbuild -ba ~/src/rpm/SPECS/httpd.spec

You may have to install some additional packages to satisfy build dependencies here. You'll need to be root to do this or use sudo. Just use yum for it will be easiest. When it's done, you'll have binary packages in ~/src/rpm/RPMS/i386/, and a new source package with your modified specfile in ~/src/rpm/SRPMS/.

You can now either upgrade to the httpd you just compiled... To install, do the following. Make sure to include httpd-devel if you are going to build custom apache modules such as Tomcat mod_jk or Caucho mod_caucho. You will need /usr/sbin/apxs that is included in it.

% cd ~/src/rpm/RPMS/i386
% sudo rpm -Fvh httpd-2.2.2-1.3.i386.rpm httpd-manual-2.2.2-1.3.i386.rpm httpd-devel-2.2.2-1.3.i386.rpm mod_ssl-2.2.2-1.3.i386.rpm

OR simply extract the suexec binary and copy it over the original one (this may work if there are no updates to mod_ssl in the newer RPMs you have installed):

% rpm2cpio ~/src/rpm/RPMS/i386/httpd-2.2.2-1.3.i386.rpm | cpio -imVd ./usr/sbin/suexec
% sudo cp -p /usr/sbin/suexec /usr/sbin/suexec.orig
% sudo cp ./usr/sbin/suexec /usr/sbin/suexec
% sudo chown root:apache /usr/sbin/suexec
% sudo chmod 4510 /usr/sbin/suexec

Lastly, you need to make sure the permissions are set right for the directory with the cgi scripts. The directory cannot be writable by anyone but the user. This means it should be set to 744.

If you run into errors, check:
/var/log/httpd/error_log
/var/log/httpd/suexec.log

Perfect FC5 Server Setup?

This article does a good job of detailing the basics needed to setup a FC5 server:
http://www.howtoforge.com/perfect_setup_fedora_core_5

For my needs, I have a lot of other things to add as well. But this is a good starting point.

Also, I hadn't heard of ISPConfig yet. Its an open source web based control panel. I'm definitely going to check it out. Need to find out if it is just for server administrators, or if users can use it too.

Wednesday, October 04, 2006

Interesting AJAX blog

http://blogs.pathf.com/agileajax/

Fedora Core Unofficial FAQ

Found an unofficial FAQ for Fedora Core. It has some useful information, but mostly beginner stuff. However, it does refer to some RPM repositories that could be useful.

http://www.fedorafaq.org/