At Eliza's request, I've disabled eni1's imaging script so she can run a compute-intensive program for an extended period of time.
In prepraration for an OS installation, I've backed up all the data on cleo with tar. I've placed it on quark in /backup/cleo_sunos5.tar.bz2.
After that, I upgraded cleo to NetBSD 1.6.1 using a standard SPARC install CD. Everything went smoothly aside from some soft errors from the CD drive, which were all corrected. I have put cleo on the standard NIS map from quark, and have it mounting /clients and /usr/exports from quark for the NetBSD package source collection.
I've rebuilt PHP with CGI support on quark, using the port in /usr/ports/www/php4-cgi/. This went much more smoothly than last week's PHP upgrade.
Incidentally, the package database on quark has got some serious inconsistencies which prevented me from installing the package from ports. I ended up doing a "make install" in the work directory of php4-cgi, which probably isn't the best way to do it, but the only way I could think of to finish the install.
I've done some changes to the log rotation on quark. While Apache's access and error logs were being rotated once a day, with the previous days logs kept and the logs before that deleted, I have setup access logs to be kept for 90 days for analysis (rotated once a day), with error and SSL logs being kept for a week. I have also setup log rotation for the Postgres log, which has been getting quite big.
Here are the relevant lines in /etc/newsyslog.conf:
/var/log/httpd/httpd-access root:wheel 640 90 * @T00 Z
/var/log/httpd/httpd-error root:wheel 640 7 * @T00 Z
/var/log/httpd/ssl_request_log root:wheel 640 7 * @T00 Z
/var/log/httpd/ssl_engine_log root:wheel 640 7 * @T00 Z
/var/log/postgres.log postgres:production 640 7 * @T00 Z
I've enabled some more options (CGI scripts being the most important) for the ppckernel.org VirtualHosts. I've also enabled separate error and access logging for ppckernel.org.
Here are the relevant lines in httpd.conf:
ErrorLog /var/log/httpd/ppckernel-error
CustomLog /var/log/httpd/ppckernel-access combined
Options FollowSymLinks ExecCGI Indexes
I've installed a log analyzer for Apache. It can be accessed from here.
I have installed Analog/ReportMagic. Analog parses the logs, and ReportMagic uses that output to make pretty graphs. For more information, look in /usr/loca/www/analog.
Installed ifhpon Quark.
Printing seems to be fine and it's responsive for duplex and landscape printing!
Dawit and I pulled a development image (ACL2003102101) off office0. I plan to run Red Carpet on it sometime this week.
The Word went over quota today, due to a 400MB Apache log file. I've rotated the log file, and set up a job in /etc/newsyslog.conf to rotate the file weekly.
Hassan and I added MySQL to PHP on quark today. We succeeded after a grueling three hours.
We learned these things:
1. Apache overwrites its SSL keys after each installation. Backups are wonderful.
2. IMAP support in mod_php is seriously broken for FreeBSD 4.6.2, even though the docs say nothing about it, and it works fine in FreeBSD 4.8.
3. Broken PHP support is likely to have nothing to do with SSL support, no matter how much it might appear that way.
4. Apache tests for the presence of /usr/local/sbin/suexec and will use it even if it's compiled with WITH_APACHE_SUEXEC=no.
I have enabled DNS aliases, Apache virtual hosts, and bandwidth throttling in both Apache and ProFTPd for the hosting of the Linux PPC kernel.
I have added these lines to httpd.conf:
===
ServerName quark.ppckernel.org
ServerAlias ppckernel.cs.earlham.edu
DocumentRoot /clients/users/ppckernel/www
ScriptAlias /cgi-bin/ /clients/users/ppckernel/www/cgi-bin/
ServerAdmin webmaster@ppckernel.org
ThrottlePolicy Speed 100 1s
ServerName www.ppckernel.org
ServerAlias ppckernel.org
DocumentRoot /clients/users/ppckernel/www
ScriptAlias /cgi-bin/ /clients/users/ppckernel/www/cgi-bin/
ServerAdmin webmaster@ppckernel.org
ThrottlePolicy Speed 100 1s
LoadModule throttle_module libexec/apache/mod_throttle.so
AddModule mod_throttle.c
ThrottlePolicy none
SetHandler throttle-status
Order deny,allow
Deny from all
Allow from .cs.earlham.edu
SetHandler throttle-me
Order deny,allow
Deny from all
Allow from .cs.earlham.edu
SetHandler throttle-me
===
I have added this line to cs.zone:
===
ppckernel IN CNAME cs.earlham.edu.
===
I have added these lines to proftpd.conf:
===
User anonppckernel
Group ppckernel
MaxClients 10
TransferRate RETR 10240:50000 group ppckernel
TransferRate STOR 20480:50000 group ppckernel
Hassan and I reinstalled the OS on c8. All appears to be well, for now.
I've replaced the serial mice on the OS cluster with brand new Belkin PS/2 three-button mice. I ran mouseconfig on the image, and changed the mouse type from "Generic serial" to "Generic PS/2", and turned off three-button emulation. After running force-update on all the machines, the mice worked fine.
I've installed mod_throttle to Apache on quark to prepare for the hosting of the PPC kernel site. The throttling will have to be enabled in both Apache and ProFTPd for whatever directory the PPC kernel site will reside in.
Dawit and I replaced the hard drive in n0 with the one from the old kleene. We reimaged the machine, and it appears to be working.
We also noticed that the monitor on n0 is not displaying the correct colors. We might have to replace it if we can't figure out what's wrong with it.
Due to the bad hard drive on ntv, I changed the DNS entries for ntv and monitor to point to quark. I then created a VirtualHost entry in quark's httpd.conf to redirect requests for those hostnames to ~cricket/current/grapher.cgi.
XDM stopped working again, due to a change in the configuration files.
I restored off backup, and things started working again.
I've upgraded NcFTP on the ACLs from 3.13 to 3.16.
I have enabled printing from the OS cluster machines.
I compiled LPRng from sources, and copied the printcap file from the ACL image to the OS image.
I have now enabled FTP access to the OS cluster controller using ProFTPd.
I fixed a typo in the force-update.sh script. I used the image name ENI_20030917 instead of the actual name ENI-20030917. All should be good now.
Due to the problems that have been occuring with the printers, I have put lpd into debugging mode, with output going to /var/log/lpd-errs.
The command I used was:
# lpd -D 1 -L /var/log/lpd-errs
I have upgraded OpenSSL on quark to 0.9.7c.
The full report of the security vulnerability is available here.
I've scrapped the old kleene for parts. We've got:
(1) IDE zip drive
(1) 4GB SCSI hard drive
(2) 128MB SDRAM modules
(1) PCI sound card
(1) Ultra3 SCSI card
(1) 3Com Ethernet NIC
The last three items are still in kleene.
The IDE zip drive has been used to replace the bad one in n2 in the OS cluster. One of the 128MB modules went into n2 to replace the 64MB module that was in n2.